kris
/
th5
1
0
Fork 0
Código Incidencias 0 Pull Requests 0 Lanzamientos 0 Wiki Actividad
Alternative TLS implementation in Go
No puede seleccionar más de 25 temas Los temas deben comenzar con una letra o número, pueden incluir guiones ('-') y pueden tener hasta 35 caracteres de largo.
229 Commits
3 Ramas
2.6 MiB
 
 
Árbol: 65c5bd0dd6
Ramas Etiquetas
${ item.name }
Crear rama ${ searchTerm }
desde '65c5bd0dd6'
${ noResults }
th5/tls_test.go

283 líneas
8.2 KiB
Original Blame Histórico 

  1. // Copyright 2012 The Go Authors. All rights reserved.

  2. // Use of this source code is governed by a BSD-style

  3. // license that can be found in the LICENSE file.

  4. 

  5. package tls

  6. 

  7. import (

  8. 	"bytes"

  9. 	"fmt"

  10. 	"io"

  11. 	"net"

  12. 	"strings"

  13. 	"testing"

  14. 	"time"

  15. )

  16. 

  17. var rsaCertPEM = `-----BEGIN CERTIFICATE-----

  18. MIIB0zCCAX2gAwIBAgIJAI/M7BYjwB+uMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV

  19. BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX

  20. aWRnaXRzIFB0eSBMdGQwHhcNMTIwOTEyMjE1MjAyWhcNMTUwOTEyMjE1MjAyWjBF

  21. MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50

  22. ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANLJ

  23. hPHhITqQbPklG3ibCVxwGMRfp/v4XqhfdQHdcVfHap6NQ5Wok/4xIA+ui35/MmNa

  24. rtNuC+BdZ1tMuVCPFZcCAwEAAaNQME4wHQYDVR0OBBYEFJvKs8RfJaXTH08W+SGv

  25. zQyKn0H8MB8GA1UdIwQYMBaAFJvKs8RfJaXTH08W+SGvzQyKn0H8MAwGA1UdEwQF

  26. MAMBAf8wDQYJKoZIhvcNAQEFBQADQQBJlffJHybjDGxRMqaRmDhX0+6v02TUKZsW

  27. r5QuVbpQhH6u+0UgcW0jp9QwpxoPTLTWGXEWBBBurxFwiCBhkQ+V

  28. -----END CERTIFICATE-----

  29. `

  30. 

  31. var rsaKeyPEM = `-----BEGIN RSA PRIVATE KEY-----

  32. MIIBOwIBAAJBANLJhPHhITqQbPklG3ibCVxwGMRfp/v4XqhfdQHdcVfHap6NQ5Wo

  33. k/4xIA+ui35/MmNartNuC+BdZ1tMuVCPFZcCAwEAAQJAEJ2N+zsR0Xn8/Q6twa4G

  34. 6OB1M1WO+k+ztnX/1SvNeWu8D6GImtupLTYgjZcHufykj09jiHmjHx8u8ZZB/o1N

  35. MQIhAPW+eyZo7ay3lMz1V01WVjNKK9QSn1MJlb06h/LuYv9FAiEA25WPedKgVyCW

  36. SmUwbPw8fnTcpqDWE3yTO3vKcebqMSsCIBF3UmVue8YU3jybC3NxuXq3wNm34R8T

  37. xVLHwDXh/6NJAiEAl2oHGGLz64BuAfjKrqwz7qMYr9HCLIe/YsoWq/olzScCIQDi

  38. D2lWusoe2/nEqfDVVWGWlyJ7yOmqaVm/iNUN9B2N2g==

  39. -----END RSA PRIVATE KEY-----

  40. `

  41. 

