Merge pull request #9727 from eclipse/fix/jetty-10-7091-socks5
Fixes #7091 - Add SOCKS5 support
This commit is contained in:
commit
d5f68a78ca
|
@ -16,7 +16,12 @@
|
|||
|
||||
Jetty's `HttpClient` can be configured to use proxies to connect to destinations.
|
||||
|
||||
Two types of proxies are available out of the box: a HTTP proxy (provided by class `org.eclipse.jetty.client.HttpProxy`) and a SOCKS 4 proxy (provided by class `org.eclipse.jetty.client.Socks4Proxy`).
|
||||
These types of proxies are available out of the box:
|
||||
|
||||
* HTTP proxy (provided by class `org.eclipse.jetty.client.HttpProxy`)
|
||||
* SOCKS 4 proxy (provided by class `org.eclipse.jetty.client.Socks4Proxy`)
|
||||
* xref:pg-client-http-proxy-socks5[SOCKS 5 proxy] (provided by class `org.eclipse.jetty.client.Socks5Proxy`)
|
||||
|
||||
Other implementations may be written by subclassing `ProxyConfiguration.Proxy`.
|
||||
|
||||
The following is a typical configuration:
|
||||
|
@ -30,14 +35,26 @@ You specify the proxy host and proxy port, and optionally also the addresses tha
|
|||
|
||||
Configured in this way, `HttpClient` makes requests to the HTTP proxy (for plain-text HTTP requests) or establishes a tunnel via HTTP `CONNECT` (for encrypted HTTPS requests).
|
||||
|
||||
Proxying is supported for HTTP/1.1 and HTTP/2.
|
||||
Proxying is supported for any version of the HTTP protocol.
|
||||
|
||||
[[pg-client-http-proxy-socks5]]
|
||||
===== SOCKS5 Proxy Support
|
||||
|
||||
SOCKS 5 (defined in link:https://datatracker.ietf.org/doc/html/rfc1928[RFC 1928]) offers choices for authentication methods and supports IPv6 (things that SOCKS 4 does not support).
|
||||
|
||||
A typical SOCKS 5 proxy configuration with the username/password authentication method is the following:
|
||||
|
||||
[source,java,indent=0]
|
||||
----
|
||||
include::../../{doc_code}/org/eclipse/jetty/docs/programming/client/http/HTTPClientDocs.java[tag=proxySocks5]
|
||||
----
|
||||
|
||||
[[pg-client-http-proxy-authentication]]
|
||||
===== Proxy Authentication Support
|
||||
===== HTTP Proxy Authentication Support
|
||||
|
||||
Jetty's `HttpClient` supports proxy authentication in the same way it supports xref:pg-client-http-authentication[server authentication].
|
||||
Jetty's `HttpClient` supports HTTP proxy authentication in the same way it supports xref:pg-client-http-authentication[server authentication].
|
||||
|
||||
In the example below, the proxy requires `BASIC` authentication, but the server requires `DIGEST` authentication, and therefore:
|
||||
In the example below, the HTTP proxy requires `BASIC` authentication, but the server requires `DIGEST` authentication, and therefore:
|
||||
|
||||
[source,java,indent=0]
|
||||
----
|
||||
|
|
|
@ -34,6 +34,8 @@ import org.eclipse.jetty.client.HttpDestination;
|
|||
import org.eclipse.jetty.client.HttpProxy;
|
||||
import org.eclipse.jetty.client.ProxyConfiguration;
|
||||
import org.eclipse.jetty.client.RoundRobinConnectionPool;
|
||||
import org.eclipse.jetty.client.Socks5;
|
||||
import org.eclipse.jetty.client.Socks5Proxy;
|
||||
import org.eclipse.jetty.client.api.Authentication;
|
||||
import org.eclipse.jetty.client.api.AuthenticationStore;
|
||||
import org.eclipse.jetty.client.api.ContentResponse;
|
||||
|
@ -665,6 +667,30 @@ public class HTTPClientDocs
|
|||
// end::proxy[]
|
||||
}
|
||||
|
||||
public void proxySocks5() throws Exception
|
||||
{
|
||||
HttpClient httpClient = new HttpClient();
|
||||
httpClient.start();
|
||||
|
||||
// tag::proxySocks5[]
|
||||
Socks5Proxy proxy = new Socks5Proxy("proxyHost", 8888);
|
||||
String socks5User = "jetty";
|
||||
String socks5Pass = "secret";
|
||||
var socks5AuthenticationFactory = new Socks5.UsernamePasswordAuthenticationFactory(socks5User, socks5Pass);
|
||||
// Add the authentication method to the proxy.
