Emulator : Adds support for flag in connection string to ignore SSL check

Microsoft.Azure.Cosmos/src/CosmosClient.cs

@@ -184,6 +184,9 @@ protected CosmosClient()
         /// </example>
         /// <remarks>
         /// The returned reference doesn't guarantee credentials or connectivity validations because creation doesn't make any network calls.
+        /// With emulator to ignore SSL Certificate please use connectionstring with "DisableServerCertificateValidation" flag. 
+        /// This flag will be overrided for HTTP calls if custom HttpClientFactory is used.
+        /// It is NOT recommended to use this flag in production.
         /// </remarks>
         /// <seealso cref="CosmosClientOptions"/>
         /// <seealso cref="Fluent.CosmosClientBuilder"/>
@@ -195,7 +198,7 @@ public CosmosClient(
             : this(
                   CosmosClientOptions.GetAccountEndpoint(connectionString),
                   CosmosClientOptions.GetAccountKey(connectionString),
-                  clientOptions)
+                  CosmosClientOptions.GetCosmosClientOptionsWithCertificateFlag(connectionString, clientOptions))
         {
         }
 
@@ -495,6 +498,11 @@ public static async Task<CosmosClient> CreateAndInitializeAsync(string accountEn
         /// ]]>
         /// </code>
         /// </example>
+        /// <remarks>
+        /// With emulator to ignore SSL Certificate please use connectionstring with "DisableServerCertificateValidation" flag. 
+        /// This flag will be overrided for HTTP calls if custom HttpClientFactory is used.
+        /// It is NOT recommended to use this flag in production.
+        /// </remarks>
         public static async Task<CosmosClient> CreateAndInitializeAsync(string connectionString,
                                                                         IReadOnlyList<(string databaseId, string containerId)> containers,
                                                                         CosmosClientOptions cosmosClientOptions = null,
@@ -504,6 +512,7 @@ public static async Task<CosmosClient> CreateAndInitializeAsync(string connectio
             {
                 throw new ArgumentNullException(nameof(containers));
             }
+            cosmosClientOptions = CosmosClientOptions.GetCosmosClientOptionsWithCertificateFlag(connectionString, cosmosClientOptions);
 
             CosmosClient cosmosClient = new CosmosClient(connectionString,
                                                          cosmosClientOptions);

Microsoft.Azure.Cosmos/src/CosmosClientOptions.cs

@@ -51,6 +51,7 @@ public class CosmosClientOptions
 
         private const string ConnectionStringAccountEndpoint = "AccountEndpoint";
         private const string ConnectionStringAccountKey = "AccountKey";
+        private const string ConnectionStringDisableServerCertificateValidation = "DisableServerCertificateValidation";
 
         private const ApiType DefaultApiType = ApiType.None;
 
@@ -843,34 +844,62 @@ internal virtual ConnectionPolicy GetConnectionPolicy(int clientId)
             return (Documents.ConsistencyLevel)this.ConsistencyLevel.Value;
         }
 
-        internal static string GetAccountEndpoint(string connectionString)
-        {
-            return CosmosClientOptions.GetValueFromConnectionString(connectionString, CosmosClientOptions.ConnectionStringAccountEndpoint);
-        }
-
-        internal static string GetAccountKey(string connectionString)
-        {
-            return CosmosClientOptions.GetValueFromConnectionString(connectionString, CosmosClientOptions.ConnectionStringAccountKey);
-        }
-
-        private static string GetValueFromConnectionString(string connectionString, string keyName)
-        {
-            if (connectionString == null)
-            {
-                throw new ArgumentNullException(nameof(connectionString));
-            }
-
-            DbConnectionStringBuilder builder = new DbConnectionStringBuilder { ConnectionString = connectionString };
-            if (builder.TryGetValue(keyName, out object value))
-            {
-                string keyNameValue = value as string;
-                if (!string.IsNullOrEmpty(keyNameValue))
-                {
-                    return keyNameValue;
-                }
-            }
-
-            throw new ArgumentException("The connection string is missing a required property: " + keyName);
+        internal static string GetAccountEndpoint(string connectionString)
+        {
+            return CosmosClientOptions.GetValueFromConnectionString<string>(connectionString, CosmosClientOptions.ConnectionStringAccountEndpoint, null);
+        }
+
+        internal static string GetAccountKey(string connectionString)
+        {
+            return CosmosClientOptions.GetValueFromConnectionString<string>(connectionString, CosmosClientOptions.ConnectionStringAccountKey, null);
+        }
+
+        internal static bool IsConnectionStringDisableServerCertificateValidationFlag(string connectionString)
+        {
+            return Convert.ToBoolean(CosmosClientOptions.GetValueFromConnectionString<bool>(connectionString, CosmosClientOptions.ConnectionStringDisableServerCertificateValidation, false));
+        }
+
+        internal static CosmosClientOptions GetCosmosClientOptionsWithCertificateFlag(string connectionString, CosmosClientOptions clientOptions)
+        {
+            clientOptions ??= new CosmosClientOptions();
+            if (CosmosClientOptions.IsConnectionStringDisableServerCertificateValidationFlag(connectionString))
+            {
+                clientOptions.ServerCertificateCustomValidationCallback = (_, _, _) => true;
+            }
+
+            return clientOptions;
+        }
+
+        private static T GetValueFromConnectionString<T>(string connectionString, string keyName, T defaultValue)
+        {
+            if (connectionString == null)
+            {
+                throw new ArgumentNullException(nameof(connectionString));
+            }
+
+            DbConnectionStringBuilder builder = new DbConnectionStringBuilder { ConnectionString = connectionString };
+            if (builder.TryGetValue(keyName, out object value))
+            {
+                string keyNameValue = value as string;
+                if (!string.IsNullOrEmpty(keyNameValue))
+                {
+                    try
+                    {
+                        return (T)Convert.ChangeType(value, typeof(T));
+                    }
+                    catch (InvalidCastException)
+                    {
+                        throw new ArgumentException("The connection string contains invalid property: " + keyName);
+                    }
+                }
+            }
+
+            if (defaultValue != null)
+            {
+                return defaultValue;
+            }
+
+            throw new ArgumentException("The connection string is missing a required property: " + keyName);
         }
 
