We are currently developing an ASP NET Core Web API hosted in a Kestrel Windows service. We want to enable TLS 1.3 only and disable all other SSL protocols.
The following code works. TLS1.2 and TLS1.3 are both enabled.
{
"Kestrel": {
"Endpoints": {
"HttpsForDeveloper": {
"Url": "https://localhost:5001",
"SslProtocols": ["Tls12", "Tls13"]
}
},
"Certificates": {
"Default": {
"Subject": "localhost",
"Store": "My",
"Location": "LocalMachine",
"AllowInvalid": true
}
}
}
}
But if I change the code block to remove TLS1.2. Is the page no longer available.
{
"Kestrel": {
"Endpoints": {
"HttpsForDeveloper": {
"Url": "https://localhost:5001",
"SslProtocols": ["Tls13"]
}
},
"Certificates": {
"Default": {
"Subject": "localhost",
"Store": "My",
"Location": "LocalMachine",
"AllowInvalid": true
}
}
}
}
In Postman I get the following error:
Does anyone have any tips for me or know what I'm doing wrong?
The problem was the lack of support for TLS 1.3 in the Windows versions we used. I was able to solve the problem with the following article.
https://stackoverflow.com/a/59210166/6092585
Related
I'm developing in AWS Cloud9, and have a basic "Hello, World" API set up using Lambda.
Now I would like to iterate so that the API can accept parameters. Cloud9 used to have a convenient UI for modifying the payload when running "local" (in the IDE, without deploy). But I can't find where this has been moved, and the documentation still references the previous UI.
To test this, I've included a simple print(event) in my Lambda, and started modifying various components. So far I only print an empty dict ({}).
I suspect it's in the launch.json but so far everything I've modified has not been picked up. Showing below
{
"configurations": [
{
"type": "aws-sam",
"request": "direct-invoke",
"name": "API token-to-geojson:HelloWorldFunction (python3.9)",
"invokeTarget": {
"target": "api",
"templatePath": "token-to-geojson/template.yaml",
"logicalId": "HelloWorldFunction"
},
"api": {
"path": "/hello",
"httpMethod": "get",
"payload": {
"json": {}
}
},
"lambda": {
"runtime": "python3.9"
}
},
{
"type": "aws-sam",
"request": "direct-invoke",
"name": "token-to-geojson:HelloWorldFunction (python3.9)",
"invokeTarget": {
"target": "template",
"templatePath": "token-to-geojson/template.yaml",
"logicalId": "HelloWorldFunction"
},
"lambda": {
"payload": {
"ticky": "tacky"
},
"environmentVariables": {},
"runtime": "python3.9"
}
}
]
}
The only thing I saw is we need to add "json" before the actual json data. In the example below, it appears the IDE already knows the id is event.id (note event is the first argument of the handler).
"lambda": {
"payload": {
"json": {
"id": 1001
}
},
"environmentVariables": {}
}
I am trying to follow this documentation in the section "Replace the default certificate from configuration" so that I can use a self signed certificate (due to Android emulator) for my Web APIs which I am developing in VS Code using dotnet core 3.1. I don't seem to be able to get the certificate I want. There are two in my Keystore: localhost (created by VS Code earlier on) and development (the one I created using openssl)
I have created the certificate and it is listed in the Keychain as "development". The documentation referenced above says that we can edit the appsettings.json or appsettings.Development.json (which seems like the better option) to include:
"Certificates": {
"Default": {
"Path": "<path to .pfx file>",
"Password": "<certificate password>"
}
}
and use this for a keystore:
"Default": {
"Subject": "<subject; required>",
"Store": "<cert store; required>",
"Location": "<location; defaults to CurrentUser>",
"AllowInvalid": "<true or false; defaults to false>"
}
I have seen some other references such as .NET Core Kestrel with SSL which was a great reference but for 2.0. It did have some specific values to help understand how to fill out the entries, but some of the parameters have changed (Source for example).
"Certificates": {
"HTTPS": {
"Source": "Store",
"StoreLocation": "CurrentUser",
"StoreName": "My",
"Subject": "CN=localhost",
"AllowInvalid": true
}
}
I basically used this as a guide for the new parameters which I included as:
"Kestrel": {
"Certificates": {
"Default": {
"Subject": "CN=development",
"Store": "My",
"Location": "CurrentUser",
"AllowInvalid": true
}
}
}
I am getting an error:
'The requested certificate CN=development could not be found in CurrentUser/My with AllowInvalid setting: True.'
