prepare reset

Author: DeagleGross

src/BenchmarksApps/TLS/HttpSys/NetSh/NetshConfigurator.cs

@@ -5,6 +5,8 @@ public static class NetshConfigurator
         private static readonly NetShWrapper _netshWrapper = new();
         private static string _certThumbprint;
 
+        private static string _resetCertThumbprint;
+
         public static SslCertBinding PreConfigureNetsh(
             string httpsIpPort,
             int certPublicKeyLength = 2048,
@@ -43,22 +45,29 @@ public static SslCertBinding PreConfigureNetsh(
         public static void LogCurrentSslCertBinding(string httpsIpPort)
             => _netshWrapper.LogSslCertBinding(httpsIpPort);
 
-        public static void ResetNetshConfiguration(
-            string httpsIpPort,
-            int certPublicKeyLength = 4096)
+        public static void PrepareResetNetsh(string httpsIpPort, int certPublicKeyLength = 4096)
+        {
+            if (!_netshWrapper.TrySelfSignCertificate(httpsIpPort, certPublicKeyLength, out _resetCertThumbprint))
+            {
+                throw new ApplicationException($"Failed to self-sign a cert for '{httpsIpPort}'.");
+            }
+        }
+
+        public static void ResetNetshConfiguration(string httpsIpPort)
         {
             // delete cert binding and cert itself. We want it to be as clean and deterministic as possible (even if more actions are performed)
             _netshWrapper.DeleteBindingIfExists(httpsIpPort);
             SslCertificatesConfigurator.RemoveCertificate(_certThumbprint);
 
-            if (!_netshWrapper.TrySelfSignCertificate(httpsIpPort, certPublicKeyLength, out _certThumbprint))
+            if (string.IsNullOrEmpty(_resetCertThumbprint))
             {
-                throw new ApplicationException($"Failed to self-sign a cert for '{httpsIpPort}'.");
+                throw new ApplicationException($"Reset certificate is not prepared for '{httpsIpPort}'.");
             }
 
+            // reset certificate was prepared in advance - just bind it at this moment
             _netshWrapper.AddCertBinding(
                 httpsIpPort,
-                _certThumbprint,
+                _resetCertThumbprint,
                 disablesessionid: NetShFlag.NotSet,
                 enablesessionticket: NetShFlag.NotSet,
                 clientCertNegotiation: NetShFlag.NotSet);

src/BenchmarksApps/TLS/HttpSys/Program.cs

@@ -29,6 +29,9 @@
     disablesessionid: NetShFlag.Enable,
     enableSessionTicket: NetShFlag.Disabled);
 
+// because app shutdown is on a timeout, we need to prepare the reset (pre-generate certificate)
+NetshConfigurator.PrepareResetNetsh(httpsIpPort, certPublicKeyLength: 4096);
+
 #pragma warning disable CA1416 // Can be launched only on Windows (HttpSys)
 builder.WebHost.UseHttpSys(options =>
 {
@@ -137,5 +140,5 @@
 Console.WriteLine("Application stopped.");
 
 Console.WriteLine("Starting netsh rollback configuration...");
-NetshConfigurator.ResetNetshConfiguration(httpsIpPort, certPublicKeyLength: 4096); // a default value
+NetshConfigurator.ResetNetshConfiguration(httpsIpPort);
 Console.WriteLine($"Reset netsh (ipport={httpsIpPort}) completed.");