Merge branch 'develop' into beta

Author: justcoding121

README.md

@@ -72,7 +72,7 @@ Setup HTTP proxy:
 var proxyServer = new ProxyServer();
 
 // locally trust root certificate used by this proxy 
-proxyServer.CertificateManager.TrustRootCertificate = true;
+proxyServer.CertificateManager.TrustRootCertificate(true);
 
 // optionally set the Certificate Engine
 // Under Mono only BouncyCastle will be supported

src/Titanium.Web.Proxy/CertificateHandler.cs

@@ -56,13 +56,6 @@ internal bool ValidateServerCertificate(object sender, SessionEventArgsBase sess
         {
             X509Certificate? clientCertificate = null;
 
-            //TODO: Can we use client certificate from client socket's Sslstream.RemoteCertificate?
-            //Because only the client can provide the correct certificate.
-            //Proxy has no idea about client certificate when its running on a remote machine.
-            //That would mean we need to delay AuthenticateAsServer call with client until we reach this method
-            //and decide right here if we should set SslServerAuthenticationOptions.ClientCertificateRequired = true for clientStream.AuthenticateAsServer call.
-            //Sounds like a very complicated change, but technically possible.
-
             //fallback to the first client certificate from proxy machine certificate store
             if (acceptableIssuers != null && acceptableIssuers.Length > 0 && localCertificates != null &&
                 localCertificates.Count > 0)
@@ -92,7 +85,7 @@ internal bool ValidateServerCertificate(object sender, SessionEventArgsBase sess
                     ClientCertificate = clientCertificate
                 };
 
-                // why is the sender null?
+               
                 ClientCertificateSelectionCallback.InvokeAsync(this, args, ExceptionFunc).Wait();
                 return args.ClientCertificate;
             }

src/Titanium.Web.Proxy/Network/TcpConnection/TcpConnectionFactory.cs

@@ -242,19 +242,22 @@ internal Task<TcpServerConnection> GetServerConnection(ProxyServer proxyServer,
             {
                 if (cache.TryGetValue(cacheKey, out var existingConnections))
                 {
-                    // +3 seconds for potential delay after getting connection
-                    var cutOff = DateTime.UtcNow.AddSeconds(-proxyServer.ConnectionTimeOutSeconds + 3);
-                    while (existingConnections.Count > 0)
+                    lock (existingConnections)
                     {
-                        if (existingConnections.TryDequeue(out var recentConnection))
+                        // +3 seconds for potential delay after getting connection
+                        var cutOff = DateTime.UtcNow.AddSeconds(-proxyServer.ConnectionTimeOutSeconds + 3);
+                        while (existingConnections.Count > 0)
                         {
-                            if (recentConnection.LastAccess > cutOff
-                                && recentConnection.TcpSocket.IsGoodConnection())
+                            if (existingConnections.TryDequeue(out var recentConnection))
                             {
-                                return recentConnection;
-                            }
+                                if (recentConnection.LastAccess > cutOff
+                                    && recentConnection.TcpSocket.IsGoodConnection())
+                                {
+                                    return recentConnection;
+                                }
 
-                            disposalBag.Add(recentConnection);
+                                disposalBag.Add(recentConnection);
+                            }
                         }
                     }
                 }
@@ -290,7 +293,7 @@ internal Task<TcpServerConnection> GetServerConnection(ProxyServer proxyServer,
             bool prefetch, CancellationToken cancellationToken)
         {
             // deny connection to proxy end points to avoid infinite connection loop.
-            if (Server.ProxyEndPoints.Any(x => x.Port == remotePort) 
+            if (Server.ProxyEndPoints.Any(x => x.Port == remotePort)
                 && NetworkHelper.IsLocalIpAddress(remoteHostName))
             {
                 throw new Exception($"A client is making HTTP request to one of the listening ports of this proxy {remoteHostName}:{remotePort}");
@@ -413,7 +416,7 @@ internal Task<TcpServerConnection> GetServerConnection(ProxyServer proxyServer,
                         }
 
                         Task connectTask;
-                            
+
                         if (socks)
                         {
                             if (externalProxy!.ProxyDnsRequests)
@@ -629,6 +632,16 @@ internal Task<TcpServerConnection> GetServerConnection(ProxyServer proxyServer,
         /// <param name="close">Should we just close the connection instead of reusing?</param>
         internal async Task Release(TcpServerConnection connection, bool close = false)
         {
+            if (connection == null)
+            {
+                return;
+            }
+
+            if (disposalBag.Any(x => x == connection))
+            {
+                return;
+            }
+
             if (close || connection.IsWinAuthenticated || !Server.EnableConnectionPool || connection.IsClosed)
             {
                 disposalBag.Add(connection);
@@ -653,6 +666,11 @@ internal async Task Release(TcpServerConnection connection, bool close = false)
                             }
                         }
 
+                        if (existingConnections.Any(x => x == connection))
+                        {
+                            break;
+                        }
+
                         existingConnections.Enqueue(connection);
                         break;
                     }

src/Titanium.Web.Proxy/ProxyServer.cs

@@ -121,9 +121,9 @@ public ProxyServer(string? rootCertificateName, string? rootCertificateIssuerNam
         private SystemProxyManager? systemProxySettingsManager { get; }
 
