From a788d271c2fe9856db13636d5cd3376ce8fc2e25 Mon Sep 17 00:00:00 2001
From: Jose <jose@zeroc.com>
Date: Tue, 10 Sep 2024 16:23:40 +0200
Subject: [PATCH] Upgrade examples to use ServerCertificateContext - Fix #3981

---
 examples/protobuf/GenericHost/Server/Program.cs    | 11 +++++++----
 examples/protobuf/GenericHost/Server/Server.csproj |  6 ++++++
 examples/protobuf/Quic/Server/Program.cs           |  5 ++++-
 examples/protobuf/Quic/Server/Server.csproj        |  6 ++++++
 examples/protobuf/Secure/Server/Program.cs         |  5 ++++-
 examples/protobuf/Secure/Server/Server.csproj      |  6 ++++++
 examples/protobuf/TcpFallback/Server/Program.cs    |  9 +++++++--
 examples/protobuf/TcpFallback/Server/Server.csproj |  6 ++++++
 examples/slice/GenericHost/Server/Program.cs       | 11 +++++++----
 examples/slice/GenericHost/Server/Server.csproj    |  6 ++++++
 examples/slice/Quic/Server/Program.cs              |  8 +++++---
 examples/slice/Quic/Server/Server.csproj           |  6 ++++++
 examples/slice/Secure/Server/Program.cs            |  5 ++++-
 examples/slice/Secure/Server/Server.csproj         |  6 ++++++
 examples/slice/TcpFallback/Server/Program.cs       |  9 +++++++--
 examples/slice/TcpFallback/Server/Server.csproj    |  6 ++++++
 16 files changed, 93 insertions(+), 18 deletions(-)

diff --git a/examples/protobuf/GenericHost/Server/Program.cs b/examples/protobuf/GenericHost/Server/Program.cs
index 2d311aca9..87835cde9 100644
--- a/examples/protobuf/GenericHost/Server/Program.cs
+++ b/examples/protobuf/GenericHost/Server/Program.cs
@@ -35,12 +35,15 @@
             .Bind(hostContext.Configuration.GetSection("Server"))
             .Configure(options =>
             {
+                string certificatePath = Path.Combine(
+                    hostContext.HostingEnvironment.ContentRootPath,
+                    hostContext.Configuration.GetValue<string>("Certificate:File")!);
+
                 options.ServerAuthenticationOptions = new SslServerAuthenticationOptions
                 {
-                    ServerCertificate = new X509Certificate2(
-                        Path.Combine(
-                            hostContext.HostingEnvironment.ContentRootPath,
-                            hostContext.Configuration.GetValue<string>("Certificate:File")!))
+                    ServerCertificateContext = SslStreamCertificateContext.Create(
+                        X509CertificateLoader.LoadPkcs12FromFile(certificatePath, password: null),
+                        X509CertificateLoader.LoadPkcs12CollectionFromFile(certificatePath, password: null))
                 };
             });
 
diff --git a/examples/protobuf/GenericHost/Server/Server.csproj b/examples/protobuf/GenericHost/Server/Server.csproj
index 837fcd3c5..599913df9 100644
--- a/examples/protobuf/GenericHost/Server/Server.csproj
+++ b/examples/protobuf/GenericHost/Server/Server.csproj
@@ -21,6 +21,12 @@
       <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
     </None>
   </ItemGroup>
+
+  <!-- Required for X509CertificateLoader with .NET 8-->
+  <ItemGroup Condition="'$(TargetFramework)' == 'net8.0'">
+    <PackageReference Include="Microsoft.Bcl.Cryptography" Version="9.0.0-preview.*" />
+  </ItemGroup>
+
   <ItemGroup>
     <ProtoFile Include="../proto/greeter.proto" />
     <PackageReference Include="Microsoft.Extensions.Hosting" Version="8.0.*" />
diff --git a/examples/protobuf/Quic/Server/Program.cs b/examples/protobuf/Quic/Server/Program.cs
index 3c8ed7cc8..16228eb09 100644
--- a/examples/protobuf/Quic/Server/Program.cs
+++ b/examples/protobuf/Quic/Server/Program.cs
@@ -7,11 +7,14 @@
 using System.Security.Cryptography.X509Certificates;
 
