Excluded => !DecryptSsl (#407)

honfika · honfika · commit 1b1bda0e1951 · 2018-04-11T18:32:04.000+02:00
diff --git a/Examples/Titanium.Web.Proxy.Examples.Basic/ProxyTestController.cs b/Examples/Titanium.Web.Proxy.Examples.Basic/ProxyTestController.cs
@@ -80,8 +80,6 @@ public void StartProxy()
 
             explicitEndPoint = new ExplicitProxyEndPoint(IPAddress.Any, 8000)
             {
-                //You can set only one of the ExcludedHttpsHostNameRegex and IncludedHttpsHostNameRegex properties, otherwise ArgumentException will be thrown
-
                 //Use self-issued generic certificate on all https requests
                 //Optimizes performance by not creating a certificate for each https-enabled domain
                 //Useful when certificate trust is not required by proxy clients
@@ -152,7 +150,7 @@ private async Task OnBeforeTunnelConnectRequest(object sender, TunnelConnectSess
                 //Exclude Https addresses you don't want to proxy
                 //Useful for clients that use certificate pinning
                 //for example dropbox.com
-                e.Excluded = true;
+                e.DecryptSsl = false;
             }
         }
 
diff --git a/Examples/Titanium.Web.Proxy.Examples.Wpf/MainWindow.xaml.cs b/Examples/Titanium.Web.Proxy.Examples.Wpf/MainWindow.xaml.cs
@@ -119,7 +119,7 @@ private async Task ProxyServer_BeforeTunnelConnectRequest(object sender, TunnelC
             string hostname = e.WebSession.Request.RequestUri.Host;
             if (hostname.EndsWith("webex.com"))
             {
-                e.Excluded = true;
+                e.DecryptSsl = false;
             }
 
             await Dispatcher.InvokeAsync(() =>
diff --git a/README.md b/README.md
@@ -66,8 +66,6 @@ proxyServer.ClientCertificateSelectionCallback += OnCertificateSelection;
 
 var explicitEndPoint = new ExplicitProxyEndPoint(IPAddress.Any, 8000, true)
 {
-//You can set only one of the ExcludedHttpsHostNameRegex and IncludedHttpsHostNameRegex properties, otherwise ArgumentException will be thrown
-
 //Use self-issued generic certificate on all https requests
 //Optimizes performance by not creating a certificate for each https-enabled domain
 //Useful when certificate trust is not required by proxy clients
@@ -135,7 +133,7 @@ private async Task OnBeforeTunnelConnectRequest(object sender, TunnelConnectSess
          //Exclude Https addresses you don't want to proxy
          //Useful for clients that use certificate pinning
          //for example dropbox.com
-         e.Excluded = true;
+         e.DecryptSsl = false;
     }
 }
 
diff --git a/Titanium.Web.Proxy/EventArguments/TunnelConnectEventArgs.cs b/Titanium.Web.Proxy/EventArguments/TunnelConnectEventArgs.cs
@@ -6,7 +6,7 @@ namespace Titanium.Web.Proxy.EventArguments
 {
     public class TunnelConnectSessionEventArgs : SessionEventArgs
     {
-        public bool Excluded { get; set; }
+        public bool DecryptSsl { get; set; } = true;
 
         public bool IsHttpsConnect { get; internal set; }
 
diff --git a/Titanium.Web.Proxy/Models/ExplicitProxyEndPoint.cs b/Titanium.Web.Proxy/Models/ExplicitProxyEndPoint.cs
@@ -25,7 +25,7 @@ public class ExplicitProxyEndPoint : ProxyEndPoint
         /// <summary>
         /// Intercept tunnel connect request
         /// Valid only for explicit endpoints
-        /// Set the <see cref="TunnelConnectSessionEventArgs.Excluded"/> property to true if this HTTP connect request should'nt be decrypted and instead be relayed
+        /// Set the <see cref="TunnelConnectSessionEventArgs.DecryptSsl"/> property to false if this HTTP connect request should'nt be decrypted and instead be relayed
         /// </summary>
         public event AsyncEventHandler<TunnelConnectSessionEventArgs> BeforeTunnelConnectRequest;
 
