public static object DynamicInvokePut(resource resource) { if (String.IsNullOrEmpty(resource.name)) { throw new ArgumentNullException("resource.name"); } // Disallow concurrent resource instantation or configuration changes lock (ConfigController.BridgeLock) { AppDomain appDomain; if (String.IsNullOrWhiteSpace(ConfigController.CurrentAppDomainName)) { throw new InvalidOperationException("The Bridge resource folder has not been configured."); } if (!TypeCache.AppDomains.TryGetValue(ConfigController.CurrentAppDomainName, out appDomain)) { throw new ArgumentException("Resource not found", "resource"); } Type loaderType = typeof(AssemblyLoader); var loader = (AssemblyLoader)appDomain.CreateInstanceFromAndUnwrap( loaderType.Assembly.Location, loaderType.FullName); ResourceRequestContext context = new ResourceRequestContext { BridgeConfiguration = ConfigController.BridgeConfiguration }; return loader.IResourceCall(resource.name, "Put", new object[] { context }); } }
public static ResourceResponse DynamicInvokeGet(string resourceName, Dictionary<string, string> properties) { if (String.IsNullOrWhiteSpace(resourceName)) { throw new ArgumentNullException("resourceName"); } // Disallow concurrent resource instantation or configuration changes lock (ConfigController.ConfigLock) { AppDomain appDomain; if (!TypeCache.AppDomains.TryGetValue(ConfigController.CurrentAppDomainName, out appDomain)) { throw new ArgumentException("Resource not found"); } Type loaderType = typeof(AssemblyLoader); var loader = (AssemblyLoader)appDomain.CreateInstanceFromAndUnwrap( loaderType.Assembly.Location, loaderType.FullName); ResourceRequestContext context = new ResourceRequestContext { BridgeConfiguration = ConfigController.BridgeConfiguration, ResourceName = resourceName, Properties = properties }; object result = loader.IResourceCall(resourceName, "Get", new object[] { context }); return (ResourceResponse) result; } }
// Requests a certificate to be generated by the Bridge based on a user name and not machine name public override ResourceResponse Put(ResourceRequestContext context) { X509Certificate2 certificate; string subject; if (!context.Properties.TryGetValue(subjectKeyName, out subject) || string.IsNullOrWhiteSpace(subject)) { throw new ArgumentException("When PUTting to this resource, specify an non-empty 'subject'", "context.Properties"); } // There can be multiple subjects, separated by , string[] subjects = subject.Split(','); lock (s_certificateResourceLock) { if (!s_createdCertsBySubject.TryGetValue(subjects[0], out certificate)) { CertificateGenerator generator = CertificateResourceHelpers.GetCertificateGeneratorInstance(context.BridgeConfiguration); certificate = generator.CreateUserCertificate(subjects).Certificate; // Cache the certificates s_createdCertsBySubject.Add(subjects[0], certificate); s_createdCertsByThumbprint.Add(certificate.Thumbprint, certificate); } } ResourceResponse response = new ResourceResponse(); response.Properties.Add(thumbprintKeyName, certificate.Thumbprint); return response; }
protected override void ModifyHost(ServiceHost serviceHost, ResourceRequestContext context) { // Ensure the service certificate is installed before this endpoint resource is used //Create an expired certificate CertificateCreationSettings certificateCreationSettings = new CertificateCreationSettings() { FriendlyName = "WCF Bridge - TcpExpiredServerCertResource", ValidityType = CertificateValidityType.Expired, ValidityNotBefore = DateTime.UtcNow - TimeSpan.FromDays(4), ValidityNotAfter = DateTime.UtcNow - TimeSpan.FromDays(2), //If you specify multiple subjects, the first one becomes the subject, and all of them become Subject Alt Names. //In this case, the certificate subject is CN=fqdn, OU=..., O=... , and SANs will be fqdn, hostname, localhost //We do this so that a single bridge setup can deal with all the possible