adjusted certificate options

kerryjiang · kerryjiang · commit 5d74143b6003 · 2024-10-26T09:55:48.000-07:00
diff --git a/samples/ConfigSample/appsettings.tls.json b/samples/ConfigSample/appsettings.tls.json
@@ -6,8 +6,10 @@
                 "ip": "Any",
                 "port": 4040,
                 "authenticationOptions" : {
-                    "filePath": "supersocket.pfx",
-                    "password": "supersocket",
+                    "certificateOptions" : {
+                        "filePath": "supersocket.pfx",
+                        "password": "supersocket"
+                    },                    
                     "enabledSslProtocols": "Tls12"
                 }
             }
diff --git a/samples/LiveChat/appsettings.json b/samples/LiveChat/appsettings.json
@@ -19,8 +19,10 @@
             "ip": "Any",
             "port": 4041,
             "authenticationOptions": {
-                "filePath": "supersocket.pfx",
-                "password": "supersocket",
+                "certificateOptions": {
+                    "filePath": "supersocket.pfx",
+                    "password": "supersocket"
+                },
                 "enabledSslProtocols": "Tls12"
             }
         }
diff --git a/samples/WebSocketServer/appsettings.json b/samples/WebSocketServer/appsettings.json
@@ -10,8 +10,10 @@
                 "ip": "Any",
                 "port": 4041,
                 "authenticationOptions": {
-                    "filePath": "supersocket.pfx",
-                    "password": "supersocket",
+                    "certificateOptions": {
+                        "filePath": "supersocket.pfx",
+                        "password": "supersocket"
+                    },
                     "enabledSslProtocols": "Tls12"
                 }
             }
diff --git a/src/SuperSocket.Primitives/CertificateOptions.cs b/src/SuperSocket.Primitives/CertificateOptions.cs
@@ -1,12 +1,11 @@
 using System;
 using System.IO;
 using System.Linq;
-using System.Net.Security;
 using System.Security.Cryptography.X509Certificates;
 
-namespace SuperSocket
+namespace SuperSocket.Server.Abstractions
 {
-    public class ServerAuthenticationOptions : SslServerAuthenticationOptions
+    public class CertificateOptions
     {
         /// <summary>
         /// Gets the certificate file path (pfx).
@@ -46,12 +45,8 @@ public class ServerAuthenticationOptions : SslServerAuthenticationOptions
         /// </summary>
         public X509KeyStorageFlags KeyStorageFlags { get; set; }
 
-        public void EnsureCertificate()
+        public X509Certificate GetCertificate()
         {
-            // The certificate is there already
-            if (this.ServerCertificate != null)
-                return;            
-
             // load certificate from pfx file
             if (!string.IsNullOrEmpty(FilePath))
             {
@@ -62,28 +57,21 @@ public void EnsureCertificate()
                     filePath = Path.Combine(AppContext.BaseDirectory, filePath);
                 }
 
-                ServerCertificate = new X509Certificate2(filePath, Password, KeyStorageFlags);
+                return new X509Certificate2(filePath, Password, KeyStorageFlags);
             }
             else if (!string.IsNullOrEmpty(Thumbprint)) // load certificate from certificate store
             {
-                var store = new X509Store((StoreName)Enum.Parse(typeof(StoreName), StoreName), StoreLocation);
+                using var store = new X509Store((StoreName)Enum.Parse(typeof(StoreName), StoreName), StoreLocation);
 
                 store.Open(OpenFlags.ReadOnly);
 
-                ServerCertificate = store.Certificates.OfType<X509Certificate2>()
+                return store.Certificates.OfType<X509Certificate2>()
                     .FirstOrDefault(c => c.Thumbprint.Equals(Thumbprint, StringComparison.OrdinalIgnoreCase));
-
-                store.Close();
             }
             else
             {
                 throw new Exception($"Either {FilePath} or {Thumbprint} is required to load the certificate.");
             }
         }
-
-        public override string ToString()
-        {
-            return this.EnabledSslProtocols.ToString();
-        }
     }
 }
diff --git a/src/SuperSocket.Server.Abstractions/ListenOptions.cs b/src/SuperSocket.Server.Abstractions/ListenOptions.cs
@@ -1,6 +1,5 @@
 using System;
 using System.Net;
-using System.Security.Authentication;
 
