JustAnotherArchivist
/
transfer.sh
geforked van kiska/transfer.sh
1
0
Vork 1
Code Kwesties 0 Pull-aanvragen 0 Publicaties 0 Wiki Activiteit
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
301 Commits
17 Branches
34 MiB
 
 
 
Tree: c4dbd39527
Branches Labels
${ item.name }
Maak branch ${ searchTerm }
van 'c4dbd39527'
${ noResults }
transfer.sh/vendor/github.com/google/martian/proxy_test.go

1317 regels
34 KiB
Ruw Blame Geschiedenis 

  1. // Copyright 2015 Google Inc. All rights reserved.

  2. //

  3. // Licensed under the Apache License, Version 2.0 (the "License");

  4. // you may not use this file except in compliance with the License.

  5. // You may obtain a copy of the License at

  6. //

  7. //     http://www.apache.org/licenses/LICENSE-2.0

  8. //

  9. // Unless required by applicable law or agreed to in writing, software

  10. // distributed under the License is distributed on an "AS IS" BASIS,

  11. // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

  12. // See the License for the specific language governing permissions and

  13. // limitations under the License.

  14. 

  15. package martian

  16. 

  17. import (

  18. 	"bufio"

  19. 	"bytes"

  20. 	"crypto/tls"

  21. 	"crypto/x509"

  22. 	"errors"

  23. 	"fmt"

  24. 	"io"

  25. 	"io/ioutil"

  26. 	"net"

  27. 	"net/http"

  28. 	"net/url"

  29. 	"os"

  30. 	"strings"

  31. 	"testing"

  32. 	"time"

  33. 

  34. 	"github.com/google/martian/log"

  35. 	"github.com/google/martian/martiantest"

  36. 	"github.com/google/martian/mitm"

  37. 	"github.com/google/martian/proxyutil"

  38. )

  39. 

  40. type tempError struct{}

  41. 

  42. func (e *tempError) Error() string   { return "temporary" }

  43. func (e *tempError) Timeout() bool   { return true }

  44. func (e *tempError) Temporary() bool { return true }

  45. 

  46. type timeoutListener struct {

  47. 	net.Listener

  48. 	errCount int

  49. 	err      error

  50. }

  51. 

  52. func newTimeoutListener(l net.Listener, errCount int) net.Listener {

  53. 	return &timeoutListener{

  54. 		Listener: l,

  55. 		errCount: errCount,

  56. 		err:      &tempError{},

  57. 	}

  58. }

  59. 

  60. func (l *timeoutListener) Accept() (net.Conn, error) {

  61. 	if l.errCount > 0 {

  62. 		l.errCount--

  63. 		return nil, l.err

  64. 	}

  65. 

  66. 	return l.Listener.Accept()

  67. }

  68. 

  69. func TestIntegrationTemporaryTimeout(t *testing.T) {

  70. 	t.Parallel()

  71. 

  72. 	l, err := net.Listen("tcp", "[::]:0")

  73. 	if err != nil {

  74. 		t.Fatalf("net.Listen(): got %v, want no error", err)

  75. 	}

  76. 

  77. 	p := NewProxy()

  78. 	defer p.Close()

  79. 

  80. 	tr := martiantest.NewTransport()

  81. 	p.SetRoundTripper(tr)

  82. 	p.SetTimeout(200 * time.Millisecond)

  83. 

  84. 	// Start the proxy with a listener that will return a temporary error on

  85. 	// Accept() three times.

  86. 	go p.Serve(newTimeoutListener(l, 3))

  87. 

  88. 	conn, err := net.Dial("tcp", l.Addr().String())

  89. 	if err != nil {

  90. 		t.Fatalf("net.Dial(): got %v, want no error", err)

  91. 	}

  92. 	defer conn.Close()

  93. 

  94. 	req, err := http.NewRequest("GET", "http://example.com", nil)

  95. 	if err != nil {

  96. 		t.Fatalf("http.NewRequest(): got %v, want no error", err)

  97. 	}

  98. 	req.Header.Set("Connection", "close")

  99. 

  100. 	// GET http://example.com/ HTTP/1.1

  101. 	// Host: example.com

  102. 	if err := req.WriteProxy(conn); err != nil {

  103. 		t.Fatalf("req.WriteProxy(): got %v, want no error", err)

  104. 	}

  105. 

  106. 	res, err := http.ReadResponse(bufio.NewReader(conn), req)

  107. 	if err != nil {

  108. 		t.Fatalf("http.ReadResponse(): got %v, want no error", err)

  109. 	}

  110. 	defer res.Body.Close()

  111. 

  112. 	if got, want := res.StatusCode, 200; got != want {

  113. 		t.Errorf("res.StatusCode: got %d, want %d", got, want)

  114. 	}

  115. }

  116. 

  117. func TestIntegrationHTTP(t *testing.T) {

  118. 	t.Parallel()

  119. 

  120. 	l, err := net.Listen("tcp", "[::]:0")

  121. 	if err != nil {

  122. 		t.Fatalf("net.Listen(): got %v, want no error", err)

  123. 	}

  124. 

  125. 	p := NewProxy()

  126. 	defer p.Close()

  127. 

  128. 	p.SetRequestModifier(nil)

  129. 	p.SetResponseModifier(nil)

  130. 

  131. 	tr := martiantest.NewTransport()

  132. 	p.SetRoundTripper(tr)

  133. 	p.SetTimeout(200 * time.Millisecond)

  134. 

  135. 	tm := martiantest.NewModifier()

  136. 

  137. 	tm.RequestFunc(func(req *http.Request) {

  138. 		ctx := NewContext(req)

  139. 		ctx.Set("martian.test", "true")

  140. 	})

  141. 

  142. 	tm.ResponseFunc(func(res *http.Response) {

  143. 		ctx := NewContext(res.Request)

  144. 		v, _ := ctx.Get("martian.test")

  145. 

  146. 		res.Header.Set("Martian-Test", v.(string))

  147. 	})

  148. 

  149. 	p.SetRequestModifier(tm)

  150. 	p.SetResponseModifier(tm)

  151. 

  152. 	go p.Serve(l)

  153. 

  154. 	conn, err := net.Dial("tcp", l.Addr().String())

  155. 	if err != nil {

  156. 		t.Fatalf("net.Dial(): got %v, want no error", err)

  157. 	}

  158. 	defer conn.Close()

  159. 

  160. 	req, err := http.NewRequest("GET", "http://example.com", nil)

  161. 	if err != nil {

  162. 		t.Fatalf("http.NewRequest(): got %v, want no error", err)

  163. 	}

  164. 

  165. 	// GET http://example.com/ HTTP/1.1

  166. 	// Host: example.com

  167. 	if err := req.WriteProxy(conn); err != nil {

  168. 		t.Fatalf("req.WriteProxy(): got %v, want no error", err)

  169. 	}

  170. 

  171. 	res, err := http.ReadResponse(bufio.NewReader(conn), req)

  172. 	if err != nil {

  173. 		t.Fatalf("http.ReadResponse(): got %v, want no error", err)

  174. 	}

  175. 

