public Task StartAsync(CancellationToken cancellationToken)
{
if (_httpListener.IsListening)
{
throw new InvalidOperationException("The listener is already active");
}
var listenerUri = ListenerUris[0];
var prefix = listenerUri.ToString();
prefix = prefix
.Replace($"{UriSchemeWebSocket}:", $"{Uri.UriSchemeHttp}:")
.Replace($"{UriSchemeWebSocketSecure}:", $"{Uri.UriSchemeHttps}:")
.Replace("://localhost", "://*");
_httpListener.Prefixes.Add(prefix);
if (_bindCertificateToPort &&
_tlsCertificate != null &&
listenerUri.Scheme.Equals(UriSchemeWebSocketSecure))
{
var ipPort = new IPEndPoint(IPAddress.Parse("0.0.0.0"), listenerUri.Port);
var config = new CertificateBindingConfiguration();
config.Bind(
new CertificateBinding(
_tlsCertificate.Thumbprint, _tlsCertificate.Store, ipPort, _applicationId));
}
_httpListener.Start();
_acceptTransportCts?.Dispose();
_acceptTransportCts = new CancellationTokenSource();
_acceptTransportTask = Task.Run(AcceptTransportsAsync);
return(Task.CompletedTask);
}
public static void NetshAddSslCert(string certificateHash, ushort port)
{
NetshDeleteSslCert(port);
var store = new X509Store(StoreName.My, StoreLocation.LocalMachine);
store.Open(OpenFlags.ReadOnly);
var cert = store
.Certificates
.Cast <X509Certificate2>()
.FirstOrDefault(x => x.GetCertHashString().Equals(certificateHash));
if (cert == null)
{
throw new Exception(string.Format("Cannot found certificate [{0}]", certificateHash));
}
var appid = ((GuidAttribute)Assembly.GetExecutingAssembly().GetCustomAttributes(typeof(GuidAttribute), true)[0]).Value;
var certificateBindingConfiguration = new CertificateBindingConfiguration();
certificateBindingConfiguration.Bind(
new CertificateBinding(
certificateHash,
StoreName.My,
new IPEndPoint(new IPAddress(new byte[] { 0, 0, 0, 0 }), port),
Guid.Parse(appid))
);
}
private static void Bind(string[] args, CertificateBindingConfiguration configuration)
{
var endPoint = ParseIpEndPoint(args[3]);
var updated = configuration.Bind(new CertificateBinding(args[1], args[2], endPoint, Guid.Parse(args[4])));
Console.WriteLine(updated ? "The binding record has been successfully updated." : "The binding record has been successfully added.");
}
public void AddWithDefaultOptions()
{
var ipPort = GetEndpointWithFreeRandomPort();
var appId = Guid.NewGuid();
var configuration = new CertificateBindingConfiguration();
var updated = configuration.Bind(new CertificateBinding(_testingCertThumbprint, StoreName.My, ipPort, appId));
Assert.IsFalse(updated);
var result = CertConfigCmd.Show(ipPort);
Assert.IsTrue(result.IsSuccessfull);
var expectedOutput = string.Format(
@" IP:port : {0}
Certificate Hash : {1}
Application ID : {2}
Certificate Store Name : My
Verify Client Certificate Revocation : Enabled
Verify Revocation Using Cached Client Certificate Only : Disabled
Usage Check : Enabled
Revocation Freshness Time : 0
URL Retrieval Timeout : 0
Ctl Identifier : (null)
Ctl Store Name : (null)
DS Mapper Usage : Disabled
Negotiate Client Certificate : Disabled
"
, ipPort, _testingCertThumbprint, appId.ToString("B"));
Assert.IsTrue(result.Output.ToLowerInvariant().Contains(expectedOutput.ToLowerInvariant()));
}
public void UpdateCertificateBinding(string thumbprint, int httpsPort, List <Action> rollbackActions)
{
CertificateBindingConfiguration bindingConfiguration = new CertificateBindingConfiguration();
CertificateBinding originalBinding = this.GetCertificateBinding(bindingConfiguration);
if (originalBinding != null)
{
bindingConfiguration.Delete(originalBinding.IpPort);
rollbackActions.Add(() => bindingConfiguration.Bind(originalBinding));
}
CertificateBinding binding = new CertificateBinding(thumbprint, "My", new IPEndPoint(IPAddress.Parse("0.0.0.0"), httpsPort), HttpSysHostingOptions.AppId, new BindingOptions());
bindingConfiguration.Bind(binding);
rollbackActions.Add(() => bindingConfiguration.Delete(binding.IpPort));
this.registryProvider.CertBinding = binding.IpPort.ToString();
rollbackActions.Add(() => this.registryProvider.CertBinding = originalBinding?.IpPort?.ToString());
}
public void Update()
{
var ipPort = GetEndpointWithFreeRandomPort();
var appId = Guid.NewGuid();
CertConfigCmd.Add(new CertConfigCmd.Options {
ipport = ipPort,
certhash = _testingCertThumbprint,
appid = appId,
certstorename = StoreName.AuthRoot.ToString(),
});
var configuration = new CertificateBindingConfiguration();
var binding = new CertificateBinding(_testingCertThumbprint, StoreName.My, ipPort, appId, new BindingOptions {
DoNotPassRequestsToRawFilters = true,
DoNotVerifyCertificateRevocation = true,
EnableRevocationFreshnessTime = true,
NegotiateCertificate = true,
NoUsageCheck = true,
