allow to get local endpoint in certificate validation/selection events #460

Author: honfika

examples/Titanium.Web.Proxy.Examples.Basic/ProxyTestController.cs

@@ -129,13 +129,21 @@ public void Stop()
         private async Task<IExternalProxy> onGetCustomUpStreamProxyFunc(SessionEventArgsBase arg)
         {
             // this is just to show the functionality, provided values are junk
-            return new ExternalProxy() { BypassLocalhost = false, HostName = "127.0.0.9", Port = 9090, Password = "fake", UserName = "fake", UseDefaultCredentials = false };
+            return new ExternalProxy
+            {
+                BypassLocalhost = false, HostName = "127.0.0.9", Port = 9090, Password = "fake", UserName = "fake",
+                UseDefaultCredentials = false
+            };
         }
 
         private async Task<IExternalProxy> onCustomUpStreamProxyFailureFunc(SessionEventArgsBase arg)
         {
             // this is just to show the functionality, provided values are junk
-            return new ExternalProxy() { BypassLocalhost = false, HostName = "127.0.0.10", Port = 9191, Password = "fake2", UserName = "fake2", UseDefaultCredentials = false };
+            return new ExternalProxy
+            {
+                BypassLocalhost = false, HostName = "127.0.0.10", Port = 9191, Password = "fake2", UserName = "fake2",
+                UseDefaultCredentials = false
+            };
         }
 
         private async Task onBeforeTunnelConnectRequest(object sender, TunnelConnectSessionEventArgs e)

src/Titanium.Web.Proxy/CertificateHandler.cs

@@ -12,17 +12,18 @@ public partial class ProxyServer
         ///     Call back to override server certificate validation
         /// </summary>
         /// <param name="sender">The sender object.</param>
+        /// <param name="sessionArgs">The http session.</param>
         /// <param name="certificate">The remote certificate.</param>
         /// <param name="chain">The certificate chain.</param>
         /// <param name="sslPolicyErrors">Ssl policy errors</param>
         /// <returns>Return true if valid certificate.</returns>
-        internal bool ValidateServerCertificate(object sender, X509Certificate certificate, X509Chain chain,
+        internal bool ValidateServerCertificate(object sender, SessionEventArgsBase sessionArgs, X509Certificate certificate, X509Chain chain,
             SslPolicyErrors sslPolicyErrors)
         {
             // if user callback is registered then do it
             if (ServerCertificateValidationCallback != null)
             {
-                var args = new CertificateValidationEventArgs(certificate, chain, sslPolicyErrors);
+                var args = new CertificateValidationEventArgs(sessionArgs, certificate, chain, sslPolicyErrors);
 
                 // why is the sender null?
                 ServerCertificateValidationCallback.InvokeAsync(this, args, ExceptionFunc).Wait();
@@ -43,12 +44,13 @@ internal bool ValidateServerCertificate(object sender, X509Certificate certifica
         ///     Call back to select client certificate used for mutual authentication
         /// </summary>
         /// <param name="sender">The sender.</param>
+        /// <param name="sessionArgs">The http session.</param>
         /// <param name="targetHost">The remote hostname.</param>
         /// <param name="localCertificates">Selected local certificates by SslStream.</param>
         /// <param name="remoteCertificate">The remote certificate of server.</param>
         /// <param name="acceptableIssuers">The acceptable issues for client certificate as listed by server.</param>
         /// <returns></returns>
-        internal X509Certificate? SelectClientCertificate(object sender, string targetHost,
+        internal X509Certificate? SelectClientCertificate(object sender, SessionEventArgsBase sessionArgs, string targetHost,
             X509CertificateCollection localCertificates,
             X509Certificate remoteCertificate, string[] acceptableIssuers)
         {
@@ -75,12 +77,8 @@ internal bool ValidateServerCertificate(object sender, X509Certificate certifica
             // If user call back is registered
             if (ClientCertificateSelectionCallback != null)
             {
-                var args = new CertificateSelectionEventArgs
+                var args = new CertificateSelectionEventArgs(sessionArgs, targetHost, localCertificates, remoteCertificate, acceptableIssuers)
                 {
-                    TargetHost = targetHost,
-                    LocalCertificates = localCertificates,
-                    RemoteCertificate = remoteCertificate,
-                    AcceptableIssuers = acceptableIssuers,
                     ClientCertificate = clientCertificate
                 };
 

src/Titanium.Web.Proxy/EventArguments/CertificateSelectionEventArgs.cs

@@ -8,30 +8,40 @@ namespace Titanium.Web.Proxy.EventArguments
     /// </summary>
     public class CertificateSelectionEventArgs : EventArgs
     {
-        /// <summary>
-        ///     The proxy server instance.
-        /// </summary>
-        public object? Sender { get; internal set; }
+        public CertificateSelectionEventArgs(SessionEventArgsBase session, string targetHost,
+            X509CertificateCollection localCertificates, X509Certificate remoteCertificate, string[] acceptableIssuers)
+        {
+            Session = session;
+            TargetHost = targetHost;
+            LocalCertificates = localCertificates;
+            RemoteCertificate = remoteCertificate;
+            AcceptableIssuers = acceptableIssuers;
+        }
+
+        /// <value>
+        ///     The session.
+        /// </value>
+        public SessionEventArgsBase Session { get; }
 
