mirror of
https://github.com/SamTherapy/dnscrypt.git
synced 2024-07-05 06:46:07 +00:00
5ddb58f703
Graceful shutdown of the DNSCrypt server This PR implements Server.Shutdown(ctx context.Context) method that allows to shut down the DNSCrypt server gracefully. Some additional changes that were inadvertently made while doing that: 1. Added benchmark tests 2. Started using dns.ReadFromSessionUDP / dns.WriteToSessionUDP instead of implementing it by ourselves 3. Generally improved tests 4. Added depguard 5. Improved comments overall in the code
83 lines
2.2 KiB
Go
83 lines
2.2 KiB
Go
package dnscrypt
|
|
|
|
import (
|
|
"bytes"
|
|
"crypto/ed25519"
|
|
"crypto/rand"
|
|
"io/ioutil"
|
|
"testing"
|
|
"time"
|
|
|
|
"github.com/stretchr/testify/assert"
|
|
)
|
|
|
|
func TestCertSerialize(t *testing.T) {
|
|
cert, publicKey, _ := generateValidCert(t)
|
|
|
|
// not empty anymore
|
|
assert.False(t, bytes.Equal(cert.Signature[:], make([]byte, 64)))
|
|
|
|
// verify the signature
|
|
assert.True(t, cert.VerifySignature(publicKey))
|
|
|
|
// serialize
|
|
b, err := cert.Serialize()
|
|
assert.NoError(t, err)
|
|
assert.Equal(t, 124, len(b))
|
|
|
|
// check that we can deserialize it
|
|
cert2 := Cert{}
|
|
err = cert2.Deserialize(b)
|
|
assert.NoError(t, err)
|
|
assert.Equal(t, cert.Serial, cert2.Serial)
|
|
assert.Equal(t, cert.NotBefore, cert2.NotBefore)
|
|
assert.Equal(t, cert.NotAfter, cert2.NotAfter)
|
|
assert.Equal(t, cert.EsVersion, cert2.EsVersion)
|
|
assert.True(t, bytes.Equal(cert.ClientMagic[:], cert2.ClientMagic[:]))
|
|
assert.True(t, bytes.Equal(cert.ResolverPk[:], cert2.ResolverPk[:]))
|
|
assert.True(t, bytes.Equal(cert.Signature[:], cert2.Signature[:]))
|
|
}
|
|
|
|
func TestCertDeserialize(t *testing.T) {
|
|
// dig -t txt 2.dnscrypt-cert.opendns.com. -p 443 @208.67.220.220
|
|
certBytes, err := ioutil.ReadFile("testdata/dnscrypt-cert.opendns.txt")
|
|
assert.NoError(t, err)
|
|
|
|
b, err := unpackTxtString(string(certBytes))
|
|
assert.NoError(t, err)
|
|
|
|
cert := &Cert{}
|
|
err = cert.Deserialize(b)
|
|
assert.NoError(t, err)
|
|
assert.Equal(t, uint32(1574811744), cert.Serial)
|
|
assert.Equal(t, XSalsa20Poly1305, cert.EsVersion)
|
|
assert.Equal(t, uint32(1574811744), cert.NotBefore)
|
|
assert.Equal(t, uint32(1606347744), cert.NotAfter)
|
|
}
|
|
|
|
func generateValidCert(t *testing.T) (*Cert, ed25519.PublicKey, ed25519.PrivateKey) {
|
|
cert := &Cert{
|
|
Serial: 1,
|
|
NotAfter: uint32(time.Now().Add(1 * time.Hour).Unix()),
|
|
NotBefore: uint32(time.Now().Add(-1 * time.Hour).Unix()),
|
|
EsVersion: XChacha20Poly1305,
|
|
}
|
|
|
|
// generate short-term resolver private key
|
|
resolverSk, resolverPk := generateRandomKeyPair()
|
|
copy(cert.ResolverPk[:], resolverPk[:])
|
|
copy(cert.ResolverSk[:], resolverSk[:])
|
|
|
|
// empty at first
|
|
assert.True(t, bytes.Equal(cert.Signature[:], make([]byte, 64)))
|
|
|
|
// generate private key
|
|
publicKey, privateKey, err := ed25519.GenerateKey(rand.Reader)
|
|
assert.NoError(t, err)
|
|
|
|
// sign the data
|
|
cert.Sign(privateKey)
|
|
|
|
return cert, publicKey, privateKey
|
|
}
|