[Feature] Add support for client certificate password and test with real services that require client certificate auth (#32)

* Add support for client certificate password and test with some real services that require client certificates. Also update so when proxying, the path and query will be passed to the proxied api. * Add correct param * Update to read certificate from store instead of file * Add support for client certificate password and test with some real services that require client certificates. Also update so when proxying, the path and query will be passed to the proxied api. * Add correct param * Fixup PR issues * Add support for client certificate password and test with some real services that require client certificates. Also update so when proxying, the path and query will be passed to the proxied api. * Add correct param * Fixup PR issues
2026-03-14 06:17:11 +01:00 · 2017-06-16 21:36:10 +12:00
parent c29b88eb43
commit 49ce2f0dfb
11 changed files with 149 additions and 47 deletions
--- a/examples/WireMock.Net.Console.Record.NETCoreApp/Program.cs
+++ b/examples/WireMock.Net.Console.Record.NETCoreApp/Program.cs
@@ -10,11 +10,12 @@ namespace WireMock.Net.Console.Record.NETCoreApp
        {
            var server = FluentMockServer.Start(new FluentMockServerSettings
            {
-                Urls = new[] { "http://localhost:9095/", "https://localhost:9096/" },
+                Urls = new[] { "http://localhost:9090/", "https://localhost:9096/" },
                StartAdminInterface = true,
                ProxyAndRecordSettings = new ProxyAndRecordSettings
                {
                    Url = "https://www.msn.com",
+                    X509Certificate2ThumbprintOrSubjectName = "x3bwbapi-dev.nzlb.service.dev",
                    SaveMapping = true
                }
            });
--- a/examples/WireMock.Net.ConsoleApplication/MainApp.cs
+++ b/examples/WireMock.Net.ConsoleApplication/MainApp.cs
@@ -96,17 +96,23 @@ namespace WireMock.Net.ConsoleApplication
                .RespondWith(Response.Create().WithStatusCode(200).WithBody("partial = 200"));

            // http://localhost:8080/any/any?start=1000&stop=1&stop=2
+            //server
+            //    .Given(Request.Create().WithPath("/*").UsingGet())
+            //    .WithGuid("90356dba-b36c-469a-a17e-669cd84f1f05")
+            //    .AtPriority(server.Mappings.Count() + 1)
+            //    .RespondWith(Response.Create()
+            //        .WithStatusCode(200)
+            //        .WithHeader("Content-Type", "application/json")
+            //        .WithHeader("Transformed-Postman-Token", "token is {{request.headers.Postman-Token}}")
+            //        .WithBody(@"{""msg"": ""Hello world CATCH-ALL on /*, {{request.path}}, bykey={{request.query.start}}, bykey={{request.query.stop}}, byidx0={{request.query.stop.[0]}}, byidx1={{request.query.stop.[1]}}"" }")
+            //        .WithTransformer()
+            //        .WithDelay(TimeSpan.FromMilliseconds(100))
+            //    );
            server
                .Given(Request.Create().WithPath("/*").UsingGet())
                .WithGuid("90356dba-b36c-469a-a17e-669cd84f1f05")
-                .AtPriority(server.Mappings.Count() + 1)
                .RespondWith(Response.Create()
-                    .WithStatusCode(200)
-                    .WithHeader("Content-Type", "application/json")
-                    .WithHeader("Transformed-Postman-Token", "token is {{request.headers.Postman-Token}}")
-                    .WithBody(@"{""msg"": ""Hello world CATCH-ALL on /*, {{request.path}}, bykey={{request.query.start}}, bykey={{request.query.stop}}, byidx0={{request.query.stop.[0]}}, byidx1={{request.query.stop.[1]}}"" }")
-                    .WithTransformer()
-                    .WithDelay(TimeSpan.FromMilliseconds(100))
+                .WithProxy("https://semhub-test.lbtest.anznb.co.nz:5200", "D2DBF134A8D06ACCD0E1FAD9B8B28678DF7A9816")
                );

