pass protocol & add test

Signed-off-by: spacewander <[email protected]>
mosn · Feb 8, 2024 · e1be2b4 · e1be2b4
1 parent 7e6fe2a
commit e1be2b4
Show file tree

Hide file tree

Showing 4 changed files with 111 additions and 17 deletions.
diff --git a/test/e2e/conformance/tests/go-wasm-sni-misdirect.go b/test/e2e/conformance/tests/go-wasm-sni-misdirect.go
@@ -89,6 +89,64 @@ var WasmPluginsSniMisdirect = suite.ConformanceTest{
 					},
 				},
 			},
+			{
+				Meta: http.AssertionMeta{
+					TestCaseName:    "case 3: https/2.0 request with sni and same with host",
+					TargetBackend:   "infra-backend-v1",
+					TargetNamespace: "higress-conformance-infra",
+				},
+				Request: http.AssertionRequest{
+					ActualRequest: http.Request{
+						Protocol: "HTTP/2.0",
+						Host:     "foo.com",
+						Path:     "/foo",
+						TLSConfig: &http.TLSConfig{
+							SNI: "foo.com",
+							Certificates: http.Certificates{
+								CACerts: [][]byte{caCertOut.Bytes()},
+								ClientKeyPairs: []http.ClientKeyPair{{
+									ClientCert: cliCertOut.Bytes(),
+									ClientKey:  cliKeyOut.Bytes()},
+								},
+							},
+						},
+					},
+				},
+				Response: http.AssertionResponse{
+					ExpectedResponse: http.Response{
+						StatusCode: 200,
+					},
+				},
+			},
+			{
+				Meta: http.AssertionMeta{
+					TestCaseName:    "case 4: https/2.0 request with sni and not same with host",
+					TargetBackend:   "infra-backend-v1",
+					TargetNamespace: "higress-conformance-infra",
+				},
+				Request: http.AssertionRequest{
+					ActualRequest: http.Request{
+						Protocol: "HTTP/2.0",
+						Host:     "foo.com",
+						Path:     "/foo",
+						TLSConfig: &http.TLSConfig{
+							SNI: "bar.com",
+							Certificates: http.Certificates{
+								CACerts: [][]byte{caCertOut.Bytes()},
+								ClientKeyPairs: []http.ClientKeyPair{{
+									ClientCert: cliCertOut.Bytes(),
+									ClientKey:  cliKeyOut.Bytes()},
+								},
+							},
+						},
+					},
+				},
+				Response: http.AssertionResponse{
+					ExpectedResponse: http.Response{
+						StatusCode: 421,
+					},
+				},
+			},
 		}
 
 		t.Run("WasmPlugin sni-misdirect", func(t *testing.T) {

diff --git a/test/e2e/conformance/utils/http/http.go b/test/e2e/conformance/utils/http/http.go
@@ -88,6 +88,7 @@ const (
 // values can be provided, as a comma-separated value.
 type Request struct {
 	Host             string
+	Protocol         string
 	Method           string
 	Path             string
 	Headers          map[string]string
@@ -162,12 +163,10 @@ func MakeRequestAndExpectEventuallyConsistentResponse(t *testing.T, r roundtripp
 
 	var (
 		scheme    = "http"
-		protocol  = "HTTP"
 		tlsConfig *roundtripper.TLSConfig
 	)
 	if expected.Request.ActualRequest.TLSConfig != nil {
 		scheme = "https"
-		protocol = "HTTPS"
 		clientKeyPairs := make([]roundtripper.ClientKeyPair, 0, len(expected.Request.ActualRequest.TLSConfig.Certificates.ClientKeyPairs))
 		for _, keyPair := range expected.Request.ActualRequest.TLSConfig.Certificates.ClientKeyPairs {
 			clientKeyPairs = append(clientKeyPairs, roundtripper.ClientKeyPair{
@@ -213,6 +212,11 @@ func MakeRequestAndExpectEventuallyConsistentResponse(t *testing.T, r roundtripp
 
 	path, query, _ := strings.Cut(expected.Request.ActualRequest.Path, "?")
 
