public void QueryOne() {
var ipPort = GetEndpointWithFreeRandomPort();
var appId = Guid.NewGuid();
CertConfigCmd.Add(new CertConfigCmd.Options {
ipport = ipPort,
certhash = _testingCertThumbprint,
appid = appId,
certstorename = null,
});
var config = new CertificateBindingConfiguration();
var bindingsByIpPort = config.Query(ipPort);
Assert.AreEqual(1, bindingsByIpPort.Length);
var binding = bindingsByIpPort[0];
Assert.AreEqual(appId, binding.AppId);
Assert.AreEqual(ipPort, binding.IpPort);
Assert.AreEqual("MY", binding.StoreName);
Assert.AreEqual(_testingCertThumbprint, binding.Thumbprint);
Assert.AreEqual(false, binding.Options.DoNotPassRequestsToRawFilters);
Assert.AreEqual(false, binding.Options.DoNotVerifyCertificateRevocation);
Assert.AreEqual(false, binding.Options.EnableRevocationFreshnessTime);
Assert.AreEqual(false, binding.Options.NegotiateCertificate);
Assert.AreEqual(false, binding.Options.NoUsageCheck);
Assert.AreEqual(TimeSpan.Zero, binding.Options.RevocationFreshnessTime);
Assert.AreEqual(TimeSpan.Zero, binding.Options.RevocationUrlRetrievalTimeout);
Assert.AreEqual(null, binding.Options.SslCtlIdentifier);
Assert.AreEqual(null, binding.Options.SslCtlStoreName);
Assert.AreEqual(false, binding.Options.UseDsMappers);
Assert.AreEqual(false, binding.Options.VerifyRevocationWithCachedCertificateOnly);
}
public void QueryOne()
{
var ipPort = GetEndpointWithFreeRandomPort();
var appId = Guid.NewGuid();
CertConfigCmd.Add(new CertConfigCmd.Options {
ipport = ipPort,
certhash = _testingCertThumbprint,
appid = appId,
certstorename = null,
});
var config = new CertificateBindingConfiguration();
var bindingsByIpPort = config.Query(ipPort);
Assert.AreEqual(1, bindingsByIpPort.Length);
var binding = bindingsByIpPort[0];
Assert.AreEqual(appId, binding.AppId);
Assert.AreEqual(ipPort, binding.IpPort);
Assert.AreEqual("MY", binding.StoreName);
Assert.AreEqual(_testingCertThumbprint, binding.Thumbprint);
Assert.AreEqual(false, binding.Options.DoNotPassRequestsToRawFilters);
Assert.AreEqual(false, binding.Options.DoNotVerifyCertificateRevocation);
Assert.AreEqual(false, binding.Options.EnableRevocationFreshnessTime);
Assert.AreEqual(false, binding.Options.NegotiateCertificate);
Assert.AreEqual(false, binding.Options.NoUsageCheck);
Assert.AreEqual(TimeSpan.Zero, binding.Options.RevocationFreshnessTime);
Assert.AreEqual(TimeSpan.Zero, binding.Options.RevocationUrlRetrievalTimeout);
Assert.AreEqual(null, binding.Options.SslCtlIdentifier);
Assert.AreEqual(null, binding.Options.SslCtlStoreName);
Assert.AreEqual(false, binding.Options.UseDsMappers);
Assert.AreEqual(false, binding.Options.VerifyRevocationWithCachedCertificateOnly);
}
// 测试命令行
// netsh http show sslcert ipport=0.0.0.0:53963
// netsh http add sslcert ipport=0.0.0.0:53963 appid={51D241DB-BFFB-4674-8E9E-D6428CF6539D} certhash=A553937A733BDD9B3A4663C6497484D0C17ECDF4
// netsh http show sslcert ipport=0.0.0.0:53963
// netsh http delete sslcert ipport = 0.0.0.0:53963
/// <summary>
/// 判断指定的端口是否存在HTTPS的绑定。
/// 注意:在WindowsXP中,如果是非管理员,没有查询SSL相关的权限
/// </summary>
/// <param name="httpsPort"></param>
/// <returns></returns>
public static bool BindIsExist(int httpsPort)
{
var configuration = new CertificateBindingConfiguration();
IPEndPoint sslPort = new IPEndPoint(IPAddress.Any, httpsPort);
var certificateBindings = configuration.Query(sslPort);
return(certificateBindings.Length > 0);
}
private List <CertificateBinding> GetCertificateBindings()
{
CertificateBindingConfiguration config = new CertificateBindingConfiguration();
CertificateBinding[] results = config.Query();
return(results.ToList());
}
private CertificateBinding GetCertificateBinding(CertificateBindingConfiguration config)
{
foreach (CertificateBinding binding in config.Query())
{
if (binding.AppId == HttpSysHostingOptions.AppId)
