From 522f14f86f9a8df107f4b02651d9182076399bc6 Mon Sep 17 00:00:00 2001
From: garmr-ulfr <104022054+garmr-ulfr@users.noreply.github.com>
Date: Mon, 29 Apr 2024 10:27:44 -0700
Subject: [PATCH] add tls for algeneva (#1374)

* add tls for algeneva
---
 chained/algeneva_impl.go | 34 ++++++++++++++++++++++++++++++----
 go.mod                   |  6 +++---
 go.sum                   | 12 ++++++------
 3 files changed, 39 insertions(+), 13 deletions(-)

diff --git a/chained/algeneva_impl.go b/chained/algeneva_impl.go
index 4ec7ced72..0e487218d 100644
--- a/chained/algeneva_impl.go
+++ b/chained/algeneva_impl.go
@@ -2,10 +2,14 @@ package chained
 
 import (
 	"context"
+	"crypto/tls"
+	"crypto/x509"
+	"encoding/pem"
 	"fmt"
 	"net"
 
 	"github.com/getlantern/common/config"
+	"github.com/getlantern/errors"
 	algeneva "github.com/getlantern/lantern-algeneva"
 	"github.com/getlantern/netx"
 
@@ -20,13 +24,35 @@ type algenevaImpl struct {
 }
 
 func newAlgenevaImpl(addr string, pc *config.ProxyConfig, reportDialCore reportDialCoreFn) (*algenevaImpl, error) {
-	strategy := ptSetting(pc, "algeneva_strategy")
+	opts := algeneva.DialerOpts{
+		AlgenevaStrategy: ptSetting(pc, "algeneva_strategy"),
+	}
+
+	if cert := pc.Cert; cert != "" {
+		block, rest := pem.Decode([]byte(pc.Cert))
+		if block == nil {
+			return nil, errors.New("failed to decode proxy certificate as PEM block")
+		}
+
+		if len(rest) > 0 {
+			return nil, errors.New("unexpected extra data in proxy certificate PEM")
+		}
 
