// When called, generates the a cert for the machine DNS name with SAN localhost, and installs both certs
// returns thumbprint of the machine certs
public static X509Certificate2 CreateAndInstallLocalMachineCertificates(CertificateGenerator certificateGenerator)
{
if (certificateGenerator == null)
{
throw new ArgumentNullException("certificateGenerator");
}
lock (s_certificateLock)
{
if (s_localCertificate != null)
{
return(s_localCertificate);
}
Trace.WriteLine("[CertificateManager] Installing Root and Machine certificates to machine store.");
// At this point, we know we haven't generated the certs yet, or the operation is completing on another thread
// Certificate generation is time-consuming, so we want to make sure that we don't unnecessarily generate a cert
var rootCertificate = certificateGenerator.AuthorityCertificate.Certificate;
var fqdn = Dns.GetHostEntry("127.0.0.1").HostName;
var hostname = fqdn.Split('.')[0];
// always create a certificate locally for the current machine's fully qualified domain name,
// hostname, and "localhost".
CertificateCreationSettings certificateCreationSettings = new CertificateCreationSettings()
{
FriendlyName = "WCF Bridge - Machine certificate generated by the CertificateManager",
Subject = fqdn,
SubjectAlternativeNames = new string[] { fqdn, hostname, "localhost" }
};
var hostCert = certificateGenerator.CreateMachineCertificate(certificateCreationSettings).Certificate;
// Since s_myCertificates keys by subject name, we won't install a cert for the same subject twice
// only the first-created cert will win
InstallCertificateToRootStore(rootCertificate);
InstallCertificateToMyStore(hostCert, certificateCreationSettings.ValidityType == CertificateValidityType.Valid);
s_localCertificate = hostCert;
// Create the PeerTrust cert
certificateCreationSettings = new CertificateCreationSettings()
{
FriendlyName = "WCF Bridge - UserPeerTrustCertificateResource",
Subject = fqdn,
SubjectAlternativeNames = new string[] { fqdn, hostname, "localhost" }
};
var peerCert = certificateGenerator.CreateMachineCertificate(certificateCreationSettings).Certificate;
InstallCertificateToTrustedPeopleStore(peerCert, certificateCreationSettings.ValidityType == CertificateValidityType.Valid);
}
return(s_localCertificate);
}
// We generate a local machine certificate for common usage. This method is usded to generate certs for non common usage, such as an expired cert.
public static X509Certificate2 CreateAndInstallNonDefaultMachineCertificates(CertificateGenerator certificateGenerator, CertificateCreationSettings certificateCreationSettings, string resourceAddress)
{
if (certificateCreationSettings == null)
{
throw new ArgumentException("certificateCreationSettings cannot be null as we are creating a non default certificate");
}
if (certificateGenerator == null)
{
throw new ArgumentNullException("certificateGenerator");
}
lock (s_certificateLock)
{
Trace.WriteLine("[CertificateManager] Installing Non default Machine certificates to machine store.");
var rootCertificate = certificateGenerator.AuthorityCertificate.Certificate;
var hostCert = certificateGenerator.CreateMachineCertificate(certificateCreationSettings).Certificate;
InstallCertificateToRootStore(rootCertificate);
InstallCertificateToMyStore(hostCert, certificateCreationSettings.ValidityType == CertificateValidityType.Valid, resourceAddress);
return(hostCert);
}
}
// When called, generates the a cert for the machine DNS name with SAN localhost, and installs both certs
// returns thumbprint of the machine certs
public static X509Certificate2 CreateAndInstallLocalMachineCertificates(CertificateGenerator certificateGenerator)
{
if (certificateGenerator == null)
{
throw new ArgumentNullException("certificateGenerator");
}
lock (s_certificateLock)
{
if (s_localCertificate != null)
{
return(s_localCertificate);
}
Trace.WriteLine("[CertificateManager] Installing Root and Machine certificates to machine store.");
// At this point, we know we haven't generated the certs yet, or the operation is completing on another thread
// Certificate generation is time-consuming, so we want to make sure that we don't unnecessarily generate a cert
var rootCertificate = certificateGenerator.AuthorityCertificate.Certificate;
var fqdn = Dns.GetHostEntry("127.0.0.1").HostName;
var hostname = fqdn.Split('.')[0];
// always create a certificate locally for the current machine's fully qualified domain name,
// hostname, and "localhost".