diff --git a/Titanium.Web.Proxy/RequestHandler.cs b/Titanium.Web.Proxy/RequestHandler.cs
@@ -79,7 +79,7 @@ private async Task HandleClient(ExplicitProxyEndPoint endPoint, TcpClient tcpCli
                     await endPoint.InvokeBeforeTunnelConnectRequest(this, connectArgs, ExceptionFunc);
 
                     //filter out excluded host names
-                    bool excluded = !endPoint.DecryptSsl || connectArgs.Excluded;
+                    bool decryptSsl = endPoint.DecryptSsl && connectArgs.DecryptSsl;
 
                     if (await CheckAuthorization(connectArgs) == false)
                     {
@@ -109,7 +109,7 @@ private async Task HandleClient(ExplicitProxyEndPoint endPoint, TcpClient tcpCli
 
                     await endPoint.InvokeBeforeTunnectConnectResponse(this, connectArgs, ExceptionFunc, isClientHello);
 
-                    if (!excluded && isClientHello)
+                    if (decryptSsl && isClientHello)
                     {
                         connectRequest.RequestUri = new Uri("https://" + httpUrl);
 
@@ -143,12 +143,12 @@ private async Task HandleClient(ExplicitProxyEndPoint endPoint, TcpClient tcpCli
                         if (await HttpHelper.IsConnectMethod(clientStream) == -1)
                         {
                             // It can be for example some Google (Cloude Messaging for Chrome) magic
-                            excluded = true;
+                            decryptSsl = false;
                         }
                     }
 
                     //Hostname is excluded or it is not an HTTPS connect
-                    if (excluded || !isClientHello)
+                    if (!decryptSsl || !isClientHello)
                     {
                         //create new connection
                         using (var connection = await GetServerConnection(connectArgs, true))

