/// <summary>
/// Configure Kestrel to use HTTPS.
/// </summary>
/// <param name="listenOptions">The <see cref="ListenOptions"/> to configure.</param>
/// <param name="fileName">The name of a certificate file, relative to the directory that contains the application content files.</param>
/// <param name="password">The password required to access the X.509 certificate data.</param>
/// <param name="configureOptions">An Action to configure the <see cref="HttpsConnectionAdapterOptions"/>.</param>
/// <returns>The <see cref="ListenOptions"/>.</returns>
public static ReplicaListenOptions UseHttps(this ReplicaListenOptions listenOptions, string fileName, string password,
Action <HttpsConnectionAdapterOptions> configureOptions)
{
var env = listenOptions.KestrelServerOptions.ApplicationServices.GetRequiredService <IHostingEnvironment>();
return(listenOptions.UseHttps(new X509Certificate2(Path.Combine(env.ContentRootPath, fileName), password), configureOptions));
}
internal ReplicaEndpointConfiguration(bool isHttps, ReplicaListenOptions listenOptions, HttpsConnectionAdapterOptions httpsOptions, IConfigurationSection configSection)
{
IsHttps = isHttps;
ListenOptions = listenOptions ?? throw new ArgumentNullException(nameof(listenOptions));
HttpsOptions = httpsOptions ?? throw new ArgumentNullException(nameof(httpsOptions));
ConfigSection = configSection ?? throw new ArgumentNullException(nameof(configSection));
}
/// <summary>
/// Configure Kestrel to use HTTPS.
/// </summary>
/// <param name="listenOptions">The <see cref="ListenOptions"/> to configure.</param>
/// <param name="httpsOptions">Options to configure HTTPS.</param>
/// <returns>The <see cref="ListenOptions"/>.</returns>
public static ReplicaListenOptions UseHttps(this ReplicaListenOptions listenOptions, ReplicaHttpsConnectionAdapterOptions httpsOptions)
{
var loggerFactory = listenOptions.KestrelServerOptions.ApplicationServices.GetRequiredService <ILoggerFactory>();
// Set the list of protocols from listen options
httpsOptions.HttpProtocols = listenOptions.Protocols;
listenOptions.ConnectionAdapters.Add(new HttpsConnectionAdapter(httpsOptions, loggerFactory));
return(listenOptions);
}
// Called from ApplyEndpointDefaults so it applies to even explicit Listen endpoints.
// Does not require a call to Load.
internal void ApplyConfigurationDefaults(ReplicaListenOptions listenOptions)
{
var defaults = ConfigurationReader.EndpointDefaults;
if (defaults.Protocols.HasValue)
{
listenOptions.Protocols = defaults.Protocols.Value;
}
}
/// <summary>
/// Configure Kestrel to use HTTPS.
/// </summary>
/// <param name="listenOptions"> The <see cref="ListenOptions"/> to configure.</param>
/// <param name="serverCertificate">The X.509 certificate.</param>
/// <returns>The <see cref="ListenOptions"/>.</returns>
public static ReplicaListenOptions UseHttps(this ReplicaListenOptions listenOptions, X509Certificate2 serverCertificate)
{
if (serverCertificate == null)
{
throw new ArgumentNullException(nameof(serverCertificate));
}
return(listenOptions.UseHttps(options =>
{
options.ServerCertificate = serverCertificate;
}));
}
internal static async Task BindEndpointAsync(ReplicaListenOptions endpoint, ReplicaAddressBindContext context)
{
try
{
await context.CreateBinding(endpoint).ConfigureAwait(false);
}
catch (AddressInUseException ex)
{
throw new IOException(ReplicaCoreStrings.FormatEndpointAlreadyInUse(endpoint), ex);
}
context.ListenOptions.Add(endpoint);
}
/// <summary>
/// Open a socket file descriptor.
/// The callback configures endpoint-specific settings.
/// </summary>
public void ListenHandle(ulong handle, Action <ReplicaListenOptions> configure)
{
if (configure == null)
{
throw new ArgumentNullException(nameof(configure));
}
var listenOptions = new ReplicaListenOptions(handle);
ApplyEndpointDefaults(listenOptions);
configure(listenOptions);
ListenOptions.Add(listenOptions);
}
// Use Https if a default cert is available
internal static bool TryUseHttps(this ReplicaListenOptions listenOptions)
{
var options = new ReplicaHttpsConnectionAdapterOptions();
listenOptions.KestrelServerOptions.ApplyHttpsDefaults(options);
listenOptions.KestrelServerOptions.ApplyDefaultCert(options);
if (options.ServerCertificate == null && options.ServerCertificateSelector == null)
{
return(false);
}
listenOptions.UseHttps(options);
return(true);
}
// used for cloning to two IPEndpoints
internal ReplicaListenOptions Clone(IPAddress address)
{
var options = new ReplicaListenOptions(new IPEndPoint(address, IPEndPoint.Port))
{
HandleType = HandleType,
KestrelServerOptions = KestrelServerOptions,
NoDelay = NoDelay,
Protocols = Protocols,
};
options._middleware.AddRange(_middleware);
options.ConnectionAdapters.AddRange(ConnectionAdapters);
return(options);
}
/// <summary>
/// Bind to given IP address and port.
