From 7f2463d74514aee9b75a5691bb066397b29b523e Mon Sep 17 00:00:00 2001 From: Simone Basso Date: Fri, 25 Jun 2021 12:39:45 +0200 Subject: [PATCH] refactor: merge tlsx into netxlite (#403) Part of https://github.com/ooni/probe/issues/1505 --- internal/engine/experiment/riseupvpn/riseupvpn.go | 4 ++-- internal/engine/experiment/signal/signal.go | 4 ++-- internal/engine/experiment/urlgetter/configurer.go | 4 ++-- .../engine/experiment/urlgetter/configurer_test.go | 4 ++-- internal/engine/legacy/netxlogger/netxlogger.go | 4 ++-- .../engine/legacy/oonidatamodel/oonidatamodel.go | 6 +++--- internal/engine/netx/netx.go | 5 ++--- internal/engine/netx/netx_test.go | 3 +-- internal/engine/netx/quicdialer/saver.go | 6 +++--- internal/engine/netx/tlsdialer/saver.go | 6 +++--- internal/{engine/netx/tlsx => netxlite}/certifi.go | 6 +++--- .../tlsx/generate.go => netxlite/certifigen.go} | 4 ++-- internal/netxlite/tlshandshaker.go | 6 ++---- internal/{engine/netx/tlsx => netxlite}/tlsx.go | 12 +++++------- .../{engine/netx/tlsx => netxlite}/tlsx_test.go | 14 +++++++------- 15 files changed, 41 insertions(+), 47 deletions(-) rename internal/{engine/netx/tlsx => netxlite}/certifi.go (99%) rename internal/{engine/netx/tlsx/generate.go => netxlite/certifigen.go} (96%) rename internal/{engine/netx/tlsx => netxlite}/tlsx.go (93%) rename internal/{engine/netx/tlsx => netxlite}/tlsx_test.go (86%) diff --git a/internal/engine/experiment/riseupvpn/riseupvpn.go b/internal/engine/experiment/riseupvpn/riseupvpn.go index 12ed75c..40cb3cf 100644 --- a/internal/engine/experiment/riseupvpn/riseupvpn.go +++ b/internal/engine/experiment/riseupvpn/riseupvpn.go @@ -12,7 +12,7 @@ import ( "github.com/ooni/probe-cli/v3/internal/engine/experiment/urlgetter" "github.com/ooni/probe-cli/v3/internal/engine/model" "github.com/ooni/probe-cli/v3/internal/engine/netx/archival" - "github.com/ooni/probe-cli/v3/internal/engine/netx/tlsx" + "github.com/ooni/probe-cli/v3/internal/netxlite" ) const ( @@ -183,7 +183,7 @@ func (m Measurer) Run(ctx context.Context, sess model.ExperimentSession, measurement.TestKeys = testkeys urlgetter.RegisterExtensions(measurement) - certPool := tlsx.NewDefaultCertPool() + certPool := netxlite.NewDefaultCertPool() // used multiple times below multi := urlgetter.Multi{ diff --git a/internal/engine/experiment/signal/signal.go b/internal/engine/experiment/signal/signal.go index 88cfe3f..e158299 100644 --- a/internal/engine/experiment/signal/signal.go +++ b/internal/engine/experiment/signal/signal.go @@ -10,7 +10,7 @@ import ( "github.com/ooni/probe-cli/v3/internal/engine/experiment/urlgetter" "github.com/ooni/probe-cli/v3/internal/engine/model" - "github.com/ooni/probe-cli/v3/internal/engine/netx/tlsx" + "github.com/ooni/probe-cli/v3/internal/netxlite" ) const ( @@ -111,7 +111,7 @@ func (m Measurer) Run(ctx context.Context, sess model.ExperimentSession, defer cancel() urlgetter.RegisterExtensions(measurement) - certPool := tlsx.NewDefaultCertPool() + certPool := netxlite.NewDefaultCertPool() signalCABytes := []byte(signalCA) if m.Config.SignalCA != "" { signalCABytes = []byte(m.Config.SignalCA) diff --git a/internal/engine/experiment/urlgetter/configurer.go b/internal/engine/experiment/urlgetter/configurer.go index b992284..92056bb 100644 --- a/internal/engine/experiment/urlgetter/configurer.go +++ b/internal/engine/experiment/urlgetter/configurer.go @@ -10,8 +10,8 @@ import ( "github.com/ooni/probe-cli/v3/internal/engine/model" "github.com/ooni/probe-cli/v3/internal/engine/netx" - "github.com/ooni/probe-cli/v3/internal/engine/netx/tlsx" "github.com/ooni/probe-cli/v3/internal/engine/netx/trace" + "github.com/ooni/probe-cli/v3/internal/netxlite" ) // The Configurer job is to construct a Configuration that can @@ -90,7 +90,7 @@ func (c Configurer) NewConfiguration() (Configuration, error) { if c.Config.TLSServerName != "" { configuration.HTTPConfig.TLSConfig.ServerName = c.Config.TLSServerName } - err = tlsx.ConfigureTLSVersion( + err = netxlite.ConfigureTLSVersion( configuration.HTTPConfig.TLSConfig, c.Config.TLSVersion, ) if err != nil { diff --git a/internal/engine/experiment/urlgetter/configurer_test.go b/internal/engine/experiment/urlgetter/configurer_test.go index 6009261..08f27c3 100644 --- a/internal/engine/experiment/urlgetter/configurer_test.go +++ b/internal/engine/experiment/urlgetter/configurer_test.go @@ -10,8 +10,8 @@ import ( "github.com/apex/log" "github.com/ooni/probe-cli/v3/internal/engine/experiment/urlgetter" "github.com/ooni/probe-cli/v3/internal/engine/netx/resolver" - "github.com/ooni/probe-cli/v3/internal/engine/netx/tlsx" "github.com/ooni/probe-cli/v3/internal/engine/netx/trace" + "github.com/ooni/probe-cli/v3/internal/netxlite" ) func TestConfigurerNewConfigurationVanilla(t *testing.T) { @@ -711,7 +711,7 @@ func TestConfigurerNewConfigurationTLSvInvalid(t *testing.T) { Saver: saver, } _, err := configurer.NewConfiguration() - if !errors.Is(err, tlsx.ErrInvalidTLSVersion) { + if !errors.Is(err, netxlite.ErrInvalidTLSVersion) { t.Fatalf("not the error we expected: %+v", err) } } diff --git a/internal/engine/legacy/netxlogger/netxlogger.go b/internal/engine/legacy/netxlogger/netxlogger.go index 7ef14bd..29b4c47 100644 --- a/internal/engine/legacy/netxlogger/netxlogger.go +++ b/internal/engine/legacy/netxlogger/netxlogger.go @@ -9,7 +9,7 @@ import ( "strings" "github.com/ooni/probe-cli/v3/internal/engine/legacy/netx/modelx" - "github.com/ooni/probe-cli/v3/internal/engine/netx/tlsx" + "github.com/ooni/probe-cli/v3/internal/netxlite" ) // Logger is the interface we expect from a logger @@ -66,7 +66,7 @@ func (h *Handler) OnMeasurement(m modelx.Measurement) { h.logger.Debugf( "TLS done: %s, %s (alpn='%s')", fmtError(m.TLSHandshakeDone.Error), - tlsx.VersionString(m.TLSHandshakeDone.ConnectionState.Version), + netxlite.TLSVersionString(m.TLSHandshakeDone.ConnectionState.Version), m.TLSHandshakeDone.ConnectionState.NegotiatedProtocol, ) } diff --git a/internal/engine/legacy/oonidatamodel/oonidatamodel.go b/internal/engine/legacy/oonidatamodel/oonidatamodel.go index aacc549..fc6e96e 100644 --- a/internal/engine/legacy/oonidatamodel/oonidatamodel.go +++ b/internal/engine/legacy/oonidatamodel/oonidatamodel.go @@ -20,7 +20,7 @@ import ( "github.com/ooni/probe-cli/v3/internal/engine/legacy/oonitemplates" "github.com/ooni/probe-cli/v3/internal/engine/model" "github.com/ooni/probe-cli/v3/internal/engine/netx/errorx" - "github.com/ooni/probe-cli/v3/internal/engine/netx/tlsx" + "github.com/ooni/probe-cli/v3/internal/netxlite" ) // ExtSpec describes a data