From 1792facf4799347b9ae841bd577917f4b0296fd7 Mon Sep 17 00:00:00 2001 From: Simon Stewart Date: Thu, 17 Aug 2017 22:21:02 +0100 Subject: [PATCH 1/2] Bump guava to version 23 --- pom.xml | 2 +- .../org/littleshoot/proxy/impl/ProxyToServerConnection.java | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/pom.xml b/pom.xml index a81bd358f..351b006d3 100644 --- a/pom.xml +++ b/pom.xml @@ -186,7 +186,7 @@ com.google.guava guava - 20.0 + 23.0 diff --git a/src/main/java/org/littleshoot/proxy/impl/ProxyToServerConnection.java b/src/main/java/org/littleshoot/proxy/impl/ProxyToServerConnection.java index 2c9cece42..b612f5160 100644 --- a/src/main/java/org/littleshoot/proxy/impl/ProxyToServerConnection.java +++ b/src/main/java/org/littleshoot/proxy/impl/ProxyToServerConnection.java @@ -572,7 +572,7 @@ private void initializeConnectionFlow() { .serverSslEngine())); } else { connectionFlow.then(serverConnection.EncryptChannel(proxyServer.getMitmManager() - .serverSslEngine(parsedHostAndPort.getHostText(), parsedHostAndPort.getPort()))); + .serverSslEngine(parsedHostAndPort.getHost(), parsedHostAndPort.getPort()))); } connectionFlow @@ -958,7 +958,7 @@ public static InetSocketAddress addressFor(String hostAndPort, DefaultHttpProxyS throw new UnknownHostException(hostAndPort); } - String host = parsedHostAndPort.getHostText(); + String host = parsedHostAndPort.getHost(); int port = parsedHostAndPort.getPortOrDefault(80); return proxyServer.getServerResolver().resolve(host, port); From 85366e8c11d406542d79aaecaca808c40f8b08a8 Mon Sep 17 00:00:00 2001 From: pravindra Date: Tue, 3 Oct 2017 19:43:35 +0530 Subject: [PATCH 2/2] adamfisk#337 - SNI headers not being sent for outbound proxies. --- .../littleshoot/proxy/impl/ProxyToServerConnection.java | 9 ++++++--- .../BadClientAuthenticationTCPChainedProxyTest.java | 5 +++++ .../BadServerAuthenticationTCPChainedProxyTest.java | 5 +++++ ...ProxyWithFallbackToOtherChainedProxyDueToSSLTest.java | 5 +++++ ...ientAuthenticationNotRequiredTCPChainedProxyTest.java | 5 +++++ .../littleshoot/proxy/EncryptedTCPChainedProxyTest.java | 5 +++++ .../littleshoot/proxy/EncryptedUDTChainedProxyTest.java | 5 +++++ src/test/java/org/littleshoot/proxy/HttpFilterTest.java | 5 +++++ ...tmWithBadClientAuthenticationTCPChainedProxyTest.java | 5 +++++ ...tmWithBadServerAuthenticationTCPChainedProxyTest.java | 5 +++++ ...ientAuthenticationNotRequiredTCPChainedProxyTest.java | 5 +++++ .../proxy/MitmWithEncryptedTCPChainedProxyTest.java | 5 +++++ .../proxy/MitmWithEncryptedUDTChainedProxyTest.java | 5 +++++ 13 files changed, 66 insertions(+), 3 deletions(-) diff --git a/src/main/java/org/littleshoot/proxy/impl/ProxyToServerConnection.java b/src/main/java/org/littleshoot/proxy/impl/ProxyToServerConnection.java index b612f5160..4fd74c263 100644 --- a/src/main/java/org/littleshoot/proxy/impl/ProxyToServerConnection.java +++ b/src/main/java/org/littleshoot/proxy/impl/ProxyToServerConnection.java @@ -42,6 +42,7 @@ import org.littleshoot.proxy.TransportProtocol; import org.littleshoot.proxy.UnknownTransportProtocolException; +import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLProtocolException; import javax.net.ssl.SSLSession; import java.io.IOException; @@ -545,8 +546,10 @@ private void initializeConnectionFlow() { .then(ConnectChannel); if (chainedProxy != null && chainedProxy.requiresEncryption()) { - connectionFlow.then(serverConnection.EncryptChannel(chainedProxy - .newSslEngine())); + InetSocketAddress proxyAddress = chainedProxy.getChainedProxyAddress(); + SSLEngine engine = proxyAddress.isUnresolved() ? chainedProxy.newSslEngine() : + chainedProxy.newSslEngine(proxyAddress.getHostName(), proxyAddress.getPort()); + connectionFlow.then(serverConnection.EncryptChannel(engine)); } if (ProxyUtils.isCONNECT(initialRequest)) { @@ -554,7 +557,7 @@ private void initializeConnectionFlow() { if (hasUpstreamChainedProxy()) { connectionFlow.then( serverConnection.HTTPCONNECTWithChainedProxy); - } + } MitmManager mitmManager = proxyServer.getMitmManager(); boolean isMitmEnabled = mitmManager != null; diff --git