  176. 	if got, want := res.StatusCode, 200; got != want {

  177. 		t.Fatalf("res.StatusCode: got %d, want %d", got, want)

  178. 	}

  179. 

  180. 	if got, want := res.Header.Get("Martian-Test"), "true"; got != want {

  181. 		t.Errorf("res.Header.Get(%q): got %q, want %q", "Martian-Test", got, want)

  182. 	}

  183. }

  184. 

  185. func TestIntegrationHTTP100Continue(t *testing.T) {

  186. 	t.Parallel()

  187. 

  188. 	l, err := net.Listen("tcp", "[::]:0")

  189. 	if err != nil {

  190. 		t.Fatalf("net.Listen(): got %v, want no error", err)

  191. 	}

  192. 

  193. 	p := NewProxy()

  194. 	defer p.Close()

  195. 

  196. 	p.SetTimeout(2 * time.Second)

  197. 

  198. 	sl, err := net.Listen("tcp", "[::]:0")

  199. 	if err != nil {

  200. 		t.Fatalf("net.Listen(): got %v, want no error", err)

  201. 	}

  202. 

  203. 	go func() {

  204. 		conn, err := sl.Accept()

  205. 		if err != nil {

  206. 			log.Errorf("proxy_test: failed to accept connection: %v", err)

  207. 			return

  208. 		}

  209. 		defer conn.Close()

  210. 

  211. 		log.Infof("proxy_test: accepted connection: %s", conn.RemoteAddr())

  212. 

  213. 		req, err := http.ReadRequest(bufio.NewReader(conn))

  214. 		if err != nil {

  215. 			log.Errorf("proxy_test: failed to read request: %v", err)

  216. 			return

  217. 		}

  218. 

  219. 		if req.Header.Get("Expect") == "100-continue" {

  220. 			log.Infof("proxy_test: received 100-continue request")

  221. 

  222. 			conn.Write([]byte("HTTP/1.1 100 Continue\r\n\r\n"))

  223. 

  224. 			log.Infof("proxy_test: sent 100-continue response")

  225. 		} else {

  226. 			log.Infof("proxy_test: received non 100-continue request")

  227. 

  228. 			res := proxyutil.NewResponse(417, nil, req)

  229. 			res.Header.Set("Connection", "close")

  230. 			res.Write(conn)

  231. 			return

  232. 		}

  233. 

  234. 		res := proxyutil.NewResponse(200, req.Body, req)

  235. 		res.Header.Set("Connection", "close")

  236. 		res.Write(conn)

  237. 

  238. 		log.Infof("proxy_test: sent 200 response")

  239. 	}()

  240. 

  241. 	tm := martiantest.NewModifier()

  242. 	p.SetRequestModifier(tm)

  243. 	p.SetResponseModifier(tm)

  244. 

  245. 	go p.Serve(l)

  246. 

  247. 	conn, err := net.Dial("tcp", l.Addr().String())

  248. 	if err != nil {

  249. 		t.Fatalf("net.Dial(): got %v, want no error", err)

  250. 	}

  251. 	defer conn.Close()

  252. 

  253. 	host := sl.Addr().String()

  254. 	raw := fmt.Sprintf("POST http://%s/ HTTP/1.1\r\n"+

  255. 		"Host: %s\r\n"+

  256. 		"Content-Length: 12\r\n"+

  257. 		"Expect: 100-continue\r\n\r\n", host, host)

  258. 

  259. 	if _, err := conn.Write([]byte(raw)); err != nil {

  260. 		t.Fatalf("conn.Write(headers): got %v, want no error", err)

  261. 	}

  262. 

  263. 	go func() {

  264. 		select {

  265. 		case <-time.After(time.Second):

  266. 			conn.Write([]byte("body content"))

  267. 		}

  268. 	}()

  269. 

  270. 	res, err := http.ReadResponse(bufio.NewReader(conn), nil)

  271. 	if err != nil {

  272. 		t.Fatalf("http.ReadResponse(): got %v, want no error", err)

  273. 	}

  274. 	defer res.Body.Close()

  275. 

  276. 	if got, want := res.StatusCode, 200; got != want {

  277. 		t.Fatalf("res.StatusCode: got %d, want %d", got, want)

  278. 	}

  279. 

  280. 	got, err := ioutil.ReadAll(res.Body)

  281. 	if err != nil {

  282. 		t.Fatalf("ioutil.ReadAll(): got %v, want no error", err)

  283. 	}

  284. 

  285. 	if want := []byte("body content"); !bytes.Equal(got, want) {

  286. 		t.Errorf("res.Body: got %q, want %q", got, want)

  287. 	}

  288. 

  289. 	if !tm.RequestModified() {

  290. 		t.Error("tm.RequestModified(): got false, want true")

  291. 	}

  292. 	if !tm.ResponseModified() {

  293. 		t.Error("tm.ResponseModified(): got false, want true")

  294. 	}

  295. }

  296. 

  297. func TestIntegrationHTTPDownstreamProxy(t *testing.T) {

  298. 	t.Parallel()

  299. 

  300. 	// Start first proxy to use as downstream.

  301. 	dl, err := net.Listen("tcp", "[::]:0")

  302. 	if err != nil {

  303. 		t.Fatalf("net.Listen(): got %v, want no error", err)

  304. 	}

  305. 

  306. 	downstream := NewProxy()

  307. 	defer downstream.Close()

  308. 

  309. 	dtr := martiantest.NewTransport()

  310. 	dtr.Respond(299)

  311. 	downstream.SetRoundTripper(dtr)

  312. 	downstream.SetTimeout(600 * time.Millisecond)

  313. 

  314. 	go downstream.Serve(dl)

  315. 

  316. 	// Start second proxy as upstream proxy, will write to downstream proxy.

  317. 	ul, err := net.Listen("tcp", "[::]:0")

  318. 	if err != nil {

  319. 		t.Fatalf("net.Listen(): got %v, want no error", err)

  320. 	}

  321. 

  322. 	upstream := NewProxy()

  323. 	defer upstream.Close()

  324. 

  325. 	// Set upstream proxy's downstream proxy to the host:port of the first proxy.

  326. 	upstream.SetDownstreamProxy(&url.URL{

  327. 		Host: dl.Addr().String(),

  328. 	})

  329. 	upstream.SetTimeout(600 * time.Millisecond)

  330. 

  331. 	go upstream.Serve(ul)

  332. 

  333. 	// Open connection to upstream proxy.

  334. 	conn, err := net.Dial("tcp", ul.Addr().String())

  335. 	if err != nil {

  336. 		t.Fatalf("net.Dial(): got %v, want no error", err)

  337. 	}

  338. 	defer conn.Close()

  339. 

  340. 	req, err := http.NewRequest("GET", "http://example.com", nil)

  341. 	if err != nil {

  342. 		t.Fatalf("http.NewRequest(): got %v, want no error", err)

  343. 	}

  344. 

  345. 	// GET http://example.com/ HTTP/1.1

  346. 	// Host: example.com

  347. 	if err := req.WriteProxy(conn); err != nil {

  348. 		t.Fatalf("req.WriteProxy(): got %v, want no error", err)

  349. 	}

  350. 

  351. 	// Response from downstream proxy.

