public async Task OnConnectionAsync(ConnectionFilterContext context)
{
await _previous.OnConnectionAsync(context);
if (string.Equals(context.Address.Scheme, "https", StringComparison.OrdinalIgnoreCase))
{
X509Certificate2 clientCertificate = null;
SslStream sslStream;
if (_options.ClientCertificateMode == ClientCertificateMode.NoCertificate)
{
sslStream = new SslStream(context.Connection);
await sslStream.AuthenticateAsServerAsync(_options.ServerCertificate, clientCertificateRequired : false,
enabledSslProtocols : _options.SslProtocols, checkCertificateRevocation : _options.CheckCertificateRevocation);
}
else
{
sslStream = new SslStream(context.Connection, leaveInnerStreamOpen: false,
userCertificateValidationCallback: (sender, certificate, chain, sslPolicyErrors) =>
{
if (certificate == null)
{
return(_options.ClientCertificateMode != ClientCertificateMode.RequireCertificate);
}
if (_options.ClientCertificateValidation == null)
{
if (sslPolicyErrors != SslPolicyErrors.None)
{
return(false);
}
}
X509Certificate2 certificate2 = certificate as X509Certificate2;
if (certificate2 == null)
{
#if NETSTANDARD1_3
// conversion X509Certificate to X509Certificate2 not supported
// https://github.com/dotnet/corefx/issues/4510
return(false);
#else
certificate2 = new X509Certificate2(certificate);
#endif
}
if (_options.ClientCertificateValidation != null)
{
if (!_options.ClientCertificateValidation(certificate2, chain, sslPolicyErrors))
{
return(false);
}
}
clientCertificate = certificate2;
return(true);
});
await sslStream.AuthenticateAsServerAsync(_options.ServerCertificate, clientCertificateRequired : true,
enabledSslProtocols : _options.SslProtocols, checkCertificateRevocation : _options.CheckCertificateRevocation);
}
var previousPrepareRequest = context.PrepareRequest;
context.PrepareRequest = features =>
{
previousPrepareRequest?.Invoke(features);
if (clientCertificate != null)
{
features.Set <ITlsConnectionFeature>(new TlsConnectionFeature {
ClientCertificate = clientCertificate
});
}
features.Get <IHttpRequestFeature>().Scheme = "https";
};
context.Connection = sslStream;
}
}
public async Task OnConnectionAsync(ConnectionFilterContext context)
{
await _previous.OnConnectionAsync(context);
if (string.Equals(context.Address.Scheme, "https", StringComparison.OrdinalIgnoreCase))
{
SslStream sslStream;
if (_options.ClientCertificateMode == ClientCertificateMode.NoCertificate)
{
sslStream = new SslStream(context.Connection);
await sslStream.AuthenticateAsServerAsync(_options.ServerCertificate, clientCertificateRequired : false,
enabledSslProtocols : _options.SslProtocols, checkCertificateRevocation : _options.CheckCertificateRevocation);
}
else
{
sslStream = new SslStream(context.Connection, leaveInnerStreamOpen: false,
userCertificateValidationCallback: (sender, certificate, chain, sslPolicyErrors) =>
{
if (certificate == null)
{
return(_options.ClientCertificateMode != ClientCertificateMode.RequireCertificate);
}
if (_options.ClientCertificateValidation == null)
{
if (sslPolicyErrors != SslPolicyErrors.None)
{
return(false);
}
}
var certificate2 = ConvertToX509Certificate2(certificate);
if (certificate2 == null)
{
return(false);
}
if (_options.ClientCertificateValidation != null)
{
if (!_options.ClientCertificateValidation(certificate2, chain, sslPolicyErrors))
{
return(false);
}
}
return(true);
});
await sslStream.AuthenticateAsServerAsync(_options.ServerCertificate, clientCertificateRequired : true,
enabledSslProtocols : _options.SslProtocols, checkCertificateRevocation : _options.CheckCertificateRevocation);
}
var previousPrepareRequest = context.PrepareRequest;
context.PrepareRequest = features =>
{
previousPrepareRequest?.Invoke(features);
var clientCertificate = ConvertToX509Certificate2(sslStream.RemoteCertificate);
if (clientCertificate != null)
{
features.Set <ITlsConnectionFeature>(new TlsConnectionFeature {
ClientCertificate = clientCertificate
});
}
features.Get <IHttpRequestFeature>().Scheme = "https";
};
context.Connection = sslStream;
}
}