         /// <summary>
         ///     The remote hostname to which we are authenticating against.
         /// </summary>
-        public string? TargetHost { get; internal set; }
+        public string TargetHost { get; }
 
         /// <summary>
         ///     Local certificates in store with matching issuers requested by TargetHost website.
         /// </summary>
-        public X509CertificateCollection? LocalCertificates { get; internal set; }
+        public X509CertificateCollection LocalCertificates { get; }
 
         /// <summary>
         ///     Certificate of the remote server.
         /// </summary>
-        public X509Certificate? RemoteCertificate { get; internal set; }
+        public X509Certificate RemoteCertificate { get; }
 
         /// <summary>
         ///     Acceptable issuers as listed by remote server.
         /// </summary>
-        public string[]? AcceptableIssuers { get; internal set; }
+        public string[] AcceptableIssuers { get; }
 
         /// <summary>
         ///     Client Certificate we selected. Set this value to override.

src/Titanium.Web.Proxy/EventArguments/CertificateValidationEventArgs.cs

@@ -10,13 +10,19 @@ namespace Titanium.Web.Proxy.EventArguments
     /// </summary>
     public class CertificateValidationEventArgs : EventArgs
     {
-        public CertificateValidationEventArgs(X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
+        public CertificateValidationEventArgs(SessionEventArgsBase session, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
         {
+            Session = session;
             Certificate = certificate;
             Chain = chain;
             SslPolicyErrors = sslPolicyErrors;
         }
 
+        /// <value>
+        ///     The session.
+        /// </value>
+        public SessionEventArgsBase Session { get; }
+
         /// <summary>
         ///     Server certificate.
         /// </summary>

src/Titanium.Web.Proxy/EventArguments/SessionEventArgs.cs

@@ -26,7 +26,7 @@ public class SessionEventArgs : SessionEventArgsBase
         /// </summary>
         private bool reRequest;
 
-        private WebSocketDecoder webSocketDecoder;
+        private WebSocketDecoder? webSocketDecoder;
 
         /// <summary>
         ///     Is this session a HTTP/2 promise?
@@ -36,8 +36,8 @@ public class SessionEventArgs : SessionEventArgsBase
         /// <summary>
         /// Constructor to initialize the proxy
         /// </summary>
-        internal SessionEventArgs(ProxyServer server, ProxyEndPoint endPoint, TcpClientConnection clientConnection, HttpClientStream clientStream, ConnectRequest? connectRequest, CancellationTokenSource cancellationTokenSource)
-            : base(server, endPoint, clientConnection, clientStream, connectRequest, new Request(), cancellationTokenSource)
+        internal SessionEventArgs(ProxyServer server, ProxyEndPoint endPoint, HttpClientStream clientStream, ConnectRequest? connectRequest, CancellationTokenSource cancellationTokenSource)
+            : base(server, endPoint, clientStream, connectRequest, new Request(), cancellationTokenSource)
         {
         }
 

src/Titanium.Web.Proxy/EventArguments/SessionEventArgsBase.cs

@@ -29,7 +29,7 @@ public abstract class SessionEventArgsBase : EventArgs, IDisposable
         /// <summary>
         ///     Holds a reference to client
         /// </summary>
-        internal TcpClientConnection ClientConnection { get; }
+        internal TcpClientConnection ClientConnection => ClientStream.Connection;
 
         internal HttpClientStream ClientStream { get; }
 
@@ -50,17 +50,16 @@ public abstract class SessionEventArgsBase : EventArgs, IDisposable
         ///     Initializes a new instance of the <see cref="SessionEventArgsBase" /> class.
         /// </summary>
         private protected SessionEventArgsBase(ProxyServer server, ProxyEndPoint endPoint,
-            TcpClientConnection clientConnection, HttpClientStream clientStream, ConnectRequest? connectRequest, Request request, CancellationTokenSource cancellationTokenSource)
+            HttpClientStream clientStream, ConnectRequest? connectRequest, Request request, CancellationTokenSource cancellationTokenSource)
         {
             BufferPool = server.BufferPool;
             ExceptionFunc = server.ExceptionFunc;
             TimeLine["Session Created"] = DateTime.Now;
 