/// The callback configures endpoint-specific settings.
/// </summary>
public void Listen(IPEndPoint endPoint, Action <ReplicaListenOptions> configure)
{
if (endPoint == null)
{
throw new ArgumentNullException(nameof(endPoint));
}
if (configure == null)
{
throw new ArgumentNullException(nameof(configure));
}
var listenOptions = new ReplicaListenOptions(endPoint);
ApplyEndpointDefaults(listenOptions);
configure(listenOptions);
ListenOptions.Add(listenOptions);
}
internal static ReplicaListenOptions ParseAddress(string address, out bool https)
{
var parsedAddress = BindingAddress.Parse(address);
https = false;
if (parsedAddress.Scheme.Equals("https", StringComparison.OrdinalIgnoreCase))
{
https = true;
}
else if (!parsedAddress.Scheme.Equals("http", StringComparison.OrdinalIgnoreCase))
{
throw new InvalidOperationException(ReplicaCoreStrings.FormatUnsupportedAddressScheme(address));
}
if (!string.IsNullOrEmpty(parsedAddress.PathBase))
{
throw new InvalidOperationException(ReplicaCoreStrings.FormatConfigurePathBaseFromMethodCall($"{nameof(IApplicationBuilder)}.UsePathBase()"));
}
ReplicaListenOptions options = null;
if (parsedAddress.IsUnixPipe)
{
options = new ReplicaListenOptions(parsedAddress.UnixPipePath);
}
else if (string.Equals(parsedAddress.Host, "localhost", StringComparison.OrdinalIgnoreCase))
{
// "localhost" for both IPv4 and IPv6 can't be represented as an IPEndPoint.
options = new ReplicaLocalhostListenOptions(parsedAddress.Port);
}
else if (TryCreateIPEndPoint(parsedAddress, out var endpoint))
{
options = new ReplicaListenOptions(endpoint);
}
else
{
// when address is 'http://hostname:port', 'http://*:port', or 'http://+:port'
options = new ReplicaAnyIPListenOptions(parsedAddress.Port);
}
return(options);
}
/// <summary>
/// Configure Kestrel to use HTTPS.
/// </summary>
/// <param name="listenOptions">The <see cref="ListenOptions"/> to configure.</param>
/// <param name="configureOptions">An action to configure options for HTTPS.</param>
/// <returns>The <see cref="ListenOptions"/>.</returns>
public static ReplicaListenOptions UseHttps(this ReplicaListenOptions listenOptions, Action <HttpsConnectionAdapterOptions> configureOptions)
{
if (configureOptions == null)
{
throw new ArgumentNullException(nameof(configureOptions));
}
var options = new ReplicaHttpsConnectionAdapterOptions();
listenOptions.KestrelServerOptions.ApplyHttpsDefaults(options);
configureOptions(options);
listenOptions.KestrelServerOptions.ApplyDefaultCert(options);
if (options.ServerCertificate == null && options.ServerCertificateSelector == null)
{
throw new InvalidOperationException(ReplicaCoreStrings.NoCertSpecifiedNoDevelopmentCertificateFound);
}
return(listenOptions.UseHttps(options));
}
/// <summary>
/// Configure Kestrel to use HTTPS.
/// </summary>
/// <param name="listenOptions">The <see cref="ListenOptions"/> to configure.</param>
/// <param name="serverCertificate">The X.509 certificate.</param>
/// <param name="configureOptions">An Action to configure the <see cref="HttpsConnectionAdapterOptions"/>.</param>
/// <returns>The <see cref="ListenOptions"/>.</returns>
public static ReplicaListenOptions UseHttps(this ReplicaListenOptions listenOptions, X509Certificate2 serverCertificate,
Action <HttpsConnectionAdapterOptions> configureOptions)
{
if (serverCertificate == null)
{
throw new ArgumentNullException(nameof(serverCertificate));
}
if (configureOptions == null)
{
throw new ArgumentNullException(nameof(configureOptions));
}
return(listenOptions.UseHttps(options =>
{
options.ServerCertificate = serverCertificate;
configureOptions(options);
}));
}
/// <summary>
/// Bind to given Unix domain socket path.
/// Specify callback to configure endpoint-specific settings.
