Eclipse
/
jetty.project
mirror of https://github.com/jetty/jetty.project.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Initial implementation for #7091 - SOCKS5 support.

This commit is contained in:
huisongma 2023-04-11 08:37:14 +08:00 committed by Simone Bordet
parent 6a0752384f
commit 28cd6d8ada
No known key found for this signature in database
GPG Key ID: 1677D141BCF3584D
3 changed files with 1430 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

152
jetty-client/src/main/java/org/eclipse/jetty/client/Socks5.java Normal file
View File

@ -0,0 +1,152 @@
//
// ========================================================================
// Copyright (c) 1995 Mort Bay Consulting Pty Ltd and others.
//
// This program and the accompanying materials are made available under the
// terms of the Eclipse Public License v. 2.0 which is available at
// https://www.eclipse.org/legal/epl-2.0, or the Apache License, Version 2.0
// which is available at https://www.apache.org/licenses/LICENSE-2.0.
//
// SPDX-License-Identifier: EPL-2.0 OR Apache-2.0
// ========================================================================
//
package org.eclipse.jetty.client;
import java.nio.ByteBuffer;
import java.nio.charset.StandardCharsets;
public class Socks5
{
public enum RequestStage
{
INIT,
AUTH,
CONNECTING
}
public enum ResponseStage
{
INIT,
AUTH,
CONNECTING,
CONNECTED_IPV4,
CONNECTED_DOMAIN_NAME,
CONNECTED_IPV6,
READ_REPLY_VARIABLE
}
public interface SockConst
{
byte VER = 0x05;
byte USER_PASS_VER = 0x01;
byte RSV = 0x00;
byte SUCCEEDED = 0x00;
byte AUTH_FAILED = 0x01;
}
public interface AuthType
{
byte NO_AUTH = 0x00;
byte USER_PASS = 0x02;
byte NO_ACCEPTABLE = -1;
}
public interface Command
{
byte CONNECT = 0x01;
byte BIND = 0x02;
byte UDP = 0x03;
}
public interface Reply
{
byte GENERAL = 0x01;
byte RULE_BAN = 0x02;
byte NETWORK_UNREACHABLE = 0x03;
byte HOST_UNREACHABLE = 0x04;
byte CONNECT_REFUSE = 0x05;
byte TTL_TIMEOUT = 0x06;
byte CMD_UNSUPPORTED = 0x07;
byte ATYPE_UNSUPPORTED = 0x08;
}
public interface AddrType
{
byte IPV4 = 0x01;
byte DOMAIN_NAME = 0x03;
byte IPV6 = 0x04;
}
public interface Authentication
{
/**
* get supported authentication type
* @see AuthType
* @return
*/
byte getAuthType();
/**
* write authorize command
* @return
*/
ByteBuffer authorize();
}
public static class NoAuthentication implements Authentication
{
@Override
public byte getAuthType()
{
return AuthType.NO_AUTH;
}
@Override
public ByteBuffer authorize()
{
throw new UnsupportedOperationException("authorize error");
}
}
public static class UsernamePasswordAuthentication implements Authentication
{
private String username;
private String password;
public UsernamePasswordAuthentication(String username, String password)
{
this.username = username;
this.password = password;
}
@Override
public byte getAuthType()
{
return AuthType.USER_PASS;
}
@Override
public ByteBuffer authorize()
{
byte uLen = (byte)username.length();
byte pLen = (byte)(password == null ? 0 : password.length());
ByteBuffer userPass = ByteBuffer.allocate(3 + uLen + pLen);
userPass.put(SockConst.USER_PASS_VER)
.put(uLen)
.put(username.getBytes(StandardCharsets.UTF_8))
.put(pLen);
if (password != null)
{
userPass.put(password.getBytes(StandardCharsets.UTF_8));
}
userPass.flip();
return userPass;
}
}
}

459
jetty-client/src/main/java/org/eclipse/jetty/client/Socks5Proxy.java Normal file
View File

@ -0,0 +1,459 @@
//
// ========================================================================
// Copyright (c) 1995 Mort Bay Consulting Pty Ltd and others.
//
// This program and the accompanying materials are made available under the
// terms of the Eclipse Public License v. 2.0 which is available at
// https://www.eclipse.org/legal/epl-2.0, or the Apache License, Version 2.0
// which is available at https://www.apache.org/licenses/LICENSE-2.0.
