issue #13 Fix

Mark items internal; keep only MRU certificates in cache

Author: justcoding121

Titanium.Web.Proxy/Decompression/DecompressionFactory.cs

@@ -1,8 +1,8 @@
 namespace Titanium.Web.Proxy.Decompression
 {
-    class DecompressionFactory
+    internal class DecompressionFactory
     {
-        public IDecompression Create(string type)
+        internal IDecompression Create(string type)
         {
             switch(type)
             {

Titanium.Web.Proxy/Decompression/DefaultDecompression.cs

@@ -2,7 +2,7 @@
 
 namespace Titanium.Web.Proxy.Decompression
 {
-    class DefaultDecompression : IDecompression
+    internal class DefaultDecompression : IDecompression
     {
         public Task<byte[]> Decompress(byte[] compressedArray)
         {

Titanium.Web.Proxy/Decompression/DeflateDecompression.cs

@@ -5,7 +5,7 @@
 
 namespace Titanium.Web.Proxy.Decompression
 {
-    class DeflateDecompression : IDecompression
+    internal class DeflateDecompression : IDecompression
     {
         public async Task<byte[]> Decompress(byte[] compressedArray)
         {

Titanium.Web.Proxy/Decompression/GZipDecompression.cs

@@ -5,7 +5,7 @@
 
 namespace Titanium.Web.Proxy.Decompression
 {
-    class GZipDecompression : IDecompression
+    internal class GZipDecompression : IDecompression
     {
         public async Task<byte[]> Decompress(byte[] compressedArray)
         {

Titanium.Web.Proxy/Decompression/IDecompression.cs

@@ -3,8 +3,8 @@
 
 namespace Titanium.Web.Proxy.Decompression
 {
-    interface IDecompression
+    internal interface IDecompression
     {
-        Task<byte[]> Decompress(byte[] compressedArray);
+       Task<byte[]> Decompress(byte[] compressedArray);
     }
 }

Titanium.Web.Proxy/Decompression/ZlibDecompression.cs

@@ -5,7 +5,7 @@
 
 namespace Titanium.Web.Proxy.Decompression
 {
-    class ZlibDecompression : IDecompression
+    internal class ZlibDecompression : IDecompression
     {
         public async Task<byte[]> Decompress(byte[] compressedArray)
         {

Titanium.Web.Proxy/Extensions/HttpWebRequestExtensions.cs

@@ -7,10 +7,10 @@ namespace Titanium.Web.Proxy.Extensions
     /// <summary>
     /// Extensions on HttpWebSession object
     /// </summary>
-    public static class HttpWebRequestExtensions
+    internal static class HttpWebRequestExtensions
     {
         //Get encoding of the HTTP request
-        public static Encoding GetEncoding(this Request request)
+        internal static Encoding GetEncoding(this Request request)
         {
             try
             {

Titanium.Web.Proxy/Extensions/HttpWebResponseExtensions.cs

@@ -4,9 +4,9 @@
 
 namespace Titanium.Web.Proxy.Extensions
 {
-    public static class HttpWebResponseExtensions
+    internal static class HttpWebResponseExtensions
     {
-        public static Encoding GetResponseCharacterEncoding(this Response response)
+        internal static Encoding GetResponseCharacterEncoding(this Response response)
         {
             try
             {

Titanium.Web.Proxy/Extensions/StreamExtensions.cs

@@ -8,9 +8,9 @@
 
 namespace Titanium.Web.Proxy.Extensions
 {
-    public static class StreamHelper
+    internal static class StreamHelper
     {
-        public static async Task CopyToAsync(this Stream input, string initialData, Stream output)
+        internal static async Task CopyToAsync(this Stream input, string initialData, Stream output)
         {
             if (!string.IsNullOrEmpty(initialData))
             {

Titanium.Web.Proxy/Extensions/TcpExtensions.cs

@@ -1,12 +1,10 @@
 using System.Net.Sockets;
 
-
 namespace Titanium.Web.Proxy.Extensions
 {
-
     internal static class TcpExtensions
     {
-        public static bool IsConnected(this Socket client)
+        internal static bool IsConnected(this Socket client)
         {
             // This is how you can determine whether a socket is still connected.
             bool blockingState = client.Blocking;