a/src/test/java/org/littleshoot/proxy/BadClientAuthenticationTCPChainedProxyTest.java b/src/test/java/org/littleshoot/proxy/BadClientAuthenticationTCPChainedProxyTest.java index 1ef321f95..e19aaa55b 100644 --- a/src/test/java/org/littleshoot/proxy/BadClientAuthenticationTCPChainedProxyTest.java +++ b/src/test/java/org/littleshoot/proxy/BadClientAuthenticationTCPChainedProxyTest.java @@ -47,6 +47,11 @@ public boolean requiresEncryption() { public SSLEngine newSslEngine() { return clientSslEngineSource.newSslEngine(); } + + @Override + public SSLEngine newSslEngine(String peerHost, int peerPort) { + return clientSslEngineSource.newSslEngine(peerHost, peerPort); + } }; } } diff --git a/src/test/java/org/littleshoot/proxy/BadServerAuthenticationTCPChainedProxyTest.java b/src/test/java/org/littleshoot/proxy/BadServerAuthenticationTCPChainedProxyTest.java index e75c87d12..12a6a324e 100644 --- a/src/test/java/org/littleshoot/proxy/BadServerAuthenticationTCPChainedProxyTest.java +++ b/src/test/java/org/littleshoot/proxy/BadServerAuthenticationTCPChainedProxyTest.java @@ -47,6 +47,11 @@ public boolean requiresEncryption() { public SSLEngine newSslEngine() { return clientSslEngineSource.newSslEngine(); } + + @Override + public SSLEngine newSslEngine(String peerHost, int peerPort) { + return clientSslEngineSource.newSslEngine(peerHost, peerPort); + } }; } } diff --git a/src/test/java/org/littleshoot/proxy/ChainedProxyWithFallbackToOtherChainedProxyDueToSSLTest.java b/src/test/java/org/littleshoot/proxy/ChainedProxyWithFallbackToOtherChainedProxyDueToSSLTest.java index c16ffa9d1..48665d968 100644 --- a/src/test/java/org/littleshoot/proxy/ChainedProxyWithFallbackToOtherChainedProxyDueToSSLTest.java +++ b/src/test/java/org/littleshoot/proxy/ChainedProxyWithFallbackToOtherChainedProxyDueToSSLTest.java @@ -41,6 +41,11 @@ public boolean requiresEncryption() { public SSLEngine newSslEngine() { return serverSslEngineSource.newSslEngine(); } + + @Override + public SSLEngine newSslEngine(String peerHost, int peerPort) { + return serverSslEngineSource.newSslEngine(peerHost, peerPort); + } }); } }; diff --git a/src/test/java/org/littleshoot/proxy/ClientAuthenticationNotRequiredTCPChainedProxyTest.java b/src/test/java/org/littleshoot/proxy/ClientAuthenticationNotRequiredTCPChainedProxyTest.java index 7a881311b..a05a540a1 100644 --- a/src/test/java/org/littleshoot/proxy/ClientAuthenticationNotRequiredTCPChainedProxyTest.java +++ b/src/test/java/org/littleshoot/proxy/ClientAuthenticationNotRequiredTCPChainedProxyTest.java @@ -43,6 +43,11 @@ public boolean requiresEncryption() { public SSLEngine newSslEngine() { return clientSslEngineSource.newSslEngine(); } + + @Override + public SSLEngine newSslEngine(String peerHost, int peerPort) { + return clientSslEngineSource.newSslEngine(peerHost, peerPort); + } }; } } diff --git a/src/test/java/org/littleshoot/proxy/EncryptedTCPChainedProxyTest.java b/src/test/java/org/littleshoot/proxy/EncryptedTCPChainedProxyTest.java index 32261035b..ea5aad723 100644 --- a/src/test/java/org/littleshoot/proxy/EncryptedTCPChainedProxyTest.java +++ b/src/test/java/org/littleshoot/proxy/EncryptedTCPChainedProxyTest.java @@ -34,6 +34,11 @@ public boolean requiresEncryption() { public SSLEngine newSslEngine() { return sslEngineSource.newSslEngine(); } + + @Override + public SSLEngine newSslEngine(String peerHost, int peerPort) { + return sslEngineSource.newSslEngine(peerHost, peerPort); + } }; } } diff --git a/src/test/java/org/littleshoot/proxy/EncryptedUDTChainedProxyTest.java b/src/test/java/org/littleshoot/proxy/EncryptedUDTChainedProxyTest.java index b5728caca..086da00b2 100644 --- a/src/test/java/org/littleshoot/proxy/EncryptedUDTChainedProxyTest.java +++ b/src/test/java/org/littleshoot/proxy/EncryptedUDTChainedProxyTest.java @@ -34,6 +34,11 @@ public boolean requiresEncryption() { public SSLEngine newSslEngine() { return sslEngineSource.newSslEngine(); } + + @Override + public SSLEngine newSslEngine(String peerHost, int peerPort) { + return sslEngineSource.newSslEngine(peerHost, peerPort); + } }; } } diff --git a/src/test/java/org/littleshoot/proxy/HttpFilterTest.java