Add helper methods to customize SSL certificate validation (#2)

insight-architectures · Jan 20, 2021 · aa41bae · aa41bae
1 parent 6952e54
commit aa41bae
Show file tree

Hide file tree

Showing 2 changed files with 71 additions and 0 deletions.
diff --git a/src/Http/Http.Configuration/Http/HttpClientBuilderExtensions.cs b/src/Http/Http.Configuration/Http/HttpClientBuilderExtensions.cs
@@ -0,0 +1,53 @@
+// ReSharper disable CheckNamespace
+
+using System;
+using System.Net.Http;
+using System.Net.Security;
+using System.Security.Cryptography.X509Certificates;
+using Microsoft.Extensions.DependencyInjection;
+
+namespace Microsoft.Extensions.Http
+{
+    /// <summary>
+    /// A set of extension methods for <see cref="IHttpClientBuilder" />.
+    /// </summary>
+    public static class HttpClientBuilderExtensions
+    {
+#if NET5_0 || NETSTANDARD
+        /// <summary>
+        /// Configures the primary HTTP message handler to validate SSL certificates using the specified <paramref name="callback"/>.
+        /// </summary>
+        /// <param name="builder">The instance of <see cref="IHttpClientBuilder" /> to extend.</param>
+        /// <param name="callback">The callback to be used to validate SSL certificates.</param>
+        /// <returns>The same instance of <see cref="IHttpClientBuilder" /> passed in <paramref name="builder"/>.</returns>
+        /// <exception cref="ArgumentNullException"><paramref name="builder"/> cannot be null.</exception>
+        /// <exception cref="ArgumentNullException"><paramref name="callback"/> cannot be null.</exception>
+        public static IHttpClientBuilder ConfigureSslCertificateValidation(this IHttpClientBuilder builder, Func<HttpRequestMessage, X509Certificate2, X509Chain, SslPolicyErrors, bool> callback)
+        {
+            _ = builder ?? throw new ArgumentNullException(nameof(builder));
+
+            _ = callback ?? throw new ArgumentNullException(nameof(callback));
+
+            _ = builder.ConfigurePrimaryHttpMessageHandler(() =>
+            {
+                var handler = new HttpClientHandler
+                {
+                    ServerCertificateCustomValidationCallback = callback,
+                };
+
+                return handler;
+            });
+
+            return builder;
+        }
+
+        /// <summary>
+        /// Configures the primary HTTP message handler to always accept incoming SSL certificates.
+        /// </summary>
+        /// <param name="builder">The instance of <see cref="IHttpClientBuilder" /> to extend.</param>
+        /// <returns>The same instance of <see cref="IHttpClientBuilder" /> passed in <paramref name="builder"/>.</returns>
+        /// <exception cref="ArgumentNullException"><paramref name="builder"/> cannot be null.</exception>
+        public static IHttpClientBuilder DisableSslCertificateValidation(this IHttpClientBuilder builder) => ConfigureSslCertificateValidation(builder, (_, _, _, _) => true);
+#endif
+    }
+}
diff --git a/tests/Tests.Http.Configuration/Http/HttpClientBuilderExtensionsTests.cs b/tests/Tests.Http.Configuration/Http/HttpClientBuilderExtensionsTests.cs
@@ -0,0 +1,18 @@
+using AutoFixture.Idioms;
+using Microsoft.Extensions.Http;
+using NUnit.Framework;
+
+namespace Tests.Http
+{
+    [TestFixture]
+    public class HttpClientBuilderExtensionsTests
+    {
+#if NET5_0 || NETCOREAPP
+        [Test, CustomAutoData]
+        public void ConfigureSslCertificateValidation_does_not_accept_null_parameters(GuardClauseAssertion assertion) => assertion.Verify(typeof(HttpClientBuilderExtensions).GetMethod(nameof(HttpClientBuilderExtensions.ConfigureSslCertificateValidation)));
+
+        [Test, CustomAutoData]
+        public void DisableSslCertificateValidation_does_not_accept_null_parameters(GuardClauseAssertion assertion) => assertion.Verify(typeof(HttpClientBuilderExtensions).GetMethod(nameof(HttpClientBuilderExtensions.DisableSslCertificateValidation)));
+#endif
+    }
+}