Add TLS Filter sample #2251

2018-06-19 10:42:44 -07:00 · 2018-06-19 10:42:44 -07:00 · 99f1db7bdc
parent c498f03cb4
commit 99f1db7bdc
1 changed files with 38 additions and 0 deletions
--- a/samples/Http2SampleApp/Program.cs
+++ b/samples/Http2SampleApp/Program.cs
@ -1,8 +1,12 @@
 using System;
 using System.IO;
 using System.Net;
+using System.Security.Authentication;
+using System.Threading.Tasks;
+using Microsoft.AspNetCore.Connections.Features;
 using Microsoft.AspNetCore.Hosting;
 using Microsoft.AspNetCore.Server.Kestrel.Core;
+using Microsoft.AspNetCore.Server.Kestrel.Core.Adapter.Internal;
 using Microsoft.AspNetCore.Server.Kestrel.Transport.Abstractions.Internal;
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.Logging;
@ -32,6 +36,7 @@ namespace Http2SampleApp
                        listenOptions.Protocols = HttpProtocols.Http1AndHttp2;
                        listenOptions.UseHttps("testCert.pfx", "testPassword");
                        listenOptions.UseConnectionLogging();
+                        listenOptions.ConnectionAdapters.Add(new TlsFilterAdapter());
                    });
                })
                .UseContentRoot(Directory.GetCurrentDirectory())
@ -39,5 +44,38 @@ namespace Http2SampleApp

            hostBuilder.Build().Run();
        }
+
+        // https://tools.ietf.org/html/rfc7540#appendix-A
+        // Allows filtering TLS handshakes on a per connection basis
+        private class TlsFilterAdapter : IConnectionAdapter
+        {
+            public bool IsHttps => false;
+
+            public Task<IAdaptedConnection> OnConnectionAsync(ConnectionAdapterContext context)
+            {
+                var tlsFeature = context.Features.Get<ITlsHandshakeFeature>();
+
+                if (tlsFeature.CipherAlgorithm == CipherAlgorithmType.Null)
+                {
+                    throw new NotSupportedException("Prohibited cipher: " + tlsFeature.CipherAlgorithm);
+                }
+
+                return Task.FromResult<IAdaptedConnection>(new AdaptedConnection(context.ConnectionStream));
+            }
+
+            private class AdaptedConnection : IAdaptedConnection
+            {
+                public AdaptedConnection(Stream adaptedStream)
+                {
+                    ConnectionStream = adaptedStream;
+                }
+
+                public Stream ConnectionStream { get; }
+
+                public void Dispose()
+                {
+                }
+            }
+        }
    }
 }