ooni-probe-cli/internal/engine/netx/tracex/tls.go

package tracex

//
// TLS
//

import (
	"context"
	"crypto/tls"
	"crypto/x509"
	"errors"
	"net"
	"time"

	"github.com/ooni/probe-cli/v3/internal/model"
	"github.com/ooni/probe-cli/v3/internal/netxlite"
)

// SaverTLSHandshaker saves events occurring during the TLS handshake.
type SaverTLSHandshaker struct {
	// TLSHandshaker is the underlying TLS handshaker.
	TLSHandshaker model.TLSHandshaker

	// Saver is the saver in which to save events.
	Saver *Saver
}

// WrapTLSHandshaker wraps a model.TLSHandshaker with a SaverTLSHandshaker
// that will save the TLS handshake results into this Saver.
//
// When this function is invoked on a nil Saver, it will directly return
// the original TLSHandshaker without any wrapping.
func (s *Saver) WrapTLSHandshaker(thx model.TLSHandshaker) model.TLSHandshaker {
	if s == nil {
		return thx
	}
	return &SaverTLSHandshaker{
		TLSHandshaker: thx,
		Saver:         s,
	}
}

// Handshake implements model.TLSHandshaker.Handshake
func (h *SaverTLSHandshaker) Handshake(
	ctx context.Context, conn net.Conn, config *tls.Config) (net.Conn, tls.ConnectionState, error) {
	start := time.Now()
	h.Saver.Write(Event{
		Name:          "tls_handshake_start",
		NoTLSVerify:   config.InsecureSkipVerify,
		TLSNextProtos: config.NextProtos,
		TLSServerName: config.ServerName,
		Time:          start,
	})
	remoteAddr := conn.RemoteAddr().String()
	tlsconn, state, err := h.TLSHandshaker.Handshake(ctx, conn, config)
	stop := time.Now()
	h.Saver.Write(Event{
		Address:            remoteAddr,
		Duration:           stop.Sub(start),
		Err:                err,
		Name:               "tls_handshake_done",
		NoTLSVerify:        config.InsecureSkipVerify,
		TLSCipherSuite:     netxlite.TLSCipherSuiteString(state.CipherSuite),
		TLSNegotiatedProto: state.NegotiatedProtocol,
		TLSNextProtos:      config.NextProtos,
		TLSPeerCerts:       tlsPeerCerts(state, err),
		TLSServerName:      config.ServerName,
		TLSVersion:         netxlite.TLSVersionString(state.Version),
		Time:               stop,
	})
	return tlsconn, state, err
}

var _ model.TLSHandshaker = &SaverTLSHandshaker{}

// tlsPeerCerts returns the certificates presented by the peer regardless
// of whether the TLS handshake was successful
func tlsPeerCerts(state tls.ConnectionState, err error) []*x509.Certificate {
	var x509HostnameError x509.HostnameError
	if errors.As(err, &x509HostnameError) {
		// Test case: https://wrong.host.badssl.com/
		return []*x509.Certificate{x509HostnameError.Certificate}
	}
	var x509UnknownAuthorityError x509.UnknownAuthorityError
	if errors.As(err, &x509UnknownAuthorityError) {
		// Test case: https://self-signed.badssl.com/. This error has
		// never been among the ones returned by MK.
		return []*x509.Certificate{x509UnknownAuthorityError.Cert}
	}
	var x509CertificateInvalidError x509.CertificateInvalidError
	if errors.As(err, &x509CertificateInvalidError) {
		// Test case: https://expired.badssl.com/
		return []*x509.Certificate{x509CertificateInvalidError.Cert}
	}
	return state.PeerCertificates
}
refactor(netx): merge archival, trace, and the savers (#772) This diff creates a new package under netx called tracex that contains everything we need to perform measurements using events tracing and postprocessing (which is the technique with which we implement most network experiments). The general idea here is to (1) create a unique package out of all of these packages; (2) clean up the code a bit (improve tests, docs, apply more recent code patterns); (3) move the resulting code as a toplevel package inside of internal. Once this is done, netx can be further refactored to avoid subpackages and we can search for more code to salvage/refactor. See https://github.com/ooni/probe/issues/2121 2022-05-31 21:53:01 +02:00			`package tracex`
refactor(netx): extract tlsdialer from dialer 2021-06-08 11:24:13 +02:00
refactor(tracex): start applying recent code conventions (#773) The code that is now into the tracex package was written a long time ago, so let's start to make it more in line with the coding style of packages that were written more recently. I didn't apply all the changes I'd like to apply in a single diff and for now I am committing just this diff. Broadly, what we need to do is: 1. improve documentation 2. ~always use pointer receivers (object receives have the issue that they are not mutable by accident meaning that you can mutate them but their state do not change after the call returns, which is potentially a source of bugs in case you later refactor to use a pointer receiver, so always use pointer receivers) 3. ~always avoid embedding (let's say we want to avoid embedding for types we define and it's instead fine to embed types that are defined in the stdlib: if later we add a new method, we will not see a broken build and we'll probably forget to add the new method to all wrappers -- conversely, if we're wrapping rather than embedding, we'll see a broken build and act accordingly) 4. prefer unit tests and group tests by type being tested rather than using a flat structure for tests There's a coverage slippage that I'll compensate in a follow-up diff where I'll focus on unit testing. Reference issue: https://github.com/ooni/probe/issues/2121 2022-06-01 07:44:54 +02:00			`//`
			`// TLS`
			`//`

