refactor: remove unused stream SSL dead code

2026-06-03 17:41:14 +08:00 · 2026-06-03 17:41:14 +08:00 · a3bc453fbf
commit a3bc453fbf
parent a919369ca4
2 changed files with 0 additions and 235 deletions
--- a/internal/stream/ssl.go
+++ b/internal/stream/ssl.go
@ -1,40 +0,0 @@
 // Package stream 提供 TCP/UDP Stream 代理功能。
 //
 // 该文件实现 Stream 模块的 SSL/TLS 支持，包括：
 //   - 服务端 TLS 终端
 //   - 客户端 TLS 连接（上游 SSL）
 //   - 证书加载和配置
 //   - mTLS 客户端证书验证
 //
 // 作者：xfy
 package stream
 import (
 	"crypto/tls"
 	"crypto/x509"
 	"sync"
 	"rua.plus/lolly/internal/config"
 )
 // SSLManager 管理 Stream SSL/TLS 配置。
 //
 // 负责加载证书、配置 TLS 连接，支持服务端和客户端两种模式。
 type SSLManager struct {
 	cert         tls.Certificate
 	clientCAPool *x509.CertPool
 	config       config.StreamSSLConfig
 	mu           sync.RWMutex
 }
 // ProxySSLManager 管理上游 SSL 连接。
 //
 // 负责创建到上游服务器的 TLS 连接，支持证书验证和客户端证书。
 type ProxySSLManager struct {
 	cert       tls.Certificate
 	rootCAPool *x509.CertPool
 	config     config.StreamProxySSLConfig
 	mu         sync.RWMutex
 }
--- a/internal/stream/ssl_test.go
+++ b/internal/stream/ssl_test.go
@ -1,195 +0,0 @@
 // Package stream 提供 TCP/UDP Stream 代理功能。
 //
 // 该文件包含 Stream SSL/TLS 支持的单元测试。
 //
 // 作者：xfy
 package stream
 import (
 	"crypto/rand"
 	"crypto/rsa"
 	"crypto/tls"
 	"crypto/x509"
 	"encoding/pem"
 	"math/big"
 	"os"
 	"path/filepath"
 	"testing"
 	"time"
 	"rua.plus/lolly/internal/sslutil"
 )
 // generateTestCertificate 生成测试用的自签名证书
 func generateTestCertificate(t *testing.T, certFile, keyFile string) {
 	t.Helper()
 	// 创建证书模板
 	template := &x509.Certificate{
 		SerialNumber:          big.NewInt(1),
 		NotBefore:             time.Now(),
 		NotAfter:              time.Now().Add(24 * time.Hour),
 		KeyUsage:              x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature,
 		ExtKeyUsage:           []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
 		BasicConstraintsValid: true,
 		DNSNames:              []string{"localhost"},
 	}
 	// 生成私钥和证书
 	key, err := rsa.GenerateKey(rand.Reader, 2048)
 	if err != nil {
 		t.Fatalf("Failed to generate key: %v", err)
 	}
 	certDER, err := x509.CreateCertificate(rand.Reader, template, template, &key.PublicKey, key)
 	if err != nil {
 		t.Fatalf("Failed to create certificate: %v", err)
 	}
 	// 写入证书文件
 	certOut, err := os.Create(certFile)
 	if err != nil {
 		t.Fatalf("Failed to create cert file: %v", err)
 	}
 	defer func() { _ = certOut.Close() }()
 	if err := pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: certDER}); err != nil {
 		t.Fatalf("Failed to encode certificate: %v", err)
 	}
 	// 写入私钥文件
 	keyOut, err := os.Create(keyFile)
 	if err != nil {
 		t.Fatalf("Failed to create key file: %v", err)
 	}
 	defer func() { _ = keyOut.Close() }()
 	if err := pem.Encode(keyOut, &pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(key)}); err != nil {
 		t.Fatalf("Failed to encode key: %v", err)
 	}
 }
 func TestParseMinTLSVersion(t *testing.T) {
