Skip to content

Commit

Permalink
Add disableTLSCertificateValidation property to nuget.config (#5504)
Browse files Browse the repository at this point in the history
  • Loading branch information
@Nigusu-Allehu
Nigusu-Allehu committed Mar 8, 2024
1 parent 309f2e3 commit ea7fea2
Show file tree
Hide file tree
Showing 13 changed files with 240 additions and 13 deletions.
2 changes: 2 additions & 0 deletions src/NuGet.Clients/NuGet.PackageManagement.VisualStudio/Services/NuGetSourcesService.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -94,6 +94,7 @@ private IReadOnlyList<PackageSource> GetPackageSourcesToUpdate(IReadOnlyList<Pac
&& packageSource.Source.Equals(packageSourceContextInfo.Source, StringComparison.InvariantCulture)
&& packageSource.ProtocolVersion == packageSourceContextInfo.ProtocolVersion
&& packageSource.AllowInsecureConnections == packageSourceContextInfo.AllowInsecureConnections
&& packageSource.DisableTLSCertificateValidation == packageSourceContextInfo.DisableTLSCertificateValidation
&& packageSource.IsEnabled == packageSourceContextInfo.IsEnabled)
{
newPackageSources.Add(packageSource);
Expand All @@ -113,6 +114,7 @@ private IReadOnlyList<PackageSource> GetPackageSourcesToUpdate(IReadOnlyList<Pac
Description = packageSource.Description,
ProtocolVersion = packageSourceContextInfo.ProtocolVersion,
AllowInsecureConnections = packageSourceContextInfo.AllowInsecureConnections,
DisableTLSCertificateValidation = packageSourceContextInfo.DisableTLSCertificateValidation,
MaxHttpRequestsPerSource = packageSource.MaxHttpRequestsPerSource,
};

Expand Down
12 changes: 10 additions & 2 deletions ...et.Clients/NuGet.VisualStudio.Internal.Contracts/ContextInfos/PackageSourceContextInfo.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,11 @@ public PackageSourceContextInfo(string source, string name, bool isEnabled, int
}

public PackageSourceContextInfo(string source, string name, bool isEnabled, int protocolVersion, bool allowInsecureConnections)
: this(source, name, isEnabled, protocolVersion, allowInsecureConnections, disableTLSCertificateValidation: false)
{
}

public PackageSourceContextInfo(string source, string name, bool isEnabled, int protocolVersion, bool allowInsecureConnections, bool disableTLSCertificateValidation)
{
Assumes.NotNullOrEmpty(name);
Assumes.NotNullOrEmpty(source);
Expand All @@ -42,12 +47,14 @@ public PackageSourceContextInfo(string source, string name, bool isEnabled, int
IsEnabled = isEnabled;
ProtocolVersion = protocolVersion;
AllowInsecureConnections = allowInsecureConnections;
DisableTLSCertificateValidation = disableTLSCertificateValidation;

var hash = new HashCodeCombiner();
hash.AddStringIgnoreCase(Name);
hash.AddStringIgnoreCase(Source);
hash.AddObject(ProtocolVersion);
hash.AddObject(AllowInsecureConnections);
hash.AddObject(DisableTLSCertificateValidation);
_hashCode = hash.CombinedHash;
OriginalHashCode = _hashCode;
}
Expand All @@ -56,6 +63,7 @@ public PackageSourceContextInfo(string source, string name, bool isEnabled, int
public string Source { get; set; }
public int ProtocolVersion { get; set; }
public bool AllowInsecureConnections { get; set; }
public bool DisableTLSCertificateValidation { get; set; }
public bool IsMachineWide { get; internal set; }
public bool IsEnabled { get; set; }
public string? Description { get; internal set; }
Expand Down Expand Up @@ -94,7 +102,7 @@ public override int GetHashCode()

public PackageSourceContextInfo Clone()
{
return new PackageSourceContextInfo(Source, Name, IsEnabled, ProtocolVersion, AllowInsecureConnections)
return new PackageSourceContextInfo(Source, Name, IsEnabled, ProtocolVersion, AllowInsecureConnections, DisableTLSCertificateValidation)
{
IsMachineWide = IsMachineWide,
Description = Description,
Expand All @@ -104,7 +112,7 @@ public PackageSourceContextInfo Clone()

