dont use scripts

Author: DeagleGross

scenarios/tls.benchmarks.yml

@@ -55,9 +55,6 @@ scenarios:
         mTLS: true
         tlsRenegotiation: true
         certValidationConsoleEnabled: false # only for debug purposes
-      options:
-        beforeScript: "powershell -File .\\setup-httpsys.ps1"
-        afterScript: "powershell -File .\\shutdown-httpsys.ps1"
     load:
       job: httpclient
       variables:

src/BenchmarksApps/TLS/HttpSys/HttpSys.csproj

@@ -7,9 +7,6 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <None Update="scripts\setup-httpsys.ps1">
-      <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
-    </None>
     <None Update="testCert.pfx">
       <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
     </None>

src/BenchmarksApps/TLS/HttpSys/NetShWrapper.cs

@@ -0,0 +1,73 @@
+using System.Diagnostics;
+using System.Security.Cryptography.X509Certificates;
+
+namespace HttpSys
+{
+    public static class NetShWrapper
+    {
+        public static void DisableHttpSysMutualTls(string ipPort)
+        {
+            Console.WriteLine("Disabling mTLS for http.sys");
+
+            string command = $"http delete sslcert ipport={ipPort}";
+            ExecuteNetShCommand(command);
+
+            Console.WriteLine("Disabled http.sys settings for mTLS");
+        }
+
+        public static bool HttpSysCertBindingExists(string ipPort)
+        {
+            return true;
+        }
+
+        public static void EnableHttpSysMutualTls(string ipPort)
+        {
+            Console.WriteLine("Setting up mTLS for http.sys");
+
+            var certificate = LoadCertificate();
+            Console.WriteLine("Loaded `testCert.pfx` from local file system");
+            using (var store = new X509Store(StoreName.My, StoreLocation.LocalMachine))
+            {
+                store.Open(OpenFlags.ReadWrite);
+                store.Add(certificate);
+                Console.WriteLine("Added `testCert.pfx` to localMachine cert store");
+                store.Close();
+            }
+
+            string certThumbprint = certificate.Thumbprint;
+            string appId = Guid.NewGuid().ToString();
+
+            string command = $"http add sslcert ipport={ipPort} certstorename=MY certhash={certThumbprint} appid={{{appId}}} clientcertnegotiation=enable";
+            ExecuteNetShCommand(command);
+
+            Console.WriteLine("Configured http.sys settings for mTLS");
+        }
+
+        private static void ExecuteNetShCommand(string command)
+        {
+            ProcessStartInfo processInfo = new ProcessStartInfo("netsh", command)
+            {
+                RedirectStandardOutput = true,
+                RedirectStandardError = true,
+                UseShellExecute = false,
+                CreateNoWindow = true
+            };
+
+            Console.WriteLine($"Executing command: `netsh {command}`");
+            using Process process = Process.Start(processInfo)!;
+            string output = process.StandardOutput.ReadToEnd();
+            process.WaitForExit();
+
+            if (process.ExitCode != 0)
+            {
+                throw new InvalidOperationException($"netsh command execution failure: {output}");
+            }
+        }
+
+#pragma warning disable SYSLIB0057 // Type or member is obsolete
+        private static X509Certificate2 LoadCertificate() => File.Exists("testCert.pfx")
+            ? new X509Certificate2("testCert.pfx", "testPassword", X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.Exportable)
+            : new X509Certificate2("../testCert.pfx", "testPassword", X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.Exportable);
+#pragma warning restore SYSLIB0057 // Type or member is obsolete
+    }
+}

src/BenchmarksApps/TLS/HttpSys/Program.cs

@@ -1,15 +1,18 @@
-using System.Diagnostics;
-using System.Security.Cryptography.X509Certificates;
+using HttpSys;
 using Microsoft.AspNetCore.Server.HttpSys;
 
 var builder = WebApplication.CreateBuilder(args);
 builder.Logging.ClearProviders();
 
