public CertVaultCertificate(CertVault vault, CertificateStore store, CertVaultCertType certType) { if (certType != CertVaultCertType.DefaultCert) { throw new ArgumentException("certType != CertVaultCertType.Default"); } this.Vault = vault; this.Store = store; this.CertType = certType; }
public DaemonCenterServerRpcHttpHost(Server daemonCenterServer) { try { // Start Log Server string certVaultDir = Lfs.ConfigPathStringToPhysicalDirectoryPath(@"Local/DaemonCenterRpc_CertVault/"); this.CertVault = new CertVault(certVaultDir, new CertVaultSettings(EnsureSpecial.Yes) { ReloadIntervalMsecs = 3600 * 1000, UseAcme = false, NonAcmeEnableAutoGenerateSubjectNameCert = false, }); PalSslServerAuthenticationOptions sslOptions = new PalSslServerAuthenticationOptions(this.CertVault.X509CertificateSelector("dummy", true), true, null); this.DaemonCenterServer = daemonCenterServer; JsonRpcServerConfig rpcCfg = new JsonRpcServerConfig(); HttpServerOptions httpConfig = new HttpServerOptions { HttpPortsList = new List <int>(), HttpsPortsList = Consts.Ports.DaemonCenterHttps._SingleList(), UseStaticFiles = false, AutomaticRedirectToHttpsIfPossible = false, HiveName = "DaemonCenterRpcHttpServer", DenyRobots = true, UseGlobalCertVault = false, ServerCertSelector = (param, sni) => (X509Certificate2)(this.CertVault.X509CertificateSelector(sni, true).NativeCertificate), }; this.HttpServer = JsonRpcHttpServerBuilder.StartServer(httpConfig, rpcCfg, this.DaemonCenterServer); } catch { this._DisposeSafe(); throw; } }
public CertVaultCertificate(CertVault vault, DirectoryPath dirName, CertVaultCertType certType) { this.Vault = vault; if (certType.EqualsAny(CertVaultCertType.Acme, CertVaultCertType.Static, CertVaultCertType.AutoGenerated) == false) { throw new ArgumentOutOfRangeException("certType"); } try { dirName.CreateDirectory(); } catch { } CertificateStore?store = null; this.CertType = certType; this.DirName = dirName; if (certType == CertVaultCertType.Static || certType == CertVaultCertType.AutoGenerated) { // Static / auto generated cert var files = DirName.EnumDirectory().Where(x => x.IsDirectory == false); string?p12file = files.Where(x => x.Name._IsExtensionMatch(Consts.Extensions.Filter_Pkcs12s)).SingleOrDefault()?.FullPath; string?certfile = files.Where(x => x.Name._IsExtensionMatch(Consts.Extensions.Filter_Certificates)).SingleOrDefault()?.FullPath; string?keyfile = files.Where(x => x.Name._IsExtensionMatch(Consts.Extensions.Filter_Keys)).SingleOrDefault()?.FullPath; string?passwordfile = files.Where(x => x.Name._IsSamei(Consts.FileNames.CertVault_Password)).SingleOrDefault()?.FullPath; string?password = null; if (passwordfile != null) { password = FileSystem !.ReadStringFromFile(passwordfile, oneLine: true); if (password._IsEmpty()) { password = null; } } if (p12file != null) { store = new CertificateStore(FileSystem !.ReadDataFromFile(p12file).Span, password); } else if (certfile != null && keyfile != null) { store = new CertificateStore(FileSystem !.ReadDataFromFile(certfile).Span, FileSystem.ReadDataFromFile(keyfile).Span, password); } else { store = null; } } else { // ACME cert FilePath fileName = DirName.Combine(DirName.GetThisDirectoryName() + Consts.Extensions.Certificate_Acme); if (fileName.IsFileExists()) { store = new CertificateStore(fileName.ReadDataFromFile().Span, this.Vault.AcmeCertKey !); } else { store = null; } } Certificate?test = store?.PrimaryContainer.CertificateList[0]; if (test != null && store != null) { if (test.PublicKey.Equals(store.PrimaryContainer.PrivateKey.PublicKey) == false) { Con.WriteDebug($"CertVault: The public key certificate in the directory '{dirName}' doesn't match to the private key."); store = null; } } this.Store = store; }
public DaemonUtil(string daemonName, CancellationToken cancel = default) : base(cancel) { if (daemonName._IsEmpty()) { throw new ArgumentNullException(nameof(daemonName)); } daemonName = daemonName._NonNullTrim(); try { // 起動パラメータ this.Params = new OneLineParams(GlobalDaemonStateManager.StartupArguments); if (Params._HasKey(Consts.DaemonArgKeys.StartLogFileBrowser)) { // Log Browser で利用されるべきポート番号の決定 int httpPort = Params._GetFirstValueOrDefault(Consts.DaemonArgKeys.LogFileBrowserPort, StrComparer.IgnoreCaseComparer)._ToInt(); if (httpPort == 0) { httpPort = Util.GenerateDynamicListenableTcpPortWithSeed(Env.DnsFqdnHostName + "_seed_daemonutil_logbrowser_http" + Env.AppRootDir + "@" + daemonName); } int httpsPort = Params._GetFirstValueOrDefault(Consts.DaemonArgKeys.LogFileBrowserPort, StrComparer.IgnoreCaseComparer)._ToInt(); if (httpsPort == 0) { httpsPort = Util.GenerateDynamicListenableTcpPortWithSeed(Env.DnsFqdnHostName + "_seed_daemonutil_logbrowser_https" + Env.AppRootDir + "@" + daemonName, excludePorts: httpPort._SingleArray()); } // Log Browser 用の CertVault の作成 CertVault certVault = new CertVault(PP.Combine(Env.AppLocalDir, "Config/DaemonUtil_LogBrowser/CertVault"), new CertVaultSettings(defaultSetting: EnsureSpecial.Yes) { UseAcme = false }); DisposeList.Add(certVault); // Log Browser の起動 HttpServerOptions httpServerOptions = new HttpServerOptions { UseStaticFiles = false, UseSimpleBasicAuthentication = false, HttpPortsList = httpPort._SingleList(), HttpsPortsList = httpsPort._SingleList(), DebugKestrelToConsole = false, UseKestrelWithIPACoreStack = true, AutomaticRedirectToHttpsIfPossible = false, LocalHostOnly = false, UseGlobalCertVault = false, // Disable Global CertVault DisableHiveBasedSetting = true, // Disable Hive based settings ServerCertSelector = certVault.X509CertificateSelectorForHttpsServerNoAcme, DenyRobots = true, // Deny robots }; LogBrowserOptions browserOptions = new LogBrowserOptions( Env.AppRootDir, systemTitle: $"{Env.DnsFqdnHostName}", clientIpAcl: (ip) => { // 接続元 IP アドレスの種類を取得 IPAddressType type = ip._GetIPAddressType(); if (type.Bit(IPAddressType.GlobalIp)) { // 接続元がグローバル IP の場合 if (GlobalDaemonStateManager.IsDaemonClientLocalIpAddressGlobal == false) { // DaemonCenter との接続にプライベート IP を利用している場合: 接続拒否 return(false); } } // それ以外の場合: 接続許可 return(true); } ); DisposeList.Add(LogBrowserHttpServerBuilder.StartServer(httpServerOptions, new LogBrowserHttpServerOptions(browserOptions, "/" + GlobalDaemonStateManager.DaemonSecret))); GlobalDaemonStateManager.FileBrowserHttpsPortNumber = httpsPort; } } catch (Exception ex) { ex._Debug(); this._DisposeSafe(); throw; } }