First working version on netty routing ssl proxy

.gitignore

@@ -0,0 +1,3 @@
+.idea
+*.iml
+target

pom.xml

@@ -0,0 +1,75 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+		 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+		 xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+	<modelVersion>4.0.0</modelVersion>
+
+	<groupId>com.doublescoring</groupId>
+	<artifactId>netty-ssl-routing-proxy</artifactId>
+	<version>1.0-SNAPSHOT</version>
+
+	<dependencies>
+		<dependency>
+			<groupId>io.netty</groupId>
+			<artifactId>netty-all</artifactId>
+			<version>4.0.32.Final</version>
+		</dependency>
+		<dependency>
+			<groupId>io.netty</groupId>
+			<artifactId>netty-tcnative</artifactId>
+			<version>1.1.33.Fork9</version>
+			<classifier>${os.detected.classifier}</classifier>
+		</dependency>
+		<dependency>
+			<groupId>org.slf4j</groupId>
+			<artifactId>slf4j-api</artifactId>
+			<version>1.7.12</version>
+		</dependency>
+		<dependency>
+			<groupId>org.slf4j</groupId>
+			<artifactId>slf4j-log4j12</artifactId>
+			<version>1.7.12</version>
+		</dependency>
+		<dependency>
+			<groupId>log4j</groupId>
+			<artifactId>log4j</artifactId>
+			<version>1.2.17</version>
+		</dependency>
+		<dependency>
+			<groupId>junit</groupId>
+			<artifactId>junit</artifactId>
+			<version>4.12</version>
+			<scope>test</scope>
+		</dependency>
+		<dependency>
+			<groupId>org.bouncycastle</groupId>
+			<artifactId>bcpkix-jdk15on</artifactId>
+			<version>1.51</version>
+			<scope>test</scope>
+		</dependency>
+	</dependencies>
+
+	<build>
+		<extensions>
+			<extension>
+				<groupId>kr.motd.maven</groupId>
+				<artifactId>os-maven-plugin</artifactId>
+				<version>1.2.3.Final</version>
+			</extension>
+		</extensions>
+		<plugins>
+			<plugin>
+				<groupId>org.apache.maven.plugins</groupId>
+				<artifactId>maven-compiler-plugin</artifactId>
+				<version>3.3</version>
+				<configuration>
+					<source>1.8</source>
+					<target>1.8</target>
+				</configuration>
+			</plugin>
+		</plugins>
+	</build>
+
+
+
+</project>

src/main/java/com/doublescoring/netty/proxy/NettySslRoutingProxy.java

@@ -0,0 +1,53 @@
+package com.doublescoring.netty.proxy;
+
+import com.doublescoring.netty.proxy.config.NettySslRoutingProxyConfig;
+import com.doublescoring.netty.proxy.config.YmlNettySslRoutingProxyConfig;
+import com.doublescoring.netty.proxy.server.NettySslRoutingProxyInitializer;
+import io.netty.bootstrap.ServerBootstrap;
+import io.netty.channel.Channel;
+import io.netty.channel.EventLoopGroup;
+import io.netty.channel.nio.NioEventLoopGroup;
+import io.netty.channel.socket.nio.NioServerSocketChannel;
+import io.netty.handler.logging.LogLevel;
+import io.netty.handler.logging.LoggingHandler;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * Ssl routing proxy server entry point.
+ */
+public class NettySslRoutingProxy {
+	private static final Logger logger = LoggerFactory.getLogger(NettySslRoutingProxy.class);
+
+	public static Channel start(final NettySslRoutingProxyConfig config, EventLoopGroup bossGroup,
+								EventLoopGroup workerGroup)
+			throws InterruptedException {
+		return new ServerBootstrap()
+				.group(bossGroup, workerGroup)
+				.channel(NioServerSocketChannel.class)
+				.handler(new LoggingHandler(NettySslRoutingProxy.class, LogLevel.INFO))
+				.childHandler(new NettySslRoutingProxyInitializer(config))
+				.bind(config.getBindHost(), config.getBindPort())
+				.sync()
+				.channel();
+	}
+
+	public static void start(NettySslRoutingProxyConfig config) throws InterruptedException {
+		EventLoopGroup bossGroup = new NioEventLoopGroup(1);
+		EventLoopGroup workerGroup = new NioEventLoopGroup();
+
+		try {
+			start(config, bossGroup, workerGroup).closeFuture().sync();
+		} finally {
+			bossGroup.shutdownGracefully();
+			workerGroup.shutdownGracefully();
+		}
+
+	}
+
+	public static void main(String[] args) throws InterruptedException {
+		logger.info("Starting Netty SSL routing proxy");
+		start(new YmlNettySslRoutingProxyConfig(args[1]));
+		logger.info("Netty SSL routing proxy configured");
+	}
+}

src/main/java/com/doublescoring/netty/proxy/config/NettySslRoutingProxyConfig.java

