internal static void CreateAndRunWebHostForService(IConfigurationRoot configuration)
{
ApplyCommonConfiguration(configuration, new EventLogLoggerProvider(LogLevel.Warning, Resources.Text_ServiceName));
_loggerFactory
.AddDebug()
.AddConsole(LogLevel.Trace)
.AddProvider(new FileLoggerProvider(_startupOptions.Name, _loggingOptions.LogFolder));
// Add service event logs in addition to file logs.
_loggerFactory.AddProvider(new EventLogLoggerProvider(LogLevel.Warning, Resources.Text_ServiceName));
_logger = GetLogger(_loggerFactory, _startupOptions.Name);
var tlsConfig = new TlsConfiguration(_logger, _securityOptions);
var httpsOptions = tlsConfig.GetHttpsOptions(Configuration);
Uri uri = GetServerUri(Configuration);
try {
CreateWebHost(httpsOptions).Run(CancellationToken);
} catch (AggregateException ex) when(ex.IsPortInUseException())
{
_logger.LogError(0, ex.InnerException, Resources.Error_ConfiguredPortNotAvailable, uri?.Port);
Exit((int)BrokerExitCodes.PortInUse, null);
}
}
public override MSI.IMonoTlsContext CreateTlsContext(
string hostname, bool serverMode, MSI.TlsProtocols protocolFlags,
SSCX.X509Certificate serverCertificate, PSSCX.X509CertificateCollection clientCertificates,
bool remoteCertRequired, MSI.MonoEncryptionPolicy encryptionPolicy,
MSI.MonoTlsSettings settings)
{
TlsConfiguration config;
if (serverMode)
{
var cert = (PSSCX.X509Certificate2)serverCertificate;
var monoCert = new MX.X509Certificate(cert.RawData);
config = new TlsConfiguration((TlsProtocols)protocolFlags, (MSI.MonoTlsSettings)settings, monoCert, cert.PrivateKey);
if (remoteCertRequired)
{
config.AskForClientCertificate = true;
}
}
else
{
config = new TlsConfiguration((TlsProtocols)protocolFlags, (MSI.MonoTlsSettings)settings, hostname);
}
return(new TlsContextWrapper(config, serverMode));
}
public static void Main(string[] args)
{
var configBuilder = new ConfigurationBuilder().AddCommandLine(args);
Configuration = configBuilder.Build();
string configFile = Configuration["config"];
if (configFile != null)
{
configBuilder.AddJsonFile(configFile, optional: false);
Configuration = configBuilder.Build();
}
ConfigurationBinder.Bind(Configuration.GetSection("startup"), _startupOptions);
ConfigurationBinder.Bind(Configuration.GetSection("security"), _securityOptions);
_loggerFactory
.AddDebug()
.AddConsole(LogLevel.Trace)
.AddProvider(new FileLoggerProvider(_startupOptions.Name));
_logger = _loggerFactory.CreateLogger <Program>();
if (_startupOptions.Name != null)
{
_logger.LogInformation(Resources.Info_BrokerName, _startupOptions.Name);
}
var tlsConfig = new TlsConfiguration(_logger, _securityOptions);
var httpsOptions = tlsConfig.GetHttpsOptions(Configuration);
CreateWebHost(httpsOptions).Run();
}
internal static void CreateAndRunWebHostForService()
{
var tlsConfig = new TlsConfiguration(_logger, _securityOptions);
var httpsOptions = tlsConfig.GetHttpsOptions(Configuration);
Uri uri = GetServerUri(Configuration);
try {
CreateWebHost(httpsOptions).Run();
} catch (AggregateException ex) when(ex.IsPortInUseException())
{
_logger.LogError(0, ex.InnerException, Resources.Error_ConfiguredPortNotAvailable, uri?.Port);
}
}
/// <summary>
/// Creates the session and saves references to the passed objects.
