refactor: move tls handshaker to netxlite (#400)
Part of https://github.com/ooni/probe/issues/1505
This commit is contained in:
Simone Basso
GitHub
@@ -8,6 +8,7 @@ import (
|
||||
|
||||
"github.com/apex/log"
|
||||
"github.com/ooni/probe-cli/v3/internal/engine/netx/tlsdialer"
|
||||
"github.com/ooni/probe-cli/v3/internal/netxlite"
|
||||
)
|
||||
|
||||
func TestTLSDialerSuccess(t *testing.T) {
|
||||
@@ -17,7 +18,7 @@ func TestTLSDialerSuccess(t *testing.T) {
|
||||
log.SetLevel(log.DebugLevel)
|
||||
dialer := tlsdialer.TLSDialer{Dialer: new(net.Dialer),
|
||||
TLSHandshaker: tlsdialer.LoggingTLSHandshaker{
|
||||
TLSHandshaker: tlsdialer.SystemTLSHandshaker{},
|
||||
TLSHandshaker: &netxlite.TLSHandshakerStdlib{},
|
||||
Logger: log.Log,
|
||||
},
|
||||
}
|
||||
|
||||
@@ -12,6 +12,7 @@ import (
|
||||
"github.com/ooni/probe-cli/v3/internal/engine/netx/errorx"
|
||||
"github.com/ooni/probe-cli/v3/internal/engine/netx/tlsdialer"
|
||||
"github.com/ooni/probe-cli/v3/internal/engine/netx/trace"
|
||||
"github.com/ooni/probe-cli/v3/internal/netxlite"
|
||||
)
|
||||
|
||||
func TestSaverTLSHandshakerSuccessWithReadWrite(t *testing.T) {
|
||||
@@ -25,7 +26,7 @@ func TestSaverTLSHandshakerSuccessWithReadWrite(t *testing.T) {
|
||||
Config: &tls.Config{NextProtos: nextprotos},
|
||||
Dialer: dialer.New(&dialer.Config{ReadWriteSaver: saver}, &net.Resolver{}),
|
||||
TLSHandshaker: tlsdialer.SaverTLSHandshaker{
|
||||
TLSHandshaker: tlsdialer.SystemTLSHandshaker{},
|
||||
TLSHandshaker: &netxlite.TLSHandshakerStdlib{},
|
||||
Saver: saver,
|
||||
},
|
||||
}
|
||||
@@ -118,7 +119,7 @@ func TestSaverTLSHandshakerSuccess(t *testing.T) {
|
||||
Config: &tls.Config{NextProtos: nextprotos},
|
||||
Dialer: new(net.Dialer),
|
||||
TLSHandshaker: tlsdialer.SaverTLSHandshaker{
|
||||
TLSHandshaker: tlsdialer.SystemTLSHandshaker{},
|
||||
TLSHandshaker: &netxlite.TLSHandshakerStdlib{},
|
||||
Saver: saver,
|
||||
},
|
||||
}
|
||||
@@ -183,7 +184,7 @@ func TestSaverTLSHandshakerHostnameError(t *testing.T) {
|
||||
tlsdlr := tlsdialer.TLSDialer{
|
||||
Dialer: new(net.Dialer),
|
||||
TLSHandshaker: tlsdialer.SaverTLSHandshaker{
|
||||
TLSHandshaker: tlsdialer.SystemTLSHandshaker{},
|
||||
TLSHandshaker: &netxlite.TLSHandshakerStdlib{},
|
||||
Saver: saver,
|
||||
},
|
||||
}
|
||||
@@ -216,7 +217,7 @@ func TestSaverTLSHandshakerInvalidCertError(t *testing.T) {
|
||||
tlsdlr := tlsdialer.TLSDialer{
|
||||
Dialer: new(net.Dialer),
|
||||
TLSHandshaker: tlsdialer.SaverTLSHandshaker{
|
||||
TLSHandshaker: tlsdialer.SystemTLSHandshaker{},
|
||||
TLSHandshaker: &netxlite.TLSHandshakerStdlib{},
|
||||
Saver: saver,
|
||||
},
|
||||
}
|
||||
@@ -249,7 +250,7 @@ func TestSaverTLSHandshakerAuthorityError(t *testing.T) {
|
||||
tlsdlr := tlsdialer.TLSDialer{
|
||||
Dialer: new(net.Dialer),
|
||||
TLSHandshaker: tlsdialer.SaverTLSHandshaker{
|
||||
TLSHandshaker: tlsdialer.SystemTLSHandshaker{},
|
||||
TLSHandshaker: &netxlite.TLSHandshakerStdlib{},
|
||||
Saver: saver,
|
||||
},
|
||||
}
|
||||
@@ -283,7 +284,7 @@ func TestSaverTLSHandshakerNoTLSVerify(t *testing.T) {
|
||||
Config: &tls.Config{InsecureSkipVerify: true},
|
||||
Dialer: new(net.Dialer),
|
||||
TLSHandshaker: tlsdialer.SaverTLSHandshaker{
|
||||
TLSHandshaker: tlsdialer.SystemTLSHandshaker{},
|
||||
TLSHandshaker: &netxlite.TLSHandshakerStdlib{},
|
||||
Saver: saver,
|
||||
},
|
||||
}
|
||||
|
||||
@@ -22,42 +22,6 @@ type TLSHandshaker interface {
|
||||
net.Conn, tls.ConnectionState, error)
|
||||
}
|
||||
|
||||
// SystemTLSHandshaker is the system TLS handshaker.
