/// <summary>
/// Create the parameter for the configuration operation
/// </summary>
private static HTTP_SERVICE_CONFIG_SSL_SET CreateParameter(IPAddress ipAddress, int port, byte[] hash, StoreName store)
{
HTTP_SERVICE_CONFIG_SSL_SET configSslSet = new HTTP_SERVICE_CONFIG_SSL_SET();
HTTP_SERVICE_CONFIG_SSL_KEY httpServiceConfigSslKey = new HTTP_SERVICE_CONFIG_SSL_KEY();
HTTP_SERVICE_CONFIG_SSL_PARAM configSslParam = new HTTP_SERVICE_CONFIG_SSL_PARAM();
IPEndPoint ipEndPoint = new IPEndPoint(ipAddress, port);
// serialize the endpoint to a SocketAddress and create an array to hold the values. Pin the array.
SocketAddress socketAddress = ipEndPoint.Serialize();
byte[] socketBytes = new byte[socketAddress.Size];
GCHandle handleSocketAddress = GCHandle.Alloc(socketBytes, GCHandleType.Pinned);
// Should copy the first 16 bytes (the SocketAddress has a 32 byte buffer, the size will only be 16,
//which is what the SOCKADDR accepts
for (int i = 0; i < socketAddress.Size; ++i)
{
socketBytes[i] = socketAddress[i];
}
httpServiceConfigSslKey.pIpPort = handleSocketAddress.AddrOfPinnedObject();
GCHandle handleHash = GCHandle.Alloc(hash, GCHandleType.Pinned);
configSslParam.AppId = new Guid((Assembly.GetEntryAssembly().GetCustomAttributes(typeof(GuidAttribute), false)[0] as GuidAttribute).Value);
configSslParam.DefaultCertCheckMode = 0;
configSslParam.DefaultFlags = HTTP_SERVICE_CONFIG_SSL_FLAG_NEGOTIATE_CLIENT_CERT;
configSslParam.DefaultRevocationFreshnessTime = 0;
configSslParam.DefaultRevocationUrlRetrievalTimeout = 0;
configSslParam.pSslCertStoreName = store.ToString();
configSslParam.pSslHash = handleHash.AddrOfPinnedObject();
configSslParam.SslHashLength = hash.Length;
configSslSet.ParamDesc = configSslParam;
configSslSet.KeyDesc = httpServiceConfigSslKey;
return(configSslSet);
}
public static void BindSni(Tuple<string, int> binding, byte[] hash, string storeName, Guid appId)
{
if (binding == null) throw new ArgumentNullException(nameof(binding));
if (hash == null) throw new ArgumentNullException(nameof(hash));
if (Environment.OSVersion.Version < new Version(6, 2))
{
return;
}
CallHttpApi(
delegate
{
HTTP_SERVICE_CONFIG_SSL_SNI_SET configSslSet = new HTTP_SERVICE_CONFIG_SSL_SNI_SET();
HTTP_SERVICE_CONFIG_SSL_SNI_KEY httpServiceConfigSslKey =
new HTTP_SERVICE_CONFIG_SSL_SNI_KEY();
httpServiceConfigSslKey.Host = binding.Item1;
httpServiceConfigSslKey.IpPort = CreateSockAddrStorageStructure(binding.Item2);
HTTP_SERVICE_CONFIG_SSL_PARAM configSslParam = new HTTP_SERVICE_CONFIG_SSL_PARAM();
GCHandle handleHash = GCHandle.Alloc(hash, GCHandleType.Pinned);
