From b2a7bf353645c4ec8d75bd0d4c5ab449debce0ec Mon Sep 17 00:00:00 2001
From: Oliver Booth <me@olivr.me>
Date: Thu, 10 Aug 2023 23:33:15 +0100
Subject: [PATCH] feat: read ssl pem/key path from env

---
 OliverBooth/Program.cs | 32 ++++++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)

diff --git a/OliverBooth/Program.cs b/OliverBooth/Program.cs
index 92f6799..2d0ce26 100644
--- a/OliverBooth/Program.cs
+++ b/OliverBooth/Program.cs
@@ -1,3 +1,5 @@
+using System.Runtime.InteropServices;
+using System.Security.Cryptography.X509Certificates;
 using Markdig;
 using NLog;
 using NLog.Extensions.Logging;
@@ -33,6 +35,36 @@ builder.Services.AddRazorPages().AddRazorRuntimeCompilation();
 builder.Services.AddControllersWithViews();
 builder.Services.AddRouting(options => options.LowercaseUrls = true);
 
+builder.WebHost.UseKestrel(kestrel =>
+{
+    string certPath = Environment.GetEnvironmentVariable("SSL_CERT_PATH")!;
+    if (!File.Exists(certPath))
+    {
+        kestrel.ListenAnyIP(5049);
+        return;
+    }
+
+    string? keyPath = Environment.GetEnvironmentVariable("SSL_KEY_PATH");
+    if (string.IsNullOrWhiteSpace(keyPath) || !File.Exists(keyPath)) keyPath = null;
+
+    kestrel.ListenAnyIP(2845, options =>
+    {
+        X509Certificate2 cert = CreateCertFromPemFile(certPath, keyPath);
+        options.UseHttps(cert);
+    });
+    return;
+
+    static X509Certificate2 CreateCertFromPemFile(string certPath, string? keyPath)
+    {
+        if (!RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
+            return X509Certificate2.CreateFromPemFile(certPath, keyPath);
+
+        //workaround for windows issue https://github.com/dotnet/runtime/issues/23749#issuecomment-388231655
+        using var cert = X509Certificate2.CreateFromPemFile(certPath, keyPath);
+        return new X509Certificate2(cert.Export(X509ContentType.Pkcs12));
+    }
+});
+
 WebApplication app = builder.Build();
 
 if (!app.Environment.IsDevelopment())