refactor: move tlsdialer to netxlite (#404)

Part of https://github.com/ooni/probe/issues/1505
2021-06-25 13:42:48 +02:00
parent 7f2463d745
commit d031829a4b
9 changed files with 267 additions and 176 deletions
@@ -1,13 +1,11 @@
 package tlsdialer_test

 import (
-	"context"
 	"net"
 	"net/http"
 	"testing"

 	"github.com/apex/log"
-	"github.com/ooni/probe-cli/v3/internal/engine/netx/tlsdialer"
 	"github.com/ooni/probe-cli/v3/internal/netxlite"
 )

@@ -16,18 +14,16 @@ func TestTLSDialerSuccess(t *testing.T) {
 		t.Skip("skip test in short mode")
 	}
 	log.SetLevel(log.DebugLevel)
-	dialer := tlsdialer.TLSDialer{Dialer: new(net.Dialer),
+	dialer := &netxlite.TLSDialer{Dialer: new(net.Dialer),
 		TLSHandshaker: &netxlite.TLSHandshakerLogger{
 			TLSHandshaker: &netxlite.TLSHandshakerStdlib{},
 			Logger:        log.Log,
 		},
 	}
-	txp := &http.Transport{DialTLS: func(network, address string) (net.Conn, error) {
-		// AlpineLinux edge is still using Go 1.13. We cannot switch to
-		// using DialTLSContext here as we'd like to until either Alpine
-		// switches to Go 1.14 or we drop the MK dependency.
-		return dialer.DialTLSContext(context.Background(), network, address)
-	}}
+	txp := &http.Transport{
+		DialTLSContext:    dialer.DialTLSContext,
+		ForceAttemptHTTP2: true,
+	}
 	client := &http.Client{Transport: txp}
 	resp, err := client.Get("https://www.google.com")
 	if err != nil {
@@ -22,7 +22,7 @@ func TestSaverTLSHandshakerSuccessWithReadWrite(t *testing.T) {
 	}
 	nextprotos := []string{"h2"}
 	saver := &trace.Saver{}
-	tlsdlr := tlsdialer.TLSDialer{
+	tlsdlr := &netxlite.TLSDialer{
 		Config: &tls.Config{NextProtos: nextprotos},
 		Dialer: dialer.New(&dialer.Config{ReadWriteSaver: saver}, &net.Resolver{}),
 		TLSHandshaker: tlsdialer.SaverTLSHandshaker{
@@ -115,7 +115,7 @@ func TestSaverTLSHandshakerSuccess(t *testing.T) {
 	}
 	nextprotos := []string{"h2"}
 	saver := &trace.Saver{}
-	tlsdlr := tlsdialer.TLSDialer{
+	tlsdlr := &netxlite.TLSDialer{
 		Config: &tls.Config{NextProtos: nextprotos},
 		Dialer: new(net.Dialer),
 		TLSHandshaker: tlsdialer.SaverTLSHandshaker{
@@ -181,7 +181,7 @@ func TestSaverTLSHandshakerHostnameError(t *testing.T) {
 		t.Skip("skip test in short mode")
 	}
 	saver := &trace.Saver{}
-	tlsdlr := tlsdialer.TLSDialer{
+	tlsdlr := &netxlite.TLSDialer{
 		Dialer: new(net.Dialer),
 		TLSHandshaker: tlsdialer.SaverTLSHandshaker{
 			TLSHandshaker: &netxlite.TLSHandshakerStdlib{},
@@ -214,7 +214,7 @@ func TestSaverTLSHandshakerInvalidCertError(t *testing.T) {
 		t.Skip("skip test in short mode")
 	}
 	saver := &trace.Saver{}
-	tlsdlr := tlsdialer.TLSDialer{
+	tlsdlr := &netxlite.TLSDialer{
 		Dialer: new(net.Dialer),
 		TLSHandshaker: tlsdialer.SaverTLSHandshaker{
 			TLSHandshaker: &netxlite.TLSHandshakerStdlib{},
@@ -247,7 +247,7 @@ func TestSaverTLSHandshakerAuthorityError(t *testing.T) {
 		t.Skip("skip test in short mode")
 	}
 	saver := &trace.Saver{}
-	tlsdlr := tlsdialer.TLSDialer{
+	tlsdlr := &netxlite.TLSDialer{
 		Dialer: new(net.Dialer),
 		TLSHandshaker: tlsdialer.SaverTLSHandshaker{
 			TLSHandshaker: &netxlite.TLSHandshakerStdlib{},
@@ -280,7 +280,7 @@ func TestSaverTLSHandshakerNoTLSVerify(t *testing.T) {
 		t.Skip("skip test in short mode")
 	}
 	saver := &trace.Saver{}
-	tlsdlr := tlsdialer.TLSDialer{
+	tlsdlr := &netxlite.TLSDialer{
 		Config: &tls.Config{InsecureSkipVerify: true},
 		Dialer: new(net.Dialer),
 		TLSHandshaker: tlsdialer.SaverTLSHandshaker{
@@ -66,41 +66,3 @@ func (h EmitterTLSHandshaker) Handshake(
 	})
 	return tlsconn, state, err
 }
-
-// TLSDialer is the TLS dialer
-type TLSDialer struct {
-	Config        *tls.Config
-	Dialer        UnderlyingDialer
-	TLSHandshaker TLSHandshaker
-}
-
-// DialTLSContext is like tls.DialTLS but with the signature of net.Dialer.DialContext
-func (d TLSDialer) DialTLSContext(ctx context.Context, network, address string) (net.Conn, error) {
-	// Implementation note: when DialTLS is not set, the code in
-	// net/http will perform the handshake. Otherwise, if DialTLS
-	// is set, we will end up here. This code is still used when
-	// performing non-HTTP TLS-enabled dial operations.
-	host, _, err := net.SplitHostPort(address)
-	if err != nil {
-		return nil, err
-	}
-	conn, err := d.Dialer.DialContext(ctx, network, address)
-	if err != nil {
-		return nil, err
-	}
-	config := d.Config
-	if config == nil {
-		config = new(tls.Config)
-	} else {
-		config = config.Clone()
-	}
-	if config.ServerName == "" {
-		config.ServerName = host
-	}
-	tlsconn, _, err := d.TLSHandshaker.Handshake(ctx, conn, config)
-	if err != nil {
-		conn.Close()
-		return nil, err
-	}
-	return tlsconn, nil
-}
@@ -5,7 +5,6 @@ import (
 	"crypto/tls"
 	"errors"
 	"io"
-	"net"
 	"testing"
 	"time"

