From 8df59b95a923620fd23616bef0e8276e1cfd78b0 Mon Sep 17 00:00:00 2001 From: Simone Basso Date: Thu, 28 Sep 2023 14:21:56 +0200 Subject: [PATCH 1/2] cleanup(ArchivalTLSOrQUICHandshakeResult): use ArchivalBinaryData This diff modifies model.ArchivalBinaryData to always use ArchivalBinaryData for representing certificates rather than passing through the more complex (and unneeded in this case!) model.ArchivalMaybeBinaryData. Closes https://github.com/ooni/probe/issues/2165 Part of https://github.com/ooni/probe/issues/2531 --- internal/legacy/tracex/archival.go | 4 ++-- internal/legacy/tracex/archival_test.go | 19 ++++++++--------- internal/measurexlite/quic_test.go | 6 +++--- internal/measurexlite/tls.go | 23 ++++++-------------- internal/measurexlite/tls_test.go | 10 ++++----- internal/model/archival.go | 28 ++++++++++++------------- internal/model/archival_test.go | 16 +++++++------- 7 files changed, 47 insertions(+), 59 deletions(-) diff --git a/internal/legacy/tracex/archival.go b/internal/legacy/tracex/archival.go index ec2758cb33..587663e5ee 100644 --- a/internal/legacy/tracex/archival.go +++ b/internal/legacy/tracex/archival.go @@ -305,9 +305,9 @@ func NewTLSHandshakesList(begin time.Time, events []Event) (out []TLSHandshake) return } -func tlsMakePeerCerts(in [][]byte) (out []MaybeBinaryValue) { +func tlsMakePeerCerts(in [][]byte) (out []model.ArchivalBinaryData) { for _, entry := range in { - out = append(out, MaybeBinaryValue{Value: string(entry)}) + out = append(out, model.ArchivalBinaryData(entry)) } return } diff --git a/internal/legacy/tracex/archival_test.go b/internal/legacy/tracex/archival_test.go index 2b46f5b1a7..4186df9df5 100644 --- a/internal/legacy/tracex/archival_test.go +++ b/internal/legacy/tracex/archival_test.go @@ -10,6 +10,7 @@ import ( "github.com/google/go-cmp/cmp" "github.com/gorilla/websocket" + "github.com/ooni/probe-cli/v3/internal/model" "github.com/ooni/probe-cli/v3/internal/netxlite" ) @@ -547,11 +548,10 @@ func TestNewTLSHandshakesList(t *testing.T) { Failure: NewFailure(io.EOF), NegotiatedProtocol: "h2", NoTLSVerify: false, - PeerCertificates: []MaybeBinaryValue{{ - Value: "deadbeef", - }, { - Value: "abad1dea", - }}, + PeerCertificates: []model.ArchivalBinaryData{ + model.ArchivalBinaryData("deadbeef"), + model.ArchivalBinaryData("abad1dea"), + }, ServerName: "x.org", T: 0.055, TLSVersion: "TLSv1.3", @@ -582,11 +582,10 @@ func TestNewTLSHandshakesList(t *testing.T) { Failure: NewFailure(io.EOF), NegotiatedProtocol: "h3", NoTLSVerify: false, - PeerCertificates: []MaybeBinaryValue{{ - Value: "deadbeef", - }, { - Value: "abad1dea", - }}, + PeerCertificates: []model.ArchivalBinaryData{ + model.ArchivalBinaryData("deadbeef"), + model.ArchivalBinaryData("abad1dea"), + }, ServerName: "x.org", T: 0.055, TLSVersion: "TLSv1.3", diff --git a/internal/measurexlite/quic_test.go b/internal/measurexlite/quic_test.go index 24d0a6f857..7a5eba2ca7 100644 --- a/internal/measurexlite/quic_test.go +++ b/internal/measurexlite/quic_test.go @@ -156,7 +156,7 @@ func TestNewQUICDialerWithoutResolver(t *testing.T) { Failure: &expectedFailure, NegotiatedProtocol: "", NoTLSVerify: true, - PeerCertificates: []model.ArchivalMaybeBinaryData{}, + PeerCertificates: []model.ArchivalBinaryData{}, ServerName: "dns.cloudflare.com", T: time.Second.Seconds(), Tags: []string{"antani"}, @@ -336,7 +336,7 @@ func