#81 Move CertificateLoader to Hosting
This commit is contained in:
Chris R
parent
e3366c7640
commit
b04be188c0
|
|
@ -1,6 +1,6 @@
|
|||
Microsoft Visual Studio Solution File, Format Version 12.00
|
||||
# Visual Studio 15
|
||||
VisualStudioVersion = 15.0.26507.0
|
||||
VisualStudioVersion = 15.0.26524.0
|
||||
MinimumVisualStudioVersion = 10.0.40219.1
|
||||
Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "src", "src", "{ED834E68-51C3-4ADE-ACC8-6BA6D4207C09}"
|
||||
EndProject
|
||||
|
|
@ -10,6 +10,7 @@ Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Microsoft.AspNetCore.All",
|
|||
EndProject
|
||||
Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Solution Items", "Solution Items", "{97D53BEB-A511-4FBE-B784-AB407D9A219F}"
|
||||
ProjectSection(SolutionItems) = preProject
|
||||
NuGet.config = NuGet.config
|
||||
version.props = version.props
|
||||
EndProjectSection
|
||||
EndProject
|
||||
|
|
|
|||
|
|
@ -55,6 +55,7 @@
|
|||
</ItemDefinitionGroup>
|
||||
|
||||
<ItemGroup>
|
||||
<MetaPackagePackageReference Include="Microsoft.AspNetCore.Certificates.Configuration" />
|
||||
<MetaPackagePackageReference Include="Microsoft.AspNetCore.Diagnostics" />
|
||||
<MetaPackagePackageReference Include="Microsoft.AspNetCore.Hosting" />
|
||||
<MetaPackagePackageReference Include="Microsoft.AspNetCore.Routing" />
|
||||
|
|
|
|||
|
|
@ -1,15 +0,0 @@
|
|||
// Copyright (c) .NET Foundation. All rights reserved.
|
||||
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
|
||||
|
||||
using System.Security.Cryptography.X509Certificates;
|
||||
|
||||
namespace Microsoft.AspNetCore
|
||||
{
|
||||
internal class CertificateFileLoader : ICertificateFileLoader
|
||||
{
|
||||
public X509Certificate2 Load(string path, string password, X509KeyStorageFlags flags)
|
||||
{
|
||||
return new X509Certificate2(path, password, flags);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -1,248 +0,0 @@
|
|||
// Copyright (c) .NET Foundation. All rights reserved.
|
||||
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
|
||||
|
||||
using System;
|
||||
using System.Collections.Generic;
|
||||
using System.Linq;
|
||||
using System.Security.Cryptography.X509Certificates;
|
||||
using Microsoft.Extensions.Configuration;
|
||||
using Microsoft.Extensions.Logging;
|
||||
|
||||
namespace Microsoft.AspNetCore
|
||||
{
|
||||
/// <summary>
|
||||
/// A helper class to load certificates from files and certificate stores based on <seealso cref="IConfiguration"/> data.
|
||||
/// </summary>
|
||||
public class CertificateLoader
|
||||
{
|
||||
private readonly IConfiguration _certificatesConfiguration;
|
||||
private readonly string _environmentName;
|
||||
private readonly ICertificateFileLoader _certificateFileLoader;
|
||||
private readonly ICertificateStoreLoader _certificateStoreLoader;
|
||||
private readonly ILogger _logger;
|
||||
|
||||
/// <summary>
|
||||
/// Creates a new instance of <see cref="CertificateLoader"/> that can load certificate references from configuration.
|
||||
/// </summary>
|
||||
/// <param name="certificatesConfiguration">An <see cref="IConfiguration"/> with information about certificates.</param>
|
||||
public CertificateLoader(IConfiguration certificatesConfiguration)
|
||||
: this(certificatesConfiguration, null, null)
|
||||
{
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// Creates a new instance of <see cref="CertificateLoader"/> that can load certificate references from configuration.
|
||||
/// </summary>
|
||||
/// <param name="certificatesConfiguration">An <see cref="IConfiguration"/> with information about certificates.</param>
|
||||
/// <param name="loggerFactory">An <see cref="ILoggerFactory"/> instance.</param>
|
||||
public CertificateLoader(IConfiguration certificatesConfiguration, ILoggerFactory loggerFactory)
|
||||
: this(certificatesConfiguration, loggerFactory, null)
|
||||
{
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// Creates a new instance of <see cref="CertificateLoader"/> that can load certificate references from configuration.