 namespace SuperSocket.Server.Abstractions
 {
diff --git a/src/SuperSocket.Server.Abstractions/ServerAuthenticationOptions.cs b/src/SuperSocket.Server.Abstractions/ServerAuthenticationOptions.cs
@@ -0,0 +1,31 @@
+using System;
+using System.IO;
+using System.Linq;
+using System.Net.Security;
+using System.Security.Cryptography.X509Certificates;
+
+namespace SuperSocket.Server.Abstractions
+{
+    public class ServerAuthenticationOptions : SslServerAuthenticationOptions
+    {
+        /// <summary>
+        /// The certificate options.
+        /// </summary>
+        public CertificateOptions CertificateOptions { get; set; }
+
+        public void EnsureCertificate()
+        {
+            var certificateOptions = CertificateOptions;
+
+            if (certificateOptions != null)
+            {
+                ServerCertificate = certificateOptions.GetCertificate();
+            }
+        }
+
+        public override string ToString()
+        {
+            return EnabledSslProtocols.ToString();
+        }
+    }
+}
diff --git a/test/SuperSocket.Tests/GzipSecureHostConfigurator.cs b/test/SuperSocket.Tests/GzipSecureHostConfigurator.cs
@@ -38,8 +38,11 @@ public override void Configure(ISuperSocketHostBuilder hostBuilder)
 
                     listener.AuthenticationOptions = new ServerAuthenticationOptions
                     {
-                        FilePath = "supersocket.pfx",
-                        Password = "supersocket",
+                        CertificateOptions = new CertificateOptions
+                            {
+                                FilePath = "supersocket.pfx",
+                                Password = "supersocket"
+                            },
                         EnabledSslProtocols = GetServerEnabledSslProtocols()
                     };
                 });
diff --git a/test/SuperSocket.Tests/SecureHostConfigurator.cs b/test/SuperSocket.Tests/SecureHostConfigurator.cs
@@ -43,8 +43,11 @@ public override void Configure(ISuperSocketHostBuilder hostBuilder)
                         authenticationOptions = listener.AuthenticationOptions = new ServerAuthenticationOptions();
                     }
 
-                    authenticationOptions.FilePath = "supersocket.pfx";
-                    authenticationOptions.Password = "supersocket";
+                    authenticationOptions.CertificateOptions = new CertificateOptions
+                    {
+                        FilePath = "supersocket.pfx",
+                        Password = "supersocket"
+                    };
 
                     if (authenticationOptions.EnabledSslProtocols == SslProtocols.None)
                     {

