Skip to content

Commit

Permalink
Merge remote-tracking branch 'origin/main' into release/v1.26
Browse files Browse the repository at this point in the history
  • Loading branch information
@haga-rak
haga-rak committed Dec 11, 2024
2 parents c9ff57d + 896ed3c commit b24a1d9
Show file tree
Hide file tree
Showing 4 changed files with 157 additions and 11 deletions.
1 change: 1 addition & 0 deletions fluxzy.core.sln.DotSettings
View file
Original file line number Diff line number Diff line change
Expand Up @@ -239,6 +239,7 @@
<s:Boolean x:Key="/Default/Environment/SettingsMigration/IsMigratorApplied/=JetBrains_002EReSharper_002EPsi_002ECSharp_002ECodeStyle_002ECSharpKeepExistingMigration/@EntryIndexedValue">True</s:Boolean>
<s:Boolean x:Key="/Default/Environment/SettingsMigration/IsMigratorApplied/=JetBrains_002EReSharper_002EPsi_002ECSharp_002ECodeStyle_002ECSharpPlaceEmbeddedOnSameLineMigration/@EntryIndexedValue">True</s:Boolean>
<s:Boolean x:Key="/Default/Environment/SettingsMigration/IsMigratorApplied/=JetBrains_002EReSharper_002EPsi_002ECSharp_002ECodeStyle_002ECSharpUseContinuousIndentInsideBracesMigration/@EntryIndexedValue">True</s:Boolean>
<s:Boolean x:Key="/Default/Environment/SettingsMigration/IsMigratorApplied/=JetBrains_002EReSharper_002EPsi_002ECSharp_002ECodeStyle_002EMemberReordering_002EMigrations_002ECSharpFileLayoutPatternRemoveIsAttributeUpgrade/@EntryIndexedValue">True</s:Boolean>
<s:Boolean x:Key="/Default/Environment/SettingsMigration/IsMigratorApplied/=JetBrains_002EReSharper_002EPsi_002ECSharp_002ECodeStyle_002ESettingsUpgrade_002EAlwaysTreatStructAsNotReorderableMigration/@EntryIndexedValue">True</s:Boolean>
<s:Boolean x:Key="/Default/Environment/SettingsMigration/IsMigratorApplied/=JetBrains_002EReSharper_002EPsi_002ECSharp_002ECodeStyle_002ESettingsUpgrade_002EMigrateBlankLinesAroundFieldToBlankLinesAroundProperty/@EntryIndexedValue">True</s:Boolean>
<s:Boolean x:Key="/Default/UserDictionary/Words/=appdata/@EntryIndexedValue">True</s:Boolean>
Expand Down
27 changes: 17 additions & 10 deletions src/Fluxzy.Core/Clients/Ssl/BouncyCastle/FluxzyTlsAuthentication.cs
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,5 @@
// Copyright 2021 - Haga Rakotoharivelo - https://github.com/haga-rak

using System;
using System.Linq;
using Org.BouncyCastle.Tls;
using Org.BouncyCastle.Tls.Crypto;
Expand Down Expand Up @@ -29,17 +28,25 @@ public void NotifyServerCertificate(TlsServerCertificate serverCertificate)
public TlsCredentials? GetClientCredentials(CertificateRequest certificateRequest)
{
if (_clientCertificateInfo != null) {
var signatureAndHashAlgorithm = TlsUtilities
.ChooseSignatureAndHashAlgorithm(_tlsCrypto.Context,
certificateRequest.SupportedSignatureAlgorithms,
certificateRequest.SupportedSignatureAlgorithms
.First()
.Hash
);

var config = BouncyCastleClientCertificateConfiguration.CreateFrom(certificateRequest, _tlsCrypto,
var config = BouncyCastleClientCertificateConfiguration.CreateFrom(
certificateRequest, _tlsCrypto,
_clientCertificateInfo);

var clientCertificate = config.Certificate.GetCertificateAt(0);

var clientCertificateSignature = certificateRequest
.SupportedSignatureAlgorithms
.Where(s => clientCertificate.SupportsSignatureAlgorithm(s.Signature))
.Select(s => s.Signature)
.OrderByDescending(r => r >= 4 && r < 10) // Prefer PSS first
.FirstOrDefault();

var signatureAndHashAlgorithm = TlsUtilities
.ChooseSignatureAndHashAlgorithm(_tlsCrypto.Context,
certificateRequest.SupportedSignatureAlgorithms,
clientCertificateSignature
);