I have also tried:
"Kestrel": {
"Certificates": {
"Default": {
"Subject": "CN=localhost",
"Store": "My",
"Location": "CurrentUser",
"AllowInvalid": true
}
}
}
I'm using qpid-broker for integration testing my spring-boot-start-amqp application which uses basicGet (autoAck=false), basicAck and basicReject for handling the messages. basicReject (with requeue=false) works fine with my external rabbitmq instance but doesn't work with the qpid-broker.
I have tested my code with an external RabbitMQ instance where everything works fine but with the embedded Apache Qpid server the test fails because basicReject is not working properly.
Getting the message and rejecting it:
rabbitTemplate.execute {
val response = it.basicGet(config.queueName, false)
it.basicReject(response.envelope.deliveryTag, false)
}
Check if the message is still in the queue:
rabbitTemplate.execute {
val response = it.basicGet(config.queueName, false)
Assertions.assertThat(response).isNull()
}
My Qpid config:
{
"name": "EmbeddedBroker",
"modelVersion": "7.0",
"authenticationproviders": [
{
"name": "password",
"type": "Plain",
"secureOnlyMechanisms": [],
"users": [
{
"name": "guest",
"password": "guest",
"type": "managed"
}
]
}
],
"ports": [
{
"name": "AMQP",
"port": "${qpid.amqp_port}",
"protocols": [ "AMQP_0_9_1" ],
"authenticationProvider": "password",
"virtualhostaliases": [
{
"name": "defaultAlias",
"type": "defaultAlias"
}
]
}
],
"virtualhostnodes": [
{
"name": "default",
"defaultVirtualHostNode": "true",
"type": "Memory",
"virtualHostInitialConfiguration": "{\"type\": \"Memory\" }"
}
]
}
Why does basicReject work fine with my RabbitMQ instance but doesn't work properly with the Apache Qpid embedded broker?
Edit: My solution was to move away from qpid and use a RabbitMQ Testcontainer.
I'm running a business network on IBM Cloud Blockchain Platform 2.0. I downloaded a connection profile from the instantiated smart contracts section on the Platform Console, and am trying to connect using the Fabric SDK for Go but I am facing an error.
This is my current relevant code, under main
configOpts := fabricConfig.FromFile("./profiles/flex.json")
fabSDK, err := fabsdk.New(configOpts)
if err != nil {
entry.WithError(err).Fatal("Error setting up Fabric SDK")
}
defer fabSDK.Close()
Expected: Connects to the business network instance
Actual: I get an error
FATA[0000] Error setting up Fabric SDK env=DEV
error="failed to initialize configuration: unable to initialize cryptosuite using crypto suite config:
failed to initialize crypto suite: Unsupported BCCSP Provider: "
I add "cryptoconfig" path to the client.
BCCSP is optional, and you can remove.
I added the sample config, please see below.
More detail config at Github go-SDK config.yaml
{
"name": "first-network-org1",
"version": "1.0.0",
"client": {
"organization": "Org1",
"logging": {
"level": "info"
},
"cryptoconfig": {
"path": "crypto-config"
},
"credentialStore": {
"path": "/tmp/keystore",
"cryptoStore": {
"path": "/tmp/msp"
}
},
"connection": {
"timeout": {
"peer": {
"endorser": "300"
}
}
}
},
"channels": {
"mychannel": {
"peers": {
"peer0.org1.example.com": {}
}
}
},
"orderers": {
"orderer.example.com": {
"url": "orderer.example.com:7050",
"grpcOptions": {
"ssl-target-name-override": "orderer.example.com",
"keep-alive-time": "60s",
"keep-alive-timeout": "60s",
"keep-alive-permit": false,
"fail-fast": false,
"allow-insecure": false
},
"tlsCACerts": {
"path": "crypto-config/ordererOrganizations/example.com/tlsca/tlsca.example.com-cert.pem"
}
}
},
"organizations": {
"Org1": {
"mspid": "Org1MSP",
"cryptoPath": "crypto-config/peerOrganizations/org1.example.com/users/User1#org1.example.com/msp",
"peers": [
"peer0.org1.example.com",
"peer1.org1.example.com"
],
"certificateAuthorities": [
"ca.org1.example.com"
]
}
},
"peers": {
"peer0.org1.example.com": {
"url": "grpcs://localhost:7051",
"tlsCACerts": {
"path": "crypto-config/peerOrganizations/org1.example.com/tlsca/tlsca.org1.example.com-cert.pem"
},
"grpcOptions": {
"ssl-target-name-override": "peer0.org1.example.com"
}
},
"peer1.org1.example.com": {
"url": "grpcs://localhost:8051",
"tlsCACerts": {
"path": "crypto-config/peerOrganizations/org1.example.com/tlsca/tlsca.org1.example.com-cert.pem"
},
"grpcOptions": {
"ssl-target-name-override": "peer1.org1.example.com"
}
}
},
"certificateAuthorities": {
"ca.org1.example.com": {
"url": "https://localhost:7054",
"caName": "ca-org1",
"tlsCACerts": {
"path": "crypto-config/peerOrganizations/org1.example.com/tlsca/tlsca.org1.example.com-cert.pem"
},
"httpOptions": {
"verify": false
}
}
}
}
Pretty sure I am missing something clearly obvious but not seeing it.
