/// <summary> /// Updates the <see cref="Microsoft.ServiceFabric.Common.Security.RemoteX509SecuritySettings"/> to validate remote certificate. /// </summary> /// /// <param name="remoteX509SecuritySettings">Settings to validate remote certificate.</param> public void UpdateSecuritySettings(RemoteX509SecuritySettings remoteX509SecuritySettings) { remoteX509SecuritySettings.ThrowIfNull(nameof(remoteX509SecuritySettings)); this.slimRWLock.EnterWriteLock(); this.remoteX509SecuritySettings = remoteX509SecuritySettings; this.slimRWLock.ExitWriteLock(); }
public static X509SecuritySettings GetSecurityCredentials() { // get the X509Certificate either from Certificate store or from file. var clientCert = new System.Security.Cryptography.X509Certificates.X509Certificate2(certLocation, ""); var remoteSecuritySettings = new RemoteX509SecuritySettings(new List <string> { serverCertThumbprint }); return(new X509SecuritySettings(clientCert, remoteSecuritySettings)); }
private void AppendSecurity(ServiceFabricClientBuilder builder, Manifest manifest) { if (!string.IsNullOrWhiteSpace(manifest.ClusterDetails.FindByValue)) { builder.UseX509Security(_ => { var certificate = FindCertificate(manifest.ClusterDetails); var remoteSettings = new RemoteX509SecuritySettings( new List <string>(new[] { certificate.Thumbprint })); var settings = new X509SecuritySettings(certificate, remoteSettings); return(Task.FromResult <SecuritySettings>(settings)); }); } }
private RemoteX509SecuritySettings GetServerX509SecuritySettings() { var x509Names = new List <X509Name>(); RemoteX509SecuritySettings remoteX509SecuritySettings = null; // ServerCommonName or ServerThumbprint must be provided when connecting with IP Address. if (this.ServerCertThumbprint == null && this.ServerCommonName == null) { var uri = this.ConnectionEndpoint.Select(e => new Uri(e)).Where(u => u.HostNameType.Equals(UriHostNameType.Dns)); if (uri.Count() == 0) { throw new PSArgumentException(Resource.ErrorNoServerCommonNameIrServerCertThumbprint); } x509Names = uri.Select(x => new X509Name(x.Host)).ToList(); remoteX509SecuritySettings = new RemoteX509SecuritySettings(x509Names); } else if (this.ServerCommonName != null) { // Use Issuer thumbprint if provided. if (this.IssuerCertThumbprints != null && this.IssuerCertThumbprints.Length > 0) { if (this.ServerCommonName.Length != this.IssuerCertThumbprints.Length) { throw new PSArgumentException(Resource.CommonNameIssuerThumbprintMismatch); } else { for (int i = 0; i < this.ServerCommonName.Length; i++) { x509Names.Add(new X509Name(this.ServerCommonName[i], this.IssuerCertThumbprints[i])); } } } else { x509Names = this.ServerCommonName.Select(name => new X509Name(name)).ToList(); } remoteX509SecuritySettings = new RemoteX509SecuritySettings(x509Names); } else if (this.ServerCertThumbprint != null) { remoteX509SecuritySettings = new RemoteX509SecuritySettings(this.ServerCertThumbprint); } return(remoteX509SecuritySettings); }
public static Task <IServiceFabricClient> ConnectAsync(this ServiceFabricClientBuilder serviceFabricClientBuilder, string ClusterEndPoint, string ThumbPrint, StoreLocation storeLocation = StoreLocation.CurrentUser) { var builder = serviceFabricClientBuilder.UseEndpoints(new Uri(ClusterEndPoint)); if (!string.IsNullOrWhiteSpace(ThumbPrint)) { Func <CancellationToken, Task <SecuritySettings> > GetSecurityCredentials = (ct) => { var store = new X509Store(StoreName.My, storeLocation); store.Open(OpenFlags.ReadOnly); var clientCert = store.Certificates.Find(X509FindType.FindByThumbprint, ThumbPrint, false)[0]; var remoteSecuritySettings = new RemoteX509SecuritySettings(new List <string> { ThumbPrint }); return(Task.FromResult <SecuritySettings>(new X509SecuritySettings(clientCert, remoteSecuritySettings))); }; builder = builder.UseX509Security(GetSecurityCredentials); } builder.ClientSettings.ClientTimeout = TimeSpan.FromMinutes(15); return(builder.BuildAsyncDirect()); }
/// <summary> /// Initializes a new instance of the <see cref="ServerCertificateValidatorHttpWrapper"/> class to perform remote certificate validation using <paramref name="remoteX509SecuritySettings"/> /// </summary> /// <param name="remoteX509SecuritySettings">Settings to validate remote certificate.</param> public ServerCertificateValidatorHttpWrapper(RemoteX509SecuritySettings remoteX509SecuritySettings) : base(remoteX509SecuritySettings) { }
/// <summary> /// Initializes a new instance of the <see cref="ServerCertificateValidator"/> class to perform remote certificate validation using <paramref name="remoteX509SecuritySettings"/> /// </summary> /// <param name="remoteX509SecuritySettings">Settings to validate remote certificate.</param> public ServerCertificateValidator(RemoteX509SecuritySettings remoteX509SecuritySettings) { remoteX509SecuritySettings.ThrowIfNull(nameof(remoteX509SecuritySettings)); this.remoteX509SecuritySettings = remoteX509SecuritySettings; }