1
/*
2
 * Copyright (c) 2001, 2013, Oracle and/or its affiliates. All rights reserved.
3
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4
 *
5
 * This code is free software; you can redistribute it and/or modify it
6
 * under the terms of the GNU General Public License version 2 only, as
7
 * published by the Free Software Foundation.
8
 *
9
 * This code is distributed in the hope that it will be useful, but WITHOUT
10
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
12
 * version 2 for more details (a copy is included in the LICENSE file that
13
 * accompanied this code).
14
 *
15
 * You should have received a copy of the GNU General Public License version
16
 * 2 along with this work; if not, write to the Free Software Foundation,
17
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18
 *
19
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20
 * or visit www.oracle.com if you need additional information or have any
21
 * questions.
22
 */
23

24
/**
25
 *
26
 * This class includes a proxy server that processes HTTP CONNECT requests,
27
 * and tunnels the data from the client to the server, once the CONNECT
28
 * is accepted.
29
 * It is used by the regression test for the bug fixes: 4323990, 4413069
30
 */
31
import java.io.*;
32
import java.net.*;
33
import javax.net.ssl.*;
34
import javax.net.ServerSocketFactory;
35
import sun.net.www.*;
36
import java.util.Base64;
37

38
public class ProxyTunnelServer extends Thread {
39

40
    private static ServerSocket ss = null;
41
    /*
42
     * holds the registered user's username and password
43
     * only one such entry is maintained
44
     */
45
    private String userPlusPass;
46

47
    // client requesting for a tunnel
48
    private Socket clientSocket = null;
49

50
    /*
51
     * Origin server's address and port that the client
52
     * wants to establish the tunnel for communication.
53
     */
54
    private InetAddress serverInetAddr;
55
    private int serverPort;
56

57
    /*
58
     * denote whether the proxy needs to authorize
59
     * CONNECT requests.
60
     */
61
    static boolean needAuth = false;
62

63
    public ProxyTunnelServer() throws IOException {
64
        if (ss == null) {
65
          ss = (ServerSocket) ServerSocketFactory.getDefault().
66
          createServerSocket(0);
67
        }
68
        setDaemon(true);
69
    }
70

71
    public void needUserAuth(boolean auth) {
72
        needAuth = auth;
73
    }
74

75
    /*
76
     * register users with the proxy, by providing username and
77
     * password. The username and password are used for authorizing the
78
     * user when a CONNECT request is made and needAuth is set to true.
79
     */
80
    public void setUserAuth(String uname, String passwd) {
81
        userPlusPass = uname + ":" + passwd;
82
    }
83

84
    public void run() {
85
        try {
86
            clientSocket = ss.accept();
87
            processRequests();
88
        } catch (Exception e) {
89
            System.out.println("Proxy Failed: " + e);
90
            e.printStackTrace();
91
            try {
92
                ss.close();
93
            }
94
            catch (IOException excep) {
95
                System.out.println("ProxyServer close error: " + excep);
96
                excep.printStackTrace();
97
            }
98
          }
99
    }
100

101
    /*
102
     * Processes the CONNECT requests, if needAuth is set to true, then
103
     * the name and password are extracted from the Proxy-Authorization header
104
     * of the request. They are checked against the one that is registered,
105
     * if there is a match, connection is set in tunneling mode. If
106
     * needAuth is set to false, Proxy-Authorization checks are not made
107
     */
108
    private void processRequests() throws Exception {
109

110
        InputStream in = clientSocket.getInputStream();
111
        MessageHeader mheader = new MessageHeader(in);
112
        String statusLine = mheader.getValue(0);
113

114
        if (statusLine.startsWith("CONNECT")) {
115
            // retrieve the host and port info from the status-line
116
            retrieveConnectInfo(statusLine);
117
            if (needAuth) {
118
                String authInfo;
119
                if ((authInfo = mheader.findValue("Proxy-Authorization"))
120
                                         != null) {
121
                   if (authenticate(authInfo)) {
122
                        needAuth = false;
123
                        System.out.println(
124
                                "Proxy: client authentication successful");
125
                   }
126
                }
127
            }
128
            respondForConnect(needAuth);
129

130
            // connection set to the tunneling mode
131
            if (!needAuth) {
132
                doTunnel();
133
                /*
134
                 * done with tunneling, we process only one successful
135
                 * tunneling request
136
                 */
137
                ss.close();
138
            } else {
139
                // we may get another request with Proxy-Authorization set
140
                in.close();
141
                clientSocket.close();
142
                restart();
143
            }
144
        } else {
145
            System.out.println("proxy server: processes only "
146
                                   + "CONNECT method requests, recieved: "
147
                                   + statusLine);
148
        }
149
    }
150

151
    private void respondForConnect(boolean needAuth) throws Exception {
152

153
        OutputStream out = clientSocket.getOutputStream();
154
        PrintWriter pout = new PrintWriter(out);
155

156
        if (needAuth) {
157
            pout.println("HTTP/1.1 407 Proxy Auth Required");
158
            pout.println("Proxy-Authenticate: Basic realm=\"WallyWorld\"");
159
            pout.println();
160
            pout.flush();
161
            out.close();
162
        } else {
163
            pout.println("HTTP/1.1 200 OK");
164
            pout.println();
165
            pout.flush();
166
        }
167
    }
168