             CancellationTokenSource = cancellationTokenSource;
 
-            ClientConnection = clientConnection;
             ClientStream = clientStream;
-            HttpClient = new HttpWebClient(connectRequest, request, new Lazy<int>(() => clientConnection.GetProcessId(endPoint)));
+            HttpClient = new HttpWebClient(connectRequest, request, new Lazy<int>(() => clientStream.Connection.GetProcessId(endPoint)));
             LocalEndPoint = endPoint;
             EnableWinAuth = server.EnableWinAuth && isWindowsAuthenticationSupported;
         }

src/Titanium.Web.Proxy/EventArguments/TunnelConnectEventArgs.cs

@@ -17,8 +17,8 @@ public class TunnelConnectSessionEventArgs : SessionEventArgsBase
         private bool? isHttpsConnect;
 
         internal TunnelConnectSessionEventArgs(ProxyServer server, ProxyEndPoint endPoint, ConnectRequest connectRequest,
-            TcpClientConnection clientConnection, HttpClientStream clientStream, CancellationTokenSource cancellationTokenSource)
-            : base(server, endPoint, clientConnection, clientStream, connectRequest, connectRequest, cancellationTokenSource)
+            HttpClientStream clientStream, CancellationTokenSource cancellationTokenSource)
+            : base(server, endPoint, clientStream, connectRequest, connectRequest, cancellationTokenSource)
         {
         }
 

src/Titanium.Web.Proxy/ExplicitClientHandler.cs

@@ -36,7 +36,7 @@ private async Task handleClient(ExplicitProxyEndPoint endPoint, TcpClientConnect
             var cancellationTokenSource = new CancellationTokenSource();
             var cancellationToken = cancellationTokenSource.Token;
 
-            var clientStream = new HttpClientStream(clientConnection.GetStream(), BufferPool);
+            var clientStream = new HttpClientStream(clientConnection, clientConnection.GetStream(), BufferPool);
 
             Task<TcpServerConnection>? prefetchConnectionTask = null;
             bool closeServerConnection = false;
@@ -72,8 +72,7 @@ private async Task handleClient(ExplicitProxyEndPoint endPoint, TcpClientConnect
 
                     await HeaderParser.ReadHeaders(clientStream, connectRequest.Headers, cancellationToken);
 
-                    connectArgs = new TunnelConnectSessionEventArgs(this, endPoint, connectRequest,
-                        clientConnection, clientStream, cancellationTokenSource);
+                    connectArgs = new TunnelConnectSessionEventArgs(this, endPoint, connectRequest, clientStream, cancellationTokenSource);
                     clientStream.DataRead += (o, args) => connectArgs.OnDataSent(args.Buffer, args.Offset, args.Count);
                     clientStream.DataWrite += (o, args) => connectArgs.OnDataReceived(args.Buffer, args.Offset, args.Count);
 
@@ -137,7 +136,7 @@ private async Task handleClient(ExplicitProxyEndPoint endPoint, TcpClientConnect
                     if (decryptSsl && clientHelloInfo != null)
                     {
                         connectRequest.IsHttps = true; // todo: move this line to the previous "if"
-                        clientConnection.SslProtocol = clientHelloInfo.SslProtocol;
+                        clientStream.Connection.SslProtocol = clientHelloInfo.SslProtocol;
 
                         bool http2Supported = false;
 
@@ -221,11 +220,11 @@ private async Task handleClient(ExplicitProxyEndPoint endPoint, TcpClientConnect
                             await sslStream.AuthenticateAsServerAsync(options, cancellationToken);
 
 #if NETSTANDARD2_1
-                            clientConnection.NegotiatedApplicationProtocol = sslStream.NegotiatedApplicationProtocol;
+                            clientStream.Connection.NegotiatedApplicationProtocol = sslStream.NegotiatedApplicationProtocol;
 #endif
 
                             // HTTPS server created - we can now decrypt the client's traffic
-                            clientStream = new HttpClientStream(sslStream, BufferPool);
+                            clientStream = new HttpClientStream(clientStream.Connection, sslStream, BufferPool);
                             sslStream = null; // clientStream was created, no need to keep SSL stream reference
 
