using System.Runtime.InteropServices; using System.Security.Cryptography.X509Certificates; using Microsoft.AspNetCore.Hosting; namespace OliverBooth.Common.Extensions; /// /// Extension methods for . /// public static class WebHostBuilderExtensions { /// /// Adds a certificate to the by reading the paths from environment variables. /// /// The . /// The HTTPS port. /// The HTTP port. /// The . public static IWebHostBuilder AddCertificateFromEnvironment(this IWebHostBuilder builder, int httpsPort = 443, int httpPort = 80) { return builder.UseKestrel(options => { string certPath = Environment.GetEnvironmentVariable("SSL_CERT_PATH")!; if (!File.Exists(certPath)) { options.ListenAnyIP(httpPort); return; } string? keyPath = Environment.GetEnvironmentVariable("SSL_KEY_PATH"); if (string.IsNullOrWhiteSpace(keyPath) || !File.Exists(keyPath)) keyPath = null; options.ListenAnyIP(httpsPort, options => { X509Certificate2 cert = CreateCertFromPemFile(certPath, keyPath); options.UseHttps(cert); }); return; static X509Certificate2 CreateCertFromPemFile(string certPath, string? keyPath) { if (!RuntimeInformation.IsOSPlatform(OSPlatform.Windows)) return X509Certificate2.CreateFromPemFile(certPath, keyPath); //workaround for windows issue https://github.com/dotnet/runtime/issues/23749#issuecomment-388231655 using var cert = X509Certificate2.CreateFromPemFile(certPath, keyPath); return new X509Certificate2(cert.Export(X509ContentType.Pkcs12)); } }); } }