private Uri BuildUri(ResourceRequestContext context) { var builder = new UriBuilder(); builder.Host = GetHost(context); builder.Port = GetPort(context); PortManager.OpenPortInFirewall(builder.Port); builder.Path = AppDomain.CurrentDomain.FriendlyName + "/" + Address; builder.Scheme = Protocol; return(builder.Uri); }
protected override void ModifyHost(ServiceHost serviceHost, ResourceRequestContext context) { // Ensure the https certificate is installed before this endpoint resource is used string thumbprint = CertificateResourceHelpers.EnsureSslPortCertificateInstalled(context.BridgeConfiguration); serviceHost.Credentials.ClientCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.Custom; serviceHost.Credentials.ClientCertificate.Authentication.CustomCertificateValidator = new MyX509CertificateValidator("DO_NOT_TRUST_WcfBridgeRootCA"); serviceHost.Credentials.ServiceCertificate.SetCertificate(StoreLocation.LocalMachine, StoreName.My, X509FindType.FindByThumbprint, thumbprint); }
public ResourceResponse Get(ResourceRequestContext context) { ResourceResponse response = new ResourceResponse(); ServiceHost host; if (s_currentHosts.TryGetValue(Address, out host) && (host.Description.Endpoints.Count == 1)) { response.Properties.Add(ResourceResponseUriKeyName, host.Description.Endpoints[0].ListenUri.ToString()); } return(response); }
public override ResourceResponse Get(ResourceRequestContext context) { X509Certificate2 certificate = CertificateResourceHelpers.GetCertificateGeneratorInstance(context.BridgeConfiguration).AuthorityCertificate.Certificate; ResourceResponse response = new ResourceResponse(); response.Properties.Add(thumbprintKeyName, certificate.Thumbprint); response.Properties.Add(certificateKeyName, Convert.ToBase64String(certificate.RawData)); return(response); }
protected override void ModifyHost(ServiceHost serviceHost, ResourceRequestContext context) { // Ensure the https certificate is installed before this endpoint resource is used CertificateManager.InstallMyCertificate(context.BridgeConfiguration, context.BridgeConfiguration.BridgeHttpsCertificate); string certThumbprint = HttpsResource.EnsureHttpsCertificateInstalled(context.BridgeConfiguration); serviceHost.Credentials.ServiceCertificate.SetCertificate(StoreLocation.LocalMachine, StoreName.My, X509FindType.FindByThumbprint, certThumbprint); }
// Requests a certificate to be generated by the Bridge based on a user name and not machine name public override ResourceResponse Put(ResourceRequestContext context) { X509Certificate2 certificate; string subject; if (!context.Properties.TryGetValue(subjectKeyName, out subject) || string.IsNullOrWhiteSpace(subject)) { throw new ArgumentException("When PUTting to this resource, specify an non-empty 'subject'", "context.Properties"); } // There can be multiple subjects, separated by , string[] subjects = subject.Split(','); lock (s_certificateResourceLock) { if (!s_createdCertsBySubject.TryGetValue(subjects[0], out certificate)) { CertificateGenerator generator = CertificateResourceHelpers.GetCertificateGeneratorInstance(context.BridgeConfiguration); CertificateCreationSettings certificateCreationSettings = new CertificateCreationSettings() { FriendlyName = "WCF Bridge - UserCertificateResource", Subject = subjects[0], SubjectAlternativeNames = subjects }; certificate = generator.CreateUserCertificate(certificateCreationSettings).Certificate; // Cache the certificates s_createdCertsBySubject.Add(subjects[0], certificate); s_createdCertsByThumbprint.Add(certificate.Thumbprint, certificate); // Created certs get put onto the local machine // We ideally don't want this to happen, but until we find a way to have BridgeClient not need elevation for cert installs // we need this to happen so that running locally doesn't require elevation as it messes up our CI and developer builds CertificateManager.InstallCertificateToMyStore(certificate); } } ResourceResponse response = new ResourceResponse(); response.Properties.Add(thumbprintKeyName, certificate.Thumbprint); return(response); }
