#868 Add Forward port & host options

justcoding121 · justcoding121 · commit 4641d47f67b4 · 2021-06-15T11:28:53.000-06:00
diff --git a/examples/Titanium.Web.Proxy.Examples.Basic/ProxyTestController.cs b/examples/Titanium.Web.Proxy.Examples.Basic/ProxyTestController.cs
@@ -27,7 +27,7 @@ public class ProxyTestController : IDisposable
 
         public ProxyTestController()
         {
-            Task.Run(()=> listenToConsole());
+            Task.Run(() => listenToConsole());
 
             proxyServer = new ProxyServer();
 
@@ -97,13 +97,13 @@ public void StartProxy()
             proxyServer.Start();
 
             // Transparent endpoint is useful for reverse proxy (client is not aware of the existence of proxy)
-            // A transparent endpoint usually requires a network router port forwarding HTTP(S) packets or DNS
-            // to send data to this endPoint
+            // A transparent endpoint usually requires a network router port forwarding HTTP(S) packets
+            // or by DNS to send data to this endPoint.
             //var transparentEndPoint = new TransparentProxyEndPoint(IPAddress.Any, 443, true)
-            //{ 
+            //{
             //    // Generic Certificate hostname to use
             //    // When SNI is disabled by client
-            //    GenericCertificateName = "google.com"
+            //    GenericCertificateName = "localhost"
             //};
 
             //proxyServer.AddEndPoint(transparentEndPoint);
diff --git a/src/Titanium.Web.Proxy/EventArguments/BeforeSslAuthenticateEventArgs.cs b/src/Titanium.Web.Proxy/EventArguments/BeforeSslAuthenticateEventArgs.cs
@@ -14,11 +14,12 @@ internal BeforeSslAuthenticateEventArgs(ProxyServer server, TcpClientConnection
         {
             TaskCancellationSource = taskCancellationSource;
             SniHostName = sniHostName;
+            ForwardHttpsHostName = sniHostName;
         }
 
         /// <summary>
-        ///     The server name indication hostname if available. Otherwise the generic certificate hostname of
-        ///     TransparentEndPoint.
+        ///     The server name indication hostname if available. 
+        ///     Otherwise the GenericCertificateName property of TransparentEndPoint.
         /// </summary>
         public string SniHostName { get; }
 
@@ -29,6 +30,25 @@ internal BeforeSslAuthenticateEventArgs(ProxyServer server, TcpClientConnection
         /// </summary>
         public bool DecryptSsl { get; set; } = true;
 
+        /// <summary>
+        /// We need to know the server hostname we are forwarding the request to.
+        /// By default its the SNI hostname indicated in SSL handshake, when SNI is available.
+        /// When SNI is not available, it will use the GenericCertificateName of TransparentEndPoint.
+        /// This property is used only when DecryptSsl or when BeforeSslAuthenticateEventArgs.DecryptSsl is false.
+        /// When DecryptSsl is true, we need to explicitly set the Forwarded host and port by setting 
+        /// e.HttpClient.Request.Url inside BeforeRequest event handler.
+        /// </summary>
+        public string ForwardHttpsHostName { get; set; }
+
+        /// <summary>
+        /// We need to know the server port we are forwarding the request to.
+        /// By default its the standard https port, 443. 
+        /// This property is used only when DecryptSsl or when BeforeSslAuthenticateEventArgs.DecryptSsl is false.
+        /// When DecryptSsl is true, we need to explicitly set the Forwarded host and port by setting 
+        /// e.HttpClient.Request.Url inside BeforeRequest event handler.
+        /// </summary>
+        public int ForwardHttpsPort { get; set; } = 443;
+
         /// <summary>
         ///     Terminate the request abruptly by closing client/server connections.
         /// </summary>
diff --git a/src/Titanium.Web.Proxy/Models/TransparentBaseProxyEndPoint.cs b/src/Titanium.Web.Proxy/Models/TransparentBaseProxyEndPoint.cs
@@ -5,7 +5,12 @@
 namespace Titanium.Web.Proxy.Models
 {
     public abstract class TransparentBaseProxyEndPoint : ProxyEndPoint
-    {
+    {   
+        /// <summary>
+        /// The hostname of the generic certificate to negotiate SSL.
+        /// This will be only used when Sever Name Indication (SNI) is not supported by client, 
+        /// or when it does not indicate any host name.
+        /// </summary>
         public abstract string GenericCertificateName { get; set; }
 
