Página inicial Explorar Ajuda
Entrar
Yumin
/
nps
mirror de https://github.com/cnlh/nps.git
1
0
Fork 0
Arquivos Issues 0 Wiki
Tree: dd65e32fb5
Branches Tags
nps
/
server
/
proxy
/
https.go

https.go 4.8 KB
Histórico Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167 
  1. package proxy
    2. 

  2. 

  3. import (
    4. 

  4. 	"github.com/cnlh/nps/bridge"
    5. 

  5. 	"github.com/cnlh/nps/lib/common"
    6. 

  6. 	"github.com/cnlh/nps/lib/conn"
    7. 

  7. 	"github.com/cnlh/nps/lib/crypt"
    8. 

  8. 	"github.com/cnlh/nps/lib/file"
    9. 

  9. 	"github.com/cnlh/nps/vender/github.com/astaxie/beego"
    10. 

  10. 	"github.com/cnlh/nps/vender/github.com/astaxie/beego/logs"
    11. 

  11. 	"github.com/pkg/errors"
    12. 

  12. 	"net"
    13. 

  13. 	"net/http"
    14. 

  14. 	"net/url"
    15. 

  15. 	"sync"
    16. 

  16. )
    17. 

  17. 

  18. type HttpsServer struct {
    19. 

  19. 	httpServer
    20. 

  20. 	listener         net.Listener
    21. 

  21. 	httpsListenerMap sync.Map
    22. 

  22. }
    23. 

  23. 

  24. func NewHttpsServer(l net.Listener, bridge *bridge.Bridge) *HttpsServer {
    25. 

  25. 	https := &HttpsServer{listener: l}
    26. 

  26. 	https.bridge = bridge
    27. 

  27. 	return https
    28. 

  28. }
    29. 

  29. 

  30. func (https *HttpsServer) Start() error {
    31. 

  31. 	if b, err := beego.AppConfig.Bool("https_just_proxy"); err == nil && b {
    32. 

  32. 		conn.Accept(https.listener, func(c net.Conn) {
    33. 

  33. 			https.handleHttps(c)
    34. 

  34. 		})
    35. 

  35. 	} else {
    36. 

  36. 		//start the default listener
    37. 

  37. 		certFile := beego.AppConfig.String("https_default_cert_file")
    38. 

  38. 		keyFile := beego.AppConfig.String("https_default_key_file")
    39. 

  39. 		if common.FileExists(certFile) && common.FileExists(keyFile) {
    40. 

  40. 			l := NewHttpsListener(https.listener)
    41. 

  41. 			https.NewHttps(l, certFile, keyFile)
    42. 

  42. 			https.httpsListenerMap.Store("default", l)
    43. 

  43. 		}
    44. 

  44. 		conn.Accept(https.listener, func(c net.Conn) {
    45. 

  45. 			serverName, rb := GetServerNameFromClientHello(c)
    46. 

  46. 			//if the clientHello does not contains sni ,use the default ssl certificate
    47. 

  47. 			if serverName == "" {
    48. 

  48. 				serverName = "default"
    49. 

  49. 			}
    50. 

  50. 			var l *HttpsListener
    51. 

  51. 			if v, ok := https.httpsListenerMap.Load(serverName); ok {
    52. 

  52. 				l = v.(*HttpsListener)
    53. 

  53. 			} else {
    54. 

  54. 				r := buildHttpsRequest(serverName)
    55. 

  55. 				if host, err := file.GetDb().GetInfoByHost(serverName, r); err != nil {
    56. 

  56. 					c.Close()
    57. 

  57. 					logs.Notice("the url %s can't be parsed!,remote addr %s", serverName, c.RemoteAddr().String())
    58. 

  58. 					return
    59. 

  59. 				} else {
    60. 

  60. 					if !common.FileExists(host.CertFilePath) || !common.FileExists(host.KeyFilePath) {
    61. 

  61. 						//if the host cert file or key file is not set ,use the default file
    62. 

  62. 						if v, ok := https.httpsListenerMap.Load("default"); ok {
    63. 

  63. 							l = v.(*HttpsListener)
    64. 

  64. 						} else {
    65. 

  65. 							c.Close()
    66. 

  66. 							logs.Error("the key %s cert %s file is not exist", host.KeyFilePath, host.CertFilePath)
    67. 

  67. 							return
    68. 

  68. 						}
    69. 

  69. 					} else {
    70. 

  70. 						l = NewHttpsListener(https.listener)
    71. 

  71. 						https.NewHttps(l, host.CertFilePath, host.KeyFilePath)
    72. 

  72. 						https.httpsListenerMap.Store(serverName, l)
    73. 

  73. 					}
    74. 

  74. 				}
    75. 

  75. 			}
    76. 

  76. 			acceptConn := conn.NewConn(c)
    77. 

  77. 			acceptConn.Rb = rb
    78. 

