-
Notifications
You must be signed in to change notification settings - Fork 2k
/
HostingExtensions.ISiloBuilder.cs
144 lines (129 loc) · 5.29 KB
/
HostingExtensions.ISiloBuilder.cs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
using System;
using System.Security.Cryptography.X509Certificates;
using Orleans.Configuration;
using Orleans.Connections.Security;
namespace Orleans.Hosting
{
public static partial class OrleansConnectionSecurityHostingExtensions
{
/// <summary>
/// Configures TLS.
/// </summary>
/// <param name="builder">The builder to configure.</param>
/// <param name="storeName">The certificate store to load the certificate from.</param>
/// <param name="subject">The subject name for the certificate to load.</param>
/// <param name="allowInvalid">Indicates if invalid certificates should be considered, such as self-signed certificates.</param>
/// <param name="location">The store location to load the certificate from.</param>
/// <param name="configureOptions">An Action to configure the <see cref="TlsOptions"/>.</param>
/// <returns>The builder.</returns>
public static ISiloBuilder UseTls(
this ISiloBuilder builder,
StoreName storeName,
string subject,
bool allowInvalid,
StoreLocation location,
Action<TlsOptions> configureOptions)
{
if (configureOptions is null)
{
throw new ArgumentNullException(nameof(configureOptions));
}
return builder.UseTls(
CertificateLoader.LoadFromStoreCert(subject, storeName.ToString(), location, allowInvalid, server: true),
configureOptions);
}
/// <summary>
/// Configures TLS.
/// </summary>
/// <param name="builder">The builder to configure.</param>
/// <param name="certificate">The server certificate.</param>
/// <param name="configureOptions">An Action to configure the <see cref="TlsOptions"/>.</param>
/// <returns>The builder.</returns>
public static ISiloBuilder UseTls(
this ISiloBuilder builder,
X509Certificate2 certificate,
Action<TlsOptions> configureOptions)
{
if (certificate is null)
{
throw new ArgumentNullException(nameof(certificate));
}
if (configureOptions is null)
{
throw new ArgumentNullException(nameof(configureOptions));
}
if (!certificate.HasPrivateKey)
{
TlsConnectionBuilderExtensions.ThrowNoPrivateKey(certificate, nameof(certificate));
}
return builder.UseTls(options =>
{
options.LocalCertificate = certificate;
configureOptions(options);
});
}
/// <summary>
/// Configures TLS.
/// </summary>
/// <param name="builder">The builder to configure.</param>
/// <param name="certificate">The server certificate.</param>
/// <returns>The builder.</returns>
public static ISiloBuilder UseTls(
this ISiloBuilder builder,
X509Certificate2 certificate)
{
if (certificate is null)
{
throw new ArgumentNullException(nameof(certificate));
}
if (!certificate.HasPrivateKey)
{
TlsConnectionBuilderExtensions.ThrowNoPrivateKey(certificate, nameof(certificate));
}
return builder.UseTls(options =>
{
options.LocalCertificate = certificate;
});
}
/// <summary>
/// Configures TLS.
/// </summary>
/// <param name="builder">The builder to configure.</param>
/// <param name="configureOptions">An Action to configure the <see cref="TlsOptions"/>.</param>
/// <returns>The builder.</returns>
public static ISiloBuilder UseTls(
this ISiloBuilder builder,
Action<TlsOptions> configureOptions)
{
if (configureOptions is null)
{
throw new ArgumentNullException(nameof(configureOptions));
}
var options = new TlsOptions();
configureOptions(options);
if (options.LocalCertificate is null && options.LocalServerCertificateSelector is null)
{
throw new InvalidOperationException("No certificate specified");
}
if (options.LocalCertificate is X509Certificate2 certificate && !certificate.HasPrivateKey)
{
TlsConnectionBuilderExtensions.ThrowNoPrivateKey(certificate, $"{nameof(TlsOptions)}.{nameof(TlsOptions.LocalCertificate)}");
}
return builder.Configure<SiloConnectionOptions>(connectionOptions =>
{
connectionOptions.ConfigureSiloInboundConnection(connectionBuilder =>
{
connectionBuilder.UseServerTls(options);
});
connectionOptions.ConfigureGatewayInboundConnection(connectionBuilder =>
{
connectionBuilder.UseServerTls(options);
});
connectionOptions.ConfigureSiloOutboundConnection(connectionBuilder =>
{
connectionBuilder.UseClientTls(options);
});
});
}
}
}