format extension @@ -463,12 +463,12 @@ func NewTLSHandshakesList(results oonitemplates.Results) TLSHandshakesList { var out TLSHandshakesList for _, in := range results.TLSHandshakes { out = append(out, TLSHandshake{ - CipherSuite: tlsx.CipherSuiteString(in.ConnectionState.CipherSuite), + CipherSuite: netxlite.TLSCipherSuiteString(in.ConnectionState.CipherSuite), Failure: makeFailure(in.Error), NegotiatedProtocol: in.ConnectionState.NegotiatedProtocol, PeerCertificates: makePeerCerts(in.ConnectionState.PeerCertificates), T: in.DurationSinceBeginning.Seconds(), - TLSVersion: tlsx.VersionString(in.ConnectionState.Version), + TLSVersion: netxlite.TLSVersionString(in.ConnectionState.Version), }) } return out diff --git a/internal/engine/netx/netx.go b/internal/engine/netx/netx.go index 01d2baa..2bc68f6 100644 --- a/internal/engine/netx/netx.go +++ b/internal/engine/netx/netx.go @@ -37,7 +37,6 @@ import ( "github.com/ooni/probe-cli/v3/internal/engine/netx/quicdialer" "github.com/ooni/probe-cli/v3/internal/engine/netx/resolver" "github.com/ooni/probe-cli/v3/internal/engine/netx/tlsdialer" - "github.com/ooni/probe-cli/v3/internal/engine/netx/tlsx" "github.com/ooni/probe-cli/v3/internal/engine/netx/trace" "github.com/ooni/probe-cli/v3/internal/netxlite" ) @@ -110,7 +109,7 @@ type tlsHandshaker interface { net.Conn, tls.ConnectionState, error) } -var defaultCertPool *x509.CertPool = tlsx.NewDefaultCertPool() +var defaultCertPool *x509.CertPool = netxlite.NewDefaultCertPool() // NewResolver creates a new resolver from the specified config func NewResolver(config Config) Resolver { @@ -312,7 +311,7 @@ func NewDNSClientWithOverrides(config Config, URL, hostOverride, SNIOverride, return c, err } config.TLSConfig = &tls.Config{ServerName: SNIOverride} - if err := tlsx.ConfigureTLSVersion(config.TLSConfig, TLSVersion); err != nil { + if err := netxlite.ConfigureTLSVersion(config.TLSConfig, TLSVersion); err != nil { return c, err } switch resolverURL.Scheme { diff --git a/internal/engine/netx/netx_test.go b/internal/engine/netx/netx_test.go index bf17abd..4ea9e44 100644 --- a/internal/engine/netx/netx_test.go +++ b/internal/engine/netx/netx_test.go @@ -13,7 +13,6 @@ import ( "github.com/ooni/probe-cli/v3/internal/engine/netx/httptransport" "github.com/ooni/probe-cli/v3/internal/engine/netx/resolver" "github.com/ooni/probe-cli/v3/internal/engine/netx/tlsdialer" - "github.com/ooni/probe-cli/v3/internal/engine/netx/tlsx" "github.com/ooni/probe-cli/v3/internal/engine/netx/trace" "github.com/ooni/probe-cli/v3/internal/netxlite" ) @@ -848,7 +847,7 @@ func TestNewDNSClientBadUDPEndpoint(t *testing.T) { func TestNewDNSCLientWithInvalidTLSVersion(t *testing.T) { _, err := netx.NewDNSClientWithOverrides( netx.Config{}, "dot://8.8.8.8", "", "", "TLSv999") - if !errors.Is(err, tlsx.ErrInvalidTLSVersion) { + if !errors.Is(err, netxlite.ErrInvalidTLSVersion) { t.Fatalf("not the error we expected: %+v", err) } } diff --git a/internal/engine/netx/quicdialer/saver.go b/internal/engine/netx/quicdialer/saver.go index 0427ef1..d569d4e 100644 --- a/internal/engine/netx/quicdialer/saver.go +++ b/internal/engine/netx/quicdialer/saver.go @@ -6,8 +6,8 @@ import ( "time" "github.com/lucas-clemente/quic-go" - "github.com/ooni/probe-cli/v3/internal/engine/netx/tlsx" "github.com/ooni/probe-cli/v3/internal/engine/netx/trace" + "github.com/ooni/probe-cli/v3/internal/netxlite" ) // HandshakeSaver saves events occurring during the handshake @@ -50,12 +50,12 @@ func (h HandshakeSaver) DialContext(ctx context.Context, network string, Duration: stop.Sub(start), Name: "quic_handshake_done", NoTLSVerify: tlsCfg.InsecureSkipVerify, - TLSCipherSuite: tlsx.CipherSuiteString(state.CipherSuite), + TLSCipherSuite: netxlite.TLSCipherSuiteString(state.CipherSuite), TLSNegotiatedProto: state.NegotiatedProtocol, TLSNextProtos: tlsCfg.NextProtos, TLSPeerCerts: trace.PeerCerts(state, err), TLSServerName: tlsCfg.ServerName, - TLSVersion: tlsx.VersionString(state.Version), + TLSVersion: netxlite.TLSVersionString(state.Version), Time: stop, }) return sess, nil diff --git a/internal/engine/netx/tlsdialer/saver.go b/internal/engine/netx/tlsdialer/saver.go index ded184a..10f3a8d 100644 --- a/internal/engine/netx/tlsdialer/saver.go +++ b/internal/engine/netx/tlsdialer/saver.go @@ -6,8 +6,8 @@ import ( "net" "time" - "github.com/ooni/probe-cli/v3/internal/engine/netx/tlsx" "github.com/ooni/probe-cli/v3/internal/engine/netx/trace" + "github.com/ooni/probe-cli/v3/internal/netxlite" ) // SaverTLSHandshaker saves events occurring during the handshake @@ -35,12 +35,12 @@ func (h SaverTLSHandshaker) Handshake( Err: err, Name: "tls_handshake_done", NoTLSVerify: config.InsecureSkipVerify, - TLSCipherSuite: tlsx.CipherSuiteString(state.CipherSuite), + TLSCipherSuite: netxlite.TLSCipherSuiteString(state.CipherSuite), TLSNegotiatedProto: state.NegotiatedProtocol, TLSNextProtos: config.NextProtos, TLSPeerCerts: trace.PeerCerts(state, err), TLSServerName: config.ServerName, - TLSVersion: tlsx.VersionString(state.Version), + TLSVersion: netxlite.TLSVersionString(state.Version), Time: stop, }) return tlsconn, state, err diff --git a/internal/engine/netx/tlsx/certifi.go b/internal/netxlite/certifi.go similarity index 99% rename from internal/engine/netx/tlsx/certifi.go rename to internal/netxlite/certifi.go index 1af3da1..de84dab 100644 --- a/internal/engine/netx/tlsx/certifi.go +++ b/internal/netxlite/certifi.go @@ -1,10 +1,10 @@ // Code generated by go generate; DO NOT EDIT. -// 2021-06-15 10:55:55.638897 +0200 CEST m=+4.257631084 +// 2021-06-25 12:32:42.759674 +0200 CEST m=+0.458880709 // https://curl.haxx.se/ca/cacert.pem -package tlsx +package netxlite -//go:generate go run generate.go "https://curl.haxx.se/ca/cacert.pem" +//go:generate go run certifigen.go "https://curl.haxx.se/ca/cacert.pem" const pemcerts string = ` ## diff --git a/internal/engine/netx/tlsx/generate.go b/internal/netxlite/certifigen.go similarity index 96% rename from internal/engine/netx/tlsx/generate.go rename to internal/netxlite/certifigen.go index 154b93e..ad632b9 100644 --- a/internal/engine/netx/tlsx/generate.go +++ b/internal/netxlite/certifigen.go @@ -28,9 +28,9 @@ var tmpl = template.Must(template.New("").Parse(`// Code generated by go generat // {{ .Timestamp }} // {{ .URL }} -package tlsx +package netxlite -//go:generate go run generate.go "{{ .URL }}" +//go:generate go run certifigen.go "{{ .URL }}" const pemcerts string = ` + "`" + ` {{ .Bundle }} diff --git a/internal/netxlite/tlshandshaker.go b/internal/netxlite/tlshandshaker.go index