refactor(netx): extract tlsdialer from dialer 2021-06-08 11:24:13 +02:00			`import (`
			`"context"`
			`"crypto/tls"`
refactor(tracex): start applying recent code conventions (#773) The code that is now into the tracex package was written a long time ago, so let's start to make it more in line with the coding style of packages that were written more recently. I didn't apply all the changes I'd like to apply in a single diff and for now I am committing just this diff. Broadly, what we need to do is: 1. improve documentation 2. ~always use pointer receivers (object receives have the issue that they are not mutable by accident meaning that you can mutate them but their state do not change after the call returns, which is potentially a source of bugs in case you later refactor to use a pointer receiver, so always use pointer receivers) 3. ~always avoid embedding (let's say we want to avoid embedding for types we define and it's instead fine to embed types that are defined in the stdlib: if later we add a new method, we will not see a broken build and we'll probably forget to add the new method to all wrappers -- conversely, if we're wrapping rather than embedding, we'll see a broken build and act accordingly) 4. prefer unit tests and group tests by type being tested rather than using a flat structure for tests There's a coverage slippage that I'll compensate in a follow-up diff where I'll focus on unit testing. Reference issue: https://github.com/ooni/probe/issues/2121 2022-06-01 07:44:54 +02:00			`"crypto/x509"`
			`"errors"`
refactor(netx): extract tlsdialer from dialer 2021-06-08 11:24:13 +02:00			`"net"`
			`"time"`

cleanup: remove unnecessary legacy interfaces (#656) This diff addresses another point of https://github.com/ooni/probe/issues/1956: > - [ ] observe that we're still using a bunch of private interfaces for common interfaces such as the `Dialer`, so we can get rid of these private interfaces and always use the ones in `model`, which allows us to remove a bunch of legacy wrappers Additional cleanups may still be possible. The more I cleanup, the more I see there's extra legacy code we can dispose of (which seems good?). 2022-01-07 18:33:37 +01:00			`"github.com/ooni/probe-cli/v3/internal/model"`
refactor: merge tlsx into netxlite (#403) Part of https://github.com/ooni/probe/issues/1505 2021-06-25 12:39:45 +02:00			`"github.com/ooni/probe-cli/v3/internal/netxlite"`
refactor(netx): extract tlsdialer from dialer 2021-06-08 11:24:13 +02:00			`)`

