Snawoot
GitHub
commit
20f676d5cd
|
|
@ -155,8 +155,14 @@ $ ~/go/bin/dumbproxy -h
|
|||
CA file to authenticate clients with certificates
|
||||
-cert string
|
||||
enable TLS and use certificate
|
||||
-ciphers string
|
||||
colon-separated list of enabled ciphers
|
||||
-disable-http2
|
||||
disable HTTP2
|
||||
-key string
|
||||
key for TLS certificate
|
||||
-list-ciphers
|
||||
list ciphersuites
|
||||
-timeout duration
|
||||
timeout for network operations (default 10s)
|
||||
-verbosity int
|
||||
|
|
|
|||
15
auth.go
15
auth.go
|
|
@ -1,16 +1,16 @@
|
|||
package main
|
||||
|
||||
import (
|
||||
"os"
|
||||
"bufio"
|
||||
"crypto/subtle"
|
||||
"encoding/base64"
|
||||
"errors"
|
||||
"golang.org/x/crypto/bcrypt"
|
||||
"net/http"
|
||||
"net/url"
|
||||
"errors"
|
||||
"strings"
|
||||
"os"
|
||||
"strconv"
|
||||
"encoding/base64"
|
||||
"crypto/subtle"
|
||||
"golang.org/x/crypto/bcrypt"
|
||||
"bufio"
|
||||
"strings"
|
||||
)
|
||||
|
||||
const AUTH_REQUIRED_MSG = "Proxy authentication required.\n"
|
||||
|
|
@ -188,7 +188,6 @@ func (_ NoAuth) Validate(wr http.ResponseWriter, req *http.Request) bool {
|
|||
return true
|
||||
}
|
||||
|
||||
|
||||
type CertAuth struct{}
|
||||
|
||||
func (_ CertAuth) Validate(wr http.ResponseWriter, req *http.Request) bool {
|
||||
|
|
|
|||
|
|
@ -1,8 +1,8 @@
|
|||
package main
|
||||
|
||||
import (
|
||||
"log"
|
||||
"fmt"
|
||||
"log"
|
||||
)
|
||||
|
||||
const (
|
||||
|
|
|
|||
|
|
@ -1,13 +1,13 @@
|
|||
package main
|
||||
|
||||
import (
|
||||
"net"
|
||||
"context"
|
||||
"fmt"
|
||||
"time"
|
||||
"net"
|
||||
"net/http"
|
||||
"strings"
|
||||
"context"
|
||||
"sync"
|
||||
"time"
|
||||
)
|
||||
|
||||
type ProxyHandler struct {
|
||||
|
|
|
|||
|
|
@ -1,8 +1,8 @@
|
|||
package main
|
||||
|
||||
import (
|
||||
"io"
|
||||
"errors"
|
||||
"io"
|
||||
"time"
|
||||
)
|
||||
|
||||
|
|
|
|||
30
main.go
30
main.go
|
|
@ -1,12 +1,13 @@
|
|||
package main
|
||||
|
||||
import (
|
||||
"log"
|
||||
"os"
|
||||
"fmt"
|
||||
"crypto/tls"
|
||||
"flag"
|
||||
"time"
|
||||
"fmt"
|
||||
"log"
|
||||
"net/http"
|
||||
"os"
|
||||
"time"
|
||||
)
|
||||
|
||||
func perror(msg string) {
|
||||
|
|
@ -27,8 +28,16 @@ type CLIArgs struct {
|
|||
verbosity int
|
||||
timeout time.Duration
|
||||
cert, key, cafile string
|
||||
list_ciphers bool
|
||||
ciphers string
|
||||
disableHTTP2 bool
|
||||
}
|
||||
|
||||
func list_ciphers() {
|
||||
for _, cipher := range tls.CipherSuites() {
|
||||
fmt.Println(cipher.Name)
|
||||
}
|
||||
}
|
||||
|
||||
func parse_args() CLIArgs {
|
||||
var args CLIArgs
|
||||
|
|
@ -40,6 +49,9 @@ func parse_args() CLIArgs {
|
|||
flag.StringVar(&args.cert, "cert", "", "enable TLS and use certificate")
|
||||