var cryptoParameters = new TlsCryptoParameters(_tlsCrypto.Context);

var credentials = new BcDefaultTlsCredentialedSigner(
Expand Down
1 change: 0 additions & 1 deletion src/Fluxzy.Core/Core/Impl/DownStreamConnectionProvider.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,6 @@
using System.Threading;
using System.Threading.Channels;
using System.Threading.Tasks;
using Fluxzy.Utils;

namespace Fluxzy.Core
{
Expand Down
139 changes: 139 additions & 0 deletions test/Fluxzy.Tests/Cli/WithRuleOptionClientCertificateCustomValidation.cs
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,139 @@
// Copyright 2021 - Haga Rakotoharivelo - https://github.com/haga-rak

using System.Net.Http;
using System.Threading.Tasks;
using System;
using System.Collections.Generic;
using Xunit;

namespace Fluxzy.Tests.Cli
{
public class WithRuleOptionClientCertificateCustomValidation : WithRuleOptionBase
{
[TheoryIfEnvVarExists("PRIVATE_CLIENT_CERTIFICATE_TEST_TARGETS")]
[MemberData(nameof(GetPrivateClientCertificateTestTargetParams))]
public async Task Validate(string url, string pfxPath, string pfxPassword, string? forcedIp, string tlsVersion)
{
// Arrange
var requestMessage =
new HttpRequestMessage(HttpMethod.Get, url);

var yamlContent = $"""
rules:
- filter:
typeKind: AnyFilter
actions :
- typeKind: SetClientCertificateAction
clientCertificate:
pkcs12File: {pfxPath}
pkcs12Password: {pfxPassword}
retrieveMode: FromPkcs12
- typeKind: forceTlsVersionAction
sslProtocols: {tlsVersion}
""";

if (forcedIp != null) {
var extraSpoof = $"""
- filter:
typeKind: AnyFilter
action :
typeKind: SpoofDnsAction
remoteHostIp: {forcedIp}
""";

yamlContent += extraSpoof;
}

using var response = await Exec(yamlContent, requestMessage, useBouncyCastle: true);
Assert.NotEqual(528, (int)response.StatusCode);
}

public static IEnumerable<object?[]> GetPrivateClientCertificateTestTargetParams()
{
var tlsVersions = new string[] { "none" };
var targets = PrivateClientCertificateTestTarget.ReadFromEnvironment();

foreach (var target in targets)
{
foreach (var tlsVersion in tlsVersions)
{
yield return new object?[] { target.Url, target.PfxPath, target.PfxPassword, target.ForcedIp, tlsVersion };
}

}
}
}

public class PrivateClientCertificateTestTarget
{
public PrivateClientCertificateTestTarget(string url, string pfxPath, string pfxPassword, string? forcedIp)
{
Url = url;
PfxPath = pfxPath;
PfxPassword = pfxPassword;
ForcedIp = forcedIp;
}

public string Url { get; }

public string PfxPath { get; }

public string PfxPassword { get; }

public string? ForcedIp { get; }

public static IReadOnlyCollection<PrivateClientCertificateTestTarget> ReadFromEnvironment()
{
var envRaw = Environment.GetEnvironmentVariable("PRIVATE_CLIENT_CERTIFICATE_TEST_TARGETS")
?? string.Empty;

var lineRawTab = envRaw.Split(new[] { "|" }, StringSplitOptions.RemoveEmptyEntries);
var result = new List<PrivateClientCertificateTestTarget>();


foreach (var lineRaw in lineRawTab) {
var parts = lineRaw.Split(new[] { ";" }, StringSplitOptions.RemoveEmptyEntries);

if (parts.Length < 3)
{
throw new InvalidOperationException("Invalid format");
}

var forcedIp = (string?) null ;

if (parts.Length == 4)
{
forcedIp = parts[3];
}

result.Add(new PrivateClientCertificateTestTarget(parts[0], parts[1], parts[2], forcedIp));
}

return result;

}
}

public class TheoryIfEnvVarExistsAttribute : TheoryAttribute
{
private readonly string _envVarName;

public TheoryIfEnvVarExistsAttribute(string envVarName)
{
_envVarName = envVarName;
}

public override string? Skip {
get
{
if (string.IsNullOrEmpty(Environment.GetEnvironmentVariable(_envVarName)))
{
return $"Environment variable {_envVarName} is missing. Test skipped";
}

return null;
}
}
}
}

0 comments on commit b24a1d9

Please sign in to comment.