frp/test/e2e/v1/basic/client_server.go

326 lines
9.8 KiB
Go
Raw Normal View History

2020-09-07 06:57:23 +00:00
package basic
import (
"fmt"
2020-09-07 07:45:44 +00:00
"strings"
"time"
2020-09-07 06:57:23 +00:00
2023-02-27 06:44:16 +00:00
"github.com/onsi/ginkgo/v2"
2022-08-28 17:02:53 +00:00
2020-09-07 06:57:23 +00:00
"github.com/fatedier/frp/test/e2e/framework"
"github.com/fatedier/frp/test/e2e/framework/consts"
2021-08-02 05:07:28 +00:00
"github.com/fatedier/frp/test/e2e/pkg/cert"
2021-03-31 08:57:39 +00:00
"github.com/fatedier/frp/test/e2e/pkg/port"
2020-09-07 06:57:23 +00:00
)
type generalTestConfigures struct {
server string
client string
clientPrefix string
client2 string
client2Prefix string
testDelay time.Duration
expectError bool
2020-09-07 06:57:23 +00:00
}
func renderBindPortConfig(protocol string) string {
if protocol == "kcp" {
2023-09-13 08:32:39 +00:00
return fmt.Sprintf(`kcpBindPort = {{ .%s }}`, consts.PortServerName)
} else if protocol == "quic" {
2023-09-13 08:32:39 +00:00
return fmt.Sprintf(`quicBindPort = {{ .%s }}`, consts.PortServerName)
}
return ""
}
2021-08-02 05:07:28 +00:00
func runClientServerTest(f *framework.Framework, configures *generalTestConfigures) {
serverConf := consts.DefaultServerConfig
clientConf := consts.DefaultClientConfig
if configures.clientPrefix != "" {
clientConf = configures.clientPrefix
}
2020-09-07 06:57:23 +00:00
2021-08-02 05:07:28 +00:00
serverConf += fmt.Sprintf(`
2023-09-13 08:32:39 +00:00
%s
`, configures.server)
2020-09-07 06:57:23 +00:00
2021-08-02 05:07:28 +00:00
tcpPortName := port.GenName("TCP")
udpPortName := port.GenName("UDP")
clientConf += fmt.Sprintf(`
2023-09-13 08:32:39 +00:00
%s
[[proxies]]
name = "tcp"
type = "tcp"
localPort = {{ .%s }}
remotePort = {{ .%s }}
[[proxies]]
name = "udp"
type = "udp"
localPort = {{ .%s }}
remotePort = {{ .%s }}
`, configures.client,
2021-08-02 05:07:28 +00:00
framework.TCPEchoServerPort, tcpPortName,
framework.UDPEchoServerPort, udpPortName,
)
2020-09-07 06:57:23 +00:00
clientConfs := []string{clientConf}
if configures.client2 != "" {
client2Conf := consts.DefaultClientConfig
if configures.client2Prefix != "" {
client2Conf = configures.client2Prefix
}
client2Conf += fmt.Sprintf(`
%s
`, configures.client2)
clientConfs = append(clientConfs, client2Conf)
}
f.RunProcesses([]string{serverConf}, clientConfs)
if configures.testDelay > 0 {
time.Sleep(configures.testDelay)
}
2020-09-07 06:57:23 +00:00
2021-08-02 05:07:28 +00:00
framework.NewRequestExpect(f).PortName(tcpPortName).ExpectError(configures.expectError).Explain("tcp proxy").Ensure()
framework.NewRequestExpect(f).Protocol("udp").
