internal void UpdateOptions(ServerOptionsSelectionCallback optionCallback, object?state)
{
CheckCertName = false;
TargetHost = string.Empty;
IsServer = true;
UserState = state;
ServerOptionDelegate = optionCallback;
}
/// <summary>
/// Configure Kestrel to use HTTPS. This does not use default certificates or other defaults specified via config or
/// <see cref="KestrelServerOptions.ConfigureHttpsDefaults(Action{HttpsConnectionAdapterOptions})"/>.
/// </summary>
/// <param name="listenOptions">The <see cref="ListenOptions"/> to configure.</param>
/// <param name="serverOptionsSelectionCallback">Callback to configure HTTPS options.</param>
/// <param name="state">State for the <paramref name="serverOptionsSelectionCallback"/>.</param>
/// <param name="handshakeTimeout">Specifies the maximum amount of time allowed for the TLS/SSL handshake. This must be positive and finite.</param>
/// <returns>The <see cref="ListenOptions"/>.</returns>
public static ListenOptions UseHttps(this ListenOptions listenOptions, ServerOptionsSelectionCallback serverOptionsSelectionCallback, object state, TimeSpan handshakeTimeout)
{
return(listenOptions.UseHttps(new TlsHandshakeCallbackOptions()
{
OnConnection = context => serverOptionsSelectionCallback(context.SslStream, context.ClientHelloInfo, context.State, context.CancellationToken),
HandshakeTimeout = handshakeTimeout,
OnConnectionState = state,
}));
}
internal SslAuthenticationOptions(ServerOptionsSelectionCallback optionCallback, object?state, RemoteCertificateValidationCallback?remoteCallback)
{
CheckCertName = false;
TargetHost = string.Empty;
IsServer = true;
UserState = state;
ServerOptionDelegate = optionCallback;
CertValidationDelegate = remoteCallback;
}
/// <summary>
/// Configure Kestrel to use HTTPS. This does not use default certificates or other defaults specified via config or
/// <see cref="KestrelServerOptions.ConfigureHttpsDefaults(Action{HttpsConnectionAdapterOptions})"/>.
/// </summary>
/// <param name="listenOptions">The <see cref="ListenOptions"/> to configure.</param>
/// <param name="serverOptionsSelectionCallback">Callback to configure HTTPS options.</param>
/// <param name="state">State for the <paramref name="serverOptionsSelectionCallback"/>.</param>
/// <param name="handshakeTimeout">Specifies the maximum amount of time allowed for the TLS/SSL handshake. This must be positive and finite.</param>
/// <returns>The <see cref="ListenOptions"/>.</returns>
public static ListenOptions UseHttps(this ListenOptions listenOptions, ServerOptionsSelectionCallback serverOptionsSelectionCallback, object state, TimeSpan handshakeTimeout)
{
// HttpsOptionsCallback is an internal delegate that is just the ServerOptionsSelectionCallback + a ConnectionContext parameter.
// Given that ConnectionContext will eventually be replaced by System.Net.Connections, it doesn't make much sense to make the HttpsOptionsCallback delegate public.
HttpsOptionsCallback adaptedCallback = (connection, stream, clientHelloInfo, state, cancellationToken) =>
serverOptionsSelectionCallback(stream, clientHelloInfo, state, cancellationToken);
return(listenOptions.UseHttps(adaptedCallback, state, handshakeTimeout));
}
/// <summary>
/// Configure Kestrel to use HTTPS. This does not use default certificates or other defaults specified via config or
/// <see cref="KestrelServerOptions.ConfigureHttpsDefaults(Action{HttpsConnectionAdapterOptions})"/>.
/// </summary>
/// <param name="listenOptions">The <see cref="ListenOptions"/> to configure.</param>
/// <param name="serverOptionsSelectionCallback">Callback to configure HTTPS options.</param>
/// <param name="state">State for the <paramref name="serverOptionsSelectionCallback"/>.</param>
/// <param name="handshakeTimeout">Specifies the maximum amount of time allowed for the TLS/SSL handshake. This must be positive and finite.</param>
/// <returns>The <see cref="ListenOptions"/>.</returns>
public static ListenOptions UseHttps(this ListenOptions listenOptions, ServerOptionsSelectionCallback serverOptionsSelectionCallback, object state, TimeSpan handshakeTimeout)
{
if (listenOptions.Protocols.HasFlag(HttpProtocols.Http3))
{
throw new NotSupportedException($"{nameof(UseHttps)} with {nameof(ServerOptionsSelectionCallback)} is not supported with HTTP/3.");
}
return(listenOptions.UseHttps(new TlsHandshakeCallbackOptions()
{
OnConnection = context => serverOptionsSelectionCallback(context.SslStream, context.ClientHelloInfo, context.State, context.CancellationToken),
HandshakeTimeout = handshakeTimeout,
OnConnectionState = state,
}));
}
/// <summary>
/// Configure Kestrel to use HTTPS. This does not use default certificates or other defaults specified via config or
/// <see cref="KestrelServerOptions.ConfigureHttpsDefaults(Action{HttpsConnectionAdapterOptions})"/>.
