From f92b517edae2629b8f0d61f19c6199fdeb10d17d Mon Sep 17 00:00:00 2001
From: softworkz <softworkz@hotmail.com>
Date: Tue, 29 Dec 2015 14:36:54 +0100
Subject: ServerConfigurationManager: Check if a specified SSL certificate can
 be used when configuration is saved

Emby can only use certificates in PFX format which include a private
key, and where the private key is not protected with a password.

Checking these conditions early helps to avoid misconfigurations and
reduce troubleshooting time...
---
 .../Configuration/ServerConfigurationManager.cs    | 37 ++++++++++++++++++++++
 1 file changed, 37 insertions(+)

(limited to 'MediaBrowser.Server.Implementations/Configuration/ServerConfigurationManager.cs')

diff --git a/MediaBrowser.Server.Implementations/Configuration/ServerConfigurationManager.cs b/MediaBrowser.Server.Implementations/Configuration/ServerConfigurationManager.cs
index a7d3854e7..f8266a43f 100644
--- a/MediaBrowser.Server.Implementations/Configuration/ServerConfigurationManager.cs
+++ b/MediaBrowser.Server.Implementations/Configuration/ServerConfigurationManager.cs
@@ -171,12 +171,49 @@ namespace MediaBrowser.Server.Implementations.Configuration
             ValidateItemByNamePath(newConfig);
             ValidatePathSubstitutions(newConfig);
             ValidateMetadataPath(newConfig);
+            ValidateSslCertificate(newConfig);
 
             EventHelper.FireEventIfNotNull(ConfigurationUpdating, this, new GenericEventArgs<ServerConfiguration> { Argument = newConfig }, Logger);
 
             base.ReplaceConfiguration(newConfiguration);
         }
 
+
+        /// <summary>
+        /// Validates the SSL certificate.
+        /// </summary>
+        /// <param name="newConfig">The new configuration.</param>
+        /// <exception cref="System.IO.DirectoryNotFoundException"></exception>
+        private void ValidateSslCertificate(BaseApplicationConfiguration newConfig)
+        {
+            var serverConfig = (ServerConfiguration)newConfig;
+
+            var certPath = serverConfig.CertificatePath;
+
+            if (!string.IsNullOrWhiteSpace(certPath))
+            {
+                // Validate
+                if (!File.Exists(certPath))
+                {
+                    throw new FileNotFoundException(string.Format("Certificate file '{0}' does not exist.", certPath));
+                }
+
+                try
+                {
+                    var cert = new System.Security.Cryptography.X509Certificates.X509Certificate2(certPath);
+
+                    if (cert.PrivateKey == null)
+                    {
+                        throw new ArgumentException("Certificate does not contain a private key!");
+                    }
+                }
+                catch (Exception ex)
+                {
+                    throw new ArgumentException(string.Format("Exception loading certificate: '{0}' - {1}", certPath, ex.Message));
+                }
+            }
+        }
+
         private void ValidatePathSubstitutions(ServerConfiguration newConfig)
         {
             foreach (var map in newConfig.PathSubstitutions)
-- 
cgit v1.2.3


From 2f75af85638284e32e695694db68c11b5061accf Mon Sep 17 00:00:00 2001
From: Luke Pulverenti <luke.pulverenti@gmail.com>
Date: Tue, 29 Dec 2015 12:15:19 -0500
Subject: update ValidateSslCertificate

---
 .../Configuration/ServerConfigurationManager.cs    | 23 +++++-----------------
 1 file changed, 5 insertions(+), 18 deletions(-)

(limited to 'MediaBrowser.Server.Implementations/Configuration/ServerConfigurationManager.cs')

diff --git a/MediaBrowser.Server.Implementations/Configuration/ServerConfigurationManager.cs b/MediaBrowser.Server.Implementations/Configuration/ServerConfigurationManager.cs
index f8266a43f..2f4c3f5ee 100644
--- a/MediaBrowser.Server.Implementations/Configuration/ServerConfigurationManager.cs
+++ b/MediaBrowser.Server.Implementations/Configuration/ServerConfigurationManager.cs
@@ -188,28 +188,15 @@ namespace MediaBrowser.Server.Implementations.Configuration
         {
             var serverConfig = (ServerConfiguration)newConfig;
 
-            var certPath = serverConfig.CertificatePath;
+            var newPath = serverConfig.CertificatePath;
 
-            if (!string.IsNullOrWhiteSpace(certPath))
+            if (!string.IsNullOrWhiteSpace(newPath)
+                && !string.Equals(Configuration.CertificatePath ?? string.Empty, newPath))
             {
                 // Validate
-                if (!File.Exists(certPath))
-                {
-                    throw new FileNotFoundException(string.Format("Certificate file '{0}' does not exist.", certPath));
-                }
-
-                try
-                {
-                    var cert = new System.Security.Cryptography.X509Certificates.X509Certificate2(certPath);
-
-                    if (cert.PrivateKey == null)
-                    {
-                        throw new ArgumentException("Certificate does not contain a private key!");
-                    }
-                }
-                catch (Exception ex)
+                if (!FileSystem.FileExists(newPath))
                 {
-                    throw new ArgumentException(string.Format("Exception loading certificate: '{0}' - {1}", certPath, ex.Message));
+                    throw new FileNotFoundException(string.Format("Certificate file '{0}' does not exist.", newPath));
                 }
             }
         }
-- 
cgit v1.2.3