Remove hacky WebSocket connection factory. (kubernetes-client#171)

Replace it with the new (officially-supported) ClientWebSocket
SSL functionality in .NET Core 2.1.

kubernetes-client#130

Author: tintoy

src/KubernetesClient/CoreFX.cs

@@ -269,7 +269,7 @@ public partial class Kubernetes
 
             if (webSocketSubProtocol != null)
             {
-                webSocketBuilder.Options.RequestedSubProtocols.Add(webSocketSubProtocol);
+                webSocketBuilder.Options.AddSubProtocol(webSocketSubProtocol);
             }
 #endif // NETCOREAPP2_1
 

src/KubernetesClient/Kubernetes.WebSocket.cs

@@ -1,5 +1,3 @@
-#if !NETCOREAPP2_1
-
 using System;
 using System.Net.WebSockets;
 using System.Security.Cryptography.X509Certificates;
@@ -23,6 +21,8 @@ public WebSocketBuilder()
         {
         }
 
+        public ClientWebSocketOptions Options => WebSocket.Options;
+
         public virtual WebSocketBuilder SetRequestHeader(string headerName, string headerValue)
         {
             this.WebSocket.Options.SetRequestHeader(headerName, headerValue);
@@ -35,12 +35,31 @@ public virtual WebSocketBuilder AddClientCertificate(X509Certificate2 certificat
             return this;
         }
 
+#if NETCOREAPP2_1
+
+        public WebSocketBuilder ExpectServerCertificate(X509Certificate2 serverCertificate)
+        {
+            Options.RemoteCertificateValidationCallback = (sender, certificate, chain, sslPolicyErrors) =>
+            {
+                return Kubernetes.CertificateValidationCallBack(sender, serverCertificate, certificate, chain, sslPolicyErrors);
+            };
+
+            return this;
+        }
+
+        public WebSocketBuilder SkipServerCertificateValidation()
+        {
+            Options.RemoteCertificateValidationCallback = (sender, certificate, chain, sslPolicyErrors) => true;
+
+            return this;
+        }
+
+#endif // NETCOREAPP2_1
+
         public virtual async Task<WebSocket> BuildAndConnectAsync(Uri uri, CancellationToken cancellationToken)
         {
             await this.WebSocket.ConnectAsync(uri, cancellationToken).ConfigureAwait(false);
             return this.WebSocket;
         }
     }
 }
-
-#endif // !NETCOREAPP2_1

src/KubernetesClient/WebSocketBuilder.NetCoreApp2.1.cs

@@ -3,7 +3,7 @@
 using System.Linq;
 using System.Net;
 using System.Net.Http.Headers;
-using System.Security.Cryptography;
+using System.Security.Cryptography;
 using System.Security.Cryptography.X509Certificates;
 using System.Text;
 using System.Threading.Tasks;
@@ -12,21 +12,21 @@
 using Microsoft.AspNetCore.Hosting;
 using Microsoft.AspNetCore.Server.Kestrel.Https;
 using Microsoft.Rest;
-using Org.BouncyCastle.Crypto.Parameters;
-using Org.BouncyCastle.Pkcs;
-using Org.BouncyCastle.Security;
+using Org.BouncyCastle.Crypto.Parameters;
+using Org.BouncyCastle.Pkcs;
+using Org.BouncyCastle.Security;
 using Xunit;
 using Xunit.Abstractions;
 
 namespace k8s.Tests
 {
     public class AuthTests
-    {
-        private readonly ITestOutputHelper testOutput;
-
-        public AuthTests(ITestOutputHelper testOutput)
-        {
-            this.testOutput = testOutput;
+    {
+        private readonly ITestOutputHelper testOutput;
+
+        public AuthTests(ITestOutputHelper testOutput)
+        {
+            this.testOutput = testOutput;
         }
 
