option to specifi certificate name for transparent endpoint

justcoding121 · justcoding121 · commit 9c6b022ccb66 · 2016-02-05T22:49:14.000-05:00
diff --git a/Titanium.Web.Proxy/Models/EndPoint.cs b/Titanium.Web.Proxy/Models/EndPoint.cs
@@ -37,10 +37,18 @@ public ExplicitProxyEndPoint(IPAddress IpAddress, int Port, bool EnableSsl)
 
     public class TransparentProxyEndPoint : ProxyEndPoint
     {
+        //Name of the Certificate need to be sent (same as the hostname we want to proxy)
+        //This is valid only when UseServerNameIndication is set to false
+        public string GenericCertificateName { get; set; }
+
+        
+       // public bool UseServerNameIndication { get; set; } 
+
         public TransparentProxyEndPoint(IPAddress IpAddress, int Port, bool EnableSsl)
             : base(IpAddress, Port, EnableSsl)
         {
-        
+            this.GenericCertificateName = "localhost";
         }
     }
+
 }
diff --git a/Titanium.Web.Proxy/RequestHandler.cs b/Titanium.Web.Proxy/RequestHandler.cs
@@ -15,11 +15,13 @@
 using Titanium.Web.Proxy.Helpers;
 using Titanium.Web.Proxy.Network;
 using Titanium.Web.Proxy.Models;
+using System.Security.Cryptography.X509Certificates;
 
 namespace Titanium.Web.Proxy
 {
     partial class ProxyServer
     {
+        //This is called when client is aware of proxy
         private static void HandleClient(ExplicitProxyEndPoint endPoint, TcpClient client)
         {
             Stream clientStream = client.GetStream();
@@ -54,7 +56,7 @@ private static void HandleClient(ExplicitProxyEndPoint endPoint, TcpClient clien
                 var excluded = endPoint.ExcludedHostNameRegex != null ? endPoint.ExcludedHostNameRegex.Any(x => Regex.IsMatch(httpRemoteUri.Host, x)) : false;
 
                 //Client wants to create a secure tcp tunnel (its a HTTPS request)
-                if (httpVerb.ToUpper() == "CONNECT" && !excluded && httpRemoteUri.Port!=80)
+                if (httpVerb.ToUpper() == "CONNECT" && !excluded && httpRemoteUri.Port != 80)
                 {
                     httpRemoteUri = new Uri("https://" + httpCmdSplit[1]);
                     clientStreamReader.ReadAllLines();
@@ -105,7 +107,7 @@ private static void HandleClient(ExplicitProxyEndPoint endPoint, TcpClient clien
                 }
 
                 //Now create the request
-                
+
                 HandleHttpSessionRequest(client, httpCmd, clientStream, clientStreamReader, clientStreamWriter,
                     httpRemoteUri.Scheme == Uri.UriSchemeHttps ? true : false);
             }
@@ -115,12 +117,21 @@ private static void HandleClient(ExplicitProxyEndPoint endPoint, TcpClient clien
             }
         }
 
-        private static void HandleClient(TransparentProxyEndPoint endPoint, TcpClient client)
+        //This is called when requests are routed through router to this endpoint
+        private static void HandleClient(TransparentProxyEndPoint endPoint, TcpClient tcpClient)
         {
-            var sslStream = new SslStream(client.GetStream(), true);
+            var sslStream = new SslStream(tcpClient.GetStream(), true);
             CustomBinaryReader clientStreamReader = null;
             StreamWriter clientStreamWriter = null;
-            var certificate = CertManager.CreateCertificate("127.0.0.1");
+            X509Certificate2 certificate = null;
+
+            //if(endPoint.UseServerNameIndication)
+            //{
+            //   //implement in future once SNI supported by SSL stream
+            //    certificate = CertManager.CreateCertificate(endPoint.GenericCertificateName);
+            //}
+            //else
+            certificate = CertManager.CreateCertificate(endPoint.GenericCertificateName);
 
             try
             {
@@ -133,20 +144,19 @@ private static void HandleClient(TransparentProxyEndPoint endPoint, TcpClient cl
                 //HTTPS server created - we can now decrypt the client's traffic
 
             }
-
-            catch (Exception e)
+            catch (Exception)
             {
                 if (sslStream != null)
                     sslStream.Dispose();
 
-                Dispose(client, sslStream, clientStreamReader, clientStreamWriter, null);
+                Dispose(tcpClient, sslStream, clientStreamReader, clientStreamWriter, null);
                 return;
             }
 
             var httpCmd = clientStreamReader.ReadLine();
 
             //Now create the request
-            HandleHttpSessionRequest(client, httpCmd, sslStream, clientStreamReader, clientStreamWriter,
+            HandleHttpSessionRequest(tcpClient, httpCmd, sslStream, clientStreamReader, clientStreamWriter,
                 true);
         }
 

