mirror of
https://github.com/internetee/epp_proxy.git
synced 2025-08-17 21:13:49 +02:00
Upgraded and created dockerfiles
This commit is contained in:
parent
99b714676b
commit
1f40bbf3fb
18 changed files with 343 additions and 94 deletions
|
@ -6,3 +6,4 @@ gem "puma"
|
|||
gem "roda"
|
||||
gem "rack-unreloader"
|
||||
gem "tilt"
|
||||
gem "rackup"
|
||||
|
|
|
@ -1,23 +1,26 @@
|
|||
GEM
|
||||
remote: https://rubygems.org/
|
||||
specs:
|
||||
nio4r (2.5.2)
|
||||
puma (4.3.5)
|
||||
nio4r (2.7.4)
|
||||
puma (6.6.0)
|
||||
nio4r (~> 2.0)
|
||||
rack (2.2.3)
|
||||
rack-unreloader (1.7.0)
|
||||
roda (3.21.0)
|
||||
rack (3.1.12)
|
||||
rack-unreloader (2.1.0)
|
||||
rackup (2.2.1)
|
||||
rack (>= 3)
|
||||
roda (3.90.0)
|
||||
rack
|
||||
tilt (2.0.9)
|
||||
tilt (2.6.0)
|
||||
|
||||
PLATFORMS
|
||||
ruby
|
||||
aarch64-linux
|
||||
|
||||
DEPENDENCIES
|
||||
puma
|
||||
rack-unreloader
|
||||
rackup
|
||||
roda
|
||||
tilt
|
||||
|
||||
BUNDLED WITH
|
||||
1.17.2
|
||||
2.4.10
|
||||
|
|
|
@ -33,14 +33,31 @@ start_link(Socket) ->
|
|||
handle_cast(serve,
|
||||
State = #state{socket = Socket,
|
||||
session_id = _SessionId}) ->
|
||||
{ok, {PeerIp, _PeerPort}} = ssl:peername(Socket),
|
||||
log_opened_connection(PeerIp),
|
||||
case ssl:handshake(Socket) of
|
||||
{ok, SecureSocket} ->
|
||||
NewState = state_from_socket(SecureSocket, State),
|
||||
{noreply, NewState};
|
||||
{error, Error} ->
|
||||
log_on_invalid_handshake(PeerIp, Error)
|
||||
try
|
||||
% Check if we have a valid socket
|
||||
case ssl:peername(Socket) of
|
||||
{ok, {PeerIp, _PeerPort}} ->
|
||||
log_opened_connection(PeerIp),
|
||||
% Try to perform the handshake
|
||||
case ssl:handshake(Socket) of
|
||||
{ok, SecureSocket} ->
|
||||
NewState = state_from_socket(SecureSocket, State),
|
||||
{noreply, NewState};
|
||||
{error, notsup_on_transport_accept_socket} ->
|
||||
lager:error("Socket not supported for TLS handshake. This may indicate the socket is not an SSL socket or was improperly initialized."),
|
||||
{stop, normal, State};
|
||||
{error, HandshakeError} ->
|
||||
log_on_invalid_handshake(PeerIp, HandshakeError),
|
||||
{stop, normal, State}
|
||||
end;
|
||||
{error, PeerError} ->
|
||||
lager:error("Invalid socket: cannot get peer information: ~p", [PeerError]),
|
||||
{stop, normal, State}
|
||||
end
|
||||
catch
|
||||
error:CatchError:Stacktrace ->
|
||||
lager:error("Exception during TLS handshake: ~p~nStacktrace: ~p", [CatchError, Stacktrace]),
|
||||
{stop, normal, State}
|
||||
end;
|
||||
%% Step two: Using the state of the connection, get the hello route
|
||||
%% from http server. Send the response from HTTP server back to EPP
|
||||
|
@ -171,14 +188,26 @@ log_opened_connection(Ip) ->
|
|||
|
||||
%% Extract state info from socket. Fail if you must.