|
||||
/// </summary>
|
||||
/// <param name="certificatesConfiguration">An <see cref="IConfiguration"/> with information about certificates.</param>
|
||||
/// <param name="loggerFactory">An <see cref="ILoggerFactory"/> instance.</param>
|
||||
/// <param name="environmentName">The name of the environment the application is running in.</param>
|
||||
public CertificateLoader(IConfiguration certificatesConfiguration, ILoggerFactory loggerFactory, string environmentName)
|
||||
: this(certificatesConfiguration, loggerFactory, environmentName, new CertificateFileLoader(), new CertificateStoreLoader())
|
||||
{
|
||||
}
|
||||
|
||||
internal CertificateLoader(
|
||||
IConfiguration certificatesConfiguration,
|
||||
ILoggerFactory loggerFactory,
|
||||
string environmentName,
|
||||
ICertificateFileLoader certificateFileLoader,
|
||||
ICertificateStoreLoader certificateStoreLoader)
|
||||
{
|
||||
_environmentName = environmentName;
|
||||
_certificatesConfiguration = certificatesConfiguration;
|
||||
_certificateFileLoader = certificateFileLoader;
|
||||
_certificateStoreLoader = certificateStoreLoader;
|
||||
_logger = loggerFactory?.CreateLogger("Microsoft.AspNetCore.CertificateLoader");
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// Loads one or more certificates based on the information found in a configuration section.
|
||||
/// </summary>
|
||||
/// <param name="certificateConfiguration">A configuration section containing either a string value referencing certificates
|
||||
/// by name, or one or more inline certificate specifications.
|
||||
/// </param>
|
||||
/// <returns>One or more loaded certificates.</returns>
|
||||
public IEnumerable<X509Certificate2> Load(IConfigurationSection certificateConfiguration)
|
||||
{
|
||||
var certificateNames = certificateConfiguration.Value;
|
||||
var certificates = new List<X509Certificate2>();
|
||||
|
||||
if (certificateNames != null)
|
||||
{
|
||||
foreach (var certificateName in certificateNames.Split(';'))
|
||||
{
|
||||
var certificate = LoadSingle(certificateName);
|
||||
if (certificate != null)
|
||||
{
|
||||
certificates.Add(certificate);
|
||||
}
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
if (certificateConfiguration["Source"] != null)
|
||||
{
|
||||
var certificate = LoadSingle(certificateConfiguration);
|
||||
if (certificate != null)
|
||||
{
|
||||
certificates.Add(certificate);
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
certificates.AddRange(LoadMultiple(certificateConfiguration));
|
||||
}
|
||||
}
|
||||
|
||||
return certificates;
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// Loads a certificate by name.
|
||||
/// </summary>
|
||||
/// <param name="certificateName">The certificate name.</param>
|
||||
/// <returns>The loaded certificate</returns>
|
||||
/// <remarks>This method only works if the <see cref="CertificateLoader"/> instance was constructed with
|
||||
/// a reference to an <see cref="IConfiguration"/> instance containing named certificates.
|
||||
/// </remarks>
|
||||
private X509Certificate2 LoadSingle(string certificateName)
|
||||
{
|
||||
var certificateConfiguration = _certificatesConfiguration?.GetSection(certificateName);
|
||||
|
||||
if (!certificateConfiguration.Exists())
|
||||
{
|
||||
var environmentName = _environmentName != null ? $" ({_environmentName})" : "";
|
||||
throw new KeyNotFoundException($"No certificate named '{certificateName}' found in configuration for the current environment{environmentName}.");
|
||||
}
|
||||
|
||||
return LoadSingle(certificateConfiguration);
|
||||
}
|
||||
|
||||
private X509Certificate2 LoadSingle(IConfigurationSection certificateConfiguration)
|
||||
{
|
||||
var sourceKind = certificateConfiguration["Source"];