Original file line number	Diff line number	Diff line change
`@@ -37,10 +37,18 @@ public ExplicitProxyEndPoint(IPAddress IpAddress, int Port, bool EnableSsl)`
`37`	`37`
`38`	`38`	`public class TransparentProxyEndPoint : ProxyEndPoint`
`39`	`39`	`{`
	`40`	`+ //Name of the Certificate need to be sent (same as the hostname we want to proxy)`
	`41`	`+ //This is valid only when UseServerNameIndication is set to false`
	`42`	`+ public string GenericCertificateName { get; set; }`
	`43`	`+`
	`44`	`+`
	`45`	`+ // public bool UseServerNameIndication { get; set; }`
	`46`	`+`
`40`	`47`	`public TransparentProxyEndPoint(IPAddress IpAddress, int Port, bool EnableSsl)`
`41`	`48`	`: base(IpAddress, Port, EnableSsl)`
`42`	`49`	`{`
`43`		`-`
	`50`	`+ this.GenericCertificateName = "localhost";`
`44`	`51`	`}`
`45`	`52`	`}`
	`53`	`+`
`46`	`54`	`}`
Original file line number	Diff line number	Diff line change
`@@ -15,11 +15,13 @@`
`15`	`15`	`using Titanium.Web.Proxy.Helpers;`
`16`	`16`	`using Titanium.Web.Proxy.Network;`
`17`	`17`	`using Titanium.Web.Proxy.Models;`
	`18`	`+using System.Security.Cryptography.X509Certificates;`
`18`	`19`
`19`	`20`	`namespace Titanium.Web.Proxy`
`20`	`21`	`{`
`21`	`22`	`partial class ProxyServer`
`22`	`23`	`{`
	`24`	`+ //This is called when client is aware of proxy`
`23`	`25`	`private static void HandleClient(ExplicitProxyEndPoint endPoint, TcpClient client)`
`24`	`26`	`{`
`25`	`27`	`Stream clientStream = client.GetStream();`
`@@ -54,7 +56,7 @@ private static void HandleClient(ExplicitProxyEndPoint endPoint, TcpClient clien`
`54`	`56`	`var excluded = endPoint.ExcludedHostNameRegex != null ? endPoint.ExcludedHostNameRegex.Any(x => Regex.IsMatch(httpRemoteUri.Host, x)) : false;`
`55`	`57`
`56`	`58`	`//Client wants to create a secure tcp tunnel (its a HTTPS request)`
`57`		`- if (httpVerb.ToUpper() == "CONNECT" && !excluded && httpRemoteUri.Port!=80)`
	`59`	`+ if (httpVerb.ToUpper() == "CONNECT" && !excluded && httpRemoteUri.Port != 80)`
`58`	`60`	`{`
`59`	`61`	`httpRemoteUri = new Uri("https://" + httpCmdSplit[1]);`
`60`	`62`	`clientStreamReader.ReadAllLines();`
`@@ -105,7 +107,7 @@ private static void HandleClient(ExplicitProxyEndPoint endPoint, TcpClient clien`
`105`	`107`	`}`
`106`	`108`
`107`	`109`	`//Now create the request`
`108`		`-`
	`110`	`+`
`109`	`111`	`HandleHttpSessionRequest(client, httpCmd, clientStream, clientStreamReader, clientStreamWriter,`
`110`	`112`	`httpRemoteUri.Scheme == Uri.UriSchemeHttps ? true : false);`
`111`	`113`	`}`
`@@ -115,12 +117,21 @@ private static void HandleClient(ExplicitProxyEndPoint endPoint, TcpClient clien`
`115`	`117`	`}`
`116`	`118`	`}`
`117`	`119`
`118`		`- private static void HandleClient(TransparentProxyEndPoint endPoint, TcpClient client)`
	`120`	`+ //This is called when requests are routed through router to this endpoint`
	`121`	`+ private static void HandleClient(TransparentProxyEndPoint endPoint, TcpClient tcpClient)`
`119`	`122`	`{`
`120`		`- var sslStream = new SslStream(client.GetStream(), true);`
	`123`	`+ var sslStream = new SslStream(tcpClient.GetStream(), true);`
`121`	`124`	`CustomBinaryReader clientStreamReader = null;`
`122`	`125`	`StreamWriter clientStreamWriter = null;`
`123`		`- var certificate = CertManager.CreateCertificate("127.0.0.1");`
	`126`	`+ X509Certificate2 certificate = null;`
	`127`	`+`
	`128`	`+ //if(endPoint.UseServerNameIndication)`
	`129`	`+ //{`
	`130`	`+ // //implement in future once SNI supported by SSL stream`
	`131`	`+ // certificate = CertManager.CreateCertificate(endPoint.GenericCertificateName);`
	`132`	`+ //}`
	`133`	`+ //else`
	`134`	`+ certificate = CertManager.CreateCertificate(endPoint.GenericCertificateName);`
`124`	`135`
`125`	`136`	`try`
`126`	`137`	`{`
`@@ -133,20 +144,19 @@ private static void HandleClient(TransparentProxyEndPoint endPoint, TcpClient cl`
`133`	`144`	`//HTTPS server created - we can now decrypt the client's traffic`
`134`	`145`
`135`	`146`	`}`
`136`		`-`
`137`		`- catch (Exception e)`
	`147`	`+ catch (Exception)`
`138`	`148`	`{`
`139`	`149`	`if (sslStream != null)`
`140`	`150`	`sslStream.Dispose();`
`141`	`151`
`142`		`- Dispose(client, sslStream, clientStreamReader, clientStreamWriter, null);`
	`152`	`+ Dispose(tcpClient, sslStream, clientStreamReader, clientStreamWriter, null);`
`143`	`153`	`return;`
`144`	`154`	`}`
`145`	`155`
`146`	`156`	`var httpCmd = clientStreamReader.ReadLine();`
`147`	`157`
`148`	`158`	`//Now create the request`
`149`		`- HandleHttpSessionRequest(client, httpCmd, sslStream, clientStreamReader, clientStreamWriter,`
	`159`	`+ HandleHttpSessionRequest(tcpClient, httpCmd, sslStream, clientStreamReader, clientStreamWriter,`
`150`	`160`	`true);`
`151`	`161`	`}`
`152`	`162`