package netx_test import ( "context" "crypto/x509" "errors" "io/ioutil" "net" "net/http" "net/http/httptest" "net/url" "strings" "testing" "time" "github.com/ooni/probe-cli/v3/internal/engine/legacy/netx" "github.com/ooni/probe-cli/v3/internal/engine/netx/errorx" ) func dowithclient(t *testing.T, client *netx.HTTPClient) { defer client.CloseIdleConnections() resp, err := client.HTTPClient.Get("https://www.google.com") if err != nil { t.Fatal(err) } defer resp.Body.Close() _, err = ioutil.ReadAll(resp.Body) if err != nil { t.Fatal(err) } } func TestHTTPClient(t *testing.T) { client := netx.NewHTTPClient() dowithclient(t, client) } func TestHTTPClientAndTransport(t *testing.T) { client := netx.NewHTTPClient() client.Transport = netx.NewHTTPTransport() dowithclient(t, client) } func TestHTTPClientConfigureDNS(t *testing.T) { client := netx.NewHTTPClientWithoutProxy() err := client.ConfigureDNS("udp", "1.1.1.1:53") if err != nil { t.Fatal(err) } dowithclient(t, client) } func TestHTTPClientSetResolver(t *testing.T) { client := netx.NewHTTPClientWithoutProxy() client.SetResolver(new(net.Resolver)) dowithclient(t, client) } func TestHTTPClientSetCABundle(t *testing.T) { client := netx.NewHTTPClientWithoutProxy() err := client.SetCABundle("testdata/cacert.pem") if err != nil { t.Fatal(err) } resp, err := client.HTTPClient.Get("https://www.google.com") var target x509.UnknownAuthorityError if errors.As(err, &target) == false { t.Fatal("not the error we expected") } if resp != nil { t.Fatal("expected a nil conn here") } } func TestHTTPClientForceSpecificSNI(t *testing.T) { client := netx.NewHTTPClientWithoutProxy() err := client.ForceSpecificSNI("www.facebook.com") if err != nil { t.Fatal(err) } resp, err := client.HTTPClient.Get("https://www.google.com") var target x509.HostnameError if errors.As(err, &target) == false { t.Fatal("not the error we expected") } if resp != nil { t.Fatal("expected a nil response here") } } func TestHTTPClientForceSkipVerify(t *testing.T) { client := netx.NewHTTPClientWithoutProxy() client.ForceSkipVerify() resp, err := client.HTTPClient.Get("https://self-signed.badssl.com/") if err != nil { t.Fatal(err) } if resp == nil { t.Fatal("expected non nil response here") } } func TestHTTPNewClientProxy(t *testing.T) { server := httptest.NewServer(http.HandlerFunc( func(w http.ResponseWriter, r *http.Request) { w.WriteHeader(451) })) defer server.Close() client := netx.NewHTTPClientWithoutProxy() httpProxyTestMain(t, client.HTTPClient, 200) client = netx.NewHTTPClientWithProxyFunc(func(req *http.Request) (*url.URL, error) { return url.Parse(server.URL) }) httpProxyTestMain(t, client.HTTPClient, 451) } const httpProxyTestsURL = "http://explorer.ooni.org" func httpProxyTestMain(t *testing.T, client *http.Client, expect int) { req, err := http.NewRequest("GET", httpProxyTestsURL, nil) if err != nil { t.Fatal(err) } resp, err := client.Do(req) if err != nil { t.Fatal(err) } defer resp.Body.Close() _, err = ioutil.ReadAll(resp.Body) if err != nil { t.Fatal(err) } if resp.StatusCode != expect { t.Fatal("unexpected status code") } } func TestHTTPTransportTimeout(t *testing.T) { client := &http.Client{Transport: netx.NewHTTPTransport()} req, err := http.NewRequest("GET", "https://www.google.com", nil) if err != nil { t.Fatal(err) } ctx, cancel := context.WithTimeout(context.Background(), time.Millisecond) defer cancel() req = req.WithContext(ctx) resp, err := client.Do(req) if err == nil { t.Fatal("expected an error here") } if !strings.HasSuffix(err.Error(), errorx.FailureGenericTimeoutError) { t.Fatal("not the error we expected") } if resp != nil { t.Fatal("expected nil resp here") } } func TestHTTPTransportFailure(t *testing.T) { client := &http.Client{Transport: netx.NewHTTPTransport()} // This fails the request because we attempt to speak cleartext HTTP with // a server that instead is expecting TLS. resp, err := client.Get("http://www.google.com:443") if err == nil { t.Fatal("expected an error here") } if resp != nil { t.Fatal("expected a nil response here") } client.CloseIdleConnections() }