#550 sslStream not disposed; improve ProxyConnectException

jmh76 · jmh76 · commit 3d73a6bdae5b · 2019-02-13T14:26:18.000-05:00
diff --git a/src/Titanium.Web.Proxy/Exceptions/ProxyConnectException.cs b/src/Titanium.Web.Proxy/Exceptions/ProxyConnectException.cs
@@ -13,11 +13,11 @@ public class ProxyConnectException : ProxyException
         /// </summary>
         /// <param name="message">Message for this exception</param>
         /// <param name="innerException">Associated inner exception</param>
-        /// <param name="connectEventArgs">Instance of <see cref="EventArguments.TunnelConnectSessionEventArgs" /> associated to the exception</param>
-        internal ProxyConnectException(string message, Exception innerException, TunnelConnectSessionEventArgs connectEventArgs) : base(
+        /// <param name="session">Instance of <see cref="EventArguments.TunnelConnectSessionEventArgs" /> associated to the exception</param>
+        internal ProxyConnectException(string message, Exception innerException, SessionEventArgsBase session) : base(
             message, innerException)
         {
-            ConnectEventArgs = connectEventArgs;
+            Session = session;
         }
 
         /// <summary>
@@ -26,6 +26,6 @@ internal ProxyConnectException(string message, Exception innerException, TunnelC
         /// <remarks>
         ///     This object properties should not be edited.
         /// </remarks>
-        public TunnelConnectSessionEventArgs ConnectEventArgs { get; }
+        public SessionEventArgsBase Session { get; }
     }
 }
diff --git a/src/Titanium.Web.Proxy/Exceptions/ProxyHttpException.cs b/src/Titanium.Web.Proxy/Exceptions/ProxyHttpException.cs
@@ -13,11 +13,11 @@ public class ProxyHttpException : ProxyException
         /// </summary>
         /// <param name="message">Message for this exception</param>
         /// <param name="innerException">Associated inner exception</param>
-        /// <param name="sessionEventArgs">Instance of <see cref="EventArguments.SessionEventArgs" /> associated to the exception</param>
-        internal ProxyHttpException(string message, Exception innerException, SessionEventArgs sessionEventArgs) : base(
+        /// <param name="session">Instance of <see cref="EventArguments.SessionEventArgs" /> associated to the exception</param>
+        internal ProxyHttpException(string message, Exception innerException, SessionEventArgs session) : base(
             message, innerException)
         {
-            SessionEventArgs = sessionEventArgs;
+            Session = session;
         }
 
         /// <summary>
@@ -26,6 +26,6 @@ internal ProxyHttpException(string message, Exception innerException, SessionEve
         /// <remarks>
         ///     This object properties should not be edited.
         /// </remarks>
-        public SessionEventArgs SessionEventArgs { get; }
+        public SessionEventArgs Session { get; }
     }
 }
diff --git a/src/Titanium.Web.Proxy/ExplicitClientHandler.cs b/src/Titanium.Web.Proxy/ExplicitClientHandler.cs
@@ -161,13 +161,13 @@ await clientStreamWriter.WriteResponseAsync(connectArgs.HttpClient.Response,
                                                     cancellationToken: CancellationToken.None);
                         }
 
+                        X509Certificate2 certificate = null;
                         try
                         {
-                            sslStream = new SslStream(clientStream);
+                            sslStream = new SslStream(clientStream, true);
 
                             string certName = HttpHelper.GetWildCardDomainName(connectHostname);
-
-                            var certificate = endPoint.GenericCertificate ??
+                            certificate = endPoint.GenericCertificate ??
                                               await CertificateManager.CreateServerCertificate(certName);
 
