Merge pull request #82 from justcoding121/master

sync with master

Author: justcoding121

Examples/Titanium.Web.Proxy.Examples.Basic/ProxyTestController.cs

@@ -15,6 +15,7 @@ public void StartProxy()
             ProxyServer.BeforeRequest += OnRequest;
             ProxyServer.BeforeResponse += OnResponse;
             ProxyServer.ServerCertificateValidationCallback += OnCertificateValidation;
+            ProxyServer.ClientCertificateSelectionCallback += OnCertificateSelection;
 
             //Exclude Https addresses you don't want to proxy
             //Usefull for clients that use certificate pinning
@@ -129,13 +130,25 @@ public async Task OnResponse(object sender, SessionEventArgs e)
         /// </summary>
         /// <param name="sender"></param>
         /// <param name="e"></param>
-        public async Task OnCertificateValidation(object sender, CertificateValidationEventArgs e)
+        public Task OnCertificateValidation(object sender, CertificateValidationEventArgs e)
         {
             //set IsValid to true/false based on Certificate Errors
             if (e.SslPolicyErrors == System.Net.Security.SslPolicyErrors.None)
                 e.IsValid = true;
-            else
-                await e.Session.Ok("Cannot validate server certificate! Not safe to proceed.");
+
+            return Task.FromResult(0);
+        }
+
+        /// <summary>
+        /// Allows overriding default client certificate selection logic during mutual authentication
+        /// </summary>
+        /// <param name="sender"></param>
+        /// <param name="e"></param>
+        public Task OnCertificateSelection(object sender, CertificateSelectionEventArgs e)
+        {
+            //set e.clientCertificate to override
+
+            return Task.FromResult(0);
         }
     }
 }

README.md

@@ -12,8 +12,11 @@ Features
 ========
 
 * Supports Http(s) and most features of HTTP 1.1 
-* Supports relaying of WebSockets
-* Supports script injection
+* Support redirect/block/update requests
+* Supports updating response
+* Safely relays WebSocket requests over Http
+* Support mutual SSL authentication
+* Fully asynchronous proxy
 
 Usage
 =====
@@ -35,6 +38,8 @@ Setup HTTP proxy:
 	    	ProxyServer.BeforeRequest += OnRequest;
             ProxyServer.BeforeResponse += OnResponse;
             ProxyServer.ServerCertificateValidationCallback += OnCertificateValidation;
+            ProxyServer.ClientCertificateSelectionCallback += OnCertificateSelection;
+
 
             //Exclude Https addresses you don't want to proxy
             //Usefull for clients that use certificate pinning
@@ -84,9 +89,7 @@ Setup HTTP proxy:
 ```
 Sample request and response event handlers
 
-```csharp
-		
-        //intecept & cancel, redirect or update requests
+```csharp		
         public async Task OnRequest(object sender, SessionEventArgs e)
         {
             Console.WriteLine(e.WebSession.Request.Url);
@@ -148,20 +151,27 @@ Sample request and response event handlers
             }
         }
 
-       
-        /// Allows overriding default certificate validation logic  
-        public async Task OnCertificateValidation(object sender, CertificateValidationEventArgs e)
+        /// Allows overriding default certificate validation logic
+        public Task OnCertificateValidation(object sender, CertificateValidationEventArgs e)
         {
             //set IsValid to true/false based on Certificate Errors
             if (e.SslPolicyErrors == System.Net.Security.SslPolicyErrors.None)
                 e.IsValid = true;
-            else
-                await e.Session.Ok("Cannot validate server certificate! Not safe to proceed.");
+
+            return Task.FromResult(0);
+        }
+
+        /// Allows overriding default client certificate selection logic during mutual authentication
+        public Task OnCertificateSelection(object sender, CertificateSelectionEventArgs e)
+        {
+            //set e.clientCertificate to override
+
+            return Task.FromResult(0);
         }
 ```
 Future roadmap
 ============
-* Support mutual authentication
+* Implement Kerberos/NTLM authentication over HTTP protocols for windows domain
 * Support Server Name Indication (SNI) for transparent endpoints
 * Support HTTP 2.0 
 