//
// SPDX-License-Identifier: EPL-2.0 OR Apache-2.0
// ========================================================================
//
package org.eclipse.jetty.client;
import java.net.InetSocketAddress;
import java.net.SocketException;
import java.nio.ByteBuffer;
import java.nio.charset.StandardCharsets;
import java.util.LinkedHashMap;
import java.util.Map;
import java.util.concurrent.Executor;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.eclipse.jetty.client.ProxyConfiguration.Proxy;
import org.eclipse.jetty.client.Socks5.AddrType;
import org.eclipse.jetty.client.Socks5.AuthType;
import org.eclipse.jetty.client.Socks5.Authentication;
import org.eclipse.jetty.client.Socks5.Command;
import org.eclipse.jetty.client.Socks5.NoAuthentication;
import org.eclipse.jetty.client.Socks5.Reply;
import org.eclipse.jetty.client.Socks5.RequestStage;
import org.eclipse.jetty.client.Socks5.ResponseStage;
import org.eclipse.jetty.client.Socks5.SockConst;
import org.eclipse.jetty.client.api.Connection;
import org.eclipse.jetty.io.AbstractConnection;
import org.eclipse.jetty.io.ClientConnectionFactory;
import org.eclipse.jetty.io.ClientConnector;
import org.eclipse.jetty.io.EndPoint;
import org.eclipse.jetty.util.BufferUtil;
import org.eclipse.jetty.util.Callback;
import org.eclipse.jetty.util.Promise;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
public class Socks5Proxy extends Proxy
{
private static final int MAX_AUTHRATIONS = 255;
private static final Logger LOG = LoggerFactory.getLogger(Socks5Proxy.class);
private LinkedHashMap<Byte, Authentication> authorizations = new LinkedHashMap<>();
public Socks5Proxy(String host, int port)
{
this(new Origin.Address(host, port), false);
}
public Socks5Proxy(Origin.Address address, boolean secure)
{
super(address, secure, null, null);
// default support no_auth
addAuthentication(new NoAuthentication());
}
public Socks5Proxy addAuthentication(Authentication authentication)
{
if (authorizations.size() >= MAX_AUTHRATIONS)
{
throw new IllegalArgumentException("too much authentications");
}
authorizations.put(authentication.getAuthType(), authentication);
return this;
}
/**
* remove authorization by type
* @see AuthType
* @param type authorization type
*/
public Socks5Proxy removeAuthentication(byte type)
{
authorizations.remove(type);
return this;
}
@Override
public ClientConnectionFactory newClientConnectionFactory(ClientConnectionFactory connectionFactory)
{
return new Socks5ProxyClientConnectionFactory(connectionFactory, authorizations);
}
@Override
public boolean matches(Origin origin)
{
return true;
}
private static class Socks5ProxyConnection extends AbstractConnection implements Callback
{
private static final Pattern IPv4_PATTERN = Pattern.compile("(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})");
private final ClientConnectionFactory connectionFactory;
private final Map<String, Object> context;
private LinkedHashMap<Byte, Authentication> authorizations;
private Authentication selectedAuthentication;
private RequestStage requestStage = RequestStage.INIT;
private ResponseStage responseStage = null;
private int variableLen;
public Socks5ProxyConnection(EndPoint endPoint, Executor executor, ClientConnectionFactory connectionFactory, Map<String, Object> context)
{
super(endPoint, executor);
this.connectionFactory = connectionFactory;
this.context = context;
}
public void onOpen()
{
super.onOpen();
this.writeHandshakeCmd();
}
private void writeHandshakeCmd()
{
switch (requestStage)
{
case INIT:
// write supported authorizations
int authLen = authorizations.size();
ByteBuffer init = ByteBuffer.allocate(2 + authLen);
init.put(SockConst.VER).put((byte)authLen);
for (byte type : authorizations.keySet())
{
init.put(type);
}
init.flip();
setResponseStage(ResponseStage.INIT);
this.getEndPoint().write(this, init);
break;
case AUTH:
ByteBuffer auth = selectedAuthentication.authorize();
setResponseStage(ResponseStage.AUTH);
this.getEndPoint().write(this, auth);
break;
case CONNECTING:
HttpDestination destination = (HttpDestination)this.context.get(HttpClientTransport.HTTP_DESTINATION_CONTEXT_KEY);
String host = destination.getHost();
short port = (short)destination.getPort();
setResponseStage(ResponseStage.CONNECTING);
Matcher matcher = IPv4_PATTERN.matcher(host);
if (matcher.matches())
{
// ip
ByteBuffer buffer = ByteBuffer.allocate(10);
buffer.put(SockConst.VER)
.put(Command.CONNECT)
.put(SockConst.RSV)
.put(AddrType.IPV4);
for (int i = 1; i <= 4; ++i)
{
buffer.put((byte)Integer.parseInt(matcher.group(i)));
}
buffer.putShort(port);
buffer.flip();
this.getEndPoint().write(this, buffer);
}
else
{
// domain
byte[] hostBytes = host.getBytes(StandardCharsets.UTF_8);
ByteBuffer buffer = ByteBuffer.allocate(7 + hostBytes.length);
buffer.put(SockConst.VER)
.put(Command.CONNECT)
.put(SockConst.RSV)
.put(AddrType.DOMAIN_NAME);
buffer.put((byte)hostBytes.length)
.put(hostBytes)
.putShort(port);
buffer.flip();
this.getEndPoint().write(this, buffer);
}
break;
}
}
public void succeeded()
{
if (LOG.isDebugEnabled())
{
LOG.debug("Written SOCKS5 handshake request");
}
this.fillInterested();
}
public void failed(Throwable x)
{
this.close();
@SuppressWarnings("unchecked")
Promise<Connection> promise = (Promise<Connection>)this.context.get(HttpClientTransport.HTTP_CONNECTION_PROMISE_CONTEXT_KEY);
promise.failed(x);
}
public void onFillable()
{
try
{
Socks5Parser parser = new Socks5Parser();
ByteBuffer buffer;
do
{
buffer = BufferUtil.allocate(parser.expected());
int filled = this.getEndPoint().fill(buffer);
if (LOG.isDebugEnabled())
{
LOG.debug("Read SOCKS5 connect response, {} bytes", (long)filled);
}
if (filled < 0)
{
throw new SocketException("SOCKS5 tunnel failed, connection closed");
}
if (filled == 0)
{
this.fillInterested();
return;
}
}
while (!parser.parse(buffer));
}
catch (Exception e)
{
this.failed(e);
}
}
private void onSocks5Response(byte[] bs) throws SocketException
{