 // Create a server that uses the test server certificate, and the QUIC multiplexed transport.
+string certificatePath = "../../../../certs/server.p12";
 await using var server = new Server(
     new Chatbot(),
     new SslServerAuthenticationOptions
     {
-        ServerCertificate = new X509Certificate2("../../../../certs/server.p12")
+        ServerCertificateContext = SslStreamCertificateContext.Create(
+            X509CertificateLoader.LoadPkcs12FromFile(certificatePath, password: null),
+            X509CertificateLoader.LoadPkcs12CollectionFromFile(certificatePath, password: null))
     },
     multiplexedServerTransport: new QuicServerTransport());
 
diff --git a/examples/protobuf/Quic/Server/Server.csproj b/examples/protobuf/Quic/Server/Server.csproj
index 9610f5a22..d5a730774 100644
--- a/examples/protobuf/Quic/Server/Server.csproj
+++ b/examples/protobuf/Quic/Server/Server.csproj
@@ -10,6 +10,12 @@
     <!-- Enable preview features to use the QUIC transport -->
     <EnablePreviewFeatures>True</EnablePreviewFeatures>
   </PropertyGroup>
+
+  <!-- Required for X509CertificateLoader with .NET 8-->
+  <ItemGroup Condition="'$(TargetFramework)' == 'net8.0'">
+    <PackageReference Include="Microsoft.Bcl.Cryptography" Version="9.0.0-preview.*" />
+  </ItemGroup>
+
   <ItemGroup>
     <ProtoFile Include="../proto/greeter.proto" />
     <Compile Include="../../../common/Program.CancelKeyPressed.cs" Link="Program.CancelKeyPressed.cs" />
diff --git a/examples/protobuf/Secure/Server/Program.cs b/examples/protobuf/Secure/Server/Program.cs
index b4da85225..6ba39f8da 100644
--- a/examples/protobuf/Secure/Server/Program.cs
+++ b/examples/protobuf/Secure/Server/Program.cs
@@ -6,9 +6,12 @@
 using System.Security.Cryptography.X509Certificates;
 
 // Create the authentication options using the test server certificate.
+string certificatePath = "../../../../certs/server.p12";
 var serverAuthenticationOptions = new SslServerAuthenticationOptions()
 {
-    ServerCertificate = new X509Certificate2("../../../../certs/server.p12")
+    ServerCertificateContext = SslStreamCertificateContext.Create(
+        X509CertificateLoader.LoadPkcs12FromFile(certificatePath, password: null),
+        X509CertificateLoader.LoadPkcs12CollectionFromFile(certificatePath, password: null))
 };
 
 await using var server = new Server(new Chatbot(), serverAuthenticationOptions);
diff --git a/examples/protobuf/Secure/Server/Server.csproj b/examples/protobuf/Secure/Server/Server.csproj
index 235b3cd8e..34b7ca160 100644
--- a/examples/protobuf/Secure/Server/Server.csproj
+++ b/examples/protobuf/Secure/Server/Server.csproj
@@ -8,6 +8,12 @@
     <!-- Copy the PDBs from the NuGet packages to get file names and line numbers in stack traces. -->
     <CopyDebugSymbolFilesFromPackages>true</CopyDebugSymbolFilesFromPackages>
   </PropertyGroup>
+
+  <!-- Required for X509CertificateLoader with .NET 8-->
+  <ItemGroup Condition="'$(TargetFramework)' == 'net8.0'">
+    <PackageReference Include="Microsoft.Bcl.Cryptography" Version="9.0.0-preview.*" />
+  </ItemGroup>
+
   <ItemGroup>
     <ProtoFile Include="../proto/greeter.proto" />
     <PackageReference Include="IceRpc.Protobuf.Tools" Version="$(IceRpcVersion)" PrivateAssets="All" />
diff --git a/examples/protobuf/TcpFallback/Server/Program.cs b/examples/protobuf/TcpFallback/Server/Program.cs
index 9fc1d5385..e65bec5d4 100644
--- a/examples/protobuf/TcpFallback/Server/Program.cs
+++ b/examples/protobuf/TcpFallback/Server/Program.cs
@@ -18,11 +18,14 @@
     .Map<IGreeterService>(new Chatbot());
 