-	ops := algeneva.DialerOpts{
-		AlgenevaStrategy: strategy,
+		if block.Type != "CERTIFICATE" {
+			return nil, errors.New("expected certificate in PEM block")
+		}
+
+		certPool := x509.NewCertPool()
+		certPool.AppendCertsFromPEM([]byte(cert))
+		ip, _, _ := net.SplitHostPort(addr)
+		opts.TLSConfig = &tls.Config{
+			RootCAs:    certPool,
+			ServerName: ip,
+		}
 	}
+
 	return &algenevaImpl{
-		dialerOps:      ops,
+		dialerOps:      opts,
 		addr:           addr,
 		reportDialCore: reportDialCore,
 	}, nil
diff --git a/go.mod b/go.mod
index bbd64f08b..d65c98e3f 100644
--- a/go.mod
+++ b/go.mod
@@ -41,7 +41,7 @@ require (
 	github.com/getlantern/dnsgrab v0.0.0-20211216020425-5d5e155a01a8
 	github.com/getlantern/domains v0.0.0-20220311111720-94f59a903271
 	github.com/getlantern/ema v0.0.0-20190620044903-5943d28f40e4
-	github.com/getlantern/errors v1.0.3
+	github.com/getlantern/errors v1.0.4
 	github.com/getlantern/event v0.0.0-20210901195647-a7e3145142e6
 	github.com/getlantern/eventual v1.0.0
 	github.com/getlantern/eventual/v2 v2.0.2
@@ -51,7 +51,7 @@ require (
 	github.com/getlantern/golog v0.0.0-20230503153817-8e72de7e0a65
 	github.com/getlantern/hellosplitter v0.1.1
 	github.com/getlantern/hidden v0.0.0-20220104173330-f221c5a24770
-	github.com/getlantern/http-proxy-lantern/v2 v2.10.1-0.20240328104604-a38ea762477d
+	github.com/getlantern/http-proxy-lantern/v2 v2.10.1-0.20240425212327-7a15939111d8
 	github.com/getlantern/httpseverywhere v0.0.0-20201210200013-19ae11fc4eca
 	github.com/getlantern/idletiming v0.0.0-20201229174729-33d04d220c4e
 	github.com/getlantern/iptool v0.0.0-20230112135223-c00e863b2696
@@ -59,7 +59,7 @@ require (
 	github.com/getlantern/kcpwrapper v0.0.0-20230327091313-c12d7c17c6de
 	github.com/getlantern/keyman v0.0.0-20230503155501-4e864ca2175b
 	github.com/getlantern/lampshade v0.0.0-20201109225444-b06082e15f3a
-	github.com/getlantern/lantern-algeneva v0.0.0-20240402195540-eb1bbf6d7366
+	github.com/getlantern/lantern-algeneva v0.0.0-20240418193310-610690afddbc
 	github.com/getlantern/mockconn v0.0.0-20200818071412-cb30d065a848
 	github.com/getlantern/mtime v0.0.0-20200417132445-23682092d1f7
 	github.com/getlantern/multipath v0.0.0-20230510135141-717ed305ef50
diff --git a/go.sum b/go.sum
index c00291963..6ce5dfe1e 100644
--- a/go.sum
+++ b/go.sum
@@ -240,8 +240,8 @@ github.com/getlantern/enhttp v0.0.0-20210901195634-6f89d45ee033 h1:HbjEpFFiRYcyS
 github.com/getlantern/enhttp v0.0.0-20210901195634-6f89d45ee033/go.mod h1:kHP/nfmHj9HJVN5Cb+1RFNRLR0O0nx40YENc4wKIe6s=
 github.com/getlantern/errors v0.0.0-20190325191628-abdb3e3e36f7/go.mod h1:l+xpFBrCtDLpK9qNjxs+cHU6+BAdlBaxHqikB6Lku3A=
 github.com/getlantern/errors v1.0.1/go.mod h1:l+xpFBrCtDLpK9qNjxs+cHU6+BAdlBaxHqikB6Lku3A=
-github.com/getlantern/errors v1.0.3 h1:Ne4Ycj7NI1BtSyAfVeAT/DNoxz7/S2BUc3L2Ht1YSHE=
-github.com/getlantern/errors v1.0.3/go.mod h1:m8C7H1qmouvsGpwQqk/6NUpIVMpfzUPn608aBZDYV04=
+github.com/getlantern/errors v1.0.4 h1:i2iR1M9GKj4WuingpNqJ+XQEw6i6dnAgKAmLj6ZB3X0=
+github.com/getlantern/errors v1.0.4/go.mod h1:/Foq8jtSDGP8GOXzAjeslsC4Ar/3kB+UiQH+WyV4pzY=