|
||||
proxy.putAuthenticationFactory(socks5AuthenticationFactory);
|
||||
|
||||
// Do not proxy requests for localhost:8080.
|
||||
proxy.getExcludedAddresses().add("localhost:8080");
|
||||
|
||||
// Add the new proxy to the list of proxies already registered.
|
||||
ProxyConfiguration proxyConfig = httpClient.getProxyConfiguration();
|
||||
proxyConfig.addProxy(proxy);
|
||||
|
||||
ContentResponse response = httpClient.GET("http://domain.com/path");
|
||||
// end::proxySocks5[]
|
||||
}
|
||||
|
||||
public void proxyAuthentication() throws Exception
|
||||
{
|
||||
HttpClient httpClient = new HttpClient();
|
||||
|
|
|
@ -0,0 +1,238 @@
|
|||
//
|
||||
// ========================================================================
|
||||
// Copyright (c) 1995 Mort Bay Consulting Pty Ltd and others.
|
||||
//
|
||||
// This program and the accompanying materials are made available under the
|
||||
// terms of the Eclipse Public License v. 2.0 which is available at
|
||||
// https://www.eclipse.org/legal/epl-2.0, or the Apache License, Version 2.0
|
||||
// which is available at https://www.apache.org/licenses/LICENSE-2.0.
|
||||
//
|
||||
// SPDX-License-Identifier: EPL-2.0 OR Apache-2.0
|
||||
// ========================================================================
|
||||
//
|
||||
|
||||
package org.eclipse.jetty.client;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.nio.ByteBuffer;
|
||||
import java.nio.channels.ClosedChannelException;
|
||||
import java.nio.charset.Charset;
|
||||
import java.nio.charset.StandardCharsets;
|
||||
import java.util.Objects;
|
||||
|
||||
import org.eclipse.jetty.io.EndPoint;
|
||||
import org.eclipse.jetty.util.BufferUtil;
|
||||
import org.eclipse.jetty.util.Callback;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
|
||||
/**
|
||||
* <p>Helper class for SOCKS5 proxying.</p>
|
||||
*
|
||||
* @see Socks5Proxy
|
||||
*/
|
||||
public class Socks5
|
||||
{
|
||||
/**
|
||||
* The SOCKS protocol version: {@value}.
|
||||
*/
|
||||
public static final byte VERSION = 0x05;
|
||||
/**
|
||||
* The SOCKS5 {@code CONNECT} command used in SOCKS5 connect requests.
|
||||
*/
|
||||
public static final byte COMMAND_CONNECT = 0x01;
|
||||
/**
|
||||
* The reserved byte value: {@value}.
|
||||
*/
|
||||
public static final byte RESERVED = 0x00;
|
||||
/**
|
||||
* The address type for IPv4 used in SOCKS5 connect requests and responses.
|
||||
*/
|
||||
public static final byte ADDRESS_TYPE_IPV4 = 0x01;
|
||||
/**
|
||||
* The address type for domain names used in SOCKS5 connect requests and responses.
|
||||
*/
|
||||
public static final byte ADDRESS_TYPE_DOMAIN = 0x03;
|
||||
/**
|
||||
* The address type for IPv6 used in SOCKS5 connect requests and responses.
|
||||
*/
|
||||
public static final byte ADDRESS_TYPE_IPV6 = 0x04;
|
||||
|
||||
private Socks5()
|
||||
{
|
||||
}
|
||||
|
||||
/**
|
||||
* <p>A SOCKS5 authentication method.</p>
|
||||
* <p>Implementations should send and receive the bytes that
|
||||
* are specific to the particular authentication method.</p>
|
||||
*/
|
||||
public interface Authentication
|
||||
{
|
||||
/**
|
||||
* <p>Performs the authentication send and receive bytes
|
||||
* exchanges specific for this {@link Authentication}.</p>
|
||||
*
|
||||
* @param endPoint the {@link EndPoint} to send to and receive from the SOCKS5 server
|
||||
* @param callback the callback to complete when the authentication is complete
|
||||
*/
|
||||
void authenticate(EndPoint endPoint, Callback callback);
|
||||
|
||||
/**
|
||||
* A factory for {@link Authentication}s.