@@ -0,0 +1,16 @@
+package com.doublescoring.netty.proxy.config;
+
+import com.doublescoring.netty.proxy.config.ssl.SslContextConfiguration;
+
+/**
+ * Interface for server configuration.
+ */
+public interface NettySslRoutingProxyConfig {
+	SslContextConfiguration getSslContextConfiguration();
+
+	int getBindPort();
+
+	String getBindHost();
+
+	RoutingRule getRoutingRule();
+}

src/main/java/com/doublescoring/netty/proxy/config/RoutingContext.java

@@ -0,0 +1,26 @@
+package com.doublescoring.netty.proxy.config;
+
+import javax.security.cert.X509Certificate;
+import java.util.Arrays;
+
+/**
+ * Routing context for RoutingRule.
+ */
+public class RoutingContext {
+	X509Certificate[] certificateChain;
+
+	public X509Certificate[] getCertificateChain() {
+		return certificateChain;
+	}
+
+	public void setCertificateChain(X509Certificate[] certificateChain) {
+		this.certificateChain = certificateChain;
+	}
+
+	@Override
+	public String toString() {
+		return "RoutingContext{" +
+				"certificateChain=" + Arrays.toString(certificateChain) +
+				'}';
+	}
+}

src/main/java/com/doublescoring/netty/proxy/config/RoutingRule.java

@@ -0,0 +1,14 @@
+package com.doublescoring.netty.proxy.config;
+
+import java.util.Optional;
+
+/**
+ * Interface for the rule based routing.
+ */
+public interface RoutingRule {
+	/**
+	 * Returns optional with RoutingTarget. Returns Optional.empty() if the context passed could not be routed to
+	 * any target.
+	 */
+	Optional<RoutingTarget> route(RoutingContext context);
+}

src/main/java/com/doublescoring/netty/proxy/config/RoutingTarget.java

@@ -0,0 +1,29 @@
+package com.doublescoring.netty.proxy.config;
+
+import java.util.Objects;
+
+/**
+ * Routing target with host and port of the target server.
+ */
+public class RoutingTarget {
+	private final String host;
+	private final int port;
+
+	public RoutingTarget(String host, int port) {
+		this.host = Objects.requireNonNull(host);
+		this.port = port;
+	}
+
+	public String getHost() {
+		return host;
+	}
+
+	public int getPort() {
+		return port;
+	}
+
+	@Override
+	public String toString() {
+		return host + ':' + port;
+	}
+}

src/main/java/com/doublescoring/netty/proxy/config/YmlNettySslRoutingProxyConfig.java

@@ -0,0 +1,37 @@
+package com.doublescoring.netty.proxy.config;
+
+import com.doublescoring.netty.proxy.config.ssl.SslContextConfiguration;
+import io.netty.handler.ssl.SslContext;
+
+/**
+ * Yml file based configuration for the server
+ * TODO
+ */
+public class YmlNettySslRoutingProxyConfig implements NettySslRoutingProxyConfig {
+	public YmlNettySslRoutingProxyConfig(String file) {
+
+	}
+
+	public SslContext getSslContext() {
+		return null;
+	}
+
+	@Override
+	public SslContextConfiguration getSslContextConfiguration() {
+		return null;
+	}
+
+	public int getBindPort() {
+		return 0;
+	}
+
+	public String getBindHost() {
+		return null;
+	}
+
+	@Override
+	public RoutingRule getRoutingRule() {
+		return null;
+	}
+
+}

src/main/java/com/doublescoring/netty/proxy/config/rules/ChainingRoutingRule.java