Original file line number	Diff line number	Diff line change
`@@ -6,8 +6,10 @@`
`6`	`6`	`"ip": "Any",`
`7`	`7`	`"port": 4040,`
`8`	`8`	`"authenticationOptions" : {`
`9`		`- "filePath": "supersocket.pfx",`
`10`		`- "password": "supersocket",`
	`9`	`+ "certificateOptions" : {`
	`10`	`+ "filePath": "supersocket.pfx",`
	`11`	`+ "password": "supersocket"`
	`12`	`+ },`
`11`	`13`	`"enabledSslProtocols": "Tls12"`
`12`	`14`	`}`
`13`	`15`	`}`
Original file line number	Diff line number	Diff line change
`@@ -19,8 +19,10 @@`
`19`	`19`	`"ip": "Any",`
`20`	`20`	`"port": 4041,`
`21`	`21`	`"authenticationOptions": {`
`22`		`- "filePath": "supersocket.pfx",`
`23`		`- "password": "supersocket",`
	`22`	`+ "certificateOptions": {`
	`23`	`+ "filePath": "supersocket.pfx",`
	`24`	`+ "password": "supersocket"`
	`25`	`+ },`
`24`	`26`	`"enabledSslProtocols": "Tls12"`
`25`	`27`	`}`
`26`	`28`	`}`
Original file line number	Diff line number	Diff line change
`@@ -10,8 +10,10 @@`
`10`	`10`	`"ip": "Any",`
`11`	`11`	`"port": 4041,`
`12`	`12`	`"authenticationOptions": {`
`13`		`- "filePath": "supersocket.pfx",`
`14`		`- "password": "supersocket",`
	`13`	`+ "certificateOptions": {`
	`14`	`+ "filePath": "supersocket.pfx",`
	`15`	`+ "password": "supersocket"`
	`16`	`+ },`
`15`	`17`	`"enabledSslProtocols": "Tls12"`
`16`	`18`	`}`
`17`	`19`	`}`
Original file line number	Diff line number	Diff line change
`@@ -1,12 +1,11 @@`
`1`	`1`	`using System;`
`2`	`2`	`using System.IO;`
`3`	`3`	`using System.Linq;`
`4`		`-using System.Net.Security;`
`5`	`4`	`using System.Security.Cryptography.X509Certificates;`
`6`	`5`
`7`		`-namespace SuperSocket`
	`6`	`+namespace SuperSocket.Server.Abstractions`
`8`	`7`	`{`
`9`		`- public class ServerAuthenticationOptions : SslServerAuthenticationOptions`
	`8`	`+ public class CertificateOptions`
`10`	`9`	`{`
`11`	`10`	`/// <summary>`
`12`	`11`	`/// Gets the certificate file path (pfx).`
`@@ -46,12 +45,8 @@ public class ServerAuthenticationOptions : SslServerAuthenticationOptions`
`46`	`45`	`/// </summary>`
`47`	`46`	`public X509KeyStorageFlags KeyStorageFlags { get; set; }`
`48`	`47`
`49`		`- public void EnsureCertificate()`
	`48`	`+ public X509Certificate GetCertificate()`
`50`	`49`	`{`
`51`		`- // The certificate is there already`
`52`		`- if (this.ServerCertificate != null)`
`53`		`- return;`
`54`		`-`
`55`	`50`	`// load certificate from pfx file`
`56`	`51`	`if (!string.IsNullOrEmpty(FilePath))`
`57`	`52`	`{`
`@@ -62,28 +57,21 @@ public void EnsureCertificate()`
`62`	`57`	`filePath = Path.Combine(AppContext.BaseDirectory, filePath);`
`63`	`58`	`}`
`64`	`59`
`65`		`- ServerCertificate = new X509Certificate2(filePath, Password, KeyStorageFlags);`
	`60`	`+ return new X509Certificate2(filePath, Password, KeyStorageFlags);`
`66`	`61`	`}`
`67`	`62`	`else if (!string.IsNullOrEmpty(Thumbprint)) // load certificate from certificate store`
`68`	`63`	`{`
`69`		`- var store = new X509Store((StoreName)Enum.Parse(typeof(StoreName), StoreName), StoreLocation);`
	`64`	`+ using var store = new X509Store((StoreName)Enum.Parse(typeof(StoreName), StoreName), StoreLocation);`
`70`	`65`
`71`	`66`	`store.Open(OpenFlags.ReadOnly);`
`72`	`67`
`73`		`- ServerCertificate = store.Certificates.OfType<X509Certificate2>()`
	`68`	`+ return store.Certificates.OfType<X509Certificate2>()`
`74`	`69`	`.FirstOrDefault(c => c.Thumbprint.Equals(Thumbprint, StringComparison.OrdinalIgnoreCase));`
`75`		`-`
`76`		`- store.Close();`
`77`	`70`	`}`
`78`	`71`	`else`
`79`	`72`	`{`
`80`	`73`	`throw new Exception($"Either {FilePath} or {Thumbprint} is required to load the certificate.");`
`81`	`74`	`}`
`82`	`75`	`}`
`83`		`-`
`84`		`- public override string ToString()`
`85`		`- {`
`86`		`- return this.EnabledSslProtocols.ToString();`
`87`		`- }`
`88`	`76`	`}`
`89`	`77`	`}`
Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,5 @@`
`1`	`1`	`using System;`
`2`	`2`	`using System.Net;`
`3`		`-using System.Security.Authentication;`
`4`	`3`
`5`	`4`	`namespace SuperSocket.Server.Abstractions`
`6`	`5`	`{`
Original file line number	Diff line number	Diff line change
`@@ -43,8 +43,11 @@ public override void Configure(ISuperSocketHostBuilder hostBuilder)`
`43`	`43`	`authenticationOptions = listener.AuthenticationOptions = new ServerAuthenticationOptions();`
`44`	`44`	`}`
`45`	`45`
`46`		`- authenticationOptions.FilePath = "supersocket.pfx";`
`47`		`- authenticationOptions.Password = "supersocket";`
	`46`	`+ authenticationOptions.CertificateOptions = new CertificateOptions`
	`47`	`+ {`
	`48`	`+ FilePath = "supersocket.pfx",`
	`49`	`+ Password = "supersocket"`
	`50`	`+ };`
`48`	`51`
`49`	`52`	`if (authenticationOptions.EnabledSslProtocols == SslProtocols.None)`
`50`	`53`	`{`