/// <summary>
/// Creates a new self-signed X509 certificate
/// </summary>
/// <param name="issuer">The certificate issuer</param>
/// <param name="friendlyName">Human readable name</param>
/// <param name="password">The certificate's password</param>
/// <param name="startTime">Certificate creation date & time</param>
/// <param name="endTime">Certificate expiry date & time</param>
/// <returns>An X509Certificate2</returns>
public static X509Certificate2 CreateSelfSignedCert(string issuer, string friendlyName, string password, DateTime startTime, DateTime endTime)
{
string distinguishedNameString = issuer;
var key = Create2048RsaKey();
var creationParams = new X509CertificateCreationParameters(new X500DistinguishedName(distinguishedNameString))
{
TakeOwnershipOfKey = true,
StartTime = startTime,
EndTime = endTime
};
// adding client authentication, -eku = 1.3.6.1.5.5.7.3.2,
// This is mandatory for the upload to be successful
OidCollection oidCollection = new OidCollection();
oidCollection.Add(new Oid(OIDClientAuthValue, OIDClientAuthFriendlyName));
creationParams.Extensions.Add(new X509EnhancedKeyUsageExtension(oidCollection, false));
// Documentation of CreateSelfSignedCertificate states:
// If creationParameters have TakeOwnershipOfKey set to true, the certificate
// generated will own the key and the input CngKey will be disposed to ensure
// that the caller doesn't accidentally use it beyond its lifetime (which is
// now controlled by the certificate object).
// We don't dispose it ourselves in this case.
var cert = key.CreateSelfSignedCertificate(creationParams);
key = null;
cert.FriendlyName = friendlyName;
// X509 certificate needs PersistKeySet flag set.
// Reload a new X509Certificate2 instance from exported bytes in order to set the PersistKeySet flag.
var bytes = cert.Export(X509ContentType.Pfx, password);
// NOTE: PfxValidation is not done here because these are newly created certs and assumed valid.
ICommonEventSource evtSource = null;
return(X509Certificate2Helper.NewX509Certificate2(bytes, password, X509KeyStorageFlags.PersistKeySet | X509KeyStorageFlags.Exportable, evtSource, doPfxValidation: false));
}
/// <summary>
/// Initializes the resource provider application.
/// </summary>
/// <param name="httpConfiguration">The default HttpConfiguration object for this application.</param>
/// <param name="serviceConfiguration">The service configuration object containing resource provider settings.</param>
/// <param name="eventSource">The event source used for logging resource provider operations.</param>
public static void Initialize(
HttpConfiguration httpConfiguration,
ResourceProviderServiceConfiguration serviceConfiguration,
ICommonEventSource eventSource)
{
ArgumentValidator.ValidateNotNull("httpConfiguration", httpConfiguration);
ArgumentValidator.ValidateNotNull("serviceConfiguration", serviceConfiguration);
ArgumentValidator.ValidateNotNull("eventSource", eventSource);
httpConfiguration.Filters.Add(new ResourceProviderExceptionFilterAttribute(eventSource));
// Ensure use of the JsonMediaTypeFormatter provided by the RP SDK, which guarantees the correct
// JSON serialization settings for ARM interoperability.
httpConfiguration.Formatters.Clear();
httpConfiguration.Formatters.Add(JsonExtensions.JsonMediaTypeFormatter);
var manifest = ManifestFactory.CreateResourceProviderManifest(serviceConfiguration);
ResourceProviderManager.RegisterCredentialAuthorization(
httpConfiguration: httpConfiguration,
eventSource: eventSource,
manifestEndpointCredential: serviceConfiguration.Manifest.ManifestEndpointCredential,
providerManifests: new ResourceProviderManifest[] { manifest });
ResourceProviderManager.RegisterEventsController(
httpConfiguration: httpConfiguration,
providerManifest: manifest,
eventSource: eventSource,
eventsConnectionString: serviceConfiguration.EventsConnectionString.ConnectionString,
eventSchemaName: serviceConfiguration.EventsSchemaName);
// TODO: Enable Azure Gallery item controller, when publishing a gallery item.
//ResourceProviderManager.RegisterGalleryController(
// httpConfiguration: httpConfiguration,
// providerManifest: manifest,
// galleryItemsResources: null);
ResourceProviderManager.RegisterProviderManifestController(
httpConfiguration: httpConfiguration,
manifestEndpointUri: serviceConfiguration.BaseEndpoint.AbsoluteUri,
eventSource: eventSource,
providerManifest: manifest);
// Create the resource provider storage.
var resourceProviderStorage = new DefaultResourceProviderStorage(
connectionStrings: new string[] { serviceConfiguration.StorageConnectionString },
eventSource: eventSource);
// Create and initialize the handler configurations for each registered resource type.
var resourceHandlers = new ResourceTypeHandlerConfiguration[] {
ResourceTypeHandlerConfiguration.CreateResourceGroupWideResourceTypeHandlerConfiguration(
resourceTypeName: new ResourceTypeName(ManifestFactory.Namespace, ManifestFactory.RootResourceTypeName),
apiVersions: new string[] { serviceConfiguration.ApiVersion },
resourceProviderStorage: resourceProviderStorage,
eventSource: eventSource,
managedResourceTypeRequestHandler: new RootResourceTypeRequestHandler(resourceProviderStorage)),
ResourceTypeHandlerConfiguration.CreateResourceGroupWideResourceTypeHandlerConfiguration(
resourceTypeName: new ResourceTypeName(ManifestFactory.Namespace, ManifestFactory.RootResourceTypeName, ManifestFactory.NestedResourceTypeName),
apiVersions: new string[] { serviceConfiguration.ApiVersion },
resourceProviderStorage: resourceProviderStorage,
eventSource: eventSource,
managedResourceTypeRequestHandler: new NestedResourceTypeRequestHandler(resourceProviderStorage))
};
ResourceProviderManager.RegisterResourceProvider(
httpConfiguration: httpConfiguration,
eventSource: eventSource,
providerStorage: resourceProviderStorage,
providerNamespace: manifest.Namespace,
resourceTypeHandlerConfigurationCollection: resourceHandlers);
ResourceProviderManager.RegisterUsageController(
httpConfiguration: httpConfiguration,
providerManifest: manifest,
handler: null,
eventSource: eventSource,
usageConnectionString: serviceConfiguration.UsageConnectionString.ConnectionString,
usageSchemaName: serviceConfiguration.UsageSchemaName);
}
