1
/*
2
 * Copyright (c) 2001, 2019, Oracle and/or its affiliates. All rights reserved.
3
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4
 *
5
 * This code is free software; you can redistribute it and/or modify it
6
 * under the terms of the GNU General Public License version 2 only, as
7
 * published by the Free Software Foundation.
8
 *
9
 * This code is distributed in the hope that it will be useful, but WITHOUT
10
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
12
 * version 2 for more details (a copy is included in the LICENSE file that
13
 * accompanied this code).
14
 *
15
 * You should have received a copy of the GNU General Public License version
16
 * 2 along with this work; if not, write to the Free Software Foundation,
17
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18
 *
19
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20
 * or visit www.oracle.com if you need additional information or have any
21
 * questions.
22
 */
23

24
/**
25
 *
26
 * This class includes a proxy server that processes HTTP CONNECT requests,
27
 * and tunnels the data from the client to the server, once the CONNECT
28
 * is accepted.
29
 * It is used by the regression test for the bug fixes: 4323990, 4413069
30
 */
31
import java.io.*;
32
import java.net.*;
33
import javax.net.ssl.*;
34
import javax.net.ServerSocketFactory;
35
import sun.net.www.*;
36
import java.util.Base64;
37

38
public class ProxyTunnelServer extends Thread {
39

40
    private static ServerSocket ss = null;
41
    /*
42
     * holds the registered user's username and password
43
     * only one such entry is maintained
44
     */
45
    private String userPlusPass;
46

47
    // client requesting for a tunnel
48
    private Socket clientSocket = null;
49

50
    /*
51
     * Origin server's address and port that the client
52
     * wants to establish the tunnel for communication.
53
     */
54
    private InetAddress serverInetAddr;
55
    private int serverPort;
56

57
    /*
58
     * denote whether the proxy needs to authorize
59
     * CONNECT requests.
60
     */
61
    static boolean needAuth = false;
62

63
    public ProxyTunnelServer() throws IOException {
64
        this(null); // use wildcard
65
    }
66

67
    public ProxyTunnelServer(InetAddress proxyAddress) throws IOException {
68
        if (ss == null) {
69
            ss = (ServerSocket) ServerSocketFactory.getDefault().
70
                createServerSocket();
71
            ss.bind(new InetSocketAddress(proxyAddress, 0));
72
        }
73
        setDaemon(true);
74
    }
75

76
    public void needUserAuth(boolean auth) {
77
        needAuth = auth;
78
    }
79

80
    /*
81
     * register users with the proxy, by providing username and
82
     * password. The username and password are used for authorizing the
83
     * user when a CONNECT request is made and needAuth is set to true.
84
     */
85
    public void setUserAuth(String uname, String passwd) {
86
        userPlusPass = uname + ":" + passwd;
87
    }
88

89
    public void run() {
90
        try {
91
            clientSocket = ss.accept();
92
            processRequests();
93
        } catch (Exception e) {
94
            System.out.println("Proxy Failed: " + e);
95
            e.printStackTrace();
96
            try {
97
                ss.close();
98
            }
99
            catch (IOException excep) {
100
                System.out.println("ProxyServer close error: " + excep);
101
                excep.printStackTrace();
102
            }
103
          }
104
    }
105

106
    /*
107
     * Processes the CONNECT requests, if needAuth is set to true, then
108
     * the name and password are extracted from the Proxy-Authorization header
109
     * of the request. They are checked against the one that is registered,
110
     * if there is a match, connection is set in tunneling mode. If
111
     * needAuth is set to false, Proxy-Authorization checks are not made
112
     */
113
    private void processRequests() throws Exception {
114

115
        InputStream in = clientSocket.getInputStream();
116
        MessageHeader mheader = new MessageHeader(in);
117
        String statusLine = mheader.getValue(0);
118

119
        if (statusLine.startsWith("CONNECT")) {
120
            // retrieve the host and port info from the status-line
121
            retrieveConnectInfo(statusLine);
122
            if (needAuth) {
123
                String authInfo;
124
                if ((authInfo = mheader.findValue("Proxy-Authorization"))
125
                                         != null) {
126
                   if (authenticate(authInfo)) {
127
                        needAuth = false;
128
                        System.out.println(
129
                                "Proxy: client authentication successful");
130
                   }
131
                }
132
            }
133
            respondForConnect(needAuth);
134

135
            // connection set to the tunneling mode
136
            if (!needAuth) {
137
                doTunnel();
138
                /*
139
                 * done with tunneling, we process only one successful
140
                 * tunneling request
141
                 */
142
                ss.close();
143
            } else {
144
                // we may get another request with Proxy-Authorization set
145
                in.close();
146
                clientSocket.close();
147
                restart();
148
            }
149
        } else {
150
            System.out.println("proxy server: processes only "
151
                                   + "CONNECT method requests, recieved: "
152
                                   + statusLine);
153
        }
154
    }
155

