private static void ConfigureHttps(HttpsConnectionAdapterOptions options) { try { // When we get the certificate from Key Vault as a secret, // it provides the entire PFX file but without the password. // Since PFX is a binary format and a secret is a string, // it is base64 encoded. So we read in the text file and convert // it to the bytes to initialize the X509Certificate2. var certPath = Environment.GetEnvironmentVariable("HTTPS_CERTIFICATE_PATH"); if (!string.IsNullOrEmpty(certPath)) { var certString = System.IO.File.ReadAllText(certPath); var certBytes = Convert.FromBase64String(certString); var httpsCert = new X509Certificate2(certBytes); Console.WriteLine($"HTTPS cert Subject: {httpsCert.Subject}"); Console.WriteLine($"HTTPS cert Thumbprint: {httpsCert.Thumbprint}"); // set the Kestrel HTTPS certificate options.ServerCertificate = httpsCert; } } catch (Exception ex) { Console.Error.WriteLine($"unable to load https cert: {ex}"); throw; } }
/// <summary> /// Apply the SSL Certificate and Port details to the <see cref="IWebHostBuilder"/>. /// </summary> private static void UseKestrel(this IWebHostBuilder webHostBuilder, HostConfig serviceConfig, bool validOnly) { if (webHostBuilder == null) { throw new ArgumentNullException(nameof(webHostBuilder)); } if (serviceConfig == null) { throw new ArgumentNullException(nameof(serviceConfig)); } var sslCertificate = LoadCertificate(serviceConfig.SslCertThumbprint, validOnly); webHostBuilder.UseKestrel(options => { options.Listen(new IPEndPoint(IPAddress.Loopback, serviceConfig.Port), listenOptions => { var httpsConnectionAdapterOptions = new HttpsConnectionAdapterOptions { ClientCertificateMode = ClientCertificateMode.AllowCertificate, SslProtocols = SslProtocols.Tls12, // Tls 1.0 and 1.1 are broken ServerCertificate = sslCertificate, ClientCertificateValidation = (certificate2, chain, sslPolicyErrors) => true }; listenOptions.NoDelay = true; listenOptions.UseHttps(httpsConnectionAdapterOptions).UseConnectionLogging(); }); }); webHostBuilder.UseUrls($"https://*:{serviceConfig.Port}"); }
/// <summary> /// Configure HTTPS certificates dynamically with an implementation of <see cref="IServerCertificateSelector"/>. /// </summary> /// <param name="httpsOptions">The HTTPS configuration</param> /// <param name="certificateSelector">The server certificate selector.</param> /// <returns>The HTTPS configuration</returns> public static HttpsConnectionAdapterOptions UseServerCertificateSelector( this HttpsConnectionAdapterOptions httpsOptions, IServerCertificateSelector certificateSelector) { httpsOptions.ServerCertificateSelector = certificateSelector.Select; return(httpsOptions); }
public IWebHostBuilder CreateKestrelBuilder() { Validate(); var webHostBuilder = new WebHostBuilder() .UseKestrel(kestrel => { kestrel.Limits.MaxRequestBodySize = null; var adapterOptions = new HttpsConnectionAdapterOptions { ClientCertificateMode = ClientCertificateMode.AllowCertificate, ClientCertificateValidation = Authentication.ValidateClientPeerCertificate, ServerCertificateSelector = (c, n) => Authentication.GetCurrentCertificate(), CheckCertificateRevocation = false, }; foreach (var ip in new EndpointNameResolver().ResolveToIPEndPoints(ServerUrl)) { kestrel.Listen(ip, x => x.UseHttps(adapterOptions)); } }) .ConfigureServices(services => { services.AddSingleton(typeof(ICaberMutualAuthentication), Authentication); services.AddSingleton(RequestRouter); services.AddSingleton <ICaberRequestHandler, CaberRequestHandler>(); services.AddTransient <CaberRequestErrorLogger>(); services.AddAuthentication(x => x.DefaultScheme = CaberMutualAuthenticationHandler.SchemeName) .AddScheme <AuthenticationSchemeOptions, CaberMutualAuthenticationHandler>(CaberMutualAuthenticationHandler.SchemeName, CaberMutualAuthenticationHandler.SchemeDescription, o => { }); }) .UseStartup <Startup>(); return(webHostBuilder); }
