public static void AddCertificateBinding(string certificateThumbprint, System.Net.IPEndPoint ipPort, Guid appId)
{
// add a new binding record
var certBinding = new CertificateBinding(certificateThumbprint, StoreName.My, ipPort, appId);
config.Bind(certBinding); //returns false
}
public void Update()
{
var ipPort = GetEndpointWithFreeRandomPort();
var appId = Guid.NewGuid();
CertConfigCmd.Add(new CertConfigCmd.Options {
ipport = ipPort,
certhash = _testingCertThumbprint,
appid = appId,
certstorename = StoreName.AuthRoot.ToString(),
});
var configuration = new CertificateBindingConfiguration();
var binding = new CertificateBinding(_testingCertThumbprint, StoreName.My, ipPort, appId, new BindingOptions {
DoNotPassRequestsToRawFilters = true,
DoNotVerifyCertificateRevocation = true,
EnableRevocationFreshnessTime = true,
NegotiateCertificate = true,
NoUsageCheck = true,
RevocationFreshnessTime = TimeSpan.FromMinutes(1),
RevocationUrlRetrievalTimeout = TimeSpan.FromSeconds(5),
UseDsMappers = true,
VerifyRevocationWithCachedCertificateOnly = true,
});
var updated = configuration.Bind(binding);
Assert.IsTrue(updated);
var result = CertConfigCmd.Show(ipPort);
Assert.IsTrue(result.IsSuccessfull);
var expectedOutput = string.Format(
@" IP:port : {0}
Certificate Hash : {1}
Application ID : {2}
Certificate Store Name : My
Verify Client Certificate Revocation : Disabled
Verify Revocation Using Cached Client Certificate Only : Enabled
Usage Check : Disabled
Revocation Freshness Time : 60
URL Retrieval Timeout : 5000
Ctl Identifier : (null)
Ctl Store Name : (null)
DS Mapper Usage : Enabled
Negotiate Client Certificate : Enabled
"
, ipPort, _testingCertThumbprint, appId.ToString("B"));
Assert.IsTrue(result.Output.ToLowerInvariant().Contains(expectedOutput.ToLowerInvariant()));
}
/// <summary>
/// 将指定的SSL证书绑定到指定的端口,并与应用程序关联
/// </summary>
/// <param name="httpsPort"></param>
/// <param name="sslCert"></param>
/// <param name="appId"></param>
public static void BindCertToIP(int httpsPort, X509Certificate2 sslCert, Guid appId)
{
if (sslCert == null)
{
throw new ArgumentNullException(nameof(sslCert));
}
// netsh http add sslcert ipport=0.0.0.0:53963 appid={A24092A5-F73D-4033-9F40-1BF9004A41A1} certhash=DF51794312354DE531D8B2E6414864F433A2769B
// netsh http add sslcert hostnameport=www.fish-test.com:53963 appid={A24092A5-F73D-4033-9F40-1BF9004A41A1} certhash=DC4C95714651C086D325FF481F4E217A5C431A74 certstorename=MY
var configuration = new CertificateBindingConfiguration();
IPEndPoint sslPort = new IPEndPoint(IPAddress.Any, httpsPort);
CertificateBinding binding = new CertificateBinding(sslCert.Thumbprint, StoreName.My, sslPort, appId);
configuration.Bind(binding);
}
public void UpdateCertificateBinding(string thumbprint, int httpsPort, List <Action> rollbackActions)
{
CertificateBindingConfiguration bindingConfiguration = new CertificateBindingConfiguration();
CertificateBinding originalBinding = this.GetCertificateBinding(bindingConfiguration);
if (originalBinding != null)
{
bindingConfiguration.Delete(originalBinding.IpPort);
rollbackActions.Add(() => bindingConfiguration.Bind(originalBinding));
}
CertificateBinding binding = new CertificateBinding(thumbprint, "My", new IPEndPoint(IPAddress.Parse("0.0.0.0"), httpsPort), HttpSysHostingOptions.AppId, new BindingOptions());
bindingConfiguration.Bind(binding);
rollbackActions.Add(() => bindingConfiguration.Delete(binding.IpPort));
this.registryProvider.CertBinding = binding.IpPort.ToString();
rollbackActions.Add(() => this.registryProvider.CertBinding = originalBinding?.IpPort?.ToString());
}
public NoraAzureStack()
{
var resourceGroup = new ResourceGroup(AddEnvironmentPrefix("nora"));
// Reference existing app service plan.
var appServicePlan = Plan.Get("home-projects-asp",
"/subscriptions/72fc2865-939d-4afc-80d4-ab60f14c099e/resourceGroups/Shared/providers/Microsoft.Web/serverfarms/home-projects-asp");
// Reference existing cosmosdb account.
var cosmosDbAccount = Account.Get("home-projects-cosmosdb",
"/subscriptions/72fc2865-939d-4afc-80d4-ab60f14c099e/resourceGroups/Shared/providers/Microsoft.DocumentDB/databaseAccounts/home-projects-cosmosdb");
// Reference dns zone from cloudflare
var dnsZone = Zone.Get("momo-adew.com", "b9eb57d1d01a353e72276d2fa0565d81");
var webApp = new AppService(AddEnvironmentPrefix("nora-web"), new AppServiceArgs
{
ResourceGroupName = resourceGroup.Name,
HttpsOnly = true,
AppServicePlanId = appServicePlan.Id
});
// https://docs.microsoft.com/en-us/azure/app-service/app-service-web-tutorial-custom-domain
var customDomainName = AddEnvironmentPrefix("nora.momo-adew.com");
var verificationDomainName = $"asuid.{customDomainName}";
var verificationRecord = new Record("nora-web-txt-record", new RecordArgs
{
Name = verificationDomainName,
ZoneId = dnsZone.Id,
Type = "TXT",
Value = webApp.CustomDomainVerificationId,
Ttl = 300
});
var cnameRecord = new Record("nora-web-cname-record", new RecordArgs
{
Name = customDomainName,
ZoneId = dnsZone.Id,
Type = "CNAME",
Value = webApp.DefaultSiteHostname,
Ttl = 300
});
var hostNameBinding = new CustomHostnameBinding("nora-web-hostname", new CustomHostnameBindingArgs
{
Hostname = customDomainName,
AppServiceName = webApp.Name,
ResourceGroupName = resourceGroup.Name
});
var sslCert = new ManagedCertificate("nora-web-cert", new ManagedCertificateArgs
{
CustomHostnameBindingId = hostNameBinding.Id
});
var sslCertBinding = new CertificateBinding("nora-web-cert-binding", new CertificateBindingArgs
{
HostnameBindingId = hostNameBinding.Id,
CertificateId = sslCert.Id,
SslState = "SniEnabled"
});
}
public static void DoNotVerifyCertificateRevocation(CertificateBinding certificateBinding)
{
// set an option and update the binding record
certificateBinding.Options.DoNotVerifyCertificateRevocation = true;
config.Bind(certificateBinding); //returns true
}
public void Update() {
var ipPort = GetEndpointWithFreeRandomPort();
var appId = Guid.NewGuid();
CertConfigCmd.Add(new CertConfigCmd.Options {
ipport = ipPort,
certhash = _testingCertThumbprint,
appid = appId,
certstorename = StoreName.AuthRoot.ToString(),
});
var configuration = new CertificateBindingConfiguration();
var binding = new CertificateBinding(_testingCertThumbprint, StoreName.My, ipPort, appId, new BindingOptions {
DoNotPassRequestsToRawFilters = true,
DoNotVerifyCertificateRevocation = true,
EnableRevocationFreshnessTime = true,
NegotiateCertificate = true,
NoUsageCheck = true,
RevocationFreshnessTime = TimeSpan.FromMinutes(1),
RevocationUrlRetrievalTimeout = TimeSpan.FromSeconds(5),
UseDsMappers = true,
VerifyRevocationWithCachedCertificateOnly = true,
});
var updated = configuration.Bind(binding);
Assert.IsTrue(updated);
var result = CertConfigCmd.Show(ipPort);
Assert.IsTrue(result.IsSuccessfull);
var expectedOutput = string.Format(
@" IP:port : {0}
Certificate Hash : {1}
Application ID : {2}
Certificate Store Name : My
Verify Client Certificate Revocation : Disabled
Verify Revocation Using Cached Client Certificate Only : Enabled
Usage Check : Disabled
Revocation Freshness Time : 60
URL Retrieval Timeout : 5000
Ctl Identifier : (null)
Ctl Store Name : (null)
DS Mapper Usage : Enabled
Negotiate Client Certificate : Enabled
"
, ipPort, _testingCertThumbprint, appId.ToString("B"));
Assert.IsTrue(result.Output.ToLowerInvariant().Contains(expectedOutput.ToLowerInvariant()));
}