         /// <summary>
-        ///     Number of exception retries when connection pool is enabled.
+        ///     Number of times to retry upon network failures when connection pool is enabled.
         /// </summary>
-        private int retries => EnableConnectionPool ? MaxCachedConnections : 0;
+        public int NetworkFailureRetryAttempts { get; set; } = 0;
 
         /// <summary>
         ///     Is the proxy currently running?
@@ -928,7 +928,7 @@ internal async Task InvokeServerConnectionCreateEvent(Socket serverSocket)
         /// </summary>
         private RetryPolicy<T> retryPolicy<T>() where T : Exception
         {
-            return new RetryPolicy<T>(retries, tcpConnectionFactory);
+            return new RetryPolicy<T>(NetworkFailureRetryAttempts, tcpConnectionFactory);
         }
 
         private bool disposed = false;

tests/Titanium.Web.Proxy.IntegrationTests/HttpsTests.cs

@@ -1,6 +1,8 @@
 using System;
+using System.IO;
 using System.Net;
 using System.Net.Http;
+using System.Security.Cryptography.X509Certificates;
 using System.Threading.Tasks;
 using Microsoft.AspNetCore.Http;
 using Microsoft.VisualStudio.TestTools.UnitTesting;
@@ -62,5 +64,36 @@ public async Task Can_Handle_Https_Fake_Tunnel_Request()
             Assert.AreEqual("I am server. I received your greetings.", body);
         }
 
+        [TestMethod]
+        public async Task Can_Handle_Https_Mutual_Tls_Request()
+        {
+            var testSuite = new TestSuite(true);
+
+            var server = testSuite.GetServer();
+            server.HandleRequest((context) =>
+            {
+                return context.Response.WriteAsync("I am server. I received your greetings.");
+            });
+
+            var proxy = testSuite.GetProxy();
+            var clientCert = proxy.CertificateManager.CreateCertificate("client.com", false);
+       
+            proxy.ClientCertificateSelectionCallback += async (sender, e) =>
+            {        
+                e.ClientCertificate = clientCert;
+                await Task.CompletedTask;
+            };
+
+            var client = testSuite.GetClient(proxy);
+
+            var response = await client.PostAsync(new Uri(server.ListeningHttpsUrl),
+                                        new StringContent("hello server. I am a client."));
+
+            Assert.AreEqual(HttpStatusCode.OK, response.StatusCode);
+            var body = await response.Content.ReadAsStringAsync();
+
+            Assert.AreEqual("I am server. I received your greetings.", body);
+        }
+
     }
 }

tests/Titanium.Web.Proxy.IntegrationTests/NestedProxyTests.cs

@@ -1,9 +1,13 @@
 using System;
+using System.Collections.Generic;
+using System.Diagnostics;
+using System.Linq;
 using System.Net;
 using System.Net.Http;
 using System.Threading.Tasks;
 using Microsoft.AspNetCore.Http;
 using Microsoft.VisualStudio.TestTools.UnitTesting;
+using Titanium.Web.Proxy.Models;
 
 namespace Titanium.Web.Proxy.IntegrationTests
 {
@@ -73,5 +77,202 @@ public async Task Smoke_Test_Nested_Proxy_UserData()
             Assert.AreEqual("I am server. I received your greetings.", body);
         }
 