addresses that a client might use. //If we don't put "localhost' here, a long-running bridge will not be able to receive requests from both fqdn and localhost //because the certs won't match. Subject = s_fqdn, SubjectAlternativeNames = new string[] { s_fqdn, s_hostname, "localhost" } }; X509Certificate2 cert = CertificateResourceHelpers.EnsureCustomCertificateInstalled(context.BridgeConfiguration, certificateCreationSettings, Address); serviceHost.Credentials.ServiceCertificate.SetCertificate(StoreLocation.LocalMachine, StoreName.My, X509FindType.FindByThumbprint, cert.Thumbprint); }
public static object DynamicInvokePut(resource resource) { if (String.IsNullOrEmpty(resource.name)) { throw new ArgumentNullException("resource.name"); } AppDomain appDomain; if (!TypeCache.AppDomains.TryGetValue(ConfigController.CurrentAppDomainName, out appDomain)) { throw new ArgumentException("Resource not found"); } Type loaderType = typeof(AssemblyLoader); var loader = (AssemblyLoader)appDomain.CreateInstanceFromAndUnwrap( loaderType.Assembly.Location, loaderType.FullName); ResourceRequestContext context = new ResourceRequestContext { BridgeConfiguration = ConfigController.BridgeConfiguration }; return loader.IResourceCall(resource.name, "Put", new object[] { context }); }
public object Put(ResourceRequestContext context) { if (s_currentHost == null) { lock (s_currentHostLock) { if (s_currentHost == null) { s_currentHost = new ServiceHost( typeof(WcfUserNameService), new Uri(string.Format("{0}://localhost:{1}/{2}/enf-base", BaseAddressResource.Http, BaseAddressResource.HttpPort, AppDomain.CurrentDomain.FriendlyName)) ); s_currentHost.AddServiceEndpoint( typeof(IWcfCustomUserNameService), new BasicHttpBinding(), Address); ModifyBehaviors(s_currentHost.Description); s_currentHost.Open(); } } } return s_currentHost.BaseAddresses[0].AbsoluteUri.ToString(); }
public object Put(ResourceRequestContext context) { if (s_currentHost == null) { lock (s_currentHostLock) { if (s_currentHost == null) { s_currentHost = new ServiceHost( typeof(WcfUserNameService), new Uri(string.Format("{0}://localhost:{1}/{2}/CustomUserName", BaseAddressResource.Https, BaseAddressResource.HttpsPort, AppDomain.CurrentDomain.FriendlyName)) ); s_currentHost.AddServiceEndpoint( typeof(IWcfCustomUserNameService), GetBinding(), Address); ModifyBehaviors(s_currentHost.Description); s_currentHost.Open(); } } } return s_currentHost.Description.Endpoints.Count != 1 ? null : s_currentHost.Description.Endpoints[0].ListenUri.ToString(); }
internal static void ResetCertificateGenerator(ResourceRequestContext context) { var config = context.BridgeConfiguration; if (s_certificateGenerator == null) { lock (s_certificateHelperLock) { if (s_certificateGenerator == null) { s_certificateGenerator = new CertificateGenerator() { CertificatePassword = config.BridgeCertificatePassword, CrlUriBridgeHost = string.Format("http://{0}:{1}", config.BridgeHost, config.BridgePort), CrlUriRelativePath = s_crlUriRelativePath, ValidityPeriod = config.BridgeCertificateValidityPeriod }; // Upon creation, we want to immediately get the authority certificate and install it // as it means we are about to run a test requiring certs CertificateManager.InstallCertificateToRootStore(s_certificateGenerator.AuthorityCertificate.Certificate); } } } }
// A bit of a misnomer - you can't really "put" a cert here, and Get will always return you the cert anyway public override ResourceResponse Put(ResourceRequestContext context) { X509Certificate2 certificate = CertificateResourceHelpers.GetCertificateGeneratorInstance(context.BridgeConfiguration).AuthorityCertificate.Certificate; ResourceResponse response = new ResourceResponse(); response.Properties.Add(thumbprintKeyName, certificate.Thumbprint); return response; }