            System.Console.WriteLine("Press any key to stop the server");
--- a/src/WireMock.Net.StandAlone/StandAloneApp.cs
+++ b/src/WireMock.Net.StandAlone/StandAloneApp.cs
@@ -35,8 +35,8 @@ namespace WireMock.Net.StandAlone
            [SwitchArgument("SaveProxyMapping", true, Description = "Save the proxied request and response mapping files in ./__admin/mappings.  (default set to true).", Optional = true)]
            public bool SaveMapping { get; set; }

-            [ValueArgument(typeof(string), "X509Certificate2", Description = "The X509Certificate2 Filename to use.", Optional = true)]
-            public string X509Certificate2Filename { get; set; }
+            [ValueArgument(typeof(string), "X509Certificate2ThumbprintOrSubjectName", Description = "The X509Certificate2 Thumbprint or SubjectName to use.", Optional = true)]
+            public string X509Certificate2ThumbprintOrSubjectName { get; set; }
        }

        /// <summary>
@@ -91,7 +91,7 @@ namespace WireMock.Net.StandAlone
                    {
                        Url = options.ProxyURL,
                        SaveMapping = options.SaveMapping,
-                        X509Certificate2Filename = options.X509Certificate2Filename
+                        X509Certificate2ThumbprintOrSubjectName = options.X509Certificate2ThumbprintOrSubjectName
                    };
                }

--- a/src/WireMock.Net/Admin/Mappings/ResponseModel.cs
+++ b/src/WireMock.Net/Admin/Mappings/ResponseModel.cs
@@ -84,5 +84,10 @@ namespace WireMock.Admin.Mappings
        /// </summary>
        /// <value>ProxyUrl</value>
        public string ProxyUrl { get; set; }
+
+        /// <summary>
+        /// The client X509Certificate2 Thumbprint or SubjectName to use.
+        /// </summary>
+        public string X509Certificate2ThumbprintOrSubjectName { get; set; }
    }
 }
--- a/src/WireMock.Net/Http/CertificateUtil.cs
+++ b/src/WireMock.Net/Http/CertificateUtil.cs
@@ -0,0 +1,44 @@
+using System;
+using System.Security.Cryptography.X509Certificates;
+
+namespace WireMock.Http
+{
+    internal static class CertificateUtil
+    {
+        public static X509Certificate2 GetCertificate(string thumbprintOrSubjectName)
+        {
+            X509Store certStore = new X509Store(StoreName.My, StoreLocation.LocalMachine);
+            try
+            {
+                //Certificate must be in the local machine store
+                certStore.Open(OpenFlags.ReadOnly);
+
+                //Attempt to find by thumbprint first
+                var matchingCertificates = certStore.Certificates.Find(X509FindType.FindByThumbprint, thumbprintOrSubjectName, false);
+                if (matchingCertificates.Count == 0)
+                {
+                    //Fallback to subject name
+                    matchingCertificates = certStore.Certificates.Find(X509FindType.FindBySubjectName, thumbprintOrSubjectName, false);
+                    if (matchingCertificates.Count == 0)
+                    {
+                        // No certificates matched the search criteria.
+                        throw new Exception($"No certificate found with Thumbprint or SubjectName '{thumbprintOrSubjectName}'");
+                    }
+                }
+                // Use the first matching certificate.
+                return matchingCertificates[0];
+            }
+            finally
+            {
+                if (certStore != null)
+                {
+#if NETSTANDARD || NET46
+                    certStore.Dispose();
+#else
+                    certStore.Close();
+#endif
+                }
+            }
+        }
+    }
+}
--- a/src/WireMock.Net/Http/HttpClientHelper.cs
+++ b/src/WireMock.Net/Http/HttpClientHelper.cs
@@ -1,15 +1,19 @@
 using System;
 using System.Linq;
+using System.Net;
 using System.Net.Http;
+using System.Security.Authentication;
+using System.Security.Cryptography.X509Certificates;
 using System.Threading.Tasks;

 namespace WireMock.Http
 {
    internal static class HttpClientHelper
    {
-        private static HttpClient CreateHttpClient(string clientX509Certificate2Filename = null)
+        
+        private static HttpClient CreateHttpClient(string clientX509Certificate2ThumbprintOrSubjectName = null)
        {
-            if (!string.IsNullOrEmpty(clientX509Certificate2Filename))
+            if (!string.IsNullOrEmpty(clientX509Certificate2ThumbprintOrSubjectName))
            {
 #if NETSTANDARD || NET46
                var handler = new HttpClientHandler
@@ -19,16 +23,20 @@ namespace WireMock.Http
                    ServerCertificateCustomValidationCallback = (message, cert, chain, errors) => true
                };