  42. // keyPEM is the same as rsaKeyPEM, but declares itself as just

  43. // "PRIVATE KEY", not "RSA PRIVATE KEY".  http://golang.org/issue/4477

  44. var keyPEM = `-----BEGIN PRIVATE KEY-----

  45. MIIBOwIBAAJBANLJhPHhITqQbPklG3ibCVxwGMRfp/v4XqhfdQHdcVfHap6NQ5Wo

  46. k/4xIA+ui35/MmNartNuC+BdZ1tMuVCPFZcCAwEAAQJAEJ2N+zsR0Xn8/Q6twa4G

  47. 6OB1M1WO+k+ztnX/1SvNeWu8D6GImtupLTYgjZcHufykj09jiHmjHx8u8ZZB/o1N

  48. MQIhAPW+eyZo7ay3lMz1V01WVjNKK9QSn1MJlb06h/LuYv9FAiEA25WPedKgVyCW

  49. SmUwbPw8fnTcpqDWE3yTO3vKcebqMSsCIBF3UmVue8YU3jybC3NxuXq3wNm34R8T

  50. xVLHwDXh/6NJAiEAl2oHGGLz64BuAfjKrqwz7qMYr9HCLIe/YsoWq/olzScCIQDi

  51. D2lWusoe2/nEqfDVVWGWlyJ7yOmqaVm/iNUN9B2N2g==

  52. -----END PRIVATE KEY-----

  53. `

  54. 

  55. var ecdsaCertPEM = `-----BEGIN CERTIFICATE-----

  56. MIIB/jCCAWICCQDscdUxw16XFDAJBgcqhkjOPQQBMEUxCzAJBgNVBAYTAkFVMRMw

  57. EQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0

  58. eSBMdGQwHhcNMTIxMTE0MTI0MDQ4WhcNMTUxMTE0MTI0MDQ4WjBFMQswCQYDVQQG

  59. EwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lk

  60. Z2l0cyBQdHkgTHRkMIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQBY9+my9OoeSUR

  61. lDQdV/x8LsOuLilthhiS1Tz4aGDHIPwC1mlvnf7fg5lecYpMCrLLhauAc1UJXcgl

  62. 01xoLuzgtAEAgv2P/jgytzRSpUYvgLBt1UA0leLYBy6mQQbrNEuqT3INapKIcUv8

  63. XxYP0xMEUksLPq6Ca+CRSqTtrd/23uTnapkwCQYHKoZIzj0EAQOBigAwgYYCQXJo

  64. A7Sl2nLVf+4Iu/tAX/IF4MavARKC4PPHK3zfuGfPR3oCCcsAoz3kAzOeijvd0iXb

  65. H5jBImIxPL4WxQNiBTexAkF8D1EtpYuWdlVQ80/h/f4pBcGiXPqX5h2PQSQY7hP1

  66. +jwM1FGS4fREIOvlBYr/SzzQRtwrvrzGYxDEDbsC0ZGRnA==

  67. -----END CERTIFICATE-----

  68. `

  69. 

  70. var ecdsaKeyPEM = `-----BEGIN EC PARAMETERS-----

  71. BgUrgQQAIw==

  72. -----END EC PARAMETERS-----

  73. -----BEGIN EC PRIVATE KEY-----

  74. MIHcAgEBBEIBrsoKp0oqcv6/JovJJDoDVSGWdirrkgCWxrprGlzB9o0X8fV675X0

  75. NwuBenXFfeZvVcwluO7/Q9wkYoPd/t3jGImgBwYFK4EEACOhgYkDgYYABAFj36bL

  76. 06h5JRGUNB1X/Hwuw64uKW2GGJLVPPhoYMcg/ALWaW+d/t+DmV5xikwKssuFq4Bz

  77. VQldyCXTXGgu7OC0AQCC/Y/+ODK3NFKlRi+AsG3VQDSV4tgHLqZBBus0S6pPcg1q

  78. kohxS/xfFg/TEwRSSws+roJr4JFKpO2t3/be5OdqmQ==

  79. -----END EC PRIVATE KEY-----

  80. `

  81. 

  82. var keyPairTests = []struct {

  83. 	algo string

  84. 	cert string

  85. 	key  string

  86. }{

  87. 	{"ECDSA", ecdsaCertPEM, ecdsaKeyPEM},

  88. 	{"RSA", rsaCertPEM, rsaKeyPEM},

  89. 	{"RSA-untyped", rsaCertPEM, keyPEM}, // golang.org/issue/4477

  90. }

  91. 