                             clientStream.DataRead += (o, args) => connectArgs.OnDecryptedDataSent(args.Buffer, args.Offset, args.Count);
@@ -362,13 +361,13 @@ await TcpHelper.SendRaw(clientStream, connection.Stream, BufferPool,
                             var connectionPreface = new ReadOnlyMemory<byte>(Http2Helper.ConnectionPreface);
                             await connection.Stream.WriteAsync(connectionPreface, cancellationToken);
                             await Http2Helper.SendHttp2(clientStream, connection.Stream,
-                                () => new SessionEventArgs(this, endPoint, clientConnection, clientStream, connectArgs?.HttpClient.ConnectRequest, cancellationTokenSource)
+                                () => new SessionEventArgs(this, endPoint, clientStream, connectArgs?.HttpClient.ConnectRequest, cancellationTokenSource)
                                 {
                                     UserData = connectArgs?.UserData
                                 },
                                 async args => { await onBeforeRequest(args); },
                                 async args => { await onBeforeResponse(args); },
-                                connectArgs.CancellationTokenSource, clientConnection.Id, ExceptionFunc);
+                                connectArgs.CancellationTokenSource, clientStream.Connection.Id, ExceptionFunc);
 #endif
                         }
                         finally
@@ -381,7 +380,7 @@ await Http2Helper.SendHttp2(clientStream, connection.Stream,
                 calledRequestHandler = true;
 
                 // Now create the request
-                await handleHttpSessionRequest(endPoint, clientConnection, clientStream, cancellationTokenSource, connectArgs, prefetchConnectionTask);
+                await handleHttpSessionRequest(endPoint, clientStream, cancellationTokenSource, connectArgs, prefetchConnectionTask);
             }
             catch (ProxyException e)
             {

src/Titanium.Web.Proxy/Extensions/StringExtensions.cs

@@ -6,7 +6,7 @@ namespace Titanium.Web.Proxy.Extensions
 {
     internal static class StringExtensions
     {
-        internal static bool EqualsIgnoreCase(this string str, string value)
+        internal static bool EqualsIgnoreCase(this string str, string? value)
         {
             return str.Equals(value, StringComparison.CurrentCultureIgnoreCase);
         }
@@ -16,12 +16,12 @@ internal static bool EqualsIgnoreCase(this ReadOnlySpan<char> str, ReadOnlySpan<
             return str.Equals(value, StringComparison.CurrentCultureIgnoreCase);
         }
 
-        internal static bool ContainsIgnoreCase(this string str, string value)
+        internal static bool ContainsIgnoreCase(this string str, string? value)
         {
             return CultureInfo.CurrentCulture.CompareInfo.IndexOf(str, value, CompareOptions.IgnoreCase) >= 0;
         }
 
-        internal static int IndexOfIgnoreCase(this string str, string value)
+        internal static int IndexOfIgnoreCase(this string str, string? value)
         {
             return CultureInfo.CurrentCulture.CompareInfo.IndexOf(str, value, CompareOptions.IgnoreCase);
         }

src/Titanium.Web.Proxy/Helpers/HttpClientStream.cs

@@ -3,15 +3,19 @@
 using System.Threading;
 using System.Threading.Tasks;
 using Titanium.Web.Proxy.Http;
+using Titanium.Web.Proxy.Network.Tcp;
 using Titanium.Web.Proxy.StreamExtended.BufferPool;
 
 namespace Titanium.Web.Proxy.Helpers
 {
     internal sealed class HttpClientStream : HttpStream
     {
-        internal HttpClientStream(Stream stream, IBufferPool bufferPool) 
+        public TcpClientConnection Connection { get; }
+
+        internal HttpClientStream(TcpClientConnection connection, Stream stream, IBufferPool bufferPool) 
             : base(stream, bufferPool)
         {
+            Connection = connection;
         }
 
         /// <summary>

src/Titanium.Web.Proxy/Helpers/NativeMethods.SystemProxy.cs

@@ -6,7 +6,7 @@ namespace Titanium.Web.Proxy.Helpers
     internal partial class NativeMethods
     {
         // Keeps it from getting garbage collected
-        internal static ConsoleEventDelegate Handler;
+        internal static ConsoleEventDelegate? Handler;
 
         [DllImport("wininet.dll")]
         internal static extern bool InternetSetOption(IntPtr hInternet, int dwOption, IntPtr lpBuffer,

src/Titanium.Web.Proxy/Helpers/ProxyInfo.cs

@@ -211,12 +211,7 @@ internal static List<HttpSystemProxyValue> GetSystemProxyValues(string? proxySer
                 if (protocolType.HasValue)
                 {
                     var endPointParts = tmp.Substring(equalsIndex + 1).Split(':');
-                    return new HttpSystemProxyValue
-                    {
-                        HostName = endPointParts[0],
-                        Port = int.Parse(endPointParts[1]),
-                        ProtocolType = protocolType.Value
-                    };
+                    return new HttpSystemProxyValue(endPointParts[0], int.Parse(endPointParts[1]), protocolType.Value);
                 }
             }