Multiple HTTPS certificate support

ehang-io · Mar 30, 2019 · 2b841ad · 2b841ad
1 parent 5fd335f
commit 2b841ad
Show file tree

Hide file tree

Showing 16 changed files with 560 additions and 111 deletions.
diff --git a/bridge/bridge.go b/bridge/bridge.go
@@ -162,7 +162,7 @@ func (s *Bridge) verifySuccess(c *conn.Conn) {
 func (s *Bridge) cliProcess(c *conn.Conn) {
 	//read test flag
 	if _, err := c.GetShortContent(3); err != nil {
-		logs.Info("The client %s connect error", c.Conn.RemoteAddr())
+		logs.Info("The client %s connect error", c.Conn.RemoteAddr(), err.Error())
 		return
 	}
 	//version check
@@ -173,7 +173,7 @@ func (s *Bridge) cliProcess(c *conn.Conn) {
 	}
 	//write server version to client
 	c.Write([]byte(crypt.Md5(version.GetVersion())))
-	c.SetReadDeadline(5, s.tunnelType)
+	c.SetReadDeadlineByType(5, s.tunnelType)
 	var buf []byte
 	var err error
 	//get vKey from client

diff --git a/client/control.go b/client/control.go
@@ -1,6 +1,7 @@
 package client
 
 import (
+	"encoding/base64"
 	"encoding/binary"
 	"errors"
 	"github.com/cnlh/nps/lib/common"
@@ -14,6 +15,8 @@ import (
 	"io/ioutil"
 	"log"
 	"net"
+	"net/http"
+	"net/http/httputil"
 	"net/url"
 	"os"
 	"path/filepath"
@@ -180,11 +183,16 @@ func NewConn(tp string, vkey string, server string, connType string, proxyUrl st
 			if er != nil {
 				return nil, er
 			}
-			n, er := proxy.FromURL(u, nil)
-			if er != nil {
-				return nil, er
+			switch u.Scheme {
+			case "socks5":
+				n, er := proxy.FromURL(u, nil)
+				if er != nil {
+					return nil, er
+				}
+				connection, err = n.Dial("tcp", server)
+			case "http":
+				connection, err = NewHttpProxyConn(u, server)
 			}
-			connection, err = n.Dial("tcp", server)
 		} else {
 			connection, err = net.Dial("tcp", server)
 		}
@@ -230,3 +238,36 @@ func NewConn(tp string, vkey string, server string, connType string, proxyUrl st
 
 	return c, nil
 }
+
+func NewHttpProxyConn(url *url.URL, remoteAddr string) (net.Conn, error) {
+	req := &http.Request{
+		Method: "CONNECT",
+		URL:    url,
+		Host:   remoteAddr,
+		Header: http.Header{},
+		Proto:  "HTTP/1.1",
+	}
+	password, _ := url.User.Password()
+	req.Header.Set("Proxy-Authorization", "Basic "+basicAuth(url.User.Username(), password))
+	b, err := httputil.DumpRequest(req, false)
+	if err != nil {
+		return nil, err
+	}
+	proxyConn, err := net.Dial("tcp", url.Host)
+	if err != nil {
+		return nil, err
+	}
+	if _, err := proxyConn.Write(b); err != nil {
+		return nil, err
+	}
+	buf := make([]byte, 1024)
+	if _, err := proxyConn.Read(buf); err != nil {
+		return nil, err
+	}
+	return proxyConn, nil
+}
+
+func basicAuth(username, password string) string {
+	auth := username + ":" + password
+	return base64.StdEncoding.EncodeToString([]byte(auth))
+}
diff --git a/conf/nps.conf b/conf/nps.conf
@@ -7,10 +7,6 @@ http_proxy_port=80
 https_proxy_port=443
 https_just_proxy=true
 http_proxy_ip=0.0.0.0
-#certFile absolute path
-#pem_path=conf/server.pem
-#KeyFile absolute path
-#key_path=conf/server.key
 
 ##bridge
 bridge_type=tcp

diff --git a/lib/config/config.go b/lib/config/config.go
@@ -130,7 +130,7 @@ func dealCommon(s string) *CommonConfig {
 			c.Cnf.Compress = common.GetBoolByStr(item[1])
 		case "crypt":
 			c.Cnf.Crypt = common.GetBoolByStr(item[1])
-		case "proxy_socks5_url":
+		case "proxy_url":
 			c.ProxyUrl = item[1]
 		case "rate_limit":
 			c.Client.RateLimit = common.GetIntNoErrByStr(item[1])

diff --git a/lib/conn/conn.go b/lib/conn/conn.go
@@ -25,6 +25,7 @@ import (
 
 type Conn struct {
 	Conn net.Conn
+	Rb   []byte
 }
 
 //new conn
@@ -83,6 +84,26 @@ func (s *Conn) GetShortContent(l int) (b []byte, err error) {
 	return buf, binary.Read(s, binary.LittleEndian, &buf)
 }
 
+func (s *Conn) LocalAddr() net.Addr {
+	return s.Conn.LocalAddr()
+}
+
+func (s *Conn) RemoteAddr() net.Addr {
+	return s.Conn.RemoteAddr()
+}
+
+func (s *Conn) SetDeadline(t time.Time) error {
+	return s.Conn.SetDeadline(t)
+}
+
+func (s *Conn) SetWriteDeadline(t time.Time) error {
+	return s.Conn.SetWriteDeadline(t)
+}
+
+func (s *Conn) SetReadDeadline(t time.Time) error {
+	return s.Conn.SetReadDeadline(t)
+}
+
 //读取指定长度内容
 func (s *Conn) ReadLen(cLen int, buf []byte) (int, error) {
 	if cLen > len(buf) {
@@ -130,7 +151,7 @@ func (s *Conn) SetAlive(tp string) {
 }
 
 //set read deadline
-func (s *Conn) SetReadDeadline(t time.Duration, tp string) {
+func (s *Conn) SetReadDeadlineByType(t time.Duration, tp string) {
 	switch s.Conn.(type) {
 	case *kcp.UDPSession:
 		s.Conn.(*kcp.UDPSession).SetReadDeadline(time.Now().Add(time.Duration(t) * time.Second))
@@ -340,7 +361,15 @@ func (s *Conn) Write(b []byte) (int, error) {
 }
 
 //read
-func (s *Conn) Read(b []byte) (int, error) {
+func (s *Conn) Read(b []byte) (n int, err error) {
+	if s.Rb != nil {
+		if len(s.Rb) > 0 {
+			n = copy(b, s.Rb)
+			s.Rb = s.Rb[n:]
+			return
+		}
+		s.Rb = nil
+	}
 	return s.Conn.Read(b)
 }