  352. 	res, err := http.ReadResponse(bufio.NewReader(conn), req)

  353. 	if err != nil {

  354. 		t.Fatalf("http.ReadResponse(): got %v, want no error", err)

  355. 	}

  356. 

  357. 	if got, want := res.StatusCode, 299; got != want {

  358. 		t.Fatalf("res.StatusCode: got %d, want %d", got, want)

  359. 	}

  360. }

  361. 

  362. func TestIntegrationHTTPDownstreamProxyError(t *testing.T) {

  363. 	t.Parallel()

  364. 

  365. 	l, err := net.Listen("tcp", "[::]:0")

  366. 	if err != nil {

  367. 		t.Fatalf("net.Listen(): got %v, want no error", err)

  368. 	}

  369. 

  370. 	p := NewProxy()

  371. 	defer p.Close()

  372. 

  373. 	// Set proxy's downstream proxy to invalid host:port to force failure.

  374. 	p.SetDownstreamProxy(&url.URL{

  375. 		Host: "[::]:0",

  376. 	})

  377. 	p.SetTimeout(600 * time.Millisecond)

  378. 

  379. 	tm := martiantest.NewModifier()

  380. 	reserr := errors.New("response error")

  381. 	tm.ResponseError(reserr)

  382. 

  383. 	p.SetResponseModifier(tm)

  384. 

  385. 	go p.Serve(l)

  386. 

  387. 	// Open connection to upstream proxy.

  388. 	conn, err := net.Dial("tcp", l.Addr().String())

  389. 	if err != nil {

  390. 		t.Fatalf("net.Dial(): got %v, want no error", err)

  391. 	}

  392. 	defer conn.Close()

  393. 

  394. 	req, err := http.NewRequest("CONNECT", "//example.com:443", nil)

  395. 	if err != nil {

  396. 		t.Fatalf("http.NewRequest(): got %v, want no error", err)

  397. 	}

  398. 

  399. 	// CONNECT example.com:443 HTTP/1.1

  400. 	// Host: example.com

  401. 	if err := req.Write(conn); err != nil {

  402. 		t.Fatalf("req.Write(): got %v, want no error", err)

  403. 	}

  404. 

  405. 	// Response from upstream proxy, assuming downstream proxy failed to CONNECT.

  406. 	res, err := http.ReadResponse(bufio.NewReader(conn), req)

  407. 	if err != nil {

  408. 		t.Fatalf("http.ReadResponse(): got %v, want no error", err)

  409. 	}

  410. 

  411. 	if got, want := res.StatusCode, 502; got != want {

  412. 		t.Fatalf("res.StatusCode: got %d, want %d", got, want)

  413. 	}

  414. 	if got, want := res.Header["Warning"][1], reserr.Error(); !strings.Contains(got, want) {

  415. 		t.Errorf("res.Header.get(%q): got %q, want to contain %q", "Warning", got, want)

  416. 	}

  417. }

  418. 

  419. func TestIntegrationTLSHandshakeErrorCallback(t *testing.T) {

  420. 	t.Parallel()

  421. 

  422. 	l, err := net.Listen("tcp", "[::]:0")

  423. 	if err != nil {

  424. 		t.Fatalf("net.Listen(): got %v, want no error", err)

  425. 	}

  426. 

  427. 	p := NewProxy()

  428. 	defer p.Close()

  429. 

  430. 	// Test TLS server.

  431. 	ca, priv, err := mitm.NewAuthority("martian.proxy", "Martian Authority", time.Hour)

  432. 	if err != nil {

  433. 		t.Fatalf("mitm.NewAuthority(): got %v, want no error", err)

  434. 	}

  435. 	mc, err := mitm.NewConfig(ca, priv)

  436. 	if err != nil {

  437. 		t.Fatalf("mitm.NewConfig(): got %v, want no error", err)

  438. 	}

  439. 

  440. 	var herr error

  441. 	mc.SetHandshakeErrorCallback(func(_ *http.Request, err error) { herr = fmt.Errorf("handshake error") })

  442. 	p.SetMITM(mc)

  443. 

  444. 	tl, err := net.Listen("tcp", "[::]:0")

  445. 	if err != nil {

  446. 		t.Fatalf("tls.Listen(): got %v, want no error", err)

  447. 	}

  448. 	tl = tls.NewListener(tl, mc.TLS())

  449. 

  450. 	go http.Serve(tl, http.HandlerFunc(

  451. 		func(rw http.ResponseWriter, req *http.Request) {

  452. 			rw.WriteHeader(200)

  453. 		}))

  454. 

  455. 	tm := martiantest.NewModifier()

  456. 

  457. 	// Force the CONNECT request to dial the local TLS server.

  458. 	tm.RequestFunc(func(req *http.Request) {

  459. 		req.URL.Host = tl.Addr().String()

  460. 	})

  461. 

  462. 	go p.Serve(l)

  463. 

  464. 	conn, err := net.Dial("tcp", l.Addr().String())

  465. 	if err != nil {

  466. 		t.Fatalf("net.Dial(): got %v, want no error", err)

  467. 	}

  468. 	defer conn.Close()

  469. 

  470. 	req, err := http.NewRequest("CONNECT", "//example.com:443", nil)

  471. 	if err != nil {

  472. 		t.Fatalf("http.NewRequest(): got %v, want no error", err)

  473. 	}

  474. 

  475. 	// CONNECT example.com:443 HTTP/1.1

  476. 	// Host: example.com

  477. 	//

  478. 	// Rewritten to CONNECT to host:port in CONNECT request modifier.

  479. 	if err := req.Write(conn); err != nil {

  480. 		t.Fatalf("req.Write(): got %v, want no error", err)

  481. 	}

  482. 

  483. 	// CONNECT response after establishing tunnel.

  484. 	if _, err := http.ReadResponse(bufio.NewReader(conn), req); err != nil {

  485. 		t.Fatalf("http.ReadResponse(): got %v, want no error", err)

  486. 	}

  487. 

  488. 	tlsconn := tls.Client(conn, &tls.Config{

  489. 		ServerName: "example.com",

  490. 		// Client has no cert so it will get "x509: certificate signed by unknown authority" from the

  491. 		// handshake and send "remote error: bad certificate" to the server.

  492. 		RootCAs: x509.NewCertPool(),

  493. 	})

  494. 	defer tlsconn.Close()

  495. 

  496. 	req, err = http.NewRequest("GET", "https://example.com", nil)

  497. 	if err != nil {

  498. 		t.Fatalf("http.NewRequest(): got %v, want no error", err)

  499. 	}

  500. 	req.Header.Set("Connection", "close")

  501. 

  502. 	if got, want := req.Write(tlsconn), "x509: certificate signed by unknown authority"; !strings.Contains(got.Error(), want) {

  503. 		t.Fatalf("Got incorrect error from Client Handshake(), got: %v, want: %v", got, want)

  504. 	}

  505. 

  506. 	// TODO: herr is not being asserted against. It should be pushed on to a channel

  507. 	// of err, and the assertion should pull off of it and assert. That design resulted in the test

  508. 	// hanging for unknown reasons.