Titanium.Web.Proxy/CertificateHandler.cs

@@ -0,0 +1,121 @@
+using System;
+using System.Linq;
+using System.Net.Security;
+using System.Security.Cryptography.X509Certificates;
+using System.Threading.Tasks;
+using Titanium.Web.Proxy.EventArguments;
+
+namespace Titanium.Web.Proxy
+{
+    public partial class ProxyServer
+    {
+        /// <summary>
+        /// Call back to override server certificate validation
+        /// </summary>
+        /// <param name="sender"></param>
+        /// <param name="certificate"></param>
+        /// <param name="chain"></param>
+        /// <param name="sslPolicyErrors"></param>
+        /// <returns></returns>
+        internal static bool ValidateServerCertificate(
+          object sender,
+          X509Certificate certificate,
+          X509Chain chain,
+          SslPolicyErrors sslPolicyErrors)
+        {
+            //if user callback is registered then do it
+            if (ServerCertificateValidationCallback != null)
+            {
+                var args = new CertificateValidationEventArgs();
+
+                args.Certificate = certificate;
+                args.Chain = chain;
+                args.SslPolicyErrors = sslPolicyErrors;
+
+
+                Delegate[] invocationList = ServerCertificateValidationCallback.GetInvocationList();
+                Task[] handlerTasks = new Task[invocationList.Length];
+
+                for (int i = 0; i < invocationList.Length; i++)
+                {
+                    handlerTasks[i] = ((Func<object, CertificateValidationEventArgs, Task>)invocationList[i])(null, args);
+                }
+
+                Task.WhenAll(handlerTasks).Wait();
+
+                return args.IsValid;
+            }
+
+            if (sslPolicyErrors == SslPolicyErrors.None)
+                return true;
+
+            //By default
+            //do not allow this client to communicate with unauthenticated servers.
+            return false;
+        }
+
+        /// <summary>
+        /// Call back to select client certificate used for mutual authentication
+        /// </summary>
+        /// <param name="sender"></param>
+        /// <param name="certificate"></param>
+        /// <param name="chain"></param>
+        /// <param name="sslPolicyErrors"></param>
+        /// <returns></returns>
+        internal static X509Certificate SelectClientCertificate(
+            object sender,
+            string targetHost,
+            X509CertificateCollection localCertificates,
+            X509Certificate remoteCertificate,
+            string[] acceptableIssuers)
+        {
+            X509Certificate clientCertificate = null;
+            var customSslStream = sender as SslStream;
+
+            if (acceptableIssuers != null &&
+                acceptableIssuers.Length > 0 &&
+                localCertificates != null &&
+                localCertificates.Count > 0)
+            {
+                // Use the first certificate that is from an acceptable issuer.
+                foreach (X509Certificate certificate in localCertificates)
+                {
+                    string issuer = certificate.Issuer;
+                    if (Array.IndexOf(acceptableIssuers, issuer) != -1)
+                        clientCertificate = certificate;
+                }
+            }
+
+            if (localCertificates != null &&
+                localCertificates.Count > 0)
+                clientCertificate = localCertificates[0];
+
+            //If user call back is registered
+            if (ClientCertificateSelectionCallback != null)
+            {
+                var args = new CertificateSelectionEventArgs();
+
+                args.targetHost = targetHost;
+                args.localCertificates = localCertificates;
+                args.remoteCertificate = remoteCertificate;
+                args.acceptableIssuers = acceptableIssuers;
+                args.clientCertificate = clientCertificate;
+
+                Delegate[] invocationList = ClientCertificateSelectionCallback.GetInvocationList();
+                Task[] handlerTasks = new Task[invocationList.Length];
+
+                for (int i = 0; i < invocationList.Length; i++)
+                {
+                    handlerTasks[i] = ((Func<object, CertificateSelectionEventArgs, Task>)invocationList[i])(null, args);
+                }
+
+                Task.WhenAll(handlerTasks).Wait();
+
+                return args.clientCertificate;
+            }
+
+            return clientCertificate;
+
+        }
+    }
+}

Titanium.Web.Proxy/Compression/CompressionFactory.cs

@@ -1,6 +1,9 @@
 namespace Titanium.Web.Proxy.Compression
 {
-    class CompressionFactory
+    /// <summary>
+    ///  A factory to generate the compression methods based on the type of compression
+    /// </summary>
+    internal class CompressionFactory
     {
         public ICompression Create(string type)
         {

Titanium.Web.Proxy/Compression/DeflateCompression.cs

@@ -4,15 +4,18 @@
 
 namespace Titanium.Web.Proxy.Compression
 {
-    class DeflateCompression : ICompression
+    /// <summary>
+    /// Concrete implementation of deflate compression
+    /// </summary>
+    internal class DeflateCompression : ICompression
     {
         public async Task<byte[]> Compress(byte[] responseBody)
         {
             using (var ms = new MemoryStream())
             {
                 using (var zip = new DeflateStream(ms, CompressionMode.Compress, true))
                 {
-                   await zip.WriteAsync(responseBody, 0, responseBody.Length).ConfigureAwait(false);
+                   await zip.WriteAsync(responseBody, 0, responseBody.Length);
                 }
 
                 return ms.ToArray();

Titanium.Web.Proxy/Compression/GZipCompression.cs

@@ -4,15 +4,18 @@
 
 namespace Titanium.Web.Proxy.Compression
 {
-    class GZipCompression : ICompression
+    /// <summary>
+    /// concreate implementation of gzip compression
+    /// </summary>
+    internal class GZipCompression : ICompression
     {
         public async Task<byte[]> Compress(byte[] responseBody)
         {
             using (var ms = new MemoryStream())
             {
                 using (var zip = new GZipStream(ms, CompressionMode.Compress, true))
                 {
-                   await zip.WriteAsync(responseBody, 0, responseBody.Length).ConfigureAwait(false);
+                   await zip.WriteAsync(responseBody, 0, responseBody.Length);
                 }
 
                 return ms.ToArray();