configSslParam.AppId = appId;
configSslParam.DefaultCertCheckMode = 0;
configSslParam.DefaultFlags = 0; //HTTP_SERVICE_CONFIG_SSL_FLAG_NEGOTIATE_CLIENT_CERT;
configSslParam.DefaultRevocationFreshnessTime = 0;
configSslParam.DefaultRevocationUrlRetrievalTimeout = 0;
configSslParam.pSslCertStoreName = storeName;
configSslParam.pSslHash = handleHash.AddrOfPinnedObject();
configSslParam.SslHashLength = hash.Length;
configSslSet.ParamDesc = configSslParam;
configSslSet.KeyDesc = httpServiceConfigSslKey;
IntPtr pInputConfigInfo =
Marshal.AllocCoTaskMem(Marshal.SizeOf(typeof(HTTP_SERVICE_CONFIG_SSL_SNI_SET)));
Marshal.StructureToPtr(configSslSet, pInputConfigInfo, false);
try
{
uint retVal = HttpSetServiceConfiguration(IntPtr.Zero,
HTTP_SERVICE_CONFIG_ID.HttpServiceConfigSslSniCertInfo,
pInputConfigInfo,
Marshal.SizeOf(configSslSet),
IntPtr.Zero);
if (ERROR_ALREADY_EXISTS != retVal)
{
ThrowWin32ExceptionIfError(retVal);
}
else
{
retVal = HttpDeleteServiceConfiguration(IntPtr.Zero,
HTTP_SERVICE_CONFIG_ID.HttpServiceConfigSslSniCertInfo,
pInputConfigInfo,
Marshal.SizeOf(configSslSet),
IntPtr.Zero);
ThrowWin32ExceptionIfError(retVal);
retVal = HttpSetServiceConfiguration(IntPtr.Zero,
HTTP_SERVICE_CONFIG_ID.HttpServiceConfigSslSniCertInfo,
pInputConfigInfo,
Marshal.SizeOf(configSslSet),
IntPtr.Zero);
ThrowWin32ExceptionIfError(retVal);
}
}
finally
{
Marshal.FreeCoTaskMem(pInputConfigInfo);
if (handleHash.IsAllocated)
handleHash.Free();
}
});
}
public static void BindCertificate(string ipAddress, int port, byte[] hash)
{
TraceSource.WriteInfo(
PortAclUtility.TraceType,
"Started to Bind certificate to port. ipAddress: {0}, port: {1}, hash: {2}. Current thread identity: {3}",
ipAddress,
port,
BitConverter.ToString(hash),
Thread.CurrentPrincipal.Identity.Name);
uint retVal = (uint)NOERROR; // NOERROR = 0
HTTPAPI_VERSION httpApiVersion = new HTTPAPI_VERSION(1, 0);
retVal = HttpInitialize(httpApiVersion, HTTP_INITIALIZE_CONFIG, IntPtr.Zero);
TraceSource.WriteInfo(
PortAclUtility.TraceType,
"HttpInitialize completed with return value: {0}.",
retVal);
if ((uint)NOERROR == retVal)
{
HTTP_SERVICE_CONFIG_SSL_SET configSslSet = new HTTP_SERVICE_CONFIG_SSL_SET();
HTTP_SERVICE_CONFIG_SSL_KEY httpServiceConfigSslKey = new HTTP_SERVICE_CONFIG_SSL_KEY();
HTTP_SERVICE_CONFIG_SSL_PARAM configSslParam = new HTTP_SERVICE_CONFIG_SSL_PARAM();
IPAddress ip = IPAddress.Any; //IPAddress.Parse("0.0.0.0");
IPEndPoint ipEndPoint = new IPEndPoint(ip, port);
// serialize the endpoint to a SocketAddress and create an array to hold the values. Pin the array.