|
||||
*/
|
||||
interface Factory
|
||||
{
|
||||
/**
|
||||
* @return the authentication method defined by RFC 1928
|
||||
*/
|
||||
byte getMethod();
|
||||
|
||||
/**
|
||||
* @return a new {@link Authentication}
|
||||
*/
|
||||
Authentication newAuthentication();
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* <p>The implementation of the {@code NO AUTH} authentication method defined in
|
||||
* <a href="https://datatracker.ietf.org/doc/html/rfc1928">RFC 1928</a>.</p>
|
||||
*/
|
||||
public static class NoAuthenticationFactory implements Authentication.Factory
|
||||
{
|
||||
public static final byte METHOD = 0x00;
|
||||
|
||||
@Override
|
||||
public byte getMethod()
|
||||
{
|
||||
return METHOD;
|
||||
}
|
||||
|
||||
@Override
|
||||
public Authentication newAuthentication()
|
||||
{
|
||||
return (endPoint, callback) -> callback.succeeded();
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* <p>The implementation of the {@code USERNAME/PASSWORD} authentication method defined in
|
||||
* <a href="https://datatracker.ietf.org/doc/html/rfc1929">RFC 1929</a>.</p>
|
||||
*/
|
||||
public static class UsernamePasswordAuthenticationFactory implements Authentication.Factory
|
||||
{
|
||||
public static final byte METHOD = 0x02;
|
||||
public static final byte VERSION = 0x01;
|
||||
private static final Logger LOG = LoggerFactory.getLogger(UsernamePasswordAuthenticationFactory.class);
|
||||
|
||||
private final String userName;
|
||||
private final String password;
|
||||
private final Charset charset;
|
||||
|
||||
public UsernamePasswordAuthenticationFactory(String userName, String password)
|
||||
{
|
||||
this(userName, password, StandardCharsets.US_ASCII);
|
||||
}
|
||||
|
||||
public UsernamePasswordAuthenticationFactory(String userName, String password, Charset charset)
|
||||
{
|
||||
this.userName = Objects.requireNonNull(userName);
|
||||
this.password = Objects.requireNonNull(password);
|
||||
this.charset = Objects.requireNonNull(charset);
|
||||
}
|
||||
|
||||
@Override
|
||||
public byte getMethod()
|
||||
{
|
||||
return METHOD;
|
||||
}
|
||||
|
||||
@Override
|
||||
public Authentication newAuthentication()
|
||||
{
|
||||
return new UsernamePasswordAuthentication(this);
|
||||
}
|
||||
|
||||
private static class UsernamePasswordAuthentication implements Authentication, Callback
|
||||
{
|
||||
private final ByteBuffer byteBuffer = BufferUtil.allocate(2);
|
||||
private final UsernamePasswordAuthenticationFactory factory;
|
||||
private EndPoint endPoint;
|
||||
private Callback callback;
|
||||
|
||||
private UsernamePasswordAuthentication(UsernamePasswordAuthenticationFactory factory)
|
||||
{
|
||||
this.factory = factory;
|
||||
}
|
||||
|
||||
@Override
|
||||
public void authenticate(EndPoint endPoint, Callback callback)
|
||||
{
|
||||
this.endPoint = endPoint;
|
||||
this.callback = callback;
|
||||
|
||||
byte[] userNameBytes = factory.userName.getBytes(factory.charset);
|
||||
byte[] passwordBytes = factory.password.getBytes(factory.charset);
|
||||
ByteBuffer byteBuffer = ByteBuffer.allocate(3 + userNameBytes.length + passwordBytes.length)
|
||||
.put(VERSION)
|
||||
.put((byte)userNameBytes.length)
|
||||
.put(userNameBytes)
|
||||
.put((byte)passwordBytes.length)
|
||||
.put(passwordBytes)
|
||||
.flip();
|
||||
endPoint.write(Callback.from(this::authenticationSent, this::failed), byteBuffer);
|
||||
}
|
||||
|
||||
private void authenticationSent()
|
||||
{
|
||||
if (LOG.isDebugEnabled())
|
||||
LOG.debug("Written SOCKS5 username/password authentication request");