protected override void ModifyHost(ServiceHost serviceHost, ResourceRequestContext context) { // Ensure the https certificate is installed before this endpoint resource is used string thumbprint = CertificateResourceHelpers.EnsureSslPortCertificateInstalled(context.BridgeConfiguration); serviceHost.Credentials.ServiceCertificate.SetCertificate(StoreLocation.LocalMachine, StoreName.My, X509FindType.FindByThumbprint, thumbprint); }
// Requests a certificate to be generated by the Bridge // If the certificate requested is for the local machine, for example if // server hostname is: foo.bar.com // local address is considered to be: 127.0.0.1, localhost, foo, foo.bar.com // Then we also install the certificate to the local machine, because it means we are about to run an HTTPS/SSL test against // this machine. // Otherwise, don't bother installing as the cert is for a remote machine. public override ResourceResponse Put(ResourceRequestContext context) { X509Certificate2 certificate; string subject; if (!context.Properties.TryGetValue(subjectKeyName, out subject) || string.IsNullOrWhiteSpace(subject)) { throw new ArgumentException("When PUTting to this resource, specify an non-empty 'subject'", "context.Properties"); } // There can be multiple subjects, separated by , string[] subjects = subject.Split(','); bool isLocal = IsLocalMachineResource(subjects[0]); lock (s_certificateResourceLock) { if (!s_createdCertsBySubject.TryGetValue(subjects[0], out certificate)) { CertificateGenerator generator = CertificateResourceHelpers.GetCertificateGeneratorInstance(context.BridgeConfiguration); if (isLocal) { // If we're PUTting a cert that refers to a hostname local to the bridge, // return the Local Machine cert that CertificateManager caches and add it to the collection // // If we are receiving a PUT to the same endpoint address as the bridge server, it means that // a test is going to be run on this box // // In keeping with the semantic of these classes, we must PUT before we can GET a cert certificate = CertificateManager.CreateAndInstallLocalMachineCertificates(generator); } else { CertificateCreationSettings certificateCreationSettings = new CertificateCreationSettings() { Subjects = subjects, }; certificate = generator.CreateMachineCertificate(certificateCreationSettings).Certificate; } X509Certificate2 dummy; if (!isLocal || !s_createdCertsByThumbprint.TryGetValue(certificate.Thumbprint, out dummy)) { // when isLocal, it's possible for there to be > 1 subject sharing the same thumbprint // in this case, we only cache the first isLocal subject, the rest we don't cache s_createdCertsBySubject.Add(subjects[0], certificate); s_createdCertsByThumbprint.Add(certificate.Thumbprint, certificate); } } } ResourceResponse response = new ResourceResponse(); response.Properties.Add(thumbprintKeyName, certificate.Thumbprint); response.Properties.Add(isLocalKeyName, isLocal.ToString()); return response; }
public override ResourceResponse Get(ResourceRequestContext context) { var certGenerator = CertificateResourceHelpers.GetCertificateGeneratorInstance(context.BridgeConfiguration); lock (s_certificateResourceLock) { ResourceResponse response = new ResourceResponse(); response.RawResponse = certGenerator.CrlEncoded; return response; } }
protected override void ModifyHost(ServiceHost serviceHost, ResourceRequestContext context) { // Ensure the https certificate is installed before this endpoint resource is used string thumbprint = CertificateResourceHelpers.EnsureSslPortCertificateInstalled(context.BridgeConfiguration); serviceHost.Credentials.ClientCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.Custom; serviceHost.Credentials.ClientCertificate.Authentication.CustomCertificateValidator = new MyX509CertificateValidator("DO_NOT_TRUST_WcfBridgeRootCA"); serviceHost.Credentials.ServiceCertificate.SetCertificate(StoreLocation.LocalMachine, StoreName.My, X509FindType.FindByThumbprint, thumbprint); }
