public CertificateMiddleware(ICertificatePermissionValidator certificatePermissionValidator,
SecurityOptions options)
{
_certificatePermissionValidator = certificatePermissionValidator;
_options = options.Certificate;
_allowedHosts = new HashSet <string>(_options.AllowedHosts ?? Array.Empty <string>());
_validateAcl = _options.Acl is {} && _options.Acl.Any();
public CertificateMiddleware(ICertificatePermissionValidator certificatePermissionValidator,
SecurityOptions options, ILogger <CertificateMiddleware> logger)
{
_certificatePermissionValidator = certificatePermissionValidator;
_logger = logger;
_options = options.Certificate;
_allowedHosts = new HashSet <string>(_options.AllowedHosts ?? Array.Empty <string>());
_validateAcl = _options.Acl is not null && _options.Acl.Any();
_skipRevocationCheck = options.Certificate.SkipRevocationCheck;
if (!_validateAcl)
{
return;
}
_acl = new Dictionary <string, SecurityOptions.CertificateOptions.AclOptions>();
foreach (var(key, acl) in _options.Acl)
{
if (!string.IsNullOrWhiteSpace(acl.ValidIssuer) && !acl.ValidIssuer.StartsWith("CN="))
{
acl.ValidIssuer = $"CN={acl.ValidIssuer}";
}
var subject = key.StartsWith("CN=") ? key : $"CN={key}";
if (_options.AllowSubdomains)
{
foreach (var domain in options.Certificate.AllowedDomains ?? Enumerable.Empty <string>())
{
_subjects.Add($"{subject}.{domain}", key);
}
}
_acl.Add(_subjects.Any() ? key : subject, acl);
}
}