 // Create two servers that share the same dispatch pipeline.
+string certificatePath = "../../../../certs/server.p12";
 await using var quicServer = new Server(
     router,
     new SslServerAuthenticationOptions
     {
-        ServerCertificate = new X509Certificate2("../../../../certs/server.p12")
+        ServerCertificateContext = SslStreamCertificateContext.Create(
+            X509CertificateLoader.LoadPkcs12FromFile(certificatePath, password: null),
+            X509CertificateLoader.LoadPkcs12CollectionFromFile(certificatePath, password: null))
     },
     multiplexedServerTransport: new QuicServerTransport(),
     logger: loggerFactory.CreateLogger<Server>());
@@ -33,7 +36,9 @@
     router,
     new SslServerAuthenticationOptions
     {
-        ServerCertificate = new X509Certificate2("../../../../certs/server.p12")
+        ServerCertificateContext = SslStreamCertificateContext.Create(
+            X509CertificateLoader.LoadPkcs12FromFile(certificatePath, password: null),
+            X509CertificateLoader.LoadPkcs12CollectionFromFile(certificatePath, password: null))
     },
     logger: loggerFactory.CreateLogger<Server>());
 
diff --git a/examples/protobuf/TcpFallback/Server/Server.csproj b/examples/protobuf/TcpFallback/Server/Server.csproj
index 387cd9afb..e09b520d4 100644
--- a/examples/protobuf/TcpFallback/Server/Server.csproj
+++ b/examples/protobuf/TcpFallback/Server/Server.csproj
@@ -10,6 +10,12 @@
     <!-- Enable preview features to use the QUIC transport -->
     <EnablePreviewFeatures>True</EnablePreviewFeatures>
   </PropertyGroup>
+
+  <!-- Required for X509CertificateLoader with .NET 8-->
+  <ItemGroup Condition="'$(TargetFramework)' == 'net8.0'">
+    <PackageReference Include="Microsoft.Bcl.Cryptography" Version="9.0.0-preview.*" />
+  </ItemGroup>
+
   <ItemGroup>
     <ProtoFile Include="../proto/greeter.proto" />
     <PackageReference Include="Microsoft.Extensions.Logging" Version="8.0.*" />
diff --git a/examples/slice/GenericHost/Server/Program.cs b/examples/slice/GenericHost/Server/Program.cs
index 58c49d67e..a716fb21f 100644
--- a/examples/slice/GenericHost/Server/Program.cs
+++ b/examples/slice/GenericHost/Server/Program.cs
@@ -35,12 +35,15 @@
             .Bind(hostContext.Configuration.GetSection("Server"))
             .Configure(options =>
             {
+                string certificatePath = Path.Combine(
+                    hostContext.HostingEnvironment.ContentRootPath,
+                    hostContext.Configuration.GetValue<string>("Certificate:File")!);
+
                 options.ServerAuthenticationOptions = new SslServerAuthenticationOptions
                 {
-                    ServerCertificate = new X509Certificate2(
-                        Path.Combine(
-                            hostContext.HostingEnvironment.ContentRootPath,
-                            hostContext.Configuration.GetValue<string>("Certificate:File")!))
+                    ServerCertificateContext = SslStreamCertificateContext.Create(
+                        X509CertificateLoader.LoadPkcs12FromFile(certificatePath, password: null),
+                        X509CertificateLoader.LoadPkcs12CollectionFromFile(certificatePath, password: null))
                 };
             });
 
