public CertVaultCertificate(CertVault vault, CertificateStore store, CertVaultCertType certType)
{
if (certType != CertVaultCertType.DefaultCert)
{
throw new ArgumentException("certType != CertVaultCertType.Default");
}
this.Vault = vault;
this.Store = store;
this.CertType = certType;
}
public DaemonCenterServerRpcHttpHost(Server daemonCenterServer)
{
try
{
// Start Log Server
string certVaultDir = Lfs.ConfigPathStringToPhysicalDirectoryPath(@"Local/DaemonCenterRpc_CertVault/");
this.CertVault = new CertVault(certVaultDir,
new CertVaultSettings(EnsureSpecial.Yes)
{
ReloadIntervalMsecs = 3600 * 1000,
UseAcme = false,
NonAcmeEnableAutoGenerateSubjectNameCert = false,
});
PalSslServerAuthenticationOptions sslOptions = new PalSslServerAuthenticationOptions(this.CertVault.X509CertificateSelector("dummy", true), true, null);
this.DaemonCenterServer = daemonCenterServer;
JsonRpcServerConfig rpcCfg = new JsonRpcServerConfig();
HttpServerOptions httpConfig = new HttpServerOptions
{
HttpPortsList = new List <int>(),
HttpsPortsList = Consts.Ports.DaemonCenterHttps._SingleList(),
UseStaticFiles = false,
AutomaticRedirectToHttpsIfPossible = false,
HiveName = "DaemonCenterRpcHttpServer",
DenyRobots = true,
UseGlobalCertVault = false,
ServerCertSelector = (param, sni) => (X509Certificate2)(this.CertVault.X509CertificateSelector(sni, true).NativeCertificate),
};
this.HttpServer = JsonRpcHttpServerBuilder.StartServer(httpConfig, rpcCfg, this.DaemonCenterServer);
}
catch
{
this._DisposeSafe();
throw;
}
}
public CertVaultCertificate(CertVault vault, DirectoryPath dirName, CertVaultCertType certType)
{
this.Vault = vault;
if (certType.EqualsAny(CertVaultCertType.Acme, CertVaultCertType.Static, CertVaultCertType.AutoGenerated) == false)
{
throw new ArgumentOutOfRangeException("certType");
}
try
{
dirName.CreateDirectory();
}
catch { }
CertificateStore?store = null;
this.CertType = certType;
this.DirName = dirName;
if (certType == CertVaultCertType.Static || certType == CertVaultCertType.AutoGenerated)
{
// Static / auto generated cert
var files = DirName.EnumDirectory().Where(x => x.IsDirectory == false);
string?p12file = files.Where(x => x.Name._IsExtensionMatch(Consts.Extensions.Filter_Pkcs12s)).SingleOrDefault()?.FullPath;
string?certfile = files.Where(x => x.Name._IsExtensionMatch(Consts.Extensions.Filter_Certificates)).SingleOrDefault()?.FullPath;
string?keyfile = files.Where(x => x.Name._IsExtensionMatch(Consts.Extensions.Filter_Keys)).SingleOrDefault()?.FullPath;
string?passwordfile = files.Where(x => x.Name._IsSamei(Consts.FileNames.CertVault_Password)).SingleOrDefault()?.FullPath;
string?password = null;
if (passwordfile != null)
{
password = FileSystem !.ReadStringFromFile(passwordfile, oneLine: true);
if (password._IsEmpty())
{
password = null;
}
}
if (p12file != null)
{
store = new CertificateStore(FileSystem !.ReadDataFromFile(p12file).Span, password);
}
else if (certfile != null && keyfile != null)
{
store = new CertificateStore(FileSystem !.ReadDataFromFile(certfile).Span, FileSystem.ReadDataFromFile(keyfile).Span, password);
}
else
{
store = null;
}
}
else
{
// ACME cert
FilePath fileName = DirName.Combine(DirName.GetThisDirectoryName() + Consts.Extensions.Certificate_Acme);
