public override void Connect(IRpcController controller, ConnectRequest request, Action<ConnectResponse> done)
{
var response = ConnectResponse.CreateBuilder()
.SetServerId(ProcessId.CreateBuilder().SetLabel(0xDEADBABE).SetEpoch(DateTime.Now.ToUnixTime()))
.SetClientId(ProcessId.CreateBuilder().SetLabel(0xDEADBEEF).SetEpoch(DateTime.Now.ToUnixTime()))
.Build();
done(response);
}
public override void Connect(IRpcController controller, ConnectRequest request, Action<ConnectResponse> done) {
var response = ConnectResponse.CreateBuilder();
var server_id = ProcessId.CreateBuilder();
var client_id = ProcessId.CreateBuilder();
var epoch = (uint)(DateTime.Now - new DateTime(1970,1,1,0,0,0)).TotalSeconds;
server_id.SetLabel(0).SetEpoch(epoch);
response.SetServerId(server_id);
done(response.Build());
}
public override void Connect(Google.ProtocolBuffers.IRpcController controller, ConnectRequest request, Action<ConnectResponse> done)
{
Logger.Trace("Connect()");
var builder = ConnectResponse.CreateBuilder()
.SetServerId(ProcessId.CreateBuilder().SetLabel(0xAAAA).SetEpoch(DateTime.Now.ToUnixTime()))
.SetClientId(ProcessId.CreateBuilder().SetLabel(0xBBBB).SetEpoch(DateTime.Now.ToUnixTime()));
done(builder.Build());
}
private void ConnectClient(ConnectRequest message)
{
//Todo: any validation
if (true) //isValid
{
_activeClientsActor.Tell(new ClientConnected(message.Username, message.ClientId, Sender));
}
//else
//{
// //Server rejects conenction
// Sender.Tell(new ConnectResponse(false));
//}
}
public static async void HandleConnectRequest(ConnectRequest connectRequest, BnetSession session)
{
// TODO: Verify sent values.
await session.Send(new ConnectResponse
{
ClientId = connectRequest.ClientId,
UseBindlessRpc = connectRequest.UseBindlessRpc,
ServerTime = (ulong)DateTimeOffset.Now.ToUnixTimeMilliseconds(),
ServerId = new ProcessId
{
Epoch = 0,
Label = 0
}
});
}
private void HandleConnectRequest(ConnectRequest msg)
{
_settingsActor.Ask<ImmutableYakkaSettings>(new SettingsActor.RequestCurrentSettingsRequest())
.ContinueWith(task =>
{
return new ConnectWithSettings(task.Result);
})
.PipeTo(Self);
}
public IAsyncResult BeginConnect(string callingPartyNumber, string calledPartyNumber, CIPServices service,
B1Protocol b1, B2Protocol b2, B3Protocol b3, AsyncCallback callback, object state) {
try {
ConnectRequest request = new ConnectRequest(_id);
UInt16 CIPValue = 0;
int s = (int)service;
if (s != 0) {
do {
if ((s & 1) != 0) break;
s >>= 1;
CIPValue++;
} while (CIPValue < 31);
}
request.CIPValue = CIPValue;
request.CalledPartyNumber = calledPartyNumber;
request.CallingPartyNumber = callingPartyNumber;
request.BPtotocol.B1 = b1;
request.BPtotocol.B2 = b2;
request.BPtotocol.B3 = b3;
MessageAsyncResult result = new MessageAsyncResult(this, request, callback, state);
_application.SendRequestMessage(result);
_status = ControllerStatus.Connecting;
return result;
} catch (Exception e) {
Trace.TraceError("Controller#{0}::BeginListen, Exception = {1}", ValidationHelper.HashString(this), e);
throw;
}
}
public override void Connect(Google.ProtocolBuffers.IRpcController controller, ConnectRequest request, Action<ConnectResponse> done) {
throw new NotImplementedException();
}
private void PrimeConnection()
{
#if !NET_CORE
LOG.InfoFormat("Socket connection established to {0}, initiating session", client.Client.RemoteEndPoint);
#endif
ConnectRequest conReq = new ConnectRequest(0, lastZxid, Convert.ToInt32(conn.SessionTimeout.TotalMilliseconds), conn.SessionId, conn.SessionPassword);
lock (outgoingQueue)
{
if (!ClientConnection.DisableAutoWatchReset && (!zooKeeper.DataWatches.IsEmpty() || !zooKeeper.ExistWatches.IsEmpty() || !zooKeeper.ChildWatches.IsEmpty()))
{
var sw = new SetWatches(lastZxid, zooKeeper.DataWatches, zooKeeper.ExistWatches, zooKeeper.ChildWatches);
var h = new RequestHeader();
h.Type = (int)OpCode.SetWatches;
h.Xid = -8;
Packet packet = new Packet(h, new ReplyHeader(), sw, null, null, null, null, null);
//outgoingQueue.AddFirst(packet);
addPacketFirst(packet);
}
foreach (ClientConnection.AuthData id in conn.authInfo)
addPacketFirst(
new Packet(new RequestHeader(-4, (int)OpCode.Auth), null, new AuthPacket(0, id.Scheme, id.GetData()), null, null, null, null, null));
addPacketFirst(new Packet(null, null, conReq, null, null, null, null, null));
}
packetAre.Set();
#if !NET_CORE
if (LOG.IsDebugEnabled)
LOG.DebugFormat("Session establishment request sent on {0}", client.Client.RemoteEndPoint);
#endif
}
/// <summary>
/// This is the core request handler method for a particular connection from client
/// Will create new session (request/response) sequence until
/// client/server abruptly terminates connection or by normal HTTP termination
/// </summary>
/// <param name="client"></param>
/// <param name="clientStream"></param>
/// <param name="clientStreamReader"></param>