|
||||
|
||||
CertificateSource certificateSource;
|
||||
switch (sourceKind.ToLowerInvariant())
|
||||
{
|
||||
case "file":
|
||||
certificateSource = new CertificateFileSource(_certificateFileLoader);
|
||||
break;
|
||||
case "store":
|
||||
certificateSource = new CertificateStoreSource(_certificateStoreLoader, _logger);
|
||||
break;
|
||||
default:
|
||||
throw new InvalidOperationException($"Invalid certificate source kind '{sourceKind}'.");
|
||||
}
|
||||
|
||||
certificateConfiguration.Bind(certificateSource);
|
||||
|
||||
return certificateSource.Load();
|
||||
}
|
||||
|
||||
private IEnumerable<X509Certificate2> LoadMultiple(IConfigurationSection certificatesConfiguration)
|
||||
=> certificatesConfiguration.GetChildren()
|
||||
.Select(LoadSingle)
|
||||
.Where(c => c != null);
|
||||
|
||||
private abstract class CertificateSource
|
||||
{
|
||||
public string Source { get; set; }
|
||||
|
||||
public abstract X509Certificate2 Load();
|
||||
}
|
||||
|
||||
private class CertificateFileSource : CertificateSource
|
||||
{
|
||||
private ICertificateFileLoader _certificateFileLoader;
|
||||
|
||||
public CertificateFileSource(ICertificateFileLoader certificateFileLoader)
|
||||
{
|
||||
_certificateFileLoader = certificateFileLoader;
|
||||
}
|
||||
|
||||
public string Path { get; set; }
|
||||
|
||||
public string Password { get; set; }
|
||||
|
||||
public override X509Certificate2 Load()
|
||||
{
|
||||
var certificate = TryLoad(X509KeyStorageFlags.DefaultKeySet, out var error)
|
||||
?? TryLoad(X509KeyStorageFlags.UserKeySet, out error)
|
||||
#if NETCOREAPP2_0
|
||||
?? TryLoad(X509KeyStorageFlags.EphemeralKeySet, out error)
|
||||
#elif NET461
|
||||
#else
|
||||
#error target frameworks need to be updated
|
||||
#endif
|
||||
;
|
||||
|
||||
if (error != null)
|
||||
{
|
||||
throw new InvalidOperationException($"Unable to load certificate from file '{Path}'. Error details: '{error.Message}'.", error);
|
||||
}
|
||||
|
||||
return certificate;
|
||||
}
|
||||
|
||||
private X509Certificate2 TryLoad(X509KeyStorageFlags flags, out Exception exception)
|
||||
{
|
||||
try
|
||||
{
|
||||
var loadedCertificate = _certificateFileLoader.Load(Path, Password, flags);
|
||||
exception = null;
|
||||
return loadedCertificate;
|
||||
}
|
||||
catch (Exception e)
|
||||
{
|
||||
exception = e;
|
||||
return null;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
private class CertificateStoreSource : CertificateSource
|
||||
{
|
||||
private readonly ICertificateStoreLoader _certificateStoreLoader;
|
||||
private readonly ILogger _logger;
|
||||
|
||||
public CertificateStoreSource(ICertificateStoreLoader certificateStoreLoader, ILogger logger)
|
||||
{
|
||||
_certificateStoreLoader = certificateStoreLoader;
|
||||
_logger = logger;
|
||||
}
|
||||
|
||||
public string Subject { get; set; }
|
||||
public string StoreName { get; set; }
|
||||
public string StoreLocation { get; set; }
|
||||
public bool AllowInvalid { get; set; }
|
||||
|
||||
public override X509Certificate2 Load()
|
||||
{
|
||||
if (!Enum.TryParse(StoreLocation, ignoreCase: true, result: out StoreLocation storeLocation))
|
||||
{
|
||||
throw new InvalidOperationException($"The certificate store location '{StoreLocation}' is invalid.");
|
||||
}
|
||||
|
||||
var certificate = _certificateStoreLoader.Load(Subject, StoreName, storeLocation, !AllowInvalid);
|
||||
|
||||
if (certificate == null)
|
||||
{
|
||||
_logger?.LogWarning($"Unable to find a matching certificate for subject '{Subject}' in store '{StoreName}' in '{StoreLocation}'.");
|
||||
}
|
||||
|
||||
return certificate;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -1,56 +0,0 @@
|
|||
// Copyright (c) .NET Foundation. All rights reserved.
