Allow for modifying HttpClientHandler on .NET Core

gmarz · gmarz · commit 93eda58e19d0 · 2016-08-15T12:48:47.000-04:00
Closes #2198
diff --git a/src/Elasticsearch.Net/Connection/HttpConnection-CoreFx.cs b/src/Elasticsearch.Net/Connection/HttpConnection-CoreFx.cs
@@ -6,6 +6,8 @@
 using System.Net;
 using System.Net.Http;
 using System.Net.Http.Headers;
+using System.Net.Security;
+using System.Security.Cryptography.X509Certificates;
 using System.Text;
 using System.Threading.Tasks;
 using static System.Net.DecompressionMethods;
@@ -43,22 +45,7 @@ private HttpClient GetClient(RequestData requestData)
 			{
 				if (this._clients.TryGetValue(hashCode, out client)) return client;
 
-				var handler = new HttpClientHandler
-				{
-					AutomaticDecompression = requestData.HttpCompression ? GZip | Deflate : None
-				};
-
-				if (!requestData.ProxyAddress.IsNullOrEmpty())
-				{
-					var uri = new Uri(requestData.ProxyAddress);
-					var proxy = new WebProxy(uri);
-					var credentials = new NetworkCredential(requestData.ProxyUsername, requestData.ProxyPassword);
-					proxy.Credentials = credentials;
-					handler.Proxy = proxy;
-				}
-
-				if (requestData.DisableAutomaticProxyDetection)
-					handler.Proxy = null;
+				var handler = CreateHttpClientHandler(requestData);
 
 				client = new HttpClient(handler, false)
 				{
@@ -67,8 +54,6 @@ private HttpClient GetClient(RequestData requestData)
 
 				client.DefaultRequestHeaders.ExpectContinue = false;
 
-				//TODO add headers
-				//client.DefaultRequestHeaders =
 				this._clients.TryAdd(hashCode, client);
 				return client;
 			}
@@ -119,6 +104,28 @@ public virtual async Task<ElasticsearchResponse<TReturn>> RequestAsync<TReturn>(
 			return await builder.ToResponseAsync().ConfigureAwait(false);
 		}
 
+		protected virtual HttpClientHandler CreateHttpClientHandler(RequestData requestData)
+		{
+			var handler = new HttpClientHandler
+			{
+				AutomaticDecompression = requestData.HttpCompression ? GZip | Deflate : None
+			};
+
+			if (!requestData.ProxyAddress.IsNullOrEmpty())
+			{
+				var uri = new Uri(requestData.ProxyAddress);
+				var proxy = new WebProxy(uri);
+				var credentials = new NetworkCredential(requestData.ProxyUsername, requestData.ProxyPassword);
+				proxy.Credentials = credentials;
+				handler.Proxy = proxy;
+			}
+
+			if (requestData.DisableAutomaticProxyDetection)
+				handler.Proxy = null;
+
+			return handler;
+		}
+
 		protected virtual HttpRequestMessage CreateHttpRequestMessage(RequestData requestData)
 		{
 			var request = this.CreateRequestMessage(requestData);
diff --git a/src/Tests/ClientConcepts/LowLevel/Connecting.doc.cs b/src/Tests/ClientConcepts/LowLevel/Connecting.doc.cs
@@ -11,6 +11,7 @@
 using Tests.Framework;
 using Tests.Framework.MockData;
 using Xunit;
+using System.Net.Http;
 
 namespace Tests.ClientConcepts.LowLevel
 {
@@ -248,25 +249,42 @@ public void ConfiguringSSL()
 			/**
 			 * [[configuring-ssl]]
 			 * === Configuring SSL
-			 * SSL must be configured outside of the client using .NET's
-			 * http://msdn.microsoft.com/en-us/library/system.net.servicepointmanager%28v=vs.110%29.aspx[ServicePointManager]
-			 * class and setting the http://msdn.microsoft.com/en-us/library/system.net.servicepointmanager.servercertificatevalidationcallback.aspx[ServerCertificateValidationCallback]
-			 * property.
+			 * SSL can be configured via the `ServerCertificateValidationCallback` property on either `ServerPointManager` or `HttpClientHandler`
+			 * depending on which version of the .NET framework is in use.
+			 *
+			 * On the full .NET Framework, this must be done outside of the client using .NET's built-in
+			 * http://msdn.microsoft.com/en-us/library/system.net.servicepointmanager%28v=vs.110%29.aspx[ServicePointManager] class:
 			 *
-			 * The bare minimum to make .NET accept self-signed SSL certs that are not in the Windows CA store would be to have the callback simply return `true`:
 			 */
 
 #if !DOTNETCORE
 			ServicePointManager.ServerCertificateValidationCallback += (sender, cert, chain, errors) => true;
 #endif
 			/**
+			 * The bare minimum to make .NET accept self-signed SSL certs that are not in the Windows CA store would be to have the callback simply return `true`.
+			 *
 			 * However, this will accept **all** requests from the AppDomain to untrusted SSL sites,
 			 * therefore **we recommend doing some minimal introspection on the passed in certificate.**
-			 *
-			 * IMPORTANT: Using `ServicePointManager` does not work on **Core CLR** as the request does not go through `ServicePointManager`; please file an {github}/issues[issue] if you need support for certificate validation on Core CLR.
 			 */
 		}
 
+		/*
+		 * If running on Core CLR, then a custom connection type must be created by deriving from `HttpConnection` and
+		 * overriding the `CreateHttpClientHandler` method in order to set the `ServerCertificateCustomValidationCallback` property:
+		*/
+
+#if DOTNETCORE
+		public class SecureHttpConnection : HttpConnection
+		{
+			protected override HttpClientHandler CreateHttpClientHandler(RequestData requestData)
+			{
+				var handler = base.CreateHttpClientHandler(requestData);
+				handler.ServerCertificateCustomValidationCallback = (sender, cert, chain, errors) => true;
+				return handler;
+			}
+		}
+#endif
+
 		/**=== Overriding default Json.NET behavior
 		*
 		* Overriding the default Json.NET behaviour in NEST is an expert behavior but if you need to get to the nitty gritty, this can be really useful.
