#529 let generic certificate override in transparent endpoint

justcoding121 · justcoding121 · commit b0d2cd22ae69 · 2018-12-06T19:13:00.000-05:00
diff --git a/src/Titanium.Web.Proxy/Models/ExplicitProxyEndPoint.cs b/src/Titanium.Web.Proxy/Models/ExplicitProxyEndPoint.cs
@@ -27,11 +27,6 @@ public ExplicitProxyEndPoint(IPAddress ipAddress, int port, bool decryptSsl = tr
 
         internal bool IsSystemHttpsProxy { get; set; }
 
-        /// <summary>
-        ///     Generic certificate to use for SSL decryption.
-        /// </summary>
-        public X509Certificate2 GenericCertificate { get; set; }
-
         /// <summary>
         ///     Intercept tunnel connect request.
         ///     Valid only for explicit endpoints.
diff --git a/src/Titanium.Web.Proxy/Models/ProxyEndPoint.cs b/src/Titanium.Web.Proxy/Models/ProxyEndPoint.cs
@@ -1,5 +1,6 @@
 ﻿using System.Net;
 using System.Net.Sockets;
+using System.Security.Cryptography.X509Certificates;
 
 namespace Titanium.Web.Proxy.Models
 {
@@ -47,5 +48,11 @@ protected ProxyEndPoint(IPAddress ipAddress, int port, bool decryptSsl)
         public bool IpV6Enabled => Equals(IpAddress, IPAddress.IPv6Any)
                                    || Equals(IpAddress, IPAddress.IPv6Loopback)
                                    || Equals(IpAddress, IPAddress.IPv6None);
+
+
+        /// <summary>
+        ///     Generic certificate to use for SSL decryption.
+        /// </summary>
+        public X509Certificate2 GenericCertificate { get; set; }
     }
 }
diff --git a/src/Titanium.Web.Proxy/TransparentClientHandler.cs b/src/Titanium.Web.Proxy/TransparentClientHandler.cs
@@ -81,7 +81,8 @@ private async Task handleClient(TransparentProxyEndPoint endPoint, TcpClientConn
                             sslStream = new SslStream(clientStream);
 
                             string certName = HttpHelper.GetWildCardDomainName(httpsHostName);
-                            var certificate = await CertificateManager.CreateCertificateAsync(certName);
+                            var certificate = endPoint.GenericCertificate ??
+                                                    await CertificateManager.CreateCertificateAsync(certName);
 
                             // Successfully managed to authenticate the client using the fake certificate
                             await sslStream.AuthenticateAsServerAsync(certificate, false, SslProtocols.Tls, false);

Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,6 @@`
`1`	`1`	`using System.Net;`
`2`	`2`	`using System.Net.Sockets;`
	`3`	`+using System.Security.Cryptography.X509Certificates;`
`3`	`4`
`4`	`5`	`namespace Titanium.Web.Proxy.Models`
`5`	`6`	`{`
`@@ -47,5 +48,11 @@ protected ProxyEndPoint(IPAddress ipAddress, int port, bool decryptSsl)`
`47`	`48`	`public bool IpV6Enabled => Equals(IpAddress, IPAddress.IPv6Any)`
`48`	`49`	`\|\| Equals(IpAddress, IPAddress.IPv6Loopback)`
`49`	`50`	`\|\| Equals(IpAddress, IPAddress.IPv6None);`
	`51`	`+`
	`52`	`+`
	`53`	`+ /// <summary>`
	`54`	`+ /// Generic certificate to use for SSL decryption.`
	`55`	`+ /// </summary>`
	`56`	`+ public X509Certificate2 GenericCertificate { get; set; }`
`50`	`57`	`}`
`51`	`58`	`}`