2018-06-28 20:45:24 +08:00
|
|
|
package tls
|
|
|
|
|
|
|
|
|
|
import (
|
2018-08-12 12:37:25 +08:00
|
|
|
stdtls "crypto/tls"
|
|
|
|
|
"errors"
|
|
|
|
|
"net"
|
2018-06-28 20:45:24 +08:00
|
|
|
"net/url"
|
|
|
|
|
"strings"
|
|
|
|
|
|
2020-10-01 22:49:14 +08:00
|
|
|
"github.com/nadoo/glider/log"
|
2018-08-12 12:37:25 +08:00
|
|
|
"github.com/nadoo/glider/proxy"
|
2018-06-28 20:45:24 +08:00
|
|
|
)
|
|
|
|
|
|
2019-09-18 22:08:48 +08:00
|
|
|
// TLS struct.
|
2018-06-28 20:45:24 +08:00
|
|
|
type TLS struct {
|
2018-08-12 12:37:25 +08:00
|
|
|
dialer proxy.Dialer
|
2019-09-18 19:40:14 +08:00
|
|
|
proxy proxy.Proxy
|
2018-08-12 12:37:25 +08:00
|
|
|
addr string
|
2018-06-28 20:45:24 +08:00
|
|
|
|
2018-11-25 15:41:47 +08:00
|
|
|
tlsConfig *stdtls.Config
|
|
|
|
|
|
2018-06-28 20:45:24 +08:00
|
|
|
serverName string
|
2018-07-04 16:55:45 +08:00
|
|
|
skipVerify bool
|
2018-10-29 16:18:51 +08:00
|
|
|
|
|
|
|
|
certFile string
|
|
|
|
|
keyFile string
|
2018-11-25 15:41:47 +08:00
|
|
|
cert stdtls.Certificate
|
2018-10-29 16:18:51 +08:00
|
|
|
|
2018-11-25 13:18:15 +08:00
|
|
|
server proxy.Server
|
2018-06-28 20:45:24 +08:00
|
|
|
}
|
|
|
|
|
|
2018-08-12 12:37:25 +08:00
|
|
|
func init() {
|
|
|
|
|
proxy.RegisterDialer("tls", NewTLSDialer)
|
2018-11-25 13:18:15 +08:00
|
|
|
proxy.RegisterServer("tls", NewTLSServer)
|
2018-08-12 12:37:25 +08:00
|
|
|
}
|
|
|
|
|
|
2019-09-18 22:08:48 +08:00
|
|
|
// NewTLS returns a tls proxy struct.
|
2019-09-18 19:40:14 +08:00
|
|
|
func NewTLS(s string, d proxy.Dialer, p proxy.Proxy) (*TLS, error) {
|
2018-06-28 20:45:24 +08:00
|
|
|
u, err := url.Parse(s)
|
|
|
|
|
if err != nil {
|
|
|
|
|
log.F("parse url err: %s", err)
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
addr := u.Host
|
2019-09-20 13:58:53 +08:00
|
|
|
|
2018-06-28 20:45:24 +08:00
|
|
|
colonPos := strings.LastIndex(addr, ":")
|
|
|
|
|
if colonPos == -1 {
|
|
|
|
|
colonPos = len(addr)
|
|
|
|
|
}
|
|
|
|
|
serverName := addr[:colonPos]
|
|
|
|
|
|
2018-11-25 13:18:15 +08:00
|
|
|
query := u.Query()
|
|
|
|
|
skipVerify := query.Get("skipVerify")
|
|
|
|
|
certFile := query.Get("cert")
|
|
|
|
|
keyFile := query.Get("key")
|
|
|
|
|
|
2020-07-14 18:35:48 +08:00
|
|
|
if customServer := query.Get("serverName"); customServer != "" {
|
|
|
|
|
serverName = customServer
|
|
|
|
|
}
|
|
|
|
|
|
2019-09-18 19:40:14 +08:00
|
|
|
t := &TLS{
|
|
|
|
|
dialer: d,
|
|
|
|
|
proxy: p,
|
2019-09-20 13:58:53 +08:00
|
|
|
addr: addr,
|
2018-06-28 20:45:24 +08:00
|
|
|
serverName: serverName,
|
2018-07-04 16:55:45 +08:00
|
|
|
skipVerify: false,
|
2018-11-25 13:18:15 +08:00
|
|
|
certFile: certFile,
|
|
|
|
|
keyFile: keyFile,
|
2018-07-04 16:55:45 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if skipVerify == "true" {
|
2019-09-18 19:40:14 +08:00
|
|
|
t.skipVerify = true
|
2018-06-28 20:45:24 +08:00
|
|
|
}
|
|
|
|
|
|
2019-09-18 19:40:14 +08:00
|
|
|
return t, nil
|
2018-06-28 20:45:24 +08:00
|
|
|
}
|
2018-08-12 12:37:25 +08:00
|
|
|
|
2019-09-18 22:08:48 +08:00
|
|
|
// NewTLSDialer returns a tls proxy dialer.
