add more e2e test (fatedier#2505)

conf/frps_full.ini

@@ -36,7 +36,7 @@ vhost_https_port = 443
 dashboard_addr = 0.0.0.0
 dashboard_port = 7500
 
-# dashboard user and passwd for basic auth protect, if not set, both default value is admin
+# dashboard user and passwd for basic auth protect
 dashboard_user = admin
 dashboard_pwd = admin
 

go.mod

@@ -32,8 +32,9 @@ require (
 	golang.org/x/net v0.0.0-20210428140749-89ef3d95e781
 	golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d
 	golang.org/x/sys v0.0.0-20210616094352-59db8d763f22 // indirect
-	golang.org/x/time v0.0.0-20191024005414-555d28b269f0
+	golang.org/x/time v0.0.0-20210220033141-f8bda1e9f3ba
 	gopkg.in/ini.v1 v1.62.0
 	gopkg.in/square/go-jose.v2 v2.4.1 // indirect
 	k8s.io/apimachinery v0.21.2
+	k8s.io/client-go v0.21.2
 )

hack/run-e2e.sh

@@ -17,4 +17,4 @@ if [ x${LOG_LEVEL} != x"" ]; then
     logLevel=${LOG_LEVEL}
 fi
 
-ginkgo -nodes=5 -slowSpecThreshold=20 ${ROOT}/test/e2e -- -frpc-path=${ROOT}/bin/frpc -frps-path=${ROOT}/bin/frps -log-level=${logLevel} -debug=${debug}
+ginkgo -nodes=8 -slowSpecThreshold=20 ${ROOT}/test/e2e -- -frpc-path=${ROOT}/bin/frpc -frps-path=${ROOT}/bin/frps -log-level=${logLevel} -debug=${debug}

pkg/plugin/server/manager.go

@@ -179,7 +179,7 @@ func (m *Manager) NewWorkConn(content *NewWorkConnContent) (*NewWorkConnContent,
 	ctx := xlog.NewContext(context.Background(), xl)
 	ctx = NewReqidContext(ctx, reqid)
 
-	for _, p := range m.pingPlugins {
+	for _, p := range m.newWorkConnPlugins {
 		res, retContent, err = p.Handle(ctx, OpPing, *content)
 		if err != nil {
 			xl.Warn("send NewWorkConn request to plugin [%s] error: %v", p.Name(), err)

pkg/transport/tls.go

@@ -86,7 +86,7 @@ func NewServerTLSConfig(certPath, keyPath, caPath string) (*tls.Config, error) {
 	return base, nil
 }
 
-func NewClientTLSConfig(certPath, keyPath, caPath, servearName string) (*tls.Config, error) {
+func NewClientTLSConfig(certPath, keyPath, caPath, serverName string) (*tls.Config, error) {
 	var base = &tls.Config{}
 
 	if certPath == "" || keyPath == "" {
@@ -107,7 +107,7 @@ func NewClientTLSConfig(certPath, keyPath, caPath, servearName string) (*tls.Con
 		}
 
 		base.RootCAs = pool
-		base.ServerName = servearName
+		base.ServerName = serverName
 		base.InsecureSkipVerify = false
 	} else {
 		base.InsecureSkipVerify = true

test/e2e/basic/basic.go

@@ -1,11 +1,14 @@
 package basic
 
 import (
+	"crypto/tls"
 	"fmt"
 	"strings"
 
+	"github.com/fatedier/frp/pkg/transport"
 	"github.com/fatedier/frp/test/e2e/framework"
 	"github.com/fatedier/frp/test/e2e/framework/consts"
+	"github.com/fatedier/frp/test/e2e/mock/server/httpserver"
 	"github.com/fatedier/frp/test/e2e/mock/server/streamserver"
 	"github.com/fatedier/frp/test/e2e/pkg/port"
 	"github.com/fatedier/frp/test/e2e/pkg/request"
@@ -172,6 +175,106 @@ var _ = Describe("[Feature: Basic]", func() {
 		})
 	})
 