var hostCert = certificateGenerator.CreateMachineCertificate(fqdn, hostname, "localhost").Certificate;
// Since s_myCertificates keys by subject name, we won't install a cert for the same subject twice
// only the first-created cert will win
InstallCertificateToRootStore(rootCertificate);
InstallCertificateToMyStore(hostCert);
s_localCertificate = hostCert;
}
return(s_localCertificate);
}
private static void CreateAndInstallMachineCertificate(CertificateGenerator certificateGenerate, CertificateCreationSettings certificateCreationSettings)
{
X509Certificate2 certificate = certificateGenerate.CreateMachineCertificate(certificateCreationSettings).Certificate;
CertificateManager.AddToStoreIfNeeded(StoreName.My, StoreLocation.LocalMachine, certificate);
}
// We generate a local machine certificate for common usage. This method is usded to generate certs for non common usage, such as an expired cert.
public static X509Certificate2 CreateAndInstallNonDefaultMachineCertificates(CertificateGenerator certificateGenerator, CertificateCreationSettings certificateCreationSettings, string resourceAddress)
{
if (certificateCreationSettings == null)
{
throw new ArgumentException("certificateCreationSettings cannot be null as we are creating a non default certificate");
}
if (certificateGenerator == null)
{
throw new ArgumentNullException("certificateGenerator");
}
lock (s_certificateLock)
{
Trace.WriteLine("[CertificateManager] Installing Non default Machine certificates to machine store.");
var rootCertificate = certificateGenerator.AuthorityCertificate.Certificate;
var hostCert = certificateGenerator.CreateMachineCertificate(certificateCreationSettings).Certificate;
InstallCertificateToRootStore(rootCertificate);
InstallCertificateToMyStore(hostCert, certificateCreationSettings.IsValidCert, resourceAddress);
return hostCert;
}
}
// When called, generates the a cert for the machine DNS name with SAN localhost, and installs both certs
// returns thumbprint of the machine certs
public static X509Certificate2 CreateAndInstallLocalMachineCertificates(CertificateGenerator certificateGenerator)
{
if (certificateGenerator == null)
{
throw new ArgumentNullException("certificateGenerator");
}
lock (s_certificateLock)
{
if (s_localCertificate != null)
{
return s_localCertificate;
}
Trace.WriteLine("[CertificateManager] Installing Root and Machine certificates to machine store.");
// At this point, we know we haven't generated the certs yet, or the operation is completing on another thread
// Certificate generation is time-consuming, so we want to make sure that we don't unnecessarily generate a cert
var rootCertificate = certificateGenerator.AuthorityCertificate.Certificate;
var fqdn = Dns.GetHostEntry("127.0.0.1").HostName;
var hostname = fqdn.Split('.')[0];
// always create a certificate locally for the current machine's fully qualified domain name,
// hostname, and "localhost".
CertificateCreationSettings certificateCreationSettings = new CertificateCreationSettings() { Subjects = new string[] { fqdn, hostname, "localhost" } };
var hostCert = certificateGenerator.CreateMachineCertificate(certificateCreationSettings).Certificate;
// Since s_myCertificates keys by subject name, we won't install a cert for the same subject twice
// only the first-created cert will win
InstallCertificateToRootStore(rootCertificate);
InstallCertificateToMyStore(hostCert, certificateCreationSettings.IsValidCert);
s_localCertificate = hostCert;
}
return s_localCertificate;
}
