Add "zero config" HTTPS support using local development certificate.

[cesarblum]

This change enables automatic HTTPS using a development certificate found in the user store. Any URLs containing the https scheme will be configured with that certificate.

Paging @Eilon since this is a breaking change (previously we would throw upon seeing an https URL).

So now if you set ASPNETCORE_URLS (or use UseUrls()) to e.g. https://localhost:5001, you'll get HTTPS if you add Kestrel with no listen options i.e.

var host = new WebHostBuilder()
    ...
    .UseKestrel()
    ...

This turned out to be more convoluted than I anticipated. I'm hoping someone can suggest a simpler way to achieve the same result.

[javiercn]

You need to check that it has an OID, a private key and hasn't expired

[cesarblum]

When do you think you will have dotnet/extensions#263 merged? We shouldn't replicate all that logic here. I should be able to get the certificate by calling CertificateManager.ListCertificates(CertificatePurpose.HTTPS, StoreName.My, StoreLocation.CurrentUser, isValid: true), right?

[javiercn]

I'm working on it

[javiercn]

Paging @Eilon since this is a breaking change (previously we would throw upon seeing an https URL).

I don't see this as a breaking change. At most a behavior change, and you are weakening the precondition (allowing something that wasn't allowed before) so I don't think this is a breaking change.

[muratg]

To me this looks like a minor breaking change, but an acceptable one. If you specify https for your URL, your app would fail to start before this. Now it'll do what you (presumably) wanted anyway.

[halter73]

Is there a guide on how to setup an X509Store for my current user so I can test this out locally?

[halter73]

Don't call GetService for this. Just make IDefaultHttpsProvider a param to the public ctor.

[halter73]

It doesn't look like this is actually used by the DefaultHttpsProvider or anything else. I see that you are setting this on ListenOptions before calling ConfigureHttps, but I don't see why that's necessary. Save some lines of code and don't bother plumbing this through here.

[cesarblum]

It blows up here:

KestrelHttpServer/src/Kestrel.Https/ListenOptionsHttpsExtensions.cs

Line 89 in 83e2084

var loggerFactory = listenOptions.KestrelServerOptions.ApplicationServices.GetRequiredService<ILoggerFactory>();

[cesarblum]

I may have misunderstood what you said. There's indeed no need to pass it as an arg to BindAsync, since I can get the KestrelServerOptions instance from one of the ListenOptions in the list. I still need that object though, otherwise a NRE is thrown at the line above.

[halter73]

You're right. I forgot about the call to UseHttps().

[cesarblum]

@halter73 To get the test cert set up on your machine, clone this PR dotnet/extensions#263 and run the tests. @javiercn can give you more info.

[cesarblum]

Injecting IDefaultHttpsProvider in the KestrelServer ctor is a breaking change - I had to add an exception for ApiCheck. However, given these are injected parameters, is that an acceptable breaking change for a minor version? @muratg @Eilon

[halter73]

@CesarBS Couldn't you just add a second ctor, and have the original ctor call the new one with a null IDefaultHttpsProvider? Of course, you'd want to keep the old behavior if IDefaultHttpsProvider is null.

[Eilon]

Yeah just do what @halter73 suggested and there's no breaking change at all in terms of source compat, binary compat, runtime behavior, etc. It's nearly always fine to throw fewer exceptions and be more permissive.

[davidfowl]

This is pretty gross

[Tratcher]

New/updated sample?

[Tratcher]

We want this to throw if DefaultHttpsProvider is null, no? You asked for https and you're not getting it.

[Tratcher]

This level of magic deserves an FW link explaining what to do when it fails.

[cesarblum]

@danroth27 @javiercn Do we have an FW link already?

[Eilon]

Looks good regarding breaking changes (that there aren't any). Had one unrelated comment.

[Eilon]

Is the commented code needed?

[cesarblum]

Yes. Thanks for catching that, I forgot I had commented it out while testing something.

[cesarblum]

Updated to use https://github.com/aspnet/Common/blob/b9bc076c782af4a9664b34b561fd91d37e6edda4/shared/Microsoft.AspNetCore.Certificates.Generation.Sources/CertificateManager.cs to find development certificate.

[davidfowl]

What's this for?

[javiercn]

He’s using the same code we have in tooling to locate the certificate (that’s why it’s a shared source library)

[cesarblum]

We need that reference for the RSACng type.

[cesarblum]

Rebased.

[analogrelay]

If you don't have time to do this before you leave, I can take it over. One small testing comment and that's it.

[analogrelay]

Not a fan of tests that verify that a certain method was called. Is there a way to build a simple dummy DefaultHttpsProvider and then verify the certificate on the ListenOptions?

[cesarblum]

What is the issue with this kind of test? To test with DefaultHttpsProvider, I'd have to make the test project depend on the Kestrel project, instead of just Kestrel.Core.

