private static void SetHttpsAndUrls(KestrelServerOptions kestrelOptions, IWireMockMiddlewareOptions wireMockMiddlewareOptions, IEnumerable <HostUrlDetails> urlDetails)
{
foreach (var urlDetail in urlDetails)
{
if (urlDetail.IsHttps)
{
kestrelOptions.Listen(System.Net.IPAddress.Any, urlDetail.Port, listenOptions =>
{
if (wireMockMiddlewareOptions.CustomCertificateDefined)
{
listenOptions.UseHttps(CertificateLoader.LoadCertificate(
wireMockMiddlewareOptions.X509StoreName,
wireMockMiddlewareOptions.X509StoreLocation,
wireMockMiddlewareOptions.X509ThumbprintOrSubjectName,
wireMockMiddlewareOptions.X509CertificateFilePath,
wireMockMiddlewareOptions.X509CertificatePassword,
urlDetail.Host)
);
}
else
{
listenOptions.UseHttps();
}
});
}
else
{
kestrelOptions.Listen(System.Net.IPAddress.Any, urlDetail.Port);
}
}
}
public static HttpClient CreateHttpClient(IProxyAndRecordSettings settings)
{
#if NETSTANDARD || NETCOREAPP3_1 || NET5_0
var handler = new HttpClientHandler
{
CheckCertificateRevocationList = false,
SslProtocols = System.Security.Authentication.SslProtocols.Tls12 | System.Security.Authentication.SslProtocols.Tls11 | System.Security.Authentication.SslProtocols.Tls,
ServerCertificateCustomValidationCallback = (message, cert, chain, errors) => true,
AutomaticDecompression = DecompressionMethods.GZip | DecompressionMethods.Deflate
};
#elif NET46
var handler = new HttpClientHandler
{
ServerCertificateCustomValidationCallback = (message, cert, chain, errors) => true,
AutomaticDecompression = DecompressionMethods.GZip | DecompressionMethods.Deflate
};
ServicePointManager.SecurityProtocol |= SecurityProtocolType.Tls12 | SecurityProtocolType.Tls11;
#else
var handler = new WebRequestHandler
{
ServerCertificateValidationCallback = (sender, certificate, chain, errors) => true,
AutomaticDecompression = DecompressionMethods.GZip | DecompressionMethods.Deflate
};
ServicePointManager.SecurityProtocol |= SecurityProtocolType.Tls12 | SecurityProtocolType.Tls11;
#endif
if (!string.IsNullOrEmpty(settings.ClientX509Certificate2ThumbprintOrSubjectName))
{
handler.ClientCertificateOptions = ClientCertificateOption.Manual;
var x509Certificate2 = CertificateLoader.LoadCertificate(settings.ClientX509Certificate2ThumbprintOrSubjectName);
handler.ClientCertificates.Add(x509Certificate2);
}
handler.AllowAutoRedirect = settings.AllowAutoRedirect == true;
// If UseCookies enabled, httpClient ignores Cookie header
handler.UseCookies = false;
if (settings.WebProxySettings != null)
{
handler.UseProxy = true;
handler.Proxy = new WebProxy(settings.WebProxySettings.Address);
if (settings.WebProxySettings.UserName != null && settings.WebProxySettings.Password != null)
{
handler.Proxy.Credentials = new NetworkCredential(settings.WebProxySettings.UserName, settings.WebProxySettings.Password);
}
}
var client = new HttpClient(handler);
#if NET452 || NET46
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12 | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls;
#endif
return(client);
}
public static void When_load_certificate_thumb_empty()
{
const string thumbprint = "";
var norm = CertificateLoader.NormalizeThumbprint(thumbprint);
Assert.Equal(string.Empty, norm);
Assert.Throws <ArgumentNullException>(() => CertificateLoader.TryLoadCertificate(StoreName.My, StoreLocation.CurrentUser, thumbprint, false, out _));
Assert.Throws <ArgumentNullException>(() => CertificateLoader.LoadCertificate(StoreName.My, StoreLocation.CurrentUser, thumbprint, false));
}
public static void When_load_certificate_thumb_noisy_only()
{
var thumbprint = new string('?', CertificateLoader.Sha1Length); // Special characters only
var norm = CertificateLoader.NormalizeThumbprint(thumbprint);
Assert.Equal(0, norm.Length);
Assert.Throws <ArgumentNullException>(() => CertificateLoader.TryLoadCertificate(StoreName.My, StoreLocation.CurrentUser, norm, false, out _));
Assert.Throws <FormatException>(() => CertificateLoader.TryLoadCertificate(StoreName.My, StoreLocation.CurrentUser, thumbprint, false, out _));
Assert.Throws <FormatException>(() => CertificateLoader.LoadCertificate(StoreName.My, StoreLocation.CurrentUser, thumbprint, false));