Titanium.Web.Proxy/Helpers/CertificateManager.cs

@@ -6,55 +6,68 @@
 using System.Reflection;
 using System.Threading.Tasks;
 using System.Threading;
+using System.Linq;
 
 namespace Titanium.Web.Proxy.Helpers
 {
-    public class CertificateManager : IDisposable
+    internal class CachedCertificate
+    {
+        internal X509Certificate2 Certificate { get; set; }
+
+        internal DateTime LastAccess { get; set; }
+
+        internal CachedCertificate()
+        {
+            LastAccess = DateTime.Now;
+        }
+
+    }
+    internal class CertificateManager : IDisposable
     {
         private const string CertCreateFormat =
             "-ss {0} -n \"CN={1}, O={2}\" -sky {3} -cy {4} -m 120 -a sha256 -eku 1.3.6.1.5.5.7.3.1 {5}";
 
-        private readonly IDictionary<string, X509Certificate2> _certificateCache;
+        private readonly IDictionary<string, CachedCertificate> certificateCache;
         private static SemaphoreSlim semaphoreLock = new SemaphoreSlim(1);
 
-        public string Issuer { get; private set; }
-        public string RootCertificateName { get; private set; }
+        internal string Issuer { get; private set; }
+        internal string RootCertificateName { get; private set; }
 
-        public X509Store MyStore { get; private set; }
-        public X509Store RootStore { get; private set; }
+        internal X509Store MyStore { get; private set; }
+        internal X509Store RootStore { get; private set; }
 
-        public CertificateManager(string issuer, string rootCertificateName)
+        internal CertificateManager(string issuer, string rootCertificateName)
         {
             Issuer = issuer;
             RootCertificateName = rootCertificateName;
 
             MyStore = new X509Store(StoreName.My, StoreLocation.CurrentUser);
             RootStore = new X509Store(StoreName.Root, StoreLocation.CurrentUser);
 
-            _certificateCache = new Dictionary<string, X509Certificate2>();
+            certificateCache = new Dictionary<string, CachedCertificate>();
         }
 
         /// <summary>
         /// Attempts to move a self-signed certificate to the root store.
         /// </summary>
         /// <returns>true if succeeded, else false</returns>
-        public async Task<bool> CreateTrustedRootCertificate()
+        internal async Task<bool> CreateTrustedRootCertificate()
         {
             X509Certificate2 rootCertificate =
-              await CreateCertificate(RootStore, RootCertificateName);
+              await CreateCertificate(RootStore, RootCertificateName, true);
 
             return rootCertificate != null;
         }
         /// <summary>
         /// Attempts to remove the self-signed certificate from the root store.
         /// </summary>
         /// <returns>true if succeeded, else false</returns>
-        public async Task<bool> DestroyTrustedRootCertificate()
+        internal bool DestroyTrustedRootCertificate()
         {
-            return await DestroyCertificate(RootStore, RootCertificateName);
+            return DestroyCertificate(RootStore, RootCertificateName, false);
         }
 
-        public X509Certificate2Collection FindCertificates(string certificateSubject)
+        internal X509Certificate2Collection FindCertificates(string certificateSubject)
         {
             return FindCertificates(MyStore, certificateSubject);
         }
@@ -67,29 +80,36 @@ protected virtual X509Certificate2Collection FindCertificates(X509Store store, s
                 discoveredCertificates : null;
         }
 
-        public async Task<X509Certificate2> CreateCertificate(string certificateName)
+        internal async Task<X509Certificate2> CreateCertificate(string certificateName, bool isRootCertificate)
         {
-            return await CreateCertificate(MyStore, certificateName);
+            return await CreateCertificate(MyStore, certificateName, isRootCertificate);
         }
-        protected async virtual Task<X509Certificate2> CreateCertificate(X509Store store, string certificateName)
-        {
-
-            if (_certificateCache.ContainsKey(certificateName))
-                return _certificateCache[certificateName];
 
+        protected async virtual Task<X509Certificate2> CreateCertificate(X509Store store, string certificateName, bool isRootCertificate)
+        {
             await semaphoreLock.WaitAsync();
 
-            X509Certificate2 certificate = null;
             try
             {
+                if (certificateCache.ContainsKey(certificateName))
+                {
+                    var cached = certificateCache[certificateName];
+                    cached.LastAccess = DateTime.Now;
+                    return cached.Certificate;
+                }
+                X509Certificate2 certificate = null;
                 store.Open(OpenFlags.ReadWrite);
                 string certificateSubject = string.Format("CN={0}, O={1}", certificateName, Issuer);
 
