c/ooni-probe-cli
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
fce6eb779b
ooni-probe-cli/internal/tracex/tls_test.go

263 lines
6.2 KiB
Go
Raw Normal View History

refactor(netx): merge archival, trace, and the savers (#772) This diff creates a new package under netx called tracex that contains everything we need to perform measurements using events tracing and postprocessing (which is the technique with which we implement most network experiments). The general idea here is to (1) create a unique package out of all of these packages; (2) clean up the code a bit (improve tests, docs, apply more recent code patterns); (3) move the resulting code as a toplevel package inside of internal. Once this is done, netx can be further refactored to avoid subpackages and we can search for more code to salvage/refactor. See https://github.com/ooni/probe/issues/2121
2022-05-31 21:53:01 +02:00
package tracex
refactor(netx): extract tlsdialer from dialer
2021-06-08 11:24:13 +02:00
import (
"context"
"crypto/tls"
refactor(tracex): convert to unit testing (#781) The exercise already allowed me to notice issues such as fields not being properly initialized by savers. This is one of the last steps before moving tracex away from the internal/netx package and into the internal package. See https://github.com/ooni/probe/issues/2121
2022-06-01 23:15:47 +02:00
"crypto/x509"
"errors"
"net"
refactor(netx): extract tlsdialer from dialer
2021-06-08 11:24:13 +02:00
"testing"
refactor(tracex): convert to unit testing (#781) The exercise already allowed me to notice issues such as fields not being properly initialized by savers. This is one of the last steps before moving tracex away from the internal/netx package and into the internal package. See https://github.com/ooni/probe/issues/2121
2022-06-01 23:15:47 +02:00
"github.com/google/go-cmp/cmp"
"github.com/ooni/probe-cli/v3/internal/model/mocks"
refactor(netx): extract tlsdialer from dialer
2021-06-08 11:24:13 +02:00
)
chore: improve testing and increase coverage (#794) This diff improves testing and increases coverage inside the ./internal/netxlite and ./internal/tracex packages. See https://github.com/ooni/probe/issues/2121
2022-06-04 14:58:48 +02:00
func TestWrapTLSHandshaker(t *testing.T) {
var saver *Saver
thx := &mocks.TLSHandshaker{}
if saver.WrapTLSHandshaker(thx) != thx {
t.Fatal("unexpected result")
}
}
refactor(tracex): convert to unit testing (#781) The exercise already allowed me to notice issues such as fields not being properly initialized by savers. This is one of the last steps before moving tracex away from the internal/netx package and into the internal package. See https://github.com/ooni/probe/issues/2121
2022-06-01 23:15:47 +02:00
func TestTLSHandshakerSaver(t *testing.T) {
refactor(netx): extract tlsdialer from dialer
2021-06-08 11:24:13 +02:00
refactor(tracex): convert to unit testing (#781) The exercise already allowed me to notice issues such as fields not being properly initialized by savers. This is one of the last steps before moving tracex away from the internal/netx package and into the internal package. See https://github.com/ooni/probe/issues/2121
2022-06-01 23:15:47 +02:00
t.Run("Handshake", func(t *testing.T) {
checkStartEventFields := func(t *testing.T, value *EventValue) {
if value.Address != "8.8.8.8:443" {
t.Fatal("invalid Address")
}
if !value.NoTLSVerify {
t.Fatal("expected NoTLSVerify to be true")
}
if value.Proto != "tcp" {
t.Fatal("wrong protocol")
}
if diff := cmp.Diff(value.TLSNextProtos, []string{"h2"}); diff != "" {
t.Fatal(diff)
}
if value.TLSServerName != "dns.google" {
t.Fatal("invalid TLSServerName")
}
if value.Time.IsZero() {
t.Fatal("expected non zero time")
}
refactor(netx): extract tlsdialer from dialer
2021-06-08 11:24:13 +02:00
}
refactor(tracex): convert to unit testing (#781) The exercise already allowed me to notice issues such as fields not being properly initialized by savers. This is one of the last steps before moving tracex away from the internal/netx package and into the internal package. See https://github.com/ooni/probe/issues/2121
2022-06-01 23:15:47 +02:00
checkStartedEvent := func(t *testing.T, ev Event) {
if _, good := ev.(*EventTLSHandshakeStart); !good {
t.Fatal("invalid event type")
}
value := ev.Value()
checkStartEventFields(t, value)
refactor(netx): extract tlsdialer from dialer
2021-06-08 11:24:13 +02:00
}
refactor(tracex): convert to unit testing (#781) The exercise already allowed me to notice issues such as fields not being properly initialized by savers. This is one of the last steps before moving tracex away from the internal/netx package and into the internal package. See https://github.com/ooni/probe/issues/2121
2022-06-01 23:15:47 +02:00
checkDoneEventFieldsSuccess := func(t *testing.T, value *EventValue) {
if value.Duration <= 0 {
t.Fatal("expected non-zero duration")
}