+Console.WriteLine($"args: {string.Join(" ", args)}");
+Console.WriteLine();
+
 var writeCertValidationEventsToConsole = bool.TryParse(builder.Configuration["certValidationConsoleEnabled"], out var certValidationConsoleEnabled) && certValidationConsoleEnabled;
 var statsEnabled = bool.TryParse(builder.Configuration["statsEnabled"], out var connectionStatsEnabledConfig) && connectionStatsEnabledConfig;
 var mTlsEnabled = bool.TryParse(builder.Configuration["mTLS"], out var mTlsEnabledConfig) && mTlsEnabledConfig;
 var tlsRenegotiationEnabled = bool.TryParse(builder.Configuration["tlsRenegotiation"], out var tlsRenegotiationEnabledConfig) && tlsRenegotiationEnabledConfig;
 var listeningEndpoints = builder.Configuration["urls"] ?? "https://localhost:5000/";
+var httpsIpPort = listeningEndpoints.Split(";").First(x => x.Contains("https")).Replace("https://", "");
 
 #pragma warning disable CA1416 // Can be launched only on Windows (HttpSys)
 builder.WebHost.UseHttpSys(options =>
@@ -19,7 +22,7 @@
 });
 #pragma warning restore CA1416 // Can be launched only on Windows (HttpSys)
 
-var app = builder.Build();  
+var app = builder.Build();
 
 app.MapGet("/hello-world", () =>
 {
@@ -43,13 +46,30 @@
 
 if (mTlsEnabled)
 {
+    var hostAppLifetime = app.Services.GetService<IHostApplicationLifetime>();
+    hostAppLifetime!.ApplicationStopping.Register(OnShutdown);
+
+    void OnShutdown()
+    {
+        try
+        {
+            NetShWrapper.DisableHttpSysMutualTls(ipPort: httpsIpPort);
+        }
+        catch
+        {
+            Console.WriteLine("Failed to disable HTTP.SYS mTLS settings");
+            throw;
+        }
+    }
+
     try
     {
-        ConfigureHttpSysForMutualTls();
+        NetShWrapper.EnableHttpSysMutualTls(ipPort: httpsIpPort);
     }
-    catch (Exception ex)
+    catch
     {
-        throw new Exception($"Http.Sys configuration for mTLS failed. Current dir: {Directory.GetCurrentDirectory()}", innerException: ex);
+        Console.WriteLine($"Http.Sys configuration for mTLS failed");
+        throw;
     }
 }
 
@@ -105,39 +125,3 @@
 Console.WriteLine("Application started.");
 await app.WaitForShutdownAsync();
 
-void ConfigureHttpSysForMutualTls()
-{
-    Console.WriteLine("Setting up mTLS for http.sys");
-
-    var certificate = new X509Certificate2("../testCert.pfx", "testPassword", X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.Exportable);
-    using (var store = new X509Store(StoreName.My, StoreLocation.LocalMachine))
-    {
-        store.Open(OpenFlags.ReadWrite);
-        store.Add(certificate);
-        store.Close();
-    }
-
-    string certThumbprint = certificate.Thumbprint;
-    string appId = Guid.NewGuid().ToString();
-
-    string command = $"http add sslcert ipport=0.0.0.0:5000 certhash={certThumbprint} appid={{{appId}}} clientcertnegotiation=enable";
-    ProcessStartInfo processInfo = new ProcessStartInfo("netsh", command)
-    {
-        RedirectStandardOutput = true,
-        RedirectStandardError = true,
-        UseShellExecute = false,
-        CreateNoWindow = true
-    };
-
-    using Process process = Process.Start(processInfo)!;
-    string output = process.StandardOutput.ReadToEnd();
-    string error = process.StandardError.ReadToEnd();
-    process.WaitForExit();
-
-    if (process.ExitCode != 0)
-    {
-        throw new InvalidOperationException($"Failed to configure http.sys: {error}");
-    }
-
-    Console.WriteLine("Configured http.sys settings for mTLS");
-}