protected override void ModifyHost(ServiceHost serviceHost, ResourceRequestContext context)
{
// Ensure the https certificate is installed before this endpoint resource is used
CertificateResourceHelpers.EnsureSslPortCertificateInstalled(context.BridgeConfiguration);
base.ModifyHost(serviceHost, context);
}
protected override void ModifyHost(ServiceHost serviceHost, ResourceRequestContext context)
{
// Ensure the service certificate is installed before this endpoint resource is used
//Create an expired certificate
CertificateCreationSettings certificateCreationSettings = new CertificateCreationSettings()
{
FriendlyName = "WCF Bridge - TcpExpiredServerCertResource",
ValidityType = CertificateValidityType.Expired,
ValidityNotBefore = DateTime.UtcNow - TimeSpan.FromDays(4),
ValidityNotAfter = DateTime.UtcNow - TimeSpan.FromDays(2),
//If you specify multiple subjects, the first one becomes the subject, and all of them become Subject Alt Names.
//In this case, the certificate subject is CN=fqdn, OU=..., O=... , and SANs will be fqdn, hostname, localhost
//We do this so that a single bridge setup can deal with all the possible addresses that a client might use.
//If we don't put "localhost' here, a long-running bridge will not be able to receive requests from both fqdn and localhost
//because the certs won't match.
Subject = s_fqdn,
SubjectAlternativeNames = new string[] { s_fqdn, s_hostname, "localhost" }
};
X509Certificate2 cert = CertificateResourceHelpers.EnsureCustomCertificateInstalled(context.BridgeConfiguration, certificateCreationSettings, Address);
serviceHost.Credentials.ServiceCertificate.SetCertificate(StoreLocation.LocalMachine,
StoreName.My,
X509FindType.FindByThumbprint,
cert.Thumbprint);
}
protected override void ModifyHost(ServiceHost serviceHost, ResourceRequestContext context)
{
// Ensure the https certificate is installed before this endpoint resource is used
string thumbprint = CertificateResourceHelpers.EnsureSslPortCertificateInstalled(context.BridgeConfiguration);
serviceHost.Credentials.ServiceCertificate.SetCertificate(StoreLocation.LocalMachine,
StoreName.My,
X509FindType.FindByThumbprint,
thumbprint);
}
protected override void ModifyHost(ServiceHost serviceHost, ResourceRequestContext context)
{
// Ensure the https certificate is installed before this endpoint resource is used
string thumbprint = CertificateResourceHelpers.EnsureSslPortCertificateInstalled(context.BridgeConfiguration);
serviceHost.Credentials.ClientCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.Custom;
serviceHost.Credentials.ClientCertificate.Authentication.CustomCertificateValidator = new MyX509CertificateValidator("DO_NOT_TRUST_WcfBridgeRootCA");
serviceHost.Credentials.ServiceCertificate.SetCertificate(StoreLocation.LocalMachine,
StoreName.My,
X509FindType.FindByThumbprint,
thumbprint);
}
protected override void ModifyHost(ServiceHost serviceHost, ResourceRequestContext context)
{
// Ensure the service certificate is installed before this endpoint resource is used
//Create a certificate and add to the revocation list
CertificateCreationSettings certificateCreationSettings = new CertificateCreationSettings()
{
FriendlyName = "WCF Bridge - TcpRevokedServerCertResource",
ValidityType = CertificateValidityType.Revoked,
Subject = s_fqdn,
SubjectAlternativeNames = new string[] { s_fqdn, s_hostname, "localhost" }
};
X509Certificate2 cert = CertificateResourceHelpers.EnsureCustomCertificateInstalled(context.BridgeConfiguration, certificateCreationSettings, Address);
serviceHost.Credentials.ServiceCertificate.SetCertificate(StoreLocation.LocalMachine,
StoreName.My,
X509FindType.FindByThumbprint,
cert.Thumbprint);
}
protected override void ModifyHost(ServiceHost serviceHost, ResourceRequestContext context)
{
// Ensure the service certificate is installed before this endpoint resource is used
//Create a certificate and add to the revocation list
CertificateCreationSettings certificateCreationSettings = new CertificateCreationSettings()
{
IsValidCert = false,
Subjects = new string[] { s_fqdn, s_hostname, "localhost" }
};
X509Certificate2 cert = CertificateResourceHelpers.EnsureRevokedCertificateInstalled(context.BridgeConfiguration, certificateCreationSettings, Address);
CertificateManager.RevokeCertificate(CertificateResourceHelpers.GetCertificateGeneratorInstance(context.BridgeConfiguration), cert.SerialNumber);
serviceHost.Credentials.ServiceCertificate.SetCertificate(StoreLocation.LocalMachine,
StoreName.My,
X509FindType.FindByThumbprint,
cert.Thumbprint);
}
protected override void ModifyHost(ServiceHost serviceHost, ResourceRequestContext context)
{
// Ensure the service certificate is installed before this endpoint resource is used
// Exactly one subject name, which is going to be the CN
CertificateCreationSettings certificateCreationSettings = new CertificateCreationSettings()
{
FriendlyName = "WCF Bridge - TcpCertificateWithSubjectCanonicalNameLocalhostResource",
Subject = "localhost",
SubjectAlternativeNames = new string[0],
ValidityType = CertificateValidityType.NonAuthoritativeForMachine
};
X509Certificate2 cert = CertificateResourceHelpers.EnsureCustomCertificateInstalled(context.BridgeConfiguration, certificateCreationSettings, Address);
serviceHost.Credentials.ServiceCertificate.SetCertificate(StoreLocation.LocalMachine,
StoreName.My,
X509FindType.FindByThumbprint,
cert.Thumbprint);
}
protected override void ModifyHost(ServiceHost serviceHost, ResourceRequestContext context)
{
// Ensure the service certificate is installed before this endpoint resource is used
// CN=not-real-subject-name means that a cert for "not-real-subject-name" will be installed
// Per #422 this shouldn't matter as we now check with SAN
CertificateCreationSettings certificateCreationSettings = new CertificateCreationSettings()
{
FriendlyName = "WCF Bridge - TcpCertificateWithServerAltNameResource",
Subject = "not-real-subject-name",
SubjectAlternativeNames = new string[] { "not-real-subject-name", "not-real-subject-name.example.com", s_fqdn, s_hostname, "localhost" }
};
X509Certificate2 cert = CertificateResourceHelpers.EnsureCustomCertificateInstalled(context.BridgeConfiguration, certificateCreationSettings, Address);
serviceHost.Credentials.ServiceCertificate.SetCertificate(StoreLocation.LocalMachine,
StoreName.My,
X509FindType.FindByThumbprint,
cert.Thumbprint);
}