diff --git a/examples/slice/GenericHost/Server/Server.csproj b/examples/slice/GenericHost/Server/Server.csproj
index f402bdc23..18b0f7fd6 100644
--- a/examples/slice/GenericHost/Server/Server.csproj
+++ b/examples/slice/GenericHost/Server/Server.csproj
@@ -21,6 +21,12 @@
       <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
     </None>
   </ItemGroup>
+
+  <!-- Required for X509CertificateLoader with .NET 8-->
+  <ItemGroup Condition="'$(TargetFramework)' == 'net8.0'">
+    <PackageReference Include="Microsoft.Bcl.Cryptography" Version="9.0.0-preview.*" />
+  </ItemGroup>
+
   <ItemGroup>
     <SliceFile Include="../slice/Greeter.slice" />
     <PackageReference Include="Microsoft.Extensions.Hosting" Version="8.0.*" />
diff --git a/examples/slice/Quic/Server/Program.cs b/examples/slice/Quic/Server/Program.cs
index 3c8ed7cc8..6304c8179 100644
--- a/examples/slice/Quic/Server/Program.cs
+++ b/examples/slice/Quic/Server/Program.cs
@@ -7,13 +7,15 @@
 using System.Security.Cryptography.X509Certificates;
 
 // Create a server that uses the test server certificate, and the QUIC multiplexed transport.
+string certificatePath = "../../../../certs/server.p12";
 await using var server = new Server(
     new Chatbot(),
     new SslServerAuthenticationOptions
     {
-        ServerCertificate = new X509Certificate2("../../../../certs/server.p12")
-    },
-    multiplexedServerTransport: new QuicServerTransport());
+        ServerCertificateContext = SslStreamCertificateContext.Create(
+            X509CertificateLoader.LoadPkcs12FromFile(certificatePath, password: null),
+            X509CertificateLoader.LoadPkcs12CollectionFromFile(certificatePath, password: null))
+    });
 
 server.Listen();
 
diff --git a/examples/slice/Quic/Server/Server.csproj b/examples/slice/Quic/Server/Server.csproj
index 40c80b18b..ee6f7ded1 100644
--- a/examples/slice/Quic/Server/Server.csproj
+++ b/examples/slice/Quic/Server/Server.csproj
@@ -10,6 +10,12 @@
     <!-- Enable preview features to use the QUIC transport -->
     <EnablePreviewFeatures>True</EnablePreviewFeatures>
   </PropertyGroup>
+
+  <!-- Required for X509CertificateLoader with .NET 8-->
+  <ItemGroup Condition="'$(TargetFramework)' == 'net8.0'">
+    <PackageReference Include="Microsoft.Bcl.Cryptography" Version="9.0.0-preview.*" />
+  </ItemGroup>
+
   <ItemGroup>
     <SliceFile Include="../slice/Greeter.slice" />
     <Compile Include="../../../common/Program.CancelKeyPressed.cs" Link="Program.CancelKeyPressed.cs" />
diff --git a/examples/slice/Secure/Server/Program.cs b/examples/slice/Secure/Server/Program.cs
index b4da85225..6ba39f8da 100644
--- a/examples/slice/Secure/Server/Program.cs
+++ b/examples/slice/Secure/Server/Program.cs
@@ -6,9 +6,12 @@
 using System.Security.Cryptography.X509Certificates;
 