/// <param name="clientStreamWriter"></param>
/// <param name="httpsConnectHostname"></param>
/// <param name="endPoint"></param>
/// <param name="connectRequest"></param>
/// <param name="isTransparentEndPoint"></param>
/// <returns></returns>
private async Task HandleHttpSessionRequest(TcpClient client, CustomBufferedStream clientStream,
CustomBinaryReader clientStreamReader, HttpResponseWriter clientStreamWriter, string httpsConnectHostname,
ProxyEndPoint endPoint, ConnectRequest connectRequest, bool isTransparentEndPoint = false)
{
TcpConnection connection = null;
try
{
//Loop through each subsequest request on this particular client connection
//(assuming HTTP connection is kept alive by client)
while (true)
{
// read the request line
string httpCmd = await clientStreamReader.ReadLineAsync();
if (string.IsNullOrEmpty(httpCmd))
{
break;
}
var args = new SessionEventArgs(BufferSize, endPoint, ExceptionFunc)
{
ProxyClient = { TcpClient = client },
WebSession = { ConnectRequest = connectRequest }
};
try
{
Request.ParseRequestLine(httpCmd, out string httpMethod, out string httpUrl, out var version);
//Read the request headers in to unique and non-unique header collections
await HeaderParser.ReadHeaders(clientStreamReader, args.WebSession.Request.Headers);
Uri httpRemoteUri;
if (uriSchemeRegex.IsMatch(httpUrl))
{
try
{
httpRemoteUri = new Uri(httpUrl);
}
catch (Exception ex)
{
throw new Exception($"Invalid URI: '{httpUrl}'", ex);
}
}
else
{
string host = args.WebSession.Request.Host ?? httpsConnectHostname;
string hostAndPath = host;
if (httpUrl.StartsWith("/"))
{
hostAndPath += httpUrl;
}
string url = string.Concat(httpsConnectHostname == null ? "http://" : "https://", hostAndPath);
try
{
httpRemoteUri = new Uri(url);
}
catch (Exception ex)
{
throw new Exception($"Invalid URI: '{url}'", ex);
}
}
args.WebSession.Request.RequestUri = httpRemoteUri;
args.WebSession.Request.OriginalUrl = httpUrl;
args.WebSession.Request.Method = httpMethod;
args.WebSession.Request.HttpVersion = version;
args.ProxyClient.ClientStream = clientStream;
args.ProxyClient.ClientStreamReader = clientStreamReader;
args.ProxyClient.ClientStreamWriter = clientStreamWriter;
//proxy authorization check
if (!args.IsTransparent && httpsConnectHostname == null && await CheckAuthorization(clientStreamWriter, args) == false)
{
break;
}
if (!isTransparentEndPoint)
{
PrepareRequestHeaders(args.WebSession.Request.Headers);
args.WebSession.Request.Host = args.WebSession.Request.RequestUri.Authority;
}
//if win auth is enabled
//we need a cache of request body
//so that we can send it after authentication in WinAuthHandler.cs
if (isWindowsAuthenticationEnabledAndSupported && args.WebSession.Request.HasBody)
{
await args.GetRequestBody();
}
//If user requested interception do it
if (BeforeRequest != null)
{
await BeforeRequest.InvokeAsync(this, args, ExceptionFunc);
}
var response = args.WebSession.Response;
if (args.WebSession.Request.CancelRequest)
{
await HandleHttpSessionResponse(args);
if (!response.KeepAlive)
{
break;
}
continue;
}
//create a new connection if hostname/upstream end point changes
if (connection != null &&
(!connection.HostName.Equals(args.WebSession.Request.RequestUri.Host, StringComparison.OrdinalIgnoreCase) ||
(args.WebSession.UpStreamEndPoint != null &&
!args.WebSession.UpStreamEndPoint.Equals(connection.UpStreamEndPoint))))
{
connection.Dispose();
connection = null;
}
if (connection == null)
{
connection = await GetServerConnection(args, false);
}
//if upgrading to websocket then relay the requet without reading the contents
if (args.WebSession.Request.UpgradeToWebSocket)
{
//prepare the prefix content
var requestHeaders = args.WebSession.Request.Headers;
await connection.StreamWriter.WriteLineAsync(httpCmd);
await connection.StreamWriter.WriteHeadersAsync(requestHeaders);
string httpStatus = await connection.StreamReader.ReadLineAsync();
Response.ParseResponseLine(httpStatus, out var responseVersion, out int responseStatusCode, out string responseStatusDescription);
response.HttpVersion = responseVersion;
response.StatusCode = responseStatusCode;
response.StatusDescription = responseStatusDescription;
await HeaderParser.ReadHeaders(connection.StreamReader, response.Headers);
if (!args.IsTransparent)
{
await clientStreamWriter.WriteResponseAsync(response);
}
//If user requested call back then do it
if (BeforeResponse != null && !args.WebSession.Response.ResponseLocked)
{
await BeforeResponse.InvokeAsync(this, args, ExceptionFunc);
}
await TcpHelper.SendRaw(clientStream, connection.Stream, BufferSize,
(buffer, offset, count) => { args.OnDataSent(buffer, offset, count); },
(buffer, offset, count) => { args.OnDataReceived(buffer, offset, count); },
ExceptionFunc);
break;
}
//construct the web request that we are going to issue on behalf of the client.