a80d3d5..7e10233 100644 --- a/internal/netxlite/tlshandshaker.go +++ b/internal/netxlite/tlshandshaker.go @@ -5,8 +5,6 @@ import ( "crypto/tls" "net" "time" - - "github.com/ooni/probe-cli/v3/internal/engine/netx/tlsx" ) // TLSHandshaker is the generic TLS handshaker. @@ -74,8 +72,8 @@ func (h *TLSHandshakerLogger) Handshake( h.Logger.Debugf( "tls {sni=%s next=%+v}... ok in %s {next=%s cipher=%s v=%s}", config.ServerName, config.NextProtos, elapsed, state.NegotiatedProtocol, - tlsx.CipherSuiteString(state.CipherSuite), - tlsx.VersionString(state.Version)) + TLSCipherSuiteString(state.CipherSuite), + TLSVersionString(state.Version)) return tlsconn, state, nil } diff --git a/internal/engine/netx/tlsx/tlsx.go b/internal/netxlite/tlsx.go similarity index 93% rename from internal/engine/netx/tlsx/tlsx.go rename to internal/netxlite/tlsx.go index 7179059..750c2b4 100644 --- a/internal/engine/netx/tlsx/tlsx.go +++ b/internal/netxlite/tlsx.go @@ -1,5 +1,4 @@ -// Package tlsx contains TLS extensions -package tlsx +package netxlite import ( "crypto/tls" @@ -10,7 +9,6 @@ import ( var ( tlsVersionString = map[uint16]string{ - tls.VersionSSL30: "SSLv3", tls.VersionTLS10: "TLSv1", tls.VersionTLS11: "TLSv1.1", tls.VersionTLS12: "TLSv1.2", @@ -48,16 +46,16 @@ var ( } ) -// VersionString returns a TLS version string. -func VersionString(value uint16) string { +// TLSVersionString returns a TLS version string. +func TLSVersionString(value uint16) string { if str, found := tlsVersionString[value]; found { return str } return fmt.Sprintf("TLS_VERSION_UNKNOWN_%d", value) } -// CipherSuiteString returns the TLS cipher suite as a string. -func CipherSuiteString(value uint16) string { +// TLSCipherSuiteString returns the TLS cipher suite as a string. +func TLSCipherSuiteString(value uint16) string { if str, found := tlsCipherSuiteString[value]; found { return str } diff --git a/internal/engine/netx/tlsx/tlsx_test.go b/internal/netxlite/tlsx_test.go similarity index 86% rename from internal/engine/netx/tlsx/tlsx_test.go rename to internal/netxlite/tlsx_test.go index f8cb1fb..35b9064 100644 --- a/internal/engine/netx/tlsx/tlsx_test.go +++ b/internal/netxlite/tlsx_test.go @@ -1,4 +1,4 @@ -package tlsx +package netxlite import ( "crypto/tls" @@ -7,25 +7,25 @@ import ( ) func TestVersionString(t *testing.T) { - if VersionString(tls.VersionTLS13) != "TLSv1.3" { + if TLSVersionString(tls.VersionTLS13) != "TLSv1.3" { t.Fatal("not working for existing version") } - if VersionString(1) != "TLS_VERSION_UNKNOWN_1" { + if TLSVersionString(1) != "TLS_VERSION_UNKNOWN_1" { t.Fatal("not working for nonexisting version") } - if VersionString(0) != "" { + if TLSVersionString(0) != "" { t.Fatal("not working for zero version") } } func TestCipherSuite(t *testing.T) { - if CipherSuiteString(tls.TLS_AES_128_GCM_SHA256) != "TLS_AES_128_GCM_SHA256" { + if TLSCipherSuiteString(tls.TLS_AES_128_GCM_SHA256) != "TLS_AES_128_GCM_SHA256" { t.Fatal("not working for existing cipher suite") } - if CipherSuiteString(1) != "TLS_CIPHER_SUITE_UNKNOWN_1" { + if TLSCipherSuiteString(1) != "TLS_CIPHER_SUITE_UNKNOWN_1" { t.Fatal("not working for nonexisting cipher suite") } - if CipherSuiteString(0) != "" { + if TLSCipherSuiteString(0) != "" { t.Fatal("not working for zero cipher suite") } }