/// <summary>
/// Creates a new proxy server instance. Really there should only ever be a single instance
/// created at a time.
/// </summary>
/// <param name="authorityCommonName">
/// The common name to use when generating the certificate authority. Basically, all SSL
/// sites will show that they are secured by a certificate authority with this name that is
/// supplied here.
/// </param>
/// <param name="firewallCallback">
/// The firewall check callback. Used to allow the user to determine if a binary should have
/// its associated traffic pushed through the filter or not.
/// </param>
/// <param name="messageBeginCallback">
/// Message begin callback enables users to inspect and filter messages immediately after
/// they begin. Users also have the power to direct how the proxy will continue to handle the
/// overall transaction that this message belongs to.
/// </param>
/// <param name="messageEndCallback">
/// Message end callback enables users to inspect and filter messages once they have completed.
/// </param>
/// <exception cref="ArgumentException">
/// Will throw if any one of the callbacks are not defined.
/// </exception>
public ProxyServer(string authorityCommonName, FirewallCheckCallback firewallCallback, MessageBeginCallback messageBeginCallback, MessageEndCallback messageEndCallback)
{
m_tlsConnAdapter = new TlsSniConnectionAdapter(authorityCommonName);
m_fwCallback = firewallCallback ?? throw new ArgumentException("The firewall callback MUST be defined.");
FilterResponseHandlerFactory.Default.MessageBeginCallback = messageBeginCallback ?? throw new ArgumentException("The message begin callback MUST be defined.");
FilterResponseHandlerFactory.Default.MessageEndCallback = messageEndCallback ?? throw new ArgumentException("The message end callback MUST be defined.");
// Hook the cert verification callback.
ServicePointManager.ServerCertificateValidationCallback += CertificateVerificationHandler;
}
/// <summary>
/// Creates a new proxy server instance. Really there should only ever be a single instance
/// created at a time.
/// </summary>
/// <param name="configuration">
/// The proxy server configuration to use.
/// </param>
/// <exception cref="ArgumentException">
/// Will throw if any one of the callbacks in the supplied configuration are not defined.
/// </exception>
public ProxyServer(ProxyServerConfiguration configuration)
{
_tlsConnAdapter = new TlsSniConnectionAdapter(CreateCertificateStore(configuration.AuthorityName ?? "CitadelCore"));
_fwCallback = configuration.FirewallCheckCallback ?? throw new ArgumentException("The firewall callback MUST be defined.", nameof(configuration));
FilterResponseHandlerFactory.Default.NewMessageCallback = configuration.NewHttpMessageHandler ?? throw new ArgumentException("The new message callback MUST be defined.", nameof(configuration));
FilterResponseHandlerFactory.Default.WholeBodyInspectionCallback = configuration.HttpMessageWholeBodyInspectionHandler ?? throw new ArgumentException("The whole-body content inspection callback MUST be defined.", nameof(configuration));
FilterResponseHandlerFactory.Default.StreamedInspectionCallback = configuration.HttpMessageStreamedInspectionHandler ?? throw new ArgumentException("The streaming content inspection callback MUST be defined.", nameof(configuration));
FilterResponseHandlerFactory.Default.BadCertificateCallback = configuration.BadCertificateHandler ?? throw new ArgumentException("The bad certificate callback MUST be defined.", nameof(configuration));
// Hook the cert verification callback.
ServicePointManager.ServerCertificateValidationCallback += CertificateVerificationHandler;
}
/// <summary>
/// Initialize the proxy server. See <see cref="ProxyOptions"/> for more information on parameters.
/// </summary>
/// <param name="options">See <see cref="ProxyOptions"/></param>
public ProxyServer(ProxyOptions options)
{
m_fwCallback = options.FirewallCheckCallback ?? throw new ArgumentException("The firewall callback MUST be defined.");
FilterResponseHandlerFactory.Default.MessageBeginCallback = options.MessageBeginCallback
?? throw new ArgumentException("The message begin callback MUST be defined.");
FilterResponseHandlerFactory.Default.MessageEndCallback = options.MessageEndCallback
?? throw new ArgumentException("The message end callback MUST be defined.");
FilterResponseHandlerFactory.Default.BadCertificateCallback = options.BadCertificateCallback;
FilterResponseHandlerFactory.Default.CertificateExemptions = options.CertificateExemptions
?? throw new ArgumentException("The certificate exemptions MUST be defined.");
}
/// <summary>
/// Creates a new proxy server instance. Really there should only ever be a single instance
/// created at a time.