                             // Successfully managed to authenticate the client using the fake certificate
@@ -197,9 +197,13 @@ await clientStreamWriter.WriteResponseAsync(connectArgs.HttpClient.Response,
                         }
                         catch (Exception e)
                         {
-                            sslStream?.Dispose();
+                            var certname = certificate?.GetNameInfo(X509NameType.SimpleName, false);
                             throw new ProxyConnectException(
-                                $"Could'nt authenticate client '{connectHostname}' with fake certificate.", e, connectArgs);
+                                $"Couldn't authenticate host '{connectHostname}' with certificate '{certname}'.", e, connectArgs);
+                        }
+                        finally
+                        {
+                            sslStream?.Dispose();
                         }
 
                         if (await HttpHelper.IsConnectMethod(clientStream) == -1)
diff --git a/src/Titanium.Web.Proxy/TransparentClientHandler.cs b/src/Titanium.Web.Proxy/TransparentClientHandler.cs
@@ -4,6 +4,7 @@
 using System.Net.Security;
 using System.Net.Sockets;
 using System.Security.Authentication;
+using System.Security.Cryptography.X509Certificates;
 using System.Threading;
 using System.Threading.Tasks;
 using StreamExtended;
@@ -62,16 +63,17 @@ private async Task handleClient(TransparentProxyEndPoint endPoint, TcpClientConn
 
                         SslStream sslStream = null;
 
-                        //do client authentication using fake certificate
+                        //do client authentication using certificate
+                        X509Certificate2 certificate = null;
                         try
                         {
-                            sslStream = new SslStream(clientStream);
+                            sslStream = new SslStream(clientStream, true);
 
                             string certName = HttpHelper.GetWildCardDomainName(httpsHostName);
-                            var certificate = endPoint.GenericCertificate ??
+                            certificate = endPoint.GenericCertificate ??
                                                     await CertificateManager.CreateServerCertificate(certName);
 
-                            // Successfully managed to authenticate the client using the fake certificate
+                            // Successfully managed to authenticate the client using the certificate
                             await sslStream.AuthenticateAsServerAsync(certificate, false, SslProtocols.Tls, false);
 
                             // HTTPS server created - we can now decrypt the client's traffic
@@ -81,9 +83,18 @@ private async Task handleClient(TransparentProxyEndPoint endPoint, TcpClientConn
                         }
                         catch (Exception e)
                         {
-                            sslStream?.Dispose();
+                            var certname = certificate?.GetNameInfo(X509NameType.SimpleName, false);
+                            var session = new SessionEventArgs(this, endPoint, cancellationTokenSource)
+                            {
+                                ProxyClient = { Connection = clientConnection },
+                                HttpClient = { ConnectRequest = null }
+                            };
                             throw new ProxyConnectException(
-                                $"Could'nt authenticate client '{httpsHostName}' with fake certificate.", e, null);
+                                $"Couldn't authenticate host '{httpsHostName}' with certificate '{certname}'.", e, session);
+                        }
+                        finally
+                        {
+                            sslStream?.Dispose();
                         }
                     }
                     else