@@ -0,0 +1,32 @@
+package com.doublescoring.netty.proxy.config.rules;
+
+import com.doublescoring.netty.proxy.config.RoutingContext;
+import com.doublescoring.netty.proxy.config.RoutingRule;
+import com.doublescoring.netty.proxy.config.RoutingTarget;
+
+import java.util.Objects;
+import java.util.Optional;
+
+/**
+ * Chaining routing rule. It proxies route method call to the delegates and
+ * returns first non-empty result.
+ */
+public class ChainingRoutingRule implements RoutingRule {
+	private final RoutingRule[] rules;
+
+	public ChainingRoutingRule(RoutingRule ... rules) {
+		this.rules = Objects.requireNonNull(rules);
+	}
+
+	@Override
+	public Optional<RoutingTarget> route(RoutingContext context) {
+		for (RoutingRule rule : rules) {
+			Optional<RoutingTarget> target = rule.route(context);
+			if (target.isPresent()) {
+				return target;
+			}
+		}
+
+		return Optional.empty();
+	}
+}

src/main/java/com/doublescoring/netty/proxy/config/rules/ExplicitRoutingRule.java

@@ -0,0 +1,23 @@
+package com.doublescoring.netty.proxy.config.rules;
+
+import com.doublescoring.netty.proxy.config.RoutingContext;
+import com.doublescoring.netty.proxy.config.RoutingRule;
+import com.doublescoring.netty.proxy.config.RoutingTarget;
+
+import java.util.Objects;
+import java.util.Optional;
+
+/**
+ * Simples routing rule - routes all connections to the target explicitly specified.
+ */
+public class ExplicitRoutingRule implements RoutingRule {
+	private final RoutingTarget target;
+
+	public ExplicitRoutingRule(RoutingTarget target) {
+		this.target = Objects.requireNonNull(target);
+	}
+
+	public Optional<RoutingTarget> route(RoutingContext context) {
+		return Optional.of(target);
+	}
+}

src/main/java/com/doublescoring/netty/proxy/config/rules/IntermediateCertificateRoutingRule.java

@@ -0,0 +1,34 @@
+package com.doublescoring.netty.proxy.config.rules;
+
+import com.doublescoring.netty.proxy.config.RoutingContext;
+import com.doublescoring.netty.proxy.config.RoutingRule;
+import com.doublescoring.netty.proxy.config.RoutingTarget;
+
+import javax.security.cert.X509Certificate;
+import java.util.Objects;
+import java.util.Optional;
+
+/**
+ * Routes to the specified target if certificate chain contains intermediate CA with specified subject.
+ */
+public class IntermediateCertificateRoutingRule implements RoutingRule {
+	private final RoutingTarget target;
+	private final String caSubject;
+
+	public IntermediateCertificateRoutingRule(RoutingTarget target, String caSubject) {
+		this.target = Objects.requireNonNull(target);
+		this.caSubject = Objects.requireNonNull(caSubject);
+	}
+
+	@Override
+	public Optional<RoutingTarget> route(RoutingContext context) {
+		Objects.requireNonNull(context);
+		Objects.requireNonNull(context.getCertificateChain());
+		for (X509Certificate certificate : context.getCertificateChain()) {
+			if (caSubject.equals(certificate.getIssuerDN().getName())) {
+				return Optional.of(target);
+			}
+		}
+		return Optional.empty();
+	}
+}

src/main/java/com/doublescoring/netty/proxy/config/rules/X509SubjectContainsStringRoutingRule.java

@@ -0,0 +1,33 @@
+package com.doublescoring.netty.proxy.config.rules;
+
+import com.doublescoring.netty.proxy.config.RoutingContext;
+import com.doublescoring.netty.proxy.config.RoutingRule;
+import com.doublescoring.netty.proxy.config.RoutingTarget;
+
+import java.util.Objects;
+import java.util.Optional;
+
+/**
+ * Routes to the specified target if X509 certificate subject contains specified substring.
+ */
+public class X509SubjectContainsStringRoutingRule implements RoutingRule {
+	private final RoutingTarget target;
+	private final String pattern;
+
+	public X509SubjectContainsStringRoutingRule(RoutingTarget target, String pattern) {
+		this.target = Objects.requireNonNull(target);
+		this.pattern = Objects.requireNonNull(pattern);
+	}
+
+
+	@Override
+	public Optional<RoutingTarget> route(RoutingContext context) {
+		Objects.requireNonNull(context);
+		Objects.requireNonNull(context.getCertificateChain());
+		if (context.getCertificateChain()[0].getSubjectDN().getName().contains(pattern)) {
+			return Optional.of(target);
+		} else {
+			return Optional.empty();
+		}
+	}
+}