+	Describe("HTTPS", func() {
+		It("proxy to HTTPS server", func() {
+			serverConf := consts.DefaultServerConfig
+			vhostHTTPSPort := f.AllocPort()
+			serverConf += fmt.Sprintf(`
+			vhost_https_port = %d
+			`, vhostHTTPSPort)
+
+			localPort := f.AllocPort()
+			clientConf := consts.DefaultClientConfig
+			getProxyConf := func(proxyName string, customDomains string, extra string) string {
+				return fmt.Sprintf(`
+				[%s]
+				type = https
+				local_port = %d
+				custom_domains = %s
+				`+extra, proxyName, localPort, customDomains)
+			}
+
+			tests := []struct {
+				proxyName     string
+				customDomains string
+				extraConfig   string
+			}{
+				{
+					proxyName: "normal",
+				},
+				{
+					proxyName:   "with-encryption",
+					extraConfig: "use_encryption = true",
+				},
+				{
+					proxyName:   "with-compression",
+					extraConfig: "use_compression = true",
+				},
+				{
+					proxyName: "with-encryption-and-compression",
+					extraConfig: `
+						use_encryption = true
+						use_compression = true
+						`,
+				},
+				{
+					proxyName:     "multiple-custom-domains",
+					customDomains: "a.example.com, b.example.com",
+				},
+			}
+
+			// build all client config
+			for i, test := range tests {
+				if tests[i].customDomains == "" {
+					tests[i].customDomains = test.proxyName + ".example.com"
+				}
+				clientConf += getProxyConf(test.proxyName, tests[i].customDomains, test.extraConfig) + "\n"
+			}
+			// run frps and frpc
+			f.RunProcesses([]string{serverConf}, []string{clientConf})
+
+			tlsConfig, err := transport.NewServerTLSConfig("", "", "")
+			framework.ExpectNoError(err)
+			localServer := httpserver.New(
+				httpserver.WithBindPort(localPort),
+				httpserver.WithTlsConfig(tlsConfig),
+				httpserver.WithResponse([]byte("test")),
+			)
+			f.RunServer("", localServer)
+
+			for _, test := range tests {
+				for _, domain := range strings.Split(test.customDomains, ",") {
+					domain = strings.TrimSpace(domain)
+					framework.NewRequestExpect(f).
+						Explain(test.proxyName + "-" + domain).
+						Port(vhostHTTPSPort).
+						RequestModify(func(r *request.Request) {
+							r.HTTPS().HTTPHost(domain).TLSConfig(&tls.Config{
+								ServerName:         domain,
+								InsecureSkipVerify: true,
+							})
+						}).
+						ExpectResp([]byte("test")).
+						Ensure()
+				}
+			}
+
+			// not exist host
+			notExistDomain := "not-exist.example.com"
+			framework.NewRequestExpect(f).
+				Explain("not exist host").
+				Port(vhostHTTPSPort).
+				RequestModify(func(r *request.Request) {
+					r.HTTPS().HTTPHost(notExistDomain).TLSConfig(&tls.Config{
+						ServerName:         notExistDomain,
+						InsecureSkipVerify: true,
+					})
+				}).
+				ExpectError(true).
+				Ensure()
+		})
+	})
+
 	Describe("STCP && SUDP", func() {
 		types := []string{"stcp", "sudp"}
 		for _, t := range types {

test/e2e/basic/client_server.go

@@ -6,6 +6,7 @@ import (
 
 	"github.com/fatedier/frp/test/e2e/framework"
 	"github.com/fatedier/frp/test/e2e/framework/consts"
+	"github.com/fatedier/frp/test/e2e/pkg/cert"
 	"github.com/fatedier/frp/test/e2e/pkg/port"
 
 	. "github.com/onsi/ginkgo"
@@ -17,19 +18,17 @@ type generalTestConfigures struct {
 	expectError bool
 }
 
-// defineClientServerTest test a normal tcp and udp proxy with specified TestConfigures.
-func defineClientServerTest(desc string, f *framework.Framework, configures *generalTestConfigures) {
-	It(desc, func() {
-		serverConf := consts.DefaultServerConfig
-		clientConf := consts.DefaultClientConfig
+func runClientServerTest(f *framework.Framework, configures *generalTestConfigures) {
+	serverConf := consts.DefaultServerConfig
+	clientConf := consts.DefaultClientConfig
 
-		serverConf += fmt.Sprintf(`
+	serverConf += fmt.Sprintf(`
 				%s
 				`, configures.server)
 
-		tcpPortName := port.GenName("TCP")
-		udpPortName := port.GenName("UDP")
-		clientConf += fmt.Sprintf(`
+	tcpPortName := port.GenName("TCP")
+	udpPortName := port.GenName("UDP")
+	clientConf += fmt.Sprintf(`
 				%s
 
 				[tcp]
@@ -42,15 +41,21 @@ func defineClientServerTest(desc string, f *framework.Framework, configures *gen
 				local_port = {{ .%s }}
 				remote_port = {{ .%s }}
 				`, configures.client,
-			framework.TCPEchoServerPort, tcpPortName,
-			framework.UDPEchoServerPort, udpPortName,
-		)
+		framework.TCPEchoServerPort, tcpPortName,
+		framework.UDPEchoServerPort, udpPortName,
+	)
 
-		f.RunProcesses([]string{serverConf}, []string{clientConf})
+	f.RunProcesses([]string{serverConf}, []string{clientConf})
 
-		framework.NewRequestExpect(f).PortName(tcpPortName).ExpectError(configures.expectError).Explain("tcp proxy").Ensure()
-		framework.NewRequestExpect(f).Protocol("udp").
-			PortName(udpPortName).ExpectError(configures.expectError).Explain("udp proxy").Ensure()
+	framework.NewRequestExpect(f).PortName(tcpPortName).ExpectError(configures.expectError).Explain("tcp proxy").Ensure()
+	framework.NewRequestExpect(f).Protocol("udp").
+		PortName(udpPortName).ExpectError(configures.expectError).Explain("udp proxy").Ensure()
+}
+
+// defineClientServerTest test a normal tcp and udp proxy with specified TestConfigures.
+func defineClientServerTest(desc string, f *framework.Framework, configures *generalTestConfigures) {
+	It(desc, func() {
+		runClientServerTest(f, configures)
 	})
 }
 