  92. func TestX509KeyPair(t *testing.T) {

  93. 	var pem []byte

  94. 	for _, test := range keyPairTests {

  95. 		pem = []byte(test.cert + test.key)

  96. 		if _, err := X509KeyPair(pem, pem); err != nil {

  97. 			t.Errorf("Failed to load %s cert followed by %s key: %s", test.algo, test.algo, err)

  98. 		}

  99. 		pem = []byte(test.key + test.cert)

  100. 		if _, err := X509KeyPair(pem, pem); err != nil {

  101. 			t.Errorf("Failed to load %s key followed by %s cert: %s", test.algo, test.algo, err)

  102. 		}

  103. 	}

  104. }

  105. 

  106. func TestX509MixedKeyPair(t *testing.T) {

  107. 	if _, err := X509KeyPair([]byte(rsaCertPEM), []byte(ecdsaKeyPEM)); err == nil {

  108. 		t.Error("Load of RSA certificate succeeded with ECDSA private key")

  109. 	}

  110. 	if _, err := X509KeyPair([]byte(ecdsaCertPEM), []byte(rsaKeyPEM)); err == nil {

  111. 		t.Error("Load of ECDSA certificate succeeded with RSA private key")

  112. 	}

  113. }

  114. 

  115. func newLocalListener(t *testing.T) net.Listener {

  116. 	ln, err := net.Listen("tcp", "127.0.0.1:0")

  117. 	if err != nil {

  118. 		ln, err = net.Listen("tcp6", "[::1]:0")

  119. 	}

  120. 	if err != nil {

  121. 		t.Fatal(err)

  122. 	}

  123. 	return ln

  124. }

  125. 

  126. func TestDialTimeout(t *testing.T) {

  127. 	if testing.Short() {

  128. 		t.Skip("skipping in short mode")

  129. 	}

  130. 	listener := newLocalListener(t)

  131. 

  132. 	addr := listener.Addr().String()

  133. 	defer listener.Close()

  134. 

  135. 	complete := make(chan bool)

  136. 	defer close(complete)

  137. 

  138. 	go func() {

  139. 		conn, err := listener.Accept()

  140. 		if err != nil {

  141. 			t.Error(err)

  142. 			return

  143. 		}

  144. 		<-complete

  145. 		conn.Close()

  146. 	}()

  147. 

  148. 	dialer := &net.Dialer{

  149. 		Timeout: 10 * time.Millisecond,

  150. 	}

  151. 

  152. 	var err error

  153. 	if _, err = DialWithDialer(dialer, "tcp", addr, nil); err == nil {

  154. 		t.Fatal("DialWithTimeout completed successfully")

  155. 	}

  156. 

  157. 	if !strings.Contains(err.Error(), "timed out") {

  158. 		t.Errorf("resulting error not a timeout: %s", err)

  159. 	}

  160. }

  161. 

  162. // tests that Conn.Read returns (non-zero, io.EOF) instead of

  163. // (non-zero, nil) when a Close (alertCloseNotify) is sitting right

  164. // behind the application data in the buffer.

  165. func TestConnReadNonzeroAndEOF(t *testing.T) {

  166. 	// This test is racy: it assumes that after a write to a

  167. 	// localhost TCP connection, the peer TCP connection can

  168. 	// immediately read it.  Because it's racy, we skip this test

  169. 	// in short mode, and then retry it several times with an

  170. 	// increasing sleep in between our final write (via srv.Close

  171. 	// below) and the following read.

  172. 	if testing.Short() {

  173. 		t.Skip("skipping in short mode")

  174. 	}

  175. 	var err error

  176. 	for delay := time.Millisecond; delay <= 64*time.Millisecond; delay *= 2 {

  177. 		if err = testConnReadNonzeroAndEOF(t, delay); err == nil {

  178. 			return

  179. 		}

  180. 	}

  181. 	t.Error(err)

  182. }

  183. 