  509. 	t.Skip("skipping assertion of handshake error callback error due to mysterious deadlock")

  510. 	if got, want := herr, "remote error: bad certificate"; !strings.Contains(got.Error(), want) {

  511. 		t.Fatalf("Got incorrect error from Server Handshake(), got: %v, want: %v", got, want)

  512. 	}

  513. }

  514. 

  515. func TestIntegrationConnect(t *testing.T) {

  516. 	t.Parallel()

  517. 

  518. 	l, err := net.Listen("tcp", "[::]:0")

  519. 	if err != nil {

  520. 		t.Fatalf("net.Listen(): got %v, want no error", err)

  521. 	}

  522. 

  523. 	p := NewProxy()

  524. 	defer p.Close()

  525. 

  526. 	// Test TLS server.

  527. 	ca, priv, err := mitm.NewAuthority("martian.proxy", "Martian Authority", time.Hour)

  528. 	if err != nil {

  529. 		t.Fatalf("mitm.NewAuthority(): got %v, want no error", err)

  530. 	}

  531. 	mc, err := mitm.NewConfig(ca, priv)

  532. 	if err != nil {

  533. 		t.Fatalf("mitm.NewConfig(): got %v, want no error", err)

  534. 	}

  535. 

  536. 	tl, err := net.Listen("tcp", "[::]:0")

  537. 	if err != nil {

  538. 		t.Fatalf("tls.Listen(): got %v, want no error", err)

  539. 	}

  540. 	tl = tls.NewListener(tl, mc.TLS())

  541. 

  542. 	go http.Serve(tl, http.HandlerFunc(

  543. 		func(rw http.ResponseWriter, req *http.Request) {

  544. 			rw.WriteHeader(299)

  545. 		}))

  546. 

  547. 	tm := martiantest.NewModifier()

  548. 	reqerr := errors.New("request error")

  549. 	reserr := errors.New("response error")

  550. 

  551. 	// Force the CONNECT request to dial the local TLS server.

  552. 	tm.RequestFunc(func(req *http.Request) {

  553. 		req.URL.Host = tl.Addr().String()

  554. 	})

  555. 

  556. 	tm.RequestError(reqerr)

  557. 	tm.ResponseError(reserr)

  558. 

  559. 	p.SetRequestModifier(tm)

  560. 	p.SetResponseModifier(tm)

  561. 

  562. 	go p.Serve(l)

  563. 

  564. 	conn, err := net.Dial("tcp", l.Addr().String())

  565. 	if err != nil {

  566. 		t.Fatalf("net.Dial(): got %v, want no error", err)

  567. 	}

  568. 	defer conn.Close()

  569. 

  570. 	req, err := http.NewRequest("CONNECT", "//example.com:443", nil)

  571. 	if err != nil {

  572. 		t.Fatalf("http.NewRequest(): got %v, want no error", err)

  573. 	}

  574. 

  575. 	// CONNECT example.com:443 HTTP/1.1

  576. 	// Host: example.com

  577. 	//

  578. 	// Rewritten to CONNECT to host:port in CONNECT request modifier.

  579. 	if err := req.Write(conn); err != nil {

  580. 		t.Fatalf("req.Write(): got %v, want no error", err)

  581. 	}

  582. 

  583. 	// CONNECT response after establishing tunnel.

  584. 	res, err := http.ReadResponse(bufio.NewReader(conn), req)

  585. 	if err != nil {

  586. 		t.Fatalf("http.ReadResponse(): got %v, want no error", err)

  587. 	}

  588. 

  589. 	if got, want := res.StatusCode, 200; got != want {

  590. 		t.Fatalf("res.StatusCode: got %d, want %d", got, want)

  591. 	}

  592. 

  593. 	if !tm.RequestModified() {

  594. 		t.Error("tm.RequestModified(): got false, want true")

  595. 	}

  596. 	if !tm.ResponseModified() {

  597. 		t.Error("tm.ResponseModified(): got false, want true")

  598. 	}

  599. 	if got, want := res.Header.Get("Warning"), reserr.Error(); !strings.Contains(got, want) {

  600. 		t.Errorf("res.Header.Get(%q): got %q, want to contain %q", "Warning", got, want)

  601. 	}

  602. 

  603. 	roots := x509.NewCertPool()

  604. 	roots.AddCert(ca)

  605. 

  606. 	tlsconn := tls.Client(conn, &tls.Config{

  607. 		ServerName: "example.com",

  608. 		RootCAs:    roots,

  609. 	})

  610. 	defer tlsconn.Close()

  611. 

  612. 	req, err = http.NewRequest("GET", "https://example.com", nil)

  613. 	if err != nil {

  614. 		t.Fatalf("http.NewRequest(): got %v, want no error", err)

  615. 	}

  616. 	req.Header.Set("Connection", "close")

  617. 

  618. 	// GET / HTTP/1.1

  619. 	// Host: example.com

  620. 	// Connection: close

  621. 	if err := req.Write(tlsconn); err != nil {

  622. 		t.Fatalf("req.Write(): got %v, want no error", err)

  623. 	}

  624. 

  625. 	res, err = http.ReadResponse(bufio.NewReader(tlsconn), req)

  626. 	if err != nil {

  627. 		t.Fatalf("http.ReadResponse(): got %v, want no error", err)

  628. 	}

  629. 	defer res.Body.Close()

  630. 

  631. 	if got, want := res.StatusCode, 299; got != want {

  632. 		t.Fatalf("res.StatusCode: got %d, want %d", got, want)

  633. 	}

  634. 	if got, want := res.Header.Get("Warning"), reserr.Error(); strings.Contains(got, want) {

  635. 		t.Errorf("res.Header.Get(%q): got %s, want to not contain %s", "Warning", got, want)

  636. 	}

  637. }

  638. 

  639. func TestIntegrationConnectDownstreamProxy(t *testing.T) {

  640. 	t.Parallel()

  641. 

  642. 	// Start first proxy to use as downstream.

  643. 	dl, err := net.Listen("tcp", "[::]:0")

  644. 	if err != nil {

  645. 		t.Fatalf("net.Listen(): got %v, want no error", err)

  646. 	}

  647. 

  648. 	downstream := NewProxy()

  649. 	defer downstream.Close()

  650. 

  651. 	dtr := martiantest.NewTransport()

  652. 	dtr.Respond(299)

  653. 	downstream.SetRoundTripper(dtr)

  654. 

  655. 	ca, priv, err := mitm.NewAuthority("martian.proxy", "Martian Authority", 2*time.Hour)

  656. 	if err != nil {

  657. 		t.Fatalf("mitm.NewAuthority(): got %v, want no error", err)

  658. 	}

  659. 

  660. 	mc, err := mitm.NewConfig(ca, priv)

  661. 	if err != nil {

  662. 		t.Fatalf("mitm.NewConfig(): got %v, want no error", err)

  663. 	}

  664. 	downstream.SetMITM(mc)

  665. 

  666. 	go downstream.Serve(dl)

  667. 

  668. 	// Start second proxy as upstream proxy, will CONNECT to downstream proxy.

  669. 	ul, err := net.Listen("tcp", "[::]:0")

  670. 	if err != nil {

  671. 		t.Fatalf("net.Listen(): got %v, want no error", err)

  672. 	}

  673. 