refactor(tracex): internally represent errors as strings (#786) There are two reasons why this is beneficial: 1. github.com/google/go-cmp is more annoying to use for comparing data structures when there are interfaces to compare. Sure, there's a recipe for teaching it to compare errors, but how about making the errors trivially comparable instead? 2. if we want to send errors over the network, JSON serialization works but we cannot unmarshal the resulting string back to an error, so how about making this representation trivial to serialize (we are not going this now, but we need this property for websteps and it may be sensible to try to avoid to have duplicate code because of that -- measurex currently duplicates many tracex functionality and this is quite unfortunate because it slows development down) Additionally, if an error is a string: 3. we can very easily use a switch for comparing its possible values with "" representing the absence of errors, while it is more complex to do the same when using a nullable string or even an error (i.e., an interface) 4. if a type is not nullable, it's easier to write safe code for it and we may want to refactor experiments to use the internal representation of measurements for more robust processing code For all these reasons, let's internally use strings in tracex. The overall aim here is to reduce the duplicated code between pre and post-measurex measurements (see https://github.com/ooni/probe/issues/2035).
2022-06-02 10:37:07 +02:00
if value.Err.IsNotNil() {
refactor(tracex): convert to unit testing (#781) The exercise already allowed me to notice issues such as fields not being properly initialized by savers. This is one of the last steps before moving tracex away from the internal/netx package and into the internal package. See https://github.com/ooni/probe/issues/2121
2022-06-01 23:15:47 +02:00
t.Fatal("expected no error here")
}
if value.TLSCipherSuite != "TLS_RSA_WITH_RC4_128_SHA" {
t.Fatal("invalid cipher suite")
}
if value.TLSNegotiatedProto != "h2" {
t.Fatal("invalid negotiated protocol")
}
refactor(tracex): internally store just the raw certificate (#787) By just storing the raw certificate we simplify the internal data structure we use. In turn, this enables us to write better unit tests using github.com/google/go-cmp where we can construct the expected result and compare with that. (Yeah, in principle we could also construct the full certificate but I'm not sure it's worth the effort since we basically only care about the raw certificate.) The general idea here is to make tracex more tested. Once it's more tested, I will create separate structs for each event, which is something that measurex also does. Once that is done, we can start ensuring that the code in measurex and the code in tracex do the same thing in terms of storing observations. When also this is done, we can then rewrite measurex to use tracex directly. The overall goal is https://github.com/ooni/probe/issues/2035.
2022-06-02 11:07:02 +02:00
if diff := cmp.Diff(value.TLSPeerCerts, [][]byte{{1, 2, 3, 4}}); diff != "" {
refactor(tracex): convert to unit testing (#781) The exercise already allowed me to notice issues such as fields not being properly initialized by savers. This is one of the last steps before moving tracex away from the internal/netx package and into the internal package. See https://github.com/ooni/probe/issues/2121
2022-06-01 23:15:47 +02:00
t.Fatal(diff)
}
if value.TLSVersion != "TLSv1.3" {
t.Fatal("invalid TLS version")
}
refactor(netx): extract tlsdialer from dialer
2021-06-08 11:24:13 +02:00
}
refactor(tracex): convert to unit testing (#781) The exercise already allowed me to notice issues such as fields not being properly initialized by savers. This is one of the last steps before moving tracex away from the internal/netx package and into the internal package. See https://github.com/ooni/probe/issues/2121
2022-06-01 23:15:47 +02:00
checkDoneEvent := func(t *testing.T, ev Event, fun func(t *testing.T, value *EventValue)) {
if _, good := ev.(*EventTLSHandshakeDone); !good {
t.Fatal("invalid event type")
}
value := ev.Value()
checkStartEventFields(t, value)
fun(t, value)
refactor(netx): extract tlsdialer from dialer
2021-06-08 11:24:13 +02:00
}
refactor(tracex): convert to unit testing (#781) The exercise already allowed me to notice issues such as fields not being properly initialized by savers. This is one of the last steps before moving tracex away from the internal/netx package and into the internal package. See https://github.com/ooni/probe/issues/2121
2022-06-01 23:15:47 +02:00
t.Run("on success", func(t *testing.T) {
saver := &Saver{}
returnedConnState := tls.ConnectionState{
CipherSuite: tls.TLS_RSA_WITH_RC4_128_SHA,
NegotiatedProtocol: "h2",
refactor(tracex): internally store just the raw certificate (#787) By just storing the raw certificate we simplify the internal data structure we use. In turn, this enables us to write better unit tests using github.com/google/go-cmp where we can construct the expected result and compare with that. (Yeah, in principle we could also construct the full certificate but I'm not sure it's worth the effort since we basically only care about the raw certificate.) The general idea here is to make tracex more tested. Once it's more tested, I will create separate structs for each event, which is something that measurex also does. Once that is done, we can start ensuring that the code in measurex and the code in tracex do the same thing in terms of storing observations. When also this is done, we can then rewrite measurex to use tracex directly. The overall goal is https://github.com/ooni/probe/issues/2035.
