// Requests a certificate to be generated by the Bridge
// If the certificate requested is for the local machine, for example if
// server hostname is: foo.bar.com
// local address is considered to be: 127.0.0.1, localhost, foo, foo.bar.com
// Then we also install the certificate to the local machine, because it means we are about to run an HTTPS/SSL test against
// this machine.
// Otherwise, don't bother installing as the cert is for a remote machine.
public override ResourceResponse Put(ResourceRequestContext context)
{
X509Certificate2 certificate;
string subject;
if (!context.Properties.TryGetValue(subjectKeyName, out subject) || string.IsNullOrWhiteSpace(subject))
{
throw new ArgumentException("When PUTting to this resource, specify an non-empty 'subject'", "context.Properties");
}
// There can be multiple subjects, separated by ,
string[] subjects = subject.Split(',');
bool isLocal = IsLocalMachineResource(subjects[0]);
lock (s_certificateResourceLock)
{
if (!s_createdCertsBySubject.TryGetValue(subjects[0], out certificate))
{
CertificateGenerator generator = CertificateResourceHelpers.GetCertificateGeneratorInstance(context.BridgeConfiguration);
if (isLocal)
{
// If we're PUTting a cert that refers to a hostname local to the bridge,
// return the Local Machine cert that CertificateManager caches and add it to the collection
//
// If we are receiving a PUT to the same endpoint address as the bridge server, it means that
// a test is going to be run on this box
//
// In keeping with the semantic of these classes, we must PUT before we can GET a cert
certificate = CertificateManager.CreateAndInstallLocalMachineCertificates(generator);
}
else
{
CertificateCreationSettings certificateCreationSettings = new CertificateCreationSettings()
{
Subjects = subjects,
};
certificate = generator.CreateMachineCertificate(certificateCreationSettings).Certificate;
}
X509Certificate2 dummy;
if (!isLocal || !s_createdCertsByThumbprint.TryGetValue(certificate.Thumbprint, out dummy))
{
// when isLocal, it's possible for there to be > 1 subject sharing the same thumbprint
// in this case, we only cache the first isLocal subject, the rest we don't cache
s_createdCertsBySubject.Add(subjects[0], certificate);
s_createdCertsByThumbprint.Add(certificate.Thumbprint, certificate);
}
}
}
ResourceResponse response = new ResourceResponse();
response.Properties.Add(thumbprintKeyName, certificate.Thumbprint);
response.Properties.Add(isLocalKeyName, isLocal.ToString());
return(response);
}
private static void CreateAndInstallMachineCertificate(CertificateGenerator certificateGenerate, CertificateCreationSettings certificateCreationSettings)
{
X509Certificate2 certificate = certificateGenerate.CreateMachineCertificate(certificateCreationSettings).Certificate;
CertificateManager.AddToStoreIfNeeded(StoreName.My, StoreLocation.LocalMachine, certificate);
}