} // End Sub ListenAnyIP
public static void UseHttps(
System.Collections.Concurrent.ConcurrentDictionary <string, System.Security.Cryptography.X509Certificates.X509Certificate2> certs
, Microsoft.AspNetCore.Server.Kestrel.Https.HttpsConnectionAdapterOptions httpsOptions)
{
System.Security.Cryptography.X509Certificates.X509Certificate2 localhostCert = Microsoft.AspNetCore.Server.Kestrel.Https.CertificateLoader.LoadFromStoreCert(
"localhost", "My", System.Security.Cryptography.X509Certificates.StoreLocation.CurrentUser,
allowInvalid: true);
System.Security.Cryptography.X509Certificates.X509Certificate2 exampleCert = Microsoft.AspNetCore.Server.Kestrel.Https.CertificateLoader.LoadFromStoreCert(
"example.com", "My", System.Security.Cryptography.X509Certificates.StoreLocation.CurrentUser,
allowInvalid: true);
System.Security.Cryptography.X509Certificates.X509Certificate2 subExampleCert = Microsoft.AspNetCore.Server.Kestrel.Https.CertificateLoader.LoadFromStoreCert(
"sub.example.com", "My", System.Security.Cryptography.X509Certificates.StoreLocation.CurrentUser,
allowInvalid: true);
certs["localhost"] = localhostCert;
certs["example.com"] = exampleCert;
certs["sub.example.com"] = subExampleCert;
httpsOptions.ServerCertificateSelector =
delegate(Microsoft.AspNetCore.Connections.ConnectionContext connectionContext, string name)
{
return(ServerCertificateSelector(certs, connectionContext, name));
}
;
} // End Sub UseHttps
public static IWebHost InitializeStartup(string[] args)
{
var defaultlocalStorageLocation =
$"{Environment.GetFolderPath(Environment.SpecialFolder.CommonApplicationData)}{Path.DirectorySeparatorChar}boxinterview{Path.DirectorySeparatorChar}{Constants.RootInstallFolder}";
string logFolderLocation = $"{defaultlocalStorageLocation}{Path.DirectorySeparatorChar}{Constants.LogsFolderName}";
var globalData = new GlobalData
{
Logger = new Logger(logFolderLocation, Constants.LogFileName),
LocalStorageLocation = defaultlocalStorageLocation,
};
DataStore dataStore = new DataStore();
var webHostBuilder = new WebHostBuilder()
.CaptureStartupErrors(true)
.UseKestrel(options =>
{
if (Constants.ListenerProtocolIsHttps)
{
#pragma warning disable CS0162 // Unreachable code detected
options.Listen(System.Net.IPAddress.Any, Convert.ToInt32(Constants.ListenerPort), listenOptions =>
#pragma warning restore CS0162 // Unreachable code detected
{
var httpsConnectionAdapterOptions = new Microsoft.AspNetCore.Server.Kestrel.Https.HttpsConnectionAdapterOptions
{
SslProtocols = System.Security.Authentication.SslProtocols.Tls | System.Security.Authentication.SslProtocols.Tls11 | System.Security.Authentication.SslProtocols.Tls12,
};
//listenOptions.NoDelay = true;
listenOptions.UseHttps(httpsConnectionAdapterOptions);
});
}
})
.ConfigureServices(
services =>
{
services.AddSingleton(globalData);
services.AddSingleton(dataStore);
})
.UseIISIntegration()
.UseStartup <Startup>();
if (!Constants.ListenerProtocolIsHttps)
{
webHostBuilder.UseUrls($"http://+:{Constants.ListenerPort}");
}
globalData.WebHost = webHostBuilder.Build();
return(globalData.WebHost);
}
public static void HttpsDefaults(Microsoft.AspNetCore.Server.Kestrel.Https.HttpsConnectionAdapterOptions listenOptions)
{
listenOptions.OnAuthenticate =
delegate(Microsoft.AspNetCore.Connections.ConnectionContext connectionContext, System.Net.Security.SslServerAuthenticationOptions sslOptions)
{
sslOptions.CipherSuitesPolicy = new System.Net.Security.CipherSuitesPolicy(
new System.Net.Security.TlsCipherSuite[]
{
System.Net.Security.TlsCipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
System.Net.Security.TlsCipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
System.Net.Security.TlsCipherSuite.TLS_CHACHA20_POLY1305_SHA256,
// ...
