feat(gateway): supply generated cert as Kestrel HTTPS default

2026-06-01 07:30:26 -04:00
parent cdfad420bb
commit 3775f6bf3b
2 changed files with 98 additions and 0 deletions
@@ -1,4 +1,6 @@
+using System.Security.Cryptography.X509Certificates;
 using Microsoft.AspNetCore.Hosting.StaticWebAssets;
+using Microsoft.Extensions.Logging;
 using ZB.MOM.WW.MxGateway.Contracts;
 using ZB.MOM.WW.MxGateway.Server.Alarms;
 using ZB.MOM.WW.MxGateway.Server.Configuration;
@@ -55,6 +57,8 @@ public static class GatewayApplication
        });
        StaticWebAssetsLoader.UseStaticWebAssets(builder.Environment, builder.Configuration);

+        ConfigureSelfSignedTls(builder);
+
        builder.Services.AddGatewayConfiguration();
        builder.Services.AddSqliteAuthStore();
        builder.Services.AddGatewayGrpcAuthorization();
@@ -72,6 +76,28 @@ public static class GatewayApplication
        return builder;
    }

+    private static void ConfigureSelfSignedTls(WebApplicationBuilder builder)
+    {
+        if (!Security.Tls.KestrelTlsInspector.RequiresGeneratedCertificate(builder.Configuration))
+        {
+            return;
+        }
+
+        Configuration.TlsOptions tlsOptions =
+            builder.Configuration.GetSection("MxGateway:Tls").Get<Configuration.TlsOptions>()
+            ?? new Configuration.TlsOptions();
+
+        using ILoggerFactory loggerFactory = LoggerFactory.Create(logging => logging.AddConsole());
+        Security.Tls.SelfSignedCertificateProvider provider = new(
+            tlsOptions,
+            loggerFactory.CreateLogger<Security.Tls.SelfSignedCertificateProvider>(),
+            TimeProvider.System);
+
+        X509Certificate2 certificate = provider.LoadOrCreate();
+        builder.WebHost.ConfigureKestrel(options =>
+            options.ConfigureHttpsDefaults(https => https.ServerCertificate = certificate));
+    }
+
    private static string ResolveContentRootPath()
    {
        string? configuredContentRootPath = Environment.GetEnvironmentVariable("ASPNETCORE_CONTENTROOT");