|
||||
state_from_socket(Socket, State) ->
|
||||
{ok, PeerCert} = ssl:peercert(Socket),
|
||||
{ok, {PeerIp, _PeerPort}} = ssl:peername(Socket),
|
||||
{SSL_CLIENT_S_DN_CN, SSL_CLIENT_CERT} =
|
||||
epp_certs:headers_from_cert(PeerCert),
|
||||
Headers = [{"SSL-CLIENT-CERT", SSL_CLIENT_CERT},
|
||||
{"SSL-CLIENT-S-DN-CN", SSL_CLIENT_S_DN_CN},
|
||||
{"User-Agent", <<"EPP proxy">>},
|
||||
{"X-Forwarded-for", epp_util:readable_ip(PeerIp)}],
|
||||
Headers = case ssl:peercert(Socket) of
|
||||
{ok, PeerCert} ->
|
||||
try
|
||||
{SSL_CLIENT_S_DN_CN, SSL_CLIENT_CERT} = epp_certs:headers_from_cert(PeerCert),
|
||||
[{"SSL-CLIENT-CERT", SSL_CLIENT_CERT},
|
||||
{"SSL-CLIENT-S-DN-CN", SSL_CLIENT_S_DN_CN},
|
||||
{"User-Agent", <<"EPP proxy">>},
|
||||
{"X-Forwarded-for", epp_util:readable_ip(PeerIp)}]
|
||||
catch
|
||||
_:_ ->
|
||||
lager:warning("Could not extract certificate information from client at IP: ~s", [epp_util:readable_ip(PeerIp)]),
|
||||
[{"User-Agent", <<"EPP proxy">>},
|
||||
{"X-Forwarded-for", epp_util:readable_ip(PeerIp)}]
|
||||
end;
|
||||
{error, _} ->
|
||||
lager:info("No client certificate provided from IP: ~s", [epp_util:readable_ip(PeerIp)]),
|
||||
[{"User-Agent", <<"EPP proxy">>},
|
||||
{"X-Forwarded-for", epp_util:readable_ip(PeerIp)}]
|
||||
end,
|
||||
NewState = State#state{socket = Socket,
|
||||
headers = Headers},
|
||||
lager:info("Established connection with: [~p]~n",
|
||||
|
@ -204,4 +233,4 @@ parse_frame(Frame) ->
|
|||
{error, _} ->
|
||||
#invalid_frame{code = ?XMLErrorCode,
|
||||
message = ?XMLErrorMessage, cl_trid = ClTRID}
|
||||
end.
|
||||
end.
|
|
@ -215,15 +215,21 @@ send_data(Message, Socket) ->
|
|||
receive_data(Socket) ->
|
||||
case gen_tcp:recv(Socket, 0, 1200) of
|
||||
{error, Reason} -> {error, Reason};
|
||||
{ok, Data } ->
|
||||
{ok, Data} ->
|
||||
EppEnvelope = binary:part(Data, {0, 4}),
|
||||
ReportedLength = binary:decode_unsigned(EppEnvelope, big),
|
||||
binary:part(Data, {byte_size(Data), 4 - ReportedLength})
|
||||
end.
|
||||
% Extract the actual data, skipping the 4-byte length header
|
||||
binary:part(Data, {4, byte_size(Data) - 4})
|
||||
end.
|
||||
|
||||
match_data(Data, Pattern) ->
|
||||
{ok, MatchPattern} = re:compile(Pattern),
|
||||
{match, _Captured} = re:run(Data, MatchPattern).
|
||||
case re:run(Data, MatchPattern) of
|
||||
{match, _Captured} -> {match, _Captured};
|
||||
nomatch ->
|
||||
ct:pal("Expected pattern '~s' not found in data:~n~p", [Pattern, Data]),
|
||||
nomatch
|
||||
end.
|
||||
|
||||
hello_command() ->
|
||||
<<"<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"no\"?>",
|
||||
|
|
|
@ -222,15 +222,21 @@ send_data(Message, Socket) ->
|
|||
receive_data(Socket) ->
|
||||
case ssl:recv(Socket, 0, 1200) of
|
||||
{error, Reason} -> {error, Reason};
|
||||
{ok, Data } ->
|
||||
{ok, Data} ->
|
||||
EppEnvelope = binary:part(Data, {0, 4}),
|
||||
ReportedLength = binary:decode_unsigned(EppEnvelope, big),
|
||||
binary:part(Data, {byte_size(Data), 4 - ReportedLength})
|
||||
end.
|
||||
% Extract the actual data, skipping the 4-byte length header
|
||||
binary:part(Data, {4, byte_size(Data) - 4})
|
||||
end.
|
||||
|
||||
match_data(Data, Pattern) ->
|
||||
{ok, MatchPattern} = re:compile(Pattern),
|
||||
{match, _Captured} = re:run(Data, MatchPattern).
|
||||
case re:run(Data, MatchPattern) of
|
||||
{match, _Captured} -> {match, _Captured};
|
||||
nomatch ->
|
||||
ct:pal("Expected pattern '~s' not found in data:~n~p", [Pattern, Data]),
|
||||
nomatch
|
||||
end.
|
||||
|
||||
hello_command() ->
|
||||
<<"<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"no\"?>",
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue