aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDimitri Sokolyuk <demon@dim13.org>2016-03-31 16:27:26 +0200
committerDimitri Sokolyuk <demon@dim13.org>2016-03-31 16:27:26 +0200
commit3979e206469607aba15a1833d6bdafd07ed00283 (patch)
tree31d1b8febac6a9f806ff3e382a44b487e635dac2
parent7cb7f7d4d90714d50331c68e97fc5169c4f67991 (diff)
Test TLS
-rw-r--r--route.go13
-rw-r--r--server.go9
-rw-r--r--server_test.go58
3 files changed, 74 insertions, 6 deletions
diff --git a/route.go b/route.go
index 5e1b806..83998fd 100644
--- a/route.go
+++ b/route.go
@@ -21,10 +21,17 @@ type route struct {
// GetCertificate returns certificate for SNI negotiation
func (r Route) GetCertificate(h *tls.ClientHelloInfo) (*tls.Certificate, error) {
- if route, ok := r[h.ServerName]; ok && route.Certificate != nil {
- return route.Certificate, nil
+ host := h.ServerName
+ if v, ok := r[host]; ok && v.Certificate != nil {
+ return v.Certificate, nil
}
- return nil, errors.New("no cert for " + h.ServerName)
+ // HACK search for certs with port speciefied
+ for k, v := range r {
+ if k[:len(host)] == host {
+ return v.Certificate, nil
+ }
+ }
+ return nil, errors.New("no cert for " + host)
}
// Save routes to persistent file
diff --git a/server.go b/server.go
index 9ef2204..e021950 100644
--- a/server.go
+++ b/server.go
@@ -2,6 +2,8 @@ package goxy
import (
"crypto/tls"
+ "fmt"
+ "log"
"net/http"
"net/http/httputil"
)
@@ -47,6 +49,7 @@ func (s *Server) Update() error {
tlsMux := http.NewServeMux()
for _, v := range s.Route {
host := v.ServerName.Host + v.ServerName.Path
+ log.Println("Update", host)
up := v.Upstream
switch v.ServerName.Scheme {
case "http", "":
@@ -61,6 +64,12 @@ func (s *Server) Update() error {
tlsMux.Handle(host, NewWebSocketProxy(up))
}
}
+ wwwMux.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
+ fmt.Fprintf(w, "%q", r)
+ })
+ tlsMux.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
+ fmt.Fprintf(w, "%q", r)
+ })
s.wwwServer.Handler = wwwMux
s.tlsServer.Handler = tlsMux
return nil
diff --git a/server_test.go b/server_test.go
index 7f296b5..e322195 100644
--- a/server_test.go
+++ b/server_test.go
@@ -1,6 +1,8 @@
package goxy
import (
+ "crypto/tls"
+ "crypto/x509"
"io"
"io/ioutil"
"log"
@@ -17,6 +19,21 @@ const (
wwwServer = "localhost:8080"
tlsServer = "localhost:8443"
rpcServer = "localhost:8000"
+ cert = `-----BEGIN CERTIFICATE-----
+MIIBXjCCAQygAwIBAgIRAM03h8i2NyJ7sItcK4jU1eEwCgYIKoZIzj0EAwIwEjEQ
+MA4GA1UEChMHQWNtZSBDbzAeFw0xNjAzMzExMzU5NTlaFw0yNjAzMjkxMzU5NTla
+MBIxEDAOBgNVBAoTB0FjbWUgQ28wTjAQBgcqhkjOPQIBBgUrgQQAIQM6AATxB9y8
+ZHzQayFNY2mrEaG7tgJKTSDOAvVSn8VsDldcZXwXuWEcNoi2LKAckCL9E2xc6bxz
+AlZGXaNOMEwwDgYDVR0PAQH/BAQDAgKkMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA8G
+A1UdEwEB/wQFMAMBAf8wFAYDVR0RBA0wC4IJbG9jYWxob3N0MAoGCCqGSM49BAMC
+A0AAMD0CHQDQCcNis9uY0lGbQ4o8qJByjd9GY3Bon3wmt/ULAhwI78yOXxyeDR1T
+77Q2+pF/GmcDtCbwrVt3KpmI
+-----END CERTIFICATE-----`
+ key = `-----BEGIN EC PRIVATE KEY-----
+MGgCAQEEHHvI0aSaXHcCugwEWoBJ9R1swGVeDbTYlikuv4+gBwYFK4EEACGhPAM6
+AATxB9y8ZHzQayFNY2mrEaG7tgJKTSDOAvVSn8VsDldcZXwXuWEcNoi2LKAckCL9
+E2xc6bxzAlZGXQ==
+-----END EC PRIVATE KEY-----`
)
var server Server
@@ -30,7 +47,16 @@ func init() {
}
func get(uri string) (string, error) {
- resp, err := http.Get(uri)
+ caPool := x509.NewCertPool()
+ caPool.AppendCertsFromPEM([]byte(cert))
+ client := http.Client{
+ Transport: &http.Transport{
+ TLSClientConfig: &tls.Config{
+ RootCAs: caPool,
+ },
+ },
+ }
+ resp, err := client.Get(uri)
if err != nil {
return "", err
}
@@ -69,12 +95,10 @@ func (c Cannary) Equal(s string) bool {
}
func TestReverseProxy(t *testing.T) {
- // Backend server
backServer := httptest.NewServer(cannary)
defer backServer.Close()
t.Log("start", backServer.URL)
- // Test HTTP proxy
e := Entry{
Host: "http://" + wwwServer,
Upstream: backServer.URL,
@@ -100,6 +124,34 @@ func TestReverseProxy(t *testing.T) {
}
func TestReverseProxyTLS(t *testing.T) {
+ backServer := httptest.NewServer(cannary)
+ defer backServer.Close()
+ t.Log("start", backServer.URL)
+
+ e := Entry{
+ Host: "https://" + tlsServer,
+ Upstream: backServer.URL,
+ Cert: []byte(cert),
+ Key: []byte(key),
+ }
+ if err := add(e); err != nil {
+ t.Error(err)
+ }
+ t.Log("add", e)
+
+ resp, err := get("https://" + tlsServer)
+ if err != nil {
+ t.Error(err)
+ }
+
+ if !cannary.Equal(resp) {
+ t.Errorf("got %q expected %q", resp, cannary)
+ }
+
+ if err := del(tlsServer); err != nil {
+ t.Error(err)
+ }
+ t.Log("del", tlsServer)
}
func TestWebsocketProxy(t *testing.T) {