  674. 	upstream := NewProxy()

  675. 	defer upstream.Close()

  676. 

  677. 	// Set upstream proxy's downstream proxy to the host:port of the first proxy.

  678. 	upstream.SetDownstreamProxy(&url.URL{

  679. 		Host: dl.Addr().String(),

  680. 	})

  681. 

  682. 	go upstream.Serve(ul)

  683. 

  684. 	// Open connection to upstream proxy.

  685. 	conn, err := net.Dial("tcp", ul.Addr().String())

  686. 	if err != nil {

  687. 		t.Fatalf("net.Dial(): got %v, want no error", err)

  688. 	}

  689. 	defer conn.Close()

  690. 

  691. 	req, err := http.NewRequest("CONNECT", "//example.com:443", nil)

  692. 	if err != nil {

  693. 		t.Fatalf("http.NewRequest(): got %v, want no error", err)

  694. 	}

  695. 

  696. 	// CONNECT example.com:443 HTTP/1.1

  697. 	// Host: example.com

  698. 	if err := req.Write(conn); err != nil {

  699. 		t.Fatalf("req.Write(): got %v, want no error", err)

  700. 	}

  701. 

  702. 	// Response from downstream proxy starting MITM.

  703. 	res, err := http.ReadResponse(bufio.NewReader(conn), req)

  704. 	if err != nil {

  705. 		t.Fatalf("http.ReadResponse(): got %v, want no error", err)

  706. 	}

  707. 

  708. 	if got, want := res.StatusCode, 200; got != want {

  709. 		t.Fatalf("res.StatusCode: got %d, want %d", got, want)

  710. 	}

  711. 

  712. 	roots := x509.NewCertPool()

  713. 	roots.AddCert(ca)

  714. 

  715. 	tlsconn := tls.Client(conn, &tls.Config{

  716. 		// Validate the hostname.

  717. 		ServerName: "example.com",

  718. 		// The certificate will have been MITM'd, verify using the MITM CA

  719. 		// certificate.

  720. 		RootCAs: roots,

  721. 	})

  722. 	defer tlsconn.Close()

  723. 

  724. 	req, err = http.NewRequest("GET", "https://example.com", nil)

  725. 	if err != nil {

  726. 		t.Fatalf("http.NewRequest(): got %v, want no error", err)

  727. 	}

  728. 

  729. 	// GET / HTTP/1.1

  730. 	// Host: example.com

  731. 	if err := req.Write(tlsconn); err != nil {

  732. 		t.Fatalf("req.Write(): got %v, want no error", err)

  733. 	}

  734. 

  735. 	// Response from MITM in downstream proxy.

  736. 	res, err = http.ReadResponse(bufio.NewReader(tlsconn), req)

  737. 	if err != nil {

  738. 		t.Fatalf("http.ReadResponse(): got %v, want no error", err)

  739. 	}

  740. 	defer res.Body.Close()

  741. 

  742. 	if got, want := res.StatusCode, 299; got != want {

  743. 		t.Fatalf("res.StatusCode: got %d, want %d", got, want)

  744. 	}

  745. }

  746. 

  747. func TestIntegrationMITM(t *testing.T) {

  748. 	t.Parallel()

  749. 

  750. 	l, err := net.Listen("tcp", "[::]:0")

  751. 	if err != nil {

  752. 		t.Fatalf("net.Listen(): got %v, want no error", err)

  753. 	}

  754. 

  755. 	p := NewProxy()

  756. 	defer p.Close()

  757. 

  758. 	tr := martiantest.NewTransport()

  759. 	tr.Func(func(req *http.Request) (*http.Response, error) {

  760. 		res := proxyutil.NewResponse(200, nil, req)

  761. 		res.Header.Set("Request-Scheme", req.URL.Scheme)

  762. 

  763. 		return res, nil

  764. 	})

  765. 

  766. 	p.SetRoundTripper(tr)

  767. 	p.SetTimeout(600 * time.Millisecond)

  768. 

  769. 	ca, priv, err := mitm.NewAuthority("martian.proxy", "Martian Authority", 2*time.Hour)

  770. 	if err != nil {

  771. 		t.Fatalf("mitm.NewAuthority(): got %v, want no error", err)

  772. 	}

  773. 

  774. 	mc, err := mitm.NewConfig(ca, priv)

  775. 	if err != nil {

  776. 		t.Fatalf("mitm.NewConfig(): got %v, want no error", err)

  777. 	}

  778. 	p.SetMITM(mc)

  779. 

  780. 	tm := martiantest.NewModifier()

  781. 	reqerr := errors.New("request error")

  782. 	reserr := errors.New("response error")

  783. 	tm.RequestError(reqerr)

  784. 	tm.ResponseError(reserr)

  785. 

  786. 	p.SetRequestModifier(tm)

  787. 	p.SetResponseModifier(tm)

  788. 

  789. 	go p.Serve(l)

  790. 

  791. 	conn, err := net.Dial("tcp", l.Addr().String())

  792. 	if err != nil {

  793. 		t.Fatalf("net.Dial(): got %v, want no error", err)

  794. 	}

  795. 	defer conn.Close()

  796. 

  797. 	req, err := http.NewRequest("CONNECT", "//example.com:443", nil)

  798. 	if err != nil {

  799. 		t.Fatalf("http.NewRequest(): got %v, want no error", err)

  800. 	}

  801. 

  802. 	// CONNECT example.com:443 HTTP/1.1

  803. 	// Host: example.com

  804. 	if err := req.Write(conn); err != nil {

  805. 		t.Fatalf("req.Write(): got %v, want no error", err)

  806. 	}

  807. 

  808. 	// Response MITM'd from proxy.

  809. 	res, err := http.ReadResponse(bufio.NewReader(conn), req)

  810. 	if err != nil {

  811. 		t.Fatalf("http.ReadResponse(): got %v, want no error", err)

  812. 	}

  813. 	if got, want := res.StatusCode, 200; got != want {

  814. 

  815. 		t.Errorf("res.StatusCode: got %d, want %d", got, want)

  816. 	}

  817. 	if got, want := res.Header.Get("Warning"), reserr.Error(); !strings.Contains(got, want) {

  818. 		t.Errorf("res.Header.Get(%q): got %q, want to contain %q", "Warning", got, want)

  819. 	}

  820. 

  821. 	roots := x509.NewCertPool()

  822. 	roots.AddCert(ca)

  823. 

  824. 	tlsconn := tls.Client(conn, &tls.Config{

  825. 		ServerName: "example.com",

  826. 		RootCAs:    roots,

  827. 	})

  828. 	defer tlsconn.Close()

  829. 

  830. 	req, err = http.NewRequest("GET", "https://example.com", nil)

  831. 	if err != nil {

  832. 		t.Fatalf("http.NewRequest(): got %v, want no error", err)

  833. 	}

  834. 

  835. 	// GET / HTTP/1.1

  836. 	// Host: example.com

  837. 	if err := req.Write(tlsconn); err != nil {

  838. 		t.Fatalf("req.Write(): got %v, want no error", err)

  839. 	}

  840. 

