Ejemplo n.º 1
        public static KestrelServerOptions ConfigureSimulatorCertificate(this KestrelServerOptions options)
            var configuration = options.ApplicationServices.GetService <IConfiguration>();

            var certificateFile          = configuration["Kestrel:Certificates:Default:Path"];
            var certificateFileSpecified = !string.IsNullOrWhiteSpace(certificateFile);

            var certificatePassword          = configuration["Kestrel:Certificates:Default:Password"];
            var certificatePasswordSpecified = !string.IsNullOrWhiteSpace(certificatePassword);

            X509Certificate2 certificate = null;

            switch (certificateFileSpecified)
            case true when certificatePasswordSpecified:
                // The certificate file and password was specified.
                certificate = new X509Certificate2(certificateFile, certificatePassword);

            case true when !certificatePasswordSpecified:
                // The certificate file was specified but the password wasn't.
                throw new InvalidOperationException("A certificate with a password is required.");

            options.ConfigureHttpsDefaults(httpsOptions => { httpsOptions.ServerCertificate = certificate; });

Ejemplo n.º 2
        public void Handle(KestrelServerOptions k)
            var appServices = k.ApplicationServices;

            k.ConfigureHttpsDefaults(h =>
                h.ClientCertificateMode = ClientCertificateMode.RequireCertificate;
Ejemplo n.º 3
 private static void ConfigureKerstrel(KestrelServerOptions options)
     options.Limits.MaxRequestBodySize = null;
     if (Settings.Current.GameRuntimeUseHttps)
         options.ConfigureHttpsDefaults(httpsOptions =>
             httpsOptions.ServerCertificateSelector = ServerCertificateSelector;
Ejemplo n.º 4
        private void SetupHttps(string prefix, KestrelServerOptions options)
            if (prefix.StartsWith("https"))
                if (_serverSettings.SslCertificate == null)
                    throw new InvalidOperationException(
                              "Can't use https scheme without server-side SSL certificate specified in server settings.");

                options.ConfigureHttpsDefaults(adapterOptions =>
                                               adapterOptions.ServerCertificate = _serverSettings.SslCertificate);
Ejemplo n.º 5
        public static void ConfigureMutualTLS(
            this KestrelServerOptions options,
            Action <HttpsConnectionAdapterOptions> configureHttpsDefaults = null)
            options.ConfigureHttpsDefaults(connectionOptions =>
                connectionOptions.ClientCertificateMode = ClientCertificateMode.RequireCertificate;
                // Without a custom validator only client certificates signed/issued by (?)
                // are allowed. Interested in how this is done.
                var validator = options.ApplicationServices.GetService <IClientCertificateValidator>();
                if (validator != null)
                    connectionOptions.ClientCertificateValidation = validator.Validate;

Ejemplo n.º 6
        protected WebService()
            Service   = this;
            Directory = "/";
            Pathing   = "/";

            // create the embedded server instance
            var opts = new KestrelServerOptions
                ApplicationServices = this

            if (Certificate != null)
                opts.ConfigureHttpsDefaults(https => https.ServerCertificate = Certificate);

                Inf("cert is set");

            server = new KestrelServer(Options.Create(opts), TransportFactory, Logger);
Ejemplo n.º 7
        public HttpsConnectionMiddleware(RavenServer server, KestrelServerOptions options)
            _server            = server;
            CipherSuitesPolicy = server.Configuration.Security.TlsCipherSuites != null && server.Configuration.Security.TlsCipherSuites.Length > 0
                ? new CipherSuitesPolicy(server.Configuration.Security.TlsCipherSuites)
                : null;

            options.ConfigureHttpsDefaults(o =>
                o.SslProtocols = SslProtocols.Tls13 | SslProtocols.Tls12;
                o.CheckCertificateRevocation  = false;
                o.ClientCertificateMode       = ClientCertificateMode.AllowCertificate;
                o.ClientCertificateValidation = (certificate, chain, sslPolicyErrors) =>
                    if (certificate == null)
                        return(true); // we handle the error from not having certificate higher in the stack

                    var certificate2 = ConvertToX509Certificate2(certificate);
                    if (certificate2 == null)
                        return(false); // we require to be able to convert it in all cases
                    // Here we are explicitly ignoring trust chain issues for client certificates
                    // this is because we don't actually require trust, we just use the certificate
                    // as a way to authenticate. The admin is going to tell us which specific certs
                    // we can trust anyway, so we can ignore such errors.

                    return(sslPolicyErrors == SslPolicyErrors.RemoteCertificateChainErrors ||
                           sslPolicyErrors == SslPolicyErrors.None);
                o.ServerCertificateSelector = (_, __) => _serverCertificate;

                if (CipherSuitesPolicy != null)
                    o.OnAuthenticate = (_, sslServerAuthenticationOptions) => sslServerAuthenticationOptions.CipherSuitesPolicy = CipherSuitesPolicy;