public static PackageSourceContextInfo Create(PackageSource packageSource)
{
return new PackageSourceContextInfo(packageSource.Source, packageSource.Name, packageSource.IsEnabled, packageSource.ProtocolVersion, packageSource.AllowInsecureConnections)
return new PackageSourceContextInfo(packageSource.Source, packageSource.Name, packageSource.IsEnabled, packageSource.ProtocolVersion, packageSource.AllowInsecureConnections, packageSource.DisableTLSCertificateValidation)
{
IsMachineWide = packageSource.IsMachineWide,
Description = packageSource.Description,
Expand Down
11 changes: 9 additions & 2 deletions ...nts/NuGet.VisualStudio.Internal.Contracts/Formatters/PackageSourceContextInfoFormatter.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ internal sealed class PackageSourceContextInfoFormatter : NuGetMessagePackFormat
private const string IsEnabledPropertyName = "isenabled";
private const string ProtocolVersionPropertyName = "protocolversion";
private const string AllowInsecureConnectionsPropertyName = "allowInsecureConnections";
private const string DisableTLSCertificateValidationPropertyName = "disableTLSCertificateValidation";
private const string IsMachineWidePropertyName = "ismachinewide";
private const string NamePropertyName = "name";
private const string DescriptionPropertyName = "description";
Expand All @@ -35,6 +36,7 @@ private PackageSourceContextInfoFormatter()
int originalHashCode = 0;
int protocolVersion = PackageSource.DefaultProtocolVersion;
bool allowInsecureConnections = false;
bool disableTLSCertificateValidation = false;

int propertyCount = reader.ReadMapHeader();
for (int propertyIndex = 0; propertyIndex < propertyCount; propertyIndex++)
Expand Down Expand Up @@ -65,6 +67,9 @@ private PackageSourceContextInfoFormatter()
case AllowInsecureConnectionsPropertyName:
allowInsecureConnections = reader.ReadBoolean();
break;
case DisableTLSCertificateValidationPropertyName:
disableTLSCertificateValidation = reader.ReadBoolean();
break;
default:
reader.Skip();
break;
Expand All @@ -74,7 +79,7 @@ private PackageSourceContextInfoFormatter()
Assumes.NotNullOrEmpty(source);
Assumes.NotNullOrEmpty(name);

return new PackageSourceContextInfo(source, name, isEnabled, protocolVersion, allowInsecureConnections)
return new PackageSourceContextInfo(source, name, isEnabled, protocolVersion, allowInsecureConnections, disableTLSCertificateValidation)
{
IsMachineWide = isMachineWide,
Description = description,
Expand All @@ -84,13 +89,15 @@ private PackageSourceContextInfoFormatter()

protected override void SerializeCore(ref MessagePackWriter writer, PackageSourceContextInfo value, MessagePackSerializerOptions options)
{
writer.WriteMapHeader(count: 8);
writer.WriteMapHeader(count: 9);
writer.Write(SourcePropertyName);
writer.Write(value.Source);
writer.Write(ProtocolVersionPropertyName);
writer.Write(value.ProtocolVersion);
writer.Write(AllowInsecureConnectionsPropertyName);
writer.Write(value.AllowInsecureConnections);
writer.Write(DisableTLSCertificateValidationPropertyName);
writer.Write(value.DisableTLSCertificateValidation);
writer.Write(IsEnabledPropertyName);
writer.Write(value.IsEnabled);
writer.Write(IsMachineWidePropertyName);
Expand Down
14 changes: 13 additions & 1 deletion src/NuGet.Core/NuGet.Configuration/PackageSource/PackageSource.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ public class PackageSource : IEquatable<PackageSource>
public const int MaxProtocolVersion = 3;

internal const bool DefaultAllowInsecureConnections = false;
internal const bool DefaultDisableTLSCertificateValidation = false;

private int _hashCode;
private string _source;
Expand Down Expand Up @@ -107,6 +108,11 @@ public string Source
/// </summary>
public bool AllowInsecureConnections { get; set; } = DefaultAllowInsecureConnections;

///<summary>
/// Gets or sets disableTLSCertificateValidation of the source. Defaults to false.
///</summary>
public bool DisableTLSCertificateValidation { get; set; } = DefaultDisableTLSCertificateValidation;