RevocationFreshnessTime = TimeSpan.FromMinutes(1),
RevocationUrlRetrievalTimeout = TimeSpan.FromSeconds(5),
UseDsMappers = true,
VerifyRevocationWithCachedCertificateOnly = true,
});
var updated = configuration.Bind(binding);
Assert.IsTrue(updated);
var result = CertConfigCmd.Show(ipPort);
Assert.IsTrue(result.IsSuccessfull);
var expectedOutput = string.Format(
@" IP:port : {0}
Certificate Hash : {1}
Application ID : {2}
Certificate Store Name : My
Verify Client Certificate Revocation : Disabled
Verify Revocation Using Cached Client Certificate Only : Enabled
Usage Check : Disabled
Revocation Freshness Time : 60
URL Retrieval Timeout : 5000
Ctl Identifier : (null)
Ctl Store Name : (null)
DS Mapper Usage : Enabled
Negotiate Client Certificate : Enabled
"
, ipPort, _testingCertThumbprint, appId.ToString("B"));
Assert.IsTrue(result.Output.ToLowerInvariant().Contains(expectedOutput.ToLowerInvariant()));
}
/// <summary>
/// 将指定的SSL证书绑定到指定的端口,并与应用程序关联
/// </summary>
/// <param name="httpsPort"></param>
/// <param name="sslCert"></param>
/// <param name="appId"></param>
public static void BindCertToIP(int httpsPort, X509Certificate2 sslCert, Guid appId)
{
if (sslCert == null)
{
throw new ArgumentNullException(nameof(sslCert));
}
// netsh http add sslcert ipport=0.0.0.0:53963 appid={A24092A5-F73D-4033-9F40-1BF9004A41A1} certhash=DF51794312354DE531D8B2E6414864F433A2769B
// netsh http add sslcert hostnameport=www.fish-test.com:53963 appid={A24092A5-F73D-4033-9F40-1BF9004A41A1} certhash=DC4C95714651C086D325FF481F4E217A5C431A74 certstorename=MY
var configuration = new CertificateBindingConfiguration();
IPEndPoint sslPort = new IPEndPoint(IPAddress.Any, httpsPort);
CertificateBinding binding = new CertificateBinding(sslCert.Thumbprint, StoreName.My, sslPort, appId);
configuration.Bind(binding);
}
public void Update() {
var ipPort = GetEndpointWithFreeRandomPort();
var appId = Guid.NewGuid();
CertConfigCmd.Add(new CertConfigCmd.Options {
ipport = ipPort,
certhash = _testingCertThumbprint,
appid = appId,
certstorename = StoreName.AuthRoot.ToString(),
});
var configuration = new CertificateBindingConfiguration();
var binding = new CertificateBinding(_testingCertThumbprint, StoreName.My, ipPort, appId, new BindingOptions {
DoNotPassRequestsToRawFilters = true,
DoNotVerifyCertificateRevocation = true,
EnableRevocationFreshnessTime = true,
NegotiateCertificate = true,
NoUsageCheck = true,
RevocationFreshnessTime = TimeSpan.FromMinutes(1),
RevocationUrlRetrievalTimeout = TimeSpan.FromSeconds(5),
UseDsMappers = true,
VerifyRevocationWithCachedCertificateOnly = true,
});
var updated = configuration.Bind(binding);
Assert.IsTrue(updated);
var result = CertConfigCmd.Show(ipPort);
Assert.IsTrue(result.IsSuccessfull);
var expectedOutput = string.Format(
@" IP:port : {0}
Certificate Hash : {1}
Application ID : {2}
Certificate Store Name : My
Verify Client Certificate Revocation : Disabled
Verify Revocation Using Cached Client Certificate Only : Enabled
Usage Check : Disabled
Revocation Freshness Time : 60
URL Retrieval Timeout : 5000
Ctl Identifier : (null)
Ctl Store Name : (null)
DS Mapper Usage : Enabled
Negotiate Client Certificate : Enabled
"
, ipPort, _testingCertThumbprint, appId.ToString("B"));
Assert.IsTrue(result.Output.ToLowerInvariant().Contains(expectedOutput.ToLowerInvariant()));
}
public void AddWithDefaultOptions() {
var ipPort = GetEndpointWithFreeRandomPort();
var appId = Guid.NewGuid();
var configuration = new CertificateBindingConfiguration();
var updated = configuration.Bind(new CertificateBinding(_testingCertThumbprint, StoreName.My, ipPort, appId));
Assert.IsFalse(updated);
var result = CertConfigCmd.Show(ipPort);
Assert.IsTrue(result.IsSuccessfull);
var expectedOutput = string.Format(
@" IP:port : {0}
Certificate Hash : {1}
Application ID : {2}
Certificate Store Name : My
Verify Client Certificate Revocation : Enabled
Verify Revocation Using Cached Client Certificate Only : Disabled
Usage Check : Enabled
Revocation Freshness Time : 0
URL Retrieval Timeout : 0
Ctl Identifier : (null)
Ctl Store Name : (null)
DS Mapper Usage : Disabled
Negotiate Client Certificate : Disabled
"
, ipPort, _testingCertThumbprint, appId.ToString("B"));
Assert.IsTrue(result.Output.ToLowerInvariant().Contains(expectedOutput.ToLowerInvariant()));
}
private static void Bind(string[] args, CertificateBindingConfiguration configuration){
var endPoint = ParseIpEndPoint(args[3]);
var updated = configuration.Bind(new CertificateBinding(args[1], args[2], endPoint, Guid.Parse(args[4])));
Console.WriteLine(updated ? "The binding record has been successfully updated." : "The binding record has been successfully added.");
}