  841. 	// Response from MITM proxy.

  842. 	res, err = http.ReadResponse(bufio.NewReader(tlsconn), req)

  843. 	if err != nil {

  844. 		t.Fatalf("http.ReadResponse(): got %v, want no error", err)

  845. 	}

  846. 	defer res.Body.Close()

  847. 

  848. 	if got, want := res.StatusCode, 200; got != want {

  849. 		t.Errorf("res.StatusCode: got %d, want %d", got, want)

  850. 	}

  851. 	if got, want := res.Header.Get("Request-Scheme"), "https"; got != want {

  852. 		t.Errorf("res.Header.Get(%q): got %q, want %q", "Request-Scheme", got, want)

  853. 	}

  854. 	if got, want := res.Header.Get("Warning"), reserr.Error(); !strings.Contains(got, want) {

  855. 		t.Errorf("res.Header.Get(%q): got %q, want to contain %q", "Warning", got, want)

  856. 	}

  857. }

  858. 

  859. func TestIntegrationTransparentHTTP(t *testing.T) {

  860. 	t.Parallel()

  861. 

  862. 	l, err := net.Listen("tcp", "[::]:0")

  863. 	if err != nil {

  864. 		t.Fatalf("net.Listen(): got %v, want no error", err)

  865. 	}

  866. 

  867. 	p := NewProxy()

  868. 	defer p.Close()

  869. 

  870. 	tr := martiantest.NewTransport()

  871. 	p.SetRoundTripper(tr)

  872. 	p.SetTimeout(200 * time.Millisecond)

  873. 

  874. 	tm := martiantest.NewModifier()

  875. 	p.SetRequestModifier(tm)

  876. 	p.SetResponseModifier(tm)

  877. 

  878. 	go p.Serve(l)

  879. 

  880. 	conn, err := net.Dial("tcp", l.Addr().String())

  881. 	if err != nil {

  882. 		t.Fatalf("net.Dial(): got %v, want no error", err)

  883. 	}

  884. 	defer conn.Close()

  885. 

  886. 	req, err := http.NewRequest("GET", "http://example.com", nil)

  887. 	if err != nil {

  888. 		t.Fatalf("http.NewRequest(): got %v, want no error", err)

  889. 	}

  890. 

  891. 	// GET / HTTP/1.1

  892. 	// Host: www.example.com

  893. 	if err := req.Write(conn); err != nil {

  894. 		t.Fatalf("req.Write(): got %v, want no error", err)

  895. 	}

  896. 

  897. 	res, err := http.ReadResponse(bufio.NewReader(conn), req)

  898. 	if err != nil {

  899. 		t.Fatalf("http.ReadResponse(): got %v, want no error", err)

  900. 	}

  901. 

  902. 	if got, want := res.StatusCode, 200; got != want {

  903. 		t.Fatalf("res.StatusCode: got %d, want %d", got, want)

  904. 	}

  905. 

  906. 	if !tm.RequestModified() {

  907. 		t.Error("tm.RequestModified(): got false, want true")

  908. 	}

  909. 	if !tm.ResponseModified() {

  910. 		t.Error("tm.ResponseModified(): got false, want true")

  911. 	}

  912. }

  913. 

  914. func TestIntegrationTransparentMITM(t *testing.T) {

  915. 	t.Parallel()

  916. 

  917. 	ca, priv, err := mitm.NewAuthority("martian.proxy", "Martian Authority", 2*time.Hour)

  918. 	if err != nil {

  919. 		t.Fatalf("mitm.NewAuthority(): got %v, want no error", err)

  920. 	}

  921. 

  922. 	mc, err := mitm.NewConfig(ca, priv)

  923. 	if err != nil {

  924. 		t.Fatalf("mitm.NewConfig(): got %v, want no error", err)

  925. 	}

  926. 

  927. 	// Start TLS listener with config that will generate certificates based on

  928. 	// SNI from connection.

  929. 	//

  930. 	// BUG: tls.Listen will not accept a tls.Config where Certificates is empty,

  931. 	// even though it is supported by tls.Server when GetCertificate is not nil.

  932. 	l, err := net.Listen("tcp", "[::]:0")

  933. 	if err != nil {

  934. 		t.Fatalf("net.Listen(): got %v, want no error", err)

  935. 	}

  936. 	l = tls.NewListener(l, mc.TLS())

  937. 

  938. 	p := NewProxy()

  939. 	defer p.Close()

  940. 

  941. 	tr := martiantest.NewTransport()

  942. 	tr.Func(func(req *http.Request) (*http.Response, error) {

  943. 		res := proxyutil.NewResponse(200, nil, req)

  944. 		res.Header.Set("Request-Scheme", req.URL.Scheme)

  945. 

  946. 		return res, nil

  947. 	})

  948. 

  949. 	p.SetRoundTripper(tr)

  950. 

  951. 	tm := martiantest.NewModifier()

  952. 	p.SetRequestModifier(tm)

  953. 	p.SetResponseModifier(tm)

  954. 

  955. 	go p.Serve(l)

  956. 

  957. 	roots := x509.NewCertPool()

  958. 	roots.AddCert(ca)

  959. 

  960. 	tlsconn, err := tls.Dial("tcp", l.Addr().String(), &tls.Config{

  961. 		// Verify the hostname is example.com.

  962. 		ServerName: "example.com",

  963. 		// The certificate will have been generated during MITM, so we need to

  964. 		// verify it with the generated CA certificate.

  965. 		RootCAs: roots,

  966. 	})

  967. 	if err != nil {

  968. 		t.Fatalf("tls.Dial(): got %v, want no error", err)

  969. 	}

  970. 	defer tlsconn.Close()

  971. 

  972. 	req, err := http.NewRequest("GET", "https://example.com", nil)

  973. 	if err != nil {

  974. 		t.Fatalf("http.NewRequest(): got %v, want no error", err)

  975. 	}

  976. 

  977. 	// Write Encrypted request directly, no CONNECT.

  978. 	// GET / HTTP/1.1

  979. 	// Host: example.com

  980. 	if err := req.Write(tlsconn); err != nil {

  981. 		t.Fatalf("req.Write(): got %v, want no error", err)

  982. 	}

  983. 

  984. 	res, err := http.ReadResponse(bufio.NewReader(tlsconn), req)

  985. 	if err != nil {

  986. 		t.Fatalf("http.ReadResponse(): got %v, want no error", err)

  987. 	}

  988. 	defer res.Body.Close()

  989. 

  990. 	if got, want := res.StatusCode, 200; got != want {

  991. 		t.Fatalf("res.StatusCode: got %d, want %d", got, want)

  992. 	}

  993. 	if got, want := res.Header.Get("Request-Scheme"), "https"; got != want {

  994. 		t.Errorf("res.Header.Get(%q): got %q, want %q", "Request-Scheme", got, want)

  995. 	}

  996. 

  997. 	if !tm.RequestModified() {

  998. 		t.Errorf("tm.RequestModified(): got false, want true")

  999. 	}

  1000. 	if !tm.ResponseModified() {

  1001. 		t.Errorf("tm.ResponseModified(): got false, want true")

  1002. 	}

  1003. }

  1004. 

