Load ClientCertificateMode from config

Kahbazi · Kahbazi · commit 80b7dc7c0cba · 2020-07-18T00:16:49.000+04:30
diff --git a/src/Servers/Kestrel/Core/src/Internal/ConfigurationReader.cs b/src/Servers/Kestrel/Core/src/Internal/ConfigurationReader.cs
@@ -5,6 +5,7 @@
 using System.Collections.Generic;
 using System.Linq;
 using System.Security.Authentication;
+using Microsoft.AspNetCore.Server.Kestrel.Https;
 using Microsoft.Extensions.Configuration;
 
 namespace Microsoft.AspNetCore.Server.Kestrel.Core.Internal
@@ -18,12 +19,14 @@ internal class ConfigurationReader
         private const string EndpointDefaultsKey = "EndpointDefaults";
         private const string EndpointsKey = "Endpoints";
         private const string UrlKey = "Url";
+        private const string ClientCertificateModeKey = "ClientCertificateMode";
 
         private readonly IConfiguration _configuration;
 
         private IDictionary<string, CertificateConfig> _certificates;
         private EndpointDefaults _endpointDefaults;
         private IEnumerable<EndpointConfig> _endpoints;
+        private ClientCertificateMode? _clientCertificateMode;
 
         public ConfigurationReader(IConfiguration configuration)
         {
@@ -33,6 +36,7 @@ public ConfigurationReader(IConfiguration configuration)
         public IDictionary<string, CertificateConfig> Certificates => _certificates ??= ReadCertificates();
         public EndpointDefaults EndpointDefaults => _endpointDefaults ??= ReadEndpointDefaults();
         public IEnumerable<EndpointConfig> Endpoints => _endpoints ??= ReadEndpoints();
+        public ClientCertificateMode? ClientCertificateMode => _clientCertificateMode ??= ReadClientCertificateMode();
 
         private IDictionary<string, CertificateConfig> ReadCertificates()
         {
@@ -100,6 +104,16 @@ private IEnumerable<EndpointConfig> ReadEndpoints()
             return endpoints;
         }
 
+        private ClientCertificateMode? ReadClientCertificateMode()
+        {
+            if (Enum.TryParse<ClientCertificateMode>(_configuration[ClientCertificateModeKey], ignoreCase: true, out var result))
+            {
+                return result;
+            }
+
+            return null;
+        }
+
         private static HttpProtocols? ParseProtocols(string protocols)
         {
             if (Enum.TryParse<HttpProtocols>(protocols, ignoreCase: true, out var result))
diff --git a/src/Servers/Kestrel/Core/src/KestrelConfigurationLoader.cs b/src/Servers/Kestrel/Core/src/KestrelConfigurationLoader.cs
@@ -293,6 +293,8 @@ public void Load()
                     httpsOptions.ServerCertificate = LoadCertificate(endpoint.Certificate, endpoint.Name)
                         ?? httpsOptions.ServerCertificate;
 
+                    httpsOptions.ClientCertificateMode = ConfigurationReader.ClientCertificateMode ?? httpsOptions.ClientCertificateMode;
+
                     if (httpsOptions.ServerCertificate == null && httpsOptions.ServerCertificateSelector == null)
                     {
                         // Fallback
diff --git a/src/Servers/Kestrel/Kestrel/test/ConfigurationReaderTests.cs b/src/Servers/Kestrel/Kestrel/test/ConfigurationReaderTests.cs
@@ -7,13 +7,46 @@
 using System.Security.Authentication;
 using Microsoft.AspNetCore.Server.Kestrel.Core;
 using Microsoft.AspNetCore.Server.Kestrel.Core.Internal;
+using Microsoft.AspNetCore.Server.Kestrel.Https;
 using Microsoft.Extensions.Configuration;
 using Xunit;
 
 namespace Microsoft.AspNetCore.Server.Kestrel.Tests
 {
     public class ConfigurationReaderTests
     {
+        [Fact]
+        public void ReadClientCertificateMode_ReturnsValue()
+        {
+            // Arrange
+            var config = new ConfigurationBuilder()
+                .AddInMemoryCollection(new Dictionary<string, string>
+                {
+                    ["ClientCertificateMode"] = "AllowCertificate"
+                })
+                .Build();
+
+            // Act
+            var reader = new ConfigurationReader(config);
+
+            // Assert
+            Assert.NotNull(reader.ClientCertificateMode);
+            Assert.Equal(ClientCertificateMode.AllowCertificate, reader.ClientCertificateMode);
+        }
+
+        [Fact]
+        public void ReadClientCertificateModeWhenNoClientCertificateMode_ReturnsNull()
+        {
+            // Arrange
+            var config = new ConfigurationBuilder().AddInMemoryCollection().Build();
+
+            // Act
+            var reader = new ConfigurationReader(config);
+
+            // Assert
+            Assert.Null(reader.ClientCertificateMode);
+        }
+
         [Fact]
         public void ReadCertificatesWhenNoCertificatesSection_ReturnsEmptyCollection()
         {

Original file line number	Diff line number	Diff line change
`@@ -293,6 +293,8 @@ public void Load()`
`293`	`293`	`httpsOptions.ServerCertificate = LoadCertificate(endpoint.Certificate, endpoint.Name)`
`294`	`294`	`?? httpsOptions.ServerCertificate;`
`295`	`295`
	`296`	`+ httpsOptions.ClientCertificateMode = ConfigurationReader.ClientCertificateMode ?? httpsOptions.ClientCertificateMode;`
	`297`	`+`
`296`	`298`	`if (httpsOptions.ServerCertificate == null && httpsOptions.ServerCertificateSelector == null)`
`297`	`299`	`{`
`298`	`300`	`// Fallback`