+	protocol := "HTTP/1.1"
+	if expected.Request.ActualRequest.Protocol != "" {
+		protocol = expected.Request.ActualRequest.Protocol
+	}
+
 	req := roundtripper.Request{
 		Method:           expected.Request.ActualRequest.Method,
 		Host:             expected.Request.ActualRequest.Host,

diff --git a/test/e2e/conformance/utils/roundtripper/roundtripper.go b/test/e2e/conformance/utils/roundtripper/roundtripper.go
@@ -111,18 +111,51 @@ type DefaultRoundTripper struct {
 	TimeoutConfig config.TimeoutConfig
 }
 
-func (d *DefaultRoundTripper) initProtocol(client *http.Client, protocol string) {
+func (d *DefaultRoundTripper) initTransport(client *http.Client, protocol string, tlsConfig *TLSConfig) error {
+	var tlsClientConfig *tls.Config
+	if tlsConfig != nil {
+		pool := x509.NewCertPool()
+		for _, caCert := range tlsConfig.Certificates.CACert {
+			pool.AppendCertsFromPEM(caCert)
+		}
+		var clientCerts []tls.Certificate
+		for _, keyPair := range tlsConfig.Certificates.ClientKeyPairs {
+			newClientCert, err := tls.X509KeyPair(keyPair.ClientCert, keyPair.ClientKey)
+			if err != nil {
+				return fmt.Errorf("failed to load client key pair: %w", err)
+			}
+			clientCerts = append(clientCerts, newClientCert)
+		}
+
+		tlsClientConfig = &tls.Config{
+			MinVersion:         tlsConfig.MinVersion,
+			MaxVersion:         tlsConfig.MaxVersion,
+			ServerName:         tlsConfig.SNI,
+			CipherSuites:       tlsConfig.CipherSuites,
+			RootCAs:            pool,
+			Certificates:       clientCerts,
+			InsecureSkipVerify: true,
+		}
+	}
+
 	switch protocol {
 	case "HTTP/2.0":
 		tr := &http2.Transport{}
-		prevTr, ok := client.Transport.(*http.Transport)
-		if ok {
-			// other TLS fields are not existed in HTTP2
-			tr.TLSClientConfig = prevTr.TLSClientConfig
+		if tlsClientConfig != nil {
+			tr.TLSClientConfig = tlsClientConfig
 		}
 		client.Transport = tr
 	default: // HTTP1
+		if tlsClientConfig != nil {
+			client.Transport = &http.Transport{
+				TLSHandshakeTimeout: d.TimeoutConfig.TLSHandshakeTimeout,
+				DisableKeepAlives:   true,
+				TLSClientConfig:     tlsClientConfig,
+			}
+		}
 	}
+
+	return nil
 }
 
 // CaptureRoundTrip makes a request with the provided parameters and returns the
@@ -168,7 +201,7 @@ func (d *DefaultRoundTripper) CaptureRoundTrip(request Request) (*CapturedReques
 		}
 	}
 
-	d.initProtocol(client, request.Protocol)
+	d.initTransport(client, request.Protocol, request.TLSConfig)
 
 	method := "GET"
 	if request.Method != "" {

diff --git a/test/e2e/conformance/utils/roundtripper/roundtripper_test.go b/test/e2e/conformance/utils/roundtripper/roundtripper_test.go
@@ -16,21 +16,23 @@ package roundtripper
 
 import (
 	"crypto/tls"
+	"crypto/x509"
 	"net/http"
 	"testing"
 
 	"github.com/stretchr/testify/assert"
 	"golang.org/x/net/http2"
 )
 
-func TestProtocol(t *testing.T) {
+func TestTransport(t *testing.T) {
 	req := Request{
 		Protocol: "HTTP/2.0",
 	}
 	tests := []struct {
 		name          string
 		req           Request
 		prevTransport http.RoundTripper
+		tlsConfig     *TLSConfig
 		transport     http.RoundTripper
 	}{
 		{
@@ -51,15 +53,13 @@ func TestProtocol(t *testing.T) {
 		{
 			name: "https",
 			req:  req,
-			prevTransport: &http.Transport{
-				TLSHandshakeTimeout: 10,
-				DisableKeepAlives:   true,
-				TLSClientConfig: &tls.Config{
-					InsecureSkipVerify: true,
-				},
+			tlsConfig: &TLSConfig{
+				SNI: "www.example.com",
 			},
 			transport: &http2.Transport{
 				TLSClientConfig: &tls.Config{
+					RootCAs:            x509.NewCertPool(),
+					ServerName:         "www.example.com",
 					InsecureSkipVerify: true,
 				},
 			},
@@ -70,8 +70,7 @@ func TestProtocol(t *testing.T) {
 		t.Run(tt.name, func(t *testing.T) {
 			d := DefaultRoundTripper{}
 			c := http.Client{}
-			c.Transport = tt.prevTransport
-			d.initProtocol(&c, tt.req.Protocol)
+			d.initTransport(&c, tt.req.Protocol, tt.tlsConfig)
 			assert.Equal(t, tt.transport, c.Transport)
 		})
 	}