 	tests := []struct {
 		protocols   []string
 		wantVersion uint16
 	}{
 		{[]string{"TLSv1.3"}, tls.VersionTLS13},
 		{[]string{"TLSv1.2"}, tls.VersionTLS12},
 		{[]string{"TLSv1.2", "TLSv1.3"}, tls.VersionTLS12},
 		{[]string{}, tls.VersionTLS12},
 		{[]string{"Unknown"}, tls.VersionTLS12},
 	}
 	for _, tt := range tests {
 		got := sslutil.ParseMinTLSVersion(tt.protocols)
 		if got != tt.wantVersion {
 			t.Errorf("parseMinTLSVersion(%v) = %v, want %v", tt.protocols, got, tt.wantVersion)
 		}
 	}
 }
 func TestParseCipherSuites(t *testing.T) {
 	tests := []struct {
 		name    string
 		ciphers []string
 		wantLen int
 	}{
 		{
 			name:    "valid ciphers",
 			ciphers: []string{"ECDHE-RSA-AES128-GCM-SHA256", "ECDHE-RSA-AES256-GCM-SHA384"},
 			wantLen: 2,
 		},
 		{
 			name:    "empty ciphers",
 			ciphers: []string{},
 			wantLen: 0, // returns nil for empty
 		},
 		{
 			name:    "unknown ciphers",
 			ciphers: []string{"UNKNOWN-CIPHER"},
 			wantLen: 0, // returns nil for no valid ciphers
 		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			got := sslutil.ParseCipherSuitesLenient(tt.ciphers)
 			if tt.wantLen == 0 && got != nil {
 				t.Errorf("Expected nil, got %v", got)
 			} else if tt.wantLen > 0 && len(got) != tt.wantLen {
 				t.Errorf("Expected %d ciphers, got %d", tt.wantLen, len(got))
 			}
 		})
 	}
 }
 func TestLoadCertPool(t *testing.T) {
 	t.Run("valid cert", func(t *testing.T) {
 		tempDir := t.TempDir()
 		certFile := filepath.Join(tempDir, "ca.crt")
 		// 创建证书
 		template := &x509.Certificate{
 			SerialNumber: big.NewInt(1),
 			NotBefore:    time.Now(),
 			NotAfter:     time.Now().Add(24 * time.Hour),
 			IsCA:         true,
 			KeyUsage:     x509.KeyUsageCertSign,
 		}
 		key, _ := rsa.GenerateKey(rand.Reader, 2048)
 		certDER, _ := x509.CreateCertificate(rand.Reader, template, template, &key.PublicKey, key)
 		certOut, err := os.Create(certFile)
 		if err != nil {
 			t.Fatalf("Failed to create cert file: %v", err)
 		}
 		defer func() { _ = certOut.Close() }()
 		if err := pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: certDER}); err != nil {
 			t.Fatalf("Failed to encode certificate: %v", err)
 		}
 		pool, err := sslutil.LoadCertPool(certFile, "test")
 		if err != nil {
 			t.Fatalf("loadCertPool failed: %v", err)
 		}
 		if pool == nil {
 			t.Error("Expected non-nil pool")
 		}
 	})
 	t.Run("invalid path", func(t *testing.T) {
 		_, err := sslutil.LoadCertPool("/nonexistent/cert.pem", "test")
 		if err == nil {
 			t.Error("Expected error for nonexistent file")
 		}
 	})
 	t.Run("invalid content", func(t *testing.T) {
 		tempDir := t.TempDir()
 		certFile := filepath.Join(tempDir, "invalid.crt")
 		if err := os.WriteFile(certFile, []byte("not a certificate"), 0o644); err != nil {
 			t.Fatalf("写入无效证书文件失败: %v", err)
 		}
 		_, err := sslutil.LoadCertPool(certFile, "test")
 		if err == nil {
 			t.Error("Expected error for invalid certificate content")
 		}
 	})
 }