}
public static void When_load_certificate_thumb_short_by_N(int n)
{
var thumbprint = s_existingCertificate.Thumbprint.Substring(n); // Too short
var norm = CertificateLoader.NormalizeThumbprint(thumbprint);
Assert.Equal(thumbprint.Length, norm.Length);
Assert.NotEqual(CertificateLoader.Sha1Length, norm.Length);
Assert.Throws <FormatException>(() => CertificateLoader.TryLoadCertificate(StoreName.My, StoreLocation.CurrentUser, thumbprint, false, out _));
Assert.Throws <FormatException>(() => CertificateLoader.LoadCertificate(StoreName.My, StoreLocation.CurrentUser, thumbprint, false));
}
public static void When_load_certificate_thumb_noisy_short_0()
{
const string thumbprint = "\r\n"; // 0 chars after removing special chars
var norm = CertificateLoader.NormalizeThumbprint(thumbprint);
Assert.NotEqual(thumbprint.Length, norm.Length);
Assert.Equal(0, norm.Length);
Assert.Throws <ArgumentNullException>(() => CertificateLoader.TryLoadCertificate(StoreName.My, StoreLocation.CurrentUser, norm, false, out _));
Assert.Throws <ArgumentNullException>(() => CertificateLoader.TryLoadCertificate(StoreName.My, StoreLocation.CurrentUser, thumbprint, false, out _));
Assert.Throws <ArgumentNullException>(() => CertificateLoader.LoadCertificate(StoreName.My, StoreLocation.CurrentUser, thumbprint, false));
}
public static void When_load_certificate_thumb_noisy_short(int n)
{
var thumbprint = "\n" + s_existingCertificate.Thumbprint.Substring(n) + "\t"; // Too short after removing special chars
var norm = CertificateLoader.NormalizeThumbprint(thumbprint);
Assert.NotEqual(thumbprint.Length, norm.Length);
Assert.NotEqual(CertificateLoader.Sha1Length, norm.Length);
Assert.Throws <FormatException>(() => CertificateLoader.TryLoadCertificate(StoreName.My, StoreLocation.CurrentUser, norm, false, out _));
Assert.Throws <FormatException>(() => CertificateLoader.TryLoadCertificate(StoreName.My, StoreLocation.CurrentUser, thumbprint, false, out _));
Assert.Throws <FormatException>(() => CertificateLoader.LoadCertificate(StoreName.My, StoreLocation.CurrentUser, thumbprint, false));
}
public static void When_load_certificate_thumb_nonexistent()
{
var thumbprint = "00000" + s_existingCertificate.Thumbprint.Substring(10) + "00000"; // Valid format but unlikely to exist
var norm = CertificateLoader.NormalizeThumbprint(thumbprint);
Assert.Equal(thumbprint.Length, norm.Length);
Assert.Equal(CertificateLoader.Sha1Length, norm.Length);
var found = CertificateLoader.TryLoadCertificate(StoreName.My, StoreLocation.CurrentUser, thumbprint, false, out _);
Assert.False(found);
Assert.Throws <InvalidOperationException>(() => CertificateLoader.LoadCertificate(StoreName.My, StoreLocation.CurrentUser, thumbprint, false));
}
public static void When_load_certificate_thumb_valid()
{
var thumbprint = s_existingCertificate.Thumbprint; // Valid in all respects (given that we already retrieved it locally)
var norm = CertificateLoader.NormalizeThumbprint(thumbprint);
Assert.Equal(CertificateLoader.Sha1Length, norm.Length);
var found = CertificateLoader.TryLoadCertificate(StoreName.My, StoreLocation.CurrentUser, thumbprint, false, out X509Certificate2 actual);
Assert.True(found);
Assert.Equal(s_existingCertificate.SerialNumber, actual.SerialNumber);
actual = CertificateLoader.LoadCertificate(StoreName.My, StoreLocation.CurrentUser, thumbprint, false);
Assert.Equal(s_existingCertificate.SerialNumber, actual.SerialNumber);
}
private static void SetHttpsAndUrls(KestrelServerOptions options, IWireMockMiddlewareOptions wireMockMiddlewareOptions, IEnumerable <HostUrlDetails> urlDetails)
{
foreach (var urlDetail in urlDetails)
{
if (urlDetail.IsHttps)
{
if (wireMockMiddlewareOptions.CustomCertificateDefined)
{
options.UseHttps(CertificateLoader.LoadCertificate(
wireMockMiddlewareOptions.X509StoreName,
wireMockMiddlewareOptions.X509StoreLocation,
wireMockMiddlewareOptions.X509ThumbprintOrSubjectName,
wireMockMiddlewareOptions.X509CertificateFilePath,
wireMockMiddlewareOptions.X509CertificatePassword,
urlDetail.Host)
);
}
else
{
options.UseHttps(PublicCertificateHelper.GetX509Certificate2());
}
}
}
}