/// <summary>
/// Whether the source is using the HTTP protocol, including HTTPS.
/// </summary>
Expand Down Expand Up @@ -160,11 +166,16 @@ public SourceItem AsSourceItem()
}

string? allowInsecureConnections = null;
string? disableTLSCertificateValidation = null;
if (AllowInsecureConnections != DefaultAllowInsecureConnections)
{
allowInsecureConnections = $"{AllowInsecureConnections}";
}
return new SourceItem(Name, Source, protocolVersion, allowInsecureConnections);
if (DisableTLSCertificateValidation != DefaultDisableTLSCertificateValidation)
{
disableTLSCertificateValidation = $"{DisableTLSCertificateValidation}";
}
return new SourceItem(Name, Source, protocolVersion, allowInsecureConnections, disableTLSCertificateValidation);
}

public bool Equals(PackageSource? other)
Expand Down Expand Up @@ -202,6 +213,7 @@ public PackageSource Clone()
IsMachineWide = IsMachineWide,
ProtocolVersion = ProtocolVersion,
AllowInsecureConnections = AllowInsecureConnections,
DisableTLSCertificateValidation = DisableTLSCertificateValidation,
};
}
}
Expand Down
11 changes: 11 additions & 0 deletions src/NuGet.Core/NuGet.Configuration/PackageSource/PackageSourceProvider.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -244,6 +244,7 @@ internal static PackageSource ReadPackageSource(SourceItem setting, bool isEnabl

packageSource.ProtocolVersion = ReadProtocolVersion(setting);
packageSource.AllowInsecureConnections = ReadAllowInsecureConnections(setting);
packageSource.DisableTLSCertificateValidation = ReadDisableTLSCertificateValidation(setting);

return packageSource;
}
Expand All @@ -258,6 +259,16 @@ private static int ReadProtocolVersion(SourceItem setting)
return PackageSource.DefaultProtocolVersion;
}

private static bool ReadDisableTLSCertificateValidation(SourceItem setting)
{
if (bool.TryParse(setting.DisableTLSCertificateValidation, out var disableTLSCertificateValidation))
{
return disableTLSCertificateValidation;
}

return PackageSource.DefaultDisableTLSCertificateValidation;
}

private static bool ReadAllowInsecureConnections(SourceItem setting)
{
if (bool.TryParse(setting.AllowInsecureConnections, out var allowInsecureConnections))
Expand Down
6 changes: 6 additions & 0 deletions src/NuGet.Core/NuGet.Configuration/PublicAPI.Unshipped.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,3 +16,9 @@ NuGet.Configuration.SettingsGroup<T>.SettingsGroup(string! name, System.Collecti
override NuGet.Configuration.SettingsGroup<T>.ElementName.get -> string!
static NuGet.Configuration.ConfigurationConstants.GetConfigKeys() -> System.Collections.Generic.IReadOnlyList<string!>!
static readonly NuGet.Configuration.ConfigurationConstants.AuditSources -> string!
NuGet.Configuration.PackageSource.DisableTLSCertificateValidation.get -> bool
NuGet.Configuration.PackageSource.DisableTLSCertificateValidation.set -> void
~NuGet.Configuration.SourceItem.DisableTLSCertificateValidation.get -> string
~NuGet.Configuration.SourceItem.DisableTLSCertificateValidation.set -> void
~NuGet.Configuration.SourceItem.SourceItem(string key, string value, string protocolVersion, string allowInsecureConnections, string disableTLSCertificateValidation) -> void
~static readonly NuGet.Configuration.ConfigurationConstants.DisableTLSCertificateValidation -> string
33 changes: 31 additions & 2 deletions src/NuGet.Core/NuGet.Configuration/Settings/Items/SourceItem.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,8 +35,22 @@ public string? AllowInsecureConnections
set => AddOrUpdateAttribute(ConfigurationConstants.AllowInsecureConnections, value);
}

public string DisableTLSCertificateValidation
{
get
{
if (Attributes.TryGetValue(ConfigurationConstants.DisableTLSCertificateValidation, out var attribute))
{
return Settings.ApplyEnvironmentTransform(attribute);
}

return null;
}
set => AddOrUpdateAttribute(ConfigurationConstants.DisableTLSCertificateValidation, value);
}

public SourceItem(string key, string value)
: this(key, value, protocolVersion: "", allowInsecureConnections: "")
: this(key, value, protocolVersion: "", allowInsecureConnections: "", disableTLSCertificateValidation: "")
{
}