+        [TestMethod]
+        [Timeout(2 * 60 * 1000)]
+        public async Task Nested_Proxy_Farm_Without_Connection_Cache_Should_Not_Hang()
+        {
+            var rnd = new Random();
+
+            var testSuite = new TestSuite();
+
+            var server = testSuite.GetServer();
+            server.HandleRequest((context) =>
+            {
+                return context.Response.WriteAsync("I am server. I received your greetings.");
+            });
+
+            var proxies2 = new List<ProxyServer>();
+
+            //create a level 2 upstream proxy farm that forwards to server
+            for (int i = 0; i < 10; i++)
+            {
+                var proxy2 = testSuite.GetProxy();
+                proxy2.ProxyBasicAuthenticateFunc += (_, _, _) =>
+                {
+                    return Task.FromResult(true);
+                };
+
+                proxies2.Add(proxy2);
+            }
+
+            var proxies1 = new List<ProxyServer>();
+
+            //create a level 1 upstream proxy farm that forwards to level 2 farm
+            for (int i = 0; i < 10; i++)
+            {
+                var proxy1 = testSuite.GetProxy();
+                proxy1.EnableConnectionPool = false;
+                var proxy2 = proxies2[rnd.Next() % proxies2.Count];
+
+                var explicitEndpoint = proxy1.ProxyEndPoints.OfType<ExplicitProxyEndPoint>().First();
+                explicitEndpoint.BeforeTunnelConnectRequest += (_, e) =>
+                {
+                    e.CustomUpStreamProxy = new ExternalProxy()
+                    {
+                        HostName = "localhost",
+                        Port = proxy2.ProxyEndPoints[0].Port,
+                        ProxyType = ExternalProxyType.Http,
+                        UserName = "test_user",
+                        Password = "test_password"
+                    };
+
+                    return Task.CompletedTask;
+                };
+
+                proxy1.BeforeRequest += (_, e) =>
+                {
+                    e.CustomUpStreamProxy = new ExternalProxy()
+                    {
+                        HostName = "localhost",
+                        Port = proxy2.ProxyEndPoints[0].Port,
+                        ProxyType = ExternalProxyType.Http,
+                        UserName = "test_user",
+                        Password = "test_password"
+                    };
+
+                    return Task.CompletedTask;
+                };
+
+                proxies1.Add(proxy1);
+            }
+
+            var tasks = new List<Task>();
+
+            //send multiple concurrent requests from client => proxy farm 1 => proxy farm 2 => server
+            for (int j = 0; j < 10_000; j++)
+            {
+                var task = Task.Run(async () =>
+                {
+                    try
+                    {
+                        var proxy = proxies1[rnd.Next() % proxies1.Count];
+                        using var client = testSuite.GetClient(proxy);
+
+                        //tests should not keep hanging for 30 mins.
+                        client.Timeout = TimeSpan.FromMinutes(30);
+                        await client.PostAsync(new Uri(server.ListeningHttpsUrl),
+                                                    new StringContent("hello server. I am a client."));
+
+                    }
+                    //if error is thrown because of server overloading its okay.
+                    //But client.PostAsync should'nt hang in all cases.
+                    catch { }
+                });
+
+                tasks.Add(task);
+            }
+
+            await Task.WhenAll(tasks);
+        }
+
+
+        //Reproduce bug reported so that we can fix it.
+        //https://github.com/justcoding121/titanium-web-proxy/issues/826
+        [TestMethod]
+        [Timeout(2 * 60 * 1000)]
+        public async Task Nested_Proxy_Farm_With_Connection_Cache_Should_Not_Hang()
+        {
+            var rnd = new Random();
+
+            var testSuite = new TestSuite();
+
+            var server = testSuite.GetServer();
+            server.HandleRequest((context) =>
+            {
+                return context.Response.WriteAsync("I am server. I received your greetings.");
+            });
+
+            var proxies2 = new List<ProxyServer>();
+
+            //create a level 2 upstream proxy farm that forwards to server
+            for (int i = 0; i < 10; i++)
+            {
+                var proxy2 = testSuite.GetProxy();
+                proxy2.ProxyBasicAuthenticateFunc += (_, _, _) =>
+                {
+                    return Task.FromResult(true);
+                };
+
+                proxies2.Add(proxy2);
+            }
+
+            var proxies1 = new List<ProxyServer>();
+
+            //create a level 1 upstream proxy farm that forwards to level 2 farm
+            for (int i = 0; i < 10; i++)
+            {
+                var proxy1 = testSuite.GetProxy();
+                //proxy1.EnableConnectionPool = false;
+                var proxy2 = proxies2[rnd.Next() % proxies2.Count];
+
+                var explicitEndpoint = proxy1.ProxyEndPoints.OfType<ExplicitProxyEndPoint>().First();
+                explicitEndpoint.BeforeTunnelConnectRequest += (_, e) =>
+                {
+                    e.CustomUpStreamProxy = new ExternalProxy()
+                    {
+                        HostName = "localhost",
+                        Port = proxy2.ProxyEndPoints[0].Port,
+                        ProxyType = ExternalProxyType.Http,
+                        UserName = "test_user",
+                        Password = "test_password"
+                    };
+
+                    return Task.CompletedTask;
+                };
+
+                proxy1.BeforeRequest += (_, e) =>
+                {
+                    e.CustomUpStreamProxy = new ExternalProxy()
+                    {
+                        HostName = "localhost",
+                        Port = proxy2.ProxyEndPoints[0].Port,
+                        ProxyType = ExternalProxyType.Http,
+                        UserName = "test_user",
+                        Password = "test_password"
+                    };
+
+                    return Task.CompletedTask;
+                };
+
+                proxies1.Add(proxy1);
+            }
+
+            var tasks = new List<Task>();
+
+            //send multiple concurrent requests from client => proxy farm 1 => proxy farm 2 => server
+            for (int j = 0; j < 10_000; j++)
+            {
+                var task = Task.Run(async () =>
+                 {
+                     try
+                     {
+                         var proxy = proxies1[rnd.Next() % proxies1.Count];
+                         using var client = testSuite.GetClient(proxy);
+
+                         //tests should not keep hanging for 30 mins.
+                         client.Timeout = TimeSpan.FromMinutes(30);
+                         await client.PostAsync(new Uri(server.ListeningHttpsUrl),
+                                                     new StringContent("hello server. I am a client."));
+                     }
+                     //if error is thrown because of server overloading its okay.
+                     //But client.PostAsync should'nt hang in all cases.
+                     catch { }
+                 });
+
+                tasks.Add(task);
+            }
+
+            await Task.WhenAll(tasks);
+        }
     }
 }