  78. 			l.acceptConn <- acceptConn
    79. 

  79. 		})
    80. 

  80. 	}
    81. 

  81. 	return nil
    82. 

  82. }
    83. 

  83. 

  84. func (https *HttpsServer) Close() error {
    85. 

  85. 	return https.listener.Close()
    86. 

  86. }
    87. 

  87. 

  88. func (https *HttpsServer) NewHttps(l net.Listener, certFile string, keyFile string) {
    89. 

  89. 	go func() {
    90. 

  90. 		logs.Error(https.NewServer(0, "https").ServeTLS(l, certFile, keyFile))
    91. 

  91. 	}()
    92. 

  92. }
    93. 

  93. 

  94. func (https *HttpsServer) handleHttps(c net.Conn) {
    95. 

  95. 	hostName, rb := GetServerNameFromClientHello(c)
    96. 

  96. 	var targetAddr string
    97. 

  97. 	r := buildHttpsRequest(hostName)
    98. 

  98. 	var host *file.Host
    99. 

  99. 	var err error
    100. 

  100. 	if host, err = file.GetDb().GetInfoByHost(hostName, r); err != nil {
    101. 

  101. 		c.Close()
    102. 

  102. 		logs.Notice("the url %s can't be parsed!", hostName)
    103. 

  103. 		return
    104. 

  104. 	}
    105. 

  105. 	if err := https.CheckFlowAndConnNum(host.Client); err != nil {
    106. 

  106. 		logs.Warn("client id %d, host id %d, error %s, when https connection", host.Client.Id, host.Id, err.Error())
    107. 

  107. 		c.Close()
    108. 

  108. 		return
    109. 

  109. 	}
    110. 

  110. 	defer host.Client.AddConn()
    111. 

  111. 	if err = https.auth(r, conn.NewConn(c), host.Client.Cnf.U, host.Client.Cnf.P); err != nil {
    112. 

  112. 		logs.Warn("auth error", err, r.RemoteAddr)
    113. 

  113. 		return
    114. 

  114. 	}
    115. 

  115. 	if targetAddr, err = host.Target.GetRandomTarget(); err != nil {
    116. 

  116. 		logs.Warn(err.Error())
    117. 

  117. 	}
    118. 

  118. 	logs.Trace("new https connection,clientId %d,host %s,remote address %s", host.Client.Id, r.Host, c.RemoteAddr().String())
    119. 

  119. 	https.DealClient(conn.NewConn(c), host.Client, targetAddr, rb, common.CONN_TCP, nil, host.Flow)
    120. 

  120. }
    121. 

  121. 

  122. type HttpsListener struct {
    123. 

  123. 	acceptConn     chan *conn.Conn
    124. 

  124. 	parentListener net.Listener
    125. 

  125. }
    126. 

  126. 

  127. func NewHttpsListener(l net.Listener) *HttpsListener {
    128. 

  128. 	return &HttpsListener{parentListener: l, acceptConn: make(chan *conn.Conn)}
    129. 

  129. }
    130. 

  130. 

  131. func (httpsListener *HttpsListener) Accept() (net.Conn, error) {
    132. 

  132. 	httpsConn := <-httpsListener.acceptConn
    133. 

  133. 	if httpsConn == nil {
    134. 

  134. 		return nil, errors.New("get connection error")
    135. 

  135. 	}
    136. 

  136. 	return httpsConn, nil
    137. 

  137. }
    138. 

  138. 

  139. func (httpsListener *HttpsListener) Close() error {
    140. 

  140. 	return nil
    141. 

  141. }
    142. 

  142. 

  143. func (httpsListener *HttpsListener) Addr() net.Addr {
    144. 

  144. 	return httpsListener.parentListener.Addr()
    145. 

  145. }
    146. 

  146. 

  147. func GetServerNameFromClientHello(c net.Conn) (string, []byte) {
    148. 

  148. 	buf := make([]byte, 4096)
    149. 

  149. 	data := make([]byte, 4096)
    150. 

  150. 	n, err := c.Read(buf)
    151. 

  151. 	if err != nil {
    152. 

  152. 		return "", nil
    153. 

  153. 	}
    154. 

  154. 	copy(data, buf[:n])
    155. 

  155. 	clientHello := new(crypt.ClientHelloMsg)
    156. 

  156. 	clientHello.Unmarshal(data[5:n])
    157. 

  157. 	return clientHello.GetServerName(), buf[:n]
    158. 

  158. }
    159. 

  159. 

  160. func buildHttpsRequest(hostName string) *http.Request {
    161. 

  161. 	r := new(http.Request)
    162. 

  162. 	r.RequestURI = "/"
    163. 

  163. 	r.URL = new(url.URL)
    164. 

  164. 	r.URL.Scheme = "https"
    165. 

  165. 	r.Host = hostName
    166. 

  166. 	return r
    167. 

  167. }
    168.