public void GetAddedCnsAndIssuersTest()
{
Dictionary <string, string> currentList = new Dictionary <string, string>()
{
{ "cn1", "tp1,tp2" },
{ "cn2", null },
{ "cn3", "tp3" },
{ "cn4", null }
};
Dictionary <string, string> newList = new Dictionary <string, string>()
{
{ "cn1", "tp2,tp4" },
{ "cn2", null },
{ "cn4", "tp5" },
{ "cn5", null },
};
ServerCertificateCommonNames currentCns = ConstructCertCommonNames(currentList);
ServerCertificateCommonNames newCns = ConstructCertCommonNames(newList);
Dictionary <string, string> actualResult = CertificateClusterUpgradeFlow.GetAddedCnsAndIssuers(currentCns, newCns);
Dictionary <string, string> expectedResult = new Dictionary <string, string>()
{
{ "cn1", "tp4" },
{ "cn4", "tp5" },
{ "cn5", null },
};
Assert.AreEqual(expectedResult.Count, actualResult.Count);
Assert.IsTrue(actualResult.All(p => p.Value == expectedResult[p.Key]));
}
internal void VerifyFlow_ReplaceCn(ServerCertificateCommonNames currentCert, ServerCertificateCommonNames targetCert, List <CertificateClusterUpgradeStep> steps)
{
Assert.AreEqual(3, steps.Count);
CertificateClusterUpgradeStep step = steps[0];
Assert.AreEqual(2, step.CommonNameWhiteList.Count);
Assert.IsTrue(step.CommonNameWhiteList.Keys.Contains(currentCert.CommonNames[0].CertificateCommonName) && step.CommonNameWhiteList.Keys.Contains(targetCert.CommonNames[0].CertificateCommonName));
Assert.IsFalse(step.CommonNameWhiteList.Values.Any(p => string.IsNullOrWhiteSpace(p)));
Assert.IsTrue(step.CommonNameWhiteList.Values.Contains(currentCert.CommonNames[0].CertificateIssuerThumbprint) && step.CommonNameWhiteList.Values.Contains(targetCert.CommonNames[0].CertificateIssuerThumbprint));
Assert.AreEqual(currentCert.CommonNames[0].CertificateCommonName, step.CommonNameLoadList.CommonNames[0].CertificateCommonName);
Assert.AreEqual(1, step.CommonNameLoadList.CommonNames.Count);
Assert.AreEqual(currentCert.CommonNames[0].CertificateCommonName, step.CommonNameFileStoreSvcList.CommonNames[0].CertificateCommonName);
Assert.AreEqual(1, step.CommonNameFileStoreSvcList.CommonNames.Count);
step = steps[1];
Assert.AreEqual(2, step.CommonNameWhiteList.Count);
Assert.IsTrue(step.CommonNameWhiteList.Keys.Contains(currentCert.CommonNames[0].CertificateCommonName) && step.CommonNameWhiteList.Keys.Contains(targetCert.CommonNames[0].CertificateCommonName));
Assert.IsFalse(step.CommonNameWhiteList.Values.Any(p => string.IsNullOrWhiteSpace(p)));
Assert.IsTrue(step.CommonNameWhiteList.Values.Contains(currentCert.CommonNames[0].CertificateIssuerThumbprint) && step.CommonNameWhiteList.Values.Contains(targetCert.CommonNames[0].CertificateIssuerThumbprint));
Assert.AreEqual(targetCert.CommonNames[0].CertificateCommonName, step.CommonNameLoadList.CommonNames[0].CertificateCommonName);
Assert.AreEqual(1, step.CommonNameLoadList.CommonNames.Count);
Assert.AreEqual(currentCert.CommonNames[0].CertificateCommonName, step.CommonNameFileStoreSvcList.CommonNames[0].CertificateCommonName);
Assert.AreEqual(targetCert.CommonNames[0].CertificateCommonName, step.CommonNameFileStoreSvcList.CommonNames[1].CertificateCommonName);
step = steps[2];
Assert.AreEqual(1, step.CommonNameWhiteList.Count);
Assert.AreEqual(targetCert.CommonNames[0].CertificateCommonName, step.CommonNameWhiteList.First().Key);
Assert.IsFalse(step.CommonNameWhiteList.Values.Any(p => string.IsNullOrWhiteSpace(p)));
Assert.IsTrue(step.CommonNameWhiteList.Values.Contains(targetCert.CommonNames[0].CertificateIssuerThumbprint));
Assert.AreEqual(targetCert.CommonNames[0].CertificateCommonName, step.CommonNameLoadList.CommonNames[0].CertificateCommonName);
Assert.AreEqual(1, step.CommonNameLoadList.CommonNames.Count);
Assert.AreEqual(targetCert.CommonNames[0].CertificateCommonName, step.CommonNameFileStoreSvcList.CommonNames[0].CertificateCommonName);
