ooni-probe-cli/internal/netxlite/utls.go

package netxlite

import (
	"crypto/tls"
	"net"

	utls "gitlab.com/yawning/utls.git"
)

// utlsConn implements TLSConn and uses a utls UConn as its underlying connection
type utlsConn struct {
	*utls.UConn
}

// NewConnUTLS creates a NewConn function creating a utls connection with a specified ClientHelloID
func NewConnUTLS(clientHello *utls.ClientHelloID) func(conn net.Conn, config *tls.Config) TLSConn {
	return func(conn net.Conn, config *tls.Config) TLSConn {
		uConfig := &utls.Config{
			RootCAs:                     config.RootCAs,
			NextProtos:                  config.NextProtos,
			ServerName:                  config.ServerName,
			InsecureSkipVerify:          config.InsecureSkipVerify,
			DynamicRecordSizingDisabled: config.DynamicRecordSizingDisabled,
		}
		tlsConn := utls.UClient(conn, uConfig, *clientHello)
		return &utlsConn{tlsConn}
	}
}

func (c *utlsConn) ConnectionState() tls.ConnectionState {
	uState := c.Conn.ConnectionState()
	return tls.ConnectionState{
		Version:                     uState.Version,
		HandshakeComplete:           uState.HandshakeComplete,
		DidResume:                   uState.DidResume,
		CipherSuite:                 uState.CipherSuite,
		NegotiatedProtocol:          uState.NegotiatedProtocol,
		NegotiatedProtocolIsMutual:  uState.NegotiatedProtocolIsMutual,
		ServerName:                  uState.ServerName,
		PeerCertificates:            uState.PeerCertificates,
		VerifiedChains:              uState.VerifiedChains,
		SignedCertificateTimestamps: uState.SignedCertificateTimestamps,
		OCSPResponse:                uState.OCSPResponse,
		TLSUnique:                   uState.TLSUnique,
	}
}
refactor(netxlite): hide details without breaking the rest of the tree (#454) ## Description This PR continues the refactoring of `netx` under the following principles: 1. do not break the rest of the tree and do not engage in extensive tree-wide refactoring yet 2. move under `netxlite` clearly related subpackages (e.g., `iox`, `netxmocks`) 3. move into `internal/netxlite/internal` stuff that is clearly private of `netxlite` 4. hide implementation details in `netxlite` pending new factories 5. refactor `tls` code in `netxlite` to clearly separate `crypto/tls` code from `utls` code After each commit, I run `go test -short -race ./...` locally. Each individual commit explains what it does. I will squash, but this operation will preserve the original commit titles, so this will give further insight on each step. ## Commits * refactor: rename netxmocks -> netxlite/mocks Part of https://github.com/ooni/probe/issues/1591 * refactor: rename quicx -> netxlite/quicx See https://github.com/ooni/probe/issues/1591 * refactor: rename iox -> netxlite/iox Regenerate sources and make sure the tests pass. See https://github.com/ooni/probe/issues/1591. * refactor(iox): move MockableReader to netxlite/mocks See https://github.com/ooni/probe/issues/1591 * refactor(netxlite): generator is an implementation detail See https://github.com/ooni/probe/issues/1591 * refactor(netxlite): separate tls and utls code See https://github.com/ooni/probe/issues/1591 * refactor(netxlite): hide most types but keep old names as legacy With this change we avoid breaking the rest of the tree, but we start hiding some implementation details a bit. Factories will follow. See https://github.com/ooni/probe/issues/1591 2021-09-05 14:49:38 +02:00			`package netxlite`

			`import (`
			`"crypto/tls"`
			`"net"`

			`utls "gitlab.com/yawning/utls.git"`
			`)`

			`// utlsConn implements TLSConn and uses a utls UConn as its underlying connection`
			`type utlsConn struct {`
			`*utls.UConn`
			`}`

			`// NewConnUTLS creates a NewConn function creating a utls connection with a specified ClientHelloID`
			`func NewConnUTLS(clientHello utls.ClientHelloID) func(conn net.Conn, config tls.Config) TLSConn {`
			`return func(conn net.Conn, config *tls.Config) TLSConn {`
			`uConfig := &utls.Config{`
			`RootCAs: config.RootCAs,`
			`NextProtos: config.NextProtos,`
			`ServerName: config.ServerName,`
			`InsecureSkipVerify: config.InsecureSkipVerify,`
			`DynamicRecordSizingDisabled: config.DynamicRecordSizingDisabled,`
			`}`
			`tlsConn := utls.UClient(conn, uConfig, *clientHello)`
			`return &utlsConn{tlsConn}`
			`}`
			`}`

			`func (c *utlsConn) ConnectionState() tls.ConnectionState {`
			`uState := c.Conn.ConnectionState()`
			`return tls.ConnectionState{`
			`Version: uState.Version,`
			`HandshakeComplete: uState.HandshakeComplete,`
			`DidResume: uState.DidResume,`
			`CipherSuite: uState.CipherSuite,`
			`NegotiatedProtocol: uState.NegotiatedProtocol,`
			`NegotiatedProtocolIsMutual: uState.NegotiatedProtocolIsMutual,`
			`ServerName: uState.ServerName,`
			`PeerCertificates: uState.PeerCertificates,`
			`VerifiedChains: uState.VerifiedChains,`
			`SignedCertificateTimestamps: uState.SignedCertificateTimestamps,`
			`OCSPResponse: uState.OCSPResponse,`
			`TLSUnique: uState.TLSUnique,`
			`}`
			`}`