add support for cert with password

Emby.Server.Core/ApplicationHost.cs

@@ -257,7 +257,7 @@ namespace Emby.Server.Core
         internal IPowerManagement PowerManagement { get; private set; }
         internal IImageEncoder ImageEncoder { get; private set; }
 
-        private readonly Action<string, string> _certificateGenerator;
+        private readonly Action<string, string, string> _certificateGenerator;
         private readonly Func<string> _defaultUserNameFactory;
 
         /// <summary>
@@ -274,7 +274,7 @@ namespace Emby.Server.Core
             ISystemEvents systemEvents,
             IMemoryStreamFactory memoryStreamFactory,
             INetworkManager networkManager,
-            Action<string, string> certificateGenerator,
+            Action<string, string, string> certificateGenerator,
             Func<string> defaultUsernameFactory)
             : base(applicationPaths,
                   logManager,
@@ -609,8 +609,8 @@ namespace Emby.Server.Core
 
             RegisterSingleInstance<ISearchEngine>(() => new SearchEngine(LogManager, LibraryManager, UserManager));
 
-            CertificatePath = GetCertificatePath(true);
-            Certificate = GetCertificate(CertificatePath);
+            CertificateInfo = GetCertificateInfo(true);
+            Certificate = GetCertificate(CertificateInfo);
 
             HttpServer = HttpServerFactory.CreateServer(this, LogManager, ServerConfigurationManager, NetworkManager, MemoryStreamFactory, "Emby", "web/index.html", textEncoding, SocketFactory, CryptographyProvider, JsonSerializer, XmlSerializer, EnvironmentInfo, Certificate, FileSystemManager, SupportsDualModeSockets);
             HttpServer.GlobalResponse = LocalizationManager.GetLocalizedString("StartupEmbyServerIsLoading");
@@ -745,8 +745,10 @@ namespace Emby.Server.Core
             }
         }
 
-        private ICertificate GetCertificate(string certificateLocation)
+        private ICertificate GetCertificate(CertificateInfo info)
         {
+            var certificateLocation = info == null ? null : info.Path;
+
             if (string.IsNullOrWhiteSpace(certificateLocation))
             {
                 return null;
@@ -759,7 +761,7 @@ namespace Emby.Server.Core
                     return null;
                 }
 
-                X509Certificate2 localCert = new X509Certificate2(certificateLocation);
+                X509Certificate2 localCert = new X509Certificate2(certificateLocation, info.Password);
                 //localCert.PrivateKey = PrivateKey.CreateFromFile(pvk_file).RSA;
                 if (!localCert.HasPrivateKey)
                 {
@@ -1064,7 +1066,7 @@ namespace Emby.Server.Core
             SyncManager.AddParts(GetExports<ISyncProvider>());
         }
 
-        private string CertificatePath { get; set; }
+        private CertificateInfo CertificateInfo { get; set; }
         private ICertificate Certificate { get; set; }
 
         private IEnumerable<string> GetUrlPrefixes()
@@ -1080,7 +1082,7 @@ namespace Emby.Server.Core
                     "http://"+i+":" + HttpPort + "/"
                 };
 
-                if (!string.IsNullOrWhiteSpace(CertificatePath))
+                if (CertificateInfo != null)
                 {
                     prefixes.Add("https://" + i + ":" + HttpsPort + "/");
                 }
@@ -1123,17 +1125,21 @@ namespace Emby.Server.Core
             }
         }
 
-        private string GetCertificatePath(bool generateCertificate)
+        private CertificateInfo GetCertificateInfo(bool generateCertificate)
         {
             if (!string.IsNullOrWhiteSpace(ServerConfigurationManager.Configuration.CertificatePath))
             {
                 // Custom cert
-                return ServerConfigurationManager.Configuration.CertificatePath;
+                return new CertificateInfo
+                {
+                    Path = ServerConfigurationManager.Configuration.CertificatePath
+                };
             }
 