Assert.AreEqual(1, step.CommonNameFileStoreSvcList.CommonNames.Count);
}
internal override void FromInternal(X509 certificateInformation)
{
base.FromInternal(certificateInformation);
this.ClusterCertificateCommonNames = certificateInformation.ClusterCertificateCommonNames;
this.ServerCertificateCommonNames = certificateInformation.ServerCertificateCommonNames;
this.ReverseProxyCertificateCommonNames = certificateInformation.ReverseProxyCertificateCommonNames;
}
private ServerCertificateCommonNames ConstructServerCns(string[] cns, string[] issuerThumbprints)
{
ServerCertificateCommonNames result = new ServerCertificateCommonNames()
{
CommonNames = new List <CertificateCommonNameBase>()
};
result.CommonNames = new List <CertificateCommonNameBase>();
int cnsLength = cns != null ? cns.Length : 0;
int itLength = issuerThumbprints != null ? issuerThumbprints.Length : 0;
for (int i = 0; i < Math.Max(cnsLength, itLength); i++)
{
CertificateCommonNameBase element = new CertificateCommonNameBase();
if (i < cnsLength)
{
element.CertificateCommonName = cns[i];
}
if (i < itLength)
{
element.CertificateIssuerThumbprint = issuerThumbprints[i];
}
result.CommonNames.Add(element);
}
return(result);
}
internal void InternalValidateClusterCertificateIssuerThumbprintUpdateTest(string originalCns, string originalIssuerThumbprints, string updatedCns, string updatedIssuerThumbprints, ClusterManagementErrorCode?expectedErrorCode = null)
{
Utility.ValidateExpectedValidationException(
delegate
{
ServerCertificateCommonNames original = ConstructServerCns(originalCns, originalIssuerThumbprints);
ServerCertificateCommonNames updated = ConstructServerCns(updatedCns, updatedIssuerThumbprints);
StandaloneSettingsValidator.ValidateClusterCertificateIssuerThumbprintUpdate(
original,
updated,
new StandAloneTraceLogger("StandAloneDeploymentManager"));
},
expectedErrorCode);
}
internal ServerCertificateCommonNames ConstructServerCns(string cns, string issuerThumbprints)
{
string[] cnList = cns.Split(';');
string[] thumbprintList = issuerThumbprints != null?issuerThumbprints.Split(';') : null;
ServerCertificateCommonNames result = new ServerCertificateCommonNames()
{
CommonNames = new List <CertificateCommonNameBase>()
};
for (int i = 0; i < cnList.Length; i++)
{
result.CommonNames.Add(new CertificateCommonNameBase()
{
CertificateCommonName = cnList[i],
CertificateIssuerThumbprint = thumbprintList != null ? thumbprintList[i] : null,
});
}
return(result);
}
protected override List <SettingsTypeSection> OnGenerateFabricSettings(
Security security,
CertificateDescription thumbprintFileStoreCert,
List <string> thumbprintClusterCertList,
ServerCertificateCommonNames commonNameFileStoreCert,
Dictionary <string, string> commonNameClusterCertList,
int currentClusterSize = -1)
{
var result = new List <SettingsTypeSection>();
// GenerateSecuritySection always returns a non-null value
var securitySections = this.GenerateSecuritySection(security, thumbprintClusterCertList, commonNameClusterCertList);
result.AddRange(securitySections);
var runAsSection = this.GenerateRunAsSection(security);
if (runAsSection != null)
{
result.Add(runAsSection);
}
var httpApplicationGatewaySection = this.GenerateHttpApplicationGatewaySection();
if (httpApplicationGatewaySection != null)
{
result.Add(httpApplicationGatewaySection);
}
if (security == null || security.WindowsIdentities == null || security.WindowsIdentities.ClustergMSAIdentity == null)
{
var fileStoreSection = this.GenerateFileStoreServiceSection(
thumbprintFileStoreCert,
commonNameFileStoreCert,
this.currentPrimaryAccountNtlmPassword,
this.currentSecondaryAccountNtlmPassword,
this.currentCommonNameNtlmPassword);
