Skip to content

Commit

Permalink
fix: NET462 requires TLS for GRPC to work
Browse files Browse the repository at this point in the history
Signed-off-by: Eliot Eikenberry <[email protected]>
  • Loading branch information
Eliot Eikenberry committed Aug 4, 2023
1 parent 33045cb commit 1808371
Showing 1 changed file with 32 additions and 10 deletions.
42 changes: 32 additions & 10 deletions src/OpenFeature.Contrib.Providers.Flagd/FlagdProvider.cs
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@
using System.Linq;
using System.Threading.Tasks;
using System.Security.Cryptography.X509Certificates;
using System.Net.Security;

using Google.Protobuf.WellKnownTypes;
using Grpc.Core;
Expand Down Expand Up @@ -332,7 +333,7 @@ private async Task HandleEvents()
{
while (_eventStreamRetries < _config.MaxEventStreamRetries)
{
var call = _client.EventStream(new Empty());
var call = _client.EventStream(new EventStreamRequest());
try
{
// Read the response stream asynchronously
Expand Down Expand Up @@ -533,36 +534,57 @@ private static Value ConvertToPrimitiveValue(ProtoValue value)
}
}



private Service.ServiceClient BuildClientForPlatform(Uri url)
{
var useUnixSocket = url.ToString().StartsWith("unix://");

if (!useUnixSocket)
{
#if NET462
#if NET462_OR_GREATER
var handler = new WinHttpHandler();
#else
var handler = new HttpClientHandler();
#endif
if (_config.UseCertificate)
{
#if NET5_0_OR_GREATER
if (File.Exists(_config.CertificatePath)) {
if (File.Exists(_config.CertificatePath))
{
X509Certificate2 certificate = new X509Certificate2(_config.CertificatePath);
#if NET5_0_OR_GREATER
handler.ServerCertificateCustomValidationCallback = (message, cert, chain, _) => {
// the the custom cert to the chain, Build returns a bool if valid.
chain.ChainPolicy.TrustMode = X509ChainTrustMode.CustomRootTrust;
chain.ChainPolicy.CustomTrustStore.Add(certificate);
return chain.Build(cert);
};
} else {
throw new ArgumentException("Specified certificate cannot be found.");
}
#elif NET462_OR_GREATER
handler.ServerCertificateValidationCallback = (message, cert, chain, errors) => {
if ((errors & SslPolicyErrors.None) > 0) { return true; }
chain.ChainPolicy.VerificationFlags = X509VerificationFlags.AllowUnknownCertificateAuthority;
chain.ChainPolicy.ExtraStore.Add(certificate);
var isChainValid = chain.Build(cert);
if (!isChainValid) { return false; }
var isValid = chain.ChainElements
.Cast<X509ChainElement>()
.Any(x => x.Certificate.RawData.SequenceEqual(certificate.GetRawCertData()));
return isValid;
};
#else
// Pre-NET5.0 APIs for custom CA validation are cumbersome.
// Looking for additional contributions here.
throw new ArgumentException("Custom certificate authorities not supported on this platform.");
throw new ArgumentException("Custom Certificates are not supported on your platform");
#endif
}
else
{
throw new ArgumentException("Specified certificate cannot be found.");
}
}
return new Service.ServiceClient(GrpcChannel.ForAddress(url, new GrpcChannelOptions
{
Expand Down

0 comments on commit 1808371

Please sign in to comment.