if (fileName.IsFileExists())
{
store = new CertificateStore(fileName.ReadDataFromFile().Span, this.Vault.AcmeCertKey !);
}
else
{
store = null;
}
}
Certificate?test = store?.PrimaryContainer.CertificateList[0];
if (test != null && store != null)
{
if (test.PublicKey.Equals(store.PrimaryContainer.PrivateKey.PublicKey) == false)
{
Con.WriteDebug($"CertVault: The public key certificate in the directory '{dirName}' doesn't match to the private key.");
store = null;
}
}
this.Store = store;
}
public DaemonUtil(string daemonName, CancellationToken cancel = default) : base(cancel)
{
if (daemonName._IsEmpty())
{
throw new ArgumentNullException(nameof(daemonName));
}
daemonName = daemonName._NonNullTrim();
try
{
// 起動パラメータ
this.Params = new OneLineParams(GlobalDaemonStateManager.StartupArguments);
if (Params._HasKey(Consts.DaemonArgKeys.StartLogFileBrowser))
{
// Log Browser で利用されるべきポート番号の決定
int httpPort = Params._GetFirstValueOrDefault(Consts.DaemonArgKeys.LogFileBrowserPort, StrComparer.IgnoreCaseComparer)._ToInt();
if (httpPort == 0)
{
httpPort = Util.GenerateDynamicListenableTcpPortWithSeed(Env.DnsFqdnHostName + "_seed_daemonutil_logbrowser_http" + Env.AppRootDir + "@" + daemonName);
}
int httpsPort = Params._GetFirstValueOrDefault(Consts.DaemonArgKeys.LogFileBrowserPort, StrComparer.IgnoreCaseComparer)._ToInt();
if (httpsPort == 0)
{
httpsPort = Util.GenerateDynamicListenableTcpPortWithSeed(Env.DnsFqdnHostName + "_seed_daemonutil_logbrowser_https" + Env.AppRootDir + "@" + daemonName, excludePorts: httpPort._SingleArray());
}
// Log Browser 用の CertVault の作成
CertVault certVault = new CertVault(PP.Combine(Env.AppLocalDir, "Config/DaemonUtil_LogBrowser/CertVault"),
new CertVaultSettings(defaultSetting: EnsureSpecial.Yes)
{
UseAcme = false
});
DisposeList.Add(certVault);
// Log Browser の起動
HttpServerOptions httpServerOptions = new HttpServerOptions
{
UseStaticFiles = false,
UseSimpleBasicAuthentication = false,
HttpPortsList = httpPort._SingleList(),
HttpsPortsList = httpsPort._SingleList(),
DebugKestrelToConsole = false,
UseKestrelWithIPACoreStack = true,
AutomaticRedirectToHttpsIfPossible = false,
LocalHostOnly = false,
UseGlobalCertVault = false, // Disable Global CertVault
DisableHiveBasedSetting = true, // Disable Hive based settings
ServerCertSelector = certVault.X509CertificateSelectorForHttpsServerNoAcme,
DenyRobots = true, // Deny robots
};
LogBrowserOptions browserOptions = new LogBrowserOptions(
Env.AppRootDir,
systemTitle: $"{Env.DnsFqdnHostName}",
clientIpAcl: (ip) =>
{
// 接続元 IP アドレスの種類を取得
IPAddressType type = ip._GetIPAddressType();
if (type.Bit(IPAddressType.GlobalIp))
{
// 接続元がグローバル IP の場合
if (GlobalDaemonStateManager.IsDaemonClientLocalIpAddressGlobal == false)
{
// DaemonCenter との接続にプライベート IP を利用している場合: 接続拒否
return(false);
}
}
// それ以外の場合: 接続許可
return(true);
}
);
DisposeList.Add(LogBrowserHttpServerBuilder.StartServer(httpServerOptions, new LogBrowserHttpServerOptions(browserOptions, "/" + GlobalDaemonStateManager.DaemonSecret)));
GlobalDaemonStateManager.FileBrowserHttpsPortNumber = httpsPort;
}
}
catch (Exception ex)
{
ex._Debug();
this._DisposeSafe();
throw;
}
}