PortName(udpPortName).ExpectError(configures.expectError).Explain("udp proxy").Ensure()
}
// defineClientServerTest test a normal tcp and udp proxy with specified TestConfigures.
func defineClientServerTest(desc string, f *framework.Framework, configures *generalTestConfigures) {
2022-08-28 17:02:53 +00:00
ginkgo.It(desc, func() {
2021-08-02 05:07:28 +00:00
runClientServerTest(f, configures)
2020-09-07 06:57:23 +00:00
})
}
2022-08-28 17:02:53 +00:00
var _ = ginkgo.Describe("[Feature: Client-Server]", func() {
2020-09-07 06:57:23 +00:00
f := framework.NewDefaultFramework()
2022-08-28 17:02:53 +00:00
ginkgo.Describe("Protocol", func() {
supportProtocols := []string{"tcp", "kcp", "quic", "websocket"}
2020-09-07 06:57:23 +00:00
for _, protocol := range supportProtocols {
configures := &generalTestConfigures{
server: fmt.Sprintf(`
%s
`, renderBindPortConfig(protocol)),
2023-09-13 08:32:39 +00:00
client: fmt.Sprintf(`transport.protocol = "%s"`, protocol),
2020-09-07 06:57:23 +00:00
}
defineClientServerTest(protocol, f, configures)
}
})
// wss is special, it needs to be tested separately.
// frps only supports ws, so there should be a proxy to terminate TLS before frps.
ginkgo.Describe("Protocol wss", func() {
wssPort := f.AllocPort()
configures := &generalTestConfigures{
clientPrefix: fmt.Sprintf(`
2023-09-13 08:32:39 +00:00
serverAddr = "127.0.0.1"
serverPort = %d
loginFailExit = false
transport.protocol = "wss"
log.level = "trace"
`, wssPort),
// Due to the fact that frps cannot directly accept wss connections, we use the https2http plugin of another frpc to terminate TLS.
client2: fmt.Sprintf(`
2023-09-13 08:32:39 +00:00
[[proxies]]
name = "wss2ws"
type = "tcp"
remotePort = %d
[proxies.plugin]
type = "https2http"
localAddr = "127.0.0.1:{{ .%s }}"
`, wssPort, consts.PortServerName),
testDelay: 10 * time.Second,
}
defineClientServerTest("wss", f, configures)
})
2022-08-28 17:02:53 +00:00
ginkgo.Describe("Authentication", func() {
2020-09-07 07:45:44 +00:00
defineClientServerTest("Token Correct", f, &generalTestConfigures{
2023-09-13 08:32:39 +00:00
server: `auth.token = "123456"`,
client: `auth.token = "123456"`,
2020-09-07 07:45:44 +00:00
})
2020-09-07 06:57:23 +00:00
2020-09-07 07:45:44 +00:00
defineClientServerTest("Token Incorrect", f, &generalTestConfigures{
2023-09-13 08:32:39 +00:00
server: `auth.token = "123456"`,
client: `auth.token = "invalid"`,
2020-09-07 07:45:44 +00:00
expectError: true,
})
})
2022-08-28 17:02:53 +00:00
ginkgo.Describe("TLS", func() {
supportProtocols := []string{"tcp", "kcp", "quic", "websocket"}
2020-09-07 07:45:44 +00:00
for _, protocol := range supportProtocols {
tmp := protocol
// Since v0.50.0, the default value of tls_enable has been changed to true.
// Therefore, here it needs to be set as false to test the scenario of turning it off.