refactor(tracex): start applying recent code conventions (#773) The code that is now into the tracex package was written a long time ago, so let's start to make it more in line with the coding style of packages that were written more recently. I didn't apply all the changes I'd like to apply in a single diff and for now I am committing just this diff. Broadly, what we need to do is: 1. improve documentation 2. ~always use pointer receivers (object receives have the issue that they are not mutable by accident meaning that you can mutate them but their state do not change after the call returns, which is potentially a source of bugs in case you later refactor to use a pointer receiver, so always use pointer receivers) 3. ~always avoid embedding (let's say we want to avoid embedding for types we define and it's instead fine to embed types that are defined in the stdlib: if later we add a new method, we will not see a broken build and we'll probably forget to add the new method to all wrappers -- conversely, if we're wrapping rather than embedding, we'll see a broken build and act accordingly) 4. prefer unit tests and group tests by type being tested rather than using a flat structure for tests There's a coverage slippage that I'll compensate in a follow-up diff where I'll focus on unit testing. Reference issue: https://github.com/ooni/probe/issues/2121 2022-06-01 07:44:54 +02:00			`// SaverTLSHandshaker saves events occurring during the TLS handshake.`
refactor(netx): extract tlsdialer from dialer 2021-06-08 11:24:13 +02:00			`type SaverTLSHandshaker struct {`
refactor(tracex): start applying recent code conventions (#773) The code that is now into the tracex package was written a long time ago, so let's start to make it more in line with the coding style of packages that were written more recently. I didn't apply all the changes I'd like to apply in a single diff and for now I am committing just this diff. Broadly, what we need to do is: 1. improve documentation 2. ~always use pointer receivers (object receives have the issue that they are not mutable by accident meaning that you can mutate them but their state do not change after the call returns, which is potentially a source of bugs in case you later refactor to use a pointer receiver, so always use pointer receivers) 3. ~always avoid embedding (let's say we want to avoid embedding for types we define and it's instead fine to embed types that are defined in the stdlib: if later we add a new method, we will not see a broken build and we'll probably forget to add the new method to all wrappers -- conversely, if we're wrapping rather than embedding, we'll see a broken build and act accordingly) 4. prefer unit tests and group tests by type being tested rather than using a flat structure for tests There's a coverage slippage that I'll compensate in a follow-up diff where I'll focus on unit testing. Reference issue: https://github.com/ooni/probe/issues/2121 2022-06-01 07:44:54 +02:00			`// TLSHandshaker is the underlying TLS handshaker.`
			`TLSHandshaker model.TLSHandshaker`

			`// Saver is the saver in which to save events.`
refactor(netx): merge archival, trace, and the savers (#772) This diff creates a new package under netx called tracex that contains everything we need to perform measurements using events tracing and postprocessing (which is the technique with which we implement most network experiments). The general idea here is to (1) create a unique package out of all of these packages; (2) clean up the code a bit (improve tests, docs, apply more recent code patterns); (3) move the resulting code as a toplevel package inside of internal. Once this is done, netx can be further refactored to avoid subpackages and we can search for more code to salvage/refactor. See https://github.com/ooni/probe/issues/2121 2022-05-31 21:53:01 +02:00			`Saver *Saver`
refactor(netx): extract tlsdialer from dialer 2021-06-08 11:24:13 +02:00			`}`

refactor(tracex): start applying recent code conventions (#773) The code that is now into the tracex package was written a long time ago, so let's start to make it more in line with the coding style of packages that were written more recently. I didn't apply all the changes I'd like to apply in a single diff and for now I am committing just this diff. Broadly, what we need to do is: 1. improve documentation 2. ~always use pointer receivers (object receives have the issue that they are not mutable by accident meaning that you can mutate them but their state do not change after the call returns, which is potentially a source of bugs in case you later refactor to use a pointer receiver, so always use pointer receivers) 3. ~always avoid embedding (let's say we want to avoid embedding for types we define and it's instead fine to embed types that are defined in the stdlib: if later we add a new method, we will not see a broken build and we'll probably forget to add the new method to all wrappers -- conversely, if we're wrapping rather than embedding, we'll see a broken build and act accordingly) 4. prefer unit tests and group tests by type being tested rather than using a flat structure for tests There's a coverage slippage that I'll compensate in a follow-up diff where I'll focus on unit testing. Reference issue: https://github.com/ooni/probe/issues/2121 2022-06-01 07:44:54 +02:00			`// WrapTLSHandshaker wraps a model.TLSHandshaker with a SaverTLSHandshaker`
			`// that will save the TLS handshake results into this Saver.`
			`//`
			`// When this function is invoked on a nil Saver, it will directly return`
			`// the original TLSHandshaker without any wrapping.`
			`func (s *Saver) WrapTLSHandshaker(thx model.TLSHandshaker) model.TLSHandshaker {`
			`if s == nil {`
			`return thx`
			`}`
			`return &SaverTLSHandshaker{`
			`TLSHandshaker: thx,`
			`Saver: s,`
			`}`
			`}`