|
2019-09-18 19:40:14 +08:00
|
|
|
func NewTLSDialer(s string, d proxy.Dialer) (proxy.Dialer, error) {
|
|
|
|
|
p, err := NewTLS(s, d, nil)
|
2018-11-25 15:41:47 +08:00
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
p.tlsConfig = &stdtls.Config{
|
|
|
|
|
ServerName: p.serverName,
|
|
|
|
|
InsecureSkipVerify: p.skipVerify,
|
|
|
|
|
ClientSessionCache: stdtls.NewLRUClientSessionCache(64),
|
|
|
|
|
MinVersion: stdtls.VersionTLS10,
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return p, err
|
2018-11-25 13:18:15 +08:00
|
|
|
}
|
|
|
|
|
|
2019-09-18 22:08:48 +08:00
|
|
|
// NewTLSServer returns a tls transport layer before the real server.
|
2019-09-18 19:40:14 +08:00
|
|
|
func NewTLSServer(s string, p proxy.Proxy) (proxy.Server, error) {
|
2018-10-29 16:18:51 +08:00
|
|
|
transport := strings.Split(s, ",")
|
|
|
|
|
|
|
|
|
|
// prepare transport listener
|
2018-11-25 13:18:15 +08:00
|
|
|
// TODO: check here
|
|
|
|
|
if len(transport) < 2 {
|
2018-11-25 22:21:23 +08:00
|
|
|
return nil, errors.New("[tls] malformd listener:" + s)
|
2018-10-29 16:18:51 +08:00
|
|
|
}
|
|
|
|
|
|
2019-09-18 19:40:14 +08:00
|
|
|
t, err := NewTLS(transport[0], nil, p)
|
2018-10-29 16:18:51 +08:00
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
|
2019-09-18 19:40:14 +08:00
|
|
|
cert, err := stdtls.LoadX509KeyPair(t.certFile, t.keyFile)
|
2018-11-25 13:18:15 +08:00
|
|
|
if err != nil {
|
2019-09-18 19:40:14 +08:00
|
|
|
log.F("[tls] unable to load cert: %s, key %s", t.certFile, t.keyFile)
|
2018-11-25 15:41:47 +08:00
|
|
|
return nil, err
|
2018-11-25 13:18:15 +08:00
|
|
|
}
|
2018-10-29 16:18:51 +08:00
|
|
|
|
2019-09-18 19:40:14 +08:00
|
|
|
t.tlsConfig = &stdtls.Config{
|
2018-11-25 13:18:15 +08:00
|
|
|
Certificates: []stdtls.Certificate{cert},
|
2020-09-03 00:12:00 +08:00
|
|
|
MinVersion: stdtls.VersionTLS12,
|
2018-10-29 16:18:51 +08:00
|
|
|
}
|
|
|
|
|
|
2019-09-18 19:40:14 +08:00
|
|
|
t.server, err = proxy.ServerFromURL(transport[1], p)
|
2018-11-25 17:56:59 +08:00
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
2018-11-25 15:41:47 +08:00
|
|
|
|
2019-09-18 19:40:14 +08:00
|
|
|
return t, nil
|
2018-11-25 15:41:47 +08:00
|
|
|
}
|
|
|
|
|
|
2019-09-18 22:08:48 +08:00
|
|
|
// ListenAndServe listens on server's addr and serves connections.