         private void ValidateLimitToEndpointSettings()

Microsoft.Azure.Cosmos/src/Fluent/CosmosClientBuilder.cs

@@ -124,6 +124,10 @@ public CosmosClientBuilder(
         /// </summary>
         /// <example>"AccountEndpoint=https://mytestcosmosaccount.documents.azure.com:443/;AccountKey={SecretAccountKey};"</example>
         /// <param name="connectionString">The connection string must contain AccountEndpoint and AccountKey or ResourceToken.</param>
+        /// <remarks>With emulator to ignore SSL Certificate please use connectionstring with "DisableServerCertificateValidation" flag.
+        /// This flag will be overrided for HTTP calls if custom HttpClientFactory is used.
+        /// It is NOT recommended to use this flag in production.
+        /// </remarks>
         public CosmosClientBuilder(string connectionString)
         {
             if (connectionString == null)
@@ -133,6 +137,8 @@ public CosmosClientBuilder(string connectionString)
 
             this.accountEndpoint = CosmosClientOptions.GetAccountEndpoint(connectionString);
             this.accountKey = CosmosClientOptions.GetAccountKey(connectionString);
+
+            this.clientOptions = CosmosClientOptions.GetCosmosClientOptionsWithCertificateFlag(connectionString, this.clientOptions);
         }
 
         /// <summary>

Microsoft.Azure.Cosmos/tests/Microsoft.Azure.Cosmos.Tests/CosmosClientOptionsUnitTests.cs

@@ -7,7 +7,6 @@ namespace Microsoft.Azure.Cosmos.Tests
     using System;
     using System.Collections;
     using System.Collections.Generic;
-    using System.Collections.ObjectModel;
     using System.Linq;
     using System.Net;
     using System.Net.Http;
@@ -885,7 +884,24 @@ public void InvalidApplicationNameCatchTest()
                     ApplicationName = illegal
                 });
             }
-        }
+        }
+
+        [TestMethod]
+        [DataRow(ConnectionString, false)]
+        [DataRow(ConnectionString + "DisableServerCertificateValidation=true;", true)]
+        public void TestServerCertificatesValidationCallback(string connStr, bool expectedIgnoreCertificateFlag)
+        {
+            CosmosClient cosmosClient = new CosmosClient(connStr);
+
+            if (expectedIgnoreCertificateFlag)
+            {
+                Assert.IsNotNull(cosmosClient.ClientOptions.ServerCertificateCustomValidationCallback);
+            }
+            else
+            {
+                Assert.IsNull(cosmosClient.ClientOptions.ServerCertificateCustomValidationCallback);
+            }
+        }
 
         private class TestWebProxy : IWebProxy
         {

Microsoft.Azure.Cosmos/tests/Microsoft.Azure.Cosmos.Tests/CosmosClientResourceUnitTests.cs

@@ -176,6 +176,31 @@ public void WithServerCertificateAddedClientOptions_CreateContext_RemoteCertific
 
         }
 
+        [TestMethod]
+        public void WithServerCertificateIgnoreFlagAddedInEndpoint_CreateContext_RemoteCertificateCallbackReturnsTrue()
+        {
+            //Arrange
+            X509Certificate2 x509Certificate2 = new CertificateRequest("cn=www.test", ECDsa.Create(), HashAlgorithmName.SHA256).CreateSelfSigned(DateTime.Now, DateTime.Now.AddYears(1));
+            X509Chain x509Chain = new X509Chain();
+            SslPolicyErrors sslPolicyErrors = new SslPolicyErrors();
+
+            string ConnectionString = "AccountEndpoint=https://localtestcosmos.documents.azure.com:443/;AccountKey=425Mcv8CXQqzRNCgFNjIhT424GK99CKJvASowTnq15Vt8LeahXTcN5wt3342vQ==;";
+            CosmosClient client = new CosmosClient(
+                ConnectionString + "DisableServerCertificateValidation=true;");
+
+            // Assert for HTTP and TCP calls
+            Assert.IsTrue(client.ClientOptions.ServerCertificateCustomValidationCallback(x509Certificate2, x509Chain, sslPolicyErrors));
+
+            //Act
+            CosmosClientContext context = ClientContextCore.Create(
+                    client,
+                    client.ClientOptions);
+
+            //Assert it for TCP calls
+            Assert.IsTrue(context.DocumentClient.remoteCertificateValidationCallback(new object(), x509Certificate2, x509Chain, sslPolicyErrors));
+
+        }
+
         private CosmosClientContext CreateMockClientContext(bool allowBulkExecution = false)
         {
             Mock<CosmosClient> mockClient = new Mock<CosmosClient>();