From 94b95c1fb43b349fcee1b0898860a86ce9b9d5f8 Mon Sep 17 00:00:00 2001
From: Robert Dailey <rcdailey@gmail.com>
Date: Mon, 3 Jan 2022 11:15:36 -0600
Subject: [PATCH] feat: Add setting to bypass SSL certificate validation

Useful in cases where Sonarr or Radarr use HTTPS with a self-signed
certificate. Normally communication with such an instance would fail
since Trash Updater, by default, validates with certificate authorities.

This new setting allows you to disable certificate validation when
communicating with Sonarr or Radarr, avoiding the need to add a
self-signed certificate to your certification store. Use at your own
risk.

Fixes #20.
---
 CHANGELOG.md                                      |  3 +++
 src/Common/Common.csproj                          |  1 +
 .../Networking/UntrustedCertClientFactory.cs      | 15 +++++++++++++++
 src/Trash/Command/ServiceCommand.cs               |  3 +++
 src/TrashLib/Config/Settings/SettingsValues.cs    |  1 +
 wiki/Settings-Reference.md                        | 12 ++++++++++++
 6 files changed, 35 insertions(+)
 create mode 100644 src/Common/Networking/UntrustedCertClientFactory.cs

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 69dc8f4c..87b545c5 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -14,8 +14,11 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
   documentation][setref] for more information.
 - Trash git repository URL can be overridden in settings.
 - Schema added for `settings.yml`.
+- Add setting to bypass HTTPS certificate validation (useful for self-signed certificates used with
+  Sonarr and Radarr instances) ([#20]).
 
 [setref]: https://github.com/rcdailey/trash-updater/wiki/Settings-Reference
+[#20]: https://github.com/rcdailey/trash-updater/issues/20
 
 ### Fixed
 
diff --git a/src/Common/Common.csproj b/src/Common/Common.csproj
index 25cebc40..f64ab181 100644
--- a/src/Common/Common.csproj
+++ b/src/Common/Common.csproj
@@ -2,6 +2,7 @@
   <ItemGroup>
     <PackageReference Include="Autofac" />
     <PackageReference Include="FluentValidation" />
+    <PackageReference Include="Flurl.Http" />
     <PackageReference Include="Newtonsoft.Json" />
     <PackageReference Include="Serilog" />
     <PackageReference Include="System.Reactive" />
diff --git a/src/Common/Networking/UntrustedCertClientFactory.cs b/src/Common/Networking/UntrustedCertClientFactory.cs
new file mode 100644
index 00000000..cfea8235
--- /dev/null
+++ b/src/Common/Networking/UntrustedCertClientFactory.cs
@@ -0,0 +1,15 @@
+using System.Net.Http;
+using Flurl.Http.Configuration;
+
+namespace Common.Networking;
+
+public class UntrustedCertClientFactory : DefaultHttpClientFactory
+{
+    public override HttpMessageHandler CreateMessageHandler()
+    {
+        return new HttpClientHandler
+        {
+            ServerCertificateCustomValidationCallback = (_, _, _, _) => true
+        };
+    }
+}
diff --git a/src/Trash/Command/ServiceCommand.cs b/src/Trash/Command/ServiceCommand.cs
index fea39d6d..53f3a529 100644
--- a/src/Trash/Command/ServiceCommand.cs
+++ b/src/Trash/Command/ServiceCommand.cs
@@ -5,6 +5,7 @@ using CliFx;
 using CliFx.Attributes;
 using CliFx.Exceptions;
 using CliFx.Infrastructure;
+using Common.Networking;
 using Flurl.Http;
 using Flurl.Http.Configuration;
 using JetBrains.Annotations;
@@ -120,6 +121,8 @@ public abstract class ServiceCommand : ICommand, IServiceCommand
 
             settings.JsonSerializer = new NewtonsoftJsonSerializer(jsonSettings);
             FlurlLogging.SetupLogging(settings, _log);
+
+            settings.HttpClientFactory = new UntrustedCertClientFactory();
         });
     }
 
diff --git a/src/TrashLib/Config/Settings/SettingsValues.cs b/src/TrashLib/Config/Settings/SettingsValues.cs
index 7f1bef5d..66dab0c0 100644
--- a/src/TrashLib/Config/Settings/SettingsValues.cs
+++ b/src/TrashLib/Config/Settings/SettingsValues.cs
@@ -8,4 +8,5 @@ public record TrashRepository
 public record SettingsValues
 {
     public TrashRepository Repository { get; init; } = new();
+    public bool EnableSslCertificateValidation { get; init; } = true;
 }
diff --git a/wiki/Settings-Reference.md b/wiki/Settings-Reference.md
index 926dfd2f..9fddf0a8 100644
--- a/wiki/Settings-Reference.md
+++ b/wiki/Settings-Reference.md
@@ -38,6 +38,18 @@ Table of Contents
 
 - [Repository Settings](#repository-settings)
 
+## Global Settings
+
+```yml
+enable_ssl_certificate_validation: true
+```
+
+- `enable_ssl_certificate_validation`<br>
+  If set to `false`, SSL certificates are not validated. This is useful if you are connecting to a
+  Sonarr or Radarr instance using `https` and it is set up with self-signed certificates. Note that
+  disabling this setting is a **security risk** and should be avoided unless you are absolutely sure
+  what you are doing.
+
 ## Repository Settings
 
 ```yml