private void ReadEndpoints() { _endpoints = new List <EndpointConfig>(); var endpointsConfig = _configuration.GetSection(EndpointsKey).GetChildren(); foreach (var endpointConfig in endpointsConfig) { // "EndpointName": { // "Url": "https://*:5463", // "Protocols": "Http1AndHttp2", // "Certificate": { // "Path": "testCert.pfx", // "Password": "******" // } // } var url = endpointConfig[UrlKey]; if (string.IsNullOrEmpty(url)) { throw new InvalidOperationException(ReplicaCoreStrings.FormatEndpointMissingUrl(endpointConfig.Key)); } var endpoint = new EndpointConfig { Name = endpointConfig.Key, Url = url, Protocols = ParseProtocols(endpointConfig[ProtocolsKey]), ConfigSection = endpointConfig, Certificate = new CertificateConfig(endpointConfig.GetSection(CertificateKey)), }; _endpoints.Add(endpoint); } }
public static X509Certificate2 LoadFromStoreCert(string subject, string storeName, StoreLocation storeLocation, bool allowInvalid) { using (var store = new X509Store(storeName, storeLocation)) { X509Certificate2Collection storeCertificates = null; X509Certificate2 foundCertificate = null; try { store.Open(OpenFlags.ReadOnly); storeCertificates = store.Certificates; var foundCertificates = storeCertificates.Find(X509FindType.FindBySubjectName, subject, !allowInvalid); foundCertificate = foundCertificates .OfType <X509Certificate2>() .Where(IsCertificateAllowedForServerAuth) .OrderByDescending(certificate => certificate.NotAfter) .FirstOrDefault(); if (foundCertificate == null) { throw new InvalidOperationException(ReplicaCoreStrings.FormatCertNotFoundInStore(subject, storeLocation, storeName, allowInvalid)); } return(foundCertificate); } finally { DisposeCertificates(storeCertificates, except: foundCertificate); } } }
internal override async Task BindAsync(ReplicaAddressBindContext context) { var exceptions = new List <Exception>(); try { var v4Options = Clone(IPAddress.Loopback); await ReplicaAddressBinder.BindEndpointAsync(v4Options, context).ConfigureAwait(false); } catch (Exception ex) when(!(ex is IOException)) { context.Logger.LogWarning(0, ReplicaCoreStrings.NetworkInterfaceBindingFailed, GetDisplayName(), "IPv4 loopback", ex.Message); exceptions.Add(ex); } try { var v6Options = Clone(IPAddress.IPv6Loopback); await ReplicaAddressBinder.BindEndpointAsync(v6Options, context).ConfigureAwait(false); } catch (Exception ex) when(!(ex is IOException)) { context.Logger.LogWarning(0, ReplicaCoreStrings.NetworkInterfaceBindingFailed, GetDisplayName(), "IPv6 loopback", ex.Message); exceptions.Add(ex); } if (exceptions.Count == 2) { throw new IOException(ReplicaCoreStrings.FormatAddressBindingFailed(GetDisplayName()), new AggregateException(exceptions)); } // If StartLocalhost doesn't throw, there is at least one listener. // The port cannot change for "localhost". context.Addresses.Add(GetDisplayName()); }
internal static async Task BindEndpointAsync(ReplicaListenOptions endpoint, ReplicaAddressBindContext context) { try { await context.CreateBinding(endpoint).ConfigureAwait(false); } catch (AddressInUseException ex) { throw new IOException(ReplicaCoreStrings.FormatEndpointAlreadyInUse(endpoint), ex); } context.ListenOptions.Add(endpoint); }
internal override async Task BindAsync(ReplicaAddressBindContext context) { // when address is 'http://hostname:port', 'http://*:port', or 'http://+:port' try { await base.BindAsync(context).ConfigureAwait(false); } catch (Exception ex) when(!(ex is IOException)) { context.Logger.LogDebug(ReplicaCoreStrings.FormatFallbackToIPv4Any(IPEndPoint.Port)); // for machines that do not support IPv6 IPEndPoint = new IPEndPoint(IPAddress.Any, IPEndPoint.Port); await base.BindAsync(context).ConfigureAwait(false); } }
private X509Certificate2 LoadCertificate(CertificateConfig certInfo, string endpointName) { if (certInfo.IsFileCert && certInfo.IsStoreCert) { throw new InvalidOperationException(ReplicaCoreStrings.FormatMultipleCertificateSources(endpointName)); } else if (certInfo.IsFileCert) { var env = Options.ApplicationServices.GetRequiredService <IHostingEnvironment>(); return(new X509Certificate2(Path.Combine(env.ContentRootPath, certInfo.Path), certInfo.Password)); } else if (certInfo.IsStoreCert) { return(LoadFromStoreCert(certInfo)); } return(null); }
internal static ReplicaListenOptions ParseAddress(string address, out bool https) { var parsedAddress = BindingAddress.Parse(address); https = false; if (parsedAddress.Scheme.Equals("https", StringComparison.OrdinalIgnoreCase)) { https = true; } else if (!parsedAddress.Scheme.Equals("http", StringComparison.OrdinalIgnoreCase)) { throw new InvalidOperationException(ReplicaCoreStrings.FormatUnsupportedAddressScheme(address)); } if (!string.IsNullOrEmpty(parsedAddress.PathBase)) { throw new InvalidOperationException(ReplicaCoreStrings.FormatConfigurePathBaseFromMethodCall($"{nameof(IApplicationBuilder)}.UsePathBase()")); } ReplicaListenOptions options = null; if (parsedAddress.IsUnixPipe) { options = new ReplicaListenOptions(parsedAddress.UnixPipePath); } else if (string.Equals(parsedAddress.Host, "localhost", StringComparison.OrdinalIgnoreCase)) { // "localhost" for both IPv4 and IPv6 can't be represented as an IPEndPoint. options = new ReplicaLocalhostListenOptions(parsedAddress.Port); } else if (TryCreateIPEndPoint(parsedAddress, out var endpoint)) { options = new ReplicaListenOptions(endpoint); } else { // when address is 'http://hostname:port', 'http://*:port', or 'http://+:port' options = new ReplicaAnyIPListenOptions(parsedAddress.Port); } return(options); }