1
/*
2
 * Copyright (c) 2002, 2013, Oracle and/or its affiliates. All rights reserved.
3
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4
 *
5
 * This code is free software; you can redistribute it and/or modify it
6
 * under the terms of the GNU General Public License version 2 only, as
7
 * published by the Free Software Foundation.
8
 *
9
 * This code is distributed in the hope that it will be useful, but WITHOUT
10
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
12
 * version 2 for more details (a copy is included in the LICENSE file that
13
 * accompanied this code).
14
 *
15
 * You should have received a copy of the GNU General Public License version
16
 * 2 along with this work; if not, write to the Free Software Foundation,
17
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18
 *
19
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20
 * or visit www.oracle.com if you need additional information or have any
21
 * questions.
22
 */
23

24
/**
25
 *
26
 * This class includes a proxy server that processes HTTP CONNECT requests,
27
 * and tunnels the data from the client to the server, once the CONNECT
28
 * request is accepted.
29
 * It is used by the TunnelThroughProxy test.
30
 */
31

32
import java.io.*;
33
import java.net.*;
34
import java.util.Base64;
35
import javax.net.ssl.*;
36
import javax.net.ServerSocketFactory;
37
import sun.net.www.*;
38

39
public class ProxyTunnelServer extends Thread {
40

41
    private static ServerSocket ss = null;
42
    /*
43
     * holds the registered user's username and password
44
     * only one such entry is maintained
45
     */
46
    private String userPlusPass;
47

48
    // client requesting for a tunnel
49
    private Socket clientSocket = null;
50

51
    /*
52
     * Origin server's address and port that the client
53
     * wants to establish the tunnel for communication.
54
     */
55
    private InetAddress serverInetAddr;
56
    private int serverPort;
57

58
    /*
59
     * denote whether the proxy needs to authorize
60
     * CONNECT requests.
61
     */
62
    static boolean needAuth = false;
63

64
    public ProxyTunnelServer() throws IOException {
65
        if (ss == null) {
66
          ss = (ServerSocket) ServerSocketFactory.getDefault().
67
          createServerSocket(0);
68
        }
69
    }
70

71
    public void needUserAuth(boolean auth) {
72
        needAuth = auth;
73
    }
74

75
    /*
76
     * register users with the proxy, by providing username and
77
     * password. The username and password are used for authorizing the
78
     * user when a CONNECT request is made and needAuth is set to true.
79
     */
80
    public void setUserAuth(String uname, String passwd) {
81
        userPlusPass = uname + ":" + passwd;
82
    }
83

84
    public void run() {
85
        try {
86
            clientSocket = ss.accept();
87
            processRequests();
88
        } catch (Exception e) {
89
            System.out.println("Proxy Failed: " + e);
90
            e.printStackTrace();
91
            try {
92
                ss.close();
93
            }
94
            catch (IOException excep) {
95
                System.out.println("ProxyServer close error: " + excep);
96
                excep.printStackTrace();
97
            }
98
          }
99
    }
100

101
    /*
102
     * Processes the CONNECT requests, if needAuth is set to true, then
103
     * the name and password are extracted from the Proxy-Authorization header
104
     * of the request. They are checked against the one that is registered,
105
     * if there is a match, connection is set in tunneling mode. If
106
     * needAuth is set to false, Proxy-Authorization checks are not made
107
     */
108
    private void processRequests() throws Exception {
109

110
        InputStream in = clientSocket.getInputStream();
111
        MessageHeader mheader = new MessageHeader(in);
112
        String statusLine = mheader.getValue(0);
113

114
        if (statusLine.startsWith("CONNECT")) {
115
            // retrieve the host and port info from the status-line
116
            // retrieveConnectInfo(statusLine);
117
            if (needAuth) {
118
                String authInfo;
119
                if ((authInfo = mheader.findValue("Proxy-Authorization"))
120
                                         != null) {
121
                   if (authenticate(authInfo)) {
122
                        needAuth = false;
123
                        System.out.println(
124
                                "Proxy: client authentication successful");
125
                   }
126
                }
127
            }
128
            respondForConnect(needAuth);
129

130
            // connection set to the tunneling mode
131
            if (!needAuth) {
132
                // doTunnel();
133
                /*
134
                 * done with tunneling, we process only one successful
135
                 * tunneling request
136
                 */
137
                ss.close();
138
            } else {
139
                // we may get another request with Proxy-Authorization set
140
                in.close();
141
                clientSocket.close();
142
                restart();
143
            }
144
        } else {
145
            System.out.println("proxy server: processes only "
146
                                   + "CONNECT method requests, recieved: "
147
                                   + statusLine);
148
        }
149
    }
150

151
    private void respondForConnect(boolean needAuth) throws Exception {
152

153
        OutputStream out = clientSocket.getOutputStream();
154
        PrintWriter pout = new PrintWriter(out);
155

156
        if (needAuth) {
157
            pout.println("HTTP/1.1 407 Proxy Auth Required");
158
            pout.println("Proxy-Authenticate: Basic realm=\"WallyWorld\"");
159
            pout.println();
160
            pout.flush();
161
            out.close();
162
        } else {
163
            pout.println("HTTP/1.1 500 Server Error");
164
            pout.println();
165
            pout.flush();
166
            out.close();
167
        }
168
    }
169

