status-go/server/ips_test.go

package server

import (
	"crypto/ecdsa"
	"crypto/elliptic"
	"crypto/rand"
	"crypto/tls"
	"crypto/x509"
	"encoding/hex"
	"io/ioutil"
	"net/http"
	"testing"
	"time"

	"github.com/davecgh/go-spew/spew"
	"github.com/stretchr/testify/require"
)

func testHandler(t *testing.T) func(w http.ResponseWriter, r *http.Request) {
	return func(w http.ResponseWriter, r *http.Request) {
		say, ok := r.URL.Query()["say"]
		if !ok || len(say) == 0 {
			say = append(say, "nothing")
		}

		_, err := w.Write([]byte("Hello I like to be a tls server. You said: `" + say[0] + "` " + time.Now().String()))
		if err != nil {
			require.NoError(t, err)
		}
	}
}

func TestGetOutboundIPWithFullServerE2e(t *testing.T) {
	pk, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
	require.NoError(t, err)

	ip, err := GetOutboundIP()
	require.NoError(t, err)

	cert, certPem, err := GenerateCertFromKey(pk, time.Hour, ip.String())
	require.NoError(t, err)

	s := NewPairingServer(&Config{&cert, ip.String()})

	s.SetHandlers(HandlerPatternMap{"/hello": testHandler(t)})

	err = s.Start()
	require.NoError(t, err)

	// Give time for the sever to be ready, hacky I know
	time.Sleep(100 * time.Millisecond)
	spew.Dump(s.MakeBaseURL().String())

	rootCAs, err := x509.SystemCertPool()
	require.NoError(t, err)

	ok := rootCAs.AppendCertsFromPEM(certPem)
	require.True(t, ok)

	tr := &http.Transport{
		TLSClientConfig: &tls.Config{
			MinVersion:         tls.VersionTLS12,
			InsecureSkipVerify: false, // MUST BE FALSE, or the test is meaningless
			RootCAs:            rootCAs,
		},
	}
	client := &http.Client{Transport: tr}

	b := make([]byte, 32)
	_, err = rand.Read(b)
	require.NoError(t, err)
	thing := hex.EncodeToString(b)

	response, err := client.Get(s.MakeBaseURL().String() + "/hello?say=" + thing)
	require.NoError(t, err)

	defer response.Body.Close()

	content, err := ioutil.ReadAll(response.Body)
	require.NoError(t, err)
	require.Equal(t, "Hello I like to be a tls server. You said: `"+thing+"`", string(content[:109]))
}
Get preferred network IP and refactor server package to increase reusability (#2626) * Added function to get preffered network IP Also done some refactor work oon server package to make a lot more reusable * Added server.Option and simplified handler funcs * Added serial number deterministically generated from pk * Debugging TLS server connection * Implemented configurable server ip When accessing over the network the server needs to listen on the network port and not localhost or 127.0.0.1 . Also the cert can now have a dedicated IP * Refactor of URL funcs to use the url package * Removed redundant Options pattern in favour of config param * Added full server test using GetOutboundIP * Remove references and usage of Server.port The application does not need to set the port, we rely on the net.Listener to pick a port. * Version bump * Added ToECDSA func and improved cert testing * Added error check in test * Split Server types, embedding raw Server funcs into specialised server types * localhost * Implemented DNS and IP based cert gen ios doesn't allow for restricted ip addresses to be used in a valid tls cert * Replace listener handling with original port store Also added handlers as a parameter of the Server 2022-06-15 14:49:31 +00:00			`package server`

			`import (`
			`"crypto/ecdsa"`
			`"crypto/elliptic"`
			`"crypto/rand"`
			`"crypto/tls"`
			`"crypto/x509"`
			`"encoding/hex"`
			`"io/ioutil"`
			`"net/http"`
			`"testing"`
			`"time"`

			`"github.com/davecgh/go-spew/spew"`
			`"github.com/stretchr/testify/require"`
			`)`

			`func testHandler(t testing.T) func(w http.ResponseWriter, r http.Request) {`
			`return func(w http.ResponseWriter, r *http.Request) {`
			`say, ok := r.URL.Query()["say"]`
			`if !ok \|\| len(say) == 0 {`
			`say = append(say, "nothing")`
			`}`

			_, err := w.Write([]byte("Hello I like to be a tls server. You said: `" + say[0] + "` " + time.Now().String()))
			`if err != nil {`
			`require.NoError(t, err)`
			`}`
			`}`
			`}`

			`func TestGetOutboundIPWithFullServerE2e(t *testing.T) {`
			`pk, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)`
			`require.NoError(t, err)`

			`ip, err := GetOutboundIP()`
			`require.NoError(t, err)`

			`cert, certPem, err := GenerateCertFromKey(pk, time.Hour, ip.String())`
			`require.NoError(t, err)`

			`s := NewPairingServer(&Config{&cert, ip.String()})`

			`s.SetHandlers(HandlerPatternMap{"/hello": testHandler(t)})`

			`err = s.Start()`
			`require.NoError(t, err)`

			`// Give time for the sever to be ready, hacky I know`
			`time.Sleep(100 * time.Millisecond)`
			`spew.Dump(s.MakeBaseURL().String())`

			`rootCAs, err := x509.SystemCertPool()`
			`require.NoError(t, err)`

			`ok := rootCAs.AppendCertsFromPEM(certPem)`
			`require.True(t, ok)`

			`tr := &http.Transport{`
			`TLSClientConfig: &tls.Config{`
			`MinVersion: tls.VersionTLS12,`
			`InsecureSkipVerify: false, // MUST BE FALSE, or the test is meaningless`
			`RootCAs: rootCAs,`
			`},`
			`}`
			`client := &http.Client{Transport: tr}`

			`b := make([]byte, 32)`
			`_, err = rand.Read(b)`
			`require.NoError(t, err)`
			`thing := hex.EncodeToString(b)`

			`response, err := client.Get(s.MakeBaseURL().String() + "/hello?say=" + thing)`
			`require.NoError(t, err)`

			`defer response.Body.Close()`

			`content, err := ioutil.ReadAll(response.Body)`
			`require.NoError(t, err)`
			require.Equal(t, "Hello I like to be a tls server. You said: `"+thing+"`", string(content[:109]))
			`}`