public object Get(ResourceRequestContext context) { var http = GetHttpProtocol(context) + AppDomain.CurrentDomain.FriendlyName; var https = GetHttpsProtocol(context) + AppDomain.CurrentDomain.FriendlyName; var tcp = GetTcpProtocol(context) + AppDomain.CurrentDomain.FriendlyName; return(new Dictionary <string, string>() { { "HttpServerBaseAddress", GetHttpProtocol(context) }, { "HttpBaseAddress", http }, { "HttpsBaseAddress", https }, { "HttpsBasicBaseAddress", https }, { "HttpsDigestBaseAddress", https }, { "HttpsNtlmBaseAddress", https }, { "HttpsWindowsBaseAddress", https }, { "TcpBaseAddress", tcp } }); }
protected override void ModifyHost(ServiceHost serviceHost, ResourceRequestContext context) { // Ensure the service certificate is installed before this endpoint resource is used //Create a certificate and add to the revocation list CertificateCreationSettings certificateCreationSettings = new CertificateCreationSettings() { FriendlyName = "WCF Bridge - TcpRevokedServerCertResource", ValidityType = CertificateValidityType.Revoked, Subject = s_fqdn, SubjectAlternativeNames = new string[] { s_fqdn, s_hostname, "localhost" } }; X509Certificate2 cert = CertificateResourceHelpers.EnsureCustomCertificateInstalled(context.BridgeConfiguration, certificateCreationSettings, Address); serviceHost.Credentials.ServiceCertificate.SetCertificate(StoreLocation.LocalMachine, StoreName.My, X509FindType.FindByThumbprint, cert.Thumbprint); }
public virtual CefReturnValue OnBeforeResourceLoad(IWebBrowser browserControl, IBrowser browser, IFrame frame, IRequest request, IRequestCallback callback) { var context = new ResourceRequestContext { Method = request.Method, Referrer = !string.IsNullOrEmpty(request.ReferrerUrl) ? new Uri(request.ReferrerUrl) : null, Url = new Uri(request.Url) }; _requestFilter.CanLoadResourceAsync(context) .ContinueWith(task => { using (callback) { if (!task.IsCompleted) { if (task.Exception != null) { foreach (var ex in task.Exception.Flatten().InnerExceptions) { _logger.LogError(LoggerEventIds.ResourceRequestFilterError, ex, "Error processing IResourceRequestFilter for url '{0}'", context.Url); } } else { _logger.LogError(LoggerEventIds.ResourceRequestFilterError, "Error processing IResourceRequestFilter for url '{0}', no exception returned", context.Url); } callback.Cancel(); } else { callback.Continue(task.Result); } } }); return(CefReturnValue.ContinueAsync); }
protected override void ModifyHost(ServiceHost serviceHost, ResourceRequestContext context) { // Ensure the service certificate is installed before this endpoint resource is used //Create a certificate and add to the revocation list CertificateCreationSettings certificateCreationSettings = new CertificateCreationSettings() { IsValidCert = false, Subjects = new string[] { s_fqdn, s_hostname, "localhost" } }; X509Certificate2 cert = CertificateResourceHelpers.EnsureRevokedCertificateInstalled(context.BridgeConfiguration, certificateCreationSettings, Address); CertificateManager.RevokeCertificate(CertificateResourceHelpers.GetCertificateGeneratorInstance(context.BridgeConfiguration), cert.SerialNumber); serviceHost.Credentials.ServiceCertificate.SetCertificate(StoreLocation.LocalMachine, StoreName.My, X509FindType.FindByThumbprint, cert.Thumbprint); }
protected override void ModifyHost(ServiceHost serviceHost, ResourceRequestContext context) { // Ensure the service certificate is installed before this endpoint resource is used // Exactly one subject name, which is going to be the CN CertificateCreationSettings certificateCreationSettings = new CertificateCreationSettings() { FriendlyName = "WCF Bridge - TcpCertificateWithSubjectCanonicalNameLocalhostResource", Subject = "localhost", SubjectAlternativeNames = new string[0], ValidityType = CertificateValidityType.NonAuthoritativeForMachine }; X509Certificate2 cert = CertificateResourceHelpers.EnsureCustomCertificateInstalled(context.BridgeConfiguration, certificateCreationSettings, Address); serviceHost.Credentials.ServiceCertificate.SetCertificate(StoreLocation.LocalMachine, StoreName.My, X509FindType.FindByThumbprint, cert.Thumbprint); }
protected override void ModifyHost(ServiceHost serviceHost, ResourceRequestContext context) { // Ensure the service certificate is installed before this endpoint resource is used // CN=not-real-subject-name means that a cert for "not-real-subject-name" will be installed // Per #422 this shouldn't matter as we now check with SAN CertificateCreationSettings certificateCreationSettings = new CertificateCreationSettings() { FriendlyName = "WCF Bridge - TcpCertificateWithServerAltNameResource", Subject = "not-real-subject-name", SubjectAlternativeNames = new string[] { "not-real-subject-name", "not-real-subject-name.example.com", s_fqdn, s_hostname, "localhost" } }; X509Certificate2 cert = CertificateResourceHelpers.EnsureCustomCertificateInstalled(context.BridgeConfiguration, certificateCreationSettings, Address); serviceHost.Credentials.ServiceCertificate.SetCertificate(StoreLocation.LocalMachine, StoreName.My, X509FindType.FindByThumbprint, cert.Thumbprint); }