Original file line number	Diff line number	Diff line change
`@@ -13,11 +13,11 @@ public class ProxyConnectException : ProxyException`
`13`	`13`	`/// </summary>`
`14`	`14`	`/// <param name="message">Message for this exception</param>`
`15`	`15`	`/// <param name="innerException">Associated inner exception</param>`
`16`		`- /// <param name="connectEventArgs">Instance of <see cref="EventArguments.TunnelConnectSessionEventArgs" /> associated to the exception</param>`
`17`		`- internal ProxyConnectException(string message, Exception innerException, TunnelConnectSessionEventArgs connectEventArgs) : base(`
	`16`	`+ /// <param name="session">Instance of <see cref="EventArguments.TunnelConnectSessionEventArgs" /> associated to the exception</param>`
	`17`	`+ internal ProxyConnectException(string message, Exception innerException, SessionEventArgsBase session) : base(`
`18`	`18`	`message, innerException)`
`19`	`19`	`{`
`20`		`- ConnectEventArgs = connectEventArgs;`
	`20`	`+ Session = session;`
`21`	`21`	`}`
`22`	`22`
`23`	`23`	`/// <summary>`
`@@ -26,6 +26,6 @@ internal ProxyConnectException(string message, Exception innerException, TunnelC`
`26`	`26`	`/// <remarks>`
`27`	`27`	`/// This object properties should not be edited.`
`28`	`28`	`/// </remarks>`
`29`		`- public TunnelConnectSessionEventArgs ConnectEventArgs { get; }`
	`29`	`+ public SessionEventArgsBase Session { get; }`
`30`	`30`	`}`
`31`	`31`	`}`
Original file line number	Diff line number	Diff line change
`@@ -13,11 +13,11 @@ public class ProxyHttpException : ProxyException`
`13`	`13`	`/// </summary>`
`14`	`14`	`/// <param name="message">Message for this exception</param>`
`15`	`15`	`/// <param name="innerException">Associated inner exception</param>`
`16`		`- /// <param name="sessionEventArgs">Instance of <see cref="EventArguments.SessionEventArgs" /> associated to the exception</param>`
`17`		`- internal ProxyHttpException(string message, Exception innerException, SessionEventArgs sessionEventArgs) : base(`
	`16`	`+ /// <param name="session">Instance of <see cref="EventArguments.SessionEventArgs" /> associated to the exception</param>`
	`17`	`+ internal ProxyHttpException(string message, Exception innerException, SessionEventArgs session) : base(`
`18`	`18`	`message, innerException)`
`19`	`19`	`{`
`20`		`- SessionEventArgs = sessionEventArgs;`
	`20`	`+ Session = session;`
`21`	`21`	`}`
`22`	`22`
`23`	`23`	`/// <summary>`
`@@ -26,6 +26,6 @@ internal ProxyHttpException(string message, Exception innerException, SessionEve`
`26`	`26`	`/// <remarks>`
`27`	`27`	`/// This object properties should not be edited.`
`28`	`28`	`/// </remarks>`
`29`		`- public SessionEventArgs SessionEventArgs { get; }`
	`29`	`+ public SessionEventArgs Session { get; }`
`30`	`30`	`}`
`31`	`31`	`}`
Original file line number	Diff line number	Diff line change
`@@ -161,13 +161,13 @@ await clientStreamWriter.WriteResponseAsync(connectArgs.HttpClient.Response,`
`161`	`161`	`cancellationToken: CancellationToken.None);`
`162`	`162`	`}`
`163`	`163`
	`164`	`+ X509Certificate2 certificate = null;`
`164`	`165`	`try`
`165`	`166`	`{`
`166`		`- sslStream = new SslStream(clientStream);`
	`167`	`+ sslStream = new SslStream(clientStream, true);`
`167`	`168`
`168`	`169`	`string certName = HttpHelper.GetWildCardDomainName(connectHostname);`
`169`		`-`
`170`		`- var certificate = endPoint.GenericCertificate ??`
	`170`	`+ certificate = endPoint.GenericCertificate ??`
`171`	`171`	`await CertificateManager.CreateServerCertificate(certName);`
`172`	`172`
`173`	`173`	`// Successfully managed to authenticate the client using the fake certificate`
`@@ -197,9 +197,13 @@ await clientStreamWriter.WriteResponseAsync(connectArgs.HttpClient.Response,`
`197`	`197`	`}`
`198`	`198`	`catch (Exception e)`
`199`	`199`	`{`
`200`		`- sslStream?.Dispose();`
	`200`	`+ var certname = certificate?.GetNameInfo(X509NameType.SimpleName, false);`
`201`	`201`	`throw new ProxyConnectException(`
`202`		`- $"Could'nt authenticate client '{connectHostname}' with fake certificate.", e, connectArgs);`
	`202`	`+ $"Couldn't authenticate host '{connectHostname}' with certificate '{certname}'.", e, connectArgs);`
	`203`	`+ }`
	`204`	`+ finally`
	`205`	`+ {`
	`206`	`+ sslStream?.Dispose();`
`203`	`207`	`}`
`204`	`208`
`205`	`209`	`if (await HttpHelper.IsConnectMethod(clientStream) == -1)`