MeexReay/quicproxy
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

make client implementation

Browse source
This commit is contained in:
MeexReay 2025-07-28 14:57:52 +03:00
parent 565ee5ff1f
commit f53eaff1f7
4 changed files with 579 additions and 153 deletions
Download patch file Download diff file Expand all files Collapse all files

242
src/client.rs
View file

@ -1,169 +1,109 @@
//! This example demonstrates an HTTP client that requests files from a server.
//!
//! Checkout the `README.md` for guidance.
use std::{
fs,
io::{self, Write},
net::{SocketAddr, ToSocketAddrs},
path::PathBuf,
sync::Arc,
time::{Duration, Instant},
use std::{error::Error, net::SocketAddr, sync::Arc};
use bcrypt::DEFAULT_COST;
use quinn::{ClientConfig, Connection, Endpoint, RecvStream, SendStream, crypto::rustls::QuicClientConfig};
use rustls::{
DigitallySignedStruct, RootCertStore, SignatureScheme,
client::danger::{HandshakeSignatureValid, ServerCertVerified, ServerCertVerifier},
pki_types::{CertificateDer, ServerName, UnixTime},
};
use anyhow::{Result, anyhow};
use clap::Parser;
use proto::crypto::rustls::QuicClientConfig;
use rustls::pki_types::CertificateDer;
use tracing::{error, info};
use url::Url;
#[derive(Debug)]
pub struct NoCertVerify;
mod common;
/// HTTP/0.9 over QUIC client
#[derive(Parser, Debug)]
#[clap(name = "client")]
struct Opt {
/// Perform NSS-compatible TLS key logging to the file specified in `SSLKEYLOGFILE`.
#[clap(long = "keylog")]
keylog: bool,
url: Url,
/// Override hostname used for certificate verification
#[clap(long = "host")]
host: Option<String>,
/// Custom certificate authority to trust, in DER format
#[clap(long = "ca")]
ca: Option<PathBuf>,
/// Simulate NAT rebinding after connecting
#[clap(long = "rebind")]
rebind: bool,
/// Address to bind on
#[clap(long = "bind", default_value = "[::]:0")]
bind: SocketAddr,
}
fn main() {
tracing::subscriber::set_global_default(
tracing_subscriber::FmtSubscriber::builder()
.with_env_filter(tracing_subscriber::EnvFilter::from_default_env())
.finish(),
)
.unwrap();
let opt = Opt::parse();
let code = {
if let Err(e) = run(opt) {
eprintln!("ERROR: {e}");
1
} else {
0
}
};
::std::process::exit(code);
}
#[tokio::main]
async fn run(options: Opt) -> Result<()> {
let url = options.url;
let url_host = strip_ipv6_brackets(url.host_str().unwrap());
let remote = (url_host, url.port().unwrap_or(4433))
.to_socket_addrs()?
.next()
.ok_or_else(|| anyhow!("couldn't resolve to an address"))?;
let mut roots = rustls::RootCertStore::empty();
if let Some(ca_path) = options.ca {
roots.add(CertificateDer::from(fs::read(ca_path)?))?;
} else {
let dirs = directories_next::ProjectDirs::from("org", "quinn", "quinn-examples").unwrap();
match fs::read(dirs.data_local_dir().join("cert.der")) {
Ok(cert) => {
roots.add(CertificateDer::from(cert))?;
}
Err(ref e) if e.kind() == io::ErrorKind::NotFound => {
info!("local server certificate not found");
}
Err(e) => {
error!("failed to open local server certificate: {}", e);
}
}
impl ServerCertVerifier for NoCertVerify {
fn verify_server_cert(
&self,
_: &CertificateDer<'_>,
_: &[CertificateDer<'_>],
_: &ServerName<'_>,
_: &[u8],
_: UnixTime,
) -> Result<ServerCertVerified, rustls::Error> {
Ok(ServerCertVerified::assertion())
}
fn verify_tls12_signature(
&self,
_: &[u8],
_: &CertificateDer<'_>,
_: &DigitallySignedStruct,
) -> Result<HandshakeSignatureValid, rustls::Error> {
Ok(HandshakeSignatureValid::assertion())
}
fn verify_tls13_signature(
&self,
_: &[u8],
_: &CertificateDer<'_>,
_: &DigitallySignedStruct,
) -> Result<HandshakeSignatureValid, rustls::Error> {
Ok(HandshakeSignatureValid::assertion())
}
fn supported_verify_schemes(&self) -> Vec<SignatureScheme> {
vec![
SignatureScheme::ECDSA_NISTP256_SHA256,
SignatureScheme::ECDSA_NISTP384_SHA384,
