http3: remove dependency on quic internal packages (#5256)

* Remove http3 dependency on quic internal packages Remove the dependency on internal/protocol from the http3 package. This makes it possible for a forked http3 to use the mainline quic-go package. * Address review comments * Fix syntax * Use broader pattern for http3 directory * Copy internal/testdata * Replace perspective with bool * clone the supported version slice --------- Co-authored-by: Marten Seemann <martenseemann@gmail.com>
2025-07-07 04:41:23 -07:00
parent fd32cf5c69
commit 0a9c6ea4c8
18 changed files with 240 additions and 59 deletions
--- a/http3/internal/testdata/ca.pem
+++ b/http3/internal/testdata/ca.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICzDCCAbQCCQDA+rLymNnfJzANBgkqhkiG9w0BAQsFADAoMSYwJAYDVQQKDB1x
+dWljLWdvIENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0yMDA4MTgwOTIxMzVaFw0z
+MDA4MTYwOTIxMzVaMCgxJjAkBgNVBAoMHXF1aWMtZ28gQ2VydGlmaWNhdGUgQXV0
+aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1OcsYrVaSDfh
+iDppl6oteVspOY3yFb96T9Y/biaGPJAkBO9VGKcqwOUPmUeiWpedRAUB9LE7Srs6
+qBX4mnl90Icjp8jbIs5cPgIWLkIu8Qm549RghFzB3bn+EmCQSe4cxvyDMN3ndClp
+3YMXpZgXWgJGiPOylVi/OwHDdWDBorw4hvry+6yDtpQo2TuI2A/xtxXPT7BgsEJD
+WGffdgZOYXChcFA0c1XVLIYlu2w2JhxS8c2TUF6uSDlmcoONNKVoiNCuu1Z9MorS
+Qmg7a2G7dSPu123KcTcSQFcmJrt+1G81gOBtHB69kacD8xDmgksj09h/ODPL/gIU
+1ZcU2ci1/QIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQB0Tb1JbLXp/BvWovSAhO/j
+wG7UEaUA1rCtkDB+fV2HS9bxCbV5eErdg8AMHKgB51ygUrq95vm/baZmUILr84XK
+uTEoxxrw5S9Z7SrhtbOpKCumoSeTsCPjDvCcwFExHv4XHFk+CPqZwbMHueVIMT0+
+nGWss/KecCPdJLdnUgMRz0tIuXzkoRuOiUiZfUeyBNVNbDFSrLigYshTeAPGaYjX
+CypoHxkeS93nWfOMUu8FTYLYkvGMU5i076zDoFGKJiEtbjSiNW+Hei7u2aSEuCzp
+qyTKzYPWYffAq3MM2MKJgZdL04e9GEGeuce/qhM1o3q77aI/XJImwEDdut2LDec1
+-----END CERTIFICATE-----
--- a/http3/internal/testdata/cert.go
+++ b/http3/internal/testdata/cert.go
@@ -0,0 +1,56 @@
+package testdata
+
+import (
+	"crypto/tls"
+	"crypto/x509"
+	"os"
+	"path"
+	"runtime"
+)
+
+var certPath string
+
+func init() {
+	_, filename, _, ok := runtime.Caller(0)
+	if !ok {
+		panic("Failed to get current frame")
+	}
+
+	certPath = path.Dir(filename)
+}
+
+// GetCertificatePaths returns the paths to certificate and key
+func GetCertificatePaths() (string, string) {
+	return path.Join(certPath, "cert.pem"), path.Join(certPath, "priv.key")
+}
+
+// GetTLSConfig returns a tls config for quic.clemente.io
+func GetTLSConfig() *tls.Config {
+	cert, err := tls.LoadX509KeyPair(GetCertificatePaths())
+	if err != nil {
+		panic(err)
+	}
+	return &tls.Config{
+		MinVersion:   tls.VersionTLS13,
+		Certificates: []tls.Certificate{cert},
+	}
+}
+
+// AddRootCA adds the root CA certificate to a cert pool
+func AddRootCA(certPool *x509.CertPool) {
+	caCertPath := path.Join(certPath, "ca.pem")
+	caCertRaw, err := os.ReadFile(caCertPath)
+	if err != nil {
+		panic(err)
+	}
+	if ok := certPool.AppendCertsFromPEM(caCertRaw); !ok {
+		panic("Could not add root ceritificate to pool.")