|
||||
endPoint.fillInterested(this);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void succeeded()
|
||||
{
|
||||
try
|
||||
{
|
||||
int filled = endPoint.fill(byteBuffer);
|
||||
if (filled < 0)
|
||||
throw new ClosedChannelException();
|
||||
if (byteBuffer.remaining() < 2)
|
||||
{
|
||||
endPoint.fillInterested(this);
|
||||
return;
|
||||
}
|
||||
if (LOG.isDebugEnabled())
|
||||
LOG.debug("Received SOCKS5 username/password authentication response");
|
||||
byte version = byteBuffer.get();
|
||||
if (version != VERSION)
|
||||
throw new IOException("Unsupported username/password authentication version: " + version);
|
||||
byte status = byteBuffer.get();
|
||||
if (status != 0)
|
||||
throw new IOException("SOCK5 username/password authentication failure");
|
||||
if (LOG.isDebugEnabled())
|
||||
LOG.debug("SOCKS5 username/password authentication succeeded");
|
||||
callback.succeeded();
|
||||
}
|
||||
catch (Throwable x)
|
||||
{
|
||||
failed(x);
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
public void failed(Throwable x)
|
||||
{
|
||||
callback.failed(x);
|
||||
}
|
||||
|
||||
@Override
|
||||
public InvocationType getInvocationType()
|
||||
{
|
||||
return InvocationType.NON_BLOCKING;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
|
@ -0,0 +1,416 @@
|
|||
//
|
||||
// ========================================================================
|
||||
// Copyright (c) 1995 Mort Bay Consulting Pty Ltd and others.
|
||||
//
|
||||
// This program and the accompanying materials are made available under the
|
||||
// terms of the Eclipse Public License v. 2.0 which is available at
|
||||
// https://www.eclipse.org/legal/epl-2.0, or the Apache License, Version 2.0
|
||||
// which is available at https://www.apache.org/licenses/LICENSE-2.0.
|
||||
//
|
||||
// SPDX-License-Identifier: EPL-2.0 OR Apache-2.0
|
||||
// ========================================================================
|
||||
//
|
||||
|
||||
package org.eclipse.jetty.client;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.net.InetAddress;
|
||||
import java.net.InetSocketAddress;
|
||||
import java.nio.ByteBuffer;
|
||||
import java.nio.channels.ClosedChannelException;
|
||||
import java.nio.charset.StandardCharsets;
|
||||
import java.util.LinkedHashMap;
|
||||
import java.util.Map;
|
||||
import java.util.concurrent.Executor;
|
||||
import java.util.concurrent.TimeoutException;
|
||||
import java.util.regex.Matcher;
|
||||
import java.util.regex.Pattern;
|
||||
|
||||
import org.eclipse.jetty.client.ProxyConfiguration.Proxy;
|
||||
import org.eclipse.jetty.client.Socks5.NoAuthenticationFactory;
|
||||
import org.eclipse.jetty.client.api.Connection;
|
||||
import org.eclipse.jetty.io.AbstractConnection;
|
||||
import org.eclipse.jetty.io.ClientConnectionFactory;
|
||||
import org.eclipse.jetty.io.ClientConnector;
|
||||
import org.eclipse.jetty.io.EndPoint;
|
||||
import org.eclipse.jetty.util.BufferUtil;
|
||||
import org.eclipse.jetty.util.Callback;
|
||||
import org.eclipse.jetty.util.Promise;
|
||||
import org.eclipse.jetty.util.URIUtil;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
|
||||
/**
|
||||
* <p>Client-side proxy configuration for SOCKS5, defined by
|
||||
* <a href="https://datatracker.ietf.org/doc/html/rfc1928">RFC 1928</a>.</p>
|
||||
* <p>Multiple authentication methods are supported via
|
||||
* {@link #putAuthenticationFactory(Socks5.Authentication.Factory)}.
|
||||
* By default only the {@link Socks5.NoAuthenticationFactory NO AUTH}
|
||||
* authentication method is configured.
