diff --git a/.circleci/config.yml b/.circleci/config.yml index ea97acc94..6f36d4b36 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -4,13 +4,13 @@ orbs: jobs: build: docker: - - image: mijitt0m/ocelot-build:0.0.7 + - image: mijitt0m/ocelot-build:0.0.9 steps: - checkout - run: dotnet tool restore && dotnet cake release: docker: - - image: mijitt0m/ocelot-build:0.0.7 + - image: mijitt0m/ocelot-build:0.0.9 steps: - checkout - run: dotnet tool restore && dotnet cake --target=Release diff --git a/.gitignore b/.gitignore index 4980a426c..220172830 100644 --- a/.gitignore +++ b/.gitignore @@ -183,7 +183,7 @@ ClientBin/ *.dbmdl *.dbproj.schemaview *.pfx -!idsrv3test.pfx +!mycert.pfx *.publishsettings node_modules/ orleans.codegen.cs diff --git a/README.md b/README.md index 959c788d8..f43c12d62 100644 --- a/README.md +++ b/README.md @@ -43,7 +43,7 @@ A quick list of Ocelot's capabilities for more information see the [documentatio ## How to install -Ocelot is designed to work with ASP.NET and it targets `net6.0`. +Ocelot is designed to work with ASP.NET and it targets `net7.0`. Install Ocelot and it's dependencies using NuGet. diff --git a/docker/Dockerfile.base b/docker/Dockerfile.base index 8f061a4b9..691339490 100644 --- a/docker/Dockerfile.base +++ b/docker/Dockerfile.base @@ -1,6 +1,6 @@ FROM mcr.microsoft.com/dotnet/sdk:7.0-alpine -RUN apk add bash icu-libs krb5-libs libgcc libintl libssl1.1 libstdc++ zlib +RUN apk add bash icu-libs krb5-libs libgcc libintl libssl1.1 libstdc++ zlib git openssh-client RUN curl -L --output ./dotnet-install.sh https://dot.net/v1/dotnet-install.sh diff --git a/docker/Dockerfile.build b/docker/Dockerfile.build index 0bdb28c2a..5498c6106 100644 --- a/docker/Dockerfile.build +++ b/docker/Dockerfile.build @@ -1,7 +1,7 @@ # call from ocelot repo root with # docker build --platform linux/arm64 --build-arg OCELOT_COVERALLS_TOKEN=$OCELOT_COVERALLS_TOKEN -f ./docker/Dockerfile.build . # docker build --platform linux/amd64 --build-arg OCELOT_COVERALLS_TOKEN=$OCELOT_COVERALLS_TOKEN -f ./docker/Dockerfile.build . -FROM mijitt0m/ocelot-build:0.0.7 +FROM mijitt0m/ocelot-build:0.0.9 ARG OCELOT_COVERALLS_TOKEN diff --git a/docker/Dockerfile.release b/docker/Dockerfile.release index e9063b6ac..e2659c035 100644 --- a/docker/Dockerfile.release +++ b/docker/Dockerfile.release @@ -1,7 +1,7 @@ # call from ocelot repo root with # docker build --platform linux/arm64 --build-arg OCELOT_COVERALLS_TOKEN=$OCELOT_COVERALLS_TOKEN --build-arg OCELOT_GITHUB_API_KEY=$OCELOT_GITHUB_API_KEY --build-arg OCELOT_COVERALLS_TOKEN=$OCELOT_COVERALLS_TOKEN -f ./docker/Dockerfile.build . # docker build --platform linux/amd64 --build-arg OCELOT_COVERALLS_TOKEN=$OCELOT_COVERALLS_TOKEN --build-arg OCELOT_GITHUB_API_KEY=$OCELOT_GITHUB_API_KEY --build-arg OCELOT_COVERALLS_TOKEN=$OCELOT_COVERALLS_TOKEN -f ./docker/Dockerfile.build . -FROM mijitt0m/ocelot-build:0.0.7 +FROM mijitt0m/ocelot-build:0.0.9 ARG OCELOT_COVERALLS_TOKEN ARG OCELOT_NUTGET_API_KEY diff --git a/docker/build.sh b/docker/build.sh index 5baf096f9..bf2cee9b5 100755 --- a/docker/build.sh +++ b/docker/build.sh @@ -1,5 +1,5 @@ # this script build the ocelot docker file -version=0.0.7 +version=0.0.9 docker build --platform linux/amd64 -t mijitt0m/ocelot-build -f Dockerfile.base . echo $DOCKER_PASS | docker login -u $DOCKER_USER --password-stdin docker tag mijitt0m/ocelot-build mijitt0m/ocelot-build:$version diff --git a/docs/building/tests.rst b/docs/building/tests.rst index 368c9556e..c21e91cfd 100644 --- a/docs/building/tests.rst +++ b/docs/building/tests.rst @@ -4,4 +4,15 @@ Tests The tests should all just run and work as part of the build process. You can of course also run them in visual