git add

Hunter0x7c7

2022-08-11 a82f9cb69f63aaeba40c024960deda7d75b9fece

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
package tls_test 
 
import ( 
    gotls "crypto/tls" 
    "crypto/x509" 
    "testing" 
    "time" 
 
    "github.com/v2fly/v2ray-core/v5/common" 
    "github.com/v2fly/v2ray-core/v5/common/protocol/tls/cert" 
    . "github.com/v2fly/v2ray-core/v5/transport/internet/tls" 
) 
 
func TestCertificateIssuing(t *testing.T) { 
    certificate := ParseCertificate(cert.MustGenerate(nil, cert.Authority(true), cert.KeyUsage(x509.KeyUsageCertSign))) 
    certificate.Usage = Certificate_AUTHORITY_ISSUE 
 
    c := &Config{ 
        Certificate: []*Certificate{ 
            certificate, 
        }, 
    } 
 
    tlsConfig := c.GetTLSConfig() 
    v2rayCert, err := tlsConfig.GetCertificate(&gotls.ClientHelloInfo{ 
        ServerName: "www.v2fly.org", 
    }) 
    common.Must(err) 
 
    x509Cert, err := x509.ParseCertificate(v2rayCert.Certificate[0]) 
    common.Must(err) 
    if !x509Cert.NotAfter.After(time.Now()) { 
        t.Error("NotAfter: ", x509Cert.NotAfter) 
    } 
} 
 
func TestExpiredCertificate(t *testing.T) { 
    caCert := cert.MustGenerate(nil, cert.Authority(true), cert.KeyUsage(x509.KeyUsageCertSign)) 
    expiredCert := cert.MustGenerate(caCert, cert.NotAfter(time.Now().Add(time.Minute*-2)), cert.CommonName("www.v2fly.org"), cert.DNSNames("www.v2fly.org")) 
 
    certificate := ParseCertificate(caCert) 
    certificate.Usage = Certificate_AUTHORITY_ISSUE 
 
    certificate2 := ParseCertificate(expiredCert) 
 
    c := &Config{ 
        Certificate: []*Certificate{ 
            certificate, 
            certificate2, 
        }, 
    } 
 
    tlsConfig := c.GetTLSConfig() 
    v2rayCert, err := tlsConfig.GetCertificate(&gotls.ClientHelloInfo{ 
        ServerName: "www.v2fly.org", 
    }) 
    common.Must(err) 
 
    x509Cert, err := x509.ParseCertificate(v2rayCert.Certificate[0]) 
    common.Must(err) 
    if !x509Cert.NotAfter.After(time.Now()) { 
        t.Error("NotAfter: ", x509Cert.NotAfter) 
    } 
} 
 
func TestInsecureCertificates(t *testing.T) { 
    c := &Config{} 
 
    tlsConfig := c.GetTLSConfig() 
    if len(tlsConfig.CipherSuites) > 0 { 
        t.Fatal("Unexpected tls cipher suites list: ", tlsConfig.CipherSuites) 
    } 
} 
 
func BenchmarkCertificateIssuing(b *testing.B) { 
    certificate := ParseCertificate(cert.MustGenerate(nil, cert.Authority(true), cert.KeyUsage(x509.KeyUsageCertSign))) 
    certificate.Usage = Certificate_AUTHORITY_ISSUE 
 
    c := &Config{ 
        Certificate: []*Certificate{ 
            certificate, 
        }, 
    } 
 
    tlsConfig := c.GetTLSConfig() 
    lenCerts := len(tlsConfig.Certificates) 
 
    b.ResetTimer() 
 
    for i := 0; i < b.N; i++ { 
        _, _ = tlsConfig.GetCertificate(&gotls.ClientHelloInfo{ 
            ServerName: "www.v2fly.org", 
        }) 
        delete(tlsConfig.NameToCertificate, "www.v2fly.org") 
        tlsConfig.Certificates = tlsConfig.Certificates[:lenCerts] 
    } 
}