/// </summary>
/// <param name="listenOptions">The <see cref="ListenOptions"/> to configure.</param>
/// <param name="serverOptionsSelectionCallback">Callback to configure HTTPS options.</param>
/// <param name="state">State for the <paramref name="serverOptionsSelectionCallback"/>.</param>
/// <param name="handshakeTimeout">Specifies the maximum amount of time allowed for the TLS/SSL handshake. This must be positive and finite.</param>
/// <returns>The <see cref="ListenOptions"/>.</returns>
public static ListenOptions UseHttps(this ListenOptions listenOptions, ServerOptionsSelectionCallback serverOptionsSelectionCallback, object state, TimeSpan handshakeTimeout)
{
// HttpsOptionsCallback is an internal delegate that is the ServerOptionsSelectionCallback, a ConnectionContext, and the ClientCertificateMode.
// Given that ConnectionContext will eventually be replaced by System.Net.Connections, it doesn't make much sense to make the HttpsOptionsCallback delegate public.
return(listenOptions.UseHttps(GetTlsOptionsAsync, state, handshakeTimeout));
async ValueTask <(SslServerAuthenticationOptions, ClientCertificateMode)> GetTlsOptionsAsync(
ConnectionContext connection, SslStream stream, SslClientHelloInfo clientHelloInfo, object state, CancellationToken cancellationToken)
{
var tlsOptions = await serverOptionsSelectionCallback(stream, clientHelloInfo, state, cancellationToken);
return(new (tlsOptions, ClientCertificateMode.DelayCertificate));
}
}
/// <summary>
/// Configure Kestrel to use HTTPS. This does not use default certificates or other defaults specified via config or
/// <see cref="KestrelServerOptions.ConfigureHttpsDefaults(Action{HttpsConnectionAdapterOptions})"/>.
/// </summary>
/// <param name="listenOptions">The <see cref="ListenOptions"/> to configure.</param>
/// <param name="serverOptionsSelectionCallback">Callback to configure HTTPS options.</param>
/// <param name="state">State for the <paramref name="serverOptionsSelectionCallback"/>.</param>
/// <returns>The <see cref="ListenOptions"/>.</returns>
public static ListenOptions UseHttps(this ListenOptions listenOptions, ServerOptionsSelectionCallback serverOptionsSelectionCallback, object state)
{
return(listenOptions.UseHttps(serverOptionsSelectionCallback, state, HttpsConnectionAdapterOptions.DefaultHandshakeTimeout));
}
public static void Main(string[] args)
{
var hostBuilder = new HostBuilder()
.ConfigureLogging((_, factory) =>
{
factory.SetMinimumLevel(LogLevel.Trace);
factory.AddConsole();
})
.ConfigureWebHost(webHost =>
{
webHost.UseKestrel()
.ConfigureKestrel((context, options) =>
{
var cert = CertificateLoader.LoadFromStoreCert("localhost", StoreName.My.ToString(), StoreLocation.CurrentUser, false);
options.ConfigureHttpsDefaults(httpsOptions =>
{
httpsOptions.ServerCertificate = cert;
// httpsOptions.ClientCertificateMode = ClientCertificateMode.AllowCertificate;
// httpsOptions.AllowAnyClientCertificate();
});
options.ListenAnyIP(5000, listenOptions =>
{
listenOptions.UseConnectionLogging();
listenOptions.Protocols = HttpProtocols.Http1AndHttp2;
});
options.ListenAnyIP(5001, listenOptions =>
{
listenOptions.UseHttps();
listenOptions.UseConnectionLogging();
listenOptions.Protocols = HttpProtocols.Http1AndHttp2AndHttp3;
});
options.ListenAnyIP(5002, listenOptions =>
{
listenOptions.UseHttps(StoreName.My, "localhost");
listenOptions.UseConnectionLogging();
listenOptions.Protocols = HttpProtocols.Http3;
});
options.ListenAnyIP(5003, listenOptions =>
{
listenOptions.UseHttps(httpsOptions =>
{
// ConnectionContext is null
httpsOptions.ServerCertificateSelector = (context, host) => cert;
});
listenOptions.UseConnectionLogging();
listenOptions.Protocols = HttpProtocols.Http1AndHttp2AndHttp3;
});
// No SslServerAuthenticationOptions callback is currently supported by QuicListener
options.ListenAnyIP(5004, listenOptions =>
{
listenOptions.UseHttps(httpsOptions =>
{
httpsOptions.OnAuthenticate = (_, sslOptions) => sslOptions.ServerCertificate = cert;
});
listenOptions.UseConnectionLogging();
listenOptions.Protocols = HttpProtocols.Http1AndHttp2;