defineClientServerTest("Disable TLS over "+strings.ToUpper(tmp), f, &generalTestConfigures{
2020-09-07 07:45:44 +00:00
server: fmt.Sprintf(`
%s
`, renderBindPortConfig(protocol)),
2023-09-13 08:32:39 +00:00
client: fmt.Sprintf(`transport.tls.enable = false
transport.protocol = "%s"
2020-09-07 07:45:44 +00:00
`, protocol),
})
}
2023-09-13 08:32:39 +00:00
defineClientServerTest("enable tls force, client with TLS", f, &generalTestConfigures{
server: "transport.tls.force = true",
2020-09-07 07:45:44 +00:00
})
2023-09-13 08:32:39 +00:00
defineClientServerTest("enable tls force, client without TLS", f, &generalTestConfigures{
server: "transport.tls.force = true",
client: "transport.tls.enable = false",
2020-09-07 07:45:44 +00:00
expectError: true,
})
2020-09-07 06:57:23 +00:00
})
2021-08-02 05:07:28 +00:00
2022-08-28 17:02:53 +00:00
ginkgo.Describe("TLS with custom certificate", func() {
supportProtocols := []string{"tcp", "kcp", "quic", "websocket"}
2021-08-02 05:07:28 +00:00
var (
caCrtPath string
serverCrtPath, serverKeyPath string
clientCrtPath, clientKeyPath string
)
2022-08-28 17:02:53 +00:00
ginkgo.JustBeforeEach(func() {
2021-08-02 05:07:28 +00:00
generator := &cert.SelfSignedCertGenerator{}
artifacts, err := generator.Generate("127.0.0.1")
2021-08-02 05:07:28 +00:00
framework.ExpectNoError(err)
caCrtPath = f.WriteTempFile("ca.crt", string(artifacts.CACert))
serverCrtPath = f.WriteTempFile("server.crt", string(artifacts.Cert))
serverKeyPath = f.WriteTempFile("server.key", string(artifacts.Key))
generator.SetCA(artifacts.CACert, artifacts.CAKey)
_, err = generator.Generate("127.0.0.1")
2022-08-28 17:02:53 +00:00
framework.ExpectNoError(err)
2021-08-02 05:07:28 +00:00
clientCrtPath = f.WriteTempFile("client.crt", string(artifacts.Cert))
clientKeyPath = f.WriteTempFile("client.key", string(artifacts.Key))
})
for _, protocol := range supportProtocols {
tmp := protocol
2022-08-28 17:02:53 +00:00
ginkgo.It("one-way authentication: "+tmp, func() {
2021-08-02 05:07:28 +00:00
runClientServerTest(f, &generalTestConfigures{
server: fmt.Sprintf(`
%s
2023-09-13 08:32:39 +00:00
transport.tls.trustedCaFile = "%s"
`, renderBindPortConfig(tmp), caCrtPath),
2021-08-02 05:07:28 +00:00
client: fmt.Sprintf(`
2023-09-13 08:32:39 +00:00
transport.protocol = "%s"
transport.tls.certFile = "%s"
transport.tls.keyFile = "%s"
2021-08-02 05:07:28 +00:00
`, tmp, clientCrtPath, clientKeyPath),
})
})
2022-08-28 17:02:53 +00:00
ginkgo.It("mutual authentication: "+tmp, func() {
2021-08-02 05:07:28 +00:00
runClientServerTest(f, &generalTestConfigures{
server: fmt.Sprintf(`
%s
2023-09-13 08:32:39 +00:00
transport.tls.certFile = "%s"
transport.tls.keyFile = "%s"
transport.tls.trustedCaFile = "%s"
`, renderBindPortConfig(tmp), serverCrtPath, serverKeyPath, caCrtPath),
2021-08-02 05:07:28 +00:00
client: fmt.Sprintf(`
2023-09-13 08:32:39 +00:00
transport.protocol = "%s"
transport.tls.certFile = "%s"
transport.tls.keyFile = "%s"
transport.tls.trustedCaFile = "%s"
2021-08-02 05:07:28 +00:00
`, tmp, clientCrtPath, clientKeyPath, caCrtPath),
})
})
}
})
2022-08-28 17:02:53 +00:00
ginkgo.Describe("TLS with custom certificate and specified server name", func() {