Original file line number	Diff line number	Diff line change
`@@ -80,8 +80,6 @@ public void StartProxy()`
`80`	`80`
`81`	`81`	`explicitEndPoint = new ExplicitProxyEndPoint(IPAddress.Any, 8000)`
`82`	`82`	`{`
`83`		`- //You can set only one of the ExcludedHttpsHostNameRegex and IncludedHttpsHostNameRegex properties, otherwise ArgumentException will be thrown`
`84`		`-`
`85`	`83`	`//Use self-issued generic certificate on all https requests`
`86`	`84`	`//Optimizes performance by not creating a certificate for each https-enabled domain`
`87`	`85`	`//Useful when certificate trust is not required by proxy clients`
`@@ -152,7 +150,7 @@ private async Task OnBeforeTunnelConnectRequest(object sender, TunnelConnectSess`
`152`	`150`	`//Exclude Https addresses you don't want to proxy`
`153`	`151`	`//Useful for clients that use certificate pinning`
`154`	`152`	`//for example dropbox.com`
`155`		`- e.Excluded = true;`
	`153`	`+ e.DecryptSsl = false;`
`156`	`154`	`}`
`157`	`155`	`}`
`158`	`156`
Original file line number	Diff line number	Diff line change
`@@ -119,7 +119,7 @@ private async Task ProxyServer_BeforeTunnelConnectRequest(object sender, TunnelC`
`119`	`119`	`string hostname = e.WebSession.Request.RequestUri.Host;`
`120`	`120`	`if (hostname.EndsWith("webex.com"))`
`121`	`121`	`{`
`122`		`- e.Excluded = true;`
	`122`	`+ e.DecryptSsl = false;`
`123`	`123`	`}`
`124`	`124`
`125`	`125`	`await Dispatcher.InvokeAsync(() =>`
Original file line number	Diff line number	Diff line change
`@@ -66,8 +66,6 @@ proxyServer.ClientCertificateSelectionCallback += OnCertificateSelection;`
`66`	`66`
`67`	`67`	`var explicitEndPoint = new ExplicitProxyEndPoint(IPAddress.Any, 8000, true)`
`68`	`68`	`{`
`69`		`-//You can set only one of the ExcludedHttpsHostNameRegex and IncludedHttpsHostNameRegex properties, otherwise ArgumentException will be thrown`
`70`		`-`
`71`	`69`	`//Use self-issued generic certificate on all https requests`
`72`	`70`	`//Optimizes performance by not creating a certificate for each https-enabled domain`
`73`	`71`	`//Useful when certificate trust is not required by proxy clients`
`@@ -135,7 +133,7 @@ private async Task OnBeforeTunnelConnectRequest(object sender, TunnelConnectSess`
`135`	`133`	`//Exclude Https addresses you don't want to proxy`
`136`	`134`	`//Useful for clients that use certificate pinning`
`137`	`135`	`//for example dropbox.com`
`138`		`- e.Excluded = true;`
	`136`	`+ e.DecryptSsl = false;`
`139`	`137`	`}`
`140`	`138`	`}`
`141`	`139`
Original file line number	Diff line number	Diff line change
`@@ -6,7 +6,7 @@ namespace Titanium.Web.Proxy.EventArguments`
`6`	`6`	`{`
`7`	`7`	`public class TunnelConnectSessionEventArgs : SessionEventArgs`
`8`	`8`	`{`
`9`		`- public bool Excluded { get; set; }`
	`9`	`+ public bool DecryptSsl { get; set; } = true;`
`10`	`10`
`11`	`11`	`public bool IsHttpsConnect { get; internal set; }`
`12`	`12`
Original file line number	Diff line number	Diff line change
`@@ -79,7 +79,7 @@ private async Task HandleClient(ExplicitProxyEndPoint endPoint, TcpClient tcpCli`
`79`	`79`	`await endPoint.InvokeBeforeTunnelConnectRequest(this, connectArgs, ExceptionFunc);`
`80`	`80`
`81`	`81`	`//filter out excluded host names`
`82`		`- bool excluded = !endPoint.DecryptSsl \|\| connectArgs.Excluded;`
	`82`	`+ bool decryptSsl = endPoint.DecryptSsl && connectArgs.DecryptSsl;`
`83`	`83`
`84`	`84`	`if (await CheckAuthorization(connectArgs) == false)`
`85`	`85`	`{`
`@@ -109,7 +109,7 @@ private async Task HandleClient(ExplicitProxyEndPoint endPoint, TcpClient tcpCli`
`109`	`109`
`110`	`110`	`await endPoint.InvokeBeforeTunnectConnectResponse(this, connectArgs, ExceptionFunc, isClientHello);`
`111`	`111`
`112`		`- if (!excluded && isClientHello)`
	`112`	`+ if (decryptSsl && isClientHello)`
`113`	`113`	`{`
`114`	`114`	`connectRequest.RequestUri = new Uri("https://" + httpUrl);`
`115`	`115`
`@@ -143,12 +143,12 @@ private async Task HandleClient(ExplicitProxyEndPoint endPoint, TcpClient tcpCli`
`143`	`143`	`if (await HttpHelper.IsConnectMethod(clientStream) == -1)`
`144`	`144`	`{`
`145`	`145`	`// It can be for example some Google (Cloude Messaging for Chrome) magic`
`146`		`- excluded = true;`
	`146`	`+ decryptSsl = false;`
`147`	`147`	`}`
`148`	`148`	`}`
`149`	`149`
`150`	`150`	`//Hostname is excluded or it is not an HTTPS connect`
`151`		`- if (excluded \|\| !isClientHello)`
	`151`	`+ if (!decryptSsl \|\| !isClientHello)`
`152`	`152`	`{`
`153`	`153`	`//create new connection`
`154`	`154`	`using (var connection = await GetServerConnection(connectArgs, true))`