public async Task TestSslTermination()
{
ILoadBalancerService provider = CreateProvider();
using (CancellationTokenSource cancellationTokenSource = new CancellationTokenSource(TestTimeout(TimeSpan.FromSeconds(240))))
{
IEnumerable<LoadBalancingProtocol> protocols = await provider.ListProtocolsAsync(cancellationTokenSource.Token);
LoadBalancingProtocol httpProtocol = protocols.First(i => i.Name.Equals("HTTP", StringComparison.OrdinalIgnoreCase));
string loadBalancerName = CreateRandomLoadBalancerName();
LoadBalancerConfiguration configuration = new LoadBalancerConfiguration(
name: loadBalancerName,
nodes: null,
protocol: httpProtocol,
virtualAddresses: new[] { new LoadBalancerVirtualAddress(LoadBalancerVirtualAddressType.ServiceNet) },
algorithm: LoadBalancingAlgorithm.RoundRobin);
LoadBalancer tempLoadBalancer = await provider.CreateLoadBalancerAsync(configuration, AsyncCompletionOption.RequestCompleted, cancellationTokenSource.Token, null);
string privateKey;
string certificate;
CngKeyCreationParameters keyParams = new CngKeyCreationParameters();
keyParams.ExportPolicy = CngExportPolicies.AllowExport | CngExportPolicies.AllowPlaintextExport;
keyParams.KeyUsage = CngKeyUsages.AllUsages;
keyParams.Provider = CngProvider.MicrosoftSoftwareKeyStorageProvider;
using (CngKey key = CngKey.Create(CngAlgorithm2.Rsa, Guid.NewGuid().ToString(), keyParams))
{
byte[] exported = key.Export(CngKeyBlobFormat.Pkcs8PrivateBlob);
StringBuilder formatted = new StringBuilder();
formatted.AppendLine("-----BEGIN RSA PRIVATE KEY-----");
formatted.AppendLine(Convert.ToBase64String(exported, Base64FormattingOptions.InsertLineBreaks));
formatted.Append("-----END RSA PRIVATE KEY-----");
Console.WriteLine(formatted.ToString());
privateKey = formatted.ToString();
X509CertificateCreationParameters certParams = new X509CertificateCreationParameters(new X500DistinguishedName(string.Format("CN={0}, OU=Integration Testing, O=openstacknetsdk, L=San Antonio, S=Texas, C=US", loadBalancerName)));
certParams.SignatureAlgorithm = X509CertificateSignatureAlgorithm.RsaSha1;
certParams.StartTime = DateTime.Now;
certParams.EndTime = DateTime.Now.AddYears(10);
certParams.TakeOwnershipOfKey = true;
X509Certificate signed = key.CreateSelfSignedCertificate(certParams);
exported = signed.Export(X509ContentType.Cert);
formatted = new StringBuilder();
formatted.AppendLine("-----BEGIN CERTIFICATE-----");
formatted.AppendLine(Convert.ToBase64String(exported, Base64FormattingOptions.InsertLineBreaks));
formatted.Append("-----END CERTIFICATE-----");
Console.WriteLine(formatted.ToString());
certificate = formatted.ToString();
}
string intermediateCertificate = null;
LoadBalancerSslConfiguration sslConfiguration = new LoadBalancerSslConfiguration(true, false, 443, privateKey, certificate, intermediateCertificate);
await provider.UpdateSslConfigurationAsync(tempLoadBalancer.Id, sslConfiguration, AsyncCompletionOption.RequestCompleted, cancellationTokenSource.Token, null);
LoadBalancerSslConfiguration updatedConfiguration = new LoadBalancerSslConfiguration(true, true, 443);
await provider.UpdateSslConfigurationAsync(tempLoadBalancer.Id, updatedConfiguration, AsyncCompletionOption.RequestCompleted, cancellationTokenSource.Token, null);
await provider.RemoveSslConfigurationAsync(tempLoadBalancer.Id, AsyncCompletionOption.RequestCompleted, cancellationTokenSource.Token, null);
/* Cleanup
*/
await provider.RemoveLoadBalancerAsync(tempLoadBalancer.Id, AsyncCompletionOption.RequestCompleted, cancellationTokenSource.Token, null);
}
}
public static void UpdateSslConfiguration(this ILoadBalancerService service, LoadBalancerId loadBalancerId, LoadBalancerSslConfiguration configuration)
{
if (service == null)
throw new ArgumentNullException("service");
try
{
service.UpdateSslConfigurationAsync(loadBalancerId, configuration, AsyncCompletionOption.RequestSubmitted, CancellationToken.None, null).Wait();
}
catch (AggregateException ex)
{
ReadOnlyCollection<Exception> innerExceptions = ex.Flatten().InnerExceptions;
if (innerExceptions.Count == 1)
throw innerExceptions[0];
throw;
}
}
