func integrationDialer(t *testing.T, statsFunc func(success bool, domain, addr string, resolutionTime, connectTime, handshakeTime time.Duration)) fronted.Dialer {
rootCAs, err := keyman.PoolContainingCerts("-----BEGIN CERTIFICATE-----\nMIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG\nA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv\nb3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw\nMDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i\nYWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT\naWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ\njc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp\nxy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz8kHp\n1Wrjsok6Vjk4bwY8iGlbKk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdG\nsnUOhugZitVtbNV4FpWi6cgKOOvyJBNPc1STE4U6G7weNLWLBYy5d4ux2x8gkasJ\nU26Qzns3dLlwR5EiUWMWea6xrkEmCMgZK9FGqkjWZCrXgzT/LCrBbBlDSgeF59N8\n9iFo7+ryUp9/k5DPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8E\nBTADAQH/MB0GA1UdDgQWBBRge2YaRQ2XyolQL30EzTSo//z9SzANBgkqhkiG9w0B\nAQUFAAOCAQEA1nPnfE920I2/7LqivjTFKDK1fPxsnCwrvQmeU79rXqoRSLblCKOz\nyj1hTdNGCbM+w6DjY1Ub8rrvrTnhQ7k4o+YviiY776BQVvnGCv04zcQLcFGUl5gE\n38NflNUVyRRBnMRddWQVDf9VMOyGj/8N7yy5Y0b2qvzfvGn9LhJIZJrglfCm7ymP\nAbEVtQwdpf5pLGkkeB6zpxxxYu7KyJesF12KwvhHhm4qxFYxldBniYUr+WymXUad\nDKqC5JlR3XC321Y9YeRq4VzW9v493kHMB65jUr9TU/Qr6cf9tveCX4XSQRjbgbME\nHMUfpIBvFSDJ3gyICh3WZlXi/EjJKSZp4A==\n-----END CERTIFICATE-----\n")
if err != nil {
t.Fatalf("Unable to set up cert pool")
}
maxMasquerades := 2
masquerades := make([]*fronted.Masquerade, maxMasquerades)
for i := 0; i < len(masquerades); i++ {
// Good masquerade with IP
masquerades[i] = &fronted.Masquerade{
Domain: "10minutemail.com",
IpAddress: "162.159.250.16",
}
}
return fronted.NewDialer(fronted.Config{
Host: "fallbacks.getiantem.org",
Port: 443,
Masquerades: masquerades,
MaxMasquerades: maxMasquerades,
RootCAs: rootCAs,
OnDialStats: statsFunc,
})
}
// dialer creates a dialer for domain fronting and and balanced dialer that can
// be used to dial to arbitrary addresses.
func (s *FrontedServerInfo) dialer(masqueradeSets map[string][]*fronted.Masquerade) (fronted.Dialer, *balancer.Dialer) {
fd := fronted.NewDialer(fronted.Config{
Host: s.Host,
Port: s.Port,
PoolSize: s.PoolSize,
InsecureSkipVerify: s.InsecureSkipVerify,
BufferRequests: s.BufferRequests,
DialTimeoutMillis: s.DialTimeoutMillis,
RedialAttempts: s.RedialAttempts,
OnDial: withStats,
OnDialStats: s.onDialStats,
Masquerades: masqueradeSets[s.MasqueradeSet],
MaxMasquerades: s.MaxMasquerades,
RootCAs: globals.TrustedCAs,
})
var masqueradeQualifier string
if s.MasqueradeSet != "" {
masqueradeQualifier = fmt.Sprintf(" using masquerade set %s", s.MasqueradeSet)
}
var trusted string
if s.Trusted {
trusted = "(trusted) "
}
bal := &balancer.Dialer{
Label: fmt.Sprintf("%sfronted proxy at %s:%d%s", trusted, s.Host, s.Port, masqueradeQualifier),
Weight: s.Weight,
QOS: s.QOS,
Dial: fd.Dial,
Trusted: s.Trusted,
OnClose: func() {
if err := fd.Close(); err != nil {
log.Debugf("Unable to close fronted dialer: %q", err)
}
},
}
return fd, bal
}
// Wraps a fronted.Dialer with a balancer.Dialer.
func (s *frontedServer) dialer() *balancer.Dialer {
certPool, err := clientConfig.getTrustedCertPool()
if err != nil {
log.Fatalf("Could not get a pool of trusted CAs.")
}
fd := fronted.NewDialer(fronted.Config{
Host: s.Host,
Port: s.Port,
Masquerades: clientConfig.Client.MasqueradeSets[s.MasqueradeSet],
InsecureSkipVerify: s.InsecureSkipVerify,
BufferRequests: defaultBufferRequest,
DialTimeoutMillis: s.DialTimeoutMillis,
RedialAttempts: s.RedialAttempts,
RootCAs: certPool,
})
masqueradeQualifier := ""
if s.MasqueradeSet != "" {
masqueradeQualifier = fmt.Sprintf(" using masquerade set %s", s.MasqueradeSet)
}
return &balancer.Dialer{
Label: fmt.Sprintf("fronted proxy at %s:%d%s", s.Host, s.Port, masqueradeQualifier),
Weight: s.Weight,
QOS: s.QOS,
Dial: fd.Dial,
OnClose: func() {
err := fd.Close()
if err != nil {
log.Printf("Unable to close fronted dialer: %s", err)
}
},
}
}