SocketAddress socketAddress = ipEndPoint.Serialize();
byte[] socketBytes = new byte[socketAddress.Size];
GCHandle handleSocketAddress = GCHandle.Alloc(socketBytes, GCHandleType.Pinned);
// Should copy the first 16 bytes (the SocketAddress has a 32 byte buffer, the size will only be 16,
//which is what the SOCKADDR accepts
for (int i = 0; i < socketAddress.Size; ++i)
{
socketBytes[i] = socketAddress[i];
}
httpServiceConfigSslKey.pIpPort = handleSocketAddress.AddrOfPinnedObject();
GCHandle handleHash = GCHandle.Alloc(hash, GCHandleType.Pinned);
configSslParam.AppId = Guid.NewGuid();
configSslParam.DefaultCertCheckMode = 0;
configSslParam.DefaultFlags = HTTP_SERVICE_CONFIG_SSL_FLAG_NEGOTIATE_CLIENT_CERT;
configSslParam.DefaultRevocationFreshnessTime = 0;
configSslParam.DefaultRevocationUrlRetrievalTimeout = 0;
configSslParam.pSslCertStoreName = StoreName.My.ToString();
configSslParam.pSslHash = handleHash.AddrOfPinnedObject();
configSslParam.SslHashLength = hash.Length;
configSslSet.ParamDesc = configSslParam;
configSslSet.KeyDesc = httpServiceConfigSslKey;
IntPtr pInputConfigInfo = Marshal.AllocCoTaskMem(Marshal.SizeOf(typeof(HTTP_SERVICE_CONFIG_SSL_SET)));
Marshal.StructureToPtr(configSslSet, pInputConfigInfo, false);
retVal = HttpSetServiceConfiguration(IntPtr.Zero,
HTTP_SERVICE_CONFIG_ID.HttpServiceConfigSSLCertInfo,
pInputConfigInfo,
Marshal.SizeOf(configSslSet),
IntPtr.Zero);
TraceSource.WriteInfo(
PortAclUtility.TraceType,
"HttpSetServiceConfiguration completed with return value: {0}.",
retVal);
if ((uint)ERROR_ALREADY_EXISTS == retVal) // ERROR_ALREADY_EXISTS = 183
{
retVal = HttpDeleteServiceConfiguration(IntPtr.Zero,
HTTP_SERVICE_CONFIG_ID.HttpServiceConfigSSLCertInfo,
pInputConfigInfo,
Marshal.SizeOf(configSslSet),
IntPtr.Zero);
TraceSource.WriteInfo(
PortAclUtility.TraceType,
"HttpDeleteServiceConfiguration completed with return value: {0}.",
retVal);
if ((uint)NOERROR == retVal)
{
retVal = HttpSetServiceConfiguration(IntPtr.Zero,
HTTP_SERVICE_CONFIG_ID.HttpServiceConfigSSLCertInfo,
pInputConfigInfo,
Marshal.SizeOf(configSslSet),
IntPtr.Zero);
TraceSource.WriteInfo(
PortAclUtility.TraceType,
"HttpSetServiceConfiguration completed with return value: {0}.",
retVal);
}
}
handleSocketAddress.Free();
handleHash.Free();
Marshal.FreeCoTaskMem(pInputConfigInfo);
HttpTerminate(HTTP_INITIALIZE_CONFIG, IntPtr.Zero);
}
if ((uint)NOERROR != retVal)
{
TraceSource.WriteError(
PortAclUtility.TraceType,
"BindCertificate failed with error: {0}.",
retVal);
throw new Win32Exception(Convert.ToInt32(retVal));
}
}
public static void BindSni(Tuple <string, int> binding, byte[] hash, string storeName, Guid appId)
{
if (binding == null)
{
throw new ArgumentNullException(nameof(binding));
}
if (hash == null)
{
throw new ArgumentNullException(nameof(hash));
}
if (Environment.OSVersion.Version < new Version(6, 2))
{
return;
}
CallHttpApi(
delegate
{
HTTP_SERVICE_CONFIG_SSL_SNI_SET configSslSet = new HTTP_SERVICE_CONFIG_SSL_SNI_SET();
HTTP_SERVICE_CONFIG_SSL_SNI_KEY httpServiceConfigSslKey =
new HTTP_SERVICE_CONFIG_SSL_SNI_KEY();