switch (responseStage)
{
case INIT:
if (bs[0] != SockConst.VER)
{
throw new SocketException("SOCKS5 tunnel failed with err VER " + bs[0]);
}
if (bs[1] == AuthType.NO_AUTH)
{
requestStage = RequestStage.CONNECTING;
writeHandshakeCmd();
}
else if (bs[1] == AuthType.NO_ACCEPTABLE)
{
throw new SocketException("SOCKS : No acceptable methods");
}
else
{
selectedAuthentication = authorizations.get(bs[1]);
if (selectedAuthentication == null)
{
throw new SocketException("SOCKS5 tunnel failed with unknown auth type");
}
requestStage = RequestStage.AUTH;
writeHandshakeCmd();
}
break;
case AUTH:
if (bs[0] != SockConst.USER_PASS_VER)
{
throw new SocketException("SOCKS5 tunnel failed with err UserPassVer " + bs[0]);
}
if (bs[1] != SockConst.SUCCEEDED)
{
throw new SocketException("SOCKS : authentication failed");
}
// authorization successful
requestStage = RequestStage.CONNECTING;
writeHandshakeCmd();
break;
case CONNECTING:
if (bs[0] != SockConst.VER)
{
throw new SocketException("SOCKS5 tunnel failed with err VER " + bs[0]);
}
switch (bs[1])
{
case SockConst.SUCCEEDED:
switch (bs[3])
{
case AddrType.IPV4:
setResponseStage(ResponseStage.CONNECTED_IPV4);
fillInterested();
break;
case AddrType.DOMAIN_NAME:
setResponseStage(ResponseStage.CONNECTED_DOMAIN_NAME);
fillInterested();
break;
case AddrType.IPV6:
setResponseStage(ResponseStage.CONNECTED_IPV6);
fillInterested();
break;
default:
throw new SocketException("SOCKS: unknown addr type " + bs[3]);
}
break;
case Reply.GENERAL:
throw new SocketException("SOCKS server general failure");
case Reply.RULE_BAN:
throw new SocketException("SOCKS: Connection not allowed by ruleset");
case Reply.NETWORK_UNREACHABLE:
throw new SocketException("SOCKS: Network unreachable");
case Reply.HOST_UNREACHABLE:
throw new SocketException("SOCKS: Host unreachable");
case Reply.CONNECT_REFUSE:
throw new SocketException("SOCKS: Connection refused");
case Reply.TTL_TIMEOUT:
throw new SocketException("SOCKS: TTL expired");
case Reply.CMD_UNSUPPORTED:
throw new SocketException("SOCKS: Command not supported");
case Reply.ATYPE_UNSUPPORTED:
throw new SocketException("SOCKS: address type not supported");
default:
throw new SocketException("SOCKS: unknown code " + bs[1]);
}
break;
case CONNECTED_DOMAIN_NAME:
case CONNECTED_IPV6:
variableLen = 2 + bs[0];
setResponseStage(ResponseStage.READ_REPLY_VARIABLE);
fillInterested();
break;
case CONNECTED_IPV4:
case READ_REPLY_VARIABLE:
tunnel();
break;
default:
throw new SocketException("BAD SOCKS5 PROTOCOL");
}
}
private void tunnel()
{
try
{
HttpDestination destination = (HttpDestination)context.get(HttpClientTransport.HTTP_DESTINATION_CONTEXT_KEY);
// Don't want to do DNS resolution here.
InetSocketAddress address = InetSocketAddress.createUnresolved(destination.getHost(), destination.getPort());
context.put(ClientConnector.REMOTE_SOCKET_ADDRESS_CONTEXT_KEY, address);
ClientConnectionFactory connectionFactory = this.connectionFactory;
if (destination.isSecure())
{
connectionFactory = destination.newSslClientConnectionFactory(null, connectionFactory);
}
org.eclipse.jetty.io.Connection newConnection = connectionFactory.newConnection(getEndPoint(), context);
getEndPoint().upgrade(newConnection);
if (LOG.isDebugEnabled())
{
LOG.debug("SOCKS5 tunnel established: {} over {}", this, newConnection);
}
}
catch (Exception e)
{
this.failed(e);
}
}
void setResponseStage(ResponseStage responseStage)
{
LOG.debug("set responseStage to {}", responseStage);
this.responseStage = responseStage;
}
private class Socks5Parser
{
private final int expectedLength;
private final byte[] bs;
private int cursor;
private Socks5Parser()
{
switch (Socks5ProxyConnection.this.responseStage)
{
case INIT:
expectedLength = 2;
break;
case AUTH:
expectedLength = 2;
break;
case CONNECTING:
expectedLength = 4;
break;
case CONNECTED_IPV4:
expectedLength = 6;
break;
case CONNECTED_IPV6:
expectedLength = 1;
break;
case CONNECTED_DOMAIN_NAME:
expectedLength = 1;
break;
case READ_REPLY_VARIABLE:
expectedLength = Socks5ProxyConnection.this.variableLen;
break;
default:
expectedLength = 0;
break;
}
bs = new byte[expectedLength];
}
private boolean parse(ByteBuffer buffer) throws SocketException
{
while (buffer.hasRemaining())
{
byte current = buffer.get();
bs[cursor] = current;
++this.cursor;
if (this.cursor != expectedLength)
{
continue;
}
onSocks5Response(bs);
return true;
}
return false;
}
private int expected()
{
return expectedLength - this.cursor;
}
}
}
public static class Socks5ProxyClientConnectionFactory implements ClientConnectionFactory
{
private final ClientConnectionFactory connectionFactory;
private final LinkedHashMap<Byte, Authentication> authorizations;
public Socks5ProxyClientConnectionFactory(ClientConnectionFactory connectionFactory, LinkedHashMap<Byte, Authentication> authorizations)
{
this.connectionFactory = connectionFactory;
this.authorizations = authorizations;
}
public org.eclipse.jetty.io.Connection newConnection(EndPoint endPoint, Map<String, Object> context)
{
HttpDestination destination = (HttpDestination)context.get(HttpClientTransport.HTTP_DESTINATION_CONTEXT_KEY);
Executor executor = destination.getHttpClient().getExecutor();
Socks5ProxyConnection connection = new Socks5ProxyConnection(endPoint, executor, this.connectionFactory, context);
connection.authorizations = authorizations;
return this.customize(connection, context);
}
}
}

819
jetty-client/src/test/java/org/eclipse/jetty/client/Socks5ProxyTest.java Normal file
View File

@ -0,0 +1,819 @@
//
// ========================================================================
// Copyright (c) 1995 Mort Bay Consulting Pty Ltd and others.
//
// This program and the accompanying materials are made available under the
// terms of the Eclipse Public License v. 2.0 which is available at
// https://www.eclipse.org/legal/epl-2.0, or the Apache License, Version 2.0
// which is available at https://www.apache.org/licenses/LICENSE-2.0.