  184. func testConnReadNonzeroAndEOF(t *testing.T, delay time.Duration) error {

  185. 	ln := newLocalListener(t)

  186. 	defer ln.Close()

  187. 

  188. 	srvCh := make(chan *Conn, 1)

  189. 	var serr error

  190. 	go func() {

  191. 		sconn, err := ln.Accept()

  192. 		if err != nil {

  193. 			serr = err

  194. 			srvCh <- nil

  195. 			return

  196. 		}

  197. 		serverConfig := *testConfig

  198. 		srv := Server(sconn, &serverConfig)

  199. 		if err := srv.Handshake(); err != nil {

  200. 			serr = fmt.Errorf("handshake: %v", err)

  201. 			srvCh <- nil

  202. 			return

  203. 		}

  204. 		srvCh <- srv

  205. 	}()

  206. 

  207. 	clientConfig := *testConfig

  208. 	conn, err := Dial("tcp", ln.Addr().String(), &clientConfig)

  209. 	if err != nil {

  210. 		t.Fatal(err)

  211. 	}

  212. 	defer conn.Close()

  213. 

  214. 	srv := <-srvCh

  215. 	if srv == nil {

  216. 		return serr

  217. 	}

  218. 

  219. 	buf := make([]byte, 6)

  220. 

  221. 	srv.Write([]byte("foobar"))

  222. 	n, err := conn.Read(buf)

  223. 	if n != 6 || err != nil || string(buf) != "foobar" {

  224. 		return fmt.Errorf("Read = %d, %v, data %q; want 6, nil, foobar", n, err, buf)

  225. 	}

  226. 

  227. 	srv.Write([]byte("abcdef"))

  228. 	srv.Close()

  229. 	time.Sleep(delay)

  230. 	n, err = conn.Read(buf)

  231. 	if n != 6 || string(buf) != "abcdef" {

  232. 		return fmt.Errorf("Read = %d, buf= %q; want 6, abcdef", n, buf)

  233. 	}

  234. 	if err != io.EOF {

  235. 		return fmt.Errorf("Second Read error = %v; want io.EOF", err)

  236. 	}

  237. 	return nil

  238. }

  239. 

  240. func TestTLSUniqueMatches(t *testing.T) {

  241. 	ln := newLocalListener(t)

  242. 	defer ln.Close()

  243. 

  244. 	serverTLSUniques := make(chan []byte)

  245. 	go func() {

  246. 		for i := 0; i < 2; i++ {

  247. 			sconn, err := ln.Accept()

  248. 			if err != nil {

  249. 				t.Fatal(err)

  250. 			}

  251. 			serverConfig := *testConfig

  252. 			srv := Server(sconn, &serverConfig)

  253. 			if err := srv.Handshake(); err != nil {

  254. 				t.Fatal(err)

  255. 			}

  256. 			serverTLSUniques <- srv.ConnectionState().TLSUnique

  257. 		}

  258. 	}()

  259. 

  260. 	clientConfig := *testConfig

  261. 	clientConfig.ClientSessionCache = NewLRUClientSessionCache(1)

  262. 	conn, err := Dial("tcp", ln.Addr().String(), &clientConfig)

  263. 	if err != nil {

  264. 		t.Fatal(err)

  265. 	}

  266. 	if !bytes.Equal(conn.ConnectionState().TLSUnique, <-serverTLSUniques) {

  267. 		t.Error("client and server channel bindings differ")

  268. 	}

  269. 	conn.Close()

  270. 

  271. 	conn, err = Dial("tcp", ln.Addr().String(), &clientConfig)

  272. 	if err != nil {

  273. 		t.Fatal(err)

  274. 	}

  275. 	defer conn.Close()

  276. 	if !conn.ConnectionState().DidResume {

  277. 		t.Error("second session did not use resumption")

  278. 	}

  279. 	if !bytes.Equal(conn.ConnectionState().TLSUnique, <-serverTLSUniques) {

  280. 		t.Error("client and server channel bindings differ when session resumption is used")

  281. 	}

  282. }