httpServiceConfigSslKey.Host = binding.Item1;
httpServiceConfigSslKey.IpPort = CreateSockAddrStorageStructure(binding.Item2);
HTTP_SERVICE_CONFIG_SSL_PARAM configSslParam = new HTTP_SERVICE_CONFIG_SSL_PARAM();
GCHandle handleHash = GCHandle.Alloc(hash, GCHandleType.Pinned);
configSslParam.AppId = appId;
configSslParam.DefaultCertCheckMode = 0;
configSslParam.DefaultFlags = 0; //HTTP_SERVICE_CONFIG_SSL_FLAG_NEGOTIATE_CLIENT_CERT;
configSslParam.DefaultRevocationFreshnessTime = 0;
configSslParam.DefaultRevocationUrlRetrievalTimeout = 0;
configSslParam.pSslCertStoreName = storeName;
configSslParam.pSslHash = handleHash.AddrOfPinnedObject();
configSslParam.SslHashLength = hash.Length;
configSslSet.ParamDesc = configSslParam;
configSslSet.KeyDesc = httpServiceConfigSslKey;
IntPtr pInputConfigInfo =
Marshal.AllocCoTaskMem(Marshal.SizeOf(typeof(HTTP_SERVICE_CONFIG_SSL_SNI_SET)));
Marshal.StructureToPtr(configSslSet, pInputConfigInfo, false);
try
{
uint retVal = HttpSetServiceConfiguration(IntPtr.Zero,
HTTP_SERVICE_CONFIG_ID.HttpServiceConfigSslSniCertInfo,
pInputConfigInfo,
Marshal.SizeOf(configSslSet),
IntPtr.Zero);
if (ERROR_ALREADY_EXISTS != retVal)
{
ThrowWin32ExceptionIfError(retVal);
}
else
{
retVal = HttpDeleteServiceConfiguration(IntPtr.Zero,
HTTP_SERVICE_CONFIG_ID.HttpServiceConfigSslSniCertInfo,
pInputConfigInfo,
Marshal.SizeOf(configSslSet),
IntPtr.Zero);
ThrowWin32ExceptionIfError(retVal);
retVal = HttpSetServiceConfiguration(IntPtr.Zero,
HTTP_SERVICE_CONFIG_ID.HttpServiceConfigSslSniCertInfo,
pInputConfigInfo,
Marshal.SizeOf(configSslSet),
IntPtr.Zero);
ThrowWin32ExceptionIfError(retVal);
}
}
finally
{
Marshal.FreeCoTaskMem(pInputConfigInfo);
if (handleHash.IsAllocated)
{
handleHash.Free();
}
}
});
}
public static void BindCertificate(IPEndPoint ipPort, byte[] hash, StoreName storeName, Guid appId)
{
if (ipPort == null)
{
throw new ArgumentNullException("ipPort");
}
if (hash == null)
{
throw new ArgumentNullException("hash");
}
CallHttpApi(
delegate
{
HTTP_SERVICE_CONFIG_SSL_SET configSslSet = new HTTP_SERVICE_CONFIG_SSL_SET();
GCHandle sockAddrHandle = CreateSockaddrStructure(ipPort);
IntPtr pIpPort = sockAddrHandle.AddrOfPinnedObject();
HTTP_SERVICE_CONFIG_SSL_KEY httpServiceConfigSslKey =
new HTTP_SERVICE_CONFIG_SSL_KEY(pIpPort);
HTTP_SERVICE_CONFIG_SSL_PARAM configSslParam = new HTTP_SERVICE_CONFIG_SSL_PARAM();
GCHandle handleHash = GCHandle.Alloc(hash, GCHandleType.Pinned);
configSslParam.AppId = appId;
configSslParam.DefaultCertCheckMode = 0;
configSslParam.DefaultFlags = 0; //HTTP_SERVICE_CONFIG_SSL_FLAG_NEGOTIATE_CLIENT_CERT;
configSslParam.DefaultRevocationFreshnessTime = 0;
configSslParam.DefaultRevocationUrlRetrievalTimeout = 0;
configSslParam.pSslCertStoreName = storeName.ToString();
configSslParam.pSslHash = handleHash.AddrOfPinnedObject();
configSslParam.SslHashLength = hash.Length;
configSslSet.ParamDesc = configSslParam;
configSslSet.KeyDesc = httpServiceConfigSslKey;
IntPtr pInputConfigInfo =
Marshal.AllocCoTaskMem(Marshal.SizeOf(typeof(HTTP_SERVICE_CONFIG_SSL_SET)));
