// Installs the root certificate from the bridge
        // Needed for all tests so we trust the incoming certificate coming from the service/bridge
        // We do our best to detect if we're running on the same box as the bridge; if so, we don't try to install the cert
        // as that operation requires admin privileges
        public static void InstallRootCertificateFromBridge()
        {
            // PUT the Authority to the Bridge (returns thumbprint)
            var response = BridgeClient.MakeResourcePutRequest(CertificateAuthorityResourceName, null);

            string           thumbprint;
            X509Certificate2 certificateToInstall            = null;
            bool             rootCertificateAlreadyInstalled = false;

            lock (s_certificateLock)
            {
                if (response.TryGetValue(ThumbprintKeyName, out thumbprint))
                {
                    rootCertificateAlreadyInstalled = s_rootCertificates.ContainsKey(thumbprint);
                }

                if (rootCertificateAlreadyInstalled)
                {
                    // Cert's been installed already, bail out
                    return;
                }
                else
                {
                    using (X509Store store = new X509Store(StoreName.Root, StoreLocation.LocalMachine))
                    {
                        store.Open(OpenFlags.ReadOnly);
                        var collection = store.Certificates.Find(X509FindType.FindByThumbprint, thumbprint, false);
                        if (collection.Count > 0)
                        {
                            // We don't need to add the cert ourselves, because this cert has previously been installed
                            // Likely BridgeClient is running on the same machine as the Bridge and the Bridge has done the work already.
                            return;
                        }
                    }

                    // Request the certificate from the Bridge
                    string base64Cert = string.Empty;
                    response = BridgeClient.MakeResourceGetRequest(CertificateAuthorityResourceName, null);

                    string certificateAsBase64;
                    if (response.TryGetValue(CertificateKeyName, out certificateAsBase64))
                    {
                        // Root cert coming from Bridge doesn't have a password or private key
                        certificateToInstall = new X509Certificate2(Convert.FromBase64String(certificateAsBase64));
                    }
                    else
                    {
                        StringBuilder sb = new StringBuilder();
                        foreach (var pair in response)
                        {
                            sb.AppendFormat("{0}  {1} : {2}", Environment.NewLine, pair.Key, pair.Value);
                        }

                        throw new Exception(
                                  string.Format("Error retrieving Authority certificate from Bridge. Expected '{0}' key in response. Response contents:{1}{2}",
                                                CertificateKeyName,
                                                Environment.NewLine,
                                                sb.ToString()));
                    }
                }
            }

            // We return or throw before this point if there is no certificateToInstall
            InstallCertificateToRootStore(certificateToInstall);
        }
        // Installs the local certificate provided by the bridge
        // Root is installed as part of this call so we trust the incoming certificate coming from the service/bridge
        // We supply this certificate for bidirectional (tcp) communication
        //
        // The request to the bridge with the local FQDN concurrently asks the bridge if we are running locally.
        // if so, we don't try to install the cert as that operation requires admin privileges
        public static void InstallLocalCertificateFromBridge()
        {
            X509Certificate2 certificateToInstall = null;

            // PUT the Client Certificate Subject to the Bridge (returns thumbprint)
            Dictionary <string, string> requestParams = new Dictionary <string, string>();

            requestParams.Add(SubjectKeyName, ClientCertificateSubject);

            var response = BridgeClient.MakeResourcePutRequest(UserCertificateResourceName, requestParams);

            string thumbprint;
            bool   foundUserCertificate = false;

            lock (s_certificateLock)
            {
                if (response.TryGetValue(ThumbprintKeyName, out thumbprint))
                {
                    foundUserCertificate = s_myCertificates.ContainsKey(thumbprint);

                    // The Bridge tells us if the request has been made for a local certificate local to the bridge.
                    // If it has, then the Bridge itself has already installed that cert as part of the PUT request
                    // There's no need for us to do this in the BridgeClient.
                    string isLocalString;
                    if (response.TryGetValue(IsLocalKeyName, out isLocalString))
                    {
                        bool isLocal = false;
                        if (bool.TryParse(isLocalString, out isLocal) && isLocal)
                        {
                            return;
                        }
                    }
                }

                if (!foundUserCertificate)
                {
                    // GET the cert with thumbprint from the Bridge (returns cert in base64 format)
                    requestParams = new Dictionary <string, string>();
                    requestParams.Add(ThumbprintKeyName, thumbprint);

                    string base64Cert = string.Empty;
                    response = BridgeClient.MakeResourceGetRequest(UserCertificateResourceName, requestParams);

                    string certificateAsBase64;
                    if (response.TryGetValue(CertificateKeyName, out certificateAsBase64))
                    {
                        certificateToInstall = new X509Certificate2(Convert.FromBase64String(certificateAsBase64), ClientCertificatePassword);
                    }
                    else
                    {
                        StringBuilder sb = new StringBuilder();
                        foreach (var pair in response)
                        {
                            sb.AppendFormat("{0}  {1} : {2}", Environment.NewLine, pair.Key, pair.Value);
                        }

                        throw new Exception(
                                  string.Format("Error retrieving '{0}' certificate from Bridge, thumbprint '{1}'.\r\nExpected '{2}' key in response. Response contents:{3}{4}",
                                                ClientCertificateSubject,
                                                thumbprint,
                                                CertificateKeyName,
                                                Environment.NewLine,
                                                sb.ToString()));
                    }
                }
            }

            // certificateToInstall could be null in the case the user certification exists
            if (certificateToInstall != null)
            {
                InstallCertificateToMyStore(certificateToInstall);
                // We also need to install the root cert if we install a local cert
                InstallRootCertificateFromBridge();
            }
        }