[Feature] Add support for client certificate password and test with real services that require client certificate auth

[phillee007]

Add support for client certificate password and test with real services that require client certificates. Also update so when proxying, the path and query will be passed to the proxied api.

Please have a look and let me know what you think. I ran a test for it locally, but it's a bit hard to checkin a runnable unit test as it would require a real service (which I have in my environment) plus a valid pfx with password

[codecov]

Codecov Report

Merging #32 into master will decrease coverage by 0.76%.
The diff coverage is 31.57%.

@@            Coverage Diff             @@
##           master      #32      +/-   ##
==========================================
- Coverage    50.4%   49.63%   -0.77%     
==========================================
  Files          58       59       +1     
  Lines        1867     1904      +37     
  Branches      252      258       +6     
==========================================
+ Hits          941      945       +4     
- Misses        858      891      +33     
  Partials       68       68

Impacted Files	Coverage Δ
...rc/WireMock.Net/Settings/ProxyAndRecordSettings.cs	0% <0%> (ø)	⬆️
src/WireMock.Net/Admin/Mappings/ResponseModel.cs	63.63% <0%> (-6.37%)	⬇️
src/WireMock.Net/Http/CertificateUtil.cs	0% <0%> (ø)
src/WireMock.Net/Server/FluentMockServer.Admin.cs	23.31% <11.11%> (-0.44%)	⬇️
src/WireMock.Net/Http/HttpClientHelper.cs	57.77% <63.15%> (-6.33%)	⬇️
src/WireMock.Net/ResponseBuilders/Response.cs	75.49% <71.42%> (+0.74%)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update c29b88e...af2a035. Read the comment docs.

[StefH]

I've added some remarks and questions.

[StefH]

Fix this Check --> you check clientX509Certificate2Filename but use nameof(clientX509Certificate2Password)

And add a second check.

[StefH]

remove ///

[StefH]

Why is this needed?

Why not just add the new parameter (X509Certificate2Password) to the method?

[StefH]

Same as above, please explain why this needed.

[StefH]

Is it safe to return the password?

[StefH]

I've added some remarks and questions. Can you please take a look?

[phillee007]

Hi Stef,

Thanks for all your comments, they're very helpful and I see I missed a few things (inc. updating all tests!)
With regard to client certificates and passwords, the two main options I've seen in the past for reading a client cert to send with a request are:

1. Read it from a pfx file, and have to specify the password (as generally .pfx are stored with a password, especially if they're production certs we want to use when proxying a live service)
   Pros:

• Can read from a NAS share or somewhere else, so tests can be run on any machine and read from a common location without having to do any importing of certs into their store
  Cons:
• Have to send password for reading cert, and store in each request stub mapping and proxyandrecordsettings

2. Read it from the certificate store on the local machine
   Pros:

• No need to store passwords in tests or test configuration
  Cons:
• Have to configure machines on which tests will be run so that certificate is in the store

In this PR, I've done the code for option (1). However, I could update it to do option (2) instead if you think that's preferable? Thoughts?

Thanks,
Phil

[StefH]

1. I'll do the review, thanks for taking this up. And provide feedback.
2. And I will have to read some more on certificates, to see what is possible.
3. You said you have implemented option 1, is is also possible to ALSO build option 2?

[StefH]

Some small comments.

[StefH]

throw new Exception("No certificate found with Thumbprint or SubjectName '{0}'", thumbprintOrSubjectName);

[StefH]

remove empty line

[StefH]

You could add:
[NotNull] string proxyUrl
and
[NotNull] clientX509Certificate2ThumbprintOrSubjectName

[StefH]

I've added some small comments, can you take a look?

[phillee007]

Yep all good. Having a bit of a nightmare with rebasing and trying to revert some changes... I don't think it's a good idea to include both options for file AND store - at least not in the use cases I'm thinking of. Might not be able to resume this for a few days, but will do my best. Phil

…

On Fri, Jun 16, 2017 at 8:31 PM, Stef Heyenrath ***@***.***> wrote: I've added some small comments, can you take a look? — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <#32 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AEEFo6OaMjf29M_Xsn5Pd6jf7Ybia1M8ks5sEj1ogaJpZM4N2DvN> .

[StefH]

Yes rebasing and merging can be difficult to understand sometimes.

Maybe I can create an organization and add you as a member.

If we then work only from separate branches and review the code and only merge to master, that could also work...

[phillee007]

If that works better for you I'm happy to do that. I could then create a feature branch and reapply my changes to it instead of the fork. Sorry I haven't worked with github forking and pull-requests a great deal so am taking a while to get the hang of it...

…

On Fri, Jun 16, 2017 at 9:21 PM, Stef Heyenrath ***@***.***> wrote: Yes rebasing and merging can be difficult to understand sometimes. Maybe I can create an organization and add you as a member. If we then work only from separate branches and review the code and only merge to master, that could also work... — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <#32 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AEEFo7nZpSK5Jp5satsaHQ5s06K76q_Wks5sEkkFgaJpZM4N2DvN> .

[phillee007]

Cool. I think some of the code in there is dev stuff that needs removing. eg in the console app for the recorder example. Will check next time & do another pr to fix

…

On 16/06/2017 9:36 PM, "Stef Heyenrath" ***@***.***> wrote: Merged #32 <#32>. — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <#32 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AEEFowAsFCRLjfoIX1cNgGt7m9yPq-ASks5sEkyKgaJpZM4N2DvN> .

[StefH]

I've just created an Github organization, and I will move the code from here to that organization.
After this is done, I will invite you.

[StefH]

I sent invite to you for joining the organization.

Can you also tell me your full name ? So I can include this in the csproj/nuget.

As discussed ; can you please create a separate branch for new functionality, then we can review and if it's correct, merge back to master.

[phillee007]

Cool, thanks! My full name is Phil Lee. Will have a go at some of the unit tests for the code I changed next week, plus do some more testing with proxying/record replay. Am thinking adding an option to name files with url (minus nasty chars) + guid when in record mode might be something i could add. Cheers, Phil

…

On 17/06/2017 7:36 PM, "Stef Heyenrath" ***@***.***> wrote: I sent invite to you for joining the organization. Can you also tell me your full name ? So I can include this in the csproj/nuget. As discussed ; can you please create a separate branch for new functionality, then we can review and if it's correct, merge back to master. — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <#32 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AEEFo9Mo3r7ww_ExZZi3nKwg0ayOzAFpks5sE4HqgaJpZM4N2DvN> .