|
||||
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
|
||||
|
||||
using System.Linq;
|
||||
using System.Security.Cryptography.X509Certificates;
|
||||
|
||||
namespace Microsoft.AspNetCore
|
||||
{
|
||||
internal class CertificateStoreLoader : ICertificateStoreLoader
|
||||
{
|
||||
public X509Certificate2 Load(string subject, string storeName, StoreLocation storeLocation, bool validOnly)
|
||||
{
|
||||
using (var store = new X509Store(storeName, storeLocation))
|
||||
{
|
||||
X509Certificate2Collection storeCertificates = null;
|
||||
X509Certificate2Collection foundCertificates = null;
|
||||
X509Certificate2 foundCertificate = null;
|
||||
|
||||
try
|
||||
{
|
||||
store.Open(OpenFlags.ReadOnly);
|
||||
storeCertificates = store.Certificates;
|
||||
foundCertificates = storeCertificates.Find(X509FindType.FindBySubjectDistinguishedName, subject, validOnly);
|
||||
foundCertificate = foundCertificates
|
||||
.OfType<X509Certificate2>()
|
||||
.OrderByDescending(certificate => certificate.NotAfter)
|
||||
.FirstOrDefault();
|
||||
|
||||
return foundCertificate;
|
||||
}
|
||||
finally
|
||||
{
|
||||
if (foundCertificate != null)
|
||||
{
|
||||
storeCertificates.Remove(foundCertificate);
|
||||
foundCertificates.Remove(foundCertificate);
|
||||
}
|
||||
|
||||
DisposeCertificates(storeCertificates);
|
||||
DisposeCertificates(foundCertificates);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
private void DisposeCertificates(X509Certificate2Collection certificates)
|
||||
{
|
||||
if (certificates != null)
|
||||
{
|
||||
foreach (var certificate in certificates)
|
||||
{
|
||||
certificate.Dispose();
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -1,12 +0,0 @@
|
|||
// Copyright (c) .NET Foundation. All rights reserved.
|
||||
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
|
||||
|
||||
using System.Security.Cryptography.X509Certificates;
|
||||
|
||||
namespace Microsoft.AspNetCore
|
||||
{
|
||||
internal interface ICertificateFileLoader
|
||||
{
|
||||
X509Certificate2 Load(string path, string password, X509KeyStorageFlags flags);
|
||||
}
|
||||
}
|
||||
|
|
@ -1,12 +0,0 @@
|
|||
// Copyright (c) .NET Foundation. All rights reserved.
|
||||
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
|
||||
|
||||
using System.Security.Cryptography.X509Certificates;
|
||||
|
||||
namespace Microsoft.AspNetCore
|
||||
{
|
||||
internal interface ICertificateStoreLoader
|
||||
{
|
||||
X509Certificate2 Load(string subject, string storeName, StoreLocation storeLocation, bool validOnly);
|
||||
}
|
||||
}
|
||||
|
|
@ -6,6 +6,7 @@ using System.Collections.Generic;
|
|||
using System.Linq;
|
||||
using System.Net;
|
||||
using System.Security.Cryptography.X509Certificates;
|
||||
using Microsoft.AspNetCore.Certificates.Configuration;
|
||||
using Microsoft.AspNetCore.Hosting;
|
||||
using Microsoft.AspNetCore.Server.Kestrel.Core;
|
||||
using Microsoft.Extensions.Configuration;
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@
|
|||
<Import Project="..\..\build\common.props" />
|
||||
|
||||
<PropertyGroup>
|
||||
<TargetFrameworks>netcoreapp2.0;net461</TargetFrameworks>
|
||||
<TargetFrameworks>netstandard2.0</TargetFrameworks>
|
||||
<PackageTags>aspnetcore</PackageTags>
|
||||
<Description>Microsoft.AspNetCore</Description>
|
||||
<GenerateDocumentationFile>true</GenerateDocumentationFile>
|
||||
|
|
|
|||
|
|
@ -1,7 +0,0 @@
|
|||
// Copyright (c) .NET Foundation. All rights reserved.
|
||||
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
|
||||
|
||||
using System.Runtime.CompilerServices;
|
||||
|
||||
[assembly: InternalsVisibleTo("Microsoft.AspNetCore.FunctionalTests, PublicKey=0024000004800000940000000602000000240000525341310004000001000100f33a29044fa9d740c9b3213a93e57c84b472c84e0b8a0e1ae48e67a9f8f6de9d5f7f3d52ac23e48ac51801f1dc950abe901da34d2a9e3baadb141a17c77ef3c565dd5ee5054b91cf63bb3c6ab83f72ab3aafe93d0fc3c2348b764fafb0b1c0733de51459aeab46580384bf9d74c4e28164b7cde247f891ba07891c9d872ad2bb")]
|
||||
[assembly: InternalsVisibleTo("DynamicProxyGenAssembly2, PublicKey=0024000004800000940000000602000000240000525341310004000001000100c547cac37abd99c8db225ef2f6c8a3602f3b3606cc9891605d02baa56104f4cfc0734aa39b93bf7852f7d9266654753cc297e7d2edfe0bac1cdcf9f717241550e0a7b191195b7667bb4f64bcb8e2121380fd1d9d46ad2d92d2d15605093924cceaf74c4861eff62abf69b9291ed0a340e113be11e6a7d3113e92484cf7045cc7")]
|
||||
File diff suppressed because it is too large
Load Diff
Loading…
Reference in New Issue