  1005. func TestIntegrationFailedRoundTrip(t *testing.T) {

  1006. 	t.Parallel()

  1007. 

  1008. 	l, err := net.Listen("tcp", "[::]:0")

  1009. 	if err != nil {

  1010. 		t.Fatalf("net.Listen(): got %v, want no error", err)

  1011. 	}

  1012. 

  1013. 	p := NewProxy()

  1014. 	defer p.Close()

  1015. 

  1016. 	tr := martiantest.NewTransport()

  1017. 	trerr := errors.New("round trip error")

  1018. 	tr.RespondError(trerr)

  1019. 	p.SetRoundTripper(tr)

  1020. 	p.SetTimeout(200 * time.Millisecond)

  1021. 

  1022. 	go p.Serve(l)

  1023. 

  1024. 	conn, err := net.Dial("tcp", l.Addr().String())

  1025. 	if err != nil {

  1026. 		t.Fatalf("net.Dial(): got %v, want no error", err)

  1027. 	}

  1028. 	defer conn.Close()

  1029. 

  1030. 	req, err := http.NewRequest("GET", "http://example.com", nil)

  1031. 	if err != nil {

  1032. 		t.Fatalf("http.NewRequest(): got %v, want no error", err)

  1033. 	}

  1034. 

  1035. 	// GET http://example.com/ HTTP/1.1

  1036. 	// Host: example.com

  1037. 	if err := req.WriteProxy(conn); err != nil {

  1038. 		t.Fatalf("req.WriteProxy(): got %v, want no error", err)

  1039. 	}

  1040. 

  1041. 	// Response from failed round trip.

  1042. 	res, err := http.ReadResponse(bufio.NewReader(conn), req)

  1043. 	if err != nil {

  1044. 		t.Fatalf("http.ReadResponse(): got %v, want no error", err)

  1045. 	}

  1046. 	defer res.Body.Close()

  1047. 

  1048. 	if got, want := res.StatusCode, 502; got != want {

  1049. 		t.Errorf("res.StatusCode: got %d, want %d", got, want)

  1050. 	}

  1051. 

  1052. 	if got, want := res.Header.Get("Warning"), trerr.Error(); !strings.Contains(got, want) {

  1053. 		t.Errorf("res.Header.Get(%q): got %q, want to contain %q", "Warning", got, want)

  1054. 	}

  1055. }

  1056. 

  1057. func TestIntegrationSkipRoundTrip(t *testing.T) {

  1058. 	t.Parallel()

  1059. 

  1060. 	l, err := net.Listen("tcp", "[::]:0")

  1061. 	if err != nil {

  1062. 		t.Fatalf("net.Listen(): got %v, want no error", err)

  1063. 	}

  1064. 

  1065. 	p := NewProxy()

  1066. 	defer p.Close()

  1067. 

  1068. 	// Transport will be skipped, no 500.

  1069. 	tr := martiantest.NewTransport()

  1070. 	tr.Respond(500)

  1071. 	p.SetRoundTripper(tr)

  1072. 	p.SetTimeout(200 * time.Millisecond)

  1073. 

  1074. 	tm := martiantest.NewModifier()

  1075. 	tm.RequestFunc(func(req *http.Request) {

  1076. 		ctx := NewContext(req)

  1077. 		ctx.SkipRoundTrip()

  1078. 	})

  1079. 	p.SetRequestModifier(tm)

  1080. 

  1081. 	go p.Serve(l)

  1082. 

  1083. 	conn, err := net.Dial("tcp", l.Addr().String())

  1084. 	if err != nil {

  1085. 		t.Fatalf("net.Dial(): got %v, want no error", err)

  1086. 	}

  1087. 	defer conn.Close()

  1088. 

  1089. 	req, err := http.NewRequest("GET", "http://example.com", nil)

  1090. 	if err != nil {

  1091. 		t.Fatalf("http.NewRequest(): got %v, want no error", err)

  1092. 	}

  1093. 

  1094. 	// GET http://example.com/ HTTP/1.1

  1095. 	// Host: example.com

  1096. 	if err := req.WriteProxy(conn); err != nil {

  1097. 		t.Fatalf("req.WriteProxy(): got %v, want no error", err)

  1098. 	}

  1099. 

  1100. 	// Response from skipped round trip.

  1101. 	res, err := http.ReadResponse(bufio.NewReader(conn), req)

  1102. 	if err != nil {

  1103. 		t.Fatalf("http.ReadResponse(): got %v, want no error", err)

  1104. 	}

  1105. 	defer res.Body.Close()

  1106. 

  1107. 	if got, want := res.StatusCode, 200; got != want {

  1108. 		t.Errorf("res.StatusCode: got %d, want %d", got, want)

  1109. 	}

  1110. }

  1111. 

  1112. func TestHTTPThroughConnectWithMITM(t *testing.T) {

  1113. 	t.Parallel()

  1114. 

  1115. 	l, err := net.Listen("tcp", "[::]:0")

  1116. 	if err != nil {

  1117. 		t.Fatalf("net.Listen(): got %v, want no error", err)

  1118. 	}

  1119. 

  1120. 	p := NewProxy()

  1121. 	defer p.Close()

  1122. 

  1123. 	tm := martiantest.NewModifier()

  1124. 	tm.RequestFunc(func(req *http.Request) {

  1125. 		ctx := NewContext(req)

  1126. 		ctx.SkipRoundTrip()

  1127. 

  1128. 		if req.Method != "GET" && req.Method != "CONNECT" {

  1129. 			t.Errorf("unexpected method on request handler: %v", req.Method)

  1130. 		}

  1131. 	})

  1132. 	p.SetRequestModifier(tm)

  1133. 

  1134. 	ca, priv, err := mitm.NewAuthority("martian.proxy", "Martian Authority", 2*time.Hour)

  1135. 	if err != nil {

  1136. 		t.Fatalf("mitm.NewAuthority(): got %v, want no error", err)

  1137. 	}

  1138. 

  1139. 	mc, err := mitm.NewConfig(ca, priv)

  1140. 	if err != nil {

  1141. 		t.Fatalf("mitm.NewConfig(): got %v, want no error", err)

  1142. 	}

  1143. 	p.SetMITM(mc)

  1144. 

  1145. 	go p.Serve(l)

  1146. 

  1147. 	conn, err := net.Dial("tcp", l.Addr().String())

  1148. 	if err != nil {

  1149. 		t.Fatalf("net.Dial(): got %v, want no error", err)

  1150. 	}

  1151. 	defer conn.Close()

  1152. 

  1153. 	req, err := http.NewRequest("CONNECT", "//example.com:80", nil)

  1154. 	if err != nil {

  1155. 		t.Fatalf("http.NewRequest(): got %v, want no error", err)

  1156. 	}

  1157. 

  1158. 	// CONNECT example.com:80 HTTP/1.1

  1159. 	// Host: example.com

  1160. 	if err := req.Write(conn); err != nil {

  1161. 		t.Fatalf("req.Write(): got %v, want no error", err)

  1162. 	}

  1163. 

  1164. 	// Response skipped round trip.

