moved PeerCerts to netx/trace

ooni · Jan 8, 2021 · f7c4dc5 · f7c4dc5
1 parent 5c9f81c
commit f7c4dc5
Show file tree

Hide file tree

Showing 3 changed files with 26 additions and 50 deletions.
diff --git a/netx/dialer/saver.go b/netx/dialer/saver.go
@@ -3,8 +3,6 @@ package dialer
 import (
 	"context"
 	"crypto/tls"
-	"crypto/x509"
-	"errors"
 	"net"
 	"time"
 
@@ -63,7 +61,7 @@ func (h SaverTLSHandshaker) Handshake(
 		TLSCipherSuite:     tlsx.CipherSuiteString(state.CipherSuite),
 		TLSNegotiatedProto: state.NegotiatedProtocol,
 		TLSNextProtos:      config.NextProtos,
-		TLSPeerCerts:       peerCerts(state, err),
+		TLSPeerCerts:       trace.PeerCerts(state, err),
 		TLSServerName:      config.ServerName,
 		TLSVersion:         tlsx.VersionString(state.Version),
 		Time:               stop,
@@ -122,28 +120,6 @@ func (c saverConn) Write(p []byte) (int, error) {
 	return count, err
 }
 
-// peerCerts returns the certificates presented by the peer regardless
-// of whether the TLS handshake was successful
-func peerCerts(state tls.ConnectionState, err error) []*x509.Certificate {
-	var x509HostnameError x509.HostnameError
-	if errors.As(err, &x509HostnameError) {
-		// Test case: https://wrong.host.badssl.com/
-		return []*x509.Certificate{x509HostnameError.Certificate}
-	}
-	var x509UnknownAuthorityError x509.UnknownAuthorityError
-	if errors.As(err, &x509UnknownAuthorityError) {
-		// Test case: https://self-signed.badssl.com/. This error has
-		// never been among the ones returned by MK.
-		return []*x509.Certificate{x509UnknownAuthorityError.Cert}
-	}
-	var x509CertificateInvalidError x509.CertificateInvalidError
-	if errors.As(err, &x509CertificateInvalidError) {
-		// Test case: https://expired.badssl.com/
-		return []*x509.Certificate{x509CertificateInvalidError.Cert}
-	}
-	return state.PeerCertificates
-}
-
 var _ Dialer = SaverDialer{}
 var _ TLSHandshaker = SaverTLSHandshaker{}
 var _ net.Conn = saverConn{}
diff --git a/netx/quicdialer/saver.go b/netx/quicdialer/saver.go
@@ -3,8 +3,6 @@ package quicdialer
 import (
 	"context"
 	"crypto/tls"
-	"crypto/x509"
-	"errors"
 	"time"
 
 	"github.com/lucas-clemente/quic-go"
@@ -75,32 +73,10 @@ func (h QUICHandshakeSaver) DialContext(ctx context.Context, network string, add
 		TLSCipherSuite:     tlsx.CipherSuiteString(state.CipherSuite),
 		TLSNegotiatedProto: state.NegotiatedProtocol,
 		TLSNextProtos:      tlsCfg.NextProtos,
-		TLSPeerCerts:       peerCerts(state, err),
+		TLSPeerCerts:       trace.PeerCerts(state, err),
 		TLSServerName:      tlsCfg.ServerName,
 		TLSVersion:         tlsx.VersionString(state.Version),
 		Time:               stop,
 	})
 	return sess, err
 }
-
-// peerCerts returns the certificates presented by the peer regardless
-// of whether the TLS handshake was successful
-func peerCerts(state tls.ConnectionState, err error) []*x509.Certificate {
-	var x509HostnameError x509.HostnameError
-	if errors.As(err, &x509HostnameError) {
-		// Test case: https://wrong.host.badssl.com/
-		return []*x509.Certificate{x509HostnameError.Certificate}
-	}
-	var x509UnknownAuthorityError x509.UnknownAuthorityError
-	if errors.As(err, &x509UnknownAuthorityError) {
-		// Test case: https://self-signed.badssl.com/. This error has
-		// never been among the ones returned by MK.
-		return []*x509.Certificate{x509UnknownAuthorityError.Cert}
-	}
-	var x509CertificateInvalidError x509.CertificateInvalidError
-	if errors.As(err, &x509CertificateInvalidError) {
-		// Test case: https://expired.badssl.com/
-		return []*x509.Certificate{x509CertificateInvalidError.Cert}
-	}
-	return state.PeerCertificates
-}
diff --git a/netx/trace/event.go b/netx/trace/event.go
@@ -1,7 +1,9 @@
 package trace
 
 import (
+	"crypto/tls"
 	"crypto/x509"
+	"errors"
 	"net/http"
 	"time"
 )
@@ -34,3 +36,25 @@ type Event struct {
 	Time               time.Time           `json:",omitempty"`
 	Transport          string              `json:",omitempty"`
 }
+
+// PeerCerts returns the certificates presented by the peer regardless
+// of whether the TLS handshake was successful
+func PeerCerts(state tls.ConnectionState, err error) []*x509.Certificate {
+	var x509HostnameError x509.HostnameError
+	if errors.As(err, &x509HostnameError) {
+		// Test case: https://wrong.host.badssl.com/
+		return []*x509.Certificate{x509HostnameError.Certificate}
+	}
+	var x509UnknownAuthorityError x509.UnknownAuthorityError
+	if errors.As(err, &x509UnknownAuthorityError) {
+		// Test case: https://self-signed.badssl.com/. This error has
+		// never been among the ones returned by MK.
+		return []*x509.Certificate{x509UnknownAuthorityError.Cert}
+	}
+	var x509CertificateInvalidError x509.CertificateInvalidError
+	if errors.As(err, &x509CertificateInvalidError) {
+		// Test case: https://expired.badssl.com/
+		return []*x509.Certificate{x509CertificateInvalidError.Cert}
+	}
+	return state.PeerCertificates
+}