+	}
+}
+
+// GetRootCA returns an x509.CertPool containing (only) the CA certificate
+func GetRootCA() *x509.CertPool {
+	pool := x509.NewCertPool()
+	AddRootCA(pool)
+	return pool
+}
--- a/http3/internal/testdata/cert.pem
+++ b/http3/internal/testdata/cert.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC1TCCAb2gAwIBAgIJAK2fcqC0BVA7MA0GCSqGSIb3DQEBCwUAMCgxJjAkBgNV
+BAoMHXF1aWMtZ28gQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTIwMDgxODA5MjEz
+NVoXDTMwMDgxNjA5MjEzNVowEjEQMA4GA1UECgwHcXVpYy1nbzCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBAN/YwrigSXdJCL/bdBGhb0UpqtU8H+krV870
+w1yCSykLImH8x3qHZEXt9sr/vgjcJoV6Z15RZmnbEqnAx84sIClIBoIgnk0VPxu
+WF+/U/dElbftCfYcfJAddhRckdmGB+yb3Wogb32UJ+q3my++h6NjHsYb+OwpJPnQ
+meXjOE7Kkf+bXfFywHF3R8kzVdh5JUFYeKbxYmYgxRps1YTsbCrZCrSy1CbQ9FJw
+Wg5C8t+7yvVFmOeWPECypBCz2xS2mu+kycMNIjIWMl0SL7oVM5cBkRKPeVIG/KcM
+i5+/4lRSLoPh0Txh2TKBWfpzLbIOdPU8/O7cAukIGWx0XsfHUQMCAwEAAaMYMBYw
+FAYDVR0RBA0wC4IJbG9jYWxob3N0MA0GCSqGSIb3DQEBCwUAA4IBAQAyxxvebdMz
+shp5pt1SxMOSXbo8sTa1cpaf2rTmb4nxjXs6KPBEn53hSBz9bhe5wXE4f94SHadf
+636rLh3d75KgrLUwO9Yq0HfCxMo1jUV/Ug++XwcHCI9vk58Tk/H4hqEM6C8RrdTj
+fYeuegQ0/oNLJ4uTw2P2A8TJbL6FC2dcICEAvUGZUcVyZ8m8tHXNRYYh6MZ7ubCh
+hinvL+AA5fY6EVlc5G/P4DN6fYxGn1cFNbiL4uZP4+W3dOmP+NV0YV9ihTyMzz0R
+vSoOZ9FeVkyw8EhMb3LoyXYKazvJy2VQST1ltzAGit9RiM1Gv4vuna74WsFzrn1U
+A/TbaR0ih/qG
+-----END CERTIFICATE-----
--- a/http3/internal/testdata/cert_test.go
+++ b/http3/internal/testdata/cert_test.go
@@ -0,0 +1,28 @@
+package testdata
+
+import (
+	"crypto/tls"
+	"io"
+	"testing"
+
+	"github.com/stretchr/testify/require"
+)
+
+func TestCertificates(t *testing.T) {
+	ln, err := tls.Listen("tcp", "localhost:4433", GetTLSConfig())
+	require.NoError(t, err)
+
+	go func() {
+		conn, err := ln.Accept()
+		require.NoError(t, err)
+		defer conn.Close()
+		_, err = conn.Write([]byte("foobar"))
+		require.NoError(t, err)
+	}()
+
+	conn, err := tls.Dial("tcp", "localhost:4433", &tls.Config{RootCAs: GetRootCA()})
+	require.NoError(t, err)
+	data, err := io.ReadAll(conn)
+	require.NoError(t, err)
+	require.Equal(t, "foobar", string(data))
+}
--- a/http3/internal/testdata/generate_key.sh
+++ b/http3/internal/testdata/generate_key.sh
@@ -0,0 +1,24 @@
+#!/bin/bash
+
+set -e
+
+echo "Generating CA key and certificate:"
+openssl req -x509 -sha256 -nodes -days 3650 -newkey rsa:2048 \