2022-06-02 11:07:02 +02:00
PeerCertificates: []*x509.Certificate{{
Raw: []byte{1, 2, 3, 4},
}},
Version: tls.VersionTLS13,
refactor(tracex): convert to unit testing (#781) The exercise already allowed me to notice issues such as fields not being properly initialized by savers. This is one of the last steps before moving tracex away from the internal/netx package and into the internal package. See https://github.com/ooni/probe/issues/2121
2022-06-01 23:15:47 +02:00
}
returnedConn := &mocks.TLSConn{
MockConnectionState: func() tls.ConnectionState {
return returnedConnState
},
}
thx := saver.WrapTLSHandshaker(&mocks.TLSHandshaker{
MockHandshake: func(ctx context.Context, conn net.Conn,
config *tls.Config) (net.Conn, tls.ConnectionState, error) {
return returnedConn, returnedConnState, nil
},
})
ctx := context.Background()
tlsConfig := &tls.Config{
InsecureSkipVerify: true,
NextProtos: []string{"h2"},
ServerName: "dns.google",
}
tcpConn := &mocks.Conn{
MockRemoteAddr: func() net.Addr {
return &mocks.Addr{
MockString: func() string {
return "8.8.8.8:443"
},
MockNetwork: func() string {
return "tcp"
},
}
},
}
conn, _, err := thx.Handshake(ctx, tcpConn, tlsConfig)
if err != nil {
t.Fatal(err)
}
if conn == nil {
t.Fatal("expected non-nil conn")
}
events := saver.Read()
if len(events) != 2 {
t.Fatal("expected two events")
}
checkStartedEvent(t, events[0])
checkDoneEvent(t, events[1], checkDoneEventFieldsSuccess)
})
checkDoneEventFieldsFailure := func(t *testing.T, value *EventValue) {
if value.Duration <= 0 {
t.Fatal("expected non-zero duration")
}
refactor(tracex): internally represent errors as strings (#786) There are two reasons why this is beneficial: 1. github.com/google/go-cmp is more annoying to use for comparing data structures when there are interfaces to compare. Sure, there's a recipe for teaching it to compare errors, but how about making the errors trivially comparable instead? 2. if we want to send errors over the network, JSON serialization works but we cannot unmarshal the resulting string back to an error, so how about making this representation trivial to serialize (we are not going this now, but we need this property for websteps and it may be sensible to try to avoid to have duplicate code because of that -- measurex currently duplicates many tracex functionality and this is quite unfortunate because it slows development down) Additionally, if an error is a string: 3. we can very easily use a switch for comparing its possible values with "" representing the absence of errors, while it is more complex to do the same when using a nullable string or even an error (i.e., an interface) 4. if a type is not nullable, it's easier to write safe code for it and we may want to refactor experiments to use the internal representation of measurements for more robust processing code For all these reasons, let's internally use strings in tracex. The overall aim here is to reduce the duplicated code between pre and post-measurex measurements (see https://github.com/ooni/probe/issues/2035).