  1165. 	res, err := http.ReadResponse(bufio.NewReader(conn), req)

  1166. 	if err != nil {

  1167. 		t.Fatalf("http.ReadResponse(): got %v, want no error", err)

  1168. 	}

  1169. 	res.Body.Close()

  1170. 

  1171. 	if got, want := res.StatusCode, 200; got != want {

  1172. 		t.Errorf("res.StatusCode: got %d, want %d", got, want)

  1173. 	}

  1174. 

  1175. 	req, err = http.NewRequest("GET", "http://example.com", nil)

  1176. 	if err != nil {

  1177. 		t.Fatalf("http.NewRequest(): got %v, want no error", err)

  1178. 	}

  1179. 

  1180. 	// GET http://example.com/ HTTP/1.1

  1181. 	// Host: example.com

  1182. 	if err := req.WriteProxy(conn); err != nil {

  1183. 		t.Fatalf("req.WriteProxy(): got %v, want no error", err)

  1184. 	}

  1185. 

  1186. 	// Response from skipped round trip.

  1187. 	res, err = http.ReadResponse(bufio.NewReader(conn), req)

  1188. 	if err != nil {

  1189. 		t.Fatalf("http.ReadResponse(): got %v, want no error", err)

  1190. 	}

  1191. 	res.Body.Close()

  1192. 

  1193. 	if got, want := res.StatusCode, 200; got != want {

  1194. 		t.Errorf("res.StatusCode: got %d, want %d", got, want)

  1195. 	}

  1196. 

  1197. 	req, err = http.NewRequest("GET", "http://example.com", nil)

  1198. 	if err != nil {

  1199. 		t.Fatalf("http.NewRequest(): got %v, want no error", err)

  1200. 	}

  1201. 

  1202. 	// GET http://example.com/ HTTP/1.1

  1203. 	// Host: example.com

  1204. 	if err := req.WriteProxy(conn); err != nil {

  1205. 		t.Fatalf("req.WriteProxy(): got %v, want no error", err)

  1206. 	}

  1207. 

  1208. 	// Response from skipped round trip.

  1209. 	res, err = http.ReadResponse(bufio.NewReader(conn), req)

  1210. 	if err != nil {

  1211. 		t.Fatalf("http.ReadResponse(): got %v, want no error", err)

  1212. 	}

  1213. 	res.Body.Close()

  1214. 

  1215. 	if got, want := res.StatusCode, 200; got != want {

  1216. 		t.Errorf("res.StatusCode: got %d, want %d", got, want)

  1217. 	}

  1218. }

  1219. 

  1220. func TestServerClosesConnection(t *testing.T) {

  1221. 	t.Parallel()

  1222. 

  1223. 	dstl, err := net.Listen("tcp", "[::]:0")

  1224. 	if err != nil {

  1225. 		t.Fatalf("Failed to create http listener: %v", err)

  1226. 	}

  1227. 	defer dstl.Close()

  1228. 

  1229. 	go func() {

  1230. 		t.Logf("Waiting for server side connection")

  1231. 		conn, err := dstl.Accept()

  1232. 		if err != nil {

  1233. 			t.Fatalf("Got error while accepting connection on destination listener: %v", err)

  1234. 		}

  1235. 		t.Logf("Accepted server side connection")

  1236. 

  1237. 		buf := make([]byte, 16384)

  1238. 		if _, err := conn.Read(buf); err != nil {

  1239. 			t.Fatalf("Error reading: %v", err)

  1240. 		}

  1241. 

  1242. 		_, err = conn.Write([]byte("HTTP/1.1 301 MOVED PERMANENTLY\r\n" +

  1243. 			"Server:  \r\n" +

  1244. 			"Date:  \r\n" +

  1245. 			"Referer:  \r\n" +

  1246. 			"Location: http://www.foo.com/\r\n" +

  1247. 			"Content-type: text/html\r\n" +

  1248. 			"Connection: close\r\n\r\n"))

  1249. 		if err != nil {

  1250. 			t.Fatalf("Got error while writting to connection on destination listener: %v", err)

  1251. 		}

  1252. 		conn.Close()

  1253. 	}()

  1254. 

  1255. 	l, err := net.Listen("tcp", "[::]:0")

  1256. 	if err != nil {

  1257. 		t.Fatalf("net.Listen(): got %v, want no error", err)

  1258. 	}

  1259. 

  1260. 	ca, priv, err := mitm.NewAuthority("martian.proxy", "Martian Authority", 2*time.Hour)

  1261. 	if err != nil {

  1262. 		t.Fatalf("mitm.NewAuthority(): got %v, want no error", err)

  1263. 	}

  1264. 

  1265. 	mc, err := mitm.NewConfig(ca, priv)

  1266. 	if err != nil {

  1267. 		t.Fatalf("mitm.NewConfig(): got %v, want no error", err)

  1268. 	}

  1269. 	p := NewProxy()

  1270. 	p.SetMITM(mc)

  1271. 	defer p.Close()

  1272. 

  1273. 	// Start the proxy with a listener that will return a temporary error on

  1274. 	// Accept() three times.

  1275. 	go p.Serve(newTimeoutListener(l, 3))

  1276. 

  1277. 	conn, err := net.Dial("tcp", l.Addr().String())

  1278. 	if err != nil {

  1279. 		t.Fatalf("net.Dial(): got %v, want no error", err)

  1280. 	}

  1281. 	defer conn.Close()

  1282. 

  1283. 	req, err := http.NewRequest("CONNECT", fmt.Sprintf("//%s", dstl.Addr().String()), nil)

  1284. 	if err != nil {

  1285. 		t.Fatalf("http.NewRequest(): got %v, want no error", err)

  1286. 	}

  1287. 

  1288. 	// CONNECT example.com:443 HTTP/1.1

  1289. 	// Host: example.com

  1290. 	if err := req.Write(conn); err != nil {

  1291. 		t.Fatalf("req.Write(): got %v, want no error", err)

  1292. 	}

  1293. 	res, err := http.ReadResponse(bufio.NewReader(conn), req)

  1294. 	if err != nil {

  1295. 		t.Fatalf("http.ReadResponse(): got %v, want no error", err)

  1296. 	}

  1297. 	res.Body.Close()

  1298. 

  1299. 	_, err = conn.Write([]byte("GET / HTTP/1.1\r\n" +

  1300. 		"User-Agent: curl/7.35.0\r\n" +

  1301. 		fmt.Sprintf("Host: %s\r\n", dstl.Addr()) +

  1302. 		"Accept: */*\r\n\r\n"))

  1303. 	if err != nil {

  1304. 		t.Fatalf("Error while writing GET request: %v", err)

  1305. 	}

  1306. 

  1307. 	res, err = http.ReadResponse(bufio.NewReader(io.TeeReader(conn, os.Stderr)), req)

  1308. 	if err != nil {

  1309. 		t.Fatalf("http.ReadResponse(): got %v, want no error", err)

  1310. 	}

  1311. 	_, err = ioutil.ReadAll(res.Body)

  1312. 	if err != nil {

  1313. 		t.Fatalf("error while ReadAll: %v", err)

  1314. 	}

  1315. 	defer res.Body.Close()

  1316. }