-                var certificates =
-                    FindCertificates(store, certificateSubject);
+                X509Certificate2Collection certificates;
+
+                if (isRootCertificate)
+                {
+                    certificates = FindCertificates(store, certificateSubject);
 
-                if (certificates != null)
-                    certificate = certificates[0];
+                    if (certificates != null)
+                        certificate = certificates[0];
+                }
 
                 if (certificate == null)
                 {
@@ -99,22 +119,26 @@ protected async virtual Task<X509Certificate2> CreateCertificate(X509Store store
                     await CreateCertificate(args);
                     certificates = FindCertificates(store, certificateSubject);
 
-                    return certificates != null ?
-                        certificates[0] : null;
+                    //remove it from store
+                    if (!isRootCertificate)
+                        DestroyCertificate(certificateName);
+
+                    if (certificates != null)
+                        certificate = certificates[0];
                 }
 
                 store.Close();
-                if (certificate != null && !_certificateCache.ContainsKey(certificateName))
-                    _certificateCache.Add(certificateName, certificate);
+                if (certificate != null && !certificateCache.ContainsKey(certificateName))
+                    certificateCache.Add(certificateName, new CachedCertificate() { Certificate = certificate });
 
                 return certificate;
             }
             finally
             {
-                semaphoreLock.Release();  
+                semaphoreLock.Release();
             }
-
         }
+
         protected virtual Task<int> CreateCertificate(string[] args)
         {
 
@@ -153,40 +177,32 @@ protected virtual Task<int> CreateCertificate(string[] args)
 
         }
 
-        public async Task<bool> DestroyCertificate(string certificateName)
+        internal bool DestroyCertificate(string certificateName)
         {
-            return await DestroyCertificate(MyStore, certificateName);
+            return DestroyCertificate(MyStore, certificateName, false);
         }
-        protected virtual async Task<bool> DestroyCertificate(X509Store store, string certificateName)
-        {
-            await semaphoreLock.WaitAsync();
 
+        protected virtual bool DestroyCertificate(X509Store store, string certificateName, bool removeFromCache)
+        {
             X509Certificate2Collection certificates = null;
-            try
-            {
-                store.Open(OpenFlags.ReadWrite);
-                string certificateSubject = string.Format("CN={0}, O={1}", certificateName, Issuer);
 
+            store.Open(OpenFlags.ReadWrite);
+            string certificateSubject = string.Format("CN={0}, O={1}", certificateName, Issuer);
+
+            certificates = FindCertificates(store, certificateSubject);
+            if (certificates != null)
+            {
+                store.RemoveRange(certificates);
                 certificates = FindCertificates(store, certificateSubject);
-                if (certificates != null)
-                {
-                    store.RemoveRange(certificates);
-                    certificates = FindCertificates(store, certificateSubject);
-                }
-               
-                store.Close();
-                if (certificates == null &&
-                    _certificateCache.ContainsKey(certificateName))
-                {
-                    _certificateCache.Remove(certificateName);
-                }
-                return certificates == null;
             }
-            finally
+
+            store.Close();
+            if (removeFromCache &&
+                certificateCache.ContainsKey(certificateName))
             {
-                semaphoreLock.Release();    
+                certificateCache.Remove(certificateName);
             }
-
+            return certificates == null;
         }
 
         protected virtual string GetCertificateCreateArgs(X509Store store, string certificateName)
@@ -203,6 +219,37 @@ protected virtual string GetCertificateCreateArgs(X509Store store, string certif
             return certCreatArgs;
         }
 
+        private static bool clearCertificates { get; set; }
+
+        internal void StopClearIdleCertificates()
+        {
+            clearCertificates = false;
+        }
+
+        internal async void ClearIdleCertificates()
+        {
+            clearCertificates = true;
+            while (clearCertificates)
+            {
+                await semaphoreLock.WaitAsync();
+
+                try
+                {
+                    var cutOff = DateTime.Now.AddSeconds(-60);
+
+                    var outdated = certificateCache
+                       .Where(x => x.Value.LastAccess < cutOff)
+                       .ToList();
+
+                    foreach (var cache in outdated)
+                        certificateCache.Remove(cache.Key);
+                }
+                finally { semaphoreLock.Release(); }
+
+                await Task.Delay(1000 * 60 * 3).ConfigureAwait(false);
+            }
+        }
+
         public void Dispose()
         {
             if (MyStore != null)