-
Notifications
You must be signed in to change notification settings - Fork 4
/
SslProxyExtensions.cs
67 lines (58 loc) · 3.31 KB
/
SslProxyExtensions.cs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
// The Sisk Framework source code
// Copyright (c) 2024- PROJECT PRINCIPIUM and all Sisk contributors
//
// The code below is licensed under the MIT license as
// of the date of its publication, available at
//
// File name: SslProxyExtensions.cs
// Repository: https://github.com/sisk-http/core
using System.Security.Authentication;
using System.Security.Cryptography.X509Certificates;
using System.Text;
using Sisk.Core.Http.Hosting;
namespace Sisk.Ssl;
/// <summary>
/// Provides extension methods for <see cref="SslProxy"/>.
/// </summary>
public static class SslProxyExtensions {
/// <summary>
/// Configures the <see cref="HttpServerHostContext"/> to use <see cref="SslProxy"/> with the specified parameters.
/// </summary>
/// <param name="builder">The <see cref="HttpServerHostContextBuilder"/> instance to configure.</param>
/// <param name="sslListeningPort">The port number on which the server will listen for SSL/HTTPS connections.</param>
/// <param name="certificate">Optional. The SSL/HTTPS certificate to use for encrypting communications.</param>
/// <param name="allowedProtocols">Optional. The SSL/HTTPS protocols allowed for the connection. Defaults to <see cref="SslProtocols.Tls12"/> and <see cref="SslProtocols.Tls13"/>.</param>
/// <param name="clientCertificateRequired">Optional. Specifies whether a client certificate is required for authentication. Defaults to <c>false</c>.</param>
/// <param name="proxyAuthorization">Optional. Specifies the Proxy-Authorization header value for creating an trusted gateway between
/// the application and the proxy.</param>
/// <param name="onlyUseIPv4">Optional. Specifies whether DNS Resolve may also use IPv6 addresses or should only use IPv4 addresses</param>
/// <returns>The configured <see cref="HttpServerHostContextBuilder"/> instance.</returns>
public static HttpServerHostContextBuilder UseSsl (
this HttpServerHostContextBuilder builder,
short sslListeningPort,
X509Certificate? certificate = null,
SslProtocols allowedProtocols = SslProtocols.Tls12 | SslProtocols.Tls13,
bool clientCertificateRequired = false,
object? proxyAuthorization = null,
bool onlyUseIPv4 = false ) {
var primaryHost = builder.ServerConfiguration.ListeningHosts [ 0 ];
var primaryPort = primaryHost.Ports [ 0 ];
var usableHosts = primaryHost.Ports.Select ( p => p.Hostname );
var endpoint = DnsUtil.ResolveEndpoint ( primaryPort, onlyUseIPv4 );
if (certificate is null) {
certificate = CertificateUtil.CreateTrustedDevelopmentCertificate ( [ "localhost", .. usableHosts ] );
}
var secureProxy = new SslProxy ( sslListeningPort, certificate, endpoint );
secureProxy.GatewayHostname = primaryPort.Hostname;
secureProxy.ProxyAuthorization = proxyAuthorization?.ToString ();
var serverHandler = new SslProxyServerHandler ( secureProxy );
builder.UseHandler ( serverHandler );
StringBuilder sb = new StringBuilder ();
sb.AppendLine ( "The development SSL proxy is listening at:" );
foreach (var usableHost in usableHosts) {
sb.AppendLine ( $"- https://{usableHost}:{sslListeningPort}/" );
}
builder.UseStartupMessage ( sb.ToString () );
return builder;
}
}