-
Notifications
You must be signed in to change notification settings - Fork 7
/
Copy pathtls_test.go
156 lines (143 loc) · 3.98 KB
/
tls_test.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
package dane
/*
* Note: these test routines may not work unless you adapt this file
* to use validating DNS resolvers and appropriately configured DANE TLS
* servers you have access to.
*/
import (
"fmt"
"os"
"testing"
)
var resolver1, resolver2 *Resolver
func TestMain(m *testing.M) {
// validating resolver
servers1 := []*Server{NewServer("", "8.8.8.8", 53)}
resolver1 = NewResolver(servers1)
// non-validating resolver
resolver2, _ = GetResolver("")
os.Exit(m.Run())
}
func TestDialTLS(t *testing.T) {
testCases := []struct {
host string
ip string
port int
resolver *Resolver
needsuccess bool
}{
{"www.example.com", "50.116.63.23", 443, resolver1, true},
{"www.example.com", "50.116.63.23", 443, resolver2, true},
{"www.amazon.com", "99.84.214.124", 443, resolver2, true},
{"doth.example.com", "54.90.232.69", 853, resolver1, true},
{"adns1.aws.example.com", "3.225.161.117", 443, resolver1, true},
{"adns2.aws.example.com", "52.88.78.179", 443, resolver1, true},
{"ctest1.aws.example.com", "3.225.161.117", 443, resolver1, true},
{"ctest2.aws.example.com", "52.88.78.179", 443, resolver1, false},
{"badhash.dane.example.com", "104.236.200.251", 443, resolver1, false},
{"badparam.dane.example.com", "104.236.200.251", 443, resolver1, false},
{"expiredsig.dane.example.com", "104.236.200.251", 443, resolver1, false},
}
for _, tc := range testCases {
t.Run(fmt.Sprintf("## %s %s %d", tc.host, tc.ip, tc.port), func(t *testing.T) {
defer fmt.Println("")
daneconfig := NewConfig(tc.host, tc.ip, tc.port)
server := daneconfig.Server
fmt.Printf("## TLS: %s\n", server)
tlsa, err := GetTLSA(tc.resolver, server.Name, server.Port)
if err != nil {
fmt.Printf("Result: FAILED: %s\n", err.Error())
if tc.needsuccess {
t.Fatalf("%s", err)
}
return
}
daneconfig.SetTLSA(tlsa)
conn, err := DialTLS(daneconfig)
if daneconfig.TLSA != nil {
daneconfig.TLSA.Results()
}
if err != nil {
fmt.Printf("Result: FAILED: %s\n", err.Error())
if tc.needsuccess {
t.Fatalf("DialTLS: %s.", err)
}
return
}
conn.Close()
if daneconfig.Okdane {
fmt.Printf("Result: DANE OK\n")
} else if daneconfig.Okpkix {
fmt.Printf("Result: PKIX OK\n")
} else {
fmt.Printf("Result: FAILED\n")
}
}) // end t.Run()
}
}
func TestDiagMode(t *testing.T) {
var hostname = "badhash.dane.huque.com"
var ipstring = "104.236.200.251"
var port = 443
daneconfig := NewConfig(hostname, ipstring, port)
daneconfig.SetDiagMode(true)
server := daneconfig.Server
fmt.Printf("## TLS DIAGMODE: %s\n", server)
tlsa, err := GetTLSA(resolver1, server.Name, server.Port)
if err != nil {
fmt.Printf("Result: FAILED: %s\n", err.Error())
t.Fatalf("%s", err)
return
}
daneconfig.SetTLSA(tlsa)
conn, err := DialTLS(daneconfig)
if daneconfig.TLSA != nil {
daneconfig.TLSA.Results()
}
if err != nil {
fmt.Printf("Result: FAILED: %s\n", err.Error())
t.Fatalf("DialTLS: %s.", err)
return
}
conn.Close()
if daneconfig.Okdane {
fmt.Printf("Result: DANE OK\n")
} else if daneconfig.Okpkix {
fmt.Printf("Result: PKIX OK\n")
} else {
fmt.Printf("Result: FAILED\n")
}
}
func TestALPN(t *testing.T) {
var hostname = "www.huque.com"
var ipstring = "50.116.63.23"
var port = 443
daneconfig := NewConfig(hostname, ipstring, port)
server := daneconfig.Server
fmt.Printf("## TLS ALPN: %s\n", server)
tlsa, err := GetTLSA(resolver1, server.Name, server.Port)
if err != nil {
fmt.Printf("Result: FAILED: %s\n", err.Error())
t.Fatalf("%s", err)
return
}
daneconfig.SetTLSA(tlsa)
daneconfig.SetALPN([]string{"h2"})
conn, err := DialTLS(daneconfig)
if daneconfig.TLSA != nil {
daneconfig.TLSA.Results()
}
if err != nil {
fmt.Printf("Result: FAILED: %s\n", err.Error())
t.Fatalf("DialTLS: %s.", err)
return
}
conn.Close()
if daneconfig.Okdane {
fmt.Printf("Result: DANE OK\n")
} else if daneconfig.Okpkix {
fmt.Printf("Result: PKIX OK\n")
} else {
fmt.Printf("Result: FAILED\n")
}
}