public override ResourceResponse Get(ResourceRequestContext context) { X509Certificate2 certificate = CertificateResourceHelpers.GetCertificateGeneratorInstance(context.BridgeConfiguration).AuthorityCertificate.Certificate; string exportAsPemString = string.Empty; bool exportAsPem; ResourceResponse response = new ResourceResponse(); if (context.Properties.TryGetValue(exportAsPemKeyName, out exportAsPemString) && bool.TryParse(exportAsPemString, out exportAsPem) && exportAsPem) { response.RawResponse = Encoding.ASCII.GetBytes(GetCertificateAsPem(certificate)); } else { response.Properties.Add(thumbprintKeyName, certificate.Thumbprint); response.Properties.Add(certificateKeyName, Convert.ToBase64String(certificate.RawData)); } return(response); }
public static ResourceResponse DynamicInvokeGet(string resourceName, Dictionary <string, string> properties) { if (String.IsNullOrWhiteSpace(resourceName)) { throw new ArgumentNullException("resourceName"); } // Disallow concurrent resource instantation or configuration changes lock (ConfigController.ConfigLock) { AssemblyLoader loader = GetLoaderFromAppDomain(); ResourceRequestContext context = new ResourceRequestContext { BridgeConfiguration = ConfigController.BridgeConfiguration, ResourceName = resourceName, Properties = properties }; object result = loader.IResourceCall(resourceName, "Get", new object[] { context }); return((ResourceResponse)result); } }
public override ResourceResponse Put(ResourceRequestContext context) { var certGenerator = CertificateResourceHelpers.GetCertificateGeneratorInstance(context.BridgeConfiguration); string serialNumber; lock (s_certificateResourceLock) { if (context.Properties.TryGetValue(revokeSerialNumberKeyName, out serialNumber) && !string.IsNullOrWhiteSpace(serialNumber)) { certGenerator.RevokeCertificateBySerialNumber(serialNumber); } ResourceResponse response = new ResourceResponse(); response.Properties.Add(crlUriKeyName, certGenerator.CrlUri); response.Properties.Add( revokedCertificatesKeyName, string.Join <string>(",", certGenerator.RevokedCertificates)); return(response); } }
protected override void ModifyHost(ServiceHost serviceHost, ResourceRequestContext context) { // Ensure the service certificate is installed before this endpoint resource is used //Create an expired certificate CertificateCreationSettings certificateCreationSettings = new CertificateCreationSettings() { IsValidCert = false, ValidityNotBefore = DateTime.UtcNow - TimeSpan.FromDays(4), ValidityNotAfter = DateTime.UtcNow - TimeSpan.FromDays(2), //If you specify multiple subjects, the first one becomes the subject, and all of them become Subject Alt Names. //In this case, the certificate subject is CN=fqdn, OU=..., O=... , and SANs will be fqdn, hostname, localhost //We do this so that a single bridge setup can deal with all the possible addresses that a client might use. //If we don't put "localhost' here, a long-running bridge will not be able to receive requests from both fqdn and localhost //because the certs won't match. Subjects = new string[] { s_fqdn, s_hostname, "localhost" } }; string thumbprint = CertificateResourceHelpers.EnsureNonDefaultCertificateInstalled(context.BridgeConfiguration, certificateCreationSettings, Address); serviceHost.Credentials.ServiceCertificate.SetCertificate(StoreLocation.LocalMachine, StoreName.My, X509FindType.FindByThumbprint, thumbprint); }