156
    private void respondForConnect(boolean needAuth) throws Exception {
157

158
        OutputStream out = clientSocket.getOutputStream();
159
        PrintWriter pout = new PrintWriter(out);
160

161
        if (needAuth) {
162
            pout.println("HTTP/1.1 407 Proxy Auth Required");
163
            pout.println("Proxy-Authenticate: Basic realm=\"WallyWorld\"");
164
            pout.println();
165
            pout.flush();
166
            out.close();
167
        } else {
168
            pout.println("HTTP/1.1 200 OK");
169
            pout.println();
170
            pout.flush();
171
        }
172
    }
173

174
    private void restart() throws IOException {
175
         (new Thread(this)).start();
176
    }
177

178
    /*
179
     * note: Tunneling has to be provided in both directions, i.e
180
     * from client->server and server->client, even if the application
181
     * data may be unidirectional, SSL handshaking data flows in either
182
     * direction.
183
     */
184
    private void doTunnel() throws Exception {
185

186
        Socket serverSocket = new Socket(serverInetAddr, serverPort);
187
        ProxyTunnel clientToServer = new ProxyTunnel(
188
                                clientSocket, serverSocket);
189
        ProxyTunnel serverToClient = new ProxyTunnel(
190
                                serverSocket, clientSocket);
191
        clientToServer.start();
192
        serverToClient.start();
193
        System.out.println("Proxy: Started tunneling.......");
194

195
        clientToServer.join();
196
        serverToClient.join();
197
        System.out.println("Proxy: Finished tunneling........");
198

199
        clientToServer.close();
200
        serverToClient.close();
201
    }
202

203
    /*
204
     * This inner class provides unidirectional data flow through the sockets
205
     * by continuously copying bytes from the input socket onto the output
206
     * socket, until both sockets are open and EOF has not been received.
207
     */
208
    class ProxyTunnel extends Thread {
209
        Socket sockIn;
210
        Socket sockOut;
211
        InputStream input;
212
        OutputStream output;
213

214
        public ProxyTunnel(Socket sockIn, Socket sockOut)
215
        throws Exception {
216
            this.sockIn = sockIn;
217
            this.sockOut = sockOut;
218
            input = sockIn.getInputStream();
219
            output = sockOut.getOutputStream();
220
            setDaemon(true);
221
        }
222

223
        public void run() {
224
            int BUFFER_SIZE = 400;
225
            byte[] buf = new byte[BUFFER_SIZE];
226
            int bytesRead = 0;
227
            int count = 0;  // keep track of the amount of data transfer
228

229
            try {
230
                while ((bytesRead = input.read(buf)) >= 0) {
231
                    output.write(buf, 0, bytesRead);
232
                    output.flush();
233
                    count += bytesRead;
234
                }
235
            } catch (IOException e) {
236
                /*
237
                 * The peer end has closed the connection
238
                 * we will close the tunnel
239
                 */
240
                close();
241
              }
242
        }
243

244
        public void close() {
245
            try {
246
                if (!sockIn.isClosed())
247
                    sockIn.close();
248
                if (!sockOut.isClosed())
249
                    sockOut.close();
250
            } catch (IOException ignored) { }
251
        }
252
    }
253

254
    /*
255
     ***************************************************************
256
     *                  helper methods follow
257
     ***************************************************************
258
     */
259

260
    /*
261
     * This method retrieves the hostname and port of the destination
262
     * that the connect request wants to establish a tunnel for
263
     * communication.
264
     * The input, connectStr is of the form:
265
     *                          CONNECT server-name:server-port HTTP/1.x
266
     */
267
    private void retrieveConnectInfo(String connectStr) throws Exception {
268

269
        int starti;
270
        int endi;
271
        String connectInfo;
272
        String serverName = null;
273
        try {
274
            starti = connectStr.indexOf(' ');
275
            endi = connectStr.lastIndexOf(' ');
276
            connectInfo = connectStr.substring(starti+1, endi).trim();
277
            // retrieve server name and port
278
            endi = connectInfo.indexOf(':');
279
            serverName = connectInfo.substring(0, endi);
280
            serverPort = Integer.parseInt(connectInfo.substring(endi+1));
281
        } catch (Exception e) {
282
            throw new IOException("Proxy received a request: "
283
                                  + connectStr, e);
284
        }
285
        serverInetAddr = InetAddress.getByName(serverName);
286
    }
287

288
    public int getPort() {
289
        return ss.getLocalPort();
290
    }
291

292
    public InetAddress getInetAddress() {
293
        return ss.getInetAddress();
294
    }
295

296
    /*
297
     * do "basic" authentication, authInfo is of the form:
298
     *                                  Basic <encoded username":"password>
299
     * reference RFC 2617
300
     */
301
    private boolean authenticate(String authInfo) throws IOException {
302
        boolean matched = false;
303
        try {
304
            authInfo.trim();
305
            int ind = authInfo.indexOf(' ');
306
            String recvdUserPlusPass = authInfo.substring(ind + 1).trim();
307

308
            // extract encoded (username:passwd
309
            if (userPlusPass.equals(
310
                            new String( Base64.getMimeDecoder()
311
                                        .decode(recvdUserPlusPass))))
312
            {
313
                matched = true;
314
            }
315
        } catch (Exception e) {
316
              throw new IOException(
317
                "Proxy received invalid Proxy-Authorization value: "
318
                 + authInfo);
319
          }
320
        return matched;
321
    }
322
}
323

324