• Search by APIs
• Search by Words
• Search Projects

• Java
• Python
• JavaScript
• TypeScript
• C++
• Scala
• Blog

• nitmproxy-master
  • src
    • main
      • resources
        • logback.xml
      • java
        • com
          • github
            • chhsiaoninety
              • nitmproxy
                • NitmProxyInitializer.java
                • enums
                  • ProxyMode.java
                  • Handler.java
                • ConnectionInfo.java
                • Address.java
                • HandlerProvider.java
                • NitmProxyConfig.java
                • channel
                  • BackendChannelBootstrap.java
                • event
                  • OutboundChannelClosedEvent.java
                • NitmProxy.java
                • handler
                  • proxy
                    • SocksProxyHandler.java
                    • HttpProxyHandler.java
                  • ForwardHandler.java
                  • protocol
                    • http2
                      • Http2FrontendHandler.java
                      • Http2BackendHandler.java
                    • http1
                      • Http1FrontendHandler.java
                      • Http1BackendHandler.java
                    • tls
                      • TlsHandler.java
                • NitmProxyMaster.java
                • tls
                  • CertUtil.java
                  • Certificate.java
                  • TlsUtil.java
    • test
      • java
        • com
          • github
            • chhsiaoninety
              • nitmproxy
                • HttpObjectUtil.java
                • NitmProxyInitializerTest.java
                • handler
                  • protocol
                    • http1
                      • Http1FrontendHandlerTest.java
                      • Http1BackendHandlerTest.java
  • nitmproxy.sh
  • pom.xml
  • LICENSE
  • README.md
  • .gitignore

package com.github.chhsiaoninety.nitmproxy.tls;

import com.github.chhsiaoninety.nitmproxy.NitmProxyConfig;
import io.netty.handler.codec.http2.Http2SecurityUtil;
import io.netty.handler.ssl.ApplicationProtocolConfig;
import io.netty.handler.ssl.ApplicationProtocolConfig.Protocol;
import io.netty.handler.ssl.ApplicationProtocolConfig.SelectedListenerFailureBehavior;
import io.netty.handler.ssl.ApplicationProtocolConfig.SelectorFailureBehavior;
import io.netty.handler.ssl.ApplicationProtocolNames;
import io.netty.handler.ssl.SslContext;
import io.netty.handler.ssl.SslContextBuilder;
import io.netty.handler.ssl.SupportedCipherSuiteFilter;
import io.netty.handler.ssl.util.InsecureTrustManagerFactory;

import javax.net.ssl.SSLException;

public class TlsUtil {
    public static SslContext ctxForClient(NitmProxyConfig config) throws SSLException {
        SslContextBuilder builder = SslContextBuilder
                .forClient()
                .ciphers(Http2SecurityUtil.CIPHERS, SupportedCipherSuiteFilter.INSTANCE)
                .applicationProtocolConfig(applicationProtocolConfig(config, config.isServerHttp2()));
        if (config.isInsecure()) {
            builder.trustManager(InsecureTrustManagerFactory.INSTANCE);
        }
        return builder.build();
    }

    public static SslContext ctxForServer(NitmProxyConfig config) throws SSLException {
        return ctxForServer(config, "localhost");
    }

    public static SslContext ctxForServer(NitmProxyConfig config, String serverHost) throws SSLException {
        Certificate certificate = CertUtil.newCert(config.getCertFile(), config.getKeyFile(), serverHost);
        return SslContextBuilder
                .forServer(certificate.getKeyPair().getPrivate(), certificate.getChain())
                .ciphers(Http2SecurityUtil.CIPHERS, SupportedCipherSuiteFilter.INSTANCE)
                .applicationProtocolConfig(applicationProtocolConfig(config, config.isClientHttp2()))
                .build();
    }

    private static ApplicationProtocolConfig applicationProtocolConfig(NitmProxyConfig config, boolean http2) {
        if (http2) {
            return new ApplicationProtocolConfig(
                    Protocol.ALPN,
                    SelectorFailureBehavior.NO_ADVERTISE,
                    SelectedListenerFailureBehavior.ACCEPT,
                    ApplicationProtocolNames.HTTP_2,
                    ApplicationProtocolNames.HTTP_1_1);
        } else {
            return new ApplicationProtocolConfig(
                    Protocol.ALPN,
                    SelectorFailureBehavior.NO_ADVERTISE,
                    SelectedListenerFailureBehavior.ACCEPT,
                    ApplicationProtocolNames.HTTP_1_1);
        }
    }
}