How can I use my updated swagger.json file?
I took my boilerplate swagger/v1/swagger.json code and pasted it into the editor.swagger.io system. I then updated the descriptions etc, added examples to my models and then saved the contents as swagger.json.
Moved the file into the root of my api application, set the file to copy always.
public void ConfigureServices(IServiceCollection services)
{...
services.AddSwaggerGen(c => { c.SwaggerDoc("V1", new Info {Title = "Decrypto", Version = "0.0"}); });
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
...
app.UseSwagger();
//--the default works fine
// app.UseSwaggerUI(c => { c.SwaggerEndpoint("/swagger/V1/swagger.json", "Decrypto v1"); });
app.UseSwaggerUI(c => { c.SwaggerEndpoint("swagger.json", "Decrypto v1"); });
app.UseMvc();
}
I have tried a few different variation but none seem to be the trick. I don't really want to rewrite the work in SwaggerDoc as it seems dirty to me put documentation in the runtime.
the custom swagger.json file I want to use looks like this:
{
"swagger": "2.0",
"info": {
"version": "0.0",
"title": "My Title"
},
"paths": {
"/api/Decryption": {
"post": {
"tags": [
"API for taking encrypted values and getting the decrypted values back"
],
"summary": "",
"description": "",
"operationId": "Post",
"consumes": [
"application/json-patch+json",
"application/json",
"text/json",
"application/*+json"
],
"produces": [
"text/plain",
"application/json",
"text/json"
],
"parameters": [
{
"name": "units",
"in": "body",
"required": true,
"schema": {
"uniqueItems": false,
"type": "array",
"items": {
"$ref": "#/definitions/EncryptedUnit"
}
}
}
],
"responses": {
"200": {
"description": "Success",
"schema": {
"uniqueItems": false,
"type": "array",
"items": {
"$ref": "#/definitions/DecryptedUnit"
}
}
}
}
}
}
},
"definitions": {
"EncryptedUnit": {
"type": "object",
"properties": {
"value": {
"type": "string",
"example": "7OjLFw=="
},
"initializeVector": {
"type": "string",
"example": "5YVg="
},
"cipherText": {
"type": "string",
"example": "596F5AA48A882"
}
}
},
"DecryptedUnit": {
"type": "object",
"properties": {
"encrypted": {
"type": "string",
"example": "7OjLV="
},
"decrypted": {
"type": "string",
"example": "555-55-5555"
}
}
}
}
}
you need to configure PhysicalFileProvider and put your swagger.json into wwwroot or anywhere accessible by PhysicalFileProvider. After that you can access it using IFileProvider
Reference: https://www.c-sharpcorner.com/article/file-providers-in-asp-net-core/
Edit If you just add app.UseStaticFiles(); into your StartUp, you can access wwwroot without hastle.
Reference
Completely Different Approach
you may also consider to serve your file using Controller/Action
public IActionResult GetSwaggerDoc()
{
var file = Path.Combine(Directory.GetCurrentDirectory(),
"MyStaticFiles", "swagger.json");
return PhysicalFile(file, "application/json");
}
.NET Core 2.2 could server physical file to url resource like below.
But if you use custom swagger json, your api is fixed except you change it every time.
public void Configure(IApplicationBuilder app, IHostingEnvironment env,
ILoggerFactory loggerFactory)
{
...
app.UseStaticFiles(new StaticFileOptions
{
FileProvider = new PhysicalFileProvider(
Path.Combine(Directory.GetCurrentDirectory(),
"swagger/v1/swagger.json")),
RequestPath = "swagger/v1/swagger.json"
});
}