// Additional configuration is required to successfully run gRPC on macOS. // For instructions on how to configure Kestrel and gRPC clients on macOS, visit https://go.microsoft.com/fwlink/?linkid=2099682 public static IHostBuilder CreateHostBuilder(string[] args) => Host.CreateDefaultBuilder(args) .ConfigureWebHostDefaults(webBuilder => { webBuilder.UseStartup <Startup>(); webBuilder.ConfigureKestrel(kerstrel => { kerstrel.Listen(IPAddress.Any, 5000, o => o.Protocols = HttpProtocols.Http1AndHttp2); kerstrel.Listen(IPAddress.Any, 5001, listenOptions => { var serverPath = AppDomain.CurrentDomain.BaseDirectory + "cert\\server.pfx"; var serverCertificate = new X509Certificate2(serverPath, "123456789"); var httpsConnectionAdapterOptions = new HttpsConnectionAdapterOptions() { ClientCertificateMode = ClientCertificateMode.AllowCertificate, SslProtocols = System.Security.Authentication.SslProtocols.Tls12, //用chain.Build验证客户端证书 ClientCertificateValidation = (cer, chain, error) => { return(chain.Build(cer)); }, ServerCertificate = serverCertificate }; listenOptions.UseHttps(httpsConnectionAdapterOptions); listenOptions.Protocols = HttpProtocols.Http1AndHttp2; }); }); });
/// <summary> /// Configure Kestrel to use HTTPS. /// </summary> /// <param name="listenOptions"> /// The <see cref="ListenOptions"/> to configure. /// </param> /// <param name="httpsOptions"> /// Options to configure HTTPS. /// </param> /// <returns> /// The <see cref="ListenOptions"/>. /// </returns> public static ListenOptions UseHttps(this ListenOptions listenOptions, HttpsConnectionAdapterOptions httpsOptions) { var loggerFactory = listenOptions.KestrelServerOptions.ApplicationServices.GetRequiredService <ILoggerFactory>(); listenOptions.ConnectionAdapters.Add(new HttpsConnectionAdapter(httpsOptions, loggerFactory)); return(listenOptions); }
// Additional configuration is required to successfully run gRPC on macOS. // For instructions on how to configure Kestrel and gRPC clients on macOS, visit https://go.microsoft.com/fwlink/?linkid=2099682 public static IHostBuilder CreateHostBuilder(string[] args) => Host.CreateDefaultBuilder(args) .UseSystemd() .ConfigureWebHostDefaults(webBuilder => { webBuilder.UseStartup <Startup>() .ConfigureKestrel(options => { options.Limits.MinRequestBodyDataRate = null; options.Listen(IPAddress.Any, PORT, listenOptions => { var httpsConnectionAdapterOptions = new HttpsConnectionAdapterOptions() { ClientCertificateMode = ClientCertificateMode.AllowCertificate, SslProtocols = System.Security.Authentication.SslProtocols.Tls, }; listenOptions.UseHttps("grpcServer.pfx", "1511"); listenOptions.Protocols = HttpProtocols.Http1AndHttp2; }); }); }) .ConfigureServices(services => { services.AddHostedService <NodeService>(); });
/// <summary> /// Starts listening at the specified port. /// </summary> public void Start() { Startup.Listener = this; m_host = new WebHostBuilder(); #if NETSTANDARD2_0 HttpsConnectionAdapterOptions httpsOptions = new HttpsConnectionAdapterOptions(); httpsOptions.CheckCertificateRevocation = false; httpsOptions.ClientCertificateMode = ClientCertificateMode.NoCertificate; httpsOptions.ServerCertificate = m_serverCert; httpsOptions.SslProtocols = SslProtocols.Tls | SslProtocols.Tls11 | SslProtocols.Tls12; m_host.UseKestrel(options => { options.Listen(IPAddress.Any, m_uri.Port, listenOptions => { listenOptions.NoDelay = true; listenOptions.UseHttps(httpsOptions); }); }); #else HttpsConnectionFilterOptions httpsOptions = new HttpsConnectionFilterOptions(); httpsOptions.CheckCertificateRevocation = false; httpsOptions.ClientCertificateMode = ClientCertificateMode.NoCertificate; httpsOptions.ServerCertificate = m_serverCert; httpsOptions.SslProtocols = SslProtocols.Tls | SslProtocols.Tls11 | SslProtocols.Tls12; m_host.UseKestrel(options => { options.NoDelay = true; options.UseHttps(httpsOptions); }); #endif m_host.UseContentRoot(Directory.GetCurrentDirectory()); m_host.UseStartup <Startup>(); m_host.Start(Utils.ReplaceLocalhost(m_uri.ToString())); }