if (fileStoreSection != null)
{
result.Add(fileStoreSection);
}
}
var failoverManagerSection = currentClusterSize == -1 ? this.GenerateFailoverManagerSection() : this.GenerateFailoverManagerSection(currentClusterSize);
result.Add(failoverManagerSection);
if (this.TargetCsmConfig.DiagnosticsStoreInformation != null)
{
var dcaSections = this.GenerateDcaSections();
if (dcaSections != null)
{
result.AddRange(dcaSections);
}
}
result.AddRange(this.GenerateClusterManagerSection());
var upgradeOrchestrationServiceSection = this.GenerateUpgradeOrchestrationServiceSection();
result.Add(upgradeOrchestrationServiceSection);
result.AddRange(this.GenerateCommonSection());
result.AddRange(StandAloneFabricSettingsGenerator.GenerateSecretStoreSections(this.TargetCsmConfig));
result.AddRange(StandAloneFabricSettingsGenerator.GenerateRepairManagerSection(this.TargetCsmConfig));
result.AddRange(StandAloneFabricSettingsGenerator.GenerateDnsServiceSection(this.TargetCsmConfig));
result.AddRange(StandAloneFabricSettingsGenerator.GenerateBackupRestoreServiceSection(this.TargetCsmConfig));
result.AddRange(StandAloneFabricSettingsGenerator.GenerateResourceMonitorServiceSection(this.TargetCsmConfig));
result.AddRange(StandAloneFabricSettingsGenerator.GenerateSFVolumeDiskServiceSection(this.TargetCsmConfig));
result.AddRange(StandAloneFabricSettingsGenerator.GenerateEventStoreServiceSection(this.TargetCsmConfig));
result.AddRange(StandAloneFabricSettingsGenerator.GenerateGatewayResourceManagerSection(this.TargetCsmConfig));
return(result);
}
protected override List <SettingsTypeSection> OnGenerateFabricSettings(Security security, CertificateDescription thumbprintFileStoreCert, List <string> thumbprintClusterCertList, ServerCertificateCommonNames commonNameFileStoreCert, Dictionary <string, string> commonNameClusterCertList, int currentClusterSize)
{
return(new List <SettingsTypeSection>());
}
internal void InternalValidateClusterCertificateInstallationTest(string[] findValues, string[] issuerThumbprints, string certType, ClusterManagementErrorCode?expectedErrorCode)
{
if (issuerThumbprints == null)
{
IEnumerable <CertificateDescription> certs = findValues.Select(p => new CertificateDescription()
{
Thumbprint = p
});
foreach (CertificateDescription cert in certs)
{
var x509Cert = new X509();
switch (certType)
{
case "Cluster":
x509Cert.ClusterCertificate = cert;
break;
case "Server":
x509Cert.ServerCertificate = cert;
break;
case "ReverseProxy":
x509Cert.ReverseProxyCertificate = cert;
break;
}
Utility.ValidateExpectedValidationException(
delegate
{
StandaloneSettingsValidator.ValidateCertificateInstallation(
x509Cert,
new string[] { "localhost" },
new StandAloneTraceLogger("StandAloneDeploymentManager"));
},
expectedErrorCode);
}
}
else
{
List <ServerCertificateCommonNames> certs = new List <ServerCertificateCommonNames>();
for (int i = 0; i < findValues.Count(); i++)
{
ServerCertificateCommonNames cert = new ServerCertificateCommonNames()
{
CommonNames = new List <CertificateCommonNameBase>()
};
cert.CommonNames.Add(new CertificateCommonNameBase()
{
CertificateCommonName = findValues[i], CertificateIssuerThumbprint = issuerThumbprints[i]
});
certs.Add(cert);
}
foreach (ServerCertificateCommonNames cert in certs)
{
var x509Cert = new X509();
switch (certType)
{
case "Cluster":
x509Cert.ClusterCertificateCommonNames = cert;
break;
case "Server":
x509Cert.ServerCertificateCommonNames = cert;
break;
case "ReverseProxy":
x509Cert.ReverseProxyCertificateCommonNames = cert;
break;
}
Utility.ValidateExpectedValidationException(
delegate
{
StandaloneSettingsValidator.ValidateCertificateInstallation(
x509Cert,
new string[] { "localhost" },
new StandAloneTraceLogger("StandAloneDeploymentManager"));
},
expectedErrorCode);
}
}
}
