(tests) Refactor tris test server

2018-02-16 20:07:05 +00:00 · 2018-02-16 20:07:05 +00:00 · cd14ae86b4
commit cd14ae86b4
parent 58e1a66838
4 changed files with 79 additions and 25 deletions
--- a/README.md
+++ b/README.md
@ -27,7 +27,7 @@ The script also transparently fetches the custom Cloudflare Go 1.9 compiler with
 ```
 ./_dev/go.sh build ./_dev/tris-localserver
-TLSDEBUG=error ./tris-localserver 127.0.0.1:4443
+TLSDEBUG=error ./tris-localserver -b 127.0.0.1:4443
 ```
 ## Debugging
--- a/_dev/tris-localserver/Dockerfile
+++ b/_dev/tris-localserver/Dockerfile
@ -9,6 +9,7 @@ EXPOSE 4443
 EXPOSE 5443
 # GOOS=linux ../go.sh build -v -i .
-ADD tris-localserver ./
+ADD tris-localserver /
 ADD runner.sh /
-CMD [ "./tris-localserver", "0.0.0.0:1443", "0.0.0.0:2443", "0.0.0.0:3443", "0.0.0.0:4443", "0.0.0.0:5443" ]
+CMD [ "./runner.sh" ]
--- a/_dev/tris-localserver/runner.sh
+++ b/_dev/tris-localserver/runner.sh
@ -0,0 +1,9 @@
 #!/bin/sh
 ./tris-localserver -b 0.0.0.0:1443 -palg=ecdsa -rtt0=n  2>&1 &  # first port: ECDSA (and no 0-RTT)
 ./tris-localserver -b 0.0.0.0:2443 -palg=rsa   -rtt0=a  2>&1 &  # second port: RSA (and accept 0-RTT but not offer it)
 ./tris-localserver -b 0.0.0.0:3443 -palg=ecdsa -rtt0=o  2>&1 &  # third port: offer and reject 0-RTT
 ./tris-localserver -b 0.0.0.0:4443 -palg=ecdsa -rtt0=oa 2>&1 &  # fourth port: offer and accept 0-RTT
 ./tris-localserver -b 0.0.0.0:5443 -palg=ecdsa -rtt0=oa -rtt0ack 2>&1 &  # fifth port: offer and accept 0-RTT but confirm
 wait
--- a/_dev/tris-localserver/server.go
+++ b/_dev/tris-localserver/server.go
@ -3,6 +3,7 @@ package main
 import (
 	"crypto/tls"
 	"encoding/hex"
 	"flag"
 	"fmt"
 	"io"
 	"log"
@ -11,6 +12,28 @@ import (
 	"time"
 )
 type ZeroRTT_t int
 type PubKeyAlgo_t int
 // Bitset
 const (
 	ZeroRTT_None  ZeroRTT_t	= 0
 	ZeroRTT_Offer           = 1 << 0
 	ZeroRTT_Accept          = 1 << 1
 )
 const (
 	PubKeyRSA	PubKeyAlgo_t = iota
 	PubKeyECDSA
 )
 type server struct {
 	Address             string
 	ZeroRTT             ZeroRTT_t
 	PubKey              PubKeyAlgo_t
 	ClientAuthMethod    tls.ClientAuthType
 }
 var tlsVersionToName = map[uint16]string{
 	tls.VersionTLS10:        "1.0",
 	tls.VersionTLS11:        "1.1",
@ -21,16 +44,24 @@ var tlsVersionToName = map[uint16]string{
 	tls.VersionTLS13Draft22: "1.3 (draft 22)",
 }
-func startServer(addr string, rsa, offer0RTT, accept0RTT bool) {
+func NewServer() *server {
    s := new(server)
    s.ClientAuthMethod = tls.NoClientCert
    s.ZeroRTT = ZeroRTT_None
    s.Address = "0.0.0.1:443"
    return s
 }
 func (s *server) start() {
 	cert, err := tls.X509KeyPair([]byte(ecdsaCert), []byte(ecdsaKey))
-	if rsa {
+	if s.PubKey == PubKeyRSA {
 		cert, err = tls.X509KeyPair([]byte(rsaCert), []byte(rsaKey))
 	}
 	if err != nil {
 		log.Fatal(err)
 	}
 	var Max0RTTDataSize uint32
-	if offer0RTT {
+	if ((s.ZeroRTT&ZeroRTT_Offer) == ZeroRTT_Offer) {
 		Max0RTTDataSize = 100 * 1024
 	}
 	var keyLogWriter io.Writer
@ -41,12 +72,13 @@ func startServer(addr string, rsa, offer0RTT, accept0RTT bool) {
 		}
 		log.Println("Enabled keylog")
 	}
-	s := &http.Server{
+
-		Addr: addr,
+	httpServer := &http.Server{
 		Addr: s.Address,
 		TLSConfig: &tls.Config{
 			Certificates:    []tls.Certificate{cert},
 			Max0RTTDataSize: Max0RTTDataSize,
-			Accept0RTTData:  accept0RTT,
+			Accept0RTTData:  (s.ZeroRTT&ZeroRTT_Accept) == ZeroRTT_Accept,
 			KeyLogWriter:    keyLogWriter,
 			GetConfigForClient: func(*tls.ClientHelloInfo) (*tls.Config, error) {
 				// If we send the first flight too fast, NSS sends empty early data.