await HandleHttpSessionRequestInternal(connection, args);
//if connection is closing exit
if (!response.KeepAlive)
{
break;
}
}
catch (Exception e) when(!(e is ProxyHttpException))
{
throw new ProxyHttpException("Error occured whilst handling session request", e, args);
}
finally
{
args.Dispose();
}
}
}
finally
{
connection?.Dispose();
}
}
/// <summary>
/// Creates a TCP connection to server
/// </summary>
/// <param name="remoteHostName">The remote hostname.</param>
/// <param name="remotePort">The remote port.</param>
/// <param name="httpVersion">The http version to use.</param>
/// <param name="isHttps">Is this a HTTPS request.</param>
/// <param name="sslProtocol">The SSL protocol.</param>
/// <param name="applicationProtocols">The list of HTTPS application level protocol to negotiate if needed.</param>
/// <param name="isConnect">Is this a CONNECT request.</param>
/// <param name="proxyServer">The current ProxyServer instance.</param>
/// <param name="session">The http session.</param>
/// <param name="upStreamEndPoint">The local upstream endpoint to make request via.</param>
/// <param name="externalProxy">The external proxy to make request via.</param>
/// <param name="cancellationToken">The cancellation token for this async task.</param>
/// <returns></returns>
private async Task <TcpServerConnection> createServerConnection(string remoteHostName, int remotePort,
Version httpVersion, bool isHttps, SslProtocols sslProtocol, List <SslApplicationProtocol> applicationProtocols, bool isConnect,
ProxyServer proxyServer, SessionEventArgsBase session, IPEndPoint upStreamEndPoint, ExternalProxy externalProxy,
CancellationToken cancellationToken)
{
// deny connection to proxy end points to avoid infinite connection loop.
if (Server.ProxyEndPoints.Any(x => x.Port == remotePort) &&
NetworkHelper.IsLocalIpAddress(remoteHostName))
{
throw new Exception($"A client is making HTTP request to one of the listening ports of this proxy {remoteHostName}:{remotePort}");
}
if (externalProxy != null)
{
if (Server.ProxyEndPoints.Any(x => x.Port == externalProxy.Port) &&
NetworkHelper.IsLocalIpAddress(externalProxy.HostName))
{
throw new Exception($"A client is making HTTP request via external proxy to one of the listening ports of this proxy {remoteHostName}:{remotePort}");
}
}
bool useUpstreamProxy = false;
// check if external proxy is set for HTTP/HTTPS
if (externalProxy != null &&
!(externalProxy.HostName == remoteHostName && externalProxy.Port == remotePort))
{
useUpstreamProxy = true;
// check if we need to ByPass
if (externalProxy.BypassLocalhost && NetworkHelper.IsLocalIpAddress(remoteHostName))
{
useUpstreamProxy = false;
}
}
TcpClient tcpClient = null;
CustomBufferedStream stream = null;
SslApplicationProtocol negotiatedApplicationProtocol = default;
bool retry = true;
var enabledSslProtocols = sslProtocol;
retry:
try
{
var hostname = useUpstreamProxy ? externalProxy.HostName : remoteHostName;
var port = useUpstreamProxy ? externalProxy.Port : remotePort;
var ipAddresses = await Dns.GetHostAddressesAsync(hostname);
if (ipAddresses == null || ipAddresses.Length == 0)
{
throw new Exception($"Could not resolve the hostname {hostname}");
}
if (session != null)
{
session.TimeLine["Dns Resolved"] = DateTime.Now;
}
for (int i = 0; i < ipAddresses.Length; i++)
{
try
{
var ipAddress = ipAddresses[i];
if (upStreamEndPoint == null)
{
tcpClient = new TcpClient(ipAddress.AddressFamily);
}
else
{
tcpClient = new TcpClient(upStreamEndPoint);
}
tcpClient.NoDelay = proxyServer.NoDelay;
tcpClient.ReceiveTimeout = proxyServer.ConnectionTimeOutSeconds * 1000;
tcpClient.SendTimeout = proxyServer.ConnectionTimeOutSeconds * 1000;
tcpClient.LingerState = new LingerOption(true, proxyServer.TcpTimeWaitSeconds);
// linux has a bug with socket reuse in .net core.