protected override void ModifyHost(ServiceHost serviceHost, ResourceRequestContext context) { // Ensure the https certificate is installed before this endpoint resource is used CertificateManager.InstallMyCertificate(context.BridgeConfiguration, context.BridgeConfiguration.BridgeHttpsCertificate); string certThumbprint = HttpsResource.EnsureHttpsCertificateInstalled(context.BridgeConfiguration); serviceHost.Credentials.ServiceCertificate.SetCertificate(StoreLocation.LocalMachine, StoreName.My, X509FindType.FindByThumbprint, certThumbprint); }
public object Get(ResourceRequestContext context) { var http = GetHttpProtocol(context) + AppDomain.CurrentDomain.FriendlyName; var https = GetHttpsProtocol(context) + AppDomain.CurrentDomain.FriendlyName; var tcp = GetTcpProtocol(context) + AppDomain.CurrentDomain.FriendlyName; return new Dictionary<string, string>() { { "HttpServerBaseAddress", GetHttpProtocol(context) }, { "HttpBaseAddress", http }, { "HttpsBaseAddress", https }, { "HttpsBasicBaseAddress", https }, { "HttpsDigestBaseAddress", https }, { "HttpsNtlmBaseAddress", https }, { "HttpsWindowsBaseAddress", https }, { "TcpBaseAddress", tcp } }; }
protected override void ModifyHost(ServiceHost serviceHost, ResourceRequestContext context) { // Ensure the service certificate is installed before this endpoint resource is used //Create a certificate and add to the revocation list CertificateCreationSettings certificateCreationSettings = new CertificateCreationSettings() { IsValidCert = false, Subjects = new string[] { s_fqdn, s_hostname, "localhost" } }; X509Certificate2 cert = CertificateResourceHelpers.EnsureRevokedCertificateInstalled(context.BridgeConfiguration, certificateCreationSettings, Address); CertificateManager.RevokeCertificate(CertificateResourceHelpers.GetCertificateGeneratorInstance(context.BridgeConfiguration), cert.SerialNumber); serviceHost.Credentials.ServiceCertificate.SetCertificate(StoreLocation.LocalMachine, StoreName.My, X509FindType.FindByThumbprint, cert.Thumbprint); }
protected override void ModifyHost(ServiceHost serviceHost, ResourceRequestContext context) { // Ensure the service certificate is installed before this endpoint resource is used //Create a certificate and add to the revocation list CertificateCreationSettings certificateCreationSettings = new CertificateCreationSettings() { FriendlyName = "WCF Bridge - TcpRevokedServerCertResource", ValidityType = CertificateValidityType.Revoked, Subject = s_fqdn, SubjectAlternativeNames = new string[] { s_fqdn, s_hostname, "localhost" } }; X509Certificate2 cert = CertificateResourceHelpers.EnsureCustomCertificateInstalled(context.BridgeConfiguration, certificateCreationSettings, Address); serviceHost.Credentials.ServiceCertificate.SetCertificate(StoreLocation.LocalMachine, StoreName.My, X509FindType.FindByThumbprint, cert.Thumbprint); }
// Requests a certificate to be generated by the Bridge based on a user name and not machine name public override ResourceResponse Put(ResourceRequestContext context) { X509Certificate2 certificate; string subject; if (!context.Properties.TryGetValue(subjectKeyName, out subject) || string.IsNullOrWhiteSpace(subject)) { throw new ArgumentException("When PUTting to this resource, specify an non-empty 'subject'", "context.Properties"); } // There can be multiple subjects, separated by , string[] subjects = subject.Split(','); lock (s_certificateResourceLock) { if (!s_createdCertsBySubject.TryGetValue(subjects[0], out certificate)) { CertificateGenerator generator = CertificateResourceHelpers.GetCertificateGeneratorInstance(context.BridgeConfiguration); CertificateCreationSettings certificateCreationSettings = new CertificateCreationSettings() { FriendlyName = "WCF Bridge - UserCertificateResource", Subject = subjects[0], SubjectAlternativeNames = subjects }; certificate = generator.CreateUserCertificate(certificateCreationSettings).Certificate; // Cache