SignatureScheme::ECDSA_NISTP521_SHA512,
SignatureScheme::ECDSA_SHA1_Legacy,
SignatureScheme::ED25519,
SignatureScheme::ED448,
SignatureScheme::RSA_PKCS1_SHA1,
SignatureScheme::RSA_PKCS1_SHA256,
SignatureScheme::RSA_PKCS1_SHA384,
SignatureScheme::RSA_PKCS1_SHA512,
SignatureScheme::RSA_PSS_SHA256,
SignatureScheme::RSA_PSS_SHA384,
SignatureScheme::RSA_PSS_SHA512,
]
}
}
async fn open_connection(
host: SocketAddr,
remote: SocketAddr,
password: &str
) -> Result<(Endpoint, Connection, SendStream, RecvStream), Box<dyn Error>> {
let mut client_crypto = rustls::ClientConfig::builder()
.with_root_certificates(roots)
.with_root_certificates(RootCertStore::empty())
.with_no_client_auth();
client_crypto.alpn_protocols = common::ALPN_QUIC_HTTP.iter().map(|&x| x.into()).collect();
if options.keylog {
client_crypto.key_log = Arc::new(rustls::KeyLogFile::new());
}
let verifier = Arc::new(NoCertVerify);
client_crypto.dangerous().set_certificate_verifier(verifier);
let client_config =
quinn::ClientConfig::new(Arc::new(QuicClientConfig::try_from(client_crypto)?));
let mut endpoint = quinn::Endpoint::client(options.bind)?;
client_crypto.alpn_protocols = vec![b"hq-29".into()];
let client_config = ClientConfig::new(Arc::new(QuicClientConfig::try_from(Arc::new(client_crypto))?));
let mut endpoint = quinn::Endpoint::client(host)?;
endpoint.set_default_client_config(client_config);
let request = format!("GET {}\r\n", url.path());
let start = Instant::now();
let rebind = options.rebind;
let host = options.host.as_deref().unwrap_or(url_host);
eprintln!("connecting to {host} at {remote}");
let conn = endpoint
.connect(remote, host)?
.await
.map_err(|e| anyhow!("failed to connect: {}", e))?;
eprintln!("connected at {:?}", start.elapsed());
let (mut send, mut recv) = conn
.connect(host, &host.ip().to_string())?
.await?;
let (mut send, recv) = conn
.open_bi()
.await
.map_err(|e| anyhow!("failed to open stream: {}", e))?;
if rebind {
let socket = std::net::UdpSocket::bind("[::]:0").unwrap();
let addr = socket.local_addr().unwrap();
eprintln!("rebinding to {addr}");
endpoint.rebind(socket).expect("rebind failed");
}
.await?;
send.write_all(request.as_bytes())
.await
.map_err(|e| anyhow!("failed to send request: {}", e))?;
send.finish().unwrap();
let response_start = Instant::now();
eprintln!("request sent at {:?}", response_start - start);
let resp = recv
.read_to_end(usize::MAX)
.await
.map_err(|e| anyhow!("failed to read response: {}", e))?;
let duration = response_start.elapsed();
eprintln!(
"response received in {:?} - {} KiB/s",
duration,
resp.len() as f32 / (duration_secs(&duration) * 1024.0)
let request = format!(
"GET /index.html\r\nHost: {}\r\nAuthentication: {}\r\n",
remote,
bcrypt::hash(format!("{}{password}", conn.stable_id()), DEFAULT_COST)?
);
io::stdout().write_all(&resp).unwrap();
io::stdout().flush().unwrap();
conn.close(0u32.into(), b"done");
send.write_all(request.as_bytes()).await?;
// Give the server a fair chance to receive the close packet
Ok((endpoint, conn, send, recv))
}
async fn close_connection(
endpoint: Endpoint,
conn: Connection,
mut send: SendStream,
mut recv: RecvStream
) -> Result<(), Box<dyn Error>> {
send.finish()?;
recv.stop(0u32.into())?;
conn.close(0u32.into(), b"good environment");
endpoint.wait_idle().await;
Ok(())
}
fn strip_ipv6_brackets(host: &str) -> &str {
// An ipv6 url looks like eg https://[::1]:4433/Cargo.toml, wherein the host [::1] is the
// ipv6 address ::1 wrapped in brackets, per RFC 2732. This strips those.
if host.starts_with('[') && host.ends_with(']') {
&host[1..host.len() - 1]
} else {
host
}
}
fn duration_secs(x: &Duration) -> f32 {
x.as_secs() as f32 + x.subsec_nanos() as f32 * 1e-9
}

3
src/main.rs
View file

@ -1,3 +1,6 @@
mod client;
mod server;
fn main() {
println!("Hello, world!");
}