Joseph Doherty
46 lines
1.6 KiB
C#
46 lines
1.6 KiB
C#
using Microsoft.Extensions.Configuration;
|
|
|
|
namespace ZB.MOM.WW.MxGateway.Server.Security.Tls;
|
|
|
|
/// <summary>
|
|
/// Inspects the Kestrel configuration to decide whether the gateway must supply
|
|
/// a generated default certificate (an HTTPS endpoint exists with no certificate
|
|
/// of its own).
|
|
/// </summary>
|
|
public static class KestrelTlsInspector
|
|
{
|
|
/// <summary>
|
|
/// Returns <see langword="true"/> when at least one HTTPS endpoint in
|
|
/// <c>Kestrel:Endpoints</c> has no certificate of its own (no
|
|
/// <c>Certificate:Path</c>, <c>Certificate:Subject</c>, or
|
|
/// <c>Certificate:Thumbprint</c>), meaning the gateway must supply a
|
|
/// generated fallback certificate.
|
|
/// </summary>
|
|
public static bool RequiresGeneratedCertificate(IConfiguration configuration)
|
|
{
|
|
IConfigurationSection endpoints = configuration.GetSection("Kestrel:Endpoints");
|
|
foreach (IConfigurationSection endpoint in endpoints.GetChildren())
|
|
{
|
|
string? url = endpoint["Url"];
|
|
if (string.IsNullOrWhiteSpace(url) ||
|
|
!url.StartsWith("https://", StringComparison.OrdinalIgnoreCase))
|
|
{
|
|
continue;
|
|
}
|
|
|
|
IConfigurationSection certificate = endpoint.GetSection("Certificate");
|
|
bool hasOwnCertificate =
|
|
!string.IsNullOrWhiteSpace(certificate["Path"]) ||
|
|
!string.IsNullOrWhiteSpace(certificate["Subject"]) ||
|
|
!string.IsNullOrWhiteSpace(certificate["Thumbprint"]);
|
|
|
|
if (!hasOwnCertificate)
|
|
{
|
|
return true;
|
|
}
|
|
}
|
|
|
|
return false;
|
|
}
|
|
}
|