170
    private void restart() throws IOException {
171
         (new Thread(this)).start();
172
    }
173

174
    /*sc
175
     * note: Tunneling has to be provided in both directions, i.e
176
     * from client->server and server->client, even if the application
177
     * data may be unidirectional, SSL handshaking data flows in either
178
     * direction.
179
     */
180
    private void doTunnel() throws Exception {
181

182
        Socket serverSocket = new Socket(serverInetAddr, serverPort);
183
        ProxyTunnel clientToServer = new ProxyTunnel(
184
                                clientSocket, serverSocket);
185
        ProxyTunnel serverToClient = new ProxyTunnel(
186
                                serverSocket, clientSocket);
187
        clientToServer.start();
188
        serverToClient.start();
189
        System.out.println("Proxy: Started tunneling.......");
190

191
        clientToServer.join();
192
        serverToClient.join();
193
        System.out.println("Proxy: Finished tunneling........");
194

195
        clientToServer.close();
196
        serverToClient.close();
197
    }
198

199
    /*
200
     * This inner class provides unidirectional data flow through the sockets
201
     * by continuously copying bytes from the input socket onto the output
202
     * socket, until both sockets are open and EOF has not been received.
203
     */
204
    class ProxyTunnel extends Thread {
205
        Socket sockIn;
206
        Socket sockOut;
207
        InputStream input;
208
        OutputStream output;
209

210
        public ProxyTunnel(Socket sockIn, Socket sockOut)
211
        throws Exception {
212
            this.sockIn = sockIn;
213
            this.sockOut = sockOut;
214
            input = sockIn.getInputStream();
215
            output = sockOut.getOutputStream();
216
        }
217

218
        public void run() {
219
            int BUFFER_SIZE = 400;
220
            byte[] buf = new byte[BUFFER_SIZE];
221
            int bytesRead = 0;
222
            int count = 0;  // keep track of the amount of data transfer
223

224
            try {
225
                while ((bytesRead = input.read(buf)) >= 0) {
226
                    output.write(buf, 0, bytesRead);
227
                    output.flush();
228
                    count += bytesRead;
229
                }
230
            } catch (IOException e) {
231
                /*
232
                 * The peer end has closed the connection
233
                 * we will close the tunnel
234
                 */
235
                close();
236
              }
237
        }
238

239
        public void close() {
240
            try {
241
                if (!sockIn.isClosed())
242
                    sockIn.close();
243
                if (!sockOut.isClosed())
244
                    sockOut.close();
245
            } catch (IOException ignored) { }
246
        }
247
    }
248

249
    /*
250
     ***************************************************************
251
     *                  helper methods follow
252
     ***************************************************************
253
     */
254

255
    /*
256
     * This method retrieves the hostname and port of the destination
257
     * that the connect request wants to establish a tunnel for
258
     * communication.
259
     * The input, connectStr is of the form:
260
     *                          CONNECT server-name:server-port HTTP/1.x
261
     */
262
    private void retrieveConnectInfo(String connectStr) throws Exception {
263
        int starti;
264
        int endi;
265
        String connectInfo;
266
        String serverName = null;
267
        try {
268
            starti = connectStr.indexOf(' ');
269
            endi = connectStr.lastIndexOf(' ');
270
            connectInfo = connectStr.substring(starti+1, endi).trim();
271
            // retrieve server name and port
272
            endi = connectInfo.indexOf(':');
273
            serverName = connectInfo.substring(0, endi);
274
            serverPort = Integer.parseInt(connectInfo.substring(endi+1));
275
        } catch (Exception e) {
276
            throw new IOException("Proxy recieved a request: "
277
                                        + connectStr);
278
          }
279
        serverInetAddr = InetAddress.getByName(serverName);
280
    }
281

282
    public int getPort() {
283
        return ss.getLocalPort();
284
    }
285

286
    /*
287
     * do "basic" authentication, authInfo is of the form:
288
     *                                  Basic <encoded username":"password>
289
     * reference RFC 2617
290
     */
291
    private boolean authenticate(String authInfo) throws IOException {
292
        boolean matched = false;
293
        try {
294
            authInfo.trim();
295
            int ind = authInfo.indexOf(' ');
296
            String recvdUserPlusPass = authInfo.substring(ind + 1).trim();
297
            // extract encoded (username:passwd
298
            if (userPlusPass.equals(
299
                                new String(Base64.getDecoder().decode(recvdUserPlusPass))
300
                                )) {
301
                matched = true;
302
            }
303
        } catch (Exception e) {
304
              throw new IOException(
305
                "Proxy received invalid Proxy-Authorization value: "
306
                 + authInfo);
307
          }
308
        return matched;
309
    }
310
}
311

312