+  -keyout ca.key -out ca.pem \
+  -subj "/O=quic-go Certificate Authority/"
+
+echo "Generating CSR"
+openssl req -out cert.csr -new -newkey rsa:2048 -nodes -keyout priv.key \
+  -subj "/O=quic-go/"
+
+echo "Sign certificate:"
+openssl x509 -req -sha256 -days 3650 -in cert.csr  -out cert.pem \
+  -CA ca.pem -CAkey ca.key -CAcreateserial \
+  -extfile <(printf "subjectAltName=DNS:localhost")
+
+# debug output the certificate
+openssl x509 -noout -text -in cert.pem
+
+# we don't need the CA key, the serial number and the CSR any more
+rm ca.key cert.csr ca.srl
+
--- a/http3/internal/testdata/priv.key
+++ b/http3/internal/testdata/priv.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDf2MK4oEl3SQi/
+23QRoW9FKarVPB/pK1fO9PsNcgkspCyJh/Md6h2RF7fbK/74I3CaFemdeUWZp2xK
+pwMfOLCApSAaCIJ5NFT8blhfv1P3RJW37Qn2HHyQHXYUXJHZhgfsm91qIG99lCfq
+t5svvoejYx7GG/jsKST50Jnl4zhOypH/m13xcsBxd0fJM1XYeSVBWHim8WJmIMUa
+bNWE7Gwq2Qq0stQm0PRScFoOQvLfu8r1RZjnljxAsqQQs9sUtprvpMnDDSIyFjJd
+Ei+6FTOXAZESj3lSBvynDIufv+JUUi6D4dE8YdkygVn6cy2yDnT1PPzu3ALpCBls
+dF7Hx1EDAgMBAAECggEBAMm+mLDBdbUWk9YmuZNyRdC13wvT5obF05vo26OglXgw
+dxt09b6OVBuCnuff3SpS9pdJDIYq2HnFlSorH/sxopIvQKF17fHDIp1n7ipNTCXd
+IHrmHkY8Il/YzaVIUQMVc2rih0mw9greTqOS20DKnYC6QvAWIeDmrDaitTGl+ge3
+hm7e2lsgZi13R6fTNwQs9geEQSGzP2k7bFceHQFDChOYiQraR5+VZZ8S8AMGjk47
+AUa5EsKeUe6O9t2xuDSFxzYz5eadOAiErKGDos5KXXr3VQgFcC8uPEFFjcJ/yl+8
+tOe4iLeVwGSDJhTAThdR2deJOjaDcarWM7ixmxA3DAECgYEA/WVwmY4gWKwv49IJ
+Jnh1Gu93P772GqliMNpukdjTI+joQxfl4jRSt2hk4b1KRwyT9aaKfvdz0HFlXo/r
+9NVSAYT3/3vbcw61bfvPhhtz44qRAAKua6b5cUM6XqxVt1hqdP8lrf/blvA5ln+u
+O51S8+wpxZMuqKz/29zdWSG6tAMCgYEA4iWXMXX9dZajI6abVkWwuosvOakXdLk4
+tUy7zd+JPF7hmUzzj2gtg4hXoiQPAOi+GY3TX+1Nza3s1LD7iWaXSKeOWvvligw9
+Q/wVTNW2P1+tdhScJf9QudzW69xOm5HNBgx9uWV2cHfjC12vg5aTH0k5axvaq15H
+9WBXlH5q3wECgYBYoYGYBDFmMpvxmMagkSOMz1OrlVSpkLOKmOxx0SBRACc1SIec
+7mY8RqR6nOX9IfYixyTMMittLiyhvb9vfKnZZDQGRcFFZlCpbplws+t+HDqJgWaW
+uumm5zfkY2z7204pLBF24fZhvha2gGRl76pTLTiTJd79Gr3HnmJByd1vFwKBgHL7
+vfYuEeM55lT4Hz8sTAFtR2O/7+cvTgAQteSlZbfGXlp939DonUulhTkxsFc7/3wq
+unCpzcdoSWSTYDGqcf1FBIKKVVltg7EPeR0KBJIQabgCHqrLOBZojPZ7m5RJ+765
+lysuxZvFuTFMPzNe2gssRf+JuBMt6tR+WclsxZYBAoGAEEFs1ppDil1xlP5rdH7T
+d3TSw/u4eU/X8Ei1zi25hdRUiV76fP9fBELYFmSrPBhugYv91vtSv/LmD4zLfLv/
+yzwAD9j1lGbgM8Of8klCkk+XSJ88ryUwnMTJ5loQJW8t4L+zLv5Le7Ca9SAT0kJ1
+jT0GzDymgLMGp8RPdBkpk+w=
+-----END PRIVATE KEY-----