//
// SPDX-License-Identifier: EPL-2.0 OR Apache-2.0
// ========================================================================
//
package org.eclipse.jetty.client;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.InetSocketAddress;
import java.net.SocketException;
import java.nio.ByteBuffer;
import java.nio.channels.ServerSocketChannel;
import java.nio.channels.SocketChannel;
import java.nio.charset.StandardCharsets;
import java.util.concurrent.CountDownLatch;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.TimeoutException;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import org.eclipse.jetty.client.Socks5.AddrType;
import org.eclipse.jetty.client.Socks5.AuthType;
import org.eclipse.jetty.client.Socks5.Command;
import org.eclipse.jetty.client.Socks5.SockConst;
import org.eclipse.jetty.client.Socks5.UsernamePasswordAuthentication;
import org.eclipse.jetty.client.api.Request;
import org.eclipse.jetty.client.http.HttpClientTransportOverHTTP;
import org.eclipse.jetty.client.util.FutureResponseListener;
import org.eclipse.jetty.http.HttpScheme;
import org.eclipse.jetty.io.ClientConnector;
import org.eclipse.jetty.util.ssl.SslContextFactory;
import org.eclipse.jetty.util.thread.QueuedThreadPool;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import static org.hamcrest.MatcherAssert.assertThat;
import static org.hamcrest.Matchers.instanceOf;
import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertThrows;
import static org.junit.jupiter.api.Assertions.assertTrue;
public class Socks5ProxyTest
{
private ServerSocketChannel proxy;
private HttpClient client;
@BeforeEach
public void prepare() throws Exception
{
proxy = ServerSocketChannel.open();
proxy.bind(new InetSocketAddress("127.0.0.1", 0));
ClientConnector connector = new ClientConnector();
QueuedThreadPool clientThreads = new QueuedThreadPool();
clientThreads.setName("client");
connector.setExecutor(clientThreads);
connector.setSslContextFactory(new SslContextFactory.Client());
client = new HttpClient(new HttpClientTransportOverHTTP(connector));
client.setExecutor(clientThreads);
client.start();
}
@AfterEach
public void dispose() throws Exception
{
client.stop();
proxy.close();
}
@Test
public void testSocks5ProxyIpv4NoAuth() throws Exception
{
int proxyPort = proxy.socket().getLocalPort();
client.getProxyConfiguration().addProxy(new Socks5Proxy("127.0.0.1", proxyPort));
CountDownLatch latch = new CountDownLatch(1);
byte ip1 = 127;
byte ip2 = 0;
byte ip3 = 0;
byte ip4 = 13;
String serverHost = ip1 + "." + ip2 + "." + ip3 + "." + ip4;
int serverPort = proxyPort + 1; // Any port will do
String method = "GET";
String path = "/path";
client.newRequest(serverHost, serverPort)
.method(method)
.path(path)
.timeout(5, TimeUnit.SECONDS)
.send(result ->
{
if (result.isSucceeded())
latch.countDown();
});
try (SocketChannel channel = proxy.accept())
{
int initLen = 3;
ByteBuffer buffer = ByteBuffer.allocate(initLen);
int read = channel.read(buffer);
assertEquals(initLen, read);
assertEquals(SockConst.VER, buffer.get(0) & 0xFF);
assertEquals(1, buffer.get(1) & 0xFF);
assertEquals(AuthType.NO_AUTH, buffer.get(2) & 0xFF);
// write acceptable methods
channel.write(ByteBuffer.wrap(new byte[]{SockConst.VER, AuthType.NO_AUTH}));
// read addr
int addrLen = 10;
buffer = ByteBuffer.allocate(addrLen);
read = channel.read(buffer);
assertEquals(addrLen, read);
assertEquals(SockConst.VER, buffer.get(0) & 0xFF);
assertEquals(Command.CONNECT, buffer.get(1) & 0xFF);
assertEquals(SockConst.RSV, buffer.get(2) & 0xFF);
assertEquals(AddrType.IPV4, buffer.get(3) & 0xFF);
assertEquals(ip1, buffer.get(4) & 0xFF);
assertEquals(ip2, buffer.get(5) & 0xFF);
assertEquals(ip3, buffer.get(6) & 0xFF);
assertEquals(ip4, buffer.get(7) & 0xFF);
assertEquals(serverPort, buffer.getShort(8) & 0xFFFF);
// Socks5 connect response.
channel.write(ByteBuffer.wrap(new byte[]{SockConst.VER, SockConst.SUCCEEDED, SockConst.RSV, AddrType.IPV4, 0, 0, 0, 0, 0, 0}));
buffer = ByteBuffer.allocate(method.length() + 1 + path.length());
read = channel.read(buffer);
assertEquals(buffer.capacity(), read);
buffer.flip();
assertEquals(method + " " + path, StandardCharsets.UTF_8.decode(buffer).toString());
// http response
String response =
"HTTP/1.1 200 OK\r\n" +
"Content-Length: 0\r\n" +
"Connection: close\r\n" +
"\r\n";
channel.write(ByteBuffer.wrap(response.getBytes(StandardCharsets.UTF_8)));
assertTrue(latch.await(5, TimeUnit.SECONDS));
}
}
@Test
public void testSocks5ProxyDomainNoAuth() throws Exception
{
int proxyPort = proxy.socket().getLocalPort();
client.getProxyConfiguration().addProxy(new Socks5Proxy("127.0.0.1", proxyPort));
CountDownLatch latch = new CountDownLatch(1);
String serverHost = "example.com";
int serverPort = proxyPort + 1; // Any port will do
String method = "GET";
String path = "/path";
client.newRequest(serverHost, serverPort)
.method(method)
.path(path)
.timeout(5, TimeUnit.SECONDS)
.send(result ->
{
if (result.isSucceeded())
latch.countDown();
});
try (SocketChannel channel = proxy.accept())
{
int initLen = 3;
ByteBuffer buffer = ByteBuffer.allocate(initLen);
int read = channel.read(buffer);
assertEquals(initLen, read);
assertEquals(SockConst.VER, buffer.get(0) & 0xFF);
assertEquals(1, buffer.get(1) & 0xFF);
assertEquals(AuthType.NO_AUTH, buffer.get(2) & 0xFF);
// write acceptable methods
channel.write(ByteBuffer.wrap(new byte[]{SockConst.VER, AuthType.NO_AUTH}));
// read addr
int addrLen = 7 + serverHost.length();
buffer = ByteBuffer.allocate(addrLen);
read = channel.read(buffer);
assertEquals(addrLen, read);
buffer.flip();
byte[] bs = buffer.array();
assertEquals(SockConst.VER, bs[0] & 0xFF);
assertEquals(Command.CONNECT, bs[1] & 0xFF);
assertEquals(SockConst.RSV, bs[2] & 0xFF);
assertEquals(AddrType.DOMAIN_NAME, bs[3] & 0xFF);
int hLen = bs[4] & 0xFF;
assertEquals(serverHost.length(), hLen);
assertEquals(serverHost, new String(bs, 5, hLen, StandardCharsets.UTF_8));
assertEquals(serverPort, buffer.getShort(5 + hLen) & 0xFFFF);
// Socks5 connect response.