2021-08-02 05:07:28 +00:00
var (
caCrtPath string
serverCrtPath, serverKeyPath string
clientCrtPath, clientKeyPath string
)
2022-08-28 17:02:53 +00:00
ginkgo.JustBeforeEach(func() {
2021-08-02 05:07:28 +00:00
generator := &cert.SelfSignedCertGenerator{}
artifacts, err := generator.Generate("example.com")
framework.ExpectNoError(err)
caCrtPath = f.WriteTempFile("ca.crt", string(artifacts.CACert))
serverCrtPath = f.WriteTempFile("server.crt", string(artifacts.Cert))
serverKeyPath = f.WriteTempFile("server.key", string(artifacts.Key))
generator.SetCA(artifacts.CACert, artifacts.CAKey)
2022-08-28 17:02:53 +00:00
_, err = generator.Generate("example.com")
framework.ExpectNoError(err)
2021-08-02 05:07:28 +00:00
clientCrtPath = f.WriteTempFile("client.crt", string(artifacts.Cert))
clientKeyPath = f.WriteTempFile("client.key", string(artifacts.Key))
})
2022-08-28 17:02:53 +00:00
ginkgo.It("mutual authentication", func() {
2021-08-02 05:07:28 +00:00
runClientServerTest(f, &generalTestConfigures{
server: fmt.Sprintf(`
2023-09-13 08:32:39 +00:00
transport.tls.certFile = "%s"
transport.tls.keyFile = "%s"
transport.tls.trustedCaFile = "%s"
2021-08-02 05:07:28 +00:00
`, serverCrtPath, serverKeyPath, caCrtPath),
client: fmt.Sprintf(`
2023-09-13 08:32:39 +00:00
transport.tls.serverName = "example.com"
transport.tls.certFile = "%s"
transport.tls.keyFile = "%s"
transport.tls.trustedCaFile = "%s"
2021-08-02 05:07:28 +00:00
`, clientCrtPath, clientKeyPath, caCrtPath),
})
})
2022-08-28 17:02:53 +00:00
ginkgo.It("mutual authentication with incorrect server name", func() {
2021-08-02 05:07:28 +00:00
runClientServerTest(f, &generalTestConfigures{
server: fmt.Sprintf(`
2023-09-13 08:32:39 +00:00
transport.tls.certFile = "%s"
transport.tls.keyFile = "%s"
transport.tls.trustedCaFile = "%s"
2021-08-02 05:07:28 +00:00
`, serverCrtPath, serverKeyPath, caCrtPath),
client: fmt.Sprintf(`
2023-09-13 08:32:39 +00:00
transport.tls.serverName = "invalid.com"
transport.tls.certFile = "%s"
transport.tls.keyFile = "%s"
transport.tls.trustedCaFile = "%s"
2021-08-02 05:07:28 +00:00
`, clientCrtPath, clientKeyPath, caCrtPath),
expectError: true,
})
})
})
ginkgo.Describe("TLS with disable_custom_tls_first_byte set to false", func() {
supportProtocols := []string{"tcp", "kcp", "quic", "websocket"}
for _, protocol := range supportProtocols {
tmp := protocol
defineClientServerTest("TLS over "+strings.ToUpper(tmp), f, &generalTestConfigures{
server: fmt.Sprintf(`
%s
`, renderBindPortConfig(protocol)),
client: fmt.Sprintf(`
2023-09-13 08:32:39 +00:00
transport.protocol = "%s"
transport.tls.disableCustomTLSFirstByte = false
`, protocol),
})
}
})
2022-08-28 17:02:53 +00:00
ginkgo.Describe("IPv6 bind address", func() {
supportProtocols := []string{"tcp", "kcp", "quic", "websocket"}
for _, protocol := range supportProtocols {
tmp := protocol
defineClientServerTest("IPv6 bind address: "+strings.ToUpper(tmp), f, &generalTestConfigures{
server: fmt.Sprintf(`
2023-09-13 08:32:39 +00:00
bindAddr = "::"
%s
`, renderBindPortConfig(protocol)),
client: fmt.Sprintf(`
2023-09-13 08:32:39 +00:00
transport.protocol = "%s"
`, protocol),
})
}
})
2020-09-07 06:57:23 +00:00
})