|
||||
type SystemTLSHandshaker struct{}
|
||||
|
||||
// Handshake implements Handshaker.Handshake
|
||||
func (h SystemTLSHandshaker) Handshake(
|
||||
ctx context.Context, conn net.Conn, config *tls.Config,
|
||||
) (net.Conn, tls.ConnectionState, error) {
|
||||
tlsconn := tls.Client(conn, config)
|
||||
if err := tlsconn.Handshake(); err != nil {
|
||||
return nil, tls.ConnectionState{}, err
|
||||
}
|
||||
return tlsconn, tlsconn.ConnectionState(), nil
|
||||
}
|
||||
|
||||
// TimeoutTLSHandshaker is a TLSHandshaker with timeout
|
||||
type TimeoutTLSHandshaker struct {
|
||||
TLSHandshaker
|
||||
HandshakeTimeout time.Duration // default: 10 second
|
||||
}
|
||||
|
||||
// Handshake implements Handshaker.Handshake
|
||||
func (h TimeoutTLSHandshaker) Handshake(
|
||||
ctx context.Context, conn net.Conn, config *tls.Config,
|
||||
) (net.Conn, tls.ConnectionState, error) {
|
||||
timeout := 10 * time.Second
|
||||
if h.HandshakeTimeout != 0 {
|
||||
timeout = h.HandshakeTimeout
|
||||
}
|
||||
if err := conn.SetDeadline(time.Now().Add(timeout)); err != nil {
|
||||
return nil, tls.ConnectionState{}, err
|
||||
}
|
||||
tlsconn, connstate, err := h.TLSHandshaker.Handshake(ctx, conn, config)
|
||||
conn.SetDeadline(time.Time{})
|
||||
return tlsconn, connstate, err
|
||||
}
|
||||
|
||||
// ErrorWrapperTLSHandshaker wraps the returned error to be an OONI error
|
||||
type ErrorWrapperTLSHandshaker struct {
|
||||
TLSHandshaker
|
||||
|
||||
@@ -13,10 +13,11 @@ import (
|
||||
"github.com/ooni/probe-cli/v3/internal/engine/legacy/netx/modelx"
|
||||
"github.com/ooni/probe-cli/v3/internal/engine/netx/errorx"
|
||||
"github.com/ooni/probe-cli/v3/internal/engine/netx/tlsdialer"
|
||||
"github.com/ooni/probe-cli/v3/internal/netxlite"
|
||||
)
|
||||
|
||||
func TestSystemTLSHandshakerEOFError(t *testing.T) {
|
||||
h := tlsdialer.SystemTLSHandshaker{}
|
||||
h := &netxlite.TLSHandshakerStdlib{}
|
||||
conn, _, err := h.Handshake(context.Background(), tlsdialer.EOFConn{}, &tls.Config{
|
||||
ServerName: "x.org",
|
||||
})
|
||||
@@ -28,63 +29,6 @@ func TestSystemTLSHandshakerEOFError(t *testing.T) {
|
||||
}
|
||||
}
|
||||
|
||||
func TestTimeoutTLSHandshakerSetDeadlineError(t *testing.T) {
|
||||
h := tlsdialer.TimeoutTLSHandshaker{
|
||||
TLSHandshaker: tlsdialer.SystemTLSHandshaker{},
|
||||
HandshakeTimeout: 200 * time.Millisecond,
|
||||
}
|
||||
expected := errors.New("mocked error")
|
||||
conn, _, err := h.Handshake(
|
||||
context.Background(), &tlsdialer.FakeConn{SetDeadlineError: expected},
|
||||
new(tls.Config))
|
||||
if !errors.Is(err, expected) {
|
||||
t.Fatal("not the error that we expected")
|
||||
}
|
||||
if conn != nil {
|
||||
t.Fatal("expected nil con here")
|
||||
}
|
||||
}
|
||||
|
||||
func TestTimeoutTLSHandshakerEOFError(t *testing.T) {
|
||||
h := tlsdialer.TimeoutTLSHandshaker{
|
||||
TLSHandshaker: tlsdialer.SystemTLSHandshaker{},
|
||||
HandshakeTimeout: 200 * time.Millisecond,
|
||||
}
|
||||
conn, _, err := h.Handshake(
|
||||
