-
Notifications
You must be signed in to change notification settings - Fork 2k
/
HostingExtensions.IClientBuilder.cs
135 lines (122 loc) · 4.97 KB
/
HostingExtensions.IClientBuilder.cs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
using System;
using System.Net.Security;
using System.Security.Cryptography.X509Certificates;
using Orleans.Configuration;
using Orleans.Connections.Security;
namespace Orleans
{
public static class OrleansConnectionSecurityHostingExtensions
{
/// <summary>
/// Configures TLS.
/// </summary>
/// <param name="builder">The builder to configure.</param>
/// <param name="storeName">The certificate store to load the certificate from.</param>
/// <param name="subject">The subject name for the certificate to load.</param>
/// <param name="allowInvalid">Indicates if invalid certificates should be considered, such as self-signed certificates.</param>
/// <param name="location">The store location to load the certificate from.</param>
/// <param name="configureOptions">An Action to configure the <see cref="TlsOptions"/>.</param>
/// <returns>The builder.</returns>
public static IClientBuilder UseTls(
this IClientBuilder builder,
StoreName storeName,
string subject,
bool allowInvalid,
StoreLocation location,
Action<TlsOptions> configureOptions)
{
if (configureOptions is null)
{
throw new ArgumentNullException(nameof(configureOptions));
}
return builder.UseTls(
CertificateLoader.LoadFromStoreCert(subject, storeName.ToString(), location, allowInvalid, server: false),
configureOptions);
}
/// <summary>
/// Configures TLS.
/// </summary>
/// <param name="builder">The builder to configure.</param>
/// <param name="certificate">The server certificate.</param>
/// <param name="configureOptions">An Action to configure the <see cref="TlsOptions"/>.</param>
/// <returns>The builder.</returns>
public static IClientBuilder UseTls(
this IClientBuilder builder,
X509Certificate2 certificate,
Action<TlsOptions> configureOptions)
{
if (certificate is null)
{
throw new ArgumentNullException(nameof(certificate));
}
if (configureOptions is null)
{
throw new ArgumentNullException(nameof(configureOptions));
}
if (!certificate.HasPrivateKey)
{
TlsConnectionBuilderExtensions.ThrowNoPrivateKey(certificate, nameof(certificate));
}
return builder.UseTls(options =>
{
options.LocalCertificate = certificate;
configureOptions(options);
});
}
/// <summary>
/// Configures TLS.
/// </summary>
/// <param name="builder">The builder to configure.</param>
/// <param name="certificate">The server certificate.</param>
/// <returns>The builder.</returns>
public static IClientBuilder UseTls(
this IClientBuilder builder,
X509Certificate2 certificate)
{
if (certificate is null)
{
throw new ArgumentNullException(nameof(certificate));
}
if (!certificate.HasPrivateKey)
{
TlsConnectionBuilderExtensions.ThrowNoPrivateKey(certificate, nameof(certificate));
}
return builder.UseTls(options =>
{
options.LocalCertificate = certificate;
});
}
/// <summary>
/// Configures TLS.
/// </summary>
/// <param name="builder">The builder to configure.</param>
/// <param name="configureOptions">An Action to configure the <see cref="TlsOptions"/>.</param>
/// <returns>The builder.</returns>
public static IClientBuilder UseTls(
this IClientBuilder builder,
Action<TlsOptions> configureOptions)
{
if (configureOptions is null)
{
throw new ArgumentNullException(nameof(configureOptions));
}
var options = new TlsOptions();
configureOptions(options);
if (options.LocalCertificate is null && options.ClientCertificateMode == RemoteCertificateMode.RequireCertificate)
{
throw new InvalidOperationException("No certificate specified");
}
if (options.LocalCertificate is X509Certificate2 certificate && !certificate.HasPrivateKey)
{
TlsConnectionBuilderExtensions.ThrowNoPrivateKey(certificate, $"{nameof(TlsOptions)}.{nameof(TlsOptions.LocalCertificate)}");
}
return builder.Configure<ClientConnectionOptions>(connectionOptions =>
{
connectionOptions.ConfigureConnection(connectionBuilder =>
{
connectionBuilder.UseClientTls(options);
});
});
}
}
}