			`// Handshake implements model.TLSHandshaker.Handshake`
			`func (h *SaverTLSHandshaker) Handshake(`
			`ctx context.Context, conn net.Conn, config *tls.Config) (net.Conn, tls.ConnectionState, error) {`
refactor(netx): extract tlsdialer from dialer 2021-06-08 11:24:13 +02:00			`start := time.Now()`
refactor(netx): merge archival, trace, and the savers (#772) This diff creates a new package under netx called tracex that contains everything we need to perform measurements using events tracing and postprocessing (which is the technique with which we implement most network experiments). The general idea here is to (1) create a unique package out of all of these packages; (2) clean up the code a bit (improve tests, docs, apply more recent code patterns); (3) move the resulting code as a toplevel package inside of internal. Once this is done, netx can be further refactored to avoid subpackages and we can search for more code to salvage/refactor. See https://github.com/ooni/probe/issues/2121 2022-05-31 21:53:01 +02:00			`h.Saver.Write(Event{`
refactor(netx): extract tlsdialer from dialer 2021-06-08 11:24:13 +02:00			`Name: "tls_handshake_start",`
			`NoTLSVerify: config.InsecureSkipVerify,`
			`TLSNextProtos: config.NextProtos,`
			`TLSServerName: config.ServerName,`
			`Time: start,`
			`})`
tls_handshakes: add endpoint addresses to handshake list (#711) * tls_handshakes: add IP addresses * tls_handshakes: extract ip from tcp-connect * tls_handshake: switched to trace event * saver.go: get remoteAddr before handshake Not sure whether this is strictly necessary, but I'd rather take the remoteAddr before calling Handshake, just in case a future version of the handshake closes the `conn`. In such a case, `conn.RemoteAddr` would return `nil` and we would crash here. This occurred to me while reading once again the diff before merging. Co-authored-by: decfox <decfox> Co-authored-by: Simone Basso <bassosimone@gmail.com> 2022-05-06 11:09:54 +02:00			`remoteAddr := conn.RemoteAddr().String()`
refactor(netx): extract tlsdialer from dialer 2021-06-08 11:24:13 +02:00			`tlsconn, state, err := h.TLSHandshaker.Handshake(ctx, conn, config)`
			`stop := time.Now()`
refactor(netx): merge archival, trace, and the savers (#772) This diff creates a new package under netx called tracex that contains everything we need to perform measurements using events tracing and postprocessing (which is the technique with which we implement most network experiments). The general idea here is to (1) create a unique package out of all of these packages; (2) clean up the code a bit (improve tests, docs, apply more recent code patterns); (3) move the resulting code as a toplevel package inside of internal. Once this is done, netx can be further refactored to avoid subpackages and we can search for more code to salvage/refactor. See https://github.com/ooni/probe/issues/2121 2022-05-31 21:53:01 +02:00			`h.Saver.Write(Event{`
tls_handshakes: add endpoint addresses to handshake list (#711) * tls_handshakes: add IP addresses * tls_handshakes: extract ip from tcp-connect * tls_handshake: switched to trace event * saver.go: get remoteAddr before handshake Not sure whether this is strictly necessary, but I'd rather take the remoteAddr before calling Handshake, just in case a future version of the handshake closes the `conn`. In such a case, `conn.RemoteAddr` would return `nil` and we would crash here. This occurred to me while reading once again the diff before merging. Co-authored-by: decfox <decfox> Co-authored-by: Simone Basso <bassosimone@gmail.com> 2022-05-06 11:09:54 +02:00			`Address: remoteAddr,`
refactor(netx): extract tlsdialer from dialer 2021-06-08 11:24:13 +02:00			`Duration: stop.Sub(start),`
			`Err: err,`
			`Name: "tls_handshake_done",`
			`NoTLSVerify: config.InsecureSkipVerify,`
refactor: merge tlsx into netxlite (#403) Part of https://github.com/ooni/probe/issues/1505 2021-06-25 12:39:45 +02:00			`TLSCipherSuite: netxlite.TLSCipherSuiteString(state.CipherSuite),`
refactor(netx): extract tlsdialer from dialer 2021-06-08 11:24:13 +02:00			`TLSNegotiatedProto: state.NegotiatedProtocol,`
			`TLSNextProtos: config.NextProtos,`
refactor(tracex): start applying recent code conventions (#773) The code that is now into the tracex package was written a long time ago, so let's start to make it more in line with the coding style of packages that were written more recently. I didn't apply all the changes I'd like to apply in a single diff and for now I am committing just this diff. Broadly, what we need to do is: 1. improve documentation 2. ~always use pointer receivers (object receives have the issue that they are not mutable by accident meaning that you can mutate them but their state do not change after the call returns, which is potentially a source of bugs in case you later refactor to use a pointer receiver, so always use pointer receivers) 3. ~always avoid embedding (let's say we want to avoid embedding for types we define and it's instead fine to embed types that are defined in the stdlib: if later we add a new method, we will not see a broken build and we'll probably forget to add the new method to all wrappers -- conversely, if we're wrapping rather than embedding, we'll see a broken build and act accordingly) 4. prefer unit tests and group tests by type being tested rather than using a flat structure for tests There's a coverage slippage that I'll compensate in a follow-up diff where I'll focus on unit testing. Reference issue: https://github.com/ooni/probe/issues/2121 2022-06-01 07:44:54 +02:00			`TLSPeerCerts: tlsPeerCerts(state, err),`
refactor(netx): extract tlsdialer from dialer 2021-06-08 11:24:13 +02:00			`TLSServerName: config.ServerName,`
refactor: merge tlsx into netxlite (#403) Part of https://github.com/ooni/probe/issues/1505 2021-06-25 12:39:45 +02:00			`TLSVersion: netxlite.TLSVersionString(state.Version),`
refactor(netx): extract tlsdialer from dialer 2021-06-08 11:24:13 +02:00			`Time: stop,`
			`})`
			`return tlsconn, state, err`
			`}`

