Example #1
0
// newClient creates a proxy client.
func newClient(addr, appName string) *mobileClient {
	client := client.Client{
		Addr:         addr,
		ReadTimeout:  0, // don't timeout
		WriteTimeout: 0,
	}

	err := globals.SetTrustedCAs(clientConfig.getTrustedCerts())
	if err != nil {
		log.Errorf("Unable to configure trusted CAs: %s", err)
	}

	hqfd := client.Configure(clientConfig.Client)

	mClient := &mobileClient{
		Client:  client,
		closed:  make(chan bool),
		fronter: hqfd.NewDirectDomainFronter(),
		appName: appName,
	}
	if err := mClient.updateConfig(); err != nil {
		log.Errorf("Unable to update config: %v", err)
	}
	return mClient
}
Example #2
0
func updateGlobals(cfg *Config) error {
	globals.InstanceId = cfg.InstanceId
	err := globals.SetTrustedCAs(cfg.TrustedCACerts())
	if err != nil {
		return fmt.Errorf("Unable to configure trusted CAs: %s", err)
	}
	return nil
}
Example #3
0
// updateConfig attempts to pull a configuration file from the network using
// the client proxy itself.
func (client *MobileClient) updateConfig() error {
	var buf []byte
	var err error

	if buf, err = pullConfigFile(client.fronter); err != nil {
		log.Errorf("Could not update config: '%v'", err)
		return err
	}
	if err = clientConfig.updateFrom(buf); err == nil {
		// Configuration changed, lets reload.
		err := globals.SetTrustedCAs(clientConfig.getTrustedCerts())
		if err != nil {
			log.Errorf("Unable to configure trusted CAs: %s", err)
		}

		hqfc := client.Configure(clientConfig.Client)
		client.fronter = hqfc.NewDirectDomainFronter()
	}
	return err
}
Example #4
0
// TestCloudFlare tests to make sure that a client and server can communicate
// with each other to proxy traffic for an HTTP client using the CloudFlare
// protocol.  This does not test actually running through CloudFlare and just
// uses a local HTTP server to serve the test content.
func TestCloudFlare(t *testing.T) {
	// Set up a mock HTTP server
	mockServer := &MockServer{}
	err := mockServer.init()
	if err != nil {
		t.Fatalf("Unable to init mock HTTP(S) server: %s", err)
	}
	defer mockServer.deleteCerts()

	mockServer.run(t)
	waitForServer(HTTP_ADDR, 5*time.Second, t)
	waitForServer(HTTPS_ADDR, 5*time.Second, t)

	// Set up a mock CloudFlare
	cf := &MockCloudFlare{}
	err = cf.init()
	if err != nil {
		t.Fatalf("Unable to init mock CloudFlare: %s", err)
	}
	defer cf.deleteCerts()

	go func() {
		err := cf.run(t)
		if err != nil {
			t.Fatalf("Unable to run mock CloudFlare: %s", err)
		}
	}()
	waitForServer(CF_ADDR, 5*time.Second, t)

	// Set up common certContext for proxies
	certContext := &fronted.CertContext{
		PKFile:         randomTempPath(),
		ServerCertFile: randomTempPath(),
	}
	defer os.Remove(certContext.PKFile)
	defer os.Remove(certContext.ServerCertFile)

	// Run server proxy
	srv := &server.Server{
		Addr:                       SERVER_ADDR,
		ReadTimeout:                0, // don't timeout
		WriteTimeout:               0,
		CertContext:                certContext,
		AllowNonGlobalDestinations: true,
	}
	srv.Configure(&server.ServerConfig{})
	go func() {
		err := srv.ListenAndServe(func(update func(*server.ServerConfig) error) {
			err := config.Update(func(cfg *config.Config) error {
				return update(cfg.Server)
			})
			if err != nil {
				log.Errorf("Error while trying to update: %v", err)
			}
		})
		if err != nil {
			t.Fatalf("Unable to run server: %s", err)
		}
	}()
	waitForServer(SERVER_ADDR, 5*time.Second, t)

	// Give servers time to finish startup
	time.Sleep(250 * time.Millisecond)

	clt := &client.Client{
		Addr:         CLIENT_ADDR,
		ReadTimeout:  0, // don't timeout
		WriteTimeout: 0,
	}

	globals.SetTrustedCAs([]string{
		"-----BEGIN CERTIFICATE-----\nMIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG\nA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv\nb3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw\nMDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i\nYWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT\naWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ\njc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp\nxy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz8kHp\n1Wrjsok6Vjk4bwY8iGlbKk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdG\nsnUOhugZitVtbNV4FpWi6cgKOOvyJBNPc1STE4U6G7weNLWLBYy5d4ux2x8gkasJ\nU26Qzns3dLlwR5EiUWMWea6xrkEmCMgZK9FGqkjWZCrXgzT/LCrBbBlDSgeF59N8\n9iFo7+ryUp9/k5DPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8E\nBTADAQH/MB0GA1UdDgQWBBRge2YaRQ2XyolQL30EzTSo//z9SzANBgkqhkiG9w0B\nAQUFAAOCAQEA1nPnfE920I2/7LqivjTFKDK1fPxsnCwrvQmeU79rXqoRSLblCKOz\nyj1hTdNGCbM+w6DjY1Ub8rrvrTnhQ7k4o+YviiY776BQVvnGCv04zcQLcFGUl5gE\n38NflNUVyRRBnMRddWQVDf9VMOyGj/8N7yy5Y0b2qvzfvGn9LhJIZJrglfCm7ymP\nAbEVtQwdpf5pLGkkeB6zpxxxYu7KyJesF12KwvhHhm4qxFYxldBniYUr+WymXUad\nDKqC5JlR3XC321Y9YeRq4VzW9v493kHMB65jUr9TU/Qr6cf9tveCX4XSQRjbgbME\nHMUfpIBvFSDJ3gyICh3WZlXi/EjJKSZp4A==\n-----END CERTIFICATE-----\n",
		string(cf.certContext.ServerCert.PEMEncoded()),
	})
	clt.Configure(&client.ClientConfig{
		MasqueradeSets: map[string][]*fronted.Masquerade{
			"cloudflare": []*fronted.Masquerade{
				&fronted.Masquerade{
					Domain: HOST,
				},
			},
		},
		FrontedServers: []*client.FrontedServerInfo{
			&client.FrontedServerInfo{Host: HOST, Port: CF_PORT, Weight: 100, MasqueradeSet: "cloudflare"},
		},
	})
	go func() {
		err := clt.ListenAndServe(func() {})
		if err != nil {
			t.Fatalf("Unable to run client: %s", err)
		}
	}()
	waitForServer(CLIENT_ADDR, 2*time.Second, t)

	// Test various scenarios
	certPool := mockServer.certContext.ServerCert.PoolContainingCert()
	testRequest("Plain Text Request", t, mockServer.requests, false, certPool, 200, nil)
	testRequest("HTTPS Request", t, mockServer.requests, true, certPool, 200, nil)
	testRequest("HTTPS Request without server Cert", t, mockServer.requests, true, nil, 200, fmt.Errorf("Get https://"+HTTPS_ADDR+": x509: certificate signed by unknown authority"))
}