/// <summary> /// Starts listening at the specified port. /// </summary> public void Start() { Startup.Listener = this; m_hostBuilder = new WebHostBuilder(); HttpsConnectionAdapterOptions httpsOptions = new HttpsConnectionAdapterOptions(); httpsOptions.CheckCertificateRevocation = false; httpsOptions.ClientCertificateMode = ClientCertificateMode.NoCertificate; httpsOptions.ServerCertificate = m_serverCert; // note: although security tools recommend 'None' here, // it only works on .NET 4.6.2 if Tls12 is used #if NET462 httpsOptions.SslProtocols = SslProtocols.Tls12; #else httpsOptions.SslProtocols = SslProtocols.None; #endif m_hostBuilder.UseKestrel(options => { options.ListenAnyIP(m_uri.Port, listenOptions => { listenOptions.UseHttps(httpsOptions); }); }); m_hostBuilder.UseContentRoot(Directory.GetCurrentDirectory()); m_hostBuilder.UseStartup <Startup>(); m_host = m_hostBuilder.Start(Utils.ReplaceLocalhost(m_uri.ToString())); }
/// <summary> /// Configured LettuceEncrypt on this HTTPS endpoint for Kestrel. /// </summary> /// <param name="httpsOptions">Kestrel's HTTPS configuration</param> /// <param name="applicationServices"></param> /// <returns>The original HTTPS options with some required settings added to it.</returns> /// <exception cref="InvalidOperationException"> /// Raised if <see cref="LettuceEncryptServiceCollectionExtensions.AddLettuceEncrypt(Microsoft.Extensions.DependencyInjection.IServiceCollection)"/> /// has not been used to add required services to the application service provider /// </exception> public static HttpsConnectionAdapterOptions UseLettuceEncrypt( this HttpsConnectionAdapterOptions httpsOptions, IServiceProvider applicationServices) { var selector = applicationServices.GetService <IServerCertificateSelector>(); if (selector is null) { throw new InvalidOperationException(MissingServicesMessage); } #if NETCOREAPP3_0 var tlsResponder = applicationServices.GetService <TlsAlpnChallengeResponder>(); if (tlsResponder is null) { throw new InvalidOperationException(MissingServicesMessage); } return(httpsOptions.UseLettuceEncrypt(selector, tlsResponder)); #elif NETSTANDARD2_0 return(httpsOptions.UseServerCertificateSelector(selector)); #else #error Update TFMs #endif }
public HttpsConnectionAdapter(HttpsConnectionAdapterOptions options, ILoggerFactory loggerFactory) { if (options == null) { throw new ArgumentNullException(nameof(options)); } // This configuration will always fail per-request, preemptively fail it here. See HttpConnection.SelectProtocol(). if (options.HttpProtocols == HttpProtocols.Http2 && RuntimeInformation.IsOSPlatform(OSPlatform.OSX)) { throw new NotSupportedException(CoreStrings.HTTP2NoTlsOsx); } // capture the certificate now so it can't be switched after validation _serverCertificate = options.ServerCertificate; _serverCertificateSelector = options.ServerCertificateSelector; if (_serverCertificate == null && _serverCertificateSelector == null) { throw new ArgumentException(CoreStrings.ServerCertificateRequired, nameof(options)); } // If a selector is provided then ignore the cert, it may be a default cert. if (_serverCertificateSelector != null) { // SslStream doesn't allow both. _serverCertificate = null; } else { EnsureCertificateIsAllowedForServerAuth(_serverCertificate); } _options = options; _logger = loggerFactory?.CreateLogger <HttpsConnectionAdapter>() ?? (ILogger)NullLogger.Instance; }
