yosoyhendrix
/
psiphon-tunnel-core
zrkadlo https://github.com/Psiphon-Labs/psiphon-tunnel-core


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264
							/*
 * Copyright (c) 2017, Psiphon Inc.
 * All rights reserved.
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 *
 */

package psiphon

import (
	"context"
	"fmt"
	"net"
	"net/http"
	"sync"
	"testing"
	"time"

	"github.com/Psiphon-Labs/psiphon-tunnel-core/psiphon/common"
	"github.com/Psiphon-Labs/psiphon-tunnel-core/psiphon/server"
	"github.com/elazarl/goproxy"
)

// TODO: test that server receives and records correct user_agent value

func TestOSSHUserAgent(t *testing.T) {
	attemptConnectionsWithUserAgent(t, "OSSH", true)
}

func TestUnfrontedMeekUserAgent(t *testing.T) {
	attemptConnectionsWithUserAgent(t, "UNFRONTED-MEEK-OSSH", false)
}

func TestUnfrontedMeekHTTPSUserAgent(t *testing.T) {
	attemptConnectionsWithUserAgent(t, "UNFRONTED-MEEK-HTTPS-OSSH", true)
}

var mockUserAgents = []string{"UserAgentA", "UserAgentB"}
var userAgentCountsMutex sync.Mutex
var userAgentCounts map[string]int
var initUserAgentCounter sync.Once

func pickMockUserAgent() string {
	index, _ := common.MakeSecureRandomInt(len(mockUserAgents))
	return mockUserAgents[index]
}

func initMockUserAgentPicker() {
	RegisterUserAgentPicker(pickMockUserAgent)
}

func resetUserAgentCounts() {
	userAgentCountsMutex.Lock()
	defer userAgentCountsMutex.Unlock()
	userAgentCounts = make(map[string]int)
}

func countHTTPUserAgent(headers http.Header, isCONNECT bool) {
	userAgentCountsMutex.Lock()
	defer userAgentCountsMutex.Unlock()
	if _, ok := headers["User-Agent"]; !ok {
		userAgentCounts["BLANK"]++
	} else if isCONNECT {
		userAgentCounts["CONNECT-"+headers.Get("User-Agent")]++
	} else {
		userAgentCounts[headers.Get("User-Agent")]++
	}
}

func countNoticeUserAgent(userAgent string) {
	userAgentCountsMutex.Lock()
	defer userAgentCountsMutex.Unlock()
	userAgentCounts["NOTICE-"+userAgent]++
}

func checkUserAgentCounts(t *testing.T, isCONNECT bool) {
	userAgentCountsMutex.Lock()
	defer userAgentCountsMutex.Unlock()

	for _, userAgent := range mockUserAgents {

		if isCONNECT {
			if userAgentCounts["CONNECT-"+userAgent] == 0 {
				t.Fatalf("unexpected CONNECT user agent count of 0: %+v", userAgentCounts)
				return
			}
		} else {

			if userAgentCounts[userAgent] == 0 {
				t.Fatalf("unexpected non-CONNECT user agent count of 0: %+v", userAgentCounts)
				return
			}
		}

		if userAgentCounts["NOTICE-"+userAgent] == 0 {
			t.Fatalf("unexpected NOTICE user agent count of 0: %+v", userAgentCounts)
			return
		}
	}

	if userAgentCounts["BLANK"] == 0 {
		t.Fatalf("unexpected BLANK user agent count of 0: %+v", userAgentCounts)
		return
	}

	// TODO: check proportions
	t.Logf("%+v", userAgentCounts)
}

func initUserAgentCounterUpstreamProxy() {
	initUserAgentCounter.Do(func() {
		go func() {
			proxy := goproxy.NewProxyHttpServer()

			proxy.OnRequest().DoFunc(
				func(r *http.Request, ctx *goproxy.ProxyCtx) (*http.Request, *http.Response) {
					countHTTPUserAgent(r.Header, false)
					return nil, goproxy.NewResponse(r, goproxy.ContentTypeText, http.StatusUnauthorized, "")
				})

			proxy.OnRequest().HandleConnectFunc(
				func(host string, ctx *goproxy.ProxyCtx) (*goproxy.ConnectAction, string) {
					countHTTPUserAgent(ctx.Req.Header, true)
					return goproxy.RejectConnect, host
				})

			err := http.ListenAndServe("127.0.0.1:2163", proxy)
			if err != nil {
				fmt.Printf("upstream proxy failed: %s\n", err)
			}
		}()

