Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Disable TLS certificate validation when disableTLSCertificateValidation is set in the config file for a source. #5514

Merged
merged 14 commits into from
Mar 8, 2024
Merged

Disable TLS certificate validation when disableTLSCertificateValidation is set in the config file for a source. #5514

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
14 commits
Select commit Hold shift + click to select a range
a15fd05
Disbale TLS certification when set
Nigusu-Allehu Nov 17, 2023
10b6d93
Test all SSL poilicy errors
Nigusu-Allehu Nov 17, 2023
beade97
Add TLS server tests
Nigusu-Allehu Nov 24, 2023
136b649
Simplify test
Nigusu-Allehu Nov 24, 2023
c9ac8c7
Warning message
Nigusu-Allehu Dec 30, 2023
5edd78d
Clean up
Nigusu-Allehu Jan 10, 2024
39e4cf3
Rename tests
Nigusu-Allehu Jan 11, 2024
24eda47
Use 128 buffer size
Nigusu-Allehu Jan 16, 2024
024bec2
Improve testing
Nigusu-Allehu Jan 24, 2024
d2fa984
Add integration tests
Nigusu-Allehu Feb 28, 2024
4b4e31d
DangerousAcceptAnyServerCertificateValidator
Nigusu-Allehu Feb 28, 2024
8168089
Reserve port
Nigusu-Allehu Feb 29, 2024
5305dab
Add more tests
Nigusu-Allehu Mar 4, 2024
299194b
Address comments
Nigusu-Allehu Mar 5, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 7 additions & 0 deletions src/NuGet.Core/NuGet.Protocol/HttpSource/HttpHandlerResourceV3Provider.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,8 @@
using System.Linq;
using System.Net;
using System.Net.Http;
using System.Net.Security;
using System.Security.Cryptography.X509Certificates;
using System.Threading;
using System.Threading.Tasks;
using NuGet.Configuration;
Expand Down Expand Up @@ -56,6 +58,11 @@ private HttpHandlerResourceV3 CreateResource(PackageSource packageSource)
AutomaticDecompression = (DecompressionMethods.GZip | DecompressionMethods.Deflate),
};

if (packageSource.DisableTLSCertificateValidation)
{
clientHandler.ServerCertificateCustomValidationCallback = (HttpRequestMessage message, X509Certificate2 cert, X509Chain chain, SslPolicyErrors errors) => true;
}

#if IS_DESKTOP
if (packageSource.MaxHttpRequestsPerSource > 0)
{
Expand Down
41 changes: 41 additions & 0 deletions test/NuGet.Core.Tests/NuGet.Protocol.Tests/HttpHandlerResourceV3ProviderTests.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@
using System.Linq;
using System.Net;
using System.Net.Http;
using System.Net.Security;
using System.Threading;
using System.Threading.Tasks;
using FluentAssertions;
Expand Down Expand Up @@ -124,5 +125,45 @@ static IEnumerable<DelegatingHandler> GetDelegatingHandlers(HttpMessageHandler h
}
}
}

[Theory]
[InlineData(true)]
[InlineData(false)]
public async Task TryCreate_WhenCertificateValidationIsConfigured_HandlerShouldReflectConfiguration(bool disableCertificateValidation)
{
// Arrange
Mock<IProxyCache> proxyCache = new();
proxyCache.Setup(pc => pc.GetProxy(It.IsAny<Uri>())).Returns((IWebProxy)null);

PackageSource packageSource = new(_testPackageSourceURL, "source")
{
DisableTLSCertificateValidation = disableCertificateValidation
};

SourceRepository sourceRepository = new(packageSource, Array.Empty<INuGetResourceProvider>());

HttpHandlerResourceV3Provider target = new(proxyCache.Object);

// Act
var result = await target.TryCreate(sourceRepository, CancellationToken.None);

// Assert
result.Item1.Should().BeTrue();
HttpHandlerResourceV3 resource = (HttpHandlerResourceV3)result.Item2;
resource.Should().NotBeNull();

HttpClientHandler clientHandler = resource.ClientHandler;

if (disableCertificateValidation)
{
clientHandler.ServerCertificateCustomValidationCallback.Should().NotBeNull();
var callbackResult = clientHandler.ServerCertificateCustomValidationCallback.Invoke(null, null, null, SslPolicyErrors.RemoteCertificateChainErrors);
callbackResult.Should().BeTrue();
}
else
{
clientHandler.ServerCertificateCustomValidationCallback.Should().BeNull();
}
}
}
}