|
2018-11-25 15:41:47 +08:00
|
|
|
func (s *TLS) ListenAndServe() {
|
|
|
|
|
l, err := net.Listen("tcp", s.addr)
|
2018-10-29 16:18:51 +08:00
|
|
|
if err != nil {
|
2018-11-25 17:56:59 +08:00
|
|
|
log.F("[tls] failed to listen on %s: %v", s.addr, err)
|
2018-10-29 16:18:51 +08:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
defer l.Close()
|
|
|
|
|
|
2018-11-25 13:18:15 +08:00
|
|
|
log.F("[tls] listening TCP on %s with TLS", s.addr)
|
2018-10-29 16:18:51 +08:00
|
|
|
|
|
|
|
|
for {
|
|
|
|
|
c, err := l.Accept()
|
|
|
|
|
if err != nil {
|
2018-11-25 13:18:15 +08:00
|
|
|
log.F("[tls] failed to accept: %v", err)
|
2018-10-29 16:18:51 +08:00
|
|
|
continue
|
|
|
|
|
}
|
|
|
|
|
|
2018-11-25 13:18:15 +08:00
|
|
|
go s.Serve(c)
|
2018-10-29 16:18:51 +08:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2019-09-18 22:08:48 +08:00
|
|
|
// Serve serves a connection.
|
2018-11-25 13:18:15 +08:00
|
|
|
func (s *TLS) Serve(c net.Conn) {
|
2018-11-27 23:25:20 +08:00
|
|
|
// we know the internal server will close the connection after serve
|
|
|
|
|
// defer c.Close()
|
|
|
|
|
|
2018-11-25 15:41:47 +08:00
|
|
|
if s.server != nil {
|
|
|
|
|
cc := stdtls.Server(c, s.tlsConfig)
|
|
|
|
|
s.server.Serve(cc)
|
|
|
|
|
}
|
2018-08-12 12:37:25 +08:00
|
|
|
}
|
|
|
|
|
|
2019-09-18 22:08:48 +08:00
|
|
|
// Addr returns forwarder's address.
|
|
|
|
|
func (s *TLS) Addr() string {
|
|
|
|
|
if s.addr == "" {
|
|
|
|
|
return s.dialer.Addr()
|
|
|
|
|
}
|
|
|
|
|
return s.addr
|
|
|
|
|
}
|
2018-08-12 12:37:25 +08:00
|
|
|
|
2019-09-18 22:08:48 +08:00
|
|
|
// Dial connects to the address addr on the network net via the proxy.
|
2019-09-18 19:40:14 +08:00
|
|
|
func (s *TLS) Dial(network, addr string) (net.Conn, error) {
|
|
|
|
|
cc, err := s.dialer.Dial("tcp", s.addr)
|
2018-08-12 12:37:25 +08:00
|
|
|
if err != nil {
|
|
|
|
|
log.F("[tls] dial to %s error: %s", s.addr, err)
|
2019-09-18 19:40:14 +08:00
|
|
|
return nil, err
|
2018-08-12 12:37:25 +08:00
|
|
|
}
|
|
|
|
|
|
2018-11-25 15:41:47 +08:00
|
|
|
c := stdtls.Client(cc, s.tlsConfig)
|
2018-08-12 12:37:25 +08:00
|
|
|
err = c.Handshake()
|
2019-09-18 19:40:14 +08:00
|
|
|
return c, err
|
2018-08-12 12:37:25 +08:00
|
|
|
}
|
|
|
|
|
|
2019-09-18 22:08:48 +08:00
|
|
|
// DialUDP connects to the given address via the proxy.
|
2018-08-12 12:37:25 +08:00
|
|
|
func (s *TLS) DialUDP(network, addr string) (net.PacketConn, net.Addr, error) {
|
|
|
|
|
return nil, nil, errors.New("tls client does not support udp now")
|
|
|
|
|
}
|