 github.com/getlantern/event v0.0.0-20210901195647-a7e3145142e6 h1:sjFsoQHJqzDiwgbOLHnG/zYIpN1Sbmv/7gk1ie/KkHg=
 github.com/getlantern/event v0.0.0-20210901195647-a7e3145142e6/go.mod h1:iToZ3dqm/iFxRHPHUHUrF1JZtg0e06ZSXD1BuiGoUaY=
 github.com/getlantern/eventual v0.0.0-20180125201821-84b02499361b/go.mod h1:O8T3zFEcY6+LRXFcVV4q8mEu2tDIixG8edC84DfswBc=
@@ -289,8 +289,8 @@ github.com/getlantern/hex v0.0.0-20220104173244-ad7e4b9194dc/go.mod h1:D9RWpXy/E
 github.com/getlantern/hidden v0.0.0-20190325191715-f02dbb02be55/go.mod h1:6mmzY2kW1TOOrVy+r41Za2MxXM+hhqTtY3oBKd2AgFA=
 github.com/getlantern/hidden v0.0.0-20220104173330-f221c5a24770 h1:cSrD9ryDfTV2yaur9Qk3rHYD414j3Q1rl7+L0AylxrE=
 github.com/getlantern/hidden v0.0.0-20220104173330-f221c5a24770/go.mod h1:GOQsoDnEHl6ZmNIL+5uVo+JWRFWozMEp18Izcb++H+A=
-github.com/getlantern/http-proxy-lantern/v2 v2.10.1-0.20240328104604-a38ea762477d h1:zZ/tEBPrFL58U/i5Uf5j/BHPICGjD7MN3r+fZacgryw=
-github.com/getlantern/http-proxy-lantern/v2 v2.10.1-0.20240328104604-a38ea762477d/go.mod h1:ryO/THZDlxiN0YukBmmztYsp3DzyKUYGtX7XwltS3j4=
+github.com/getlantern/http-proxy-lantern/v2 v2.10.1-0.20240425212327-7a15939111d8 h1:tHnlxdzvrVNNN1983hclGsgdJqE4ukpAXF860zqAGNc=
+github.com/getlantern/http-proxy-lantern/v2 v2.10.1-0.20240425212327-7a15939111d8/go.mod h1:LQ2rUK7WUiS7W74A6WRcys37hu4A7sZhlZUJuIPn94U=
 github.com/getlantern/httpseverywhere v0.0.0-20201210200013-19ae11fc4eca h1:Of3VwFEfKbVnK5/VGy05XUbi6QvTs5Y2eLDfPv3O50E=
 github.com/getlantern/httpseverywhere v0.0.0-20201210200013-19ae11fc4eca/go.mod h1:TNC/xJFmctsSGyXqcnVWwCRCPD/4zGQP7yBVnLDRa/U=
 github.com/getlantern/idletiming v0.0.0-20190529182719-d2fbc83372a5/go.mod h1:MGP8kEgZGgAhvHISt0hJGQgxg/VAqGdw3+kSZBnfC/4=
@@ -314,8 +314,8 @@ github.com/getlantern/keyman v0.0.0-20230503155501-4e864ca2175b h1:iyEuk8ARQC9Hf
 github.com/getlantern/keyman v0.0.0-20230503155501-4e864ca2175b/go.mod h1:ZJ+yDaZkJ/JU9j7EQa3UUh6ouedrNDDLA5OiowS1Iuk=
 github.com/getlantern/lampshade v0.0.0-20201109225444-b06082e15f3a h1:z7G1v79GB1qRrkcbzF0nrLzV/+dwdGmamEZAp0ff+z0=
 github.com/getlantern/lampshade v0.0.0-20201109225444-b06082e15f3a/go.mod h1:cGOfTjvllC9bcwS7cVW6tGT6fXc8Dki384uFjm7XBnw=
-github.com/getlantern/lantern-algeneva v0.0.0-20240402195540-eb1bbf6d7366 h1:jk1kkecLlmJGCNXCZOk0dpjusULXmHaSiI+ptyHxL9M=
-github.com/getlantern/lantern-algeneva v0.0.0-20240402195540-eb1bbf6d7366/go.mod h1:bNnBc1YoooeKURbR6TMgNTuBA5ZjD28TSvZjbPUomVI=
+github.com/getlantern/lantern-algeneva v0.0.0-20240418193310-610690afddbc h1:NlvxqmHvBr27TBzbxUsOFXtRtgW7FmoMkTTQhD6LXKU=
+github.com/getlantern/lantern-algeneva v0.0.0-20240418193310-610690afddbc/go.mod h1:bNnBc1YoooeKURbR6TMgNTuBA5ZjD28TSvZjbPUomVI=
 github.com/getlantern/lantern-shadowsocks v1.3.6-0.20230301223223-150b18ac427d h1:YwH3hgY1qtp1J1V8iBx58wB+mAY6L7N1s+qYqNJgDjM=
 github.com/getlantern/lantern-shadowsocks v1.3.6-0.20230301223223-150b18ac427d/go.mod h1:Wwa1uDdu6LxVRANcN2dQ+aNI0rY+km+dqHW2G9Qm34k=
 github.com/getlantern/mandrill v0.0.0-20221004112352-e7c04248adcb h1:oyEMOT9jn4bzKyivF2sVBogsXyL8fBCK7HIT/P6h64Y=