|
||||
* The {@link Socks5.UsernamePasswordAuthenticationFactory USERNAME/PASSWORD}
|
||||
* is available to applications but must be explicitly configured and
|
||||
* added.</p>
|
||||
*/
|
||||
public class Socks5Proxy extends Proxy
|
||||
{
|
||||
private static final Logger LOG = LoggerFactory.getLogger(Socks5Proxy.class);
|
||||
|
||||
private final Map<Byte, Socks5.Authentication.Factory> authentications = new LinkedHashMap<>();
|
||||
|
||||
public Socks5Proxy(String host, int port)
|
||||
{
|
||||
this(new Origin.Address(host, port), false);
|
||||
}
|
||||
|
||||
public Socks5Proxy(Origin.Address address, boolean secure)
|
||||
{
|
||||
super(address, secure, null, null);
|
||||
putAuthenticationFactory(new NoAuthenticationFactory());
|
||||
}
|
||||
|
||||
/**
|
||||
* <p>Provides this class with the given SOCKS5 authentication method.</p>
|
||||
*
|
||||
* @param authenticationFactory the SOCKS5 authentication factory
|
||||
* @return the previous authentication method of the same type, or {@code null}
|
||||
* if there was none of that type already present
|
||||
*/
|
||||
public Socks5.Authentication.Factory putAuthenticationFactory(Socks5.Authentication.Factory authenticationFactory)
|
||||
{
|
||||
return authentications.put(authenticationFactory.getMethod(), authenticationFactory);
|
||||
}
|
||||
|
||||
/**
|
||||
* <p>Removes the authentication of the given {@code method}.</p>
|
||||
*
|
||||
* @param method the authentication method to remove
|
||||
*/
|
||||
public Socks5.Authentication.Factory removeAuthenticationFactory(byte method)
|
||||
{
|
||||
return authentications.remove(method);
|
||||
}
|
||||
|
||||
@Override
|
||||
public ClientConnectionFactory newClientConnectionFactory(ClientConnectionFactory connectionFactory)
|
||||
{
|
||||
return new Socks5ProxyClientConnectionFactory(connectionFactory);
|
||||
}
|
||||
|
||||
private class Socks5ProxyClientConnectionFactory implements ClientConnectionFactory
|
||||
{
|
||||
private final ClientConnectionFactory connectionFactory;
|
||||
|
||||
private Socks5ProxyClientConnectionFactory(ClientConnectionFactory connectionFactory)
|
||||
{
|
||||
this.connectionFactory = connectionFactory;
|
||||
}
|
||||
|
||||
public org.eclipse.jetty.io.Connection newConnection(EndPoint endPoint, Map<String, Object> context)
|
||||
{
|
||||
HttpDestination destination = (HttpDestination)context.get(HttpClientTransport.HTTP_DESTINATION_CONTEXT_KEY);
|
||||
Executor executor = destination.getHttpClient().getExecutor();
|
||||
Socks5ProxyConnection connection = new Socks5ProxyConnection(endPoint, executor, connectionFactory, context, authentications);
|
||||
return customize(connection, context);
|
||||
}
|
||||
}
|
||||
|
||||
private static class Socks5ProxyConnection extends AbstractConnection implements org.eclipse.jetty.io.Connection.UpgradeFrom
|
||||
{
|
||||
private static final Pattern IPv4_PATTERN = Pattern.compile("(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})");
|
||||
|
||||
// SOCKS5 response max length is 262 bytes.
|
||||
private final ByteBuffer byteBuffer = BufferUtil.allocate(512);
|
||||
private final ClientConnectionFactory connectionFactory;
|
||||
private final Map<String, Object> context;
|
||||
private final Map<Byte, Socks5.Authentication.Factory> authentications;
|
||||
private State state = State.HANDSHAKE;
|
||||
|
||||
private Socks5ProxyConnection(EndPoint endPoint, Executor executor, ClientConnectionFactory connectionFactory, Map<String, Object> context, Map<Byte, Socks5.Authentication.Factory> authentications)
|
||||
{
|
||||
super(endPoint, executor);
|
||||
this.connectionFactory = connectionFactory;
|
||||
this.context = context;
|
||||
this.authentications = Map.copyOf(authentications);
|
||||
}
|
||||
|
||||
@Override
|
||||
public ByteBuffer onUpgradeFrom()
|
||||
{
|
||||
return BufferUtil.copy(byteBuffer);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void onOpen()
|
||||
{
|
||||
super.onOpen();
|
||||
sendHandshake();
|
||||
}
|
||||
|
||||
private void sendHandshake()
|
||||
{
|
||||
try
|
||||
{
|
||||
// +-------------+--------------------+------------------+
|
||||
// | version (1) | num of methods (1) | methods (1..255) |
|
||||
// +-------------+--------------------+------------------+
|
||||
int size = authentications.size();
|
||||
