Create a direct way to configure endpoints on KestrelEngine

- Replace endpoint configuration via .UseUrls() or --server.urls with Listen*
  methods on KestrelSerrverOptions.
- Replace IConnectionFilter with IConnectionAdapter which no longer exposes
  ServerAddress via a context.
- Simplify libuv Listener classes
- Support systemd socket activation
- Add docker-based test for systemd socket activation to be run on Travis

Author: halter73

.travis.yml

@@ -1,6 +1,8 @@
 language: csharp
 sudo: required
 dist: trusty
+services:
+  - docker
 addons:
   apt:
     packages:
@@ -30,3 +32,4 @@ before_install:
   - if test "$TRAVIS_OS_NAME" == "osx"; then brew update; brew install openssl; ln -s /usr/local/opt/openssl/lib/libcrypto.1.0.0.dylib /usr/local/lib/; ln -s /usr/local/opt/openssl/lib/libssl.1.0.0.dylib /usr/local/lib/; fi
 script:
   - ./build.sh --quiet verify
+  - if test '$TRAVIS_OS_NAME' != 'osx'; then bash test/Microsoft.AspNetCore.Server.Kestrel.FunctionalTests/SystemdActivation/docker.sh; fi

samples/LargeResponseApp/Startup.cs

@@ -2,6 +2,7 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System.IO;
+using System.Net;
 using System.Text;
 using System.Threading.Tasks;
 using Microsoft.AspNetCore.Builder;
@@ -40,8 +41,10 @@ public void Configure(IApplicationBuilder app)
         public static void Main(string[] args)
         {
             var host = new WebHostBuilder()
-                .UseKestrel()
-                .UseUrls("http://localhost:5001/")
+                .UseKestrel(options =>
+                {
+                    options.Listen(IPAddress.Loopback, 5001);
+                })
                 .UseContentRoot(Directory.GetCurrentDirectory())
                 .UseStartup<Startup>()
                 .Build();

samples/SampleApp/Startup.cs

@@ -3,6 +3,7 @@
 
 using System;
 using System.IO;
+using System.Net;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Hosting;
 using Microsoft.AspNetCore.Http;
@@ -33,24 +34,33 @@ public void Configure(IApplicationBuilder app, ILoggerFactory loggerFactory)
 
         public static void Main(string[] args)
         {
-            var host = new WebHostBuilder()
-                .UseKestrel(options =>
+            var hostBuilder = new WebHostBuilder().UseKestrel(options =>
+            {
+                options.Listen(IPAddress.Loopback, 5000, listenOptions =>
+                {
+                    // Uncomment the following to enable Nagle's algorithm for this endpoint.
+                    //listenOptions.NoDelay = false;
+
+                    listenOptions.UseConnectionLogging();
+                });
+                options.Listen(IPAddress.Loopback, 5001, listenOptions =>
                 {
-                    // options.ThreadCount = 4;
-                    options.NoDelay = true;
-                    options.UseHttps("testCert.pfx", "testPassword");
-                    options.UseConnectionLogging();
-                })
-                .UseUrls("http://localhost:5000", "https://localhost:5001")
-                .UseContentRoot(Directory.GetCurrentDirectory())
-                .UseStartup<Startup>()
-                .Build();
-
-            // The following section should be used to demo sockets
-            //var addresses = application.GetAddresses();
-            //addresses.Clear();
-            //addresses.Add("http://unix:/tmp/kestrel-test.sock");
+                    listenOptions.UseHttps("testCert.pfx", "testPassword");
+                    listenOptions.UseConnectionLogging();
+                });
+
+                options.UseSystemd();
+
+                // The following section should be used to demo sockets
+                //options.ListenUnixSocket("http://unix:/tmp/kestrel-test.sock");
+
+                // Uncomment the following line to change the default number of libuv threads for all endpoints.
+                // options.ThreadCount = 4;
+            })
+            .UseContentRoot(Directory.GetCurrentDirectory())
+            .UseStartup<Startup>();
 
+            var host = hostBuilder.Build();
             host.Run();
         }
     }

