-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathSslProxy.cs
105 lines (89 loc) · 3.81 KB
/
SslProxy.cs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
// The Sisk Framework source code
// Copyright (c) 2024- PROJECT PRINCIPIUM and all Sisk contributors
//
// The code below is licensed under the MIT license as
// of the date of its publication, available at
//
// File name: SslProxy.cs
// Repository: https://github.com/sisk-http/core
using System.Net;
using System.Security.Authentication;
using System.Security.Cryptography.X509Certificates;
using Sisk.Cadente;
namespace Sisk.Ssl;
/// <summary>
/// Represents a HTTP/1.1 proxy server that forwards traffic over SSL/HTTPS into an insecure HTTP
/// gateway.
/// </summary>
public sealed class SslProxy : IDisposable {
private readonly HttpHost host;
private readonly IPEndPoint remoteEndpoint;
/// <summary>
/// Gets or sets the Proxy-Authorization header value for creating an trusted gateway between
/// the application and the proxy.
/// </summary>
public string? ProxyAuthorization { get; set; }
/// <summary>
/// Gets the SSL certificate used by the proxy server.
/// </summary>
public X509Certificate ServerCertificate { get; }
/// <summary>
/// Gets or sets a value indicating whether client certificates are required for authentication.
/// </summary>
public bool ClientCertificateRequired { get; set; } = false;
/// <summary>
/// Gets or sets the SSL/HTTPS protocols allowed for connections.
/// </summary>
public SslProtocols AllowedProtocols { get; set; } = SslProtocols.Tls12 | SslProtocols.Tls13;
/// <summary>
/// Gets or sets a value indicating whether to check for certificate revocation.
/// </summary>
public bool CheckCertificateRevocation { get; set; } = false;
/// <summary>
/// Gets or sets the maximum time that the gateway should take to
/// respond to a connection or message from the proxy.
/// </summary>
public TimeSpan GatewayTimeout { get; set; } = TimeSpan.FromSeconds ( 120 );
/// <summary>
/// Gets or sets an fixed proxy host header value for incoming requests.
/// </summary>
public string? GatewayHostname { get; set; }
/// <summary>
/// Gets or sets whether the <see cref="SslProxy"/> should use HTTPS for the gateway
/// connection or plain HTTP.
/// </summary>
public bool UseGatewayHttps { get; set; } = false;
/// <summary>
/// Gets the proxy endpoint.
/// </summary>
public IPEndPoint GatewayEndpoint { get => remoteEndpoint; }
/// <summary>
/// Initializes a new instance of the <see cref="SslProxy"/> class.
/// </summary>
/// <param name="sslListeningPort">The port number on which the proxy server listens for incoming connections.</param>
/// <param name="certificate">The SSL/TLS certificate used by the proxy server.</param>
/// <param name="remoteEndpoint">The remote endpoint to which the proxy server forwards traffic.</param>
public SslProxy ( int sslListeningPort, X509Certificate certificate, IPEndPoint remoteEndpoint ) {
host = new HttpHost ( new IPEndPoint ( IPAddress.Any, sslListeningPort ) );
this.remoteEndpoint = remoteEndpoint;
ServerCertificate = certificate;
}
/// <summary>
/// Starts the <see cref="SslProxy"/> and start routing traffic to the set remote endpoint.
/// </summary>
public void Start () {
host.Handler = new SslProxyContextHandler ( this );
host.HttpsOptions = new HttpsOptions ( ServerCertificate ) {
AllowedProtocols = AllowedProtocols,
ClientCertificateRequired = ClientCertificateRequired,
CheckCertificateRevocation = CheckCertificateRevocation
};
host.TimeoutManager.ClientReadTimeout = GatewayTimeout;
host.TimeoutManager.ClientWriteTimeout = GatewayTimeout;
host.Start ();
}
/// <inheritdoc/>
public void Dispose () {
host.Dispose ();
}
}