         private static HttpOperationResponse<V1PodList> ExecuteListPods(IKubernetes client)
@@ -164,21 +164,23 @@ public void BasicAuth()
                     Assert.Equal(HttpStatusCode.Unauthorized, listTask.Response.StatusCode);
                 }
             }
-        }
-
+        }
+
+#if NETCOREAPP2_1 // The functionality under test, here, is dependent on managed HTTP / WebSocket functionality in .NET Core 2.1 or newer.
+
         [Fact]
         public void Cert()
         {
             var serverCertificateData = File.ReadAllText("assets/apiserver-pfx-data.txt");
 
             var clientCertificateKeyData = File.ReadAllText("assets/client-key-data.txt");
             var clientCertificateData = File.ReadAllText("assets/client-certificate-data.txt");
-
-            X509Certificate2 serverCertificate = null;
-            using (MemoryStream serverCertificateStream = new MemoryStream(Convert.FromBase64String(serverCertificateData)))
-            {
-                serverCertificate = OpenCertificateStore(serverCertificateStream);
-            }
+
+            X509Certificate2 serverCertificate = null;
+            using (MemoryStream serverCertificateStream = new MemoryStream(Convert.FromBase64String(serverCertificateData)))
+            {
+                serverCertificate = OpenCertificateStore(serverCertificateStream);
+            }
 
             var clientCertificate = new X509Certificate2(Convert.FromBase64String(clientCertificateData), "");
 
@@ -259,7 +261,9 @@ public void Cert()
                     Assert.False(clientCertificateValidationCalled);
                 }
             }
-        }
+        }
+
+#endif // NETCOREAPP2_1
 
         [Fact]
         public void Token()
@@ -330,27 +334,27 @@ public void Token()
                     Assert.Equal(HttpStatusCode.Unauthorized, listTask.Response.StatusCode);
                 }
             }
-        }
-
-        private X509Certificate2 OpenCertificateStore(Stream stream)
-        {
-            Pkcs12Store store = new Pkcs12Store();
-            store.Load(stream, new char[] { });
-
-            var keyAlias = store.Aliases.Cast<string>().SingleOrDefault(a => store.IsKeyEntry(a));
-
-            var key = (RsaPrivateCrtKeyParameters)store.GetKey(keyAlias).Key;
-            var bouncyCertificate = store.GetCertificate(keyAlias).Certificate;
-
-            var certificate = new X509Certificate2(DotNetUtilities.ToX509Certificate(bouncyCertificate));
-            var parameters = DotNetUtilities.ToRSAParameters(key);
-
-            RSACryptoServiceProvider rsa = new RSACryptoServiceProvider();
-            rsa.ImportParameters(parameters);
-
-            certificate = RSACertificateExtensions.CopyWithPrivateKey(certificate, rsa);
-
-            return certificate;
+        }
+
+        private X509Certificate2 OpenCertificateStore(Stream stream)
+        {
+            Pkcs12Store store = new Pkcs12Store();
+            store.Load(stream, new char[] { });
+
+            var keyAlias = store.Aliases.Cast<string>().SingleOrDefault(a => store.IsKeyEntry(a));
+
+            var key = (RsaPrivateCrtKeyParameters)store.GetKey(keyAlias).Key;
+            var bouncyCertificate = store.GetCertificate(keyAlias).Certificate;
+
+            var certificate = new X509Certificate2(DotNetUtilities.ToX509Certificate(bouncyCertificate));
+            var parameters = DotNetUtilities.ToRSAParameters(key);
+
+            RSACryptoServiceProvider rsa = new RSACryptoServiceProvider();
+            rsa.ImportParameters(parameters);
+
+            certificate = RSACertificateExtensions.CopyWithPrivateKey(certificate, rsa);
+
+            return certificate;
         }
     }
 }

src/KubernetesClient/WebSocketBuilder.cs

@@ -2,7 +2,7 @@
   <PropertyGroup>
     <IsPackable>false</IsPackable>
     <RootNamespace>k8s.tests</RootNamespace>
-    <TargetFrameworks>netcoreapp2.0;netcoreapp2.1</TargetFrameworks>
+    <TargetFrameworks>netcoreapp2.1;netcoreapp2.0</TargetFrameworks>
   </PropertyGroup>
 
   <ItemGroup>