dohertj2/mxaccessgw
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

feat(gateway): detect HTTPS endpoints missing a certificate

Browse Source
This commit is contained in:
Joseph Doherty
2026-06-01 07:08:12 -04:00
parent c4e7ddea70
commit e912ef960c
2 changed files with 71 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/ZB.MOM.WW.MxGateway.Server/Security/Tls/KestrelTlsInspector.cs
+37
View File
@@ -0,0 +1,37 @@
using Microsoft.Extensions.Configuration;
namespace ZB.MOM.WW.MxGateway.Server.Security.Tls;
/// <summary>
/// Inspects the Kestrel configuration to decide whether the gateway must supply
/// a generated default certificate (an HTTPS endpoint exists with no certificate
/// of its own).
/// </summary>
public static class KestrelTlsInspector
{
public static bool RequiresGeneratedCertificate(IConfiguration configuration)
{
IConfigurationSection endpoints = configuration.GetSection("Kestrel:Endpoints");
foreach (IConfigurationSection endpoint in endpoints.GetChildren())
{
string? url = endpoint["Url"];
if (string.IsNullOrWhiteSpace(url) ||
!url.StartsWith("https://", StringComparison.OrdinalIgnoreCase))
{
continue;
}
IConfigurationSection certificate = endpoint.GetSection("Certificate");
bool hasOwnCertificate =
!string.IsNullOrWhiteSpace(certificate["Path"]) ||
!string.IsNullOrWhiteSpace(certificate["Subject"]);
if (!hasOwnCertificate)
{
return true;
}
}
return false;
}
}