public static ResourceResponse DynamicInvokePut(string resourceName, Dictionary <string, string> properties) { if (String.IsNullOrEmpty(resourceName)) { throw new ArgumentNullException("resourceName"); } // Disallow concurrent resource instantation or configuration changes lock (ConfigController.ConfigLock) { AppDomain appDomain; if (String.IsNullOrWhiteSpace(ConfigController.CurrentAppDomainName)) { throw new InvalidOperationException("The Bridge resource folder has not been configured."); } if (!TypeCache.AppDomains.TryGetValue(ConfigController.CurrentAppDomainName, out appDomain)) { throw new ArgumentException("Resource not found", "resource"); } Type loaderType = typeof(AssemblyLoader); var loader = (AssemblyLoader)appDomain.CreateInstanceFromAndUnwrap( loaderType.Assembly.Location, loaderType.FullName); ResourceRequestContext context = new ResourceRequestContext { BridgeConfiguration = ConfigController.BridgeConfiguration, ResourceName = resourceName, Properties = properties }; object result = loader.IResourceCall(resourceName, "Put", new object[] { context }); return((ResourceResponse)result); } }
protected override string GetHost(ResourceRequestContext context) { return(Environment.MachineName); }
protected virtual void ModifyHost(ServiceHost serviceHost, ResourceRequestContext context) { }
protected abstract int GetPort(ResourceRequestContext context);
protected virtual string GetHost(ResourceRequestContext context) { return(context.BridgeConfiguration.BridgeHost); }
public static string GetTcpProtocol(ResourceRequestContext context) { return(string.Format("net.tcp://{0}:{1}/", context.BridgeConfiguration.BridgeHost, context.BridgeConfiguration.BridgeTcpPort)); }
public static string GetHttpsProtocol(ResourceRequestContext context) { return(string.Format("https://{0}:{1}/", context.BridgeConfiguration.BridgeHost, context.BridgeConfiguration.BridgeHttpsPort)); }
public ResourceResponse Put(ResourceRequestContext context) { throw new NotImplementedException("Cannot PUT on this resource"); }
public abstract ResourceResponse Get(ResourceRequestContext context);
protected override int GetPort(ResourceRequestContext context) { return(context.BridgeConfiguration.BridgeWebSocketPort + 1); }
protected override int GetPort(ResourceRequestContext context) { return(context.BridgeConfiguration.BridgeHttpPort); }
protected override void ModifyHost(ServiceHost serviceHost, ResourceRequestContext context) { AuthenticationResourceHelper.ConfigureServiceHostUseDigestAuth(serviceHost); base.ModifyHost(serviceHost, context); }
public override ResourceResponse Get(ResourceRequestContext context) { string thumbprint; bool thumbprintPresent = context.Properties.TryGetValue(thumbprintKeyName, out thumbprint) && !string.IsNullOrWhiteSpace(thumbprint); string subject; bool subjectPresent = context.Properties.TryGetValue(subjectKeyName, out subject) && !string.IsNullOrWhiteSpace(subject); ResourceResponse response = new ResourceResponse(); // if no subject and no thumbprint parameter provided, provide a list of certs already PUT to this resource if (!thumbprintPresent && !subjectPresent) { string retVal = string.Empty; string[] subjects; string[] thumbprints; lock (s_certificateResourceLock) { int certNum = s_createdCertsBySubject.Count; subjects = new string[certNum]; thumbprints = new string[certNum]; foreach (var keyVal in s_createdCertsBySubject) { --certNum; subjects[certNum] = keyVal.Key; thumbprints[certNum] = keyVal.Value.Thumbprint; } } // this isn't ideal, as semantically in JSON they aren't grouped together. Our current Json serializer implementation // doesn't support serializing nested key-val pairs response.Properties.Add(subjectsKeyName, string.Join(",", subjects)); response.Properties.Add(thumbprintsKeyName, string.Join(",", thumbprints)); return(response); } else { // Otherwise, check on the creation state given the certificate thumbprint or subject // thumbprint is given priority if present X509Certificate2 certificate = null; bool certHasBeenCreated = false; lock (s_certificateResourceLock) { if (thumbprintPresent) { certHasBeenCreated = s_createdCertsByThumbprint.TryGetValue(thumbprint, out certificate); } else if (subjectPresent) { certHasBeenCreated = s_createdCertsBySubject.TryGetValue(subject, out certificate); } } if (certHasBeenCreated) { var certGenerator = CertificateResourceHelpers.GetCertificateGeneratorInstance(context.BridgeConfiguration); response.Properties.Add(thumbprintKeyName, certificate.Thumbprint); response.Properties.Add(certificateKeyName, Convert.ToBase64String(certificate.Export(X509ContentType.Pfx, certGenerator.CertificatePassword))); } else { response.Properties.Add(thumbprintKeyName, string.Empty); response.Properties.Add(certificateKeyName, string.Empty); } return(response); } }
public abstract override ResourceResponse Put(ResourceRequestContext context);