if (proxyServer.ReuseSocket && RunTime.IsWindows)
{
tcpClient.Client.SetSocketOption(SocketOptionLevel.Socket, SocketOptionName.ReuseAddress, true);
}
await tcpClient.ConnectAsync(ipAddresses[i], port);
break;
}
catch (Exception e)
{
if (i == ipAddresses.Length - 1)
{
throw new Exception($"Could not establish connection to {hostname}", e);
}
// dispose the current TcpClient and try the next address
tcpClient?.Dispose();
}
}
if (session != null)
{
session.TimeLine["Connection Established"] = DateTime.Now;
}
await proxyServer.InvokeConnectionCreateEvent(tcpClient, false);
stream = new CustomBufferedStream(tcpClient.GetStream(), proxyServer.BufferPool);
if (useUpstreamProxy && (isConnect || isHttps))
{
var writer = new HttpRequestWriter(stream, proxyServer.BufferPool);
var connectRequest = new ConnectRequest
{
OriginalUrl = $"{remoteHostName}:{remotePort}",
HttpVersion = httpVersion
};
connectRequest.Headers.AddHeader(KnownHeaders.Connection, KnownHeaders.ConnectionKeepAlive);
if (!string.IsNullOrEmpty(externalProxy.UserName) && externalProxy.Password != null)
{
connectRequest.Headers.AddHeader(HttpHeader.ProxyConnectionKeepAlive);
connectRequest.Headers.AddHeader(
HttpHeader.GetProxyAuthorizationHeader(externalProxy.UserName, externalProxy.Password));
}
await writer.WriteRequestAsync(connectRequest, cancellationToken : cancellationToken);
string httpStatus = await stream.ReadLineAsync(cancellationToken);
Response.ParseResponseLine(httpStatus, out _, out int statusCode, out string statusDescription);
if (statusCode != 200 && !statusDescription.EqualsIgnoreCase("OK") &&
!statusDescription.EqualsIgnoreCase("Connection Established"))
{
throw new Exception("Upstream proxy failed to create a secure tunnel");
}
await stream.ReadAndIgnoreAllLinesAsync(cancellationToken);
}
if (isHttps)
{
var sslStream = new SslStream(stream, false, proxyServer.ValidateServerCertificate,
proxyServer.SelectClientCertificate);
stream = new CustomBufferedStream(sslStream, proxyServer.BufferPool);
var options = new SslClientAuthenticationOptions
{
ApplicationProtocols = applicationProtocols,
TargetHost = remoteHostName,
ClientCertificates = null,
EnabledSslProtocols = enabledSslProtocols,
CertificateRevocationCheckMode = proxyServer.CheckCertificateRevocation
};
await sslStream.AuthenticateAsClientAsync(options, cancellationToken);
#if NETSTANDARD2_1
negotiatedApplicationProtocol = sslStream.NegotiatedApplicationProtocol;
#endif
if (session != null)
{
session.TimeLine["HTTPS Established"] = DateTime.Now;
}
}
}
catch (IOException ex) when(ex.HResult == unchecked ((int)0x80131620) && retry && enabledSslProtocols >= SslProtocols.Tls11)
{
enabledSslProtocols = SslProtocols.Tls;
retry = false;
goto retry;
}
catch (Exception)
{
stream?.Dispose();
tcpClient?.Close();
throw;
}
return(new TcpServerConnection(proxyServer, tcpClient)
{
UpStreamProxy = externalProxy,
UpStreamEndPoint = upStreamEndPoint,
HostName = remoteHostName,
Port = remotePort,
IsHttps = isHttps,
NegotiatedApplicationProtocol = negotiatedApplicationProtocol,
UseUpstreamProxy = useUpstreamProxy,
StreamWriter = new HttpRequestWriter(stream, proxyServer.BufferPool),
Stream = stream,
Version = httpVersion
});
}
private void ConnectTo_Click(object sender, RoutedEventArgs e)
{
ConnectRequest.Invoke(this, ContainingVertex);
}
/// <summary>
/// This is called when client is aware of proxy
/// So for HTTPS requests client would send CONNECT header to negotiate a secure tcp tunnel via proxy
/// </summary>
/// <param name="endPoint">The explicit endpoint.</param>
/// <param name="clientConnection">The client connection.</param>
/// <returns>The task.</returns>
private async Task handleClient(ExplicitProxyEndPoint endPoint, TcpClientConnection clientConnection)
{
var cancellationTokenSource = new CancellationTokenSource();
var cancellationToken = cancellationTokenSource.Token;
var clientStream = new CustomBufferedStream(clientConnection.GetStream(), BufferPool);