169
    private void restart() throws IOException {
170
         (new Thread(this)).start();
171
    }
172

173
    /*
174
     * note: Tunneling has to be provided in both directions, i.e
175
     * from client->server and server->client, even if the application
176
     * data may be unidirectional, SSL handshaking data flows in either
177
     * direction.
178
     */
179
    private void doTunnel() throws Exception {
180

181
        Socket serverSocket = new Socket(serverInetAddr, serverPort);
182
        ProxyTunnel clientToServer = new ProxyTunnel(
183
                                clientSocket, serverSocket);
184
        ProxyTunnel serverToClient = new ProxyTunnel(
185
                                serverSocket, clientSocket);
186
        clientToServer.start();
187
        serverToClient.start();
188
        System.out.println("Proxy: Started tunneling.......");
189

190
        clientToServer.join();
191
        serverToClient.join();
192
        System.out.println("Proxy: Finished tunneling........");
193

194
        clientToServer.close();
195
        serverToClient.close();
196
    }
197

198
    /*
199
     * This inner class provides unidirectional data flow through the sockets
200
     * by continuously copying bytes from the input socket onto the output
201
     * socket, until both sockets are open and EOF has not been received.
202
     */
203
    class ProxyTunnel extends Thread {
204
        Socket sockIn;
205
        Socket sockOut;
206
        InputStream input;
207
        OutputStream output;
208

209
        public ProxyTunnel(Socket sockIn, Socket sockOut)
210
        throws Exception {
211
            this.sockIn = sockIn;
212
            this.sockOut = sockOut;
213
            input = sockIn.getInputStream();
214
            output = sockOut.getOutputStream();
215
            setDaemon(true);
216
        }
217

218
        public void run() {
219
            int BUFFER_SIZE = 400;
220
            byte[] buf = new byte[BUFFER_SIZE];
221
            int bytesRead = 0;
222
            int count = 0;  // keep track of the amount of data transfer
223

224
            try {
225
                while ((bytesRead = input.read(buf)) >= 0) {
226
                    output.write(buf, 0, bytesRead);
227
                    output.flush();
228
                    count += bytesRead;
229
                }
230
            } catch (IOException e) {
231
                /*
232
                 * The peer end has closed the connection
233
                 * we will close the tunnel
234
                 */
235
                close();
236
              }
237
        }
238

239
        public void close() {
240
            try {
241
                if (!sockIn.isClosed())
242
                    sockIn.close();
243
                if (!sockOut.isClosed())
244
                    sockOut.close();
245
            } catch (IOException ignored) { }
246
        }
247
    }
248

249
    /*
250
     ***************************************************************
251
     *                  helper methods follow
252
     ***************************************************************
253
     */
254

255
    /*
256
     * This method retrieves the hostname and port of the destination
257
     * that the connect request wants to establish a tunnel for
258
     * communication.
259
     * The input, connectStr is of the form:
260
     *                          CONNECT server-name:server-port HTTP/1.x
261
     */
262
    private void retrieveConnectInfo(String connectStr) throws Exception {
263

264
        int starti;
265
        int endi;
266
        String connectInfo;
267
        String serverName = null;
268
        try {
269
            starti = connectStr.indexOf(' ');
270
            endi = connectStr.lastIndexOf(' ');
271
            connectInfo = connectStr.substring(starti+1, endi).trim();
272
            // retrieve server name and port
273
            endi = connectInfo.indexOf(':');
274
            serverName = connectInfo.substring(0, endi);
275
            serverPort = Integer.parseInt(connectInfo.substring(endi+1));
276
        } catch (Exception e) {
277
            throw new IOException("Proxy recieved a request: "
278
                                        + connectStr);
279
          }
280
        serverInetAddr = InetAddress.getByName(serverName);
281
    }
282

283
    public int getPort() {
284
        return ss.getLocalPort();
285
    }
286

287
    /*
288
     * do "basic" authentication, authInfo is of the form:
289
     *                                  Basic <encoded username":"password>
290
     * reference RFC 2617
291
     */
292
    private boolean authenticate(String authInfo) throws IOException {
293
        boolean matched = false;
294
        try {
295
            authInfo.trim();
296
            int ind = authInfo.indexOf(' ');
297
            String recvdUserPlusPass = authInfo.substring(ind + 1).trim();
298

299
            // extract encoded (username:passwd
300
            if (userPlusPass.equals(
301
                            new String( Base64.getMimeDecoder()
302
                                        .decode(recvdUserPlusPass))))
303
            {
304
                matched = true;
305
            }
306
        } catch (Exception e) {
307
              throw new IOException(
308
                "Proxy received invalid Proxy-Authorization value: "
309
                 + authInfo);
310
          }
311
        return matched;
312
    }
313
}
314

315