public HttpsConnectionAdapter(HttpsConnectionAdapterOptions options, ILoggerFactory loggerFactory) { if (options == null) { throw new ArgumentNullException(nameof(options)); } // capture the certificate now so it can't be switched after validation _serverCertificate = options.ServerCertificate; _serverCertificateSelector = options.ServerCertificateSelector; if (_serverCertificate == null && _serverCertificateSelector == null) { throw new ArgumentException(CoreStrings.ServerCertificateRequired, nameof(options)); } // If a selector is provided then ignore the cert, it may be a default cert. if (_serverCertificateSelector != null) { // SslStream doesn't allow both. _serverCertificate = null; } else { EnsureCertificateIsAllowedForServerAuth(_serverCertificate); } _options = options; _logger = loggerFactory?.CreateLogger(nameof(HttpsConnectionAdapter)); }
public HttpsConnectionMiddleware(ConnectionDelegate next, HttpsConnectionAdapterOptions options, ILoggerFactory loggerFactory) { if (options == null) { throw new ArgumentNullException(nameof(options)); } if (options.ServerCertificate == null && options.ServerCertificateSelector == null) { throw new ArgumentException(CoreStrings.ServerCertificateRequired, nameof(options)); } _next = next; _handshakeTimeout = options.HandshakeTimeout; _logger = loggerFactory.CreateLogger <HttpsConnectionMiddleware>(); // Something similar to the following could allow us to remove more duplicate logic, but we need https://github.com/dotnet/runtime/issues/40402 to be fixed first. //var sniOptionsSelector = new SniOptionsSelector("", new Dictionary<string, SniConfig> { { "*", new SniConfig() } }, new NoopCertificateConfigLoader(), options, options.HttpProtocols, _logger); //_httpsOptionsCallback = SniOptionsSelector.OptionsCallback; //_httpsOptionsCallbackState = sniOptionsSelector; //_sslStreamFactory = s => new SslStream(s); _options = options; _options.HttpProtocols = ValidateAndNormalizeHttpProtocols(_options.HttpProtocols, _logger); // capture the certificate now so it can't be switched after validation _serverCertificate = options.ServerCertificate; _serverCertificateSelector = options.ServerCertificateSelector; // If a selector is provided then ignore the cert, it may be a default cert. if (_serverCertificateSelector != null) { // SslStream doesn't allow both. _serverCertificate = null; } else { Debug.Assert(_serverCertificate != null); EnsureCertificateIsAllowedForServerAuth(_serverCertificate); var certificate = _serverCertificate; if (!certificate.HasPrivateKey) { // SslStream historically has logic to deal with certificate missing private keys. // By resolving the SslStreamCertificateContext eagerly, we circumvent this logic so // try to resolve the certificate from the store if there's no private key in the cert. certificate = LocateCertificateWithPrivateKey(certificate); } // This might be do blocking IO but it'll resolve the certificate chain up front before any connections are // made to the server _serverCertificateContext = SslStreamCertificateContext.Create(certificate, additionalCertificates: null); } var remoteCertificateValidationCallback = _options.ClientCertificateMode == ClientCertificateMode.NoCertificate ? (RemoteCertificateValidationCallback?)null : RemoteCertificateValidationCallback; _sslStreamFactory = s => new SslStream(s, leaveInnerStreamOpen: false, userCertificateValidationCallback: remoteCertificateValidationCallback); }