/// </summary>
/// <param name="stream">The socket stream.</param>
/// <param name="address">The IP address of the remote end point.</param>
/// <param name="tlsConfiguration">The SSL/TLS configuration object.</param>
/// <param name="protocolConfigurations">A Dictionary of ProtocolConfiguration
/// objects keyed by each protocol's unique identifier.</param>
/// <param name="logger">The Logger.</param>
/// <param name="userData">An optional Object the user can pass through to each protocol.</param>
public Session(
Stream stream,
string address,
TlsConfiguration tlsConfiguration,
Dictionary <ushort, ProtocolConfiguration> protocolConfigurations,
Logger logger,
object userData = null)
: base(protocolConfigurations, logger, userData)
{
this.stream = stream;
this.Address = address;
this.TlsConfiguration = tlsConfiguration;
Id = SessionId.NextId;
}
public Session(
StreamSocket streamSocket,
string address,
TlsConfiguration tlsConfiguration,
Dictionary <ushort, ProtocolConfiguration> protocolConfigurations,
Logger logger,
object userData = null)
: base(protocolConfigurations, logger, userData)
{
this.streamSocket = streamSocket;
this.iS = streamSocket.InputStream.AsStreamForRead();
this.oS = streamSocket.OutputStream.AsStreamForWrite();
this.Address = address;
this.TlsConfiguration = tlsConfiguration;
Id = SessionId.NextId;
}
private static X509Certificate2 RetrieveTlsCertificate(TlsConfiguration configuration)
{
if (configuration.ClientCertificateInformation is ClientCertificateReference clientCertRef)
{
return(Registry.Instance.CertificateRepository.GetCertificate(
clientCertRef.ClientCertificateFindType,
clientCertRef.ClientCertificateFindValue));
}
if (configuration.ClientCertificateInformation is PrivateKeyCertificate embeddedCertInfo)
{
return(new X509Certificate2(
rawData: Convert.FromBase64String(embeddedCertInfo.Certificate),
password: embeddedCertInfo.Password,
keyStorageFlags: X509KeyStorageFlags.Exportable));
}
return(null);
}
private HttpsConnectionAdapterOptions ConfigureHttps()
{
var securityOptions = Configuration.GetSecuritySection().Get <SecurityOptions>();
var logger = LoggerFactory.CreateLogger <TlsConfiguration>();
var tlsConfig = new TlsConfiguration(logger, securityOptions);
var httpsOptions = tlsConfig.GetHttpsOptions();
if (httpsOptions == null)
{
logger.LogCritical(Resources.Critical_NoTlsCertificate, securityOptions.X509CertificateName);
if (!IsService)
{
Environment.Exit((int)BrokerExitCodes.NoCertificate);
}
}
return(httpsOptions);
}
private static X509Certificate2 RetrieveClientCertificate(TlsConfiguration tlsConfig)
{
if (tlsConfig == null ||
tlsConfig.IsEnabled == false ||
tlsConfig.ClientCertificateInformation == null)
{
return(null);
}
Logger.Trace("Adding Client TLS Certificate to HTTP Request");
X509Certificate2 certificate = RetrieveTlsCertificate(tlsConfig);
if (certificate == null)
{
throw new NotSupportedException(
"The TLS certificate information specified in the PMode could not be used to retrieve the certificate");
}
return(certificate);
}
public override IMonoTlsContext CreateTlsContext(
string hostname, bool serverMode, TlsProtocols protocolFlags,
SSCX.X509Certificate serverCertificate, PSSCX.X509CertificateCollection clientCertificates,
bool remoteCertRequired, bool checkCertName, bool checkCertRevocationStatus,
MonoEncryptionPolicy encryptionPolicy,
MonoRemoteCertificateValidationCallback userCertificateValidationCallback,
MonoLocalCertificateSelectionCallback userCertificateSelectionCallback,
MonoTlsSettings settings)
{
TlsConfiguration config;
if (serverMode)
{
var cert = (PSSCX.X509Certificate2)serverCertificate;
var monoCert = new MX.X509Certificate(cert.RawData);
config = new TlsConfiguration((TlsProtocols)protocolFlags, (TlsSettings)settings, monoCert, cert.PrivateKey);
}
else
{
config = new TlsConfiguration((TlsProtocols)protocolFlags, (TlsSettings)settings, hostname);
#if FIXME
if (certSelectionDelegate != null)
{
config.Client.LocalCertSelectionCallback = (t, l, r, a) => certSelectionDelegate(t, l, r, a);
}
#endif
if (userCertificateValidationCallback != null)
{
config.RemoteCertValidationCallback = (h, c, ch, p) => {
var ssc = new SSCX.X509Certificate(c.RawData);
return(userCertificateValidationCallback(h, ssc, null, (MonoSslPolicyErrors)p));
};
}
}
return(new TlsContextWrapper(config));
}
public TlsContextWrapper(TlsConfiguration config)
{
this.config = config;
}
public TlsContextWrapper(TlsConfiguration config, bool serverMode)
{
this.config = config;
this.serverMode = serverMode;
}