ByteBuffer byteBuffer = ByteBuffer.allocate(1 + 1 + size)
|
||||
.put(Socks5.VERSION)
|
||||
.put((byte)size);
|
||||
authentications.keySet().forEach(byteBuffer::put);
|
||||
byteBuffer.flip();
|
||||
getEndPoint().write(Callback.from(this::handshakeSent, this::fail), byteBuffer);
|
||||
}
|
||||
catch (Throwable x)
|
||||
{
|
||||
fail(x);
|
||||
}
|
||||
}
|
||||
|
||||
private void handshakeSent()
|
||||
{
|
||||
if (LOG.isDebugEnabled())
|
||||
LOG.debug("Written SOCKS5 handshake request");
|
||||
state = State.HANDSHAKE;
|
||||
fillInterested();
|
||||
}
|
||||
|
||||
private void fail(Throwable x)
|
||||
{
|
||||
if (LOG.isDebugEnabled())
|
||||
LOG.debug("SOCKS5 failure", x);
|
||||
getEndPoint().close(x);
|
||||
@SuppressWarnings("unchecked")
|
||||
Promise<Connection> promise = (Promise<Connection>)this.context.get(HttpClientTransport.HTTP_CONNECTION_PROMISE_CONTEXT_KEY);
|
||||
promise.failed(x);
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean onIdleExpired()
|
||||
{
|
||||
fail(new TimeoutException("Idle timeout expired"));
|
||||
return false;
|
||||
}
|
||||
|
||||
@Override
|
||||
public void onFillable()
|
||||
{
|
||||
try
|
||||
{
|
||||
switch (state)
|
||||
{
|
||||
case HANDSHAKE:
|
||||
receiveHandshake();
|
||||
break;
|
||||
case CONNECT:
|
||||
receiveConnect();
|
||||
break;
|
||||
default:
|
||||
throw new IllegalStateException();
|
||||
}
|
||||
}
|
||||
catch (Throwable x)
|
||||
{
|
||||
fail(x);
|
||||
}
|
||||
}
|
||||
|
||||
private void receiveHandshake() throws IOException
|
||||
{
|
||||
// +-------------+------------+
|
||||
// | version (1) | method (1) |
|
||||
// +-------------+------------+
|
||||
int filled = getEndPoint().fill(byteBuffer);
|
||||
if (filled < 0)
|
||||
throw new ClosedChannelException();
|
||||
if (byteBuffer.remaining() < 2)
|
||||
{
|
||||
fillInterested();
|
||||
return;
|
||||
}
|
||||
|
||||
if (LOG.isDebugEnabled())
|
||||
LOG.debug("Received SOCKS5 handshake response {}", BufferUtil.toDetailString(byteBuffer));
|
||||
|
||||
byte version = byteBuffer.get();
|
||||
if (version != Socks5.VERSION)
|
||||
throw new IOException("Unsupported SOCKS5 version: " + version);
|
||||
|
||||
byte method = byteBuffer.get();
|
||||
if (method == -1)
|
||||
throw new IOException("Unacceptable SOCKS5 authentication methods");
|
||||
|
||||
Socks5.Authentication.Factory factory = authentications.get(method);
|
||||
if (factory == null)
|
||||
throw new IOException("Unknown SOCKS5 authentication method: " + method);
|
||||
|
||||
factory.newAuthentication().authenticate(getEndPoint(), Callback.from(this::sendConnect, this::fail));
|
||||
}
|
||||
|
||||
private void sendConnect()
|
||||
{
|
||||
try
|
||||
{
|
||||
// +-------------+-------------+--------------+------------------+------------------------+----------+
|
||||
// | version (1) | command (1) | reserved (1) | address type (1) | address bytes (4..255) | port (2) |
|
||||
// +-------------+-------------+--------------+------------------+------------------------+----------+
|
||||
HttpDestination destination = (HttpDestination)context.get(HttpClientTransport.HTTP_DESTINATION_CONTEXT_KEY);
|
||||
Origin.Address address = destination.getOrigin().getAddress();
|
||||
String host = address.getHost();
|
||||
short port = (short)address.getPort();
|
||||
|
||||
ByteBuffer byteBuffer;
|
||||
Matcher matcher = IPv4_PATTERN.matcher(host);
|
||||
if (matcher.matches())
|
||||
{
|
||||
byteBuffer = ByteBuffer.allocate(10)
|
||||
.put(Socks5.VERSION)
|
||||
.put(Socks5.COMMAND_CONNECT)
|
||||
.put(Socks5.RESERVED)
|
||||
.put(Socks5.ADDRESS_TYPE_IPV4);
|
||||
for (int i = 1; i <= 4; ++i)
|
||||
{
|
||||
byteBuffer.put(Byte.parseByte(matcher.group(i)));
|
||||
}
|
||||
byteBuffer.putShort(port)
|
||||
.flip();
|
||||
}
|
||||
else if (URIUtil.isValidHostRegisteredName(host))
|
||||
{
|
||||
byte[] bytes = host.getBytes(StandardCharsets.US_ASCII);
|
||||
if (bytes.length > 255)
|
||||
throw new IOException("Invalid host name: " + host);
|
||||
byteBuffer = ByteBuffer.allocate(7 + bytes.length)
|
||||
.put(Socks5.VERSION)
|
||||
.put(Socks5.COMMAND_CONNECT)
|
||||
.put(Socks5.RESERVED)
|
||||
.put(Socks5.ADDRESS_TYPE_DOMAIN)
|
||||
.put((byte)bytes.length)
|
||||
.put(bytes)
|
||||
.putShort(port)
|
||||
.flip();
|
||||
}
|
||||
else
|
||||
{
|
||||
// Assume IPv6.