src/Microsoft.AspNetCore.Server.Kestrel.Https/HttpsConnectionAdapter.cs

@@ -0,0 +1,160 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.IO;
+using System.Net.Security;
+using System.Security.Cryptography.X509Certificates;
+using System.Threading.Tasks;
+using Microsoft.AspNetCore.Http.Features;
+using Microsoft.AspNetCore.Server.Kestrel.Adapter;
+using Microsoft.AspNetCore.Server.Kestrel.Https.Internal;
+using Microsoft.Extensions.Logging;
+
+namespace Microsoft.AspNetCore.Server.Kestrel.Https
+{
+    public class HttpsConnectionAdapter : IConnectionAdapter
+    {
+        private static readonly ClosedAdaptedConnection _closedAdaptedConnection = new ClosedAdaptedConnection();
+
+        private readonly HttpsConnectionAdapterOptions _options;
+        private readonly ILogger _logger;
+
+        public HttpsConnectionAdapter(HttpsConnectionAdapterOptions options)
+            : this(options, loggerFactory: null)
+        {
+        }
+
+        public HttpsConnectionAdapter(HttpsConnectionAdapterOptions options, ILoggerFactory loggerFactory)
+        {
+            if (options == null)
+            {
+                throw new ArgumentNullException(nameof(options));
+            }
+            if (options.ServerCertificate == null)
+            {
+                throw new ArgumentException("The server certificate parameter is required.");
+            }
+
+            _options = options;
+            _logger = loggerFactory?.CreateLogger(nameof(HttpsConnectionAdapter));
+        }
+
+        public async Task<IAdaptedConnection> OnConnectionAsync(ConnectionAdapterContext context)
+        {
+            SslStream sslStream;
+            bool certificateRequired;
+
+            if (_options.ClientCertificateMode == ClientCertificateMode.NoCertificate)
+            {
+                sslStream = new SslStream(context.ConnectionStream);
+                certificateRequired = false;
+            }
+            else
+            {
+                sslStream = new SslStream(context.ConnectionStream, leaveInnerStreamOpen: false,
+                    userCertificateValidationCallback: (sender, certificate, chain, sslPolicyErrors) =>
+                    {
+                        if (certificate == null)
+                        {
+                            return _options.ClientCertificateMode != ClientCertificateMode.RequireCertificate;
+                        }
+
+                        if (_options.ClientCertificateValidation == null)
+                        {
+                            if (sslPolicyErrors != SslPolicyErrors.None)
+                            {
+                                return false;
+                            }
+                        }
+
+                        var certificate2 = ConvertToX509Certificate2(certificate);
+                        if (certificate2 == null)
+                        {
+                            return false;
+                        }
+
+                        if (_options.ClientCertificateValidation != null)
+                        {
+                            if (!_options.ClientCertificateValidation(certificate2, chain, sslPolicyErrors))
+                            {
+                                return false;
+                            }
+                        }
+
+                        return true;
+                    });
+
+                certificateRequired = true;
+            }
+
+            try
+            {
+                await sslStream.AuthenticateAsServerAsync(_options.ServerCertificate, certificateRequired,
+                        _options.SslProtocols, _options.CheckCertificateRevocation);
+            }
+            catch (IOException ex)
+            {
+                _logger?.LogInformation(1, ex, "Failed to authenticate HTTPS connection.");
+                sslStream.Dispose();
+                return _closedAdaptedConnection;
+            }
+
+            return new HttpsAdaptedConnection(sslStream);
+        }
+
+        private static X509Certificate2 ConvertToX509Certificate2(X509Certificate certificate)
+        {
+            if (certificate == null)
+            {
+                return null;
+            }
+
+            X509Certificate2 certificate2 = certificate as X509Certificate2;
+            if (certificate2 != null)
+            {
+                return certificate2;
+            }
+
+#if NETSTANDARD1_3
+            // conversion X509Certificate to X509Certificate2 not supported
+            // https://github.com/dotnet/corefx/issues/4510
+            return null;
+#else
+            return new X509Certificate2(certificate);
+#endif
+        }
+
+        private class HttpsAdaptedConnection : IAdaptedConnection
+        {
+            private readonly SslStream _sslStream;
+
+            public HttpsAdaptedConnection(SslStream sslStream)
+            {
+                _sslStream = sslStream;
+            }
+
+            public Stream ConnectionStream => _sslStream;
+
+            public void PrepareRequest(IFeatureCollection requestFeatures)
+            {
+                var clientCertificate = ConvertToX509Certificate2(_sslStream.RemoteCertificate);
+                if (clientCertificate != null)
+                {
+                    requestFeatures.Set<ITlsConnectionFeature>(new TlsConnectionFeature { ClientCertificate = clientCertificate });
+                }
+
+                requestFeatures.Get<IHttpRequestFeature>().Scheme = "https";
+            }
+        }
+
+        private class ClosedAdaptedConnection : IAdaptedConnection
+        {
+            public Stream ConnectionStream { get; } = new ClosedStream();
+
+            public void PrepareRequest(IFeatureCollection requestFeatures)
+            {
+            }
+        }
+    }
+}

src/Microsoft.AspNetCore.Server.Kestrel.Https/HttpsConnectionFilterOptions.cs renamed to src/Microsoft.AspNetCore.Server.Kestrel.Https/HttpsConnectionAdapterOptions.cs

@@ -8,9 +8,9 @@
 
 namespace Microsoft.AspNetCore.Server.Kestrel.Https
 {
-    public class HttpsConnectionFilterOptions
+    public class HttpsConnectionAdapterOptions
     {
-        public HttpsConnectionFilterOptions()
+        public HttpsConnectionAdapterOptions()
         {
             ClientCertificateMode = ClientCertificateMode.NoCertificate;
             SslProtocols = SslProtocols.Tls12 | SslProtocols.Tls11;