Marshal.StructureToPtr(configSslSet, pInputConfigInfo, false);
try
{
uint retVal = HttpSetServiceConfiguration(IntPtr.Zero,
HTTP_SERVICE_CONFIG_ID.HttpServiceConfigSSLCertInfo,
pInputConfigInfo,
Marshal.SizeOf(configSslSet),
IntPtr.Zero);
if (ERROR_ALREADY_EXISTS != retVal)
{
ThrowWin32ExceptionIfError(retVal);
}
else
{
retVal = HttpDeleteServiceConfiguration(IntPtr.Zero,
HTTP_SERVICE_CONFIG_ID.HttpServiceConfigSSLCertInfo,
pInputConfigInfo,
Marshal.SizeOf(configSslSet),
IntPtr.Zero);
ThrowWin32ExceptionIfError(retVal);
retVal = HttpSetServiceConfiguration(IntPtr.Zero,
HTTP_SERVICE_CONFIG_ID.HttpServiceConfigSSLCertInfo,
pInputConfigInfo,
Marshal.SizeOf(configSslSet),
IntPtr.Zero);
ThrowWin32ExceptionIfError(retVal);
}
}
finally
{
Marshal.FreeCoTaskMem(pInputConfigInfo);
if (handleHash.IsAllocated)
{
handleHash.Free();
}
if (sockAddrHandle.IsAllocated)
{
sockAddrHandle.Free();
}
}
});
}
public static void BindCertificate(IPEndPoint ipPort, byte[] hash, StoreName storeName, Guid appId)
{
if (ipPort == null) throw new ArgumentNullException("ipPort");
if (hash == null) throw new ArgumentNullException("hash");
CallHttpApi(
delegate
{
HTTP_SERVICE_CONFIG_SSL_SET configSslSet = new HTTP_SERVICE_CONFIG_SSL_SET();
GCHandle sockAddrHandle = CreateSockaddrStructure(ipPort);
IntPtr pIpPort = sockAddrHandle.AddrOfPinnedObject();
HTTP_SERVICE_CONFIG_SSL_KEY httpServiceConfigSslKey =
new HTTP_SERVICE_CONFIG_SSL_KEY(pIpPort);
HTTP_SERVICE_CONFIG_SSL_PARAM configSslParam = new HTTP_SERVICE_CONFIG_SSL_PARAM();
GCHandle handleHash = GCHandle.Alloc(hash, GCHandleType.Pinned);
configSslParam.AppId = appId;
configSslParam.DefaultCertCheckMode = 0;
configSslParam.DefaultFlags = 0; //HTTP_SERVICE_CONFIG_SSL_FLAG_NEGOTIATE_CLIENT_CERT;
configSslParam.DefaultRevocationFreshnessTime = 0;
configSslParam.DefaultRevocationUrlRetrievalTimeout = 0;
configSslParam.pSslCertStoreName = storeName.ToString();
configSslParam.pSslHash = handleHash.AddrOfPinnedObject();
configSslParam.SslHashLength = hash.Length;
configSslSet.ParamDesc = configSslParam;
configSslSet.KeyDesc = httpServiceConfigSslKey;
IntPtr pInputConfigInfo =
Marshal.AllocCoTaskMem(Marshal.SizeOf(typeof(HTTP_SERVICE_CONFIG_SSL_SET)));
Marshal.StructureToPtr(configSslSet, pInputConfigInfo, false);
try
{
uint retVal = HttpSetServiceConfiguration(IntPtr.Zero,
HTTP_SERVICE_CONFIG_ID.HttpServiceConfigSSLCertInfo,
pInputConfigInfo,
Marshal.SizeOf(configSslSet),
IntPtr.Zero);
if (ERROR_ALREADY_EXISTS != retVal)
{
ThrowWin32ExceptionIfError(retVal);
}
else
{
retVal = HttpDeleteServiceConfiguration(IntPtr.Zero,
HTTP_SERVICE_CONFIG_ID.HttpServiceConfigSSLCertInfo,
pInputConfigInfo,
Marshal.SizeOf(configSslSet),
IntPtr.Zero);
ThrowWin32ExceptionIfError(retVal);
retVal = HttpSetServiceConfiguration(IntPtr.Zero,
HTTP_SERVICE_CONFIG_ID.HttpServiceConfigSSLCertInfo,
pInputConfigInfo,
Marshal.SizeOf(configSslSet),
IntPtr.Zero);
ThrowWin32ExceptionIfError(retVal);
}
}
finally
{
Marshal.FreeCoTaskMem(pInputConfigInfo);
if (handleHash.IsAllocated)
handleHash.Free();
if (sockAddrHandle.IsAllocated)
sockAddrHandle.Free();
}
});
}