2022-06-02 10:37:07 +02:00
if value.Err.IsNil() {
refactor(tracex): convert to unit testing (#781) The exercise already allowed me to notice issues such as fields not being properly initialized by savers. This is one of the last steps before moving tracex away from the internal/netx package and into the internal package. See https://github.com/ooni/probe/issues/2121
2022-06-01 23:15:47 +02:00
t.Fatal("expected non-nil error here")
}
if value.TLSCipherSuite != "" {
t.Fatal("invalid TLS cipher suite")
}
if value.TLSNegotiatedProto != "" {
t.Fatal("invalid negotiated proto")
}
if len(value.TLSPeerCerts) > 0 {
t.Fatal("expected no peer certs")
}
if value.TLSVersion != "" {
t.Fatal("invalid TLS version")
}
refactor(netx): extract tlsdialer from dialer
2021-06-08 11:24:13 +02:00
}
refactor(tracex): convert to unit testing (#781) The exercise already allowed me to notice issues such as fields not being properly initialized by savers. This is one of the last steps before moving tracex away from the internal/netx package and into the internal package. See https://github.com/ooni/probe/issues/2121
2022-06-01 23:15:47 +02:00
t.Run("on failure", func(t *testing.T) {
expected := errors.New("mocked error")
saver := &Saver{}
thx := saver.WrapTLSHandshaker(&mocks.TLSHandshaker{
MockHandshake: func(ctx context.Context, conn net.Conn,
config *tls.Config) (net.Conn, tls.ConnectionState, error) {
return nil, tls.ConnectionState{}, expected
},
})
ctx := context.Background()
tlsConfig := &tls.Config{
InsecureSkipVerify: true,
NextProtos: []string{"h2"},
ServerName: "dns.google",
}
tcpConn := &mocks.Conn{
MockRemoteAddr: func() net.Addr {
return &mocks.Addr{
MockString: func() string {
return "8.8.8.8:443"
},
MockNetwork: func() string {
return "tcp"
},
}
},
}
conn, _, err := thx.Handshake(ctx, tcpConn, tlsConfig)
if !errors.Is(err, expected) {
t.Fatal("unexpected err", err)
}
if conn != nil {
t.Fatal("expected nil conn")
}
events := saver.Read()
if len(events) != 2 {
t.Fatal("expected two events")
}
checkStartedEvent(t, events[0])
checkDoneEvent(t, events[1], checkDoneEventFieldsFailure)
})
})
refactor(netx): extract tlsdialer from dialer
2021-06-08 11:24:13 +02:00
}
refactor(tracex): convert to unit testing (#781) The exercise already allowed me to notice issues such as fields not being properly initialized by savers. This is one of the last steps before moving tracex away from the internal/netx package and into the internal package. See https://github.com/ooni/probe/issues/2121
2022-06-01 23:15:47 +02:00
func Test_tlsPeerCerts(t *testing.T) {
cert0 := &x509.Certificate{Raw: []byte{1, 2, 3, 4}}
type args struct {
state tls.ConnectionState
err error
}
tests := []struct {
name string
args args
refactor(tracex): internally store just the raw certificate (#787) By just storing the raw certificate we simplify the internal data structure we use. In turn, this enables us to write better unit tests using github.com/google/go-cmp where we can construct the expected result and compare with that. (Yeah, in principle we could also construct the full certificate but I'm not sure it's worth the effort since we basically only care about the raw certificate.) The general idea here is to make tracex more tested. Once it's more tested, I will create separate structs for each event, which is something that measurex also does. Once that is done, we can start ensuring that the code in measurex and the code in tracex do the same thing in terms of storing observations. When also this is done, we can then rewrite measurex to use tracex directly. The overall goal is https://github.com/ooni/probe/issues/2035.
2022-06-02 11:07:02 +02:00
want [][]byte
refactor(tracex): convert to unit testing (#781) The exercise already allowed me to notice issues such as fields not being properly initialized by savers. This is one of the last steps before moving tracex away from the internal/netx package and into the internal package. See https://github.com/ooni/probe/issues/2121
2022-06-01 23:15:47 +02:00
}{{
name: "no error",
args: args{
state: tls.ConnectionState{
PeerCertificates: []*x509.Certificate{cert0},
},
},
refactor(tracex): internally store just the raw certificate (#787) By just storing the raw certificate we simplify the internal data structure we use. In turn, this enables us to write better unit tests using github.com/google/go-cmp where we can construct the expected result and compare with that. (Yeah, in principle we could also construct the full certificate but I'm not sure it's worth the effort since we basically only care about the raw certificate.) The general idea here is to make tracex more tested. Once it's more tested, I will create separate structs for each event, which is something that measurex also does. Once that is done, we can start ensuring that the code in measurex and the code in tracex do the same thing in terms of storing observations. When also this is done, we can then rewrite measurex to use tracex directly. The overall goal is https://github.com/ooni/probe/issues/2035.
