ooni-probe-cli/internal/engine/netx/trace/event.go

package trace

import (
	"crypto/tls"
	"crypto/x509"
	"errors"
	"net/http"
	"time"
)

// Event is one of the events within a trace
type Event struct {
	Addresses          []string            `json:",omitempty"`
	Address            string              `json:",omitempty"`
	DNSQuery           []byte              `json:",omitempty"`
	DNSReply           []byte              `json:",omitempty"`
	DataIsTruncated    bool                `json:",omitempty"`
	Data               []byte              `json:",omitempty"`
	Duration           time.Duration       `json:",omitempty"`
	Err                error               `json:",omitempty"`
	HTTPHeaders        http.Header         `json:",omitempty"`
	HTTPMethod         string              `json:",omitempty"`
	HTTPStatusCode     int                 `json:",omitempty"`
	HTTPURL            string              `json:",omitempty"`
	Hostname           string              `json:",omitempty"`
	Name               string              `json:",omitempty"`
	NoTLSVerify        bool                `json:",omitempty"`
	NumBytes           int                 `json:",omitempty"`
	Proto              string              `json:",omitempty"`
	TLSServerName      string              `json:",omitempty"`
	TLSCipherSuite     string              `json:",omitempty"`
	TLSNegotiatedProto string              `json:",omitempty"`
	TLSNextProtos      []string            `json:",omitempty"`
	TLSPeerCerts       []*x509.Certificate `json:",omitempty"`
	TLSVersion         string              `json:",omitempty"`
	Time               time.Time           `json:",omitempty"`
	Transport          string              `json:",omitempty"`
}

// PeerCerts returns the certificates presented by the peer regardless
// of whether the TLS handshake was successful
func PeerCerts(state tls.ConnectionState, err error) []*x509.Certificate {
	var x509HostnameError x509.HostnameError
	if errors.As(err, &x509HostnameError) {
		// Test case: https://wrong.host.badssl.com/
		return []*x509.Certificate{x509HostnameError.Certificate}
	}
	var x509UnknownAuthorityError x509.UnknownAuthorityError
	if errors.As(err, &x509UnknownAuthorityError) {
		// Test case: https://self-signed.badssl.com/. This error has
		// never been among the ones returned by MK.
		return []*x509.Certificate{x509UnknownAuthorityError.Cert}
	}
	var x509CertificateInvalidError x509.CertificateInvalidError
	if errors.As(err, &x509CertificateInvalidError) {
		// Test case: https://expired.badssl.com/
		return []*x509.Certificate{x509CertificateInvalidError.Cert}
	}
	return state.PeerCertificates
}
chore: merge probe-engine into probe-cli (#201) This is how I did it: 1. `git clone https://github.com/ooni/probe-engine internal/engine` 2. ``` (cd internal/engine && git describe --tags) v0.23.0 ``` 3. `nvim go.mod` (merging `go.mod` with `internal/engine/go.mod` 4. `rm -rf internal/.git internal/engine/go.{mod,sum}` 5. `git add internal/engine` 6. `find . -type f -name \*.go -exec sed -i 's@/ooni/probe-engine@/ooni/probe-cli/v3/internal/engine@g' {} \;` 7. `go build ./...` (passes) 8. `go test -race ./...` (temporary failure on RiseupVPN) 9. `go mod tidy` 10. this commit message Once this piece of work is done, we can build a new version of `ooniprobe` that is using `internal/engine` directly. We need to do more work to ensure all the other functionality in `probe-engine` (e.g. making mobile packages) are still WAI. Part of https://github.com/ooni/probe/issues/1335 2021-02-02 12:05:47 +01:00			`package trace`

			`import (`
			`"crypto/tls"`
			`"crypto/x509"`
			`"errors"`
			`"net/http"`
			`"time"`
			`)`

			`// Event is one of the events within a trace`
			`type Event struct {`
			Addresses []string `json:",omitempty"`
			Address string `json:",omitempty"`
			DNSQuery []byte `json:",omitempty"`
			DNSReply []byte `json:",omitempty"`
			DataIsTruncated bool `json:",omitempty"`
			Data []byte `json:",omitempty"`
			Duration time.Duration `json:",omitempty"`
			Err error `json:",omitempty"`
			HTTPHeaders http.Header `json:",omitempty"`
			HTTPMethod string `json:",omitempty"`
			HTTPStatusCode int `json:",omitempty"`
			HTTPURL string `json:",omitempty"`
			Hostname string `json:",omitempty"`
			Name string `json:",omitempty"`
			NoTLSVerify bool `json:",omitempty"`
			NumBytes int `json:",omitempty"`
			Proto string `json:",omitempty"`
			TLSServerName string `json:",omitempty"`
			TLSCipherSuite string `json:",omitempty"`
			TLSNegotiatedProto string `json:",omitempty"`
			TLSNextProtos []string `json:",omitempty"`
			TLSPeerCerts []*x509.Certificate `json:",omitempty"`
			TLSVersion string `json:",omitempty"`
			Time time.Time `json:",omitempty"`
			Transport string `json:",omitempty"`
			`}`

			`// PeerCerts returns the certificates presented by the peer regardless`
			`// of whether the TLS handshake was successful`
			`func PeerCerts(state tls.ConnectionState, err error) []*x509.Certificate {`
			`var x509HostnameError x509.HostnameError`
			`if errors.As(err, &x509HostnameError) {`
			`// Test case: https://wrong.host.badssl.com/`
			`return []*x509.Certificate{x509HostnameError.Certificate}`
			`}`
			`var x509UnknownAuthorityError x509.UnknownAuthorityError`
			`if errors.As(err, &x509UnknownAuthorityError) {`
			`// Test case: https://self-signed.badssl.com/. This error has`
			`// never been among the ones returned by MK.`
			`return []*x509.Certificate{x509UnknownAuthorityError.Cert}`
			`}`
			`var x509CertificateInvalidError x509.CertificateInvalidError`
			`if errors.As(err, &x509CertificateInvalidError) {`
			`// Test case: https://expired.badssl.com/`
			`return []*x509.Certificate{x509CertificateInvalidError.Cert}`
			`}`
			`return state.PeerCertificates`
			`}`