Add client certificate support (#862)

* Add client certificate support

* Add missing test certificate file

* Review fixes

* Review fixes

* Review fixes

* Review fixes

test/WireMock.Net.Tests/README.md

@@ -0,0 +1,7 @@
+## Creating a client certificate like client_cert.pfx
+
+Follow the instructions to [create a root certificate](https://learn.microsoft.com/en-us/aspnet/core/security/authentication/certauth?view=aspnetcore-7.0#create-root-ca),
+then [trust it](https://learn.microsoft.com/en-us/aspnet/core/security/authentication/certauth?view=aspnetcore-7.0#install-in-the-trusted-root)
+and [create a child certificate from it](https://learn.microsoft.com/en-us/aspnet/core/security/authentication/certauth?view=aspnetcore-7.0#create-child-certificate-from-root-certificate).
+
+Since the root certificate of `client_cert.pfx` is obviously not trusted automatically by cloning this repo, the tests in `WireMockServerTests.ClientCertificate.cs` set `WireMockServerSettings.AcceptAnyClientCertificate` to `true` so that tests pass even if the device hasn't trusted the root of `client_cert.pfx`.

test/WireMock.Net.Tests/WireMock.Net.Tests.csproj

@@ -96,6 +96,10 @@
         <None Update="__admin\mappings\subdirectory\*.xml">
             <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
         </None>
+        <None Update="client_cert.pfx">
+          <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
+          <DependentUpon>WireMockServerTests.ClientCertificate.cs</DependentUpon>
+        </None>
     </ItemGroup>
 
     <ItemGroup>

test/WireMock.Net.Tests/WireMockServerTests.ClientCertificate.cs

@@ -0,0 +1,59 @@
+#if !NET451 && !NET452
+
+using System.Net;
+using System.Net.Http;
+using System.Threading.Tasks;
+using FluentAssertions;
+using System.Security.Cryptography.X509Certificates;
+using WireMock.RequestBuilders;
+using WireMock.ResponseBuilders;
+using WireMock.Server;
+using WireMock.Settings;
+using WireMock.Types;
+using Xunit;
+
+namespace WireMock.Net.Tests;
+
+public partial class WireMockServerTests
+{
+    [Fact]
+    public async Task WireMockServer_WithRequiredClientCertificates_Should_Work_Correct()
+    {
+        // Arrange
+        var settings = new WireMockServerSettings
+        {
+            ClientCertificateMode = ClientCertificateMode.RequireCertificate,
+            AcceptAnyClientCertificate = true,
+            UseSSL = true,
+        };
+
+        using var server = WireMockServer.Start(settings);
+
+        server.Given(Request.Create().WithPath("/*"))
+            .RespondWith(Response.Create().WithCallback(message => new ResponseMessage
+            {
+                StatusCode = message.ClientCertificate?.Thumbprint == "2E32E3528C87046A95B8B0BA172A1597C3AF3A9D"
+                    ? 200
+                    : 403
+            }));
+
+        var certificates = new X509Certificate2Collection();
+        certificates.Import("client_cert.pfx", "1234", X509KeyStorageFlags.Exportable);
+
+        var httpMessageHandler = new HttpClientHandler
+        {
+            ServerCertificateCustomValidationCallback = (_, _, _, _) => true,
+        };
+        httpMessageHandler.ClientCertificates.AddRange(certificates);
+
+        // Act
+        var response = await new HttpClient(httpMessageHandler)
+            .GetAsync("https://localhost:" + server.Ports[0] + "/foo")
+            .ConfigureAwait(false);
+
+        // Assert
+        response.StatusCode.Should().Be(HttpStatusCode.OK);
+    }
+}
+
+#endif