public static IWebHost BuildWebHost(string[] args) => WebHost.CreateDefaultBuilder(args) .UseStartup <Startup>() .UseKestrel(options => { options.Listen(new IPEndPoint(IPAddress.Any, 44347), listenOptions => { HttpsConnectionAdapterOptions adapterOptions = new HttpsConnectionAdapterOptions() { ClientCertificateMode = ClientCertificateMode.AllowCertificate, SslProtocols = SslProtocols.Tls, ServerCertificate = Startup.GetMachineCertificate(), }; listenOptions.UseHttps(adapterOptions); }); options.Listen(new IPEndPoint(IPAddress.Any, 44348), listenOptions => { HttpsConnectionAdapterOptions adapterOptions = new HttpsConnectionAdapterOptions() { ClientCertificateMode = ClientCertificateMode.NoCertificate, SslProtocols = SslProtocols.Tls, ServerCertificate = Startup.GetMachineCertificate(), }; listenOptions.UseHttps(adapterOptions); }); }) .UseIISIntegration() .UseStartup <Startup>() .Build();
public static void Main(string[] args) { var host = new WebHostBuilder() .UseContentRoot(Directory.GetCurrentDirectory()) .UseStartup <Startup>() .UseKestrel(options => { options.Limits.MaxRequestBodySize = 1 * 1024 * 1024 * 1024; // 1GB var configuration = Startup._kestrelConfiguration; if (configuration != null) { options.Listen(IPAddress.Any, configuration.HttpsListenPort, listenOptions => { var httpsOptions = new HttpsConnectionAdapterOptions(); httpsOptions.ServerCertificate = new X509Certificate2( configuration.ServerCertificatePath, configuration.ServerCertificatePassword); httpsOptions.ClientCertificateMode = ClientCertificateMode.RequireCertificate; httpsOptions.ClientCertificateValidation = (cert, chain, errors) => { // 检查客户端证书 // return cert.Equals(clientCertificate); return(chain.Build(cert)); }; httpsOptions.SslProtocols = SslProtocols.Tls; listenOptions.UseHttps(httpsOptions); }); } }) .UseIISIntegration() .Build(); host.Run(); }
private async Task StartServiceRequiringClientCertificate() { try { _serviceHostRequiringClientCertificate = WebHost.CreateDefaultBuilder() .UseKestrel(o => { var adapterOptions = new HttpsConnectionAdapterOptions { ClientCertificateMode = ClientCertificateMode.RequireCertificate, SslProtocols = SslProtocols.Tls12, ServerCertificate = new X509Certificate2(Convert.FromBase64String(ServerCertificate), ServerCertificatePassword), ClientCertificateValidation = (cert, chain, p) => string.Equals(cert.Thumbprint, ClientCertificateThumbprint, StringComparison.OrdinalIgnoreCase) }; o.Listen(IPAddress.Any, ServiceRequiringClientCertificatePort, l => l.UseHttps(adapterOptions)); }) .UseStartup <Startup>() .Build(); await _serviceHostRequiringClientCertificate.StartAsync(); } catch (Exception e) { TestContext.WriteLine(e); } }
public static IWebHostBuilder CreateWebHostBuilder(string[] args) => WebHost.CreateDefaultBuilder(args) .UseKestrel(options => { options.Listen(IPAddress.Any, 80); options.Listen(IPAddress.Any, 443, listenOptions => { var signingCertificate = new X509Certificate2("server.pfx", "111111"); var httpsConnectionAdapterOptions = new HttpsConnectionAdapterOptions() { ClientCertificateMode = ClientCertificateMode.RequireCertificate, //AllowCertificate, SslProtocols = System.Security.Authentication.SslProtocols.Tls12, //验证客户器证书是否正规 ClientCertificateValidation = (cer, chain, error) => { var res = chain.Build(cer); Console.WriteLine($"********* 验证客户端证书 chain.Build={res}"); return(res); }, ServerCertificate = signingCertificate }; listenOptions.UseHttps(httpsConnectionAdapterOptions); }); }) .UseStartup <Startup>();
