public CertificateMiddleware(ICertificatePermissionValidator certificatePermissionValidator, SecurityOptions options) { _certificatePermissionValidator = certificatePermissionValidator; _options = options.Certificate; _allowedHosts = new HashSet <string>(_options.AllowedHosts ?? Array.Empty <string>()); _validateAcl = _options.Acl is {} && _options.Acl.Any();
public CertificateMiddleware(ICertificatePermissionValidator certificatePermissionValidator, SecurityOptions options, ILogger <CertificateMiddleware> logger) { _certificatePermissionValidator = certificatePermissionValidator; _logger = logger; _options = options.Certificate; _allowedHosts = new HashSet <string>(_options.AllowedHosts ?? Array.Empty <string>()); _validateAcl = _options.Acl is not null && _options.Acl.Any(); _skipRevocationCheck = options.Certificate.SkipRevocationCheck; if (!_validateAcl) { return; } _acl = new Dictionary <string, SecurityOptions.CertificateOptions.AclOptions>(); foreach (var(key, acl) in _options.Acl) { if (!string.IsNullOrWhiteSpace(acl.ValidIssuer) && !acl.ValidIssuer.StartsWith("CN=")) { acl.ValidIssuer = $"CN={acl.ValidIssuer}"; } var subject = key.StartsWith("CN=") ? key : $"CN={key}"; if (_options.AllowSubdomains) { foreach (var domain in options.Certificate.AllowedDomains ?? Enumerable.Empty <string>()) { _subjects.Add($"{subject}.{domain}", key); } } _acl.Add(_subjects.Any() ? key : subject, acl); } }