From 3f0fca0034eb8e05e68925305569e00d090a511f Mon Sep 17 00:00:00 2001 From: funa-tk <1781263+funa-tk@users.noreply.github.com> Date: Sat, 28 Mar 2020 00:26:24 +0900 Subject: [PATCH] [fix] HTTP2 can't work on SSL_FORWARDER connection --- .../java/core/packetproxy/ProxyFactory.java | 11 +-- .../core/packetproxy/ProxySSLForward.java | 96 +++++++++++++++++++ 2 files changed, 100 insertions(+), 7 deletions(-) create mode 100644 src/main/java/core/packetproxy/ProxySSLForward.java diff --git a/src/main/java/core/packetproxy/ProxyFactory.java b/src/main/java/core/packetproxy/ProxyFactory.java index 7c28136..68eb19c 100644 --- a/src/main/java/core/packetproxy/ProxyFactory.java +++ b/src/main/java/core/packetproxy/ProxyFactory.java @@ -32,12 +32,9 @@ public static Proxy create(ListenPort listen_info) throws Exception { proxy = new ProxyHttp(listen_socket, listen_info); } else if (listen_info.getType() == ListenPort.TYPE.SSL_FORWARDER) { - String commonName = listen_info.getServer().getIp(); - if (listen_info.getCA().isPresent()) { - CA ca = listen_info.getCA().get(); - ServerSocket listen_socket = Https.createServerSSLSocket(listen_info.getPort(), commonName, ca); - proxy = new ProxyForward(listen_socket, listen_info); - } + PacketProxyUtility.getInstance().packetProxyLog("type is SSL_FORWARDER"); + ServerSocket listen_socket = new ServerSocket(listen_info.getPort()); + proxy = new ProxySSLForward(listen_socket, listen_info); } else if (listen_info.getType() == ListenPort.TYPE.HTTP_TRANSPARENT_PROXY) { PacketProxyUtility.getInstance().packetProxyLog("type is HTTP_TRANSPARENT_PROXY"); @@ -52,7 +49,7 @@ public static Proxy create(ListenPort listen_info) throws Exception { } else if (listen_info.getType() == ListenPort.TYPE.UDP_FORWARDER) { proxy = new ProxyUDPForward(listen_info); - } else { + } else { /* FORWARDER */ ServerSocket listen_socket = new ServerSocket(listen_info.getPort()); listen_socket.setReuseAddress(true); proxy = new ProxyForward(listen_socket, listen_info); diff --git a/src/main/java/core/packetproxy/ProxySSLForward.java b/src/main/java/core/packetproxy/ProxySSLForward.java new file mode 100644 index 0000000..10ac3f5 --- /dev/null +++ b/src/main/java/core/packetproxy/ProxySSLForward.java @@ -0,0 +1,96 @@ +/* + * Copyright 2019 DeNA Co., Ltd. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package packetproxy; + +import java.net.InetSocketAddress; +import java.net.ServerSocket; +import java.net.Socket; +import java.util.ArrayList; +import java.util.List; + +import packetproxy.common.EndpointFactory; +import packetproxy.common.SSLSocketEndpoint; +import packetproxy.encode.EncodeHTTPBase; +import packetproxy.encode.Encoder; +import packetproxy.model.ListenPort; +import packetproxy.model.Server; +import packetproxy.util.PacketProxyUtility; + +public class ProxySSLForward extends Proxy +{ + private ListenPort listen_info; + private ServerSocket listen_socket; + + public ProxySSLForward(ServerSocket listen_socket, ListenPort listen_info) { + this.listen_socket = listen_socket; + this.listen_info = listen_info; + } + + @Override + public void run() { + List clients = new ArrayList(); + while (!listen_socket.isClosed()) { + try { + Socket client = listen_socket.accept(); + clients.add(client); + PacketProxyUtility.getInstance().packetProxyLog("[SSLForward] accept"); + checkSSLForward(client); + } catch (Exception e) { + e.printStackTrace(); + } + } + for(Socket sc : clients) { + try { + sc.close(); + } catch (Exception e) { + e.printStackTrace(); + } + } + } + + private void checkSSLForward(Socket client) throws Exception { + InetSocketAddress serverAddr = listen_info.getServer().getAddress(); + SSLSocketEndpoint[] eps = EndpointFactory.createBothSideSSLEndpoints(client, null, serverAddr, null, listen_info.getServer().getIp(), listen_info.getCA().get()); + createConnection(eps[0], eps[1], listen_info.getServer()); + } + + public void createConnection(SSLSocketEndpoint client_e, SSLSocketEndpoint server_e, Server server) throws Exception { + DuplexAsync duplex = null; + String alpn = client_e.getApplicationProtocol(); + if (server == null) { + if (alpn.equals("h2") || alpn.equals("http/1.1") || alpn.equals("http/1.0")) { + duplex = DuplexFactory.createDuplexAsync(client_e, server_e, "HTTP", alpn); + } else { + duplex = DuplexFactory.createDuplexAsync(client_e, server_e, "Sample", alpn); + } + } else { + if (alpn == null || alpn.length() == 0) { + Encoder encoder = EncoderManager.getInstance().createInstance(server.getEncoder(), ""); + if (encoder instanceof EncodeHTTPBase) { + /* The client does not support ALPN. It seems to be an old HTTP client */ + alpn = "http/1.1"; + } + } + duplex = DuplexFactory.createDuplexAsync(client_e, server_e, server.getEncoder(), alpn); + } + duplex.start(); + DuplexManager.getInstance().registerDuplex(duplex); + } + + public void close() throws Exception { + listen_socket.close(); + } +}