|
||||
byte[] bytes = InetAddress.getByName(host).getAddress();
|
||||
byteBuffer = ByteBuffer.allocate(22)
|
||||
.put(Socks5.VERSION)
|
||||
.put(Socks5.COMMAND_CONNECT)
|
||||
.put(Socks5.RESERVED)
|
||||
.put(Socks5.ADDRESS_TYPE_IPV6)
|
||||
.put(bytes)
|
||||
.putShort(port)
|
||||
.flip();
|
||||
}
|
||||
|
||||
getEndPoint().write(Callback.from(this::connectSent, this::fail), byteBuffer);
|
||||
}
|
||||
catch (Throwable x)
|
||||
{
|
||||
fail(x);
|
||||
}
|
||||
}
|
||||
|
||||
private void connectSent()
|
||||
{
|
||||
if (LOG.isDebugEnabled())
|
||||
LOG.debug("Written SOCKS5 connect request");
|
||||
state = State.CONNECT;
|
||||
fillInterested();
|
||||
}
|
||||
|
||||
private void receiveConnect() throws IOException
|
||||
{
|
||||
// +-------------+-----------+--------------+------------------+------------------------+----------+
|
||||
// | version (1) | reply (1) | reserved (1) | address type (1) | address bytes (4..255) | port (2) |
|
||||
// +-------------+-----------+--------------+------------------+------------------------+----------+
|
||||
int filled = getEndPoint().fill(byteBuffer);
|
||||
if (filled < 0)
|
||||
throw new ClosedChannelException();
|
||||
if (byteBuffer.remaining() < 5)
|
||||
{
|
||||
fillInterested();
|
||||
return;
|
||||
}
|
||||
byte addressType = byteBuffer.get(3);
|
||||
int length = 6;
|
||||
if (addressType == Socks5.ADDRESS_TYPE_IPV4)
|
||||
length += 4;
|
||||
else if (addressType == Socks5.ADDRESS_TYPE_DOMAIN)
|
||||
length += 1 + (byteBuffer.get(4) & 0xFF);
|
||||
else if (addressType == Socks5.ADDRESS_TYPE_IPV6)
|
||||
length += 16;
|
||||
else
|
||||
throw new IOException("Invalid SOCKS5 address type: " + addressType);
|
||||
if (byteBuffer.remaining() < length)
|
||||
{
|
||||
fillInterested();
|
||||
return;
|
||||
}
|
||||
|
||||
if (LOG.isDebugEnabled())
|
||||
LOG.debug("Received SOCKS5 connect response {}", BufferUtil.toDetailString(byteBuffer));
|
||||
|
||||
// We have all the SOCKS5 bytes.
|
||||
byte version = byteBuffer.get();
|
||||
if (version != Socks5.VERSION)
|
||||
throw new IOException("Unsupported SOCKS5 version: " + version);
|
||||
|
||||
byte status = byteBuffer.get();
|
||||
switch (status)
|
||||
{
|
||||
case 0:
|
||||
// Consume the buffer before upgrading to the tunnel.