/// </summary>
/// <param name="configuration">
/// The proxy server configuration to use.
/// </param>
/// <exception cref="ArgumentException">
/// Will throw if any one of the callbacks in the supplied configuration are not defined.
/// </exception>
public ProxyServer(ProxyServerConfiguration configuration)
{
_configuration = configuration;
if (_configuration == null || !_configuration.IsValid)
{
throw new ArgumentException("Configuration is null or invalid. Ensure that all callbacks are defined.");
}
_tlsConnAdapter = new TlsSniConnectionAdapter(CreateCertificateStore(configuration.AuthorityName ?? "CitadelCore"));
_fwCallback = configuration.FirewallCheckCallback ?? throw new ArgumentException("The firewall callback MUST be defined.", nameof(configuration));
_replayResponseFactory = new ReplayResponseHandlerFactory();
_httpResponseFactory = new FilterResponseHandlerFactory(_configuration, _replayResponseFactory);
// Hook the cert verification callback.
ServicePointManager.ServerCertificateValidationCallback += CertificateVerificationHandler;
}
public ProxyServer(FirewallCheckCallback firewallCallback, MessageBeginCallback messageBeginCallback, MessageEndCallback messageEndCallback, BadCertificateCallback badCertificateCallback = null)
{
if (firewallCallback == null)
{
throw new ArgumentException("The firewall callback MUST be defined.");
}
if (messageBeginCallback == null)
{
throw new ArgumentException("The message begin callback MUST be defined.");
}
if (messageEndCallback == null)
{
throw new ArgumentException("The message end callback MUST be defined.");
}
m_fwCallback = firewallCallback;
FilterResponseHandlerFactory.Default.MessageBeginCallback = messageBeginCallback;
FilterResponseHandlerFactory.Default.MessageEndCallback = messageEndCallback;
FilterResponseHandlerFactory.Default.BadCertificateCallback = badCertificateCallback;
}
/// <summary>
/// Creates a new WindowsProxyServer instance. Really there should only ever be a single instance
/// created at a time.
/// </summary>
/// <param name="authorityCommonName">
/// The common name to use when generating the certificate authority. Basically, all SSL
/// sites will show that they are secured by a certificate authority with this name that is
/// supplied here.
/// </param>
/// <param name="firewallCallback">
/// The firewall check callback. Used to allow the user to determine if a binary should have
/// its associated traffic pushed through the filter or not.
/// </param>
/// <param name="messageBeginCallback">
/// Message begin callback enables users to inspect and filter messages immediately after
/// they begin. Users also have the power to direct how the proxy will continue to handle the
/// overall transaction that this message belongs to.
/// </param>
/// <param name="messageEndCallback">
/// Message end callback enables users to inspect and filter messages once they have completed.
/// </param>
/// <exception cref="ArgumentException">
/// Will throw if any one of the callbacks are not defined.
/// </exception>
public WindowsProxyServer(string authorityCommonName, FirewallCheckCallback firewallCallback, MessageBeginCallback messageBeginCallback, MessageEndCallback messageEndCallback) : base(authorityCommonName, firewallCallback, messageBeginCallback, messageEndCallback)
{
}
/// <summary>
/// Configures the proxy server to use the supplied firewall check callback.
/// </summary>
/// <param name="callback">
/// The callback to use.
/// </param>
/// <returns>
/// The chained configuration instance.
/// </returns>
public ProxyServerConfiguration WithFirewallCallback(FirewallCheckCallback callback)
{
this.FirewallCheckCallback = callback;
return(this);
}
public WindowsProxyServer(FirewallCheckCallback firewallCallback, MessageBeginCallback messageBeginCallback, MessageEndCallback messageEndCallback, BadCertificateCallback badCertificateCallback)
: base(firewallCallback, messageBeginCallback, messageEndCallback, badCertificateCallback)
{
}
public WindowsProxyServer(FirewallCheckCallback firewallCallback, MessageBeginCallback messageBeginCallback, MessageEndCallback messageEndCallback) : base(firewallCallback, messageBeginCallback, messageEndCallback)
{
}
private bool OnFirewallCheckCallback([In][MarshalAs(UnmanagedType.LPStr)] string binaryAbsolutePath, IntPtr binaryAbsolutePathLength)
{
var result = FirewallCheckCallback?.Invoke(binaryAbsolutePath);
return(result.HasValue ? result.Value : false);
}