 // Create the authentication options using the test server certificate.
+string certificatePath = "../../../../certs/server.p12";
 var serverAuthenticationOptions = new SslServerAuthenticationOptions()
 {
-    ServerCertificate = new X509Certificate2("../../../../certs/server.p12")
+    ServerCertificateContext = SslStreamCertificateContext.Create(
+        X509CertificateLoader.LoadPkcs12FromFile(certificatePath, password: null),
+        X509CertificateLoader.LoadPkcs12CollectionFromFile(certificatePath, password: null))
 };
 
 await using var server = new Server(new Chatbot(), serverAuthenticationOptions);
diff --git a/examples/slice/Secure/Server/Server.csproj b/examples/slice/Secure/Server/Server.csproj
index e33adfc40..41a385eb4 100644
--- a/examples/slice/Secure/Server/Server.csproj
+++ b/examples/slice/Secure/Server/Server.csproj
@@ -8,6 +8,12 @@
     <!-- Copy the PDBs from the NuGet packages to get file names and line numbers in stack traces. -->
     <CopyDebugSymbolFilesFromPackages>true</CopyDebugSymbolFilesFromPackages>
   </PropertyGroup>
+
+  <!-- Required for X509CertificateLoader with .NET 8-->
+  <ItemGroup Condition="'$(TargetFramework)' == 'net8.0'">
+    <PackageReference Include="Microsoft.Bcl.Cryptography" Version="9.0.0-preview.*" />
+  </ItemGroup>
+  
   <ItemGroup>
     <SliceFile Include="../slice/Greeter.slice" />
     <PackageReference Include="IceRpc.Slice.Tools" Version="$(IceRpcVersion)" PrivateAssets="All" />
diff --git a/examples/slice/TcpFallback/Server/Program.cs b/examples/slice/TcpFallback/Server/Program.cs
index 9fc1d5385..e65bec5d4 100644
--- a/examples/slice/TcpFallback/Server/Program.cs
+++ b/examples/slice/TcpFallback/Server/Program.cs
@@ -18,11 +18,14 @@
     .Map<IGreeterService>(new Chatbot());
 
 // Create two servers that share the same dispatch pipeline.
+string certificatePath = "../../../../certs/server.p12";
 await using var quicServer = new Server(
     router,
     new SslServerAuthenticationOptions
     {
-        ServerCertificate = new X509Certificate2("../../../../certs/server.p12")
+        ServerCertificateContext = SslStreamCertificateContext.Create(
+            X509CertificateLoader.LoadPkcs12FromFile(certificatePath, password: null),
+            X509CertificateLoader.LoadPkcs12CollectionFromFile(certificatePath, password: null))
     },
     multiplexedServerTransport: new QuicServerTransport(),
     logger: loggerFactory.CreateLogger<Server>());
@@ -33,7 +36,9 @@
     router,
     new SslServerAuthenticationOptions
     {
-        ServerCertificate = new X509Certificate2("../../../../certs/server.p12")
+        ServerCertificateContext = SslStreamCertificateContext.Create(
+            X509CertificateLoader.LoadPkcs12FromFile(certificatePath, password: null),
+            X509CertificateLoader.LoadPkcs12CollectionFromFile(certificatePath, password: null))
     },
     logger: loggerFactory.CreateLogger<Server>());
 
diff --git a/examples/slice/TcpFallback/Server/Server.csproj b/examples/slice/TcpFallback/Server/Server.csproj
index 1e1b8d3b0..1f3de2d2e 100644
--- a/examples/slice/TcpFallback/Server/Server.csproj
+++ b/examples/slice/TcpFallback/Server/Server.csproj
@@ -10,6 +10,12 @@
     <!-- Enable preview features to use the QUIC transport -->
     <EnablePreviewFeatures>True</EnablePreviewFeatures>
   </PropertyGroup>
+
+  <!-- Required for X509CertificateLoader with .NET 8-->
+  <ItemGroup Condition="'$(TargetFramework)' == 'net8.0'">
+    <PackageReference Include="Microsoft.Bcl.Cryptography" Version="9.0.0-preview.*" />
+  </ItemGroup>
+
   <ItemGroup>
     <SliceFile Include="../slice/Greeter.slice" />
     <PackageReference Include="Microsoft.Extensions.Logging" Version="8.0.*" />