-                handler.ClientCertificates.Add(new System.Security.Cryptography.X509Certificates.X509Certificate2(clientX509Certificate2Filename));
-                return new HttpClient(handler);
+                var x509Certificate2 = CertificateUtil.GetCertificate(clientX509Certificate2ThumbprintOrSubjectName);
+                handler.ClientCertificates.Add(x509Certificate2);
+
+
 #else
                var handler = new WebRequestHandler
                {
                    ClientCertificateOptions = ClientCertificateOption.Manual,
-                    ServerCertificateValidationCallback = (sender, certificate, chain, errors) => true
+                    ServerCertificateValidationCallback = (sender, certificate, chain, errors) => true,
+                    AutomaticDecompression = DecompressionMethods.GZip | DecompressionMethods.Deflate
                };

-                handler.ClientCertificates.Add(new System.Security.Cryptography.X509Certificates.X509Certificate2(clientX509Certificate2Filename));
+                var x509Certificate2 = CertificateUtil.GetCertificate(clientX509Certificate2ThumbprintOrSubjectName);
+                handler.ClientCertificates.Add(x509Certificate2);
                return new HttpClient(handler);
 #endif
            }
@@ -36,9 +44,9 @@ namespace WireMock.Http
            return new HttpClient();
        }

-        public static async Task<ResponseMessage> SendAsync(RequestMessage requestMessage, string url, string clientX509Certificate2Filename = null)
+        public static async Task<ResponseMessage> SendAsync(RequestMessage requestMessage, string url, string clientX509Certificate2ThumbprintOrSubjectName = null)
        {
-            var client = CreateHttpClient(clientX509Certificate2Filename);
+            var client = CreateHttpClient(clientX509Certificate2ThumbprintOrSubjectName);

            var httpRequestMessage = new HttpRequestMessage(new HttpMethod(requestMessage.Method), url);

@@ -61,21 +69,29 @@ namespace WireMock.Http
            }

            // Call the URL
-            var httpResponseMessage = await client.SendAsync(httpRequestMessage, HttpCompletionOption.ResponseContentRead);
-
-            // Transform response
-            var responseMessage = new ResponseMessage
+            try
            {
-                StatusCode = (int)httpResponseMessage.StatusCode,
-                Body = await httpResponseMessage.Content.ReadAsStringAsync()
-            };
+                var httpResponseMessage = await client.SendAsync(httpRequestMessage, HttpCompletionOption.ResponseContentRead);

-            foreach (var header in httpResponseMessage.Headers)
-            {
-                responseMessage.AddHeader(header.Key, header.Value.FirstOrDefault());
+
+                // Transform response
+                var responseMessage = new ResponseMessage
+                {
+                    StatusCode = (int)httpResponseMessage.StatusCode,
+                    Body = await httpResponseMessage.Content.ReadAsStringAsync()
+                };
+
+                foreach (var header in httpResponseMessage.Headers)
+                {
+                    responseMessage.AddHeader(header.Key, header.Value.FirstOrDefault());
+                }
+
+                return responseMessage;
+            }
+            catch(Exception ex)
+            {
+                throw ex;
            }
-
-            return responseMessage;
        }
    }
 }
--- a/src/WireMock.Net/ResponseBuilders/IProxyResponseBuilder.cs
+++ b/src/WireMock.Net/ResponseBuilders/IProxyResponseBuilder.cs
@@ -18,8 +18,8 @@ namespace WireMock.ResponseBuilders
        /// With Proxy URL using X509Certificate2.
        /// </summary>
        /// <param name="proxyUrl">The proxy url.</param>
-        /// <param name="clientX509Certificate2Filename">The X509Certificate2 file to use for client authentication.</param>
+        /// <param name="clientX509Certificate2ThumbprintOrSubjectName">The X509Certificate2 file to use for client authentication.</param>
        /// <returns>A <see cref="IResponseBuilder"/>.</returns>
-        IResponseBuilder WithProxy([NotNull] string proxyUrl, [CanBeNull] string clientX509Certificate2Filename);
+        IResponseBuilder WithProxy([NotNull] string proxyUrl, [CanBeNull] string clientX509Certificate2ThumbprintOrSubjectName);
    }
 }
--- a/src/WireMock.Net/ResponseBuilders/Response.cs
+++ b/src/WireMock.Net/ResponseBuilders/Response.cs
@@ -35,9 +35,9 @@ namespace WireMock.ResponseBuilders
        public string ProxyUrl { get; private set; }