studio. +Create SSL Cert for Testing +^^^^^^^^^^^^^^^^^^^^^^^^^^^ +You can do this via openssl: + +Install openssl package (if you are using Windows, download binaries here). + +Generate private key: `openssl genrsa 2048 > private.pem` + +Generate the self signed certificate: `openssl req -x509 -days 1000 -new -key private.pem -out public.pem` + +If needed, create PFX: `openssl pkcs12 -export -in public.pem -inkey private.pem -out mycert.pfx` \ No newline at end of file diff --git a/src/Ocelot/Requester/HttpClientBuilder.cs b/src/Ocelot/Requester/HttpClientBuilder.cs index 6361d2faf..305777be3 100644 --- a/src/Ocelot/Requester/HttpClientBuilder.cs +++ b/src/Ocelot/Requester/HttpClientBuilder.cs @@ -49,7 +49,8 @@ public IHttpClient Create(DownstreamRoute downstreamRoute) if (downstreamRoute.DangerousAcceptAnyServerCertificateValidator) { - handler.ServerCertificateCustomValidationCallback = (request, certificate, chain, errors) => true; + handler.ServerCertificateCustomValidationCallback = + HttpClientHandler.DangerousAcceptAnyServerCertificateValidator; _logger .LogWarning($"You have ignored all SSL warnings by using DangerousAcceptAnyServerCertificateValidator for this DownstreamRoute, UpstreamPathTemplate: {downstreamRoute.UpstreamPathTemplate}, DownstreamPathTemplate: {downstreamRoute.DownstreamPathTemplate}"); diff --git a/test/Ocelot.AcceptanceTests/HttpTests.cs b/test/Ocelot.AcceptanceTests/HttpTests.cs index e13567ae0..5d25b0462 100644 --- a/test/Ocelot.AcceptanceTests/HttpTests.cs +++ b/test/Ocelot.AcceptanceTests/HttpTests.cs @@ -5,14 +5,14 @@ namespace Ocelot.AcceptanceTests using System.IO; using System.Net; using System.Net.Http; - + using Configuration.File; - + using Microsoft.AspNetCore.Http; using Microsoft.AspNetCore.Server.Kestrel.Core; - + using TestStack.BDDfy; - + using Xunit; public class HttpTests : IDisposable @@ -38,7 +38,7 @@ public void should_return_response_200_when_using_http_one() new() { DownstreamPathTemplate = "/{url}", - DownstreamScheme = "https", + DownstreamScheme = "http", UpstreamPathTemplate = "/{url}", UpstreamHttpMethod = new List { "Get" }, DownstreamHostAndPorts = new List @@ -51,7 +51,6 @@ public void should_return_response_200_when_using_http_one() }, DownstreamHttpMethod = "POST", DownstreamHttpVersion = "1.0", - DangerousAcceptAnyServerCertificateValidator = true }, }, }; @@ -76,7 +75,7 @@ public void should_return_response_200_when_using_http_one_point_one() new() { DownstreamPathTemplate = "/{url}", - DownstreamScheme = "https", + DownstreamScheme = "http", UpstreamPathTemplate = "/{url}", UpstreamHttpMethod = new List { "Get" }, DownstreamHostAndPorts = new List @@ -89,7 +88,6 @@ public void should_return_response_200_when_using_http_one_point_one() }, DownstreamHttpMethod = "POST", DownstreamHttpVersion = "1.1", - DangerousAcceptAnyServerCertificateValidator = true }, }, }; @@ -135,7 +133,7 @@ public void should_return_response_200_when_using_http_two_point_zero() const string expected = "here is some content"; var httpContent = new StringContent(expected); - this.Given(x => x.GivenThereIsAServiceRunningOn($"http://localhost:{port}/", "/", port, HttpProtocols.Http2)) + this.Given(x => x.GivenThereIsAServiceUsingHttpsRunningOn($"http://localhost:{port}/", "/", port, HttpProtocols.Http2)) .And(x => _steps.GivenThereIsAConfiguration(configuration)) .And(x => _steps.GivenOcelotIsRunning()) .When(x => _steps.WhenIGetUrlOnTheApiGateway("/", httpContent)) @@ -185,6 +183,7 @@ public void should_return_response_502_when_using_http_one_to_talk_to_server_run .BDDfy(); } + //TODO: does this test make any sense? [Fact] public void should_return_response_200_when_using_http_two_to_talk_to_server_running_http_one_point_one() { @@ -197,7 +196,7 @@ public void should_return_response_200_when_using_http_two_to_talk_to_server_run new() { DownstreamPathTemplate = "/{url}", - DownstreamScheme = "https", + DownstreamScheme = "http", UpstreamPathTemplate = "/{url}", UpstreamHttpMethod = new List { "Get" }, DownstreamHostAndPorts = new List @@ -209,7 +208,7 @@ public void should_return_response_200_when_using_http_two_to_talk_to_server_run }, }, DownstreamHttpMethod = "POST", - DownstreamHttpVersion = "2.0", + DownstreamHttpVersion = "1.1", DangerousAcceptAnyServerCertificateValidator = true }, }, @@ -238,6 +237,17 @@ private void GivenThereIsAServiceRunningOn(string baseUrl, string basePath, int }, port, protocols); } + private void GivenThereIsAServiceUsingHttpsRunningOn(string baseUrl, string basePath, int port, HttpProtocols protocols) + { + _serviceHandler.GivenThereIsAServiceRunningOnUsingHttps(baseUrl, basePath, async context => + { + context.Response.StatusCode = 200; + var reader = new StreamReader(context.Request.Body); + var body = await reader.ReadToEndAsync(); + await context.Response.WriteAsync(body); + }, port, protocols); + } + public void Dispose() { _serviceHandler.Dispose(); diff --git a/test/Ocelot.AcceptanceTests/Ocelot.AcceptanceTests.csproj b/test/Ocelot.AcceptanceTests/Ocelot.AcceptanceTests.csproj index e9fddfee4..e0647b773 100644 --- a/test/Ocelot.AcceptanceTests/Ocelot.AcceptanceTests.csproj +++ b/test/Ocelot.AcceptanceTests/Ocelot.AcceptanceTests.csproj @@ -20,7 +20,7 @@ PreserveNewest - + PreserveNewest diff --git a/test/Ocelot.AcceptanceTests/ServiceHandler.cs b/test/Ocelot.AcceptanceTests/ServiceHandler.cs index f6e0aade6..24fb75196 100644 --- a/test/Ocelot.AcceptanceTests/ServiceHandler.cs +++ b/test/Ocelot.AcceptanceTests/ServiceHandler.cs @@ -4,6 +4,7 @@ using System.IO; using System.Net; using System.Threading.Tasks; + using System.Security.Authentication; using Microsoft.AspNetCore.Builder; using Microsoft.AspNetCore.Hosting; @@ -11,6 +12,7 @@ using Microsoft.AspNetCore.Server.Kestrel.Core; using Microsoft.Extensions.Configuration; using Microsoft.Extensions.Logging; + using Microsoft.Extensions.Hosting; public class ServiceHandler : IDisposable { @@ -58,7 +60,34 @@ public void GivenThereIsAServiceRunningOn(string baseUrl, string basePath, Reque { serverOptions.Listen(IPAddress.Loopback, port, listenOptions => { - listenOptions.UseHttps("idsrv3test.pfx", "idsrv3test"); + listenOptions.Protocols = protocols; + }); + }) + .UseContentRoot(Directory.GetCurrentDirectory()) + .UseIISIntegration() + .Configure(app => + { + app.UsePathBase(basePath); + app.Run(del); + }) + .Build(); + + _builder.Start(); + } + + public void GivenThereIsAServiceRunningOnUsingHttps(string baseUrl, string basePath, RequestDelegate del, int port, HttpProtocols protocols) + { + _builder = new WebHostBuilder() + .UseUrls(baseUrl) + .UseKestrel() + .ConfigureKestrel(serverOptions => + { + serverOptions.Listen(IPAddress.Loopback, port, listenOptions => + { + listenOptions.UseHttps("mycert.pfx", "password", options => + { + options.SslProtocols = SslProtocols.Tls12; + }); listenOptions.Protocols = protocols; }); }) diff --git a/test/Ocelot.AcceptanceTests/SslTests.cs b/test/Ocelot.AcceptanceTests/SslTests.cs index 7965ebf05..b997be114 100644 --- a/test/Ocelot.AcceptanceTests/SslTests.cs +++ b/test/Ocelot.AcceptanceTests/SslTests.cs @@ -2,14 +2,14 @@ namespace Ocelot.AcceptanceTests { using System; using System.Collections.Generic; - using System.Net; - - using Configuration.File; - - using Microsoft.AspNetCore.Http; - - using TestStack.BDDfy; - + using System.Net; + + using Configuration.File; + + using Microsoft.AspNetCore.Http; + + using