{
return(binding);
}
}
return(null);
}
private static void Show(string[] args, CertificateBindingConfiguration configuration)
{
Console.WriteLine("SSL Certificate bindings:\r\n-------------------------\r\n");
var stores = new Dictionary <string, X509Store>();
var ipEndPoint = args.Length > 1 ? ParseIpEndPoint(args[1]) : null;
var certificateBindings = configuration.Query(ipEndPoint);
foreach (var info in certificateBindings)
{
X509Store store;
if (!stores.TryGetValue(info.StoreName, out store))
{
store = new X509Store(info.StoreName, StoreLocation.LocalMachine);
store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);
stores.Add(info.StoreName, store);
}
var certificate = store.Certificates.Find(X509FindType.FindByThumbprint, info.Thumbprint, false)[0];
string certStr = String.Format(
@" IP:port : {2}
Thumbprint : {0}
Subject : {4}
Issuer : {5}
Application ID : {3}
Store Name : {1}
Verify Client Certificate Revocation : {6}
Verify Revocation Using Cached Client Certificate Only : {7}
Usage Check : {8}
Revocation Freshness Time : {9}
URL Retrieval Timeout : {10}
Ctl Identifier : {11}
Ctl Store Name : {12}
DS Mapper Usage : {13}
Negotiate Client Certificate: {14}
",
info.Thumbprint, info.StoreName, info.IpPort, info.AppId, certificate.Subject, certificate.Issuer,
!info.Options.DoNotVerifyCertificateRevocation, info.Options.VerifyRevocationWithCachedCertificateOnly, !info.Options.NoUsageCheck,
info.Options.RevocationFreshnessTime + (info.Options.EnableRevocationFreshnessTime ? string.Empty : " (disabled)"),
info.Options.RevocationUrlRetrievalTimeout, info.Options.SslCtlIdentifier, info.Options.SslCtlStoreName,
info.Options.UseDsMappers, info.Options.NegotiateCertificate);
Console.WriteLine(certStr);
}
}
private static void Show(string[] args, CertificateBindingConfiguration configuration) {
Console.WriteLine("SSL Certificate bindings:\r\n-------------------------\r\n");
var stores = new Dictionary<string, X509Store>();
var ipEndPoint = args.Length > 1 ? ParseIpEndPoint(args[1]) : null;
var certificateBindings = configuration.Query(ipEndPoint);
foreach (var info in certificateBindings){
X509Store store;
if (!stores.TryGetValue(info.StoreName, out store)){
store = new X509Store(info.StoreName, StoreLocation.LocalMachine);
store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);
stores.Add(info.StoreName, store);
}
var certificate = store.Certificates.Find(X509FindType.FindByThumbprint, info.Thumbprint, false)[0];
string certStr = String.Format(
@" IP:port : {2}
Thumbprint : {0}
Subject : {4}
Issuer : {5}
Application ID : {3}
Store Name : {1}
Verify Client Certificate Revocation : {6}
Verify Revocation Using Cached Client Certificate Only : {7}
Usage Check : {8}
Revocation Freshness Time : {9}
URL Retrieval Timeout : {10}
Ctl Identifier : {11}
Ctl Store Name : {12}
DS Mapper Usage : {13}
Negotiate Client Certificate: {14}
",
info.Thumbprint, info.StoreName, info.IpPort, info.AppId, certificate.Subject, certificate.Issuer,
!info.Options.DoNotVerifyCertificateRevocation, info.Options.VerifyRevocationWithCachedCertificateOnly, !info.Options.NoUsageCheck,
info.Options.RevocationFreshnessTime + (info.Options.EnableRevocationFreshnessTime ? string.Empty : " (disabled)"),
info.Options.RevocationUrlRetrievalTimeout, info.Options.SslCtlIdentifier, info.Options.SslCtlStoreName,
info.Options.UseDsMappers, info.Options.NegotiateCertificate);
Console.WriteLine(certStr);
}
}
public void QueryAll()
{
var ipPort1 = GetEndpointWithFreeRandomPort();
var appId1 = Guid.NewGuid();
CertConfigCmd.Add(new CertConfigCmd.Options {
ipport = ipPort1,
certhash = _testingCertThumbprint,
appid = appId1,
certstorename = StoreName.My.ToString(),
});
var ipPort2 = GetEndpointWithFreeRandomPort();
var appId2 = Guid.NewGuid();
