Cloak/internal/client/state.go

package client

import (
	"crypto"
	"encoding/json"
	"fmt"
	"github.com/cbeuw/Cloak/internal/common"
	log "github.com/sirupsen/logrus"
	"io/ioutil"
	"net"
	"strings"
	"time"

	"github.com/cbeuw/Cloak/internal/ecdh"
	mux "github.com/cbeuw/Cloak/internal/multiplex"
)

// RawConfig represents the fields in the config json file
// nullable means if it's empty, a default value will be chosen in ProcessRawConfig
// jsonOptional means if the json's empty, its value will be set from environment variables or commandline args
// but it mustn't be empty when ProcessRawConfig is called
type RawConfig struct {
	ServerName       string
	ProxyMethod      string
	EncryptionMethod string
	UID              []byte
	PublicKey        []byte
	NumConn          int
	LocalHost        string // jsonOptional
	LocalPort        string // jsonOptional
	RemoteHost       string // jsonOptional
	RemotePort       string // jsonOptional

	// defaults set in ProcessRawConfig
	UDP           bool   // nullable
	BrowserSig    string // nullable
	Transport     string // nullable
	StreamTimeout int    // nullable
	KeepAlive     int    // nullable
}

type RemoteConnConfig struct {
	Singleplex     bool
	NumConn        int
	KeepAlive      time.Duration
	RemoteAddr     string
	TransportMaker func() Transport
}

type LocalConnConfig struct {
	LocalAddr string
	Timeout   time.Duration
}

type AuthInfo struct {
	UID              []byte
	SessionId        uint32
	ProxyMethod      string
	EncryptionMethod byte
	Unordered        bool
	ServerPubKey     crypto.PublicKey
	MockDomain       string
	WorldState       common.WorldState
}

// semi-colon separated value. This is for Android plugin options
func ssvToJson(ssv string) (ret []byte) {
	elem := func(val string, lst []string) bool {
		for _, v := range lst {
			if val == v {
				return true
			}
		}
		return false
	}
	unescape := func(s string) string {
		r := strings.Replace(s, `\\`, `\`, -1)
		r = strings.Replace(r, `\=`, `=`, -1)
		r = strings.Replace(r, `\;`, `;`, -1)
		return r
	}
	unquoted := []string{"NumConn", "StreamTimeout", "KeepAlive", "UDP"}
	lines := strings.Split(unescape(ssv), ";")
	ret = []byte("{")
	for _, ln := range lines {
		if ln == "" {
			break
		}
		sp := strings.SplitN(ln, "=", 2)
		if len(sp) < 2 {
			log.Errorf("Malformed config option: %v", ln)
			continue
		}
		key := sp[0]
		value := sp[1]
		// JSON doesn't like quotation marks around int and bool
		// This is extremely ugly but it's still better than writing a tokeniser
		if elem(key, unquoted) {
			ret = append(ret, []byte(`"`+key+`":`+value+`,`)...)
		} else {
			ret = append(ret, []byte(`"`+key+`":"`+value+`",`)...)
		}
	}
	ret = ret[:len(ret)-1] // remove the last comma
	ret = append(ret, '}')
	return ret
}

func ParseConfig(conf string) (raw *RawConfig, err error) {
	var content []byte
	// Checking if it's a path to json or a ssv string
	if strings.Contains(conf, ";") && strings.Contains(conf, "=") {
		content = ssvToJson(conf)
	} else {
		content, err = ioutil.ReadFile(conf)
		if err != nil {
			return
		}
	}

	raw = new(RawConfig)
	err = json.Unmarshal(content, &raw)
	if err != nil {
		return
	}
	return
}

func (raw *RawConfig) ProcessRawConfig(worldState common.WorldState) (local LocalConnConfig, remote RemoteConnConfig, auth AuthInfo, err error) {
	nullErr := func(field string) (local LocalConnConfig, remote RemoteConnConfig, auth AuthInfo, err error) {
		err = fmt.Errorf("%v cannot be empty", field)
		return
	}

	auth.UID = raw.UID
	auth.Unordered = raw.UDP
	if raw.ServerName == "" {
		return nullErr("ServerName")
	}
	auth.MockDomain = raw.ServerName
	if raw.ProxyMethod == "" {
		return nullErr("ServerName")
	}
	auth.ProxyMethod = raw.ProxyMethod
	if len(raw.UID) == 0 {
		return nullErr("UID")
	}

	// static public key
	if len(raw.PublicKey) == 0 {
		return nullErr("PublicKey")
	}
	pub, ok := ecdh.Unmarshal(raw.PublicKey)
	if !ok {
		err = fmt.Errorf("failed to unmarshal Public key")
		return
	}
	auth.ServerPubKey = pub
	auth.WorldState = worldState

	// Encryption method
	switch strings.ToLower(raw.EncryptionMethod) {
	case "plain":
		auth.EncryptionMethod = mux.EncryptionMethodPlain
	case "aes-gcm":
		auth.EncryptionMethod = mux.EncryptionMethodAESGCM
	case "chacha20-poly1305":
		auth.EncryptionMethod = mux.EncryptionMethodChaha20Poly1305
	default:
		err = fmt.Errorf("unknown encryption method %v", raw.EncryptionMethod)
		return
	}

	if raw.RemoteHost == "" {
		return nullErr("RemoteHost")
	}
	if raw.RemotePort == "" {
		return nullErr("RemotePort")
	}
	remote.RemoteAddr = net.JoinHostPort(raw.RemoteHost, raw.RemotePort)
	if raw.NumConn <= 0 {
		remote.NumConn = 1
		remote.Singleplex = true
	} else {
		remote.NumConn = raw.NumConn
		remote.Singleplex = false
	}

	// Transport and (if TLS mode), browser
	switch strings.ToLower(raw.Transport) {
	case "cdn":
		remote.TransportMaker = func() Transport {
			return &WSOverTLS{
				cdnDomainPort: remote.RemoteAddr,
			}
		}
	case "direct":
		fallthrough
	default:
		var browser browser
		switch strings.ToLower(raw.BrowserSig) {
		case "firefox":
			browser = &Firefox{}
		case "chrome":
			fallthrough
		default:
			browser = &Chrome{}
		}
		remote.TransportMaker = func() Transport {
			return &DirectTLS{
				browser: browser,
			}
		}
	}

	// KeepAlive
	if raw.KeepAlive <= 0 {
		remote.KeepAlive = -1
	} else {
		remote.KeepAlive = remote.KeepAlive * time.Second
	}

	if raw.LocalHost == "" {
		return nullErr("LocalHost")
	}
	if raw.LocalPort == "" {
		return nullErr("LocalPort")
	}
	local.LocalAddr = net.JoinHostPort(raw.LocalHost, raw.LocalPort)
	// stream no write timeout
	if raw.StreamTimeout == 0 {
		local.Timeout = 300 * time.Second
	} else {
		local.Timeout = time.Duration(raw.StreamTimeout) * time.Second
	}

	return
}