TestStack.BDDfy; + using Xunit; public class SslTests : IDisposable @@ -99,7 +99,7 @@ public void should_not_dangerous_accept_any_server_certificate_validator() private void GivenThereIsAServiceRunningOn(string baseUrl, string basePath, int statusCode, string responseBody, int port) { - _serviceHandler.GivenThereIsAServiceRunningOn(baseUrl, basePath, "idsrv3test.pfx", "idsrv3test", port, async context => + _serviceHandler.GivenThereIsAServiceRunningOn(baseUrl, basePath, "mycert.pfx", "password", port, async context => { _downstreamPath = !string.IsNullOrEmpty(context.Request.PathBase.Value) ? context.Request.PathBase.Value : context.Request.Path.Value; diff --git a/test/Ocelot.AcceptanceTests/mycert.pfx b/test/Ocelot.AcceptanceTests/mycert.pfx new file mode 100644 index 000000000..ead06a05d Binary files /dev/null and b/test/Ocelot.AcceptanceTests/mycert.pfx differ diff --git a/test/Ocelot.IntegrationTests/AdministrationTests.cs b/test/Ocelot.IntegrationTests/AdministrationTests.cs index 29a74477a..14667c7dc 100644 --- a/test/Ocelot.IntegrationTests/AdministrationTests.cs +++ b/test/Ocelot.IntegrationTests/AdministrationTests.cs @@ -628,8 +628,8 @@ private void GivenAnotherOcelotIsRunning(string baseUrl) private static void GivenIdentityServerSigningEnvironmentalVariablesAreSet() { - Environment.SetEnvironmentVariable("OCELOT_CERTIFICATE", "idsrv3test.pfx"); - Environment.SetEnvironmentVariable("OCELOT_CERTIFICATE_PASSWORD", "idsrv3test"); + Environment.SetEnvironmentVariable("OCELOT_CERTIFICATE", "mycert.pfx"); + Environment.SetEnvironmentVariable("OCELOT_CERTIFICATE_PASSWORD", "password"); } private void WhenIGetUrlOnTheSecondOcelot(string url) diff --git a/test/Ocelot.IntegrationTests/Ocelot.IntegrationTests.csproj b/test/Ocelot.IntegrationTests/Ocelot.IntegrationTests.csproj index a0b7d5ccf..3148a2bf5 100644 --- a/test/Ocelot.IntegrationTests/Ocelot.IntegrationTests.csproj +++ b/test/Ocelot.IntegrationTests/Ocelot.IntegrationTests.csproj @@ -13,7 +13,7 @@ ..\..\codeanalysis.ruleset - + PreserveNewest diff --git a/test/Ocelot.IntegrationTests/idsrv3test.pfx b/test/Ocelot.IntegrationTests/idsrv3test.pfx deleted file mode 100644 index 0247dea03..000000000 Binary files a/test/Ocelot.IntegrationTests/idsrv3test.pfx and /dev/null differ diff --git a/test/Ocelot.IntegrationTests/mycert.pfx b/test/Ocelot.IntegrationTests/mycert.pfx new file mode 100644 index 000000000..ead06a05d Binary files /dev/null and b/test/Ocelot.IntegrationTests/mycert.pfx differ diff --git a/test/Ocelot.ManualTest/Ocelot.ManualTest.csproj b/test/Ocelot.ManualTest/Ocelot.ManualTest.csproj index af9704d75..35ae2c649 100644 --- a/test/Ocelot.ManualTest/Ocelot.ManualTest.csproj +++ b/test/Ocelot.ManualTest/Ocelot.ManualTest.csproj @@ -20,7 +20,7 @@ - + PreserveNewest diff --git a/test/Ocelot.ManualTest/mycert.pfx b/test/Ocelot.ManualTest/mycert.pfx new file mode 100644 index 000000000..ead06a05d Binary files /dev/null and b/test/Ocelot.ManualTest/mycert.pfx differ diff --git a/test/Ocelot.UnitTests/Ocelot.UnitTests.csproj b/test/Ocelot.UnitTests/Ocelot.UnitTests.csproj index c7005d65f..df4091722 100644 --- a/test/Ocelot.UnitTests/Ocelot.UnitTests.csproj +++ b/test/Ocelot.UnitTests/Ocelot.UnitTests.csproj @@ -42,7 +42,7 @@ PreserveNewest - + PreserveNewest diff --git a/test/Ocelot.UnitTests/idsrv3test.pfx b/test/Ocelot.UnitTests/idsrv3test.pfx deleted file mode 100644 index 0247dea03..000000000 Binary files a/test/Ocelot.UnitTests/idsrv3test.pfx and /dev/null differ diff --git a/test/Ocelot.UnitTests/mycert.pfx b/test/Ocelot.UnitTests/mycert.pfx new file mode 100644 index 000000000..ead06a05d Binary files /dev/null and b/test/Ocelot.UnitTests/mycert.pfx differ