             // Generate self-signed cert
             var certHost = GetHostnameFromExternalDns(ServerConfigurationManager.Configuration.WanDdns);
             var certPath = Path.Combine(ServerConfigurationManager.ApplicationPaths.ProgramDataPath, "ssl", "cert_" + (certHost + "1").GetMD5().ToString("N") + ".pfx");
+            var password = "embycert";
 
             if (generateCertificate)
             {
@@ -1143,7 +1149,7 @@ namespace Emby.Server.Core
 
                     try
                     {
-                        _certificateGenerator(certPath, certHost);
+                        _certificateGenerator(certPath, certHost, password);
                     }
                     catch (Exception ex)
                     {
@@ -1153,7 +1159,11 @@ namespace Emby.Server.Core
                 }
             }
 
-            return certPath;
+            return new CertificateInfo
+            {
+                Path = certPath,
+                Password = password
+            };
         }
 
         /// <summary>
@@ -1189,7 +1199,11 @@ namespace Emby.Server.Core
                 requiresRestart = true;
             }
 
-            if (!string.Equals(CertificatePath, GetCertificatePath(false), StringComparison.OrdinalIgnoreCase))
+            var currentCertPath = CertificateInfo == null ? null : CertificateInfo.Path;
+            var newCertInfo = GetCertificateInfo(false);
+            var newCertPath = newCertInfo == null ? null : newCertInfo.Path;
+
+            if (!string.Equals(currentCertPath, newCertPath, StringComparison.OrdinalIgnoreCase))
             {
                 requiresRestart = true;
             }
@@ -1779,6 +1793,11 @@ namespace Emby.Server.Core
         {
             Container.Register(typeInterface, typeImplementation);
         }
+    }
 
+    internal class CertificateInfo
+    {
+        public string Path { get; set; }
+        public string Password { get; set; }
     }
 }

MediaBrowser.Server.Mac/MacAppHost.cs

@@ -18,7 +18,7 @@ namespace MediaBrowser.Server.Mac
 {
 	public class MacAppHost : ApplicationHost
 	{
-        public MacAppHost(ServerApplicationPaths applicationPaths, ILogManager logManager, StartupOptions options, IFileSystem fileSystem, IPowerManagement powerManagement, string releaseAssetFilename, IEnvironmentInfo environmentInfo, MediaBrowser.Controller.Drawing.IImageEncoder imageEncoder, ISystemEvents systemEvents, IMemoryStreamFactory memoryStreamFactory, MediaBrowser.Common.Net.INetworkManager networkManager, Action<string, string> certificateGenerator, Func<string> defaultUsernameFactory) : base(applicationPaths, logManager, options, fileSystem, powerManagement, releaseAssetFilename, environmentInfo, imageEncoder, systemEvents, memoryStreamFactory, networkManager, certificateGenerator, defaultUsernameFactory)
+        public MacAppHost(ServerApplicationPaths applicationPaths, ILogManager logManager, StartupOptions options, IFileSystem fileSystem, IPowerManagement powerManagement, string releaseAssetFilename, IEnvironmentInfo environmentInfo, MediaBrowser.Controller.Drawing.IImageEncoder imageEncoder, ISystemEvents systemEvents, IMemoryStreamFactory memoryStreamFactory, MediaBrowser.Common.Net.INetworkManager networkManager, Action<string, string, string> certificateGenerator, Func<string> defaultUsernameFactory) : base(applicationPaths, logManager, options, fileSystem, powerManagement, releaseAssetFilename, environmentInfo, imageEncoder, systemEvents, memoryStreamFactory, networkManager, certificateGenerator, defaultUsernameFactory)
         {
         }
 