});
}
; // End OnAuthenticate
}
public static Microsoft.AspNetCore.Server.Kestrel.Core.ListenOptions UseHttps(this Microsoft.AspNetCore.Server.Kestrel.Core.ListenOptions listenOptions, Microsoft.AspNetCore.Server.Kestrel.Https.HttpsConnectionAdapterOptions httpsOptions)
{
throw null;
}
} // End Sub ConfigureEndpointDefaults
public static void HttpsDefaults(
Microsoft.AspNetCore.Server.Kestrel.Https.HttpsConnectionAdapterOptions listenOptions
, System.IO.FileSystemWatcher watcher
)
{
bool isNotWindows = !System.Runtime.InteropServices.RuntimeInformation.IsOSPlatform(System.Runtime.InteropServices.OSPlatform.Windows);
System.Collections.Concurrent.ConcurrentDictionary <string, CertHackStore> certs =
new System.Collections.Concurrent.ConcurrentDictionary <string, CertHackStore>(
System.StringComparer.OrdinalIgnoreCase
);
string cert = SecretManager.GetSecret <string>("ssl_cert");
string key = SecretManager.GetSecret <string>("ssl_key");
certs["localhost"] = CertHackStore.FromPem(cert, key);
// watcher.Filters.Add("localhost.yml");
// watcher.Filters.Add("example.com.yaml");
// watcher.Filters.Add("sub.example.com.yaml");
System.IO.FileSystemEventHandler onChange = delegate(object sender, System.IO.FileSystemEventArgs e)
{
CertificateFileChanged(certs, sender, e);
};
watcher.Changed += new System.IO.FileSystemEventHandler(onChange);
watcher.Created += new System.IO.FileSystemEventHandler(onChange);
watcher.Deleted += new System.IO.FileSystemEventHandler(onChange);
// watcher.Renamed += new System.IO.RenamedEventHandler(OnRenamed);
if (!System.Runtime.InteropServices.RuntimeInformation.IsOSPlatform(System.Runtime.InteropServices.OSPlatform.Windows))
{
watcher.EnableRaisingEvents = true;
}
listenOptions.ServerCertificateSelector =
delegate(Microsoft.AspNetCore.Connections.ConnectionContext connectionContext, string name)
{
return(ServerCertificateSelector(certs, connectionContext, name));
};
#if NO_NGINX_FUCKUP
listenOptions.OnAuthenticate =
delegate(Microsoft.AspNetCore.Connections.ConnectionContext connectionContext, System.Net.Security.SslServerAuthenticationOptions sslOptions)
{
// not supported on Windoze
if (isNotWindows)
{
sslOptions.CipherSuitesPolicy = new System.Net.Security.CipherSuitesPolicy(
new System.Net.Security.TlsCipherSuite[]
{
System.Net.Security.TlsCipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
System.Net.Security.TlsCipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
System.Net.Security.TlsCipherSuite.TLS_CHACHA20_POLY1305_SHA256,
// ...
});
} // End if (!isWindows)
} // End Delegate
; // End OnAuthenticate
#endif
} // End Sub HttpsDefaults
public void Configure(ListenOptions lisOption)
{
lisOption.Protocols = HttpProtocols.Http1AndHttp2;
var services = new ServiceCollection();
var log = new Microsoft.Extensions.Logging.Abstractions.NullLoggerFactory();
services.AddSingleton <ILoggerFactory>(log);
lisOption.KestrelServerOptions.ApplicationServices = services.BuildServiceProvider();
if (port == 443 || forcessl)
{
// use https
Microsoft.AspNetCore.Server.Kestrel.Https.HttpsConnectionAdapterOptions ssloption = new Microsoft.AspNetCore.Server.Kestrel.Https.HttpsConnectionAdapterOptions();
ssloption.ServerCertificateSelector = SelectSsl;
ssloption.ClientCertificateMode = Microsoft.AspNetCore.Server.Kestrel.Https.ClientCertificateMode.NoCertificate;
ssloption.ClientCertificateValidation = (x, y, z) => { return(true); };
ssloption.HandshakeTimeout = new TimeSpan(0, 0, 30);
ssloption.SslProtocols = System.Security.Authentication.SslProtocols.Tls12 | System.Security.Authentication.SslProtocols.Tls11 | System.Security.Authentication.SslProtocols.Tls;
lisOption.UseHttps(ssloption);
}
}