|
||||
byteBuffer.position(length);
|
||||
tunnel();
|
||||
break;
|
||||
case 1:
|
||||
throw new IOException("SOCKS5 general failure");
|
||||
case 2:
|
||||
throw new IOException("SOCKS5 connection not allowed");
|
||||
case 3:
|
||||
throw new IOException("SOCKS5 network unreachable");
|
||||
case 4:
|
||||
throw new IOException("SOCKS5 host unreachable");
|
||||
case 5:
|
||||
throw new IOException("SOCKS5 connection refused");
|
||||
case 6:
|
||||
throw new IOException("SOCKS5 timeout expired");
|
||||
case 7:
|
||||
throw new IOException("SOCKS5 unsupported command");
|
||||
case 8:
|
||||
throw new IOException("SOCKS5 unsupported address");
|
||||
default:
|
||||
throw new IOException("SOCKS5 unknown status: " + status);
|
||||
}
|
||||
}
|
||||
|
||||
private void tunnel()
|
||||
{
|
||||
try
|
||||
{
|
||||
HttpDestination destination = (HttpDestination)context.get(HttpClientTransport.HTTP_DESTINATION_CONTEXT_KEY);
|
||||
// Don't want to do DNS resolution here.
|
||||
InetSocketAddress address = InetSocketAddress.createUnresolved(destination.getHost(), destination.getPort());
|
||||
context.put(ClientConnector.REMOTE_SOCKET_ADDRESS_CONTEXT_KEY, address);
|
||||
ClientConnectionFactory connectionFactory = this.connectionFactory;
|
||||
if (destination.isSecure())
|
||||
connectionFactory = destination.newSslClientConnectionFactory(null, connectionFactory);
|
||||
var newConnection = connectionFactory.newConnection(getEndPoint(), context);
|
||||
getEndPoint().upgrade(newConnection);
|
||||
if (LOG.isDebugEnabled())
|
||||
LOG.debug("SOCKS5 tunnel established: {} over {}", this, newConnection);
|
||||
}
|
||||
catch (Throwable x)
|
||||
{
|
||||
fail(x);
|
||||
}
|
||||
}
|
||||
|
||||
private enum State
|
||||
{
|
||||
HANDSHAKE, CONNECT
|
||||
}
|
||||
}
|
||||
}
|
File diff suppressed because it is too large
Load Diff
|
@ -176,6 +176,36 @@ public class HttpTester
|
|||
return r;
|
||||
}
|
||||
|
||||
public static Request parseRequest(InputStream inputStream) throws IOException
|
||||
{
|
||||
return parseRequest(from(inputStream));
|
||||
}
|
||||
|
||||
public static Request parseRequest(ReadableByteChannel channel) throws IOException
|
||||
{
|
||||
return parseRequest(from(channel));
|
||||
}
|
||||
|
||||
public static Request parseRequest(Input input) throws IOException
|
||||
{
|
||||
Request request;
|
||||
HttpParser parser = input.takeHttpParser();
|
||||
if (parser != null)
|
||||
{
|
||||
request = (Request)parser.getHandler();
|
||||
}
|
||||
else
|
||||
{
|
||||
request = newRequest();
|
||||
parser = new HttpParser(request);
|
||||
}
|
||||
parse(input, parser);
|
||||
if (request.isComplete())
|
||||
return request;
|
||||
input.setHttpParser(parser);
|
||||
return null;
|
||||
}
|
||||
|
||||
public static Response parseResponse(String response)
|
||||
{
|
||||
Response r = new Response();
|
||||
|
@ -230,7 +260,7 @@ public class HttpTester
|
|||
else
|
||||
r = (Response)parser.getHandler();
|
||||
|
||||
parseResponse(in, parser, r);
|
||||
parse(in, parser);
|
||||
|
||||
if (r.isComplete())
|
||||
return r;
|
||||
|
@ -246,13 +276,13 @@ public class HttpTester
|
|||
{
|
||||
parser = new HttpParser(response);
|
||||
}
|
||||
parseResponse(in, parser, response);
|
||||
parse(in, parser);
|
||||
|
||||
if (!response.isComplete())
|
||||
in.setHttpParser(parser);
|
||||
}
|
||||
|
||||
private static void parseResponse(Input in, HttpParser parser, Response r) throws IOException
|
||||
private static void parse(Input in, HttpParser parser) throws IOException
|
||||
{
|
||||
ByteBuffer buffer = in.getBuffer();
|
||||
|
||||
|
|
Loading…
Reference in New Issue