CertConfigCmd.Add(new CertConfigCmd.Options {
ipport = ipPort2,
certhash = _testingCertThumbprint,
appid = appId2,
certstorename = StoreName.AuthRoot.ToString(),
clientcertnegotiation = true,
revocationfreshnesstime = 100,
usagecheck = false,
verifyrevocationwithcachedclientcertonly = true,
});
var config = new CertificateBindingConfiguration();
var allBindings = config.Query();
var addedBindings = allBindings.Where(b => b.IpPort.Equals(ipPort1) || b.IpPort.Equals(ipPort2)).ToArray();
Assert.AreEqual(2, addedBindings.Length);
var binding1 = addedBindings[0];
Assert.AreEqual(appId1, binding1.AppId);
Assert.AreEqual(ipPort1, binding1.IpPort);
Assert.AreEqual(StoreName.My.ToString(), binding1.StoreName);
Assert.AreEqual(_testingCertThumbprint, binding1.Thumbprint);
Assert.AreEqual(false, binding1.Options.DoNotPassRequestsToRawFilters);
Assert.AreEqual(false, binding1.Options.DoNotVerifyCertificateRevocation);
Assert.AreEqual(false, binding1.Options.EnableRevocationFreshnessTime);
Assert.AreEqual(false, binding1.Options.NegotiateCertificate);
Assert.AreEqual(false, binding1.Options.NoUsageCheck);
Assert.AreEqual(TimeSpan.Zero, binding1.Options.RevocationFreshnessTime);
Assert.AreEqual(TimeSpan.Zero, binding1.Options.RevocationUrlRetrievalTimeout);
Assert.AreEqual(null, binding1.Options.SslCtlIdentifier);
Assert.AreEqual(null, binding1.Options.SslCtlStoreName);
Assert.AreEqual(false, binding1.Options.UseDsMappers);
Assert.AreEqual(false, binding1.Options.VerifyRevocationWithCachedCertificateOnly);
var binding2 = addedBindings[1];
Assert.AreEqual(appId2, binding2.AppId);
Assert.AreEqual(ipPort2, binding2.IpPort);
Assert.AreEqual(StoreName.AuthRoot.ToString(), binding2.StoreName);
Assert.AreEqual(_testingCertThumbprint, binding2.Thumbprint);
Assert.AreEqual(false, binding2.Options.DoNotPassRequestsToRawFilters);
Assert.AreEqual(false, binding2.Options.DoNotVerifyCertificateRevocation);
Assert.AreEqual(true, binding2.Options.EnableRevocationFreshnessTime);
Assert.AreEqual(true, binding2.Options.NegotiateCertificate);
Assert.AreEqual(true, binding2.Options.NoUsageCheck);
Assert.AreEqual(TimeSpan.FromSeconds(100), binding2.Options.RevocationFreshnessTime);
Assert.AreEqual(TimeSpan.Zero, binding2.Options.RevocationUrlRetrievalTimeout);
Assert.AreEqual(null, binding2.Options.SslCtlIdentifier);
Assert.AreEqual(null, binding2.Options.SslCtlStoreName);
Assert.AreEqual(false, binding2.Options.UseDsMappers);
Assert.AreEqual(true, binding2.Options.VerifyRevocationWithCachedCertificateOnly);
}
public void QueryAll() {
var ipPort1 = GetEndpointWithFreeRandomPort();
var appId1 = Guid.NewGuid();
CertConfigCmd.Add(new CertConfigCmd.Options {
ipport = ipPort1,
certhash = _testingCertThumbprint,
appid = appId1,
certstorename = StoreName.My.ToString(),
});
var ipPort2 = GetEndpointWithFreeRandomPort();
var appId2 = Guid.NewGuid();
CertConfigCmd.Add(new CertConfigCmd.Options {
ipport = ipPort2,
certhash = _testingCertThumbprint,
appid = appId2,
certstorename = StoreName.AuthRoot.ToString(),
clientcertnegotiation = true,
revocationfreshnesstime = 100,
usagecheck = false,
verifyrevocationwithcachedclientcertonly = true,
});
var config = new CertificateBindingConfiguration();
var allBindings = config.Query();
var addedBindings = allBindings.Where(b => b.IpPort.Equals(ipPort1) || b.IpPort.Equals(ipPort2)).ToArray();
Assert.AreEqual(2, addedBindings.Length);
var binding1 = addedBindings[0];
Assert.AreEqual(appId1, binding1.AppId);
Assert.AreEqual(ipPort1, binding1.IpPort);
Assert.AreEqual(StoreName.My.ToString(), binding1.StoreName);
Assert.AreEqual(_testingCertThumbprint, binding1.Thumbprint);
Assert.AreEqual(false, binding1.Options.DoNotPassRequestsToRawFilters);
Assert.AreEqual(false, binding1.Options.DoNotVerifyCertificateRevocation);
Assert.AreEqual(false, binding1.Options