public async Task OnConnectionAsync(ConnectionFilterContext context) { await _previous.OnConnectionAsync(context); if (string.Equals(context.Address.Scheme, "https", StringComparison.OrdinalIgnoreCase)) { X509Certificate2 clientCertificate = null; SslStream sslStream; if (_options.ClientCertificateMode == ClientCertificateMode.NoCertificate) { sslStream = new SslStream(context.Connection); await sslStream.AuthenticateAsServerAsync(_options.ServerCertificate, clientCertificateRequired : false, enabledSslProtocols : _options.SslProtocols, checkCertificateRevocation : _options.CheckCertificateRevocation); } else { sslStream = new SslStream(context.Connection, leaveInnerStreamOpen: false, userCertificateValidationCallback: (sender, certificate, chain, sslPolicyErrors) => { if (certificate == null) { return(_options.ClientCertificateMode != ClientCertificateMode.RequireCertificate); } if (_options.ClientCertificateValidation == null) { if (sslPolicyErrors != SslPolicyErrors.None) { return(false); } } X509Certificate2 certificate2 = certificate as X509Certificate2; if (certificate2 == null) { #if NETSTANDARD1_3 // conversion X509Certificate to X509Certificate2 not supported // https://github.com/dotnet/corefx/issues/4510 return(false); #else certificate2 = new X509Certificate2(certificate); #endif } if (_options.ClientCertificateValidation != null) { if (!_options.ClientCertificateValidation(certificate2, chain, sslPolicyErrors)) { return(false); } } clientCertificate = certificate2; return(true); }); await sslStream.AuthenticateAsServerAsync(_options.ServerCertificate, clientCertificateRequired : true, enabledSslProtocols : _options.SslProtocols, checkCertificateRevocation : _options.CheckCertificateRevocation); } var previousPrepareRequest = context.PrepareRequest; context.PrepareRequest = features => { previousPrepareRequest?.Invoke(features); if (clientCertificate != null) { features.Set <ITlsConnectionFeature>(new TlsConnectionFeature { ClientCertificate = clientCertificate }); } features.Get <IHttpRequestFeature>().Scheme = "https"; }; context.Connection = sslStream; } }
public async Task OnConnectionAsync(ConnectionFilterContext context) { await _previous.OnConnectionAsync(context); if (string.Equals(context.Address.Scheme, "https", StringComparison.OrdinalIgnoreCase)) { SslStream sslStream; if (_options.ClientCertificateMode == ClientCertificateMode.NoCertificate) { sslStream = new SslStream(context.Connection); await sslStream.AuthenticateAsServerAsync(_options.ServerCertificate, clientCertificateRequired : false, enabledSslProtocols : _options.SslProtocols, checkCertificateRevocation : _options.CheckCertificateRevocation); } else { sslStream = new SslStream(context.Connection, leaveInnerStreamOpen: false, userCertificateValidationCallback: (sender, certificate, chain, sslPolicyErrors) => { if (certificate == null) { return(_options.ClientCertificateMode != ClientCertificateMode.RequireCertificate); } if (_options.ClientCertificateValidation == null) { if (sslPolicyErrors != SslPolicyErrors.None) { return(false); } } var certificate2 = ConvertToX509Certificate2(certificate); if (certificate2 == null) { return(false); } if (_options.ClientCertificateValidation != null) { if (!_options.ClientCertificateValidation(certificate2, chain, sslPolicyErrors)) { return(false); } } return(true); }); await sslStream.AuthenticateAsServerAsync(_options.ServerCertificate, clientCertificateRequired : true, enabledSslProtocols : _options.SslProtocols, checkCertificateRevocation : _options.CheckCertificateRevocation); } var previousPrepareRequest = context.PrepareRequest; context.PrepareRequest = features => { previousPrepareRequest?.Invoke(features); var clientCertificate = ConvertToX509Certificate2(sslStream.RemoteCertificate); if (clientCertificate != null) { features.Set <ITlsConnectionFeature>(new TlsConnectionFeature { ClientCertificate = clientCertificate }); } features.Get <IHttpRequestFeature>().Scheme = "https"; }; context.Connection = sslStream; } }