Expand All @@ -46,6 +60,17 @@ public SourceItem(string key, string value, string? protocolVersion)
}

public SourceItem(string key, string value, string? protocolVersion, string? allowInsecureConnections)
public SourceItem(string key, string value, string protocolVersion)
: this(key, value, protocolVersion, allowInsecureConnections: "", disableTLSCertificateValidation: "")
{
}

public SourceItem(string key, string value, string protocolVersion, string allowInsecureConnections)
: this(key, value, protocolVersion, allowInsecureConnections, disableTLSCertificateValidation: "")
{
}

public SourceItem(string key, string value, string protocolVersion, string allowInsecureConnections, string disableTLSCertificateValidation)
: base(key, value)
{
if (!string.IsNullOrEmpty(protocolVersion))
Expand All @@ -56,6 +81,10 @@ public SourceItem(string key, string value, string? protocolVersion, string? all
{
AllowInsecureConnections = allowInsecureConnections;
}
if (!string.IsNullOrEmpty(disableTLSCertificateValidation))
{
DisableTLSCertificateValidation = disableTLSCertificateValidation;
}
}

internal SourceItem(XElement element, SettingsFile origin)
Expand All @@ -65,7 +94,7 @@ internal SourceItem(XElement element, SettingsFile origin)

public override SettingBase Clone()
{
var newSetting = new SourceItem(Key, Value, ProtocolVersion, AllowInsecureConnections);
var newSetting = new SourceItem(Key, Value, ProtocolVersion, AllowInsecureConnections, DisableTLSCertificateValidation);

if (Origin != null)
{
Expand Down
2 changes: 2 additions & 0 deletions src/NuGet.Core/NuGet.Configuration/Utility/ConfigurationContants.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,6 +53,8 @@ public static class ConfigurationConstants

public static readonly string DisabledPackageSources = "disabledPackageSources";

public static readonly string DisableTLSCertificateValidation = "disableTLSCertificateValidation";

public static readonly string DoNotShowPackageManagementSelectionKey = "disabled";

public static readonly string Enabled = "enabled";
Expand Down
37 changes: 37 additions & 0 deletions ...ents.Tests/NuGet.PackageManagement.VisualStudio.Test/Services/NuGetSourcesServiceTests.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -168,5 +168,42 @@ public async Task Save_SourceWithDifferentAllowInsecureConnections_SavesNewValue
savedSources[0].ProtocolVersion.Should().Be(3);
savedSources[0].AllowInsecureConnections.Should().Be(true);
}

[Fact]
public async Task Save_SourceWithDifferentDisableTLSCertificateVerification_SavesNewValue()
{
PackageSource packageSource = new(name: "Source-Name", source: "Source-Path")
{
ProtocolVersion = 3,
DisableTLSCertificateValidation = false
};

Mock<IPackageSourceProvider> packageSourceProvider = new();
packageSourceProvider.Setup(psp => psp.LoadPackageSources())
.Returns(new[] { packageSource });

List<PackageSource>? savedSources = null;
packageSourceProvider.Setup(psp => psp.SavePackageSources(It.IsAny<IEnumerable<PackageSource>>()))
.Callback((IEnumerable<PackageSource> newSources) => { savedSources = newSources.ToList(); });

var target = new NuGetSourcesService(options: default,
Mock.Of<IServiceBroker>(),
new AuthorizationServiceClient(Mock.Of<IAuthorizationService>()),
packageSourceProvider.Object);

List<PackageSourceContextInfo> updatedSources = new(1)
{
new PackageSourceContextInfo(packageSource.Source, packageSource.Name, packageSource.IsEnabled, protocolVersion: 3, allowInsecureConnections: false, disableTLSCertificateValidation: true)
};

// Act
await target.SavePackageSourceContextInfosAsync(updatedSources, CancellationToken.None);

// Assert
savedSources.Should().NotBeNull();
savedSources!.Count.Should().Be(1);
savedSources[0].ProtocolVersion.Should().Be(3);
savedSources[0].DisableTLSCertificateValidation.Should().Be(true);
}
}
}
1 change: 1 addition & 0 deletions ...VisualStudio.Internal.Contracts.Test/Formatters/PackageSourceContextInfoFormatterTests.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ public void SerializeThenDeserialize_WithValidArguments_RoundTrips(PackageSource

public static TheoryData TestData => new TheoryData<PackageSourceContextInfo>
{
{ new PackageSourceContextInfo("source", "name", isEnabled: true, protocolVersion: 3, allowInsecureConnections: true, disableTLSCertificateValidation: true) },
{ new PackageSourceContextInfo("source", "name", isEnabled: true, protocolVersion: 3, allowInsecureConnections: true) },
{ new PackageSourceContextInfo("source", "name", isEnabled: true, protocolVersion: 3) },
{ new PackageSourceContextInfo("source", "name", isEnabled: true) },
Expand Down
Loading

0 comments on commit ea7fea2

Please sign in to comment.