var clientStreamWriter = new HttpResponseWriter(clientStream, BufferPool);
Task <TcpServerConnection>?prefetchConnectionTask = null;
bool closeServerConnection = false;
bool calledRequestHandler = false;
SslStream?sslStream = null;
try
{
string?connectHostname = null;
TunnelConnectSessionEventArgs?connectArgs = null;
// Client wants to create a secure tcp tunnel (probably its a HTTPS or Websocket request)
if (await HttpHelper.IsConnectMethod(clientStream, BufferPool, cancellationToken) == 1)
{
// read the first line HTTP command
string?httpCmd = await clientStream.ReadLineAsync(cancellationToken);
if (string.IsNullOrEmpty(httpCmd))
{
return;
}
Request.ParseRequestLine(httpCmd !, out string _, out string httpUrl, out var version);
var httpRemoteUri = new Uri("http://" + httpUrl);
connectHostname = httpRemoteUri.Host;
var connectRequest = new ConnectRequest
{
RequestUri = httpRemoteUri,
OriginalUrl = httpUrl,
HttpVersion = version
};
await HeaderParser.ReadHeaders(clientStream, connectRequest.Headers, cancellationToken);
connectArgs = new TunnelConnectSessionEventArgs(this, endPoint, connectRequest,
cancellationTokenSource);
clientStream.DataRead += (o, args) => connectArgs.OnDataSent(args.Buffer, args.Offset, args.Count);
clientStream.DataWrite += (o, args) => connectArgs.OnDataReceived(args.Buffer, args.Offset, args.Count);
connectArgs.ProxyClient.Connection = clientConnection;
connectArgs.ProxyClient.ClientStream = clientStream;
await endPoint.InvokeBeforeTunnelConnectRequest(this, connectArgs, ExceptionFunc);
// filter out excluded host names
bool decryptSsl = endPoint.DecryptSsl && connectArgs.DecryptSsl;
if (connectArgs.DenyConnect)
{
if (connectArgs.HttpClient.Response.StatusCode == 0)
{
connectArgs.HttpClient.Response = new Response
{
HttpVersion = HttpHeader.Version11,
StatusCode = (int)HttpStatusCode.Forbidden,
StatusDescription = "Forbidden"
};
}
// send the response
await clientStreamWriter.WriteResponseAsync(connectArgs.HttpClient.Response,
cancellationToken : cancellationToken);
return;
}
if (await checkAuthorization(connectArgs) == false)
{
await endPoint.InvokeBeforeTunnelConnectResponse(this, connectArgs, ExceptionFunc);
// send the response
await clientStreamWriter.WriteResponseAsync(connectArgs.HttpClient.Response,
cancellationToken : cancellationToken);
return;
}
// write back successful CONNECT response
var response = ConnectResponse.CreateSuccessfulConnectResponse(version);
// Set ContentLength explicitly to properly handle HTTP 1.0
response.ContentLength = 0;
response.Headers.FixProxyHeaders();
connectArgs.HttpClient.Response = response;
await clientStreamWriter.WriteResponseAsync(response, cancellationToken : cancellationToken);
var clientHelloInfo = await SslTools.PeekClientHello(clientStream, BufferPool, cancellationToken);
bool isClientHello = clientHelloInfo != null;
if (clientHelloInfo != null)
{
connectRequest.TunnelType = TunnelType.Https;
connectRequest.ClientHelloInfo = clientHelloInfo;
}
await endPoint.InvokeBeforeTunnelConnectResponse(this, connectArgs, ExceptionFunc, isClientHello);
if (decryptSsl && clientHelloInfo != null)
{
clientConnection.SslProtocol = clientHelloInfo.SslProtocol;
connectRequest.RequestUri = new Uri("https://" + httpUrl);
bool http2Supported = false;
var alpn = clientHelloInfo.GetAlpn();
if (alpn != null && alpn.Contains(SslApplicationProtocol.Http2))
{
// test server HTTP/2 support
try
{
// todo: this is a hack, because Titanium does not support HTTP protocol changing currently
var connection = await tcpConnectionFactory.GetServerConnection(this, connectArgs,
isConnect : true, applicationProtocols : SslExtensions.Http2ProtocolAsList,
noCache : true, cancellationToken : cancellationToken);
http2Supported = connection.NegotiatedApplicationProtocol ==
SslApplicationProtocol.Http2;
// release connection back to pool instead of closing when connection pool is enabled.