flag.StringVar(&args.key, "key", "", "key for TLS certificate")
|
||||
flag.StringVar(&args.cafile, "cafile", "", "CA file to authenticate clients with certificates")
|
||||
flag.BoolVar(&args.list_ciphers, "list-ciphers", false, "list ciphersuites")
|
||||
flag.StringVar(&args.ciphers, "ciphers", "", "colon-separated list of enabled ciphers")
|
||||
flag.BoolVar(&args.disableHTTP2, "disable-http2", false, "disable HTTP2")
|
||||
flag.Parse()
|
||||
return args
|
||||
}
|
||||
|
|
@ -47,6 +59,11 @@ func parse_args() CLIArgs {
|
|||
func run() int {
|
||||
args := parse_args()
|
||||
|
||||
if args.list_ciphers {
|
||||
list_ciphers()
|
||||
return 0
|
||||
}
|
||||
|
||||
logWriter := NewLogWriter(os.Stderr)
|
||||
defer logWriter.Close()
|
||||
|
||||
|
|
@ -73,6 +90,10 @@ func run() int {
|
|||
IdleTimeout: 0,
|
||||
}
|
||||
|
||||
if args.disableHTTP2 {
|
||||
server.TLSNextProto = make(map[string]func(*http.Server, *tls.Conn, http.Handler))
|
||||
}
|
||||
|
||||
mainLogger.Info("Starting proxy server...")
|
||||
if args.cert != "" {
|
||||
cfg, err1 := makeServerTLSConfig(args.cert, args.key, args.cafile)
|
||||
|
|
@ -80,6 +101,7 @@ func run() int {
|
|||
mainLogger.Critical("TLS config construction failed: %v", err)
|
||||
return 3
|
||||
}
|
||||
cfg.CipherSuites = makeCipherList(args.ciphers)
|
||||
server.TLSConfig = cfg
|
||||
err = server.ListenAndServeTLS("", "")
|
||||
} else {
|
||||
|
|
|
|||
40
utils.go
40
utils.go
|
|
@ -1,17 +1,19 @@
|
|||
package main
|
||||
|
||||
import (
|
||||
"context"
|
||||
"net"
|
||||
"sync"
|
||||
"io"
|
||||
"time"
|
||||
"errors"
|
||||
"net/http"
|
||||
"bufio"
|
||||
"context"
|
||||
"crypto/tls"
|
||||
"crypto/x509"
|
||||
"errors"
|
||||
"io"
|
||||
"io/ioutil"
|
||||
"log"
|
||||
"net"
|
||||
"net/http"
|
||||
"strings"
|
||||
"sync"
|
||||
"time"
|
||||
)
|
||||
|
||||
const COPY_BUF = 128 * 1024
|
||||
|
|
@ -163,3 +165,27 @@ func makeServerTLSConfig(certfile, keyfile, cafile string) (*tls.Config, error)
|
|||
}
|
||||
return &cfg, nil
|
||||
}
|
||||
|
||||
func makeCipherList(ciphers string) []uint16 {
|
||||
if ciphers == "" {
|
||||
return nil
|
||||
}
|
||||
|
||||
cipherIDs := make(map[string]uint16)
|
||||
for _, cipher := range tls.CipherSuites() {
|
||||
cipherIDs[cipher.Name] = cipher.ID
|
||||
}
|
||||
|
||||
cipherNameList := strings.Split(ciphers, ":")
|
||||
cipherIDList := make([]uint16, 0, len(cipherNameList))
|
||||
|
||||
for _, name := range cipherNameList {
|
||||
id, ok := cipherIDs[name]
|
||||
if !ok {
|
||||
log.Printf("WARNING: Unknown cipher \"%s\"", name)
|
||||
}
|
||||
cipherIDList = append(cipherIDList, id)
|
||||
}
|
||||
|
||||
return cipherIDList
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue