Merge pull request #14 from StackExchange/http-ver

Allow control over the protocol version

Author: mgravell

StackExchange.Utils.sln

@@ -1,7 +1,7 @@
 
 Microsoft Visual Studio Solution File, Format Version 12.00
-# Visual Studio 15
-VisualStudioVersion = 15.0.27705.2000
+# Visual Studio Version 16
+VisualStudioVersion = 16.0.30223.230
 MinimumVisualStudioVersion = 10.0.40219.1
 Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "src", "src", "{F0CFAC4D-516B-45DC-8F66-D58E3B1C04E1}"
 	ProjectSection(SolutionItems) = preProject

appveyor.yml

@@ -1,4 +1,4 @@
-image: Visual Studio 2017
+image: Visual Studio 2019
 
 init:
   - git config --global core.autocrlf input
@@ -17,7 +17,6 @@ nuget:
   disable_publish_on_pr: true
 
 build_script:
-  - ps: .\build\dotnet-install.ps1 -Version 2.1.300
   - ps: .\build.ps1 -PullRequestNumber "$env:APPVEYOR_PULL_REQUEST_NUMBER" -CreatePackages $true
 
 test: off

global.json

@@ -1,6 +1,6 @@
 {
   "sdk": {
-    "version": "2.2.100",
+    "version": "3.1.201",
     "rollForward": "latestMajor",
     "allowPrerelease": false
   }

src/StackExchange.Utils.Http/DefaultHttpClientPool.cs

@@ -34,6 +34,11 @@ private HttpClient CreateHttpClient(HttpClientCacheKey options)
             {
                 UseCookies = false
             };
+            var serverCertificateCustomValidationCallback = Settings?.ServerCertificateCustomValidationCallback;
+            if (serverCertificateCustomValidationCallback is object)
+            {
+                handler.ServerCertificateCustomValidationCallback = serverCertificateCustomValidationCallback;
+            }
             if (options.Proxy != null)
             {
                 handler.UseProxy = true;

src/StackExchange.Utils.Http/Extensions.Modifier.cs

@@ -192,5 +192,14 @@ public static IRequestBuilder AddHeaders(this IRequestBuilder builder, IDictiona
             }
             return builder;
         }
+
+        /// <summary>
+        /// Specifies the HTTP version to use for this request
+        /// </summary>
+        public static IRequestBuilder WithProtocolVersion(this IRequestBuilder builder, Version version)
+        {
+            builder.Message.Version = version;
+            return builder;
+        }
     }
 }

src/StackExchange.Utils.Http/Http.cs

@@ -75,7 +75,7 @@ internal static async Task<HttpCallResponse<T>> SendAsync<T>(IRequestBuilder<T>
                     }
                 }
             }
-            catch (TaskCanceledException ex)
+            catch (OperationCanceledException ex)
             {
                 exception = cancellationToken.IsCancellationRequested
                     ? new HttpClientException("HttpClient request cancelled by token request.", builder.Inner.Message.RequestUri, ex)

src/StackExchange.Utils.Http/HttpSettings.cs

@@ -1,6 +1,8 @@
 using System;
 using System.Net;
 using System.Net.Http;
+using System.Net.Security;
+using System.Security.Cryptography.X509Certificates;
 
 namespace StackExchange.Utils
 {
@@ -67,6 +69,11 @@ public class HttpSettings
         /// </summary>
         public Func<IWebProxy> DefaultProxyFactory { get; set; } = null;
 
+        /// <summary>
+        /// Gets or sets a server certificate validator to use.
+        /// </summary>
+        public Func<HttpRequestMessage, X509Certificate2, X509Chain, SslPolicyErrors, bool> ServerCertificateCustomValidationCallback { get; set; }
+
         internal void OnBeforeSend(object sender, IRequestBuilder builder) => BeforeSend?.Invoke(sender, builder);
         internal void OnException(object sender, HttpExceptionArgs args) => Exception?.Invoke(sender, args);
 
@@ -78,5 +85,15 @@ public HttpSettings()
             // Default pool by default
             ClientPool = new DefaultHttpClientPool(this);
         }
+
+        private const string Switch_AllowUnencryptedHttp2 = "System.Net.Http.SocketsHttpHandler.Http2UnencryptedSupport";
+        /// <summary>
+        /// Allows <see cref="HttpClient"/> to use HTTP/2 without TLS; this is an application-wide setting
+        /// </summary>
+        public static bool GlobalAllowUnencryptedHttp2
+        {
+            get => AppContext.TryGetSwitch(Switch_AllowUnencryptedHttp2, out var enabled) && enabled;
+            set => AppContext.SetSwitch(Switch_AllowUnencryptedHttp2, value);
+        }
     }
 }

tests/StackExchange.Utils.Tests/Http2Tests.cs

@@ -0,0 +1,180 @@
+#if KESTREL
+using System;
+using System.Linq;
+using System.Net;
+using System.Net.Http;
+using System.Threading.Tasks;
+using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.Hosting;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Server.Kestrel.Core;
+using Xunit;
+using Xunit.Abstractions;
+
+namespace StackExchange.Utils.Tests
+{
+    public class Http2Tests : IClassFixture<Http2Tests.Http2Server>
+    {
+        private readonly Http2Server _server;
+        private readonly ITestOutputHelper _log;
+        private void Log(string message) => _log.WriteLine(message);
+        public Http2Tests(ITestOutputHelper log, Http2Server server)
+        {
+            _server = server ?? throw new ArgumentNullException(nameof(server));
+            _log = log ?? throw new ArgumentNullException(nameof(log));
+        }
+
+        [Theory]
+        // non-TLS http1: should work (returning 1.1)
+        [InlineData(HttpProtocols.Http1, false, false, null, "1.1", "HTTP/1.1")]
+        [InlineData(HttpProtocols.Http1, false, false, "1.1", "1.1", "HTTP/1.1")]
+        [InlineData(HttpProtocols.Http1, false, false, "2.0", "1.1", "HTTP/1.1")]
+
+        // non-TLS http2 without the global override: should always fail
+        [InlineData(HttpProtocols.Http2, false, false, null, "1.1", "HTTP/1.1", true)]
+        [InlineData(HttpProtocols.Http2, false, false, "1.1", "1.1", "HTTP/1.1", true)]
+        [InlineData(HttpProtocols.Http2, false, false, "2.0", "2.0", "HTTP/2", true)]
+
+        // non-TLS http2 with the global override: should work if we specify http2
+        [InlineData(HttpProtocols.Http2, false, true, null, "1.1", "HTTP/1.1", true)]
+        [InlineData(HttpProtocols.Http2, false, true, "1.1", "1.1", "HTTP/1.1", true)]
+        [InlineData(HttpProtocols.Http2, false, true, "2.0", "2.0", "HTTP/2")]
+
+        // non-TLS http* without the global override: should work, server prefers 1.1
+        [InlineData(HttpProtocols.Http1AndHttp2, false, false, null, "1.1", "HTTP/1.1")]
+        [InlineData(HttpProtocols.Http1AndHttp2, false, false, "1.1", "1.1", "HTTP/1.1")]
+        [InlineData(HttpProtocols.Http1AndHttp2, false, false, "2.0", "1.1", "HTTP/1.1")]
+
+        // non-TLS http* with the global override: should work for 1.1; with 2, client and server argue
+        [InlineData(HttpProtocols.Http1AndHttp2, false, true, null, "1.1", "HTTP/1.1")]
+        [InlineData(HttpProtocols.Http1AndHttp2, false, true, "1.1", "1.1", "HTTP/1.1")]
+        [InlineData(HttpProtocols.Http1AndHttp2, false, true, "2.0", "2.0", "HTTP/2", true)]
+
+        // TLS http1: should always work, but http2 attempt is ignored
+        [InlineData(HttpProtocols.Http1, true, false, null, "1.1", "HTTP/1.1")]
+        [InlineData(HttpProtocols.Http1, true, false, "1.1", "1.1", "HTTP/1.1")]
+        [InlineData(HttpProtocols.Http1, true, false, "2.0", "1.1", "HTTP/1.1")]
+
+        // TLS http2: should work as long as we actually send http2
+        [InlineData(HttpProtocols.Http2, true, false, null, "1.1", "HTTP/1.1", true)]
+        [InlineData(HttpProtocols.Http2, true, false, "1.1", "1.1", "HTTP/1.1", true)]
+        [InlineData(HttpProtocols.Http2, true, false, "2.0", "2.0", "HTTP/2")]
+
+        // TLS http*: should always work
+        [InlineData(HttpProtocols.Http1AndHttp2, true, false, null, "1.1", "HTTP/1.1")]
+        [InlineData(HttpProtocols.Http1AndHttp2, true, false, "1.1", "1.1", "HTTP/1.1")]
+        [InlineData(HttpProtocols.Http1AndHttp2, true, false, "2.0", "2.0", "HTTP/2")]
+        public async Task UsesVersion(HttpProtocols protocols, bool tls, bool allowUnencryptedHttp2, string specified, string expectedVersion, string expectedResponse, bool failure = false)
+        {
+            bool oldMode = HttpSettings.GlobalAllowUnencryptedHttp2;
+            try
+            {
+                HttpSettings.GlobalAllowUnencryptedHttp2 = allowUnencryptedHttp2;
+
+                var uri = _server.GetUri(protocols, tls);
+                Log($"Server is on {uri}; specifying: '{specified}'");
+                var request = Http.Request(uri, new HttpSettings {
+                    ServerCertificateCustomValidationCallback = HttpClientHandler.DangerousAcceptAnyServerCertificateValidator
+                });
+                if (specified is object) request = request.WithProtocolVersion(new Version(specified));
+                HttpCallResponse<string> result;
+                try
+                {
+                    result = await request.ExpectString().GetAsync();
+                }
+                catch(Exception ex)
+                {
+                    if (failure)
+                    {
+                        Log(ex.ToString());
+                        return;
+                    }
+                    else
+                    {
+                        throw;
+                    }
+                }
+
+                Log($"As sent: {result?.RawRequest?.Version}, received: {result?.RawResponse?.Version}");
+
+                if (failure)
+                {
+                    Assert.NotNull(result.Error);
+                    Log(result.Error.ToString());
+                }
+                else
+                {
+                    Assert.Null(result.Error);
+                    Assert.Equal(expectedVersion, result.RawResponse?.Version?.ToString());
+                    Assert.Equal(expectedResponse, result.Data);
+                }
+            }
+            finally
+            {
+                HttpSettings.GlobalAllowUnencryptedHttp2 = oldMode;
+            }
+        }
+
+        public class Http2Server : IDisposable
+        {
+            private readonly IWebHost _host;
+
+            private readonly int[] _ports = Enumerable.Range(10123, 6).ToArray();
+
+            public string GetUri(HttpProtocols protocols, bool tls)
+            {
+                var index = protocols switch
+                {
+                    HttpProtocols.Http1 => tls ? 3 : 0,
+                    HttpProtocols.Http2 => tls ? 4 : 1,
+                    HttpProtocols.Http1AndHttp2 => tls ? 5 : 2,
+                    _ => throw new ArgumentOutOfRangeException(nameof(protocols)),
+                };
+                return $"{(tls ? "https" : "http")}://localhost:{_ports[index]}/";
+            }
+            public Task WaitForShutdownAsync() => _host.WaitForShutdownAsync();
+
+            public Http2Server()
+            {
+                _host = new WebHostBuilder()
+                    .UseKestrel(options => {
+                        options.ListenLocalhost(_ports[0], listenOptions =>
+                        {
+                            listenOptions.Protocols = HttpProtocols.Http1;
+                        });
+                        options.ListenLocalhost(_ports[1], listenOptions =>
+                        {
+                            listenOptions.Protocols = HttpProtocols.Http2;
+                        });
+                        options.ListenLocalhost(_ports[2], listenOptions =>
+                        {
+                            listenOptions.Protocols = HttpProtocols.Http1AndHttp2;
+                        });
+                        options.ListenLocalhost(_ports[3], listenOptions =>
+                        {
+                            listenOptions.Protocols = HttpProtocols.Http1;
+                            listenOptions.UseHttps("certificate.pfx");
+                        });
+                        options.ListenLocalhost(_ports[4], listenOptions =>
+                        {
+                            listenOptions.Protocols = HttpProtocols.Http2;
+                            listenOptions.UseHttps("certificate.pfx");
+                        });
+                        options.ListenLocalhost(_ports[5], listenOptions =>
+                        {
+                            listenOptions.Protocols = HttpProtocols.Http1AndHttp2;
+                            listenOptions.UseHttps("certificate.pfx");
+                        });
+                    })
+                    .Configure(app => {
+                        app.Run(context => context.Response.WriteAsync(context.Request.Protocol));
+                    })
+                    .Build();
+                _ = _host.RunAsync();
+            }
+            void IDisposable.Dispose()
+                => _ = _host.StopAsync();
+        }
+    }
+}
+#endif