public static void Configure(IWebHostBuilder webBuilder, IConfiguration configuration) { var httpProtocol = configuration["devonfw:Kestrel:HttpProtocol"]; var sslProtocol = configuration["devonfw:Kestrel:SslProtocol"]; _ = int.TryParse(configuration["devonfw:Kestrel:ApplicationPort"], out int applicationPort); _ = bool.TryParse(configuration["devonfw:Kestrel:UseHttps"], out bool useHttps); webBuilder.UseKestrel(options => { options.AddServerHeader = false; options.Listen(IPAddress.Any, applicationPort, listenOptions => { listenOptions.Protocols = ProtocolOperations.GetHttProtocol(httpProtocol); SetupCommonProperties(configuration, options); if (!useHttps) { return; } var httpsOptions = new HttpsConnectionAdapterOptions(); SetupHttpsProperties(configuration, sslProtocol, httpsOptions); listenOptions.UseHttps(httpsOptions); }); }); }
public static IWebHost BuildWebHost() => WebHost.CreateDefaultBuilder() .UseKestrel( options => { #if DEBUG options.Listen(IPAddress.Loopback, 5000); backendServerPort = 5000; #else // Get free TCP port and write it to STDOUT where the Electron frontend can catch it. backendServerPort = FindFreeTcpPort(); options.Listen(IPAddress.Loopback, backendServerPort, listenOptions => { var httpsOptions = new HttpsConnectionAdapterOptions { ServerCertificate = CertificateGenerator .GenerateCertificate( $"CN={DigestUtils.GetDigestFromAssembly(typeof(Program).Assembly).ToLowerInvariant()}") }; listenOptions.UseHttps(httpsOptions); }); #endif }) .UseStartup <Startup>() .Build();
public void FallsBackToHttpsConnectionAdapterServerCertificateSelectorOverServerCertificate() { var sniDictionary = new Dictionary <string, SniConfig> { { "www.example.org", new SniConfig() } }; var selectorCertificate = _x509Certificate2; var fallbackOptions = new HttpsConnectionAdapterOptions { ServerCertificate = new X509Certificate2(Array.Empty <byte>()), ServerCertificateSelector = (context, serverName) => selectorCertificate }; var sniOptionsSelector = new SniOptionsSelector( "TestEndpointName", sniDictionary, new MockCertificateConfigLoader(), fallbackOptions, fallbackHttpProtocols: HttpProtocols.Http1AndHttp2, logger: Mock.Of <ILogger <HttpsConnectionMiddleware> >()); var(options, _) = sniOptionsSelector.GetOptions(new MockConnectionContext(), "www.example.org"); Assert.Same(selectorCertificate, options.ServerCertificate); }
internal EndpointConfiguration(bool isHttps, ListenOptions listenOptions, HttpsConnectionAdapterOptions httpsOptions, IConfigurationSection configSection) { IsHttps = isHttps; ListenOptions = listenOptions ?? throw new ArgumentNullException(nameof(listenOptions)); HttpsOptions = httpsOptions ?? throw new ArgumentNullException(nameof(httpsOptions)); ConfigSection = configSection ?? throw new ArgumentNullException(nameof(configSection)); }
public static void Main(string[] args) { var whb = WebHost.CreateDefaultBuilder(args); var environment = whb.GetSetting("environment"); var subjectName = GetCertificateSubjectNameBasedOnEnvironment(environment); var certificate = GetServiceCertificate(subjectName); var host = whb.UseStartup <Startup>() .UseKestrel(options => { options.Listen(new IPEndPoint(IPAddress.Loopback, 4430), listenOptions => { var httpsConnectionAdapterOptions = new HttpsConnectionAdapterOptions() { ClientCertificateMode = ClientCertificateMode.AllowCertificate, SslProtocols = System.Security.Authentication.SslProtocols.Tls, ServerCertificate = certificate }; listenOptions.UseHttps(httpsConnectionAdapterOptions); }); }) .Build(); host.Run(); }
private static X509Certificate2 GetCertificateFromOptions(ListenOptions listenOption) { X509Certificate2 cert = null; FieldInfo middlewareProp = typeof(ListenOptions).GetField("_middleware", BindingFlags.Instance | BindingFlags.NonPublic); List <Func <ConnectionDelegate, ConnectionDelegate> > middleware = (List <Func <ConnectionDelegate, ConnectionDelegate> >)middlewareProp.GetValue(listenOption); if (middleware == null) { return(cert); } foreach (var mid in middleware) { var target = mid.Target; // a generated type FieldInfo httpsOptionsProp = target.GetType().GetField("httpsOptions", BindingFlags.Instance | BindingFlags.Public); if (httpsOptionsProp == null) { continue; } HttpsConnectionAdapterOptions httpsOptions = httpsOptionsProp.GetValue(target) as HttpsConnectionAdapterOptions; if (httpsOptions == null) { continue; } cert = httpsOptions.ServerCertificate; } return(cert); }