the certificates s_createdCertsBySubject.Add(subjects[0], certificate); s_createdCertsByThumbprint.Add(certificate.Thumbprint, certificate); // Created certs get put onto the local machine // We ideally don't want this to happen, but until we find a way to have BridgeClient not need elevation for cert installs // we need this to happen so that running locally doesn't require elevation as it messes up our CI and developer builds CertificateManager.InstallCertificateToMyStore(certificate); } } ResourceResponse response = new ResourceResponse(); response.Properties.Add(thumbprintKeyName, certificate.Thumbprint); return response; }
protected override void ModifyHost(ServiceHost serviceHost, ResourceRequestContext context) { // Ensure the service certificate is installed before this endpoint resource is used // Exactly one subject name, which is going to be the CN CertificateCreationSettings certificateCreationSettings = new CertificateCreationSettings() { FriendlyName = "WCF Bridge - TcpCertificateWithSubjectCanonicalNameLocalhostResource", Subject = "localhost", SubjectAlternativeNames = new string[0], ValidityType = CertificateValidityType.NonAuthoritativeForMachine }; X509Certificate2 cert = CertificateResourceHelpers.EnsureCustomCertificateInstalled(context.BridgeConfiguration, certificateCreationSettings, Address); serviceHost.Credentials.ServiceCertificate.SetCertificate(StoreLocation.LocalMachine, StoreName.My, X509FindType.FindByThumbprint, cert.Thumbprint); }
protected override void ModifyHost(ServiceHost serviceHost, ResourceRequestContext context) { // Ensure the service certificate is installed before this endpoint resource is used // CN=not-real-subject-name means that a cert for "not-real-subject-name" will be installed // Per #422 this shouldn't matter as we now check with SAN CertificateCreationSettings certificateCreationSettings = new CertificateCreationSettings() { FriendlyName = "WCF Bridge - TcpCertificateWithServerAltNameResource", Subject = "not-real-subject-name", SubjectAlternativeNames = new string[] { "not-real-subject-name", "not-real-subject-name.example.com", s_fqdn, s_hostname, "localhost" } }; X509Certificate2 cert = CertificateResourceHelpers.EnsureCustomCertificateInstalled(context.BridgeConfiguration, certificateCreationSettings, Address); serviceHost.Credentials.ServiceCertificate.SetCertificate(StoreLocation.LocalMachine, StoreName.My, X509FindType.FindByThumbprint, cert.Thumbprint); }
public override ResourceResponse Get(ResourceRequestContext context) { X509Certificate2 certificate = CertificateResourceHelpers.GetCertificateGeneratorInstance(context.BridgeConfiguration).AuthorityCertificate.Certificate; string exportAsPemString = string.Empty; bool exportAsPem; ResourceResponse response = new ResourceResponse(); if (context.Properties.TryGetValue(exportAsPemKeyName, out exportAsPemString) && bool.TryParse(exportAsPemString, out exportAsPem) && exportAsPem) { response.RawResponse = Encoding.ASCII.GetBytes(GetCertificateAsPem(certificate)); } else { response.Properties.Add(thumbprintKeyName, certificate.Thumbprint); response.Properties.Add(certificateKeyName, Convert.ToBase64String(certificate.RawData)); } return response; }
public override ResourceResponse Put(ResourceRequestContext context) { var certGenerator = CertificateResourceHelpers.GetCertificateGeneratorInstance(context.BridgeConfiguration); string serialNumber; lock (s_certificateResourceLock) { if (context.Properties.TryGetValue(revokeSerialNumberKeyName, out serialNumber) && !string.IsNullOrWhiteSpace(serialNumber)) { certGenerator.RevokeCertificateBySerialNumber(serialNumber); } ResourceResponse response = new ResourceResponse(); response.Properties.Add(crlUriKeyName, certGenerator.CrlUri); response.Properties.Add( revokedCertificatesKeyName, string.Join<string>(",", certGenerator.RevokedCertificates)); return response; } }
