nah delete cert is a good step

DeagleGross · DeagleGross · commit daff6fb688ea · 2025-04-02T21:30:11.000+02:00
diff --git a/src/BenchmarksApps/TLS/HttpSys/NetSh/NetshConfigurator.cs b/src/BenchmarksApps/TLS/HttpSys/NetSh/NetshConfigurator.cs
@@ -16,12 +16,11 @@ public static SslCertBinding PreConfigureNetsh(
             // and also delete a certificate which is bound to the netsh
             if (_netshWrapper.TryGetSslCertBinding(httpsIpPort, out var sslCertBinding))
             {
-                _certThumbprint = sslCertBinding.CertificateThumbprint;
+                SslCertificatesConfigurator.RemoveCertificate(sslCertBinding.CertificateThumbprint);
                 _netshWrapper.DeleteBindingIfExists(httpsIpPort);
             }
 
-            if (string.IsNullOrEmpty(_certThumbprint) // only need to self-sign if we dont have a cert in a store, otherwise just reuse it
-                && !_netshWrapper.TrySelfSignCertificate(httpsIpPort, certPublicKeyLength, out _certThumbprint))
+            if (!_netshWrapper.TrySelfSignCertificate(httpsIpPort, certPublicKeyLength, out _certThumbprint))
             {
                 throw new ApplicationException($"Failed to setup ssl binding for '{httpsIpPort}'.");
             }
@@ -41,15 +40,18 @@ public static SslCertBinding PreConfigureNetsh(
             return sslCertBinding;
         }
 
-        public static void LogCurrentSslCertBinding(string httpsIpPort) => _netshWrapper.LogSslCertBinding(httpsIpPort);
+        public static void LogCurrentSslCertBinding(string httpsIpPort)
+            => _netshWrapper.LogSslCertBinding(httpsIpPort);
 
         public static void ResetNetshConfiguration(
             string httpsIpPort,
             int certPublicKeyLength = 4096)
         {
+            // delete cert binding and cert itself. We want it to be as clean and deterministic as possible (even if more actions are performed)
             _netshWrapper.DeleteBindingIfExists(httpsIpPort);
-            if (string.IsNullOrEmpty(_certThumbprint) // again - if cert already exists, we can just reuse it
-                && !_netshWrapper.TrySelfSignCertificate(httpsIpPort, certPublicKeyLength, out _certThumbprint))
+            SslCertificatesConfigurator.RemoveCertificate(_certThumbprint);
+
+            if (!_netshWrapper.TrySelfSignCertificate(httpsIpPort, certPublicKeyLength, out _certThumbprint))
             {
                 throw new ApplicationException($"Failed to self-sign a cert for '{httpsIpPort}'.");
             }

Original file line number	Diff line number	Diff line change
`@@ -16,12 +16,11 @@ public static SslCertBinding PreConfigureNetsh(`
`16`	`16`	`// and also delete a certificate which is bound to the netsh`
`17`	`17`	`if (_netshWrapper.TryGetSslCertBinding(httpsIpPort, out var sslCertBinding))`
`18`	`18`	`{`
`19`		`- _certThumbprint = sslCertBinding.CertificateThumbprint;`
	`19`	`+ SslCertificatesConfigurator.RemoveCertificate(sslCertBinding.CertificateThumbprint);`
`20`	`20`	`_netshWrapper.DeleteBindingIfExists(httpsIpPort);`
`21`	`21`	`}`
`22`	`22`
`23`		`- if (string.IsNullOrEmpty(_certThumbprint) // only need to self-sign if we dont have a cert in a store, otherwise just reuse it`
`24`		`- && !_netshWrapper.TrySelfSignCertificate(httpsIpPort, certPublicKeyLength, out _certThumbprint))`
	`23`	`+ if (!_netshWrapper.TrySelfSignCertificate(httpsIpPort, certPublicKeyLength, out _certThumbprint))`
`25`	`24`	`{`
`26`	`25`	`throw new ApplicationException($"Failed to setup ssl binding for '{httpsIpPort}'.");`
`27`	`26`	`}`
`@@ -41,15 +40,18 @@ public static SslCertBinding PreConfigureNetsh(`
`41`	`40`	`return sslCertBinding;`
`42`	`41`	`}`
`43`	`42`
`44`		`- public static void LogCurrentSslCertBinding(string httpsIpPort) => _netshWrapper.LogSslCertBinding(httpsIpPort);`
	`43`	`+ public static void LogCurrentSslCertBinding(string httpsIpPort)`
	`44`	`+ => _netshWrapper.LogSslCertBinding(httpsIpPort);`
`45`	`45`
`46`	`46`	`public static void ResetNetshConfiguration(`
`47`	`47`	`string httpsIpPort,`
`48`	`48`	`int certPublicKeyLength = 4096)`
`49`	`49`	`{`
	`50`	`+ // delete cert binding and cert itself. We want it to be as clean and deterministic as possible (even if more actions are performed)`
`50`	`51`	`_netshWrapper.DeleteBindingIfExists(httpsIpPort);`
`51`		`- if (string.IsNullOrEmpty(_certThumbprint) // again - if cert already exists, we can just reuse it`
`52`		`- && !_netshWrapper.TrySelfSignCertificate(httpsIpPort, certPublicKeyLength, out _certThumbprint))`
	`52`	`+ SslCertificatesConfigurator.RemoveCertificate(_certThumbprint);`
	`53`	`+`
	`54`	`+ if (!_netshWrapper.TrySelfSignCertificate(httpsIpPort, certPublicKeyLength, out _certThumbprint))`
`53`	`55`	`{`
`54`	`56`	`throw new ApplicationException($"Failed to self-sign a cert for '{httpsIpPort}'.");`
`55`	`57`	`}`