TestFirstQUICHandshake(t *testing.T) { Failure: nil, NegotiatedProtocol: "", NoTLSVerify: true, - PeerCertificates: []model.ArchivalMaybeBinaryData{}, + PeerCertificates: []model.ArchivalBinaryData{}, ServerName: "dns.cloudflare.com", T: time.Second.Seconds(), Tags: []string{}, @@ -348,7 +348,7 @@ func TestFirstQUICHandshake(t *testing.T) { Failure: nil, NegotiatedProtocol: "", NoTLSVerify: true, - PeerCertificates: []model.ArchivalMaybeBinaryData{}, + PeerCertificates: []model.ArchivalBinaryData{}, ServerName: "dns.google.com", T: time.Second.Seconds(), Tags: []string{}, diff --git a/internal/measurexlite/tls.go b/internal/measurexlite/tls.go index 479d534fe7..af0850c2e3 100644 --- a/internal/measurexlite/tls.go +++ b/internal/measurexlite/tls.go @@ -99,27 +99,16 @@ func NewArchivalTLSOrQUICHandshakeResult( } } -// newArchivalBinaryData is a factory that adapts binary data to the -// model.ArchivalMaybeBinaryData format. -func newArchivalBinaryData(data []byte) model.ArchivalMaybeBinaryData { - // TODO(https://github.com/ooni/probe/issues/2165): we should actually extend the - // model's archival data format to have a pure-binary-data type for the cases in which - // we know in advance we're dealing with binary data. - return model.ArchivalMaybeBinaryData{ - Value: string(data), - } -} - // TLSPeerCerts extracts the certificates either from the list of certificates // in the connection state or from the error that occurred. func TLSPeerCerts( - state tls.ConnectionState, err error) (out []model.ArchivalMaybeBinaryData) { - out = []model.ArchivalMaybeBinaryData{} + state tls.ConnectionState, err error) (out []model.ArchivalBinaryData) { + out = []model.ArchivalBinaryData{} var x509HostnameError x509.HostnameError if errors.As(err, &x509HostnameError) { // Test case: https://wrong.host.badssl.com/ - out = append(out, newArchivalBinaryData(x509HostnameError.Certificate.Raw)) + out = append(out, model.ArchivalBinaryData(x509HostnameError.Certificate.Raw)) return } @@ -127,19 +116,19 @@ func TLSPeerCerts( if errors.As(err, &x509UnknownAuthorityError) { // Test case: https://self-signed.badssl.com/. This error has // never been among the ones returned by MK. - out = append(out, newArchivalBinaryData(x509UnknownAuthorityError.Cert.Raw)) + out = append(out, model.ArchivalBinaryData(x509UnknownAuthorityError.Cert.Raw)) return } var x509CertificateInvalidError x509.CertificateInvalidError if errors.As(err, &x509CertificateInvalidError) { // Test case: https://expired.badssl.com/ - out = append(out, newArchivalBinaryData(x509CertificateInvalidError.Cert.Raw)) + out = append(out, model.ArchivalBinaryData(x509CertificateInvalidError.Cert.Raw)) return } for _, cert := range state.PeerCertificates { - out = append(out, newArchivalBinaryData(cert.Raw)) + out = append(out, model.ArchivalBinaryData(cert.Raw)) } return } diff --git a/internal/measurexlite/tls_test.go b/internal/measurexlite/tls_test.go index 98006e3612..ab7df3625e 100644 --- a/internal/measurexlite/tls_test.go +++ b/internal/measurexlite/tls_test.go @@ -123,7 +123,7 @@ func TestNewTLSHandshakerStdlib(t *testing.T) { Failure: &expectedFailure, NegotiatedProtocol: "", NoTLSVerify: true, - PeerCertificates: []model.ArchivalMaybeBinaryData{}, + PeerCertificates: []model.ArchivalBinaryData{}, ServerName: "dns.cloudflare.com", T: time.Second.Seconds(), Tags: []string{"antani"}, @@ -279,7 +279,7 @@ func TestNewTLSHandshakerStdlib(t *testing.T) { Failure: nil, NegotiatedProtocol: "", NoTLSVerify: false, - PeerCertificates: []model.ArchivalMaybeBinaryData{}, + PeerCertificates: []model.ArchivalBinaryData{}, ServerName: "dns.google", T: time.Second.Seconds(), Tags: []string{}, @@ -293,7 +293,7 @@ func TestNewTLSHandshakerStdlib(t *testing.T) { if len(got.PeerCertificates) != 2 { t.Fatal("expected to see two certificates") } - got.PeerCertificates = []model.ArchivalMaybeBinaryData{} // see above + got.PeerCertificates = []model.ArchivalBinaryData{} // see above if diff := cmp.Diff(expected, got); diff != "" { t.Fatal(diff) } @@ -366,7 +366,7 @@ func TestFirstTLSHandshake(t *testing.T) { Failure: nil, NegotiatedProtocol: "", NoTLSVerify: true, - PeerCertificates: []model.ArchivalMaybeBinaryData{}, + PeerCertificates: []model.ArchivalBinaryData{}, ServerName: "dns.cloudflare.com", T: time.Second.Seconds(), Tags: []string{}, @@ -378,7 +378,7 @@ func TestFirstTLSHandshake(t *testing.T) { Failure: nil, NegotiatedProtocol: "", NoTLSVerify: true, - PeerCertificates: []model.ArchivalMaybeBinaryData{}, + PeerCertificates: []model.ArchivalBinaryData{}, ServerName: "dns.google.com", T: time.Second.Seconds(), Tags: []string{}, diff --git a/internal/model/archival.go b/internal/model/archival.go index ad59a51d98..d640f6b351 100644 --- a/internal/model/archival.go +++ b/internal/model/archival.go @@ -235,20 +235,20 @@ type ArchivalTCPConnectStatus struct { // // See https://github.com/ooni/spec/blob/master/data-formats/df-006-tlshandshake.md type ArchivalTLSOrQUICHandshakeResult struct { - Network string `json:"network"` - Address string `json:"address"` - CipherSuite string `json:"cipher_suite"` - Failure *string `json:"failure"` - SoError *string `json:"so_error,omitempty"` - NegotiatedProtocol string `json:"negotiated_protocol"` - NoTLSVerify bool `json:"no_tls_verify"` - PeerCertificates []ArchivalMaybeBinaryData `json:"peer_certificates"` - ServerName string `json:"server_name"` - T0 float64 `json:"t0,omitempty"` - T float64 `json:"t"` - Tags []string `json:"tags"` - TLSVersion string `json:"tls_version"` - TransactionID int64 `json:"transaction_id,omitempty"` + Network string `json:"network"` + Address string `json:"address"` + CipherSuite string `json:"cipher_suite"` + Failure *string `json:"failure"` + SoError *string `json:"so_error,omitempty"` + NegotiatedProtocol string `json:"negotiated_protocol"` + NoTLSVerify bool `json:"no_tls_verify"` + PeerCertificates []ArchivalBinaryData `json:"peer_certificates"` + ServerName string `json:"server_name"` + T0 float64 `json:"t0,omitempty"` + T float64 `json:"t"` + Tags []string `json:"tags"` + TLSVersion string `json:"tls_version"` + TransactionID int64 `json:"transaction_id,omitempty"` } // diff --git a/internal/model/archival_test.go b/internal/model/archival_test.go index 591b56afb0..56e3ad169a 100644 --- a/internal/model/archival_test.go +++ b/internal/model/archival_test.go @@ -597,9 +597,9 @@ func TestArchivalTLSOrQUICHandshakeResult(t *testing.T) { SoError: nil, NegotiatedProtocol: "http/1.1", NoTLSVerify: false, - PeerCertificates: []model.ArchivalMaybeBinaryData{{ - Value: string(archivalBinaryInput), - }}, + PeerCertificates: []model.ArchivalBinaryData{ + model.ArchivalBinaryData(archivalBinaryInput), + }, ServerName: "dns.google", T0: 1.0, T: 2.0, @@ -625,7 +625,7 @@ func TestArchivalTLSOrQUICHandshakeResult(t *testing.T) { })(), NegotiatedProtocol: "", NoTLSVerify: false, - PeerCertificates: []model.ArchivalMaybeBinaryData{}, + PeerCertificates: []model.ArchivalBinaryData{}, ServerName: "dns.google", T0: 1.0, T: 2.0, @@ -700,9 +700,9 @@ func TestArchivalTLSOrQUICHandshakeResult(t *testing.T) { SoError: nil, NegotiatedProtocol: "http/1.1", NoTLSVerify: false, - PeerCertificates: []model.ArchivalMaybeBinaryData{{ - Value: string(archivalBinaryInput), - }}, + PeerCertificates: []model.ArchivalBinaryData{ + model.ArchivalBinaryData(archivalBinaryInput), + }, ServerName: "dns.google", T0: 1.0, T: 2.0, @@ -728,7 +728,7 @@ func TestArchivalTLSOrQUICHandshakeResult(t *testing.T) { })(), NegotiatedProtocol: "", NoTLSVerify: false, - PeerCertificates: []model.ArchivalMaybeBinaryData{}, + PeerCertificates: []model.ArchivalBinaryData{}, ServerName: "dns.google", T0: 1.0, T: 2.0, From f6ea51e4fde316f0963ea222f441b35aa5615adf Mon Sep 17 00:00:00 2001 From: Simone Basso Date: Thu, 28 Sep 2023 14:33:11 +0200 Subject: [PATCH 2/2] x --- internal/legacy/measurex/archival.go | 12 ++++++------ internal/measurexlite/tls_test.go | 29 ++++++++++++++-------------- 2 files changed, 20 insertions(+), 21 deletions(-) diff --git a/internal/legacy/measurex/archival.go b/internal/legacy/measurex/archival.go index 055d250380..ad9c30da97 100644 --- a/internal/legacy/measurex/archival.go +++ b/internal/legacy/measurex/archival.go @@ -1,5 +1,11 @@ package measurex +// +// Archival +// +// This file defines helpers to serialize to the OONI data format. +// + import ( "net" "net/http" @@ -8,12 +14,6 @@ import ( "time" ) -// -// Archival -// -// This file defines helpers to serialize to the OONI data format. -// - // // BinaryData // diff --git a/internal/measurexlite/tls_test.go b/internal/measurexlite/tls_test.go index ab7df3625e..4b3e22aa3e 100644 --- a/internal/measurexlite/tls_test.go +++ b/internal/measurexlite/tls_test.go @@ -400,7 +400,7 @@ func TestTLSPeerCerts(t *testing.T) { tests := []struct { name string args args - wantOut []model.ArchivalMaybeBinaryData + wantOut []model.ArchivalBinaryData }{{ name: "x509.HostnameError", args: args{ @@ -411,9 +411,9 @@ func TestTLSPeerCerts(t *testing.T) { }, }, }, - wantOut: []model.ArchivalMaybeBinaryData{{ - Value: "deadbeef", - }}, + wantOut: []model.ArchivalBinaryData{ + model.ArchivalBinaryData("deadbeef"), + }, }, { name: "x509.UnknownAuthorityError", args: args{ @@ -424,9 +424,9 @@ func TestTLSPeerCerts(t *testing.T) { }, }, }, - wantOut: []model.ArchivalMaybeBinaryData{{ - Value: "deadbeef", - }}, + wantOut: []model.ArchivalBinaryData{ + model.ArchivalBinaryData("deadbeef"), + }, }, { name: "x509.CertificateInvalidError", args: args{ @@ -437,9 +437,9 @@ func TestTLSPeerCerts(t *testing.T) { }, }, }, - wantOut: []model.ArchivalMaybeBinaryData{{ - Value: "deadbeef", - }}, + wantOut: []model.ArchivalBinaryData{ + model.ArchivalBinaryData("deadbeef"), + }, }, { name: "successful case", args: args{ @@ -452,11 +452,10 @@ func TestTLSPeerCerts(t *testing.T) { }, err: nil, }, - wantOut: []model.ArchivalMaybeBinaryData{{ - Value: "deadbeef", - }, { - Value: "abad1dea", - }}, + wantOut: []model.ArchivalBinaryData{ + model.ArchivalBinaryData("deadbeef"), + model.ArchivalBinaryData("abad1dea"), + }, }} for _, tt := range tests { t.Run(tt.name, func(t *testing.T) {