mirror of
https://github.com/XTLS/Xray-core.git
synced 2026-07-02 17:58:46 +00:00
v1.0.0
This commit is contained in:
@@ -0,0 +1,99 @@
|
||||
package tls_test
|
||||
|
||||
import (
|
||||
gotls "crypto/tls"
|
||||
"crypto/x509"
|
||||
"testing"
|
||||
"time"
|
||||
|
||||
"github.com/xtls/xray-core/v1/common"
|
||||
"github.com/xtls/xray-core/v1/common/protocol/tls/cert"
|
||||
. "github.com/xtls/xray-core/v1/transport/internet/tls"
|
||||
)
|
||||
|
||||
func TestCertificateIssuing(t *testing.T) {
|
||||
certificate := ParseCertificate(cert.MustGenerate(nil, cert.Authority(true), cert.KeyUsage(x509.KeyUsageCertSign)))
|
||||
certificate.Usage = Certificate_AUTHORITY_ISSUE
|
||||
|
||||
c := &Config{
|
||||
Certificate: []*Certificate{
|
||||
certificate,
|
||||
},
|
||||
}
|
||||
|
||||
tlsConfig := c.GetTLSConfig()
|
||||
xrayCert, err := tlsConfig.GetCertificate(&gotls.ClientHelloInfo{
|
||||
ServerName: "www.example.com",
|
||||
})
|
||||
common.Must(err)
|
||||
|
||||
x509Cert, err := x509.ParseCertificate(xrayCert.Certificate[0])
|
||||
common.Must(err)
|
||||
if !x509Cert.NotAfter.After(time.Now()) {
|
||||
t.Error("NotAfter: ", x509Cert.NotAfter)
|
||||
}
|
||||
}
|
||||
|
||||
func TestExpiredCertificate(t *testing.T) {
|
||||
caCert := cert.MustGenerate(nil, cert.Authority(true), cert.KeyUsage(x509.KeyUsageCertSign))
|
||||
expiredCert := cert.MustGenerate(caCert, cert.NotAfter(time.Now().Add(time.Minute*-2)), cert.CommonName("www.example.com"), cert.DNSNames("www.example.com"))
|
||||
|
||||
certificate := ParseCertificate(caCert)
|
||||
certificate.Usage = Certificate_AUTHORITY_ISSUE
|
||||
|
||||
certificate2 := ParseCertificate(expiredCert)
|
||||
|
||||
c := &Config{
|
||||
Certificate: []*Certificate{
|
||||
certificate,
|
||||
certificate2,
|
||||
},
|
||||
}
|
||||
|
||||
tlsConfig := c.GetTLSConfig()
|
||||
xrayCert, err := tlsConfig.GetCertificate(&gotls.ClientHelloInfo{
|
||||
ServerName: "www.example.com",
|
||||
})
|
||||
common.Must(err)
|
||||
|
||||
x509Cert, err := x509.ParseCertificate(xrayCert.Certificate[0])
|
||||
common.Must(err)
|
||||
if !x509Cert.NotAfter.After(time.Now()) {
|
||||
t.Error("NotAfter: ", x509Cert.NotAfter)
|
||||
}
|
||||
}
|
||||
|
||||
func TestInsecureCertificates(t *testing.T) {
|
||||
c := &Config{
|
||||
AllowInsecureCiphers: true,
|
||||
}
|
||||
|
||||
tlsConfig := c.GetTLSConfig()
|
||||
if len(tlsConfig.CipherSuites) > 0 {
|
||||
t.Fatal("Unexpected tls cipher suites list: ", tlsConfig.CipherSuites)
|
||||
}
|
||||
}
|
||||
|
||||
func BenchmarkCertificateIssuing(b *testing.B) {
|
||||
certificate := ParseCertificate(cert.MustGenerate(nil, cert.Authority(true), cert.KeyUsage(x509.KeyUsageCertSign)))
|
||||
certificate.Usage = Certificate_AUTHORITY_ISSUE
|
||||
|
||||
c := &Config{
|
||||
Certificate: []*Certificate{
|
||||
certificate,
|
||||
},
|
||||
}
|
||||
|
||||
tlsConfig := c.GetTLSConfig()
|
||||
lenCerts := len(tlsConfig.Certificates)
|
||||
|
||||
b.ResetTimer()
|
||||
|
||||
for i := 0; i < b.N; i++ {
|
||||
_, _ = tlsConfig.GetCertificate(&gotls.ClientHelloInfo{
|
||||
ServerName: "www.example.com",
|
||||
})
|
||||
delete(tlsConfig.NameToCertificate, "www.example.com")
|
||||
tlsConfig.Certificates = tlsConfig.Certificates[:lenCerts]
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user