@@ -108,4 +113,122 @@ var _ = Describe("[Feature: Client-Server]", func() {
 			expectError: true,
 		})
 	})
+
+	Describe("TLS with custom certificate", func() {
+		supportProtocols := []string{"tcp", "kcp", "websocket"}
+
+		var (
+			caCrtPath                    string
+			serverCrtPath, serverKeyPath string
+			clientCrtPath, clientKeyPath string
+		)
+		JustBeforeEach(func() {
+			generator := &cert.SelfSignedCertGenerator{}
+			artifacts, err := generator.Generate("0.0.0.0")
+			framework.ExpectNoError(err)
+
+			caCrtPath = f.WriteTempFile("ca.crt", string(artifacts.CACert))
+			serverCrtPath = f.WriteTempFile("server.crt", string(artifacts.Cert))
+			serverKeyPath = f.WriteTempFile("server.key", string(artifacts.Key))
+			generator.SetCA(artifacts.CACert, artifacts.CAKey)
+			generator.Generate("0.0.0.0")
+			clientCrtPath = f.WriteTempFile("client.crt", string(artifacts.Cert))
+			clientKeyPath = f.WriteTempFile("client.key", string(artifacts.Key))
+		})
+
+		for _, protocol := range supportProtocols {
+			tmp := protocol
+
+			It("one-way authentication: "+tmp, func() {
+				runClientServerTest(f, &generalTestConfigures{
+					server: fmt.Sprintf(`
+						protocol = %s
+						kcp_bind_port = {{ .%s }}
+						tls_trusted_ca_file = %s
+					`, tmp, consts.PortServerName, caCrtPath),
+					client: fmt.Sprintf(`
+						protocol = %s
+						tls_enable = true
+						tls_cert_file = %s
+						tls_key_file = %s
+					`, tmp, clientCrtPath, clientKeyPath),
+				})
+			})
+
+			It("mutual authentication: "+tmp, func() {
+				runClientServerTest(f, &generalTestConfigures{
+					server: fmt.Sprintf(`
+						protocol = %s
+						kcp_bind_port = {{ .%s }}
+						tls_cert_file = %s
+						tls_key_file = %s
+						tls_trusted_ca_file = %s
+					`, tmp, consts.PortServerName, serverCrtPath, serverKeyPath, caCrtPath),
+					client: fmt.Sprintf(`
+						protocol = %s
+						tls_enable = true
+						tls_cert_file = %s
+						tls_key_file = %s
+						tls_trusted_ca_file = %s
+					`, tmp, clientCrtPath, clientKeyPath, caCrtPath),
+				})
+			})
+		}
+	})
+
+	Describe("TLS with custom certificate and specified server name", func() {
+		var (
+			caCrtPath                    string
+			serverCrtPath, serverKeyPath string
+			clientCrtPath, clientKeyPath string
+		)
+		JustBeforeEach(func() {
+			generator := &cert.SelfSignedCertGenerator{}
+			artifacts, err := generator.Generate("example.com")
+			framework.ExpectNoError(err)
+
+			caCrtPath = f.WriteTempFile("ca.crt", string(artifacts.CACert))
+			serverCrtPath = f.WriteTempFile("server.crt", string(artifacts.Cert))
+			serverKeyPath = f.WriteTempFile("server.key", string(artifacts.Key))
+			generator.SetCA(artifacts.CACert, artifacts.CAKey)
+			generator.Generate("example.com")
+			clientCrtPath = f.WriteTempFile("client.crt", string(artifacts.Cert))
+			clientKeyPath = f.WriteTempFile("client.key", string(artifacts.Key))
+		})
+
+		It("mutual authentication", func() {
+			runClientServerTest(f, &generalTestConfigures{
+				server: fmt.Sprintf(`
+				tls_cert_file = %s
+				tls_key_file = %s
+				tls_trusted_ca_file = %s
+				`, serverCrtPath, serverKeyPath, caCrtPath),
+				client: fmt.Sprintf(`
+				tls_enable = true
+				tls_server_name = example.com
+				tls_cert_file = %s
+				tls_key_file = %s
+				tls_trusted_ca_file = %s
+				`, clientCrtPath, clientKeyPath, caCrtPath),
+			})
+		})
+
+		It("mutual authentication with incorrect server name", func() {
+			runClientServerTest(f, &generalTestConfigures{
+				server: fmt.Sprintf(`
+				tls_cert_file = %s
+				tls_key_file = %s
+				tls_trusted_ca_file = %s
+				`, serverCrtPath, serverKeyPath, caCrtPath),
+				client: fmt.Sprintf(`
+				tls_enable = true
+				tls_server_name = invalid.com
+				tls_cert_file = %s
+				tls_key_file = %s
+				tls_trusted_ca_file = %s
+				`, clientCrtPath, clientKeyPath, caCrtPath),
+				expectError: true,
+			})
+		})
+	})
 })