From cda762685ab4f01f92615877f64dca08fe1eef32 Mon Sep 17 00:00:00 2001
From: Justin Kotalik <jkotalik12@gmail.com>
Date: Tue, 3 Mar 2020 20:42:46 -0800
Subject: [PATCH] Allow cert file and private key file to be passed in (#19477)

---
 .../src/Internal/QuicConnectionListener.cs             | 10 +++++++++-
 .../Kestrel/Transport.Quic/src/QuicTransportOptions.cs | 10 ++++++++++
 .../Quic/Implementations/MsQuic/Internal/MsQuicApi.cs  |  6 +++---
 src/Shared/runtime/Quic/Interop/MsQuicNativeMethods.cs |  4 ++--
 4 files changed, 24 insertions(+), 6 deletions(-)

diff --git a/src/Servers/Kestrel/Transport.Quic/src/Internal/QuicConnectionListener.cs b/src/Servers/Kestrel/Transport.Quic/src/Internal/QuicConnectionListener.cs
index 1b36d90ab0..12af5859f6 100644
--- a/src/Servers/Kestrel/Transport.Quic/src/Internal/QuicConnectionListener.cs
+++ b/src/Servers/Kestrel/Transport.Quic/src/Internal/QuicConnectionListener.cs
@@ -29,10 +29,18 @@ namespace Microsoft.AspNetCore.Server.Kestrel.Transport.Quic.Internal
             _log = log;
             _context = new QuicTransportContext(_log, options);
             EndPoint = endpoint;
+
+            var quicListenerOptions = new QuicListenerOptions();
             var sslConfig = new SslServerAuthenticationOptions();
             sslConfig.ServerCertificate = options.Certificate;
             sslConfig.ApplicationProtocols = new List<SslApplicationProtocol>() { new SslApplicationProtocol(options.Alpn) };
-            _listener = new QuicListener(QuicImplementationProviders.MsQuic, endpoint as IPEndPoint, sslConfig);
+
+            quicListenerOptions.ServerAuthenticationOptions = sslConfig;
+            quicListenerOptions.CertificateFilePath = options.CertificateFilePath;
+            quicListenerOptions.PrivateKeyFilePath = options.PrivateKeyFilePath;
+            quicListenerOptions.ListenEndPoint = endpoint as IPEndPoint;
+
+            _listener = new QuicListener(QuicImplementationProviders.MsQuic, quicListenerOptions);
             _listener.Start();
         }
 
diff --git a/src/Servers/Kestrel/Transport.Quic/src/QuicTransportOptions.cs b/src/Servers/Kestrel/Transport.Quic/src/QuicTransportOptions.cs
index 985222d3d1..8ed5fe3dd8 100644
--- a/src/Servers/Kestrel/Transport.Quic/src/QuicTransportOptions.cs
+++ b/src/Servers/Kestrel/Transport.Quic/src/QuicTransportOptions.cs
@@ -29,6 +29,16 @@ namespace Microsoft.AspNetCore.Server.Kestrel.Transport.Quic
         /// </summary>
         public X509Certificate2 Certificate { get; set; }
 
+        /// <summary>
+        /// Optional path to certificate file to configure the security configuration.
+        /// </summary>
+        public string CertificateFilePath { get; set; }
+
+        /// <summary>
+        /// Optional path to private key file to configure the security configuration.
+        /// </summary>
+        public string PrivateKeyFilePath { get; set; }
+
         /// <summary>
         /// Sets the idle timeout for connections and streams.
         /// </summary>
diff --git a/src/Shared/runtime/Quic/Implementations/MsQuic/Internal/MsQuicApi.cs b/src/Shared/runtime/Quic/Implementations/MsQuic/Internal/MsQuicApi.cs
index fb6330c024..977af1da93 100644
--- a/src/Shared/runtime/Quic/Implementations/MsQuic/Internal/MsQuicApi.cs
+++ b/src/Shared/runtime/Quic/Implementations/MsQuic/Internal/MsQuicApi.cs
@@ -236,8 +236,8 @@ namespace System.Net.Quic.Implementations.MsQuic.Internal
                 {
                     fileParams = new MsQuicNativeMethods.CertFileParams
                     {
-                        CertificateFilePath = Marshal.StringToCoTaskMemUTF8(certFilePath),
-                        PrivateKeyFilePath = Marshal.StringToCoTaskMemUTF8(privateKeyFilePath)
+                        PrivateKeyFilePath = Marshal.StringToCoTaskMemUTF8(privateKeyFilePath),
+                        CertificateFilePath = Marshal.StringToCoTaskMemUTF8(certFilePath)
                     };
 
                     unmanagedAddr = Marshal.AllocHGlobal(Marshal.SizeOf(fileParams));
@@ -246,7 +246,7 @@ namespace System.Net.Quic.Implementations.MsQuic.Internal
                     createConfigStatus = SecConfigCreateDelegate(
                         _registrationContext,
                         (uint)QUIC_SEC_CONFIG_FLAG.CERT_FILE,
-                        certificate.Handle,
+                        unmanagedAddr,
                         null,
                         IntPtr.Zero,
                         SecCfgCreateCallbackHandler);
diff --git a/src/Shared/runtime/Quic/Interop/MsQuicNativeMethods.cs b/src/Shared/runtime/Quic/Interop/MsQuicNativeMethods.cs
index aca6b41a58..6f7edba173 100644
--- a/src/Shared/runtime/Quic/Interop/MsQuicNativeMethods.cs
+++ b/src/Shared/runtime/Quic/Interop/MsQuicNativeMethods.cs
@@ -1,4 +1,4 @@
-// Licensed to the .NET Foundation under one or more agreements.
+// Licensed to the .NET Foundation under one or more agreements.
 // The .NET Foundation licenses this file to you under the MIT license.
 // See the LICENSE file in the project root for more information.
 
@@ -481,8 +481,8 @@ namespace System.Net.Quic.Implementations.MsQuic.Internal
         [StructLayout(LayoutKind.Sequential)]
         internal struct CertFileParams
         {
-            internal IntPtr CertificateFilePath;
             internal IntPtr PrivateKeyFilePath;
+            internal IntPtr CertificateFilePath;
         }
     }
 }