});
// ServerOptionsSelectionCallback isn't currently supported by QuicListener
options.ListenAnyIP(5005, listenOptions =>
{
ServerOptionsSelectionCallback callback = (SslStream stream, SslClientHelloInfo clientHelloInfo, object state, CancellationToken cancellationToken) =>
{
var options = new SslServerAuthenticationOptions()
{
ServerCertificate = cert,
};
return(new ValueTask <SslServerAuthenticationOptions>(options));
};
listenOptions.UseHttps(callback, state: null);
listenOptions.Protocols = HttpProtocols.Http1AndHttp2;
});
// TlsHandshakeCallbackOptions (ServerOptionsSelectionCallback) isn't currently supported by QuicListener
options.ListenAnyIP(5006, listenOptions =>
{
listenOptions.UseHttps(new TlsHandshakeCallbackOptions()
{
OnConnection = context =>
{
var options = new SslServerAuthenticationOptions()
{
ServerCertificate = cert,
};
return(new ValueTask <SslServerAuthenticationOptions>(options));
},
});
listenOptions.UseConnectionLogging();
listenOptions.Protocols = HttpProtocols.Http1AndHttp2;
});
})
.UseStartup <Startup>();
});
hostBuilder.Build().Run();
}
internal void UpdateOptions(ServerOptionsSelectionCallback optionCallback, object?state)
{
}
public static void Main(string[] args)
{
var hostBuilder = new HostBuilder()
.ConfigureLogging((_, factory) =>
{
factory.SetMinimumLevel(LogLevel.Trace);
factory.AddSimpleConsole(o => o.TimestampFormat = "[HH:mm:ss.fff] ");
})
.ConfigureWebHost(webHost =>
{
var cert = CertificateLoader.LoadFromStoreCert("localhost", StoreName.My.ToString(), StoreLocation.CurrentUser, false);
webHost.UseKestrel()
.ConfigureKestrel((context, options) =>
{
options.ListenAnyIP(5000, listenOptions =>
{
listenOptions.UseConnectionLogging();
listenOptions.Protocols = HttpProtocols.Http1AndHttp2;
});
options.Listen(IPAddress.Any, 5001, listenOptions =>
{
listenOptions.UseHttps();
listenOptions.UseConnectionLogging();
listenOptions.Protocols = HttpProtocols.Http1AndHttp2AndHttp3;
});
options.ListenAnyIP(5002, listenOptions =>
{
listenOptions.UseConnectionLogging();
listenOptions.UseHttps(StoreName.My, "localhost");
listenOptions.Protocols = HttpProtocols.Http3;
});
options.ListenAnyIP(5003, listenOptions =>
{
listenOptions.UseHttps(httpsOptions =>
{
// ConnectionContext is null
httpsOptions.ServerCertificateSelector = (context, host) => cert;
});
listenOptions.UseConnectionLogging();
listenOptions.Protocols = HttpProtocols.Http1AndHttp2AndHttp3;
});
// No SslServerAuthenticationOptions callback is currently supported by QuicListener
options.ListenAnyIP(5004, listenOptions =>
{
listenOptions.UseHttps(httpsOptions =>
{
httpsOptions.OnAuthenticate = (_, sslOptions) => sslOptions.ServerCertificate = cert;
});
listenOptions.UseConnectionLogging();
listenOptions.Protocols = HttpProtocols.Http1AndHttp2;
});
// ServerOptionsSelectionCallback isn't currently supported by QuicListener
options.ListenAnyIP(5005, listenOptions =>
{
ServerOptionsSelectionCallback callback = (SslStream stream, SslClientHelloInfo clientHelloInfo, object state, CancellationToken cancellationToken) =>
{
var options = new SslServerAuthenticationOptions()
{
ServerCertificate = cert,
};
return(new ValueTask <SslServerAuthenticationOptions>(options));
};
listenOptions.UseHttps(callback, state: null);
listenOptions.Protocols = HttpProtocols.Http1AndHttp2;
});
// TlsHandshakeCallbackOptions (ServerOptionsSelectionCallback) isn't currently supported by QuicListener
options.ListenAnyIP(5006, listenOptions =>
{
listenOptions.UseHttps(new TlsHandshakeCallbackOptions()
{
OnConnection = context =>
{
var options = new SslServerAuthenticationOptions()
{
ServerCertificate = cert,
};
return(new ValueTask <SslServerAuthenticationOptions>(options));
},
});
listenOptions.UseConnectionLogging();
listenOptions.Protocols = HttpProtocols.Http1AndHttp2;
});
})
.UseStartup <Startup>();
});
var host = hostBuilder.Build();
// Listener needs to be configured before host (and HTTP/3 endpoints) start up.
using var httpEventSource = new HttpEventSourceListener(host.Services.GetRequiredService <ILoggerFactory>());
host.Run();
}