await tcpConnectionFactory.Release(connection, true);
}
catch (Exception)
{
// ignore
}
}
if (EnableTcpServerConnectionPrefetch)
{
IPAddress[]? ipAddresses = null;
try
{
// make sure the host can be resolved before creating the prefetch task
ipAddresses = await Dns.GetHostAddressesAsync(connectArgs.HttpClient.Request.RequestUri.Host);
}
catch (SocketException) { }
if (ipAddresses != null && ipAddresses.Length > 0)
{
// don't pass cancellation token here
// it could cause floating server connections when client exits
prefetchConnectionTask = tcpConnectionFactory.GetServerConnection(this, connectArgs,
isConnect: true, applicationProtocols: null, noCache: false,
cancellationToken: CancellationToken.None);
}
}
X509Certificate2?certificate = null;
try
{
sslStream = new SslStream(clientStream, false);
string certName = HttpHelper.GetWildCardDomainName(connectHostname);
certificate = endPoint.GenericCertificate ??
await CertificateManager.CreateServerCertificate(certName);
// Successfully managed to authenticate the client using the fake certificate
var options = new SslServerAuthenticationOptions();
if (EnableHttp2 && http2Supported)
{
options.ApplicationProtocols = clientHelloInfo.GetAlpn();
if (options.ApplicationProtocols == null || options.ApplicationProtocols.Count == 0)
{
options.ApplicationProtocols = SslExtensions.Http11ProtocolAsList;
}
}
options.ServerCertificate = certificate;
options.ClientCertificateRequired = false;
options.EnabledSslProtocols = SupportedSslProtocols;
options.CertificateRevocationCheckMode = X509RevocationMode.NoCheck;
await sslStream.AuthenticateAsServerAsync(options, cancellationToken);
#if NETSTANDARD2_1
clientConnection.NegotiatedApplicationProtocol = sslStream.NegotiatedApplicationProtocol;
#endif
// HTTPS server created - we can now decrypt the client's traffic
clientStream = new CustomBufferedStream(sslStream, BufferPool);
clientStream.DataRead += (o, args) => connectArgs.OnDecryptedDataSent(args.Buffer, args.Offset, args.Count);
clientStream.DataWrite += (o, args) => connectArgs.OnDecryptedDataReceived(args.Buffer, args.Offset, args.Count);
clientStreamWriter = new HttpResponseWriter(clientStream, BufferPool);
}
catch (Exception e)
{
var certName = certificate?.GetNameInfo(X509NameType.SimpleName, false);
throw new ProxyConnectException(
$"Couldn't authenticate host '{connectHostname}' with certificate '{certName}'.", e, connectArgs);
}
if (await HttpHelper.IsConnectMethod(clientStream, BufferPool, cancellationToken) == -1)
{
decryptSsl = false;
}
if (!decryptSsl)
{
await tcpConnectionFactory.Release(prefetchConnectionTask, true);
prefetchConnectionTask = null;
}
}
if (cancellationTokenSource.IsCancellationRequested)
{
throw new Exception("Session was terminated by user.");
}
// Hostname is excluded or it is not an HTTPS connect
if (!decryptSsl || !isClientHello)
{
if (!isClientHello)
{
connectRequest.TunnelType = TunnelType.Websocket;
}
// create new connection to server.
// If we detected that client tunnel CONNECTs without SSL by checking for empty client hello then
// this connection should not be HTTPS.
var connection = await tcpConnectionFactory.GetServerConnection(this, connectArgs,
isConnect: true, applicationProtocols : SslExtensions.Http2ProtocolAsList,
noCache : true, cancellationToken : cancellationToken);
try
{
if (isClientHello)
{
int available = clientStream.Available;
if (available > 0)
{
// send the buffered data
var data = BufferPool.GetBuffer();
try
{
// clientStream.Available should be at most BufferSize because it is using the same buffer size
await clientStream.ReadAsync(data, 0, available, cancellationToken);
await connection.StreamWriter.WriteAsync(data, 0, available, true, cancellationToken);
}
finally
{
BufferPool.ReturnBuffer(data);
}
}
var serverHelloInfo = await SslTools.PeekServerHello(connection.Stream, BufferPool, cancellationToken);
((ConnectResponse)connectArgs.HttpClient.Response).ServerHelloInfo = serverHelloInfo;
}
if (!clientStream.IsClosed && !connection.Stream.IsClosed)
{
await TcpHelper.SendRaw(clientStream, connection.Stream, BufferPool,
null, null, connectArgs.CancellationTokenSource, ExceptionFunc);
}
}
finally
{
await tcpConnectionFactory.Release(connection, true);
}
return;
}
}
if (connectArgs != null && await HttpHelper.IsPriMethod(clientStream, BufferPool, cancellationToken) == 1)
{
// todo
string?httpCmd = await clientStream.ReadLineAsync(cancellationToken);
if (httpCmd == "PRI * HTTP/2.0")
{
connectArgs.HttpClient.ConnectRequest !.TunnelType = TunnelType.Http2;