channel.write(ByteBuffer.wrap(new byte[]{SockConst.VER, SockConst.SUCCEEDED, SockConst.RSV, AddrType.IPV4, 0, 0, 0, 0, 0, 0}));
buffer = ByteBuffer.allocate(method.length() + 1 + path.length());
read = channel.read(buffer);
assertEquals(buffer.capacity(), read);
buffer.flip();
assertEquals(method + " " + path, StandardCharsets.UTF_8.decode(buffer).toString());
// http response
String response =
"HTTP/1.1 200 OK\r\n" +
"Content-Length: 0\r\n" +
"Connection: close\r\n" +
"\r\n";
channel.write(ByteBuffer.wrap(response.getBytes(StandardCharsets.UTF_8)));
assertTrue(latch.await(5, TimeUnit.SECONDS));
}
}
@Test
public void testSocks5ProxyIpv4UsernamePasswordAuth() throws Exception
{
String username = "jetty";
String password = "pass";
int proxyPort = proxy.socket().getLocalPort();
client.getProxyConfiguration().addProxy(new Socks5Proxy("127.0.0.1", proxyPort)
.addAuthentication(new UsernamePasswordAuthentication(username, password)));
CountDownLatch latch = new CountDownLatch(1);
byte ip1 = 127;
byte ip2 = 0;
byte ip3 = 0;
byte ip4 = 13;
String serverHost = ip1 + "." + ip2 + "." + ip3 + "." + ip4;
int serverPort = proxyPort + 1; // Any port will do
String method = "GET";
String path = "/path";
client.newRequest(serverHost, serverPort)
.method(method)
.path(path)
.timeout(5, TimeUnit.SECONDS)
.send(result ->
{
if (result.isSucceeded())
latch.countDown();
});
try (SocketChannel channel = proxy.accept())
{
int initLen = 2;
ByteBuffer buffer = ByteBuffer.allocate(initLen);
int read = channel.read(buffer);
assertEquals(initLen, read);
assertEquals(SockConst.VER, buffer.get(0) & 0xFF);
int authTypeLen = buffer.get(1) & 0xFF;
assertTrue(authTypeLen > 0);
buffer = ByteBuffer.allocate(authTypeLen);
read = channel.read(buffer);
// assert contains username password authorization
assertEquals(authTypeLen, read);
buffer.flip();
byte[] authTypes = new byte[authTypeLen];
buffer.get(authTypes);
assertTrue(containAuthType(authTypes, AuthType.USER_PASS));
// write acceptable methods
channel.write(ByteBuffer.wrap(new byte[]{SockConst.VER, AuthType.USER_PASS}));
// read username password
buffer = ByteBuffer.allocate(3 + username.length() + password.length());
read = channel.read(buffer);
assertEquals(buffer.capacity(), read);
buffer.flip();
byte[] userPass = buffer.array();
assertEquals(SockConst.USER_PASS_VER, userPass[0] & 0xFF);
int uLen = userPass[1] & 0xFF;
assertEquals(username.length(), uLen);
assertEquals(username, new String(userPass, 2, uLen, StandardCharsets.UTF_8));
int pLen = userPass[2 + uLen];
assertEquals(password.length(), pLen);
assertEquals(password, new String(userPass, 3 + uLen, pLen, StandardCharsets.UTF_8));
// authorization success
channel.write(ByteBuffer.wrap(new byte[]{SockConst.USER_PASS_VER, SockConst.SUCCEEDED}));
// read addr
int addrLen = 10;
buffer = ByteBuffer.allocate(addrLen);
read = channel.read(buffer);
assertEquals(addrLen, read);
assertEquals(SockConst.VER, buffer.get(0) & 0xFF);
assertEquals(Command.CONNECT, buffer.get(1) & 0xFF);
assertEquals(SockConst.RSV, buffer.get(2) & 0xFF);
assertEquals(AddrType.IPV4, buffer.get(3) & 0xFF);
assertEquals(ip1, buffer.get(4) & 0xFF);
assertEquals(ip2, buffer.get(5) & 0xFF);
assertEquals(ip3, buffer.get(6) & 0xFF);
assertEquals(ip4, buffer.get(7) & 0xFF);
assertEquals(serverPort, buffer.getShort(8) & 0xFFFF);
// Socks5 connect response.