         protected TransparentBaseProxyEndPoint(IPAddress ipAddress, int port, bool decryptSsl) : base(ipAddress, port, decryptSsl)
diff --git a/src/Titanium.Web.Proxy/TransparentClientHandler.cs b/src/Titanium.Web.Proxy/TransparentClientHandler.cs
@@ -91,7 +91,7 @@ private async Task handleClient(TransparentBaseProxyEndPoint endPoint, TcpClient
                     else
                     {
                         var sessionArgs = new SessionEventArgs(this, endPoint, clientStream, null, cancellationTokenSource);
-                        var connection = (await tcpConnectionFactory.GetServerConnection(this, httpsHostName, port,
+                        var connection = (await tcpConnectionFactory.GetServerConnection(this, args.ForwardHttpsHostName, args.ForwardHttpsPort,
                                     HttpHeader.VersionUnknown, false, null,
                                     true, sessionArgs, UpStreamEndPoint,
                                     UpStreamHttpsProxy, true, false, cancellationToken))!;
diff --git a/tests/Titanium.Web.Proxy.IntegrationTests/ReverseProxyTests.cs b/tests/Titanium.Web.Proxy.IntegrationTests/ReverseProxyTests.cs
@@ -1,9 +1,11 @@
 ﻿using System;
+using System.Linq;
 using System.Net;
 using System.Net.Http;
 using System.Threading.Tasks;
 using Microsoft.AspNetCore.Http;
 using Microsoft.VisualStudio.TestTools.UnitTesting;
+using Titanium.Web.Proxy.Models;
 
 namespace Titanium.Web.Proxy.IntegrationTests
 {
@@ -126,5 +128,37 @@ public async Task Smoke_Test_Https_To_Https_Reverse_Proxy()
             Assert.AreEqual("I am server. I received your greetings.", body);
         }
 
+        [TestMethod]
+        public async Task Smoke_Test_Https_To_Https_Reverse_Proxy_Tunnel_Without_Decryption()
+        {
+            var testSuite = new TestSuite();
+
+            var server = testSuite.GetServer();
+            server.HandleRequest((context) =>
+            {
+                return context.Response.WriteAsync("I am server. I received your greetings.");
+            });
+
+            var proxy = testSuite.GetReverseProxy();
+            var endpoint = proxy.ProxyEndPoints.Where(x => x is TransparentProxyEndPoint).First() as TransparentProxyEndPoint;
+
+            endpoint.BeforeSslAuthenticate += async (sender, e) =>
+            {
+                e.DecryptSsl = false;
+                e.ForwardHttpsPort = server.HttpsListeningPort;
+            };
+
+            var client = testSuite.GetReverseProxyClient();
+
+            var response = await client.PostAsync(new Uri($"https://localhost:{proxy.ProxyEndPoints[0].Port}"),
+                                        new StringContent("hello server. I am a client."));
+
+            Assert.AreEqual(HttpStatusCode.OK, response.StatusCode);
+            var body = await response.Content.ReadAsStringAsync();
+
+            Assert.AreEqual("I am server. I received your greetings.", body);
+        }
+
     }
+
 }

Original file line number	Diff line number	Diff line change
`@@ -91,7 +91,7 @@ private async Task handleClient(TransparentBaseProxyEndPoint endPoint, TcpClient`
`91`	`91`	`else`
`92`	`92`	`{`
`93`	`93`	`var sessionArgs = new SessionEventArgs(this, endPoint, clientStream, null, cancellationTokenSource);`
`94`		`- var connection = (await tcpConnectionFactory.GetServerConnection(this, httpsHostName, port,`
	`94`	`+ var connection = (await tcpConnectionFactory.GetServerConnection(this, args.ForwardHttpsHostName, args.ForwardHttpsPort,`
`95`	`95`	`HttpHeader.VersionUnknown, false, null,`
`96`	`96`	`true, sessionArgs, UpStreamEndPoint,`
`97`	`97`	`UpStreamHttpsProxy, true, false, cancellationToken))!;`