refactor(tracex): start applying recent code conventions (#773) The code that is now into the tracex package was written a long time ago, so let's start to make it more in line with the coding style of packages that were written more recently. I didn't apply all the changes I'd like to apply in a single diff and for now I am committing just this diff. Broadly, what we need to do is: 1. improve documentation 2. ~always use pointer receivers (object receives have the issue that they are not mutable by accident meaning that you can mutate them but their state do not change after the call returns, which is potentially a source of bugs in case you later refactor to use a pointer receiver, so always use pointer receivers) 3. ~always avoid embedding (let's say we want to avoid embedding for types we define and it's instead fine to embed types that are defined in the stdlib: if later we add a new method, we will not see a broken build and we'll probably forget to add the new method to all wrappers -- conversely, if we're wrapping rather than embedding, we'll see a broken build and act accordingly) 4. prefer unit tests and group tests by type being tested rather than using a flat structure for tests There's a coverage slippage that I'll compensate in a follow-up diff where I'll focus on unit testing. Reference issue: https://github.com/ooni/probe/issues/2121 2022-06-01 07:44:54 +02:00			`var _ model.TLSHandshaker = &SaverTLSHandshaker{}`

			`// tlsPeerCerts returns the certificates presented by the peer regardless`
			`// of whether the TLS handshake was successful`
			`func tlsPeerCerts(state tls.ConnectionState, err error) []*x509.Certificate {`
			`var x509HostnameError x509.HostnameError`
			`if errors.As(err, &x509HostnameError) {`
			`// Test case: https://wrong.host.badssl.com/`
			`return []*x509.Certificate{x509HostnameError.Certificate}`
			`}`
			`var x509UnknownAuthorityError x509.UnknownAuthorityError`
			`if errors.As(err, &x509UnknownAuthorityError) {`
			`// Test case: https://self-signed.badssl.com/. This error has`
			`// never been among the ones returned by MK.`
			`return []*x509.Certificate{x509UnknownAuthorityError.Cert}`
			`}`
			`var x509CertificateInvalidError x509.CertificateInvalidError`
			`if errors.As(err, &x509CertificateInvalidError) {`
			`// Test case: https://expired.badssl.com/`
			`return []*x509.Certificate{x509CertificateInvalidError.Cert}`
			`}`
			`return state.PeerCertificates`
			`}`