Titanium.Web.Proxy/Compression/ICompression.cs

@@ -2,6 +2,9 @@
 
 namespace Titanium.Web.Proxy.Compression
 {
+    /// <summary>
+    /// An inteface for http compression
+    /// </summary>
     interface ICompression
     {
         Task<byte[]> Compress(byte[] responseBody);

Titanium.Web.Proxy/Compression/ZlibCompression.cs

@@ -4,15 +4,18 @@
 
 namespace Titanium.Web.Proxy.Compression
 {
-    class ZlibCompression : ICompression
+    /// <summary>
+    /// concrete implementation of zlib compression
+    /// </summary>
+   internal class ZlibCompression : ICompression
     {
         public async Task<byte[]> Compress(byte[] responseBody)
         {
             using (var ms = new MemoryStream())
             {
                 using (var zip = new ZlibStream(ms, CompressionMode.Compress, true))
                 {
-                   await zip.WriteAsync(responseBody, 0, responseBody.Length).ConfigureAwait(false);
+                   await zip.WriteAsync(responseBody, 0, responseBody.Length);
                 }
 
                 return ms.ToArray();

Titanium.Web.Proxy/Decompression/DecompressionFactory.cs

@@ -1,8 +1,11 @@
 namespace Titanium.Web.Proxy.Decompression
 {
-    class DecompressionFactory
+    /// <summary>
+    /// A factory to generate the de-compression methods based on the type of compression
+    /// </summary>
+    internal class DecompressionFactory
     {
-        public IDecompression Create(string type)
+        internal IDecompression Create(string type)
         {
             switch(type)
             {

Titanium.Web.Proxy/Decompression/DefaultDecompression.cs

@@ -2,7 +2,11 @@
 
 namespace Titanium.Web.Proxy.Decompression
 {
-    class DefaultDecompression : IDecompression
+
+    /// <summary>
+    /// When no compression is specified just return the byte array
+    /// </summary>
+    internal class DefaultDecompression : IDecompression
     {
         public Task<byte[]> Decompress(byte[] compressedArray)
         {

Titanium.Web.Proxy/Decompression/DeflateDecompression.cs

@@ -5,22 +5,25 @@
 
 namespace Titanium.Web.Proxy.Decompression
 {
-    class DeflateDecompression : IDecompression
+    /// <summary>
+    /// concrete implementation of deflate de-compression
+    /// </summary>
+    internal class DeflateDecompression : IDecompression
     {
         public async Task<byte[]> Decompress(byte[] compressedArray)
         {
             var stream = new MemoryStream(compressedArray);
 
             using (var decompressor = new DeflateStream(stream, CompressionMode.Decompress))
             {
-                var buffer = new byte[Constants.BUFFER_SIZE];
+                var buffer = new byte[ProxyConstants.BUFFER_SIZE];
 
                 using (var output = new MemoryStream())
                 {
                     int read;
-                    while ((read = await decompressor.ReadAsync(buffer, 0, buffer.Length).ConfigureAwait(false)) > 0)
+                    while ((read = await decompressor.ReadAsync(buffer, 0, buffer.Length)) > 0)
                     {
-                       await output.WriteAsync(buffer, 0, read).ConfigureAwait(false);
+                       await output.WriteAsync(buffer, 0, read);
                     }
 
                     return output.ToArray();

Titanium.Web.Proxy/Decompression/GZipDecompression.cs

@@ -5,19 +5,22 @@
 
 namespace Titanium.Web.Proxy.Decompression
 {
-    class GZipDecompression : IDecompression
+    /// <summary>
+    /// concrete implementation of gzip de-compression
+    /// </summary>
+    internal class GZipDecompression : IDecompression
     {
         public async Task<byte[]> Decompress(byte[] compressedArray)
         {
             using (var decompressor = new GZipStream(new MemoryStream(compressedArray), CompressionMode.Decompress))
             {
-                var buffer = new byte[Constants.BUFFER_SIZE];
+                var buffer = new byte[ProxyConstants.BUFFER_SIZE];
                 using (var output = new MemoryStream())
                 {
                     int read;
-                    while ((read = await decompressor.ReadAsync(buffer, 0, buffer.Length).ConfigureAwait(false)) > 0)
+                    while ((read = await decompressor.ReadAsync(buffer, 0, buffer.Length)) > 0)
                     {
-                       await output.WriteAsync(buffer, 0, read).ConfigureAwait(false);
+                       await output.WriteAsync(buffer, 0, read);
                     }
                     return output.ToArray();
                 }