| | | 1 | | <# |
| | | 2 | | .SYNOPSIS |
| | | 3 | | Configures HTTPS options for a Kestrun server instance. |
| | | 4 | | .DESCRIPTION |
| | | 5 | | This function allows administrators to set or modify the HTTPS connection adapter options for a Kestrun |
| | | 6 | | server instance, including SSL protocols, client certificate modes, and server certificates. |
| | | 7 | | .PARAMETER Server |
| | | 8 | | The Kestrun server instance to configure. This parameter is mandatory and must be a valid server object. |
| | | 9 | | .PARAMETER Options |
| | | 10 | | The HttpsConnectionAdapterOptions object containing the desired HTTPS configuration settings. |
| | | 11 | | .PARAMETER SslProtocols |
| | | 12 | | Specifies the SSL protocols to be used for HTTPS connections. This parameter is optional and can be set to a specifi |
| | | 13 | | .PARAMETER ClientCertificateMode |
| | | 14 | | Specifies the client certificate mode for HTTPS connections. This parameter is optional and can be set to a specific |
| | | 15 | | .PARAMETER CheckCertificateRevocation |
| | | 16 | | If specified, enables certificate revocation checking for HTTPS connections. This parameter is optional and can be l |
| | | 17 | | .PARAMETER ServerCertificate |
| | | 18 | | Specifies the server certificate to be used for HTTPS connections. This parameter is optional and can be left unset |
| | | 19 | | .PARAMETER ServerCertificateChain |
| | | 20 | | Specifies the server certificate chain to be used for HTTPS connections. This parameter is optional and can be left |
| | | 21 | | .PARAMETER HandshakeTimeout |
| | | 22 | | Specifies the handshake timeout duration in seconds for HTTPS connections. This parameter is optional and can be lef |
| | | 23 | | .PARAMETER PassThru |
| | | 24 | | If specified, the cmdlet will return the modified server instance after applying the HTTPS options. |
| | | 25 | | .OUTPUTS |
| | | 26 | | [Kestrun.Hosting.KestrunHost] |
| | | 27 | | The modified Kestrun server instance with the applied HTTPS options. |
| | | 28 | | .EXAMPLE |
| | | 29 | | Set-KrServerHttpsOptions -Server $server -SslProtocols Tls12 |
| | | 30 | | This command sets the SSL protocols for the specified Kestrun server instance to use TLS 1.2. |
| | | 31 | | .EXAMPLE |
| | | 32 | | Set-KrServerHttpsOptions -Server $server -ClientCertificateMode RequireCertificate |
| | | 33 | | This command sets the client certificate mode for the specified Kestrun server instance to require a client certific |
| | | 34 | | .EXAMPLE |
| | | 35 | | Set-KrServerHttpsOptions -Server $server -CheckCertificateRevocation |
| | | 36 | | This command enables certificate revocation checking for the specified Kestrun server instance. |
| | | 37 | | .EXAMPLE |
| | | 38 | | Set-KrServerHttpsOptions -Server $server -ServerCertificate $cert |
| | | 39 | | This command sets the server certificate for the specified Kestrun server instance. |
| | | 40 | | .EXAMPLE |
| | | 41 | | Set-KrServerHttpsOptions -Server $server -HandshakeTimeout 30 |
| | | 42 | | This command sets the handshake timeout for the specified Kestrun server instance to 30 seconds. |
| | | 43 | | .NOTES |
| | | 44 | | This function is designed to be used in the context of a Kestrun server setup and allows for flexible configuration |
| | | 45 | | $ClientCertificateValidation, $ServerCertificateSelector, and $OnAuthenticate are currently not implemented in this |
| | | 46 | | #> |
| | | 47 | | function Set-KrServerHttpsOptions { |
| | | 48 | | [KestrunRuntimeApi('Definition')] |
| | | 49 | | [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSUseShouldProcessForStateChangingFunctions', '')] |
| | | 50 | | [CmdletBinding(defaultParameterSetName = 'Items')] |
| | | 51 | | param( |
| | | 52 | | [Parameter(Mandatory = $false, ValueFromPipeline = $true)] |
| | | 53 | | [Kestrun.Hosting.KestrunHost]$Server, |
| | | 54 | | [Parameter(Mandatory = $true, ParameterSetName = 'Options')] |
| | | 55 | | [Microsoft.AspNetCore.Server.Kestrel.Https.HttpsConnectionAdapterOptions]$Options, |
| | | 56 | | [Parameter( ParameterSetName = 'Items')] |
| | | 57 | | [System.Security.Authentication.SslProtocols]$SslProtocols, |
| | | 58 | | [Parameter( ParameterSetName = 'Items')] |
| | | 59 | | [Microsoft.AspNetCore.Server.Kestrel.Https.ClientCertificateMode]$ClientCertificateMode, |
| | | 60 | | [Parameter( ParameterSetName = 'Items')] |
| | | 61 | | [switch]$CheckCertificateRevocation, |
| | | 62 | | [Parameter( ParameterSetName = 'Items')] |
| | | 63 | | [System.Security.Cryptography.X509Certificates.X509Certificate2]$ServerCertificate, |
| | | 64 | | [Parameter( ParameterSetName = 'Items')] |
| | | 65 | | [System.Security.Cryptography.X509Certificates.X509Certificate2Collection]$ServerCertificateChain, |
| | | 66 | | [Parameter( ParameterSetName = 'Items')] |
| | | 67 | | [int]$HandshakeTimeout, |
| | | 68 | | [Parameter()] |
| | | 69 | | [switch]$PassThru |
| | | 70 | | ) |
| | | 71 | | begin { |
| | | 72 | | # Ensure the server instance is resolved |
| | 0 | 73 | | $Server = Resolve-KestrunServer -Server $Server |
| | 0 | 74 | | if ($null -eq $Server) { |
| | 0 | 75 | | throw 'Server is not initialized. Please ensure the server is configured before setting options.' |
| | | 76 | | } |
| | | 77 | | } |
| | | 78 | | process { |
| | | 79 | | |
| | 0 | 80 | | if ($PSCmdlet.ParameterSetName -eq 'Items') { |
| | | 81 | | |
| | 0 | 82 | | $Options = [Microsoft.AspNetCore.Server.Kestrel.Https.HttpsConnectionAdapterOptions]::new() |
| | 0 | 83 | | if ($null -ne $SslProtocols) { |
| | 0 | 84 | | $options.SslProtocols = $SslProtocols |
| | | 85 | | } |
| | 0 | 86 | | if ($null -ne $ClientCertificateMode) { |
| | 0 | 87 | | $options.ClientCertificateMode = $ClientCertificateMode |
| | | 88 | | } |
| | 0 | 89 | | if ($CheckCertificateRevocation.IsPresent) { |
| | 0 | 90 | | $Options.CheckCertificateRevocation = $true |
| | | 91 | | } |
| | 0 | 92 | | if ($null -ne $ServerCertificate) { |
| | 0 | 93 | | $Options.ServerCertificate = $ServerCertificate |
| | | 94 | | } |
| | 0 | 95 | | if ($null -ne $ServerCertificateChain) { |
| | 0 | 96 | | $Options.ServerCertificateChain = $ServerCertificateChain |
| | | 97 | | } |
| | 0 | 98 | | if ($null -ne $HandshakeTimeout) { |
| | 0 | 99 | | $Options.HandshakeTimeout = [System.TimeSpan]::FromSeconds($HandshakeTimeout) |
| | | 100 | | } |
| | | 101 | | } |
| | | 102 | | |
| | 0 | 103 | | $Server.Options.HttpsConnectionAdapter = $Options |
| | | 104 | | |
| | 0 | 105 | | if ($PassThru.IsPresent) { |
| | | 106 | | # if the PassThru switch is specified, return the server instance |
| | | 107 | | # Return the modified server instance |
| | 0 | 108 | | return $Server |
| | | 109 | | } |
| | | 110 | | } |
| | | 111 | | } |
| | | 112 | | |