[analogrelay]

Hmm. I'll take a bit of a look at it and see if we can make something work. Tests that use mock verification tend to be brittle whenever you change the implementation and they aren't actually testing the desired behavior of the function, they're just testing that the code does what is written. It's a little like a comment over x += 1 that says // Adds 1 to x :). If that's all that we can do, then I suppose it's OK, but I'd like to try and avoid it.

[analogrelay]

🆙 📅 Using CertificateManager shared-source package now. Also, added some more logging and exception messages.

[javiercn]

Can you add something along the lines of the text that I sent you on email and add the forwarding link that @danroth27 provided?

[javiercn]

Everything looks good AFAIK. But we need to get a more descriptive error message when the certificate is not present.
We need to mention what gesture to perform from the command line and a forwarding link to the documentation.

[halter73]

Nit: It doesn't look like mockDefaultHttpsProvider is used in this or the following two test methods.

[analogrelay]

yep, copy🍝

[halter73]

Just use the default ctor for KestrelTestLoggerProvider. It makes it easier to see tracing when running random tests and should fail test runs if a critical error is logged through the use of TestApplicationErrorLogger.

[analogrelay]

Makes sense

[analogrelay]

Well. After changing that I'm now getting this error:

Failed   KestrelServerThrowsUsefulExceptionIfDefaultHttpsProviderNotAdded
Error Message:
 Assert.Throws() Failure
Expected: typeof(System.InvalidOperationException)
Actual:   typeof(System.AggregateException): An error occurred while writing to logger(s).
Stack Trace:
   at Microsoft.Extensions.Logging.Logger.Log[TState](LogLevel logLevel, EventId eventId, TState state, Exception exception, Func`3 formatter)
   at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.KestrelTrace.Log[TState](LogLevel logLevel, EventId eventId, TState state, Exception exception, Func`3 formatter) in C:\Users\anurse\Code\aspnet\KestrelHttpServer\src\Kestrel.Core\Internal\Infrastructure\KestrelTrace.cs:line 198
   at Microsoft.Extensions.Logging.LoggerExtensions.LogCritical(ILogger logger, EventId eventId, Exception exception, String message, Object[] args)
   at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServer.<StartAsync>d__24`1.MoveNext() in C:\Users\anurse\Code\aspnet\KestrelHttpServer\src\Kestrel.Core\KestrelServer.cs:line 166
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.GetResult()
   at Microsoft.AspNetCore.Server.Kestrel.Core.Tests.KestrelServerTests.StartDummyApplication(IServer server) in C:\Users\anurse\Code\aspnet\KestrelHttpServer\test\Kestrel.Core.Tests\KestrelServerTests.cs:line 321
   at Microsoft.AspNetCore.Server.Kestrel.Core.Tests.KestrelServerTests.<>c__DisplayClass2_0.<KestrelServerThrowsUsefulExceptionIfDefaultHttpsProviderNotAdded>b__0() in C:\Users\anurse\Code\aspnet\KestrelHttpServer\test\Kestrel.Core.Tests\KestrelServerTests.cs:line 62

I think I'm going to put it back for now :)

[analogrelay]

Ah, it's because the default ctor uses TestApplicationErrorLogger which throws an exception when a Critical message is logged by default. I'm going to change the test to use a NullLogger instance though instead of the Mock.

[analogrelay]

I changed KestrelTestLoggerProvider to set ThrowOnCriticalErrors to false, since we don't seem to use that behavior anywhere.

[halter73]

Why the Func? Was this replaced in a test at one point? It seems like you could just call FindDevelopmentCertificate directly.

[analogrelay]

Yeah, I was wondering that too. I suppose so that you could construct it and replace the func, but that doesn't really make sense now that it's pubternal rather than public. It's also a simple enough interface to implement. I'll yank the func.

[halter73]

For common/expected logs, I think it's best to use resource strings.

[analogrelay]

Hmm, we use literals for all the other logs (see KestrelTrace) so I wasn't sure exactly what the right pattern was here. I thought about adding some LoggerMessage.Define action here but even with that, I've not seen our code use resource strings for that. I guess we could though.

[halter73]

Should this be given a higher log level? I'm assuming this would normally cause the application to crash on startup, but in the event the exception is somehow swallowed, I think it's a good idea to log this as an error.

[analogrelay]

Well, an exception will be thrown by ConfigureHttps, which calls this. But when refactoring to remove the delegate, I'll probably just do exactly as you suggest here :).

[analogrelay]

🆙 📅 Responded to feedback, including @javiercn 's comments re messaging.

[halter73]

Don't do this for all tests. For tests where you are expecting a critical errors to be logged, I would just call new KestrelTestLoggerProvider(new TestApplicationErrorLogger() { ThrowOnCriticalErrors = false }).

The idea is that most tests should cause critical errors to be logged, so having this can help us catch issues that might have otherwise been missed.

[analogrelay]

🆙 📅 resolved last few pieces of feedback