@ -54,23 +86,45 @@ func startServer(addr string, rsa, offer0RTT, accept0RTT bool) {
 				return nil, nil
 			},
 			MaxVersion: tls.VersionTLS13,
 			ClientAuth: s.ClientAuthMethod,
 		},
 	}
-	log.Fatal(s.ListenAndServeTLS("", ""))
+	log.Fatal(httpServer.ListenAndServeTLS("", ""))
 }
 var confirmingAddr string
 func main() {
    s := NewServer()
    arg_addr := flag.String("b" , "0.0.0.0:443", "Address:port used for binding")
    arg_palg := flag.String("palg", "rsa", "Public algorithm to use: rsa or ecdsa")
    arg_zerortt := flag.String("rtt0", "n", `0-RTT, accepts following values [n: None, a: Accept, o: Offer, oa: Offer and Accept]`)
    arg_confirm := flag.Bool("rtt0ack", false, "0-RTT confirm")
    //arg_clientauth := flag.String("cliauth", "", "")
    flag.Parse()
    s.Address=*arg_addr
    if *arg_palg == "ecdsa" {
        s.PubKey = PubKeyECDSA
    }
    if *arg_zerortt == "a" {
        s.ZeroRTT = ZeroRTT_Accept
    } else if *arg_zerortt == "o" {
        s.ZeroRTT = ZeroRTT_Offer
    } else if *arg_zerortt == "oa" {
        s.ZeroRTT = ZeroRTT_Offer | ZeroRTT_Accept
    }
 	http.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
 		tlsConn := r.Context().Value(http.TLSConnContextKey).(*tls.Conn)
 		server := r.Context().Value(http.ServerContextKey).(*http.Server)
 		with0RTT := ""
 		if !tlsConn.ConnectionState().HandshakeConfirmed {
 			with0RTT = " [0-RTT]"
 		}
-		if server.Addr == confirmingAddr || r.URL.Path == "/confirm" {
+		if *arg_confirm || r.URL.Path == "/confirm" {
 			if err := tlsConn.ConfirmHandshake(); err != nil {
 				log.Fatal(err)
 			}
@ -100,17 +154,7 @@ func main() {
 		fmt.Fprintf(w, "Client Hello packet (%d bytes):\n%s", len(r.TLS.ClientHello), hex.Dump(r.TLS.ClientHello))
 	})
-	switch len(os.Args) {
+	s.start()
 	case 2:
 		startServer(os.Args[1], true, true, true)
 	case 6:
 		confirmingAddr = os.Args[5]
 		go startServer(os.Args[1], false, false, false) // first port: ECDSA (and no 0-RTT)
 		go startServer(os.Args[2], true, false, true)   // second port: RSA (and accept 0-RTT but not offer it)
 		go startServer(os.Args[3], false, true, false)  // third port: offer and reject 0-RTT
 		go startServer(os.Args[4], false, true, true)   // fourth port: offer and accept 0-RTT
 		startServer(os.Args[5], false, true, true)      // fifth port: offer and accept 0-RTT but confirm
 	}
 }
 const (