@@ -97,115 +96,3 @@ func TestEmitterTLSHandshakerFailure(t *testing.T) {
 		t.Fatal("expected nonzero DurationSinceBeginning")
 	}
 }
-
-func TestTLSDialerFailureSplitHostPort(t *testing.T) {
-	dialer := tlsdialer.TLSDialer{}
-	conn, err := dialer.DialTLSContext(
-		context.Background(), "tcp", "www.google.com") // missing port
-	if err == nil {
-		t.Fatal("expected an error here")
-	}
-	if conn != nil {
-		t.Fatal("connection is not nil")
-	}
-}
-
-func TestTLSDialerFailureDialing(t *testing.T) {
-	dialer := tlsdialer.TLSDialer{Dialer: tlsdialer.EOFDialer{}}
-	conn, err := dialer.DialTLSContext(
-		context.Background(), "tcp", "www.google.com:443")
-	if !errors.Is(err, io.EOF) {
-		t.Fatal("expected an error here")
-	}
-	if conn != nil {
-		t.Fatal("connection is not nil")
-	}
-}
-
-func TestTLSDialerFailureHandshaking(t *testing.T) {
-	rec := &RecorderTLSHandshaker{TLSHandshaker: &netxlite.TLSHandshakerStdlib{}}
-	dialer := tlsdialer.TLSDialer{
-		Dialer:        tlsdialer.EOFConnDialer{},
-		TLSHandshaker: rec,
-	}
-	conn, err := dialer.DialTLSContext(
-		context.Background(), "tcp", "www.google.com:443")
-	if !errors.Is(err, io.EOF) {
-		t.Fatal("expected an error here")
-	}
-	if conn != nil {
-		t.Fatal("connection is not nil")
-	}
-	if rec.SNI != "www.google.com" {
-		t.Fatal("unexpected SNI value")
-	}
-}
-
-func TestTLSDialerFailureHandshakingOverrideSNI(t *testing.T) {
-	rec := &RecorderTLSHandshaker{TLSHandshaker: &netxlite.TLSHandshakerStdlib{}}
-	dialer := tlsdialer.TLSDialer{
-		Config: &tls.Config{
-			ServerName: "x.org",
-		},
-		Dialer:        tlsdialer.EOFConnDialer{},
-		TLSHandshaker: rec,
-	}
-	conn, err := dialer.DialTLSContext(
-		context.Background(), "tcp", "www.google.com:443")
-	if !errors.Is(err, io.EOF) {
-		t.Fatal("expected an error here")
-	}
-	if conn != nil {
-		t.Fatal("connection is not nil")
-	}
-	if rec.SNI != "x.org" {
-		t.Fatal("unexpected SNI value")
-	}
-}
-
-type RecorderTLSHandshaker struct {
-	tlsdialer.TLSHandshaker
-	SNI string
-}
-
-func (h *RecorderTLSHandshaker) Handshake(
-	ctx context.Context, conn net.Conn, config *tls.Config,
-) (net.Conn, tls.ConnectionState, error) {
-	h.SNI = config.ServerName
-	return h.TLSHandshaker.Handshake(ctx, conn, config)
-}
-
-func TestDialTLSContextGood(t *testing.T) {
-	dialer := tlsdialer.TLSDialer{
-		Config:        &tls.Config{ServerName: "google.com"},
-		Dialer:        new(net.Dialer),
-		TLSHandshaker: &netxlite.TLSHandshakerStdlib{},
-	}
-	conn, err := dialer.DialTLSContext(context.Background(), "tcp", "google.com:443")
-	if err != nil {
-		t.Fatal(err)
-	}
-	if conn == nil {
-		t.Fatal("connection is nil")
-	}
-	conn.Close()
-}
-
-func TestDialTLSContextTimeout(t *testing.T) {
-	dialer := tlsdialer.TLSDialer{
-		Config: &tls.Config{ServerName: "google.com"},
-		Dialer: new(net.Dialer),
-		TLSHandshaker: tlsdialer.ErrorWrapperTLSHandshaker{
-			TLSHandshaker: &netxlite.TLSHandshakerStdlib{
-				Timeout: 10 * time.Microsecond,
-			},
-		},
-	}
-	conn, err := dialer.DialTLSContext(context.Background(), "tcp", "google.com:443")
-	if err.Error() != errorx.FailureGenericTimeoutError {
-		t.Fatal("not the error that we expected")
-	}
-	if conn != nil {
-		t.Fatal("connection is not nil")
-	}
-}