Added an option to skip ssl validation (#228)

* Added an option to skip ssl validation * fixed an code-factor issue: "A documentation header line must not be followed by a blank line." * PR comments applied Co-authored-by: Tomer Cohen <[email protected]>
Burgyn · Apr 18, 2022 · 0cc6cad · 0cc6cad
1 parent ac3f261
commit 0cc6cad
Show file tree

Hide file tree

Showing 4 changed files with 24 additions and 1 deletion.
diff --git a/src/MMLib.SwaggerForOcelot/Configuration/RouteOptions.cs b/src/MMLib.SwaggerForOcelot/Configuration/RouteOptions.cs
@@ -40,13 +40,15 @@ public RouteOptions(
             string upstreamPathTemplate,
             string downstreamPathTemplate,
             string virtualDirectory,
+            bool dangerousAcceptAnyServerCertificateValidator,
             IEnumerable<string> upstreamMethods) : this()
         {
             SwaggerKey = swaggerKey;
             UpstreamPathTemplate = upstreamPathTemplate;
             DownstreamPathTemplate = downstreamPathTemplate;
             VirtualDirectory = virtualDirectory;
             UpstreamHttpMethod = upstreamMethods;
+            DangerousAcceptAnyServerCertificateValidator = dangerousAcceptAnyServerCertificateValidator;
         }
 
         /// <summary>
@@ -90,6 +92,11 @@ public RouteOptions(
         /// </summary>
         public IEnumerable<string> UpstreamHttpMethod { get; set; }
 
+        /// <summary>
+        /// Gets or sets the downstream ssl certificate check value.
+        /// </summary>
+        public bool DangerousAcceptAnyServerCertificateValidator { get; set; }
+
         /// <summary>
         /// Gets or sets the key.
         /// </summary>

diff --git a/src/MMLib.SwaggerForOcelot/DependencyInjection/ServiceCollectionExtensions.cs b/src/MMLib.SwaggerForOcelot/DependencyInjection/ServiceCollectionExtensions.cs
@@ -11,6 +11,7 @@
 using MMLib.SwaggerForOcelot.Aggregates;
 using Microsoft.Extensions.DependencyInjection.Extensions;
 using System.IO;
+using System.Net.Http;
 
 namespace Microsoft.Extensions.DependencyInjection
 {
@@ -19,6 +20,7 @@ namespace Microsoft.Extensions.DependencyInjection
     /// </summary>
     public static class ServiceCollectionExtensions
     {
+        public const string IgnoreSslCertificate = "HttpClientWithSSLUntrusted";
         /// <summary>
         /// Adds configuration for for <see cref="SwaggerForOcelotMiddleware"/> into <see cref="IServiceCollection"/>.
         /// </summary>
@@ -44,6 +46,17 @@ public static IServiceCollection AddSwaggerForOcelot(
                 .AddMemoryCache()
                 .AddSingleton<ISwaggerEndPointProvider, SwaggerEndPointProvider>();
 
+            services.AddHttpClient(IgnoreSslCertificate, c =>
+            {
+            }).ConfigurePrimaryHttpMessageHandler(() =>
+            {
+                return new HttpClientHandler
+                {
+                    ClientCertificateOptions = ClientCertificateOption.Manual,
+                    ServerCertificateCustomValidationCallback = (httpRequestMessage, cert, certChain, policyErrors) => true
+                };
+            });
+
             services.TryAddTransient<IAggregateRouteDocumentationGenerator, AggregateRouteDocumentationGenerator>();
 
             var options = new OcelotSwaggerGenOptions();

diff --git a/src/MMLib.SwaggerForOcelot/Repositories/DownstreamSwaggerDocsRepository.cs b/src/MMLib.SwaggerForOcelot/Repositories/DownstreamSwaggerDocsRepository.cs
@@ -1,4 +1,5 @@
 using Kros.Extensions;
+using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Options;
 using MMLib.SwaggerForOcelot.Configuration;
 using MMLib.SwaggerForOcelot.ServiceDiscovery;
@@ -42,7 +43,8 @@ public async Task<string> GetSwaggerJsonAsync(
             string docsVersion = null)
         {
             string url = await GetUrlAsync(route, endPoint, docsVersion);
-            HttpClient httpClient = _httpClientFactory.CreateClient();
+            var clientName = (route?.DangerousAcceptAnyServerCertificateValidator ?? false) ? ServiceCollectionExtensions.IgnoreSslCertificate : string.Empty;
+            HttpClient httpClient = _httpClientFactory.CreateClient(clientName);
 
             SetHttpVersion(httpClient, route);
             AddHeaders(httpClient);

diff --git a/src/MMLib.SwaggerForOcelot/RouteOptionsExtensions.cs b/src/MMLib.SwaggerForOcelot/RouteOptionsExtensions.cs
@@ -24,6 +24,7 @@ public static IEnumerable<RouteOptions> GroupByPaths(this IEnumerable<RouteOptio
                     route.UpstreamPathTemplate,
                     route.DownstreamPathTemplate,
                     p.Key.VirtualDirectory,
+                    route.DangerousAcceptAnyServerCertificateValidator,
                     p.Where(r => r.UpstreamHttpMethod != null).SelectMany(r => r.UpstreamHttpMethod))
                 {
                     DownstreamHttpVersion = route.DownstreamHttpVersion,