        /// <summary>
-        /// The client X509Certificate2Filename to use.
+        /// The client X509Certificate2 Thumbprint or SubjectName to use.
        /// </summary>
-        public string X509Certificate2Filename { get; private set; } = null;
+        public string X509Certificate2ThumbprintOrSubjectName { get; private set; } 

        /// <summary>
        /// Gets the response message.
@@ -247,7 +247,7 @@ namespace WireMock.ResponseBuilders
        /// <param name="proxyUrl">The proxy url.</param>
        /// <returns>A <see cref="IResponseBuilder"/>.</returns>
        [PublicAPI]
-        public IResponseBuilder WithProxy(string proxyUrl)
+        public IResponseBuilder WithProxy([NotNull] string proxyUrl)
        {
            Check.NotEmpty(proxyUrl, nameof(proxyUrl));

@@ -259,15 +259,15 @@ namespace WireMock.ResponseBuilders
        /// With Proxy URL.
        /// </summary>
        /// <param name="proxyUrl">The proxy url.</param>
-        /// <param name="clientX509Certificate2Filename">The X509Certificate2 file to use for client authentication.</param>
+        /// <param name="clientX509Certificate2ThumbprintOrSubjectName">The X509Certificate2 file to use for client authentication.</param>
        /// <returns>A <see cref="IResponseBuilder"/>.</returns>
-        public IResponseBuilder WithProxy(string proxyUrl, string clientX509Certificate2Filename)
+        public IResponseBuilder WithProxy([NotNull] string proxyUrl, [NotNull] string clientX509Certificate2ThumbprintOrSubjectName)
        {
            Check.NotEmpty(proxyUrl, nameof(proxyUrl));
-            Check.NotEmpty(clientX509Certificate2Filename, nameof(clientX509Certificate2Filename));
+            Check.NotEmpty(clientX509Certificate2ThumbprintOrSubjectName, nameof(clientX509Certificate2ThumbprintOrSubjectName));

            ProxyUrl = proxyUrl;
-            X509Certificate2Filename = clientX509Certificate2Filename;
+            X509Certificate2ThumbprintOrSubjectName = clientX509Certificate2ThumbprintOrSubjectName;
            return this;
        }

@@ -285,7 +285,10 @@ namespace WireMock.ResponseBuilders

            if (ProxyUrl != null)
            {
-                return await HttpClientHelper.SendAsync(requestMessage, ProxyUrl, X509Certificate2Filename);
+                var requestUri = new Uri(requestMessage.Url);
+                var proxyUri = new Uri(ProxyUrl);
+                var proxyUriWithRequestPathAndQuery = new Uri(proxyUri, requestUri.PathAndQuery);
+                return await HttpClientHelper.SendAsync(requestMessage, proxyUriWithRequestPathAndQuery.AbsoluteUri, X509Certificate2ThumbprintOrSubjectName);
            }

            if (UseTransformer)
--- a/src/WireMock.Net/Server/FluentMockServer.Admin.cs
+++ b/src/WireMock.Net/Server/FluentMockServer.Admin.cs
@@ -129,7 +129,11 @@ namespace WireMock.Server