public static ResourceResponse DynamicInvokeGet(string resourceName, Dictionary<string, string> properties) { if (String.IsNullOrWhiteSpace(resourceName)) { throw new ArgumentNullException("resourceName"); } // Disallow concurrent resource instantation or configuration changes lock (ConfigController.ConfigLock) { AssemblyLoader loader = GetLoaderFromAppDomain(); ResourceRequestContext context = new ResourceRequestContext { BridgeConfiguration = ConfigController.BridgeConfiguration, ResourceName = resourceName, Properties = properties }; object result = loader.IResourceCall(resourceName, "Get", new object[] { context }); return (ResourceResponse)result; } }
public static string GetHttpsProtocol(ResourceRequestContext context) { return string.Format("https://{0}:{1}/", context.BridgeConfiguration.BridgeHost, context.BridgeConfiguration.BridgeHttpsPort); }
protected override void ModifyHost(ServiceHost serviceHost, ResourceRequestContext context) { AuthenticationResourceHelper.ConfigureServiceHostUseDigestAuth(serviceHost); base.ModifyHost(serviceHost, context); }
public ResourceResponse Put(ResourceRequestContext context) { throw new NotImplementedException("Cannot PUT on this resource"); }
protected override string GetHost(ResourceRequestContext context) { return Environment.MachineName; }
public abstract override ResourceResponse Put(ResourceRequestContext context);
public override ResourceResponse Get(ResourceRequestContext context) { string thumbprint; bool thumbprintPresent = context.Properties.TryGetValue(thumbprintKeyName, out thumbprint) && !string.IsNullOrWhiteSpace(thumbprint); string subject; bool subjectPresent = context.Properties.TryGetValue(subjectKeyName, out subject) && !string.IsNullOrWhiteSpace(subject); ResourceResponse response = new ResourceResponse(); // if no subject and no thumbprint parameter provided, provide a list of certs already PUT to this resource if (!thumbprintPresent && !subjectPresent) { string retVal = string.Empty; string[] subjects; string[] thumbprints; lock (s_certificateResourceLock) { int certNum = s_createdCertsBySubject.Count; subjects = new string[certNum]; thumbprints = new string[certNum]; foreach (var keyVal in s_createdCertsBySubject) { --certNum; subjects[certNum] = keyVal.Key; thumbprints[certNum] = keyVal.Value.Thumbprint; } } // this isn't ideal, as semantically in JSON they aren't grouped together. Our current Json serializer implementation // doesn't support serializing nested key-val pairs response.Properties.Add(subjectsKeyName, string.Join(",", subjects)); response.Properties.Add(thumbprintsKeyName, string.Join(",", thumbprints)); return response; } else { // Otherwise, check on the creation state given the certificate thumbprint or subject // thumbprint is given priority if present X509Certificate2 certificate = null; bool certHasBeenCreated = false; lock (s_certificateResourceLock) { if (thumbprintPresent) { certHasBeenCreated = s_createdCertsByThumbprint.TryGetValue(thumbprint, out certificate); } else if (subjectPresent) { certHasBeenCreated = s_createdCertsBySubject.TryGetValue(subject, out certificate); } } if (certHasBeenCreated) { var certGenerator = CertificateResourceHelpers.GetCertificateGeneratorInstance(context.BridgeConfiguration); response.Properties.Add(thumbprintKeyName, certificate.Thumbprint); response.Properties.Add(certificateKeyName, Convert.ToBase64String(certificate.Export(X509ContentType.Pfx, certGenerator.CertificatePassword))); } else { response.Properties.Add(thumbprintKeyName, string.Empty); response.Properties.Add(certificateKeyName, string.Empty); } return response; } }
public static string GetTcpProtocol(ResourceRequestContext context) { return string.Format("net.tcp://{0}:{1}/", context.BridgeConfiguration.BridgeHost, context.BridgeConfiguration.BridgeTcpPort); }