// HTTP/2 Connection Preface
string?line = await clientStream.ReadLineAsync(cancellationToken);
if (line != string.Empty)
{
throw new Exception($"HTTP/2 Protocol violation. Empty string expected, '{line}' received");
}
line = await clientStream.ReadLineAsync(cancellationToken);
if (line != "SM")
{
throw new Exception($"HTTP/2 Protocol violation. 'SM' expected, '{line}' received");
}
line = await clientStream.ReadLineAsync(cancellationToken);
if (line != string.Empty)
{
throw new Exception($"HTTP/2 Protocol violation. Empty string expected, '{line}' received");
}
var connection = await tcpConnectionFactory.GetServerConnection(this, connectArgs,
isConnect : true, applicationProtocols : SslExtensions.Http2ProtocolAsList,
noCache : true, cancellationToken : cancellationToken);
try
{
#if NETSTANDARD2_1
var connectionPreface = new ReadOnlyMemory <byte>(Http2Helper.ConnectionPreface);
await connection.StreamWriter.WriteAsync(connectionPreface, cancellationToken);
await Http2Helper.SendHttp2(clientStream, connection.Stream,
() => new SessionEventArgs(this, endPoint, cancellationTokenSource)
{
ProxyClient = { Connection = clientConnection },
HttpClient = { ConnectRequest = connectArgs?.HttpClient.ConnectRequest },
UserData = connectArgs?.UserData
},
async args => { await onBeforeRequest(args); },
async args => { await onBeforeResponse(args); },
connectArgs.CancellationTokenSource, clientConnection.Id, ExceptionFunc);
#endif
}
finally
{
await tcpConnectionFactory.Release(connection, true);
}
}
}
calledRequestHandler = true;
// Now create the request
await handleHttpSessionRequest(endPoint, clientConnection, clientStream, clientStreamWriter,
cancellationTokenSource, connectHostname, connectArgs, prefetchConnectionTask);
}
catch (ProxyException e)
{
closeServerConnection = true;
onException(clientStream, e);
}
catch (IOException e)
{
closeServerConnection = true;
onException(clientStream, new Exception("Connection was aborted", e));
}
catch (SocketException e)
{
closeServerConnection = true;
onException(clientStream, new Exception("Could not connect", e));
}
catch (Exception e)
{
closeServerConnection = true;
onException(clientStream, new Exception("Error occured in whilst handling the client", e));
}
finally
{
if (!calledRequestHandler)
{
await tcpConnectionFactory.Release(prefetchConnectionTask, closeServerConnection);
}
sslStream?.Dispose();
clientStream.Dispose();
if (!cancellationTokenSource.IsCancellationRequested)
{
cancellationTokenSource.Cancel();
}
}
}
/// <summary>
/// This is called when client is aware of proxy
/// So for HTTPS requests client would send CONNECT header to negotiate a secure tcp tunnel via proxy
/// </summary>
/// <param name="endPoint"></param>
/// <param name="tcpClient"></param>
/// <returns></returns>
private async Task HandleClient(ExplicitProxyEndPoint endPoint, TcpClient tcpClient)
{
var clientStream = new CustomBufferedStream(tcpClient.GetStream(), BufferSize);
var clientStreamReader = new CustomBinaryReader(clientStream, BufferSize);
var clientStreamWriter = new HttpResponseWriter(clientStream, BufferSize);
try
{
string connectHostname = null;
ConnectRequest connectRequest = null;
//Client wants to create a secure tcp tunnel (probably its a HTTPS or Websocket request)
if (await IsConnectMethod(clientStream) == 1)
{
//read the first line HTTP command
string httpCmd = await clientStreamReader.ReadLineAsync();
if (string.IsNullOrEmpty(httpCmd))
{
return;
}
Request.ParseRequestLine(httpCmd, out string _, out string httpUrl, out var version);
var httpRemoteUri = new Uri("http://" + httpUrl);
connectHostname = httpRemoteUri.Host;
//filter out excluded host names
bool excluded = false;
if (endPoint.ExcludedHttpsHostNameRegex != null)
{
excluded = endPoint.ExcludedHttpsHostNameRegexList.Any(x => x.IsMatch(connectHostname));
}
if (endPoint.IncludedHttpsHostNameRegex != null)
{
excluded = !endPoint.IncludedHttpsHostNameRegexList.Any(x => x.IsMatch(connectHostname));
}
connectRequest = new ConnectRequest
{
RequestUri = httpRemoteUri,
OriginalUrl = httpUrl,
HttpVersion = version,
};
await HeaderParser.ReadHeaders(clientStreamReader, connectRequest.Headers);
var connectArgs = new TunnelConnectSessionEventArgs(BufferSize, endPoint, connectRequest, ExceptionFunc);
connectArgs.ProxyClient.TcpClient = tcpClient;
connectArgs.ProxyClient.ClientStream = clientStream;
if (TunnelConnectRequest != null)
{
await TunnelConnectRequest.InvokeAsync(this, connectArgs, ExceptionFunc);
}