context.Background(), tlsdialer.EOFConn{}, &tls.Config{ServerName: "x.org"})
|
||||
if !errors.Is(err, io.EOF) {
|
||||
t.Fatal("not the error that we expected")
|
||||
}
|
||||
if conn != nil {
|
||||
t.Fatal("expected nil con here")
|
||||
}
|
||||
}
|
||||
|
||||
func TestTimeoutTLSHandshakerCallsSetDeadline(t *testing.T) {
|
||||
h := tlsdialer.TimeoutTLSHandshaker{
|
||||
TLSHandshaker: tlsdialer.SystemTLSHandshaker{},
|
||||
HandshakeTimeout: 200 * time.Millisecond,
|
||||
}
|
||||
underlying := &SetDeadlineConn{}
|
||||
conn, _, err := h.Handshake(
|
||||
context.Background(), underlying, &tls.Config{ServerName: "x.org"})
|
||||
if !errors.Is(err, io.EOF) {
|
||||
t.Fatal("not the error that we expected")
|
||||
}
|
||||
if conn != nil {
|
||||
t.Fatal("expected nil con here")
|
||||
}
|
||||
if len(underlying.deadlines) != 2 {
|
||||
t.Fatal("SetDeadline not called twice")
|
||||
}
|
||||
if underlying.deadlines[0].Before(time.Now()) {
|
||||
t.Fatal("the first SetDeadline call was incorrect")
|
||||
}
|
||||
if !underlying.deadlines[1].IsZero() {
|
||||
t.Fatal("the second SetDeadline call was incorrect")
|
||||
}
|
||||
}
|
||||
|
||||
type SetDeadlineConn struct {
|
||||
tlsdialer.EOFConn
|
||||
deadlines []time.Time
|
||||
@@ -179,7 +123,7 @@ func TestTLSDialerFailureDialing(t *testing.T) {
|
||||
}
|
||||
|
||||
func TestTLSDialerFailureHandshaking(t *testing.T) {
|
||||
rec := &RecorderTLSHandshaker{TLSHandshaker: tlsdialer.SystemTLSHandshaker{}}
|
||||
rec := &RecorderTLSHandshaker{TLSHandshaker: &netxlite.TLSHandshakerStdlib{}}
|
||||
dialer := tlsdialer.TLSDialer{
|
||||
Dialer: tlsdialer.EOFConnDialer{},
|
||||
TLSHandshaker: rec,
|
||||
@@ -198,7 +142,7 @@ func TestTLSDialerFailureHandshaking(t *testing.T) {
|
||||
}
|
||||
|
||||
func TestTLSDialerFailureHandshakingOverrideSNI(t *testing.T) {
|
||||
rec := &RecorderTLSHandshaker{TLSHandshaker: tlsdialer.SystemTLSHandshaker{}}
|
||||
rec := &RecorderTLSHandshaker{TLSHandshaker: &netxlite.TLSHandshakerStdlib{}}
|
||||
dialer := tlsdialer.TLSDialer{
|
||||
Config: &tls.Config{
|
||||
ServerName: "x.org",
|
||||
@@ -235,7 +179,7 @@ func TestDialTLSContextGood(t *testing.T) {
|
||||
dialer := tlsdialer.TLSDialer{
|
||||
Config: &tls.Config{ServerName: "google.com"},
|
||||
Dialer: new(net.Dialer),
|
||||
TLSHandshaker: tlsdialer.SystemTLSHandshaker{},
|
||||
TLSHandshaker: &netxlite.TLSHandshakerStdlib{},
|
||||
}
|
||||
conn, err := dialer.DialTLSContext(context.Background(), "tcp", "google.com:443")
|
||||
if err != nil {
|
||||
@@ -252,9 +196,8 @@ func TestDialTLSContextTimeout(t *testing.T) {
|
||||
Config: &tls.Config{ServerName: "google.com"},
|
||||
Dialer: new(net.Dialer),
|
||||
TLSHandshaker: tlsdialer.ErrorWrapperTLSHandshaker{
|
||||
TLSHandshaker: tlsdialer.TimeoutTLSHandshaker{
|
||||
TLSHandshaker: tlsdialer.SystemTLSHandshaker{},
|
||||
HandshakeTimeout: 10 * time.Microsecond,
|
||||
TLSHandshaker: &netxlite.TLSHandshakerStdlib{
|
||||
Timeout: 10 * time.Microsecond,
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user