- 
                Notifications
    You must be signed in to change notification settings 
- Fork 1.2k
Containers: insecure registries: allow https (ignore cert errors), and accept config from envvar. #41506
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
          
     Merged
      
        
      
    
  
     Merged
                    Containers: insecure registries: allow https (ignore cert errors), and accept config from envvar. #41506
Changes from all commits
      Commits
    
    
            Show all changes
          
          
            16 commits
          
        
        Select commit
          Hold shift + click to select a range
      
      bb692ed
              
                Containers: insecure registries: allow https (ignore cert errors), an…
              
              
                tmds 70a2773
              
                Add tests.
              
              
                tmds 51b89f8
              
                Fix Windows test issue.
              
              
                tmds d38eddc
              
                Try fix tests on Windows.
              
              
                tmds 750d566
              
                PR feedback.
              
              
                tmds d9a005b
              
                Fix EnsureRegistryLoaded.
              
              
                tmds b21f93b
              
                Update WriteToPrivateBasicRegistry test.
              
              
                tmds b08fbeb
              
                Include HttpRequestError in AuthHandshakeMessageHandler logging.
              
              
                tmds d304ebc
              
                Allow ApplicationException.
              
              
                tmds b457f5e
              
                Move comment.
              
              
                tmds 673ad29
              
                Use the fallback exception filter in the test.
              
              
                tmds 1566152
              
                Refactor test.
              
              
                tmds bbe3057
              
                Add some logging to the fallback handler.
              
              
                tmds 2f1c890
              
                Use the same uri in all logged messages.
              
              
                tmds f77dc12
              
                Merge branch 'main' into insecure_registries
              
              
                baronfel 924929d
              
                Fix test.
              
              
                tmds File filter
Filter by extension
Conversations
          Failed to load comments.   
        
        
          
      Loading
        
  Jump to
        
          Jump to file
        
      
      
          Failed to load files.   
        
        
          
      Loading
        
  Diff view
Diff view
There are no files selected for viewing
  
    
      This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
      Learn more about bidirectional Unicode characters
    
  
  
    
              
  
    
      This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
      Learn more about bidirectional Unicode characters
    
  
  
    
              
        
          
          
            85 changes: 85 additions & 0 deletions
          
          85 
        
  src/Containers/Microsoft.NET.Build.Containers/FallbackToHttpMessageHandler.cs
  
  
      
      
   
        
      
      
    
  
    
      This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
      Learn more about bidirectional Unicode characters
    
  
  
    
              
              | Original file line number | Diff line number | Diff line change | 
|---|---|---|
| @@ -0,0 +1,85 @@ | ||
| // Licensed to the .NET Foundation under one or more agreements. | ||
| // The .NET Foundation licenses this file to you under the MIT license. | ||
|  | ||
| using System.Net; | ||
| using Microsoft.Extensions.Logging; | ||
| using Microsoft.NET.Build.Containers.Resources; | ||
|  | ||
| namespace Microsoft.NET.Build.Containers; | ||
|  | ||
| /// <summary> | ||
| /// A delegating handler that falls back from https to http for a specific hostname. | ||
| /// </summary> | ||
| internal sealed partial class FallbackToHttpMessageHandler : DelegatingHandler | ||
| { | ||
| private readonly string _host; | ||
| private readonly int _port; | ||
| private readonly ILogger _logger; | ||
| private bool _fallbackToHttp; | ||
|  | ||
| public FallbackToHttpMessageHandler(string host, int port, HttpMessageHandler innerHandler, ILogger logger) : base(innerHandler) | ||
| { | ||
| _host = host; | ||
| _port = port; | ||
| _logger = logger; | ||
| } | ||
|  | ||
| protected override async Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken) | ||
| { | ||
| if (request.RequestUri is null) | ||
| { | ||
| throw new ArgumentException(Resource.GetString(nameof(Strings.NoRequestUriSpecified)), nameof(request)); | ||
| } | ||
|  | ||
| bool canFallback = request.RequestUri.Host == _host && request.RequestUri.Port == _port && request.RequestUri.Scheme == "https"; | ||
| do | ||
| { | ||
| try | ||
| { | ||
| if (canFallback && _fallbackToHttp) | ||
| { | ||
| FallbackToHttp(request); | ||
| canFallback = false; | ||
| } | ||
|  | ||
| return await base.SendAsync(request, cancellationToken).ConfigureAwait(false); | ||
| } | ||
| catch (HttpRequestException re) when (canFallback && ShouldAttemptFallbackToHttp(re)) | ||
| { | ||
| string uri = request.RequestUri.ToString(); | ||
| try | ||
| { | ||
| // Try falling back. | ||
| _logger.LogTrace("Attempt to fall back to http for {uri}.", uri); | ||
| FallbackToHttp(request); | ||
| HttpResponseMessage response = await base.SendAsync(request, cancellationToken).ConfigureAwait(false); | ||
|  | ||
| // Fall back was successful. Use http for all new requests. | ||
| _logger.LogTrace("Fall back to http for {uri} was successful.", uri); | ||
| _fallbackToHttp = true; | ||
|  | ||
| return response; | ||
| } | ||
| catch (Exception ex) | ||
| { | ||
| _logger.LogInformation(ex, "Fall back to http for {uri} failed with message \"{message}\".", uri, ex.Message); | ||
| } | ||
|  | ||
| // Falling back didn't work, throw original exception. | ||
| throw; | ||
| } | ||
| } while (true); | ||
| } | ||
|  | ||
| internal static bool ShouldAttemptFallbackToHttp(HttpRequestException exception) | ||
| { | ||
| return exception.HttpRequestError == HttpRequestError.SecureConnectionError; | ||
| } | ||
|  | ||
| private static void FallbackToHttp(HttpRequestMessage request) | ||
| { | ||
| var uriBuilder = new UriBuilder(request.RequestUri!); | ||
| uriBuilder.Scheme = "http"; | ||
| request.RequestUri = uriBuilder.Uri; | ||
| } | ||
|         
                  baronfel marked this conversation as resolved.
              Show resolved
            Hide resolved | ||
| } | ||
  
    
      This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
      Learn more about bidirectional Unicode characters
    
  
  
    
              
  
    
      This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
      Learn more about bidirectional Unicode characters
    
  
  
    
              
  
    
      This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
      Learn more about bidirectional Unicode characters
    
  
  
    
              
  
    
      This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
      Learn more about bidirectional Unicode characters
    
  
  
    
              
  
    
      This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
      Learn more about bidirectional Unicode characters
    
  
  
    
              
  
    
      This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
      Learn more about bidirectional Unicode characters
    
  
  
    
              
      
      Oops, something went wrong.
        
    
  
  Add this suggestion to a batch that can be applied as a single commit.
  This suggestion is invalid because no changes were made to the code.
  Suggestions cannot be applied while the pull request is closed.
  Suggestions cannot be applied while viewing a subset of changes.
  Only one suggestion per line can be applied in a batch.
  Add this suggestion to a batch that can be applied as a single commit.
  Applying suggestions on deleted lines is not supported.
  You must change the existing code in this line in order to create a valid suggestion.
  Outdated suggestions cannot be applied.
  This suggestion has been applied or marked resolved.
  Suggestions cannot be applied from pending reviews.
  Suggestions cannot be applied on multi-line comments.
  Suggestions cannot be applied while the pull request is queued to merge.
  Suggestion cannot be applied right now. Please check back later.
  
    
  
    
Uh oh!
There was an error while loading. Please reload this page.