channel.write(ByteBuffer.wrap(new byte[]{SockConst.VER, SockConst.SUCCEEDED, SockConst.RSV, AddrType.IPV4, 0, 0, 0, 0, 0, 0}));
buffer = ByteBuffer.allocate(method.length() + 1 + path.length());
read = channel.read(buffer);
assertEquals(buffer.capacity(), read);
buffer.flip();
assertEquals(method + " " + path, StandardCharsets.UTF_8.decode(buffer).toString());
// http response
String response =
"HTTP/1.1 200 OK\r\n" +
"Content-Length: 0\r\n" +
"Connection: close\r\n" +
"\r\n";
channel.write(ByteBuffer.wrap(response.getBytes(StandardCharsets.UTF_8)));
assertTrue(latch.await(5, TimeUnit.SECONDS));
}
}
@Test
public void testSocks5ProxyIpv4AuthNoAcceptable() throws Exception
{
int proxyPort = proxy.socket().getLocalPort();
client.getProxyConfiguration().addProxy(new Socks5Proxy("127.0.0.1", proxyPort));
long timeout = 1000;
String serverHost = "127.0.0.13";
int serverPort = proxyPort + 1; // Any port will do
String method = "GET";
String path = "/path";
Request request = client.newRequest(serverHost, serverPort)
.method(method)
.path(path)
.timeout(timeout, TimeUnit.MILLISECONDS);
FutureResponseListener listener = new FutureResponseListener(request);
request.send(listener);
try (SocketChannel channel = proxy.accept())
{
int initLen = 3;
ByteBuffer buffer = ByteBuffer.allocate(initLen);
int read = channel.read(buffer);
assertEquals(initLen, read);
// write acceptable methods
channel.write(ByteBuffer.wrap(new byte[]{SockConst.VER, AuthType.NO_ACCEPTABLE}));
ExecutionException x = assertThrows(ExecutionException.class, () -> listener.get(2 * timeout, TimeUnit.MILLISECONDS));
assertThat(x.getCause(), instanceOf(SocketException.class));
}
}
@Test
public void testSocks5ProxyIpv4UsernamePasswordAuthFailed() throws Exception
{
String username = "jetty";
String password = "pass";
int proxyPort = proxy.socket().getLocalPort();
client.getProxyConfiguration().addProxy(new Socks5Proxy("127.0.0.1", proxyPort)
.addAuthentication(new UsernamePasswordAuthentication(username, password)));
long timeout = 1000;
String serverHost = "127.0.0.13";
int serverPort = proxyPort + 1; // Any port will do
String method = "GET";
String path = "/path";
Request request = client.newRequest(serverHost, serverPort)
.method(method)
.path(path)
.timeout(timeout, TimeUnit.MILLISECONDS);
FutureResponseListener listener = new FutureResponseListener(request);
request.send(listener);
try (SocketChannel channel = proxy.accept())
{
int initLen = 2;
ByteBuffer buffer = ByteBuffer.allocate(initLen);
int read = channel.read(buffer);
assertEquals(initLen, read);
assertEquals(SockConst.VER, buffer.get(0) & 0xFF);
int authTypeLen = buffer.get(1) & 0xFF;
assertTrue(authTypeLen > 0);
buffer = ByteBuffer.allocate(authTypeLen);
read = channel.read(buffer);
// assert contains username password authorization
assertEquals(authTypeLen, read);
buffer.flip();
byte[] authTypes = new byte[authTypeLen];
buffer.get(authTypes);
assertTrue(containAuthType(authTypes, AuthType.USER_PASS));
// write acceptable methods
channel.write(ByteBuffer.wrap(new byte[]{SockConst.VER, AuthType.USER_PASS}));
// read username password
buffer = ByteBuffer.allocate(3 + username.length() + password.length());
read = channel.read(buffer);
assertEquals(buffer.capacity(), read);
buffer.flip();
byte[] userPass = buffer.array();
assertEquals(SockConst.USER_PASS_VER, userPass[0] & 0xFF);
int uLen = userPass[1] & 0xFF;
assertEquals(username.length(), uLen);
assertEquals(username, new String(userPass, 2, uLen, StandardCharsets.UTF_8));
int pLen = userPass[2 + uLen];
assertEquals(password.length(), pLen);
assertEquals(password, new String(userPass, 3 + uLen, pLen, StandardCharsets.UTF_8));
// authorization failed
channel.write(ByteBuffer.wrap(new byte[]{SockConst.USER_PASS_VER, SockConst.AUTH_FAILED}));
ExecutionException x = assertThrows(ExecutionException.class, () -> listener.get(2 * timeout, TimeUnit.MILLISECONDS));
assertThat(x.getCause(), instanceOf(SocketException.class));
}
}
@Test
public void testSocks5ProxyDomainUsernamePasswordAuth() throws Exception
{
String username = "jetty";
String password = "pass";
int proxyPort = proxy.socket().getLocalPort();
client.getProxyConfiguration().addProxy(new Socks5Proxy("127.0.0.1", proxyPort)
.addAuthentication(new UsernamePasswordAuthentication(username, password)));
CountDownLatch latch = new CountDownLatch(1);
String serverHost = "example.com";
int serverPort = proxyPort + 1; // Any port will do
String method = "GET";
String path = "/path";
client.newRequest(serverHost, serverPort)
.method(method)
.path(path)
.timeout(5, TimeUnit.SECONDS)
.send(result ->
{
if (result.isSucceeded())
latch.countDown();
});
try (SocketChannel channel = proxy.accept())
{
int initLen = 2;
ByteBuffer buffer = ByteBuffer.allocate(initLen);
int read = channel.read(buffer);
assertEquals(initLen, read);
assertEquals(SockConst.VER, buffer.get(0) & 0xFF);
int authTypeLen = buffer.get(1) & 0xFF;
assertTrue(authTypeLen > 0);
buffer = ByteBuffer.allocate(authTypeLen);
read = channel.read(buffer);
// assert contains username password authorization
assertEquals(authTypeLen, read);
buffer.flip();
byte[] authTypes = new byte[authTypeLen];
buffer.get(authTypes);
assertTrue(containAuthType(authTypes, AuthType.USER_PASS));
// write acceptable methods
channel.write(ByteBuffer.wrap(new byte[]{SockConst.VER, AuthType.USER_PASS}));
// read username password
buffer = ByteBuffer.allocate(3 + username.length() + password.length());
read = channel.read(buffer);
assertEquals(buffer.capacity(), read);
buffer.flip();
byte[] userPass = buffer.array();
assertEquals(SockConst.USER_PASS_VER, userPass[0] & 0xFF);
int uLen = userPass[1] & 0xFF;
assertEquals(username.length(), uLen);
assertEquals(username, new String(userPass, 2, uLen, StandardCharsets.UTF_8));
int pLen = userPass[2 + uLen];
assertEquals(password.length(), pLen);
assertEquals(password, new String(userPass, 3 + uLen, pLen, StandardCharsets.UTF_8));
// authorization success
channel.write(ByteBuffer.wrap(new byte[]{SockConst.USER_PASS_VER, SockConst.SUCCEEDED}));
// read addr
int addrLen = 7 + serverHost.length();
buffer = ByteBuffer.allocate(addrLen);
read = channel.read(buffer);
assertEquals(addrLen, read);
buffer.flip();
byte[] bs = buffer.array();
assertEquals(SockConst.VER, bs[0] & 0xFF);
assertEquals(Command.CONNECT, bs[1] & 0xFF);
assertEquals(SockConst.RSV, bs[2] & 0xFF);
assertEquals(AddrType.DOMAIN_NAME, bs[3] & 0xFF);
int hLen = bs[4] & 0xFF;
assertEquals(serverHost.length(), hLen);
assertEquals(serverHost, new String(bs, 5, hLen, StandardCharsets.UTF_8));
assertEquals(serverPort, buffer.getShort(5 + hLen) & 0xFFFF);
// Socks5 connect response.