b/src/test/java/org/littleshoot/proxy/HttpFilterTest.java index 56e3a229e..ca786aa3c 100644 --- a/src/test/java/org/littleshoot/proxy/HttpFilterTest.java +++ b/src/test/java/org/littleshoot/proxy/HttpFilterTest.java @@ -633,6 +633,11 @@ public SSLEngine newSslEngine() { // use the same "bad" keystore as BadServerAuthenticationTCPChainedProxyTest return new SelfSignedSslEngineSource("chain_proxy_keystore_2.jks").newSslEngine(); } + + @Override + public SSLEngine newSslEngine(String peerHost, int peerPort) { + return new SelfSignedSslEngineSource("chain_proxy_keystore_2.jks").newSslEngine(peerHost, peerPort); + } }); } }) diff --git a/src/test/java/org/littleshoot/proxy/MitmWithBadClientAuthenticationTCPChainedProxyTest.java b/src/test/java/org/littleshoot/proxy/MitmWithBadClientAuthenticationTCPChainedProxyTest.java index e3b724c60..8789ce553 100644 --- a/src/test/java/org/littleshoot/proxy/MitmWithBadClientAuthenticationTCPChainedProxyTest.java +++ b/src/test/java/org/littleshoot/proxy/MitmWithBadClientAuthenticationTCPChainedProxyTest.java @@ -48,6 +48,11 @@ public boolean requiresEncryption() { public SSLEngine newSslEngine() { return clientSslEngineSource.newSslEngine(); } + + @Override + public SSLEngine newSslEngine(String peerHost, int peerPort) { + return clientSslEngineSource.newSslEngine(peerHost, peerPort); + } }; } } diff --git a/src/test/java/org/littleshoot/proxy/MitmWithBadServerAuthenticationTCPChainedProxyTest.java b/src/test/java/org/littleshoot/proxy/MitmWithBadServerAuthenticationTCPChainedProxyTest.java index bc192db8a..342af1a6f 100644 --- a/src/test/java/org/littleshoot/proxy/MitmWithBadServerAuthenticationTCPChainedProxyTest.java +++ b/src/test/java/org/littleshoot/proxy/MitmWithBadServerAuthenticationTCPChainedProxyTest.java @@ -48,6 +48,11 @@ public boolean requiresEncryption() { public SSLEngine newSslEngine() { return clientSslEngineSource.newSslEngine(); } + + @Override + public SSLEngine newSslEngine(String peerHost, int peerPort) { + return clientSslEngineSource.newSslEngine(peerHost, peerPort); + } }; } } diff --git a/src/test/java/org/littleshoot/proxy/MitmWithClientAuthenticationNotRequiredTCPChainedProxyTest.java b/src/test/java/org/littleshoot/proxy/MitmWithClientAuthenticationNotRequiredTCPChainedProxyTest.java index f748dddb7..3a17b25fa 100644 --- a/src/test/java/org/littleshoot/proxy/MitmWithClientAuthenticationNotRequiredTCPChainedProxyTest.java +++ b/src/test/java/org/littleshoot/proxy/MitmWithClientAuthenticationNotRequiredTCPChainedProxyTest.java @@ -43,6 +43,11 @@ public boolean requiresEncryption() { public SSLEngine newSslEngine() { return clientSslEngineSource.newSslEngine(); } + + @Override + public SSLEngine newSslEngine(String peerHost, int peerPort) { + return clientSslEngineSource.newSslEngine(peerHost, peerPort); + } }; } } diff --git a/src/test/java/org/littleshoot/proxy/MitmWithEncryptedTCPChainedProxyTest.java b/src/test/java/org/littleshoot/proxy/MitmWithEncryptedTCPChainedProxyTest.java index 418e7e8d6..0625e9af6 100644 --- a/src/test/java/org/littleshoot/proxy/MitmWithEncryptedTCPChainedProxyTest.java +++ b/src/test/java/org/littleshoot/proxy/MitmWithEncryptedTCPChainedProxyTest.java @@ -34,6 +34,11 @@ public boolean requiresEncryption() { public SSLEngine newSslEngine() { return sslEngineSource.newSslEngine(); } + + @Override + public SSLEngine newSslEngine(String peerHost, int peerPort) { + return sslEngineSource.newSslEngine(peerHost, peerPort); + } }; } } diff --git a/src/test/java/org/littleshoot/proxy/MitmWithEncryptedUDTChainedProxyTest.java b/src/test/java/org/littleshoot/proxy/MitmWithEncryptedUDTChainedProxyTest.java index 0630149d6..4955a784e 100644 --- a/src/test/java/org/littleshoot/proxy/MitmWithEncryptedUDTChainedProxyTest.java +++ b/src/test/java/org/littleshoot/proxy/MitmWithEncryptedUDTChainedProxyTest.java @@ -34,6 +34,11 @@ public boolean requiresEncryption() { public SSLEngine newSslEngine() { return sslEngineSource.newSslEngine(); } + + @Override + public SSLEngine newSslEngine(String peerHost, int peerPort) { + return sslEngineSource.newSslEngine(peerHost, peerPort); + } }; } }