		// TODO: more robust wait-until-listening
		time.Sleep(1 * time.Second)
	})
}

func attemptConnectionsWithUserAgent(
	t *testing.T, tunnelProtocol string, isCONNECT bool) {

	initMockUserAgentPicker()
	initUserAgentCounterUpstreamProxy()
	resetUserAgentCounts()

	// create a server entry

	var err error
	serverIPaddress := ""
	for _, interfaceName := range []string{"eth0", "en0"} {
		var serverIPv4Address, serverIPv6Address net.IP
		serverIPv4Address, serverIPv6Address, err = common.GetInterfaceIPAddresses(interfaceName)
		if err == nil {
			if serverIPv4Address != nil {
				serverIPaddress = serverIPv4Address.String()
			} else {
				serverIPaddress = serverIPv6Address.String()
			}
			break
		}
	}
	if err != nil {
		t.Fatalf("error getting server IP address: %s", err)
	}

	_, _, _, _, encodedServerEntry, err := server.GenerateConfig(
		&server.GenerateConfigParams{
			ServerIPAddress:      serverIPaddress,
			EnableSSHAPIRequests: true,
			WebServerPort:        8000,
			TunnelProtocolPorts:  map[string]int{tunnelProtocol: 4000},
		})
	if err != nil {
		t.Fatalf("error generating server config: %s", err)
	}

	// attempt connections with client

	// Connections are made through a mock upstream proxy that
	// counts user agents. No server is running, and the upstream
	// proxy rejects connections after counting the user agent.

	// Note: calling LoadConfig ensures all *int config fields are initialized
	clientConfigJSON := `
    {
        "ClientPlatform" : "Windows",
        "ClientVersion" : "0",
        "SponsorId" : "0",
        "PropagationChannelId" : "0",
        "ConnectionPoolSize" : 1,
        "EstablishTunnelPausePeriodSeconds" : 1,
        "DisableRemoteServerListFetcher" : true,
        "TransformHostNames" : "never",
        "UpstreamProxyUrl" : "http://127.0.0.1:2163"
    }`
	clientConfig, err := LoadConfig([]byte(clientConfigJSON))
	if err != nil {
		t.Fatalf("error processing configuration file: %s", err)
	}

	clientConfig.TargetServerEntry = string(encodedServerEntry)
	clientConfig.TunnelProtocol = tunnelProtocol
	clientConfig.DataStoreDirectory = testDataDirName

	err = clientConfig.Commit()
	if err != nil {
		t.Fatalf("error committing configuration file: %s", err)
	}

	err = InitDataStore(clientConfig)
	if err != nil {
		t.Fatalf("error initializing client datastore: %s", err)
	}

	SetNoticeWriter(NewNoticeReceiver(
		func(notice []byte) {
			noticeType, payload, err := GetNotice(notice)
			if err != nil {
				return
			}
			if noticeType == "ConnectingServer" {
				userAgent, ok := payload["userAgent"]
				if ok {
					countNoticeUserAgent(userAgent.(string))
				}
			}
		}))

	controller, err := NewController(clientConfig)
	if err != nil {
		t.Fatalf("error creating client controller: %s", err)
	}

	ctx, cancelFunc := context.WithCancel(context.Background())

	controllerWaitGroup := new(sync.WaitGroup)

	controllerWaitGroup.Add(1)
	go func() {
		defer controllerWaitGroup.Done()
		controller.Run(ctx)
	}()

	// repeat attempts for long enough to select each user agent

	time.Sleep(30 * time.Second)

	cancelFunc()

	controllerWaitGroup.Wait()

	checkUserAgentCounts(t, isCONNECT)
}