tests/StackExchange.Utils.Tests/StackExchange.Utils.Tests.csproj

@@ -1,8 +1,20 @@
 <Project Sdk="Microsoft.NET.Sdk">
   <PropertyGroup>
-    <TargetFramework>netcoreapp2.2</TargetFramework>
+    <TargetFrameworks>netcoreapp2.2;netcoreapp3.1</TargetFrameworks>
   </PropertyGroup>
   <ItemGroup>
     <ProjectReference Include="../../src/StackExchange.Utils.Http/StackExchange.Utils.Http.csproj" />
   </ItemGroup>
+
+  <PropertyGroup Condition="'$(TargetFramework)'=='netcoreapp3.1'">
+    <DefineConstants>$(DefineConstants);KESTREL</DefineConstants>
+  </PropertyGroup>
+  <ItemGroup Condition="'$(TargetFramework)'=='netcoreapp3.1'">
+    <PackageReference Include="Microsoft.AspNetCore.Server.Kestrel" Version="2.2.0" />
+  </ItemGroup>
+  <ItemGroup>
+    <None Update="certificate.pfx">
+      <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
+    </None>
+  </ItemGroup>
 </Project>

tests/StackExchange.Utils.Tests/certificate.pfx

@@ -0,0 +1,9 @@
+generated by:
+
+> openssl req -new -x509 -newkey rsa:2048 -keyout localhost.key -out localhost.cer -days 365 -subj /CN=localhost
+
+pick any key password... perhaps "password", then
+
+> openssl pkcs12 -export -out certificate.pfx -inkey localhost.key -in localhost.cer
+
+put in the same key password - you do *not* need to specify an export password