channel.write(ByteBuffer.wrap(new byte[]{SockConst.VER, SockConst.SUCCEEDED, SockConst.RSV, AddrType.IPV4, 0, 0, 0, 0, 0, 0}));
buffer = ByteBuffer.allocate(method.length() + 1 + path.length());
read = channel.read(buffer);
assertEquals(buffer.capacity(), read);
buffer.flip();
assertEquals(method + " " + path, StandardCharsets.UTF_8.decode(buffer).toString());
// http response
String response =
"HTTP/1.1 200 OK\r\n" +
"Content-Length: 0\r\n" +
"Connection: close\r\n" +
"\r\n";
channel.write(ByteBuffer.wrap(response.getBytes(StandardCharsets.UTF_8)));
assertTrue(latch.await(5, TimeUnit.SECONDS));
}
}
@Test
public void testSocks5ProxyDomainUsernamePasswordAuthWithSplitResponse() throws Exception
{
String username = "jetty";
String password = "pass";
int proxyPort = proxy.socket().getLocalPort();
client.getProxyConfiguration().addProxy(new Socks5Proxy("127.0.0.1", proxyPort)
.addAuthentication(new UsernamePasswordAuthentication(username, password)));
CountDownLatch latch = new CountDownLatch(1);
String serverHost = "example.com";
int serverPort = proxyPort + 1; // Any port will do
String method = "GET";
String path = "/path";
client.newRequest(serverHost, serverPort)
.method(method)
.path(path)
.timeout(5, TimeUnit.SECONDS)
.send(result ->
{
if (result.isSucceeded())
latch.countDown();
});
try (SocketChannel channel = proxy.accept())
{
int initLen = 2;
ByteBuffer buffer = ByteBuffer.allocate(initLen);
int read = channel.read(buffer);
assertEquals(initLen, read);
assertEquals(SockConst.VER, buffer.get(0) & 0xFF);
int authTypeLen = buffer.get(1) & 0xFF;
assertTrue(authTypeLen > 0);
buffer = ByteBuffer.allocate(authTypeLen);
read = channel.read(buffer);
// assert contains username password authorization
assertEquals(authTypeLen, read);
buffer.flip();
byte[] authTypes = new byte[authTypeLen];
buffer.get(authTypes);
assertTrue(containAuthType(authTypes, AuthType.USER_PASS));
// write acceptable methods
channel.write(ByteBuffer.wrap(new byte[]{SockConst.VER, AuthType.USER_PASS}));
// read username password
buffer = ByteBuffer.allocate(3 + username.length() + password.length());
read = channel.read(buffer);
assertEquals(buffer.capacity(), read);
buffer.flip();
byte[] userPass = buffer.array();
assertEquals(SockConst.USER_PASS_VER, userPass[0] & 0xFF);
int uLen = userPass[1] & 0xFF;
assertEquals(username.length(), uLen);
assertEquals(username, new String(userPass, 2, uLen, StandardCharsets.UTF_8));
int pLen = userPass[2 + uLen];
assertEquals(password.length(), pLen);
assertEquals(password, new String(userPass, 3 + uLen, pLen, StandardCharsets.UTF_8));
// authorization success
channel.write(ByteBuffer.wrap(new byte[]{SockConst.USER_PASS_VER, SockConst.SUCCEEDED}));
// read addr
int addrLen = 7 + serverHost.length();
buffer = ByteBuffer.allocate(addrLen);
read = channel.read(buffer);
assertEquals(addrLen, read);
buffer.flip();
byte[] bs = buffer.array();
assertEquals(SockConst.VER, bs[0] & 0xFF);
assertEquals(Command.CONNECT, bs[1] & 0xFF);
assertEquals(SockConst.RSV, bs[2] & 0xFF);
assertEquals(AddrType.DOMAIN_NAME, bs[3] & 0xFF);
int hLen = bs[4] & 0xFF;
assertEquals(serverHost.length(), hLen);
assertEquals(serverHost, new String(bs, 5, hLen, StandardCharsets.UTF_8));
assertEquals(serverPort, buffer.getShort(5 + hLen) & 0xFFFF);
// Socks5 connect response.
byte[] chunk1 = new byte[]{SockConst.VER, SockConst.SUCCEEDED, SockConst.RSV, AddrType.IPV4};
byte[] chunk2 = new byte[]{0, 0, 0, 0, 0, 0};
channel.write(ByteBuffer.wrap(chunk1));
// Wait before sending the second chunk.
Thread.sleep(1000);
channel.write(ByteBuffer.wrap(chunk2));
buffer = ByteBuffer.allocate(method.length() + 1 + path.length());
read = channel.read(buffer);
assertEquals(buffer.capacity(), read);
buffer.flip();
assertEquals(method + " " + path, StandardCharsets.UTF_8.decode(buffer).toString());
// http response
String response =
"HTTP/1.1 200 OK\r\n" +
"Content-Length: 0\r\n" +
"Connection: close\r\n" +
"\r\n";
channel.write(ByteBuffer.wrap(response.getBytes(StandardCharsets.UTF_8)));
assertTrue(latch.await(5, TimeUnit.SECONDS));
}
}
@Test
public void testSocks5ProxyIpv4NoAuthWithTlsServer() throws Exception
{
int proxyPort = proxy.socket().getLocalPort();
String serverHost = "127.0.0.13"; // Server host different from proxy host.
int serverPort = proxyPort + 1; // Any port will do.