/// </summary>
public void ListenUnixSocket(string socketPath, Action <ReplicaListenOptions> configure)
{
if (socketPath == null)
{
throw new ArgumentNullException(nameof(socketPath));
}
if (socketPath.Length == 0 || socketPath[0] != '/')
{
throw new ArgumentException(ReplicaCoreStrings.UnixSocketPathMustBeAbsolute, nameof(socketPath));
}
if (configure == null)
{
throw new ArgumentNullException(nameof(configure));
}
var listenOptions = new ReplicaListenOptions(socketPath);
ApplyEndpointDefaults(listenOptions);
configure(listenOptions);
ListenOptions.Add(listenOptions);
}
/// <summary> /// Configure Kestrel to use HTTPS. /// </summary> /// <param name="listenOptions">The <see cref="ListenOptions"/> to configure.</param> /// <param name="storeName">The certificate store to load the certificate from.</param> /// <param name="subject">The subject name for the certificate to load.</param> /// <param name="allowInvalid">Indicates if invalid certificates should be considered, such as self-signed certificates.</param> /// <returns>The <see cref="ListenOptions"/>.</returns> public static ReplicaListenOptions UseHttps(this ReplicaListenOptions listenOptions, StoreName storeName, string subject, bool allowInvalid) => listenOptions.UseHttps(storeName, subject, allowInvalid, StoreLocation.CurrentUser);
/// <summary> /// Configure Kestrel to use HTTPS. /// </summary> /// <param name="listenOptions">The <see cref="ListenOptions"/> to configure.</param> /// <param name="storeName">The certificate store to load the certificate from.</param> /// <param name="subject">The subject name for the certificate to load.</param> /// <returns>The <see cref="ListenOptions"/>.</returns> public static ReplicaListenOptions UseHttps(this ReplicaListenOptions listenOptions, StoreName storeName, string subject) => listenOptions.UseHttps(storeName, subject, allowInvalid: false);
/// <summary>
/// Configure Kestrel to use HTTPS.
/// </summary>
/// <param name="listenOptions">The <see cref="ListenOptions"/> to configure.</param>
/// <param name="storeName">The certificate store to load the certificate from.</param>
/// <param name="subject">The subject name for the certificate to load.</param>
/// <param name="allowInvalid">Indicates if invalid certificates should be considered, such as self-signed certificates.</param>
/// <param name="location">The store location to load the certificate from.</param>
/// <returns>The <see cref="ListenOptions"/>.</returns>
public static ReplicaListenOptions UseHttps(this ReplicaListenOptions listenOptions, StoreName storeName, string subject, bool allowInvalid, StoreLocation location)
=> listenOptions.UseHttps(storeName, subject, allowInvalid, location, configureOptions: _ => { });
/// <summary>
/// Configure Kestrel to use HTTPS with the default certificate if available.
/// This will throw if no default certificate is configured.
/// </summary>
/// <param name="listenOptions">The <see cref="ListenOptions"/> to configure.</param>
/// <returns>The <see cref="ListenOptions"/>.</returns>
public static ReplicaListenOptions UseHttps(this ReplicaListenOptions listenOptions) => listenOptions.UseHttps(_ => { });
/// <summary>
/// Configure Kestrel to use HTTPS.
/// </summary>
/// <param name="listenOptions">The <see cref="ListenOptions"/> to configure.</param>
/// <param name="storeName">The certificate store to load the certificate from.</param>
/// <param name="subject">The subject name for the certificate to load.</param>
/// <param name="allowInvalid">Indicates if invalid certificates should be considered, such as self-signed certificates.</param>
/// <param name="location">The store location to load the certificate from.</param>
/// <param name="configureOptions">An Action to configure the <see cref="HttpsConnectionAdapterOptions"/>.</param>
/// <returns>The <see cref="ListenOptions"/>.</returns>
public static ReplicaListenOptions UseHttps(this ReplicaListenOptions listenOptions, StoreName storeName, string subject, bool allowInvalid, StoreLocation location,
Action <HttpsConnectionAdapterOptions> configureOptions)
{
return(listenOptions.UseHttps(CertificateLoader.LoadFromStoreCert(subject, storeName.ToString(), location, allowInvalid), configureOptions));
}
internal void ApplyEndpointDefaults(ReplicaListenOptions listenOptions)
{
listenOptions.KestrelServerOptions = this;
ConfigurationLoader?.ApplyConfigurationDefaults(listenOptions);
EndpointDefaults(listenOptions);
}
/// <summary>
/// Configure Kestrel to use HTTPS.
/// </summary>
/// <param name="listenOptions">The <see cref="ListenOptions"/> to configure.</param>
/// <param name="fileName">The name of a certificate file, relative to the directory that contains the application
/// content files.</param>
/// <returns>The <see cref="ListenOptions"/>.</returns>
public static ReplicaListenOptions UseHttps(this ReplicaListenOptions listenOptions, string fileName)
{
var env = listenOptions.KestrelServerOptions.ApplicationServices.GetRequiredService <IHostingEnvironment>();
return(listenOptions.UseHttps(new X509Certificate2(Path.Combine(env.ContentRootPath, fileName))));
}
