[Feature] Add support for client certificate password and test with real services that require client certificate auth #32
Conversation
…ervices that require client certificates. Also update so when proxying, the path and query will be passed to the proxied api.
Codecov Report
@@ Coverage Diff @@
## master #32 +/- ##
==========================================
- Coverage 50.4% 49.63% -0.77%
==========================================
Files 58 59 +1
Lines 1867 1904 +37
Branches 252 258 +6
==========================================
+ Hits 941 945 +4
- Misses 858 891 +33
Partials 68 68
Continue to review full report at Codecov.
|
| /// <returns>A <see cref="IResponseBuilder"/>.</returns> | ||
| public IResponseBuilder WithProxy(string proxyUrl, string clientX509Certificate2Filename, string clientX509Certificate2Password) | ||
| { | ||
| Check.NotEmpty(clientX509Certificate2Filename, nameof(clientX509Certificate2Password)); |
There was a problem hiding this comment.
Fix this Check --> you check clientX509Certificate2Filename but use nameof(clientX509Certificate2Password)
And add a second check.
| /// </summary> | ||
| /// <param name="proxyUrl">The proxy url.</param> | ||
| /// <param name="clientX509Certificate2Filename">The X509Certificate2 file to use for client authentication.</param> | ||
| /// /// <param name="clientX509Certificate2Password">The X509Certificate2 password.</param> |
| @@ -285,7 +305,10 @@ public IResponseBuilder WithProxy(string proxyUrl, string clientX509Certificate2 | |||
|
|
|||
| if (ProxyUrl != null) | |||
| { | |||
| return await HttpClientHelper.SendAsync(requestMessage, ProxyUrl, X509Certificate2Filename); | |||
| var requestUri = new Uri(requestMessage.Url); | |||
There was a problem hiding this comment.
Why is this needed?
Why not just add the new parameter (X509Certificate2Password) to the method?
| @@ -129,7 +129,11 @@ private void InitProxyAndRecord(ProxyAndRecordSettings settings) | |||
|
|
|||
| private async Task<ResponseMessage> ProxyAndRecordAsync(RequestMessage requestMessage, ProxyAndRecordSettings settings) | |||
| { | |||
| var responseMessage = await HttpClientHelper.SendAsync(requestMessage, settings.Url); | |||
| var requestUri = new Uri(requestMessage.Url); | |||
There was a problem hiding this comment.
Same as above, please explain why this needed.
| /// <summary> | ||
| /// The X509Certificate2 password. | ||
| /// </summary> | ||
| public string X509Certificate2Password { get; set; } |
There was a problem hiding this comment.
Is it safe to return the password?
|
I've added some remarks and questions. Can you please take a look? |
StefH
changed the title
|
Hi Stef, Thanks for all your comments, they're very helpful and I see I missed a few things (inc. updating all tests!)
In this PR, I've done the code for option (1). However, I could update it to do option (2) instead if you think that's preferable? Thoughts? Thanks, |
|
…ervices that require client certificates. Also update so when proxying, the path and query will be passed to the proxied api.
| if (matchingCertificates.Count == 0) | ||
| { | ||
| // No certificates matched the search criteria. | ||
| throw new Exception("no cert fount"); |
There was a problem hiding this comment.
throw new Exception("No certificate found with Thumbprint or SubjectName '{0}'", thumbprintOrSubjectName);
| // Use the first matching certificate. | ||
| return matchingCertificates[0]; | ||
| } | ||
|
|
| /// <returns>A <see cref="IResponseBuilder"/>.</returns> | ||
| public IResponseBuilder WithProxy(string proxyUrl, string clientX509Certificate2Filename) | ||
| public IResponseBuilder WithProxy(string proxyUrl, string clientX509Certificate2ThumbprintOrSubjectName) |
There was a problem hiding this comment.
You could add:
[NotNull] string proxyUrl
and
[NotNull] clientX509Certificate2ThumbprintOrSubjectName
|
I've added some small comments, can you take a look? |
…ervices that require client certificates. Also update so when proxying, the path and query will be passed to the proxied api.
|
Yep all good. Having a bit of a nightmare with rebasing and trying to
revert some changes...
I don't think it's a good idea to include both options for file AND store -
at least not in the use cases I'm thinking of.
Might not be able to resume this for a few days, but will do my best.
Phil
…On Fri, Jun 16, 2017 at 8:31 PM, Stef Heyenrath ***@***.***> wrote:
I've added some small comments, can you take a look?
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#32 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AEEFo6OaMjf29M_Xsn5Pd6jf7Ybia1M8ks5sEj1ogaJpZM4N2DvN>
.
|
|
Yes rebasing and merging can be difficult to understand sometimes. Maybe I can create an organization and add you as a member. If we then work only from separate branches and review the code and only merge to master, that could also work... |
|
If that works better for you I'm happy to do that. I could then create a
feature branch and reapply my changes to it instead of the fork. Sorry I
haven't worked with github forking and pull-requests a great deal so am
taking a while to get the hang of it...
…On Fri, Jun 16, 2017 at 9:21 PM, Stef Heyenrath ***@***.***> wrote:
Yes rebasing and merging can be difficult to understand sometimes.
Maybe I can create an organization and add you as a member.
If we then work only from separate branches and review the code and only
merge to master, that could also work...
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#32 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AEEFo7nZpSK5Jp5satsaHQ5s06K76q_Wks5sEkkFgaJpZM4N2DvN>
.
|
|
Cool. I think some of the code in there is dev stuff that needs removing.
eg in the console app for the recorder example. Will check next time & do
another pr to fix
…On 16/06/2017 9:36 PM, "Stef Heyenrath" ***@***.***> wrote:
Merged #32 <#32>.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#32 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/AEEFowAsFCRLjfoIX1cNgGt7m9yPq-ASks5sEkyKgaJpZM4N2DvN>
.
|
|
I've just created an Github organization, and I will move the code from here to that organization. |
|
I sent invite to you for joining the organization. Can you also tell me your full name ? So I can include this in the csproj/nuget. As discussed ; can you please create a separate branch for new functionality, then we can review and if it's correct, merge back to master. |
|
Cool, thanks! My full name is Phil Lee.
Will have a go at some of the unit tests for the code I changed next week,
plus do some more testing with proxying/record replay. Am thinking adding
an option to name files with url (minus nasty chars) + guid when in record
mode might be something i could add.
Cheers,
Phil
…On 17/06/2017 7:36 PM, "Stef Heyenrath" ***@***.***> wrote:
I sent invite to you for joining the organization.
Can you also tell me your full name ? So I can include this in the
csproj/nuget.
As discussed ; can you please create a separate branch for new
functionality, then we can review and if it's correct, merge back to master.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#32 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AEEFo9Mo3r7ww_ExZZi3nKwg0ayOzAFpks5sE4HqgaJpZM4N2DvN>
.
|
Add support for client certificate password and test with real services that require client certificates. Also update so when proxying, the path and query will be passed to the proxied api.
Please have a look and let me know what you think. I ran a test for it locally, but it's a bit hard to checkin a runnable unit test as it would require a real service (which I have in my environment) plus a valid pfx with password