        private async Task<ResponseMessage> ProxyAndRecordAsync(RequestMessage requestMessage, ProxyAndRecordSettings settings)
        {
-            var responseMessage = await HttpClientHelper.SendAsync(requestMessage, settings.Url);
+            var requestUri = new Uri(requestMessage.Url);
+            var proxyUri = new Uri(settings.Url);
+            var proxyUriWithRequestPathAndQuery = new Uri(proxyUri, requestUri.PathAndQuery);
+
+            var responseMessage = await HttpClientHelper.SendAsync(requestMessage, proxyUriWithRequestPathAndQuery.AbsoluteUri, settings.X509Certificate2ThumbprintOrSubjectName);

            if (settings.SaveMapping)
            {
@@ -158,7 +162,7 @@ namespace WireMock.Server
            var model = new SettingsModel
            {
                AllowPartialMapping = _options.AllowPartialMapping,
-                GlobalProcessingDelay = (int?) _options.RequestProcessingDelay?.TotalMilliseconds
+                GlobalProcessingDelay = (int?)_options.RequestProcessingDelay?.TotalMilliseconds
            };

            return ToJson(model);
@@ -513,7 +517,13 @@ namespace WireMock.Server

            if (!string.IsNullOrEmpty(responseModel.ProxyUrl))
            {
-                return responseBuilder.WithProxy(responseModel.ProxyUrl);
+                if (string.IsNullOrEmpty(responseModel.X509Certificate2ThumbprintOrSubjectName))
+                {
+                    return responseBuilder.WithProxy(responseModel.ProxyUrl);
+                }
+
+                return responseBuilder.WithProxy(responseModel.ProxyUrl, responseModel.X509Certificate2ThumbprintOrSubjectName);
+
            }

            if (responseModel.StatusCode.HasValue)
--- a/src/WireMock.Net/Settings/ProxyAndRecordSettings.cs
+++ b/src/WireMock.Net/Settings/ProxyAndRecordSettings.cs
@@ -16,8 +16,8 @@
        public bool SaveMapping { get; set; } = true;

        /// <summary>
-        /// The clientCertificateFilename to use. Example : "C:\certificates\cert.pfx"
+        /// The clientCertificate thumbprint or subject name fragment to use. Example thumbprint : "D2DBF135A8D06ACCD0E1FAD9BFB28678DF7A9818". Example subject name: "www.google.com""
        /// </summary>
-        public string X509Certificate2Filename { get; set; }
+        public string X509Certificate2ThumbprintOrSubjectName { get; set; }
    }
 }
--- a/test/WireMock.Net.Tests/FluentMockServerTests.cs
+++ b/test/WireMock.Net.Tests/FluentMockServerTests.cs
@@ -363,12 +363,29 @@ namespace WireMock.Net.Tests
                .RespondWith(Response.Create().WithProxy("http://www.google.com"));

            // when
-            var result = await new HttpClient().GetStringAsync("http://localhost:" + _server.Ports[0] + "/foo");
+            var result = await new HttpClient().GetStringAsync("http://localhost:" + _server.Ports[0] + "/search?q=test");

            // then
            Check.That(result).Contains("google");
        }

+        //Leaving commented as this requires an actual certificate with password, along with a service that expects a client certificate
+        [Fact]
+        //public async Task Should_proxy_responses_with_client_certificate()
+        //{
+        //    // given
+        //    _server = FluentMockServer.Start();
+        //    _server
+        //        .Given(Request.Create().WithPath("/*"))
+        //        .RespondWith(Response.Create().WithProxy("https://server-that-expects-a-client-certificate", @"\\yourclientcertificatecontainingprivatekey.pfx", "yourclientcertificatepassword"));
+
+        //    // when
+        //    var result = await new HttpClient().GetStringAsync("http://localhost:" + _server.Ports[0] + "/someurl?someQuery=someValue");
+
+        //    // then
+        //    Check.That(result).Contains("google");
+        //}
+
        //[TearDown]
        public void Dispose()
        {