2022-06-02 11:07:02 +02:00
want: [][]byte{cert0.Raw},
refactor(tracex): convert to unit testing (#781) The exercise already allowed me to notice issues such as fields not being properly initialized by savers. This is one of the last steps before moving tracex away from the internal/netx package and into the internal package. See https://github.com/ooni/probe/issues/2121
2022-06-01 23:15:47 +02:00
}, {
name: "all empty",
args: args{},
want: nil,
}, {
name: "x509.HostnameError",
args: args{
state: tls.ConnectionState{},
err: x509.HostnameError{
Certificate: cert0,
},
},
refactor(tracex): internally store just the raw certificate (#787) By just storing the raw certificate we simplify the internal data structure we use. In turn, this enables us to write better unit tests using github.com/google/go-cmp where we can construct the expected result and compare with that. (Yeah, in principle we could also construct the full certificate but I'm not sure it's worth the effort since we basically only care about the raw certificate.) The general idea here is to make tracex more tested. Once it's more tested, I will create separate structs for each event, which is something that measurex also does. Once that is done, we can start ensuring that the code in measurex and the code in tracex do the same thing in terms of storing observations. When also this is done, we can then rewrite measurex to use tracex directly. The overall goal is https://github.com/ooni/probe/issues/2035.
2022-06-02 11:07:02 +02:00
want: [][]byte{cert0.Raw},
refactor(tracex): convert to unit testing (#781) The exercise already allowed me to notice issues such as fields not being properly initialized by savers. This is one of the last steps before moving tracex away from the internal/netx package and into the internal package. See https://github.com/ooni/probe/issues/2121
2022-06-01 23:15:47 +02:00
}, {
name: "x509.UnknownAuthorityError",
args: args{
state: tls.ConnectionState{},
err: x509.UnknownAuthorityError{
Cert: cert0,
},
},
refactor(tracex): internally store just the raw certificate (#787) By just storing the raw certificate we simplify the internal data structure we use. In turn, this enables us to write better unit tests using github.com/google/go-cmp where we can construct the expected result and compare with that. (Yeah, in principle we could also construct the full certificate but I'm not sure it's worth the effort since we basically only care about the raw certificate.) The general idea here is to make tracex more tested. Once it's more tested, I will create separate structs for each event, which is something that measurex also does. Once that is done, we can start ensuring that the code in measurex and the code in tracex do the same thing in terms of storing observations. When also this is done, we can then rewrite measurex to use tracex directly. The overall goal is https://github.com/ooni/probe/issues/2035.
2022-06-02 11:07:02 +02:00
want: [][]byte{cert0.Raw},
refactor(tracex): convert to unit testing (#781) The exercise already allowed me to notice issues such as fields not being properly initialized by savers. This is one of the last steps before moving tracex away from the internal/netx package and into the internal package. See https://github.com/ooni/probe/issues/2121
2022-06-01 23:15:47 +02:00
}, {
name: "x509.CertificateInvalidError",
args: args{
state: tls.ConnectionState{},
err: x509.CertificateInvalidError{
Cert: cert0,
},
},
refactor(tracex): internally store just the raw certificate (#787) By just storing the raw certificate we simplify the internal data structure we use. In turn, this enables us to write better unit tests using github.com/google/go-cmp where we can construct the expected result and compare with that. (Yeah, in principle we could also construct the full certificate but I'm not sure it's worth the effort since we basically only care about the raw certificate.) The general idea here is to make tracex more tested. Once it's more tested, I will create separate structs for each event, which is something that measurex also does. Once that is done, we can start ensuring that the code in measurex and the code in tracex do the same thing in terms of storing observations. When also this is done, we can then rewrite measurex to use tracex directly. The overall goal is https://github.com/ooni/probe/issues/2035.
2022-06-02 11:07:02 +02:00
want: [][]byte{cert0.Raw},
refactor(tracex): convert to unit testing (#781) The exercise already allowed me to notice issues such as fields not being properly initialized by savers. This is one of the last steps before moving tracex away from the internal/netx package and into the internal package. See https://github.com/ooni/probe/issues/2121
2022-06-01 23:15:47 +02:00
}}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
got := tlsPeerCerts(tt.args.state, tt.args.err)
if diff := cmp.Diff(tt.want, got); diff != "" {
t.Fatal(diff)
}
})
refactor(netx): extract tlsdialer from dialer
2021-06-08 11:24:13 +02:00
}
}
Reference in New Issue Copy Permalink