public void Load() { if (Options.ConfigurationLoader == null) { // The loader has already been run. return; } Options.ConfigurationLoader = null; var configReader = new ConfigurationReader(Configuration); LoadDefaultCert(configReader); foreach (var endpoint in configReader.Endpoints) { var listenOptions = AddressBinder.ParseAddress(endpoint.Url, out var https); Options.ApplyEndpointDefaults(listenOptions); // Compare to UseHttps(httpsOptions => { }) var httpsOptions = new HttpsConnectionAdapterOptions(); if (https) { // Defaults Options.ApplyHttpsDefaults(httpsOptions); // Specified httpsOptions.ServerCertificate = LoadCertificate(endpoint.Certificate, endpoint.Name) ?? httpsOptions.ServerCertificate; // Fallback Options.ApplyDefaultCert(httpsOptions); } if (EndpointConfigurations.TryGetValue(endpoint.Name, out var configureEndpoint)) { var endpointConfig = new EndpointConfiguration(https, listenOptions, httpsOptions, endpoint.ConfigSection); configureEndpoint(endpointConfig); } // EndpointDefaults or configureEndpoint may have added an https adapter. if (https && !listenOptions.ConnectionAdapters.Any(f => f.IsHttps)) { if (httpsOptions.ServerCertificate == null && httpsOptions.ServerCertificateSelector == null) { throw new InvalidOperationException(CoreStrings.NoCertSpecifiedNoDevelopmentCertificateFound); } listenOptions.UseHttps(httpsOptions); } Options.ListenOptions.Add(listenOptions); } foreach (var action in EndpointsToAdd) { action(); } }
public void HttpsExtensionConnectionAdapterTestInvalidOptions_Fails() { var options = new HttpsConnectionAdapterOptions() { ServerCertificate = null }; Assert.Throws <ArgumentNullException>(() => new HttpsExtensionConnectionAdapter(options)); }
public void HttpsExtensionConnectionAdapterTestValidCertWithEkuClient_Fails() { var(cert, key) = TestCertificateHelper.GenerateClientert("eku client auth", DateTime.Now.Subtract(TimeSpan.FromDays(2)), DateTime.Now.AddYears(1)); var options = new HttpsConnectionAdapterOptions() { ServerCertificate = cert }; Assert.Throws <InvalidOperationException>(() => new HttpsExtensionConnectionAdapter(options)); }
public void HttpsExtensionConnectionAdapterTestValidCertWithEkuServer_Succeeds() { var(cert, key) = TestCertificateHelper.GenerateServerCert("eku server auth", DateTime.Now.Subtract(TimeSpan.FromDays(2)), DateTime.Now.AddYears(1)); var options = new HttpsConnectionAdapterOptions() { ServerCertificate = cert }; Assert.NotNull(new HttpsExtensionConnectionAdapter(options)); }
public void HttpsExtensionConnectionAdapterTestValidCertWithNoEku_Succeeds() { var cert = TestCertificateHelper.GenerateSelfSignedCert("no eku"); var options = new HttpsConnectionAdapterOptions() { ServerCertificate = cert }; Assert.NotNull(new HttpsExtensionConnectionAdapter(options)); }
public static ListenOptions UseLetsEncrypt(this ListenOptions options) { _ = LoadCertificate("peoplemeter.ru", "*****@*****.**"); var httpsOptions = new HttpsConnectionAdapterOptions { ServerCertificateSelector = ServerCertificateSelector }; return(options.UseHttps(httpsOptions)); }
public void Http2ThrowsOnIncompatibleWindowsVersions() { var httpConnectionAdapterOptions = new HttpsConnectionAdapterOptions { ServerCertificate = _x509Certificate2, HttpProtocols = HttpProtocols.Http2 }; Assert.Throws <NotSupportedException>(() => new HttpsConnectionMiddleware(context => Task.CompletedTask, httpConnectionAdapterOptions)); }