if (await CheckAuthorization(clientStreamWriter, connectArgs) == false)
{
if (TunnelConnectResponse != null)
{
await TunnelConnectResponse.InvokeAsync(this, connectArgs, ExceptionFunc);
}
return;
}
//write back successfull CONNECT response
var response = ConnectResponse.CreateSuccessfullConnectResponse(version);
response.Headers.FixProxyHeaders();
connectArgs.WebSession.Response = response;
await clientStreamWriter.WriteResponseAsync(response);
var clientHelloInfo = await SslTools.PeekClientHello(clientStream);
bool isClientHello = clientHelloInfo != null;
if (isClientHello)
{
connectRequest.ClientHelloInfo = clientHelloInfo;
}
if (TunnelConnectResponse != null)
{
connectArgs.IsHttpsConnect = isClientHello;
await TunnelConnectResponse.InvokeAsync(this, connectArgs, ExceptionFunc);
}
if (!excluded && isClientHello)
{
connectRequest.RequestUri = new Uri("https://" + httpUrl);
SslStream sslStream = null;
try
{
sslStream = new SslStream(clientStream);
string certName = HttpHelper.GetWildCardDomainName(connectHostname);
var certificate = endPoint.GenericCertificate ?? CertificateManager.CreateCertificate(certName, false);
//Successfully managed to authenticate the client using the fake certificate
await sslStream.AuthenticateAsServerAsync(certificate, false, SupportedSslProtocols, false);
//HTTPS server created - we can now decrypt the client's traffic
clientStream = new CustomBufferedStream(sslStream, BufferSize);
clientStreamReader.Dispose();
clientStreamReader = new CustomBinaryReader(clientStream, BufferSize);
clientStreamWriter = new HttpResponseWriter(clientStream, BufferSize);
}
catch
{
sslStream?.Dispose();
return;
}
if (await IsConnectMethod(clientStream) == -1)
{
// It can be for example some Google (Cloude Messaging for Chrome) magic
excluded = true;
}
}
//Hostname is excluded or it is not an HTTPS connect
if (excluded || !isClientHello)
{
//create new connection
using (var connection = await GetServerConnection(connectArgs, true))
{
if (isClientHello)
{
int available = clientStream.Available;
if (available > 0)
{
//send the buffered data
var data = BufferPool.GetBuffer(BufferSize);
try
{
// clientStream.Available sbould be at most BufferSize because it is using the same buffer size
await clientStream.ReadAsync(data, 0, available);
await connection.StreamWriter.WriteAsync(data, 0, available, true);
}
finally
{
BufferPool.ReturnBuffer(data);
}
}
var serverHelloInfo = await SslTools.PeekServerHello(connection.Stream);
((ConnectResponse)connectArgs.WebSession.Response).ServerHelloInfo = serverHelloInfo;
}
await TcpHelper.SendRaw(clientStream, connection.Stream, BufferSize,
(buffer, offset, count) => { connectArgs.OnDataSent(buffer, offset, count); },
(buffer, offset, count) => { connectArgs.OnDataReceived(buffer, offset, count); },
ExceptionFunc);
}
return;
}
}
//Now create the request
await HandleHttpSessionRequest(tcpClient, clientStream, clientStreamReader, clientStreamWriter, connectHostname, endPoint, connectRequest);
}
catch (ProxyHttpException e)
{
ExceptionFunc(e);
}
catch (IOException e)
{
ExceptionFunc(new Exception("Connection was aborted", e));
}
catch (SocketException e)
{
ExceptionFunc(new Exception("Could not connect", e));
}
catch (Exception e)
{
ExceptionFunc(new Exception("Error occured in whilst handling the client", e));
}
finally
{
clientStreamReader.Dispose();
clientStream.Dispose();
}
}
public override void Connect(IRpcController controller, ConnectRequest request, Action<ConnectResponse> done)
{
ProtoOutputBuffer.Write(request.GetType(), request.ToString());
}
public Task TestConnection()
{
var doma = CreateDomaClient();
var connectRequest = new ConnectRequest { Username = Username, Password = Password };
var connectTask = Task<ConnectResponse>.Factory.FromAsync(doma.BeginConnect, doma.EndConnect, connectRequest, null);
var getResultTask = connectTask.ContinueWith(t =>
{
if (t.Status == TaskStatus.Faulted)
{
Status = "FAILED";
return;
}
ConnectResponse response = t.Result;
if (response.Success)
{
Status = "OK";
_supportsPublishWithPreUpload = response.Version != null &&
String.Compare(response.Version, "3.0", StringComparison.Ordinal) >= 0;
}
else
Status = response.ErrorMessage;
});
return getResultTask;
}
internal TunnelConnectSessionEventArgs(ProxyServer server, ProxyEndPoint endPoint, ConnectRequest connectRequest,
HttpClientStream clientStream, CancellationTokenSource cancellationTokenSource)
: base(server, endPoint, clientStream, connectRequest, connectRequest, cancellationTokenSource)
{
}
