public static void ConfigureCashFlowService(this KestrelServerOptions ksoOptions)
{
var vCashFlowSrvConfig = ksoOptions.ApplicationServices.GetRequiredService <IConfiguration>();
var vCashFlowServerEnvironment = ksoOptions.ApplicationServices.GetRequiredService <IHostingEnvironment>();
var vCashFlowSrvConfigItems = vCashFlowSrvConfig.GetSection("HttpServer:vCashFlowSrvConfigItems")
.GetChildren()
.ToDictionary(cfsSection => cfsSection.Key, cfsSection =>
{
var vCashFlowSrvConfigItem = new CashFlowServiceConfigurationDefinition();
cfsSection.Bind(vCashFlowSrvConfigItem);
return(vCashFlowSrvConfigItem);
});
foreach (var vCashFlowSrvConfigItem in vCashFlowSrvConfigItems)
{
var vCashFlowSrvconfig = vCashFlowSrvConfigItem.Value;
var vCashFlowSrvPort = vCashFlowSrvconfig.iPort ?? (vCashFlowSrvconfig.strScheme == "https" ? 443 : 80);
//var vCashFlowSrvPort = vCashFlowSrvconfig.iPort;
var vIpAddresses = new List <IPAddress>();
if (vCashFlowSrvconfig.strHost == "localhost")
{
vIpAddresses.Add(IPAddress.IPv6Loopback);
vIpAddresses.Add(IPAddress.Loopback);
}
else if (IPAddress.TryParse(vCashFlowSrvconfig.strHost, out var vCurrentIpAddress))
{
vIpAddresses.Add(vCurrentIpAddress);
}
else
{
vIpAddresses.Add(IPAddress.IPv6Any);
}
foreach (var vAddress in vIpAddresses)
{
ksoOptions.Listen(vAddress, vCashFlowSrvPort,
listenOptions =>
{
if (vCashFlowSrvconfig.strScheme == "https")
{
var vCashFlowSrvCertificate = LoadCashFlowSrvCertificate(vCashFlowSrvconfig, vCashFlowServerEnvironment);
listenOptions.UseHttps(vCashFlowSrvCertificate);
}
});
}
}
}
private static X509Certificate2 LoadCashFlowSrvCertificate(CashFlowServiceConfigurationDefinition cfsConfig, IHostingEnvironment vCashFlowServerEnvironment)
{
if (cfsConfig.strStoreName != null && cfsConfig.strStoreLocation != null)
{
using (var vCfsStore = new X509Store(cfsConfig.strStoreName, Enum.Parse <StoreLocation>(cfsConfig.strStoreLocation)))
{
vCfsStore.Open(OpenFlags.ReadOnly);
var vCfsCertificate = vCfsStore.Certificates.Find(
X509FindType.FindByThumbprint,
cfsConfig.strThumbPrint,
//X509FindType.FindBySerialNumber,
//cfsConfig.strSerialNumber,
validOnly: !vCashFlowServerEnvironment.IsDevelopment());
if (vCfsCertificate.Count == 0)
{
throw new InvalidOperationException($"Certificate not found for {cfsConfig.strHost}.");
}
return(vCfsCertificate[0]);
}
}
/*
* if (cfsConfig.strFilePath != null && cfsConfig.strPassword != null)
* {
* return new X509Certificate2(cfsConfig.strFilePath, cfsConfig.strPassword);
* }
*/
/*
* [Allan G: 2018.06.28]
* Password storage will need to be changed before this CashFlow is promoted to production.
* One recommendation is to use Azure vault.
* For Dev and Testing, using environment variables is perfectly reasonable design approach.
*/
string strCertificatePassword = Environment.GetEnvironmentVariable("HttpServer_CashFlowService_Https_Password");
if (cfsConfig.strFilePath != null && strCertificatePassword != null)
{
return(new X509Certificate2(cfsConfig.strFilePath, strCertificatePassword));
}
throw new InvalidOperationException("No valid certificate configuration found for the current vCashFlowSrvConfigItem.");
}
