internal static HttpClient CreateHttpClient(LndRestSettings settings)
{
var handler = new HttpClientHandler
{
SslProtocols = SslProtocols.Tls12
};
var expectedThumbprint = settings.CertificateThumbprint?.ToArray();
if (expectedThumbprint != null)
{
handler.ServerCertificateCustomValidationCallback = (request, cert, chain, errors) =>
{
var actualCert = chain.ChainElements[chain.ChainElements.Count - 1].Certificate;
var hash = GetHash(actualCert);
return(hash.SequenceEqual(expectedThumbprint));
};
}
if (settings.AllowInsecure)
{
handler.ServerCertificateCustomValidationCallback = (request, cert, chain, errors) => true;
}
else
{
if (settings.Uri.Scheme == "http")
{
throw new InvalidOperationException("AllowInsecure is set to false, but the URI is not using https");
}
}
return(new HttpClient(handler));
}
internal static HttpClient CreateHttpClient(LndRestSettings settings, HttpClient defaultHttpClient)
{
// If certificate pinning or https disabled, we need to create a special HttpClientHandler
// But if that's not the case, we can just use the default httpclient
if (defaultHttpClient != null)
{
// If we allow insecure and want http, we don't need specific http handlers
if (settings.AllowInsecure)
{
if (settings.Uri.Scheme == "http")
{
return(defaultHttpClient);
}
}
// If we do not allow insecure and want https and do not pin certificates, we don't need specific http handlers
else if (settings.CertificateThumbprint == null &&
settings.Uri.Scheme == "https")
{
return(defaultHttpClient);
}
}
var handler = new HttpClientHandler
{
SslProtocols = SslProtocols.Tls12
};
var expectedThumbprint = settings.CertificateThumbprint?.ToArray();
if (expectedThumbprint != null)
{
handler.ServerCertificateCustomValidationCallback = (request, cert, chain, errors) =>
{
var actualCert = chain.ChainElements[chain.ChainElements.Count - 1].Certificate;
var hash = GetHash(actualCert);
return(hash.SequenceEqual(expectedThumbprint));
};
}
if (settings.AllowInsecure)
{
handler.ServerCertificateCustomValidationCallback = (request, cert, chain, errors) => true;
}
else
{
if (settings.Uri.Scheme == "http")
{
throw new InvalidOperationException("AllowInsecure is set to false, but the URI is not using https");
}
}
return(new HttpClient(handler));
}
public LndSwaggerClient(LndRestSettings settings)
{
if (settings == null)
{
throw new ArgumentNullException(nameof(settings));
}
_LndSettings = settings;
_Authentication = settings.CreateLndAuthentication();
BaseUrl = settings.Uri.AbsoluteUri.TrimEnd('/');
_httpClient = CreateHttpClient(settings);
_settings = new System.Lazy <Newtonsoft.Json.JsonSerializerSettings>(() =>
{
var json = new Newtonsoft.Json.JsonSerializerSettings();
UpdateJsonSerializerSettings(json);
return(json);
});
}
public LndSwaggerClient(LndRestSettings settings) : this(settings, null)
{
}