SslContextFactory clientTLS = client.getSslContextFactory();
clientTLS.reload(ssl ->
{
// The client keystore contains the trustedCertEntry for the
// self-signed server certificate, so it acts as a truststore.
ssl.setTrustStorePath("src/test/resources/client_keystore.p12");
ssl.setTrustStorePassword("storepwd");
// Disable TLS hostname verification, but
// enable application hostname verification.
ssl.setEndpointIdentificationAlgorithm(null);
// The hostname must be that of the server, not of the proxy.
ssl.setHostnameVerifier((hostname, session) -> serverHost.equals(hostname));
});
client.getProxyConfiguration().addProxy(new Socks5Proxy("127.0.0.1", proxyPort));
CountDownLatch latch = new CountDownLatch(1);
String method = "GET";
String path = "/path";
client.newRequest(serverHost, serverPort)
.scheme(HttpScheme.HTTPS.asString())
.method(method)
.path(path)
.timeout(5, TimeUnit.SECONDS)
.send(result ->
{
if (result.isSucceeded())
latch.countDown();
});
try (SocketChannel channel = proxy.accept())
{
int initLen = 3;
ByteBuffer buffer = ByteBuffer.allocate(initLen);
int read = channel.read(buffer);
assertEquals(initLen, read);
// write acceptable methods
channel.write(ByteBuffer.wrap(new byte[]{SockConst.VER, AuthType.NO_AUTH}));
// read addr
int addrLen = 10;
buffer = ByteBuffer.allocate(addrLen);
read = channel.read(buffer);
assertEquals(addrLen, read);
// Socks5 connect response.
channel.write(ByteBuffer.wrap(new byte[]{SockConst.VER, SockConst.SUCCEEDED, SockConst.RSV, AddrType.IPV4, 0, 0, 0, 0, 0, 0}));
// Wrap the socket with TLS.
SslContextFactory.Server serverTLS = new SslContextFactory.Server();
serverTLS.setKeyStorePath("src/test/resources/keystore.p12");
serverTLS.setKeyStorePassword("storepwd");
serverTLS.start();
SSLContext sslContext = serverTLS.getSslContext();
SSLSocket sslSocket = (SSLSocket)sslContext.getSocketFactory().createSocket(channel.socket(), serverHost, serverPort, false);
sslSocket.setUseClientMode(false);
// Read the request.
int crlfs = 0;
InputStream input = sslSocket.getInputStream();
while (true)
{
read = input.read();
if (read < 0)
break;
if (read == '\r' || read == '\n')
++crlfs;
else
crlfs = 0;
if (crlfs == 4)
break;
}
// Send the response.
String response =
"HTTP/1.1 200 OK\r\n" +
"Content-Length: 0\r\n" +
"Connection: close\r\n" +
"\r\n";
OutputStream output = sslSocket.getOutputStream();
output.write(response.getBytes(StandardCharsets.UTF_8));
output.flush();
assertTrue(latch.await(5, TimeUnit.SECONDS));
}
}
@Test
public void testRequestTimeoutWhenSocksProxyDoesNotRespond() throws Exception
{
int proxyPort = proxy.socket().getLocalPort();
client.getProxyConfiguration().addProxy(new Socks4Proxy("127.0.0.1", proxyPort));
long timeout = 1000;
// Use an address to avoid resolution of "localhost" to multiple addresses.
String serverHost = "127.0.0.13";
int serverPort = proxyPort + 1; // Any port will do
Request request = client.newRequest(serverHost, serverPort)
.timeout(timeout, TimeUnit.MILLISECONDS);
FutureResponseListener listener = new FutureResponseListener(request);
request.send(listener);
try (SocketChannel ignored = proxy.accept())
{
// Accept the connection, but do not reply and don't close.
ExecutionException x = assertThrows(ExecutionException.class, () -> listener.get(2 * timeout, TimeUnit.MILLISECONDS));
assertThat(x.getCause(), instanceOf(TimeoutException.class));
}
}
@Test
public void testSocksProxyClosesConnectionImmediately() throws Exception
{
int proxyPort = proxy.socket().getLocalPort();
client.getProxyConfiguration().addProxy(new Socks5Proxy("127.0.0.1", proxyPort));
// Use an address to avoid resolution of "localhost" to multiple addresses.
String serverHost = "127.0.0.13";
int serverPort = proxyPort + 1; // Any port will do
Request request = client.newRequest(serverHost, serverPort);
FutureResponseListener listener = new FutureResponseListener(request);
request.send(listener);
try (SocketChannel channel = proxy.accept())
{
// Immediately close the connection.
channel.close();
ExecutionException x = assertThrows(ExecutionException.class, () -> listener.get(5, TimeUnit.SECONDS));
assertThat(x.getCause(), instanceOf(SocketException.class));
}
}
@Test
public void testSocksProxyResponseGarbageBytes() throws Exception
{
int proxyPort = proxy.socket().getLocalPort();
client.getProxyConfiguration().addProxy(new Socks5Proxy("127.0.0.1", proxyPort));
// Use an address to avoid resolution of "localhost" to multiple addresses.
String serverHost = "127.0.0.13";
int serverPort = proxyPort + 1; // Any port will do
Request request = client.newRequest(serverHost, serverPort);
FutureResponseListener listener = new FutureResponseListener(request);
request.send(listener);
try (SocketChannel channel = proxy.accept())
{
channel.write(ByteBuffer.wrap(new byte[]{1, 2, 3, 4, 5}));
ExecutionException x = assertThrows(ExecutionException.class, () -> listener.get(5, TimeUnit.SECONDS));
assertThat(x.getCause(), instanceOf(SocketException.class));
}
}
private boolean containAuthType(byte[] methods, byte method)
{
for (byte m : methods)
{
if (m == method)
{
return true;
}
}
return false;
}
}