MediaBrowser.Server.Mono/MonoAppHost.cs

@@ -19,7 +19,7 @@ namespace MediaBrowser.Server.Mono
 {
     public class MonoAppHost : ApplicationHost
     {
-        public MonoAppHost(ServerApplicationPaths applicationPaths, ILogManager logManager, StartupOptions options, IFileSystem fileSystem, IPowerManagement powerManagement, string releaseAssetFilename, IEnvironmentInfo environmentInfo, MediaBrowser.Controller.Drawing.IImageEncoder imageEncoder, ISystemEvents systemEvents, IMemoryStreamFactory memoryStreamFactory, MediaBrowser.Common.Net.INetworkManager networkManager, Action<string, string> certificateGenerator, Func<string> defaultUsernameFactory) : base(applicationPaths, logManager, options, fileSystem, powerManagement, releaseAssetFilename, environmentInfo, imageEncoder, systemEvents, memoryStreamFactory, networkManager, certificateGenerator, defaultUsernameFactory)
+        public MonoAppHost(ServerApplicationPaths applicationPaths, ILogManager logManager, StartupOptions options, IFileSystem fileSystem, IPowerManagement powerManagement, string releaseAssetFilename, IEnvironmentInfo environmentInfo, MediaBrowser.Controller.Drawing.IImageEncoder imageEncoder, ISystemEvents systemEvents, IMemoryStreamFactory memoryStreamFactory, MediaBrowser.Common.Net.INetworkManager networkManager, Action<string, string, string> certificateGenerator, Func<string> defaultUsernameFactory) : base(applicationPaths, logManager, options, fileSystem, powerManagement, releaseAssetFilename, environmentInfo, imageEncoder, systemEvents, memoryStreamFactory, networkManager, certificateGenerator, defaultUsernameFactory)
         {
         }
 

MediaBrowser.Server.Mono/Program.cs

@@ -159,9 +159,9 @@ namespace MediaBrowser.Server.Mono
             Task.WaitAll(task);
         }
 
-        private static void GenerateCertificate(string certPath, string certHost)
+        private static void GenerateCertificate(string certPath, string certHost, string certPassword)
         {
-            CertificateGenerator.CreateSelfSignCertificatePfx(certPath, certHost, _logger);
+            CertificateGenerator.CreateSelfSignCertificatePfx(certPath, certHost, certPassword, _logger);
         }
 
         private static MonoEnvironmentInfo GetEnvironmentInfo()

MediaBrowser.Server.Startup.Common/Cryptography/CertificateGenerator.cs

@@ -12,6 +12,7 @@ namespace Emby.Common.Implementations.Security
         public static void CreateSelfSignCertificatePfx(
             string fileName,
             string hostname,
+            string password,
             ILogger logger)
         {
             if (string.IsNullOrWhiteSpace(fileName))

MediaBrowser.ServerApplication/MainStartup.cs

@@ -391,9 +391,9 @@ namespace MediaBrowser.ServerApplication
             }
         }
 
-        private static void GenerateCertificate(string certPath, string certHost)
+        private static void GenerateCertificate(string certPath, string certHost, string certPassword)
         {
-            CertificateGenerator.CreateSelfSignCertificatePfx(certPath, certHost, _logger);
+            CertificateGenerator.CreateSelfSignCertificatePfx(certPath, certHost, certPassword, _logger);
         }
 
         private static ServerNotifyIcon _serverNotifyIcon;

MediaBrowser.ServerApplication/WindowsAppHost.cs

@@ -25,7 +25,7 @@ namespace MediaBrowser.ServerApplication
 {
     public class WindowsAppHost : ApplicationHost
     {
-        public WindowsAppHost(ServerApplicationPaths applicationPaths, ILogManager logManager, StartupOptions options, IFileSystem fileSystem, IPowerManagement powerManagement, string releaseAssetFilename, IEnvironmentInfo environmentInfo, MediaBrowser.Controller.Drawing.IImageEncoder imageEncoder, ISystemEvents systemEvents, IMemoryStreamFactory memoryStreamFactory, MediaBrowser.Common.Net.INetworkManager networkManager, Action<string, string> certificateGenerator, Func<string> defaultUsernameFactory)
+        public WindowsAppHost(ServerApplicationPaths applicationPaths, ILogManager logManager, StartupOptions options, IFileSystem fileSystem, IPowerManagement powerManagement, string releaseAssetFilename, IEnvironmentInfo environmentInfo, MediaBrowser.Controller.Drawing.IImageEncoder imageEncoder, ISystemEvents systemEvents, IMemoryStreamFactory memoryStreamFactory, MediaBrowser.Common.Net.INetworkManager networkManager, Action<string, string, string> certificateGenerator, Func<string> defaultUsernameFactory)
             : base(applicationPaths, logManager, options, fileSystem, powerManagement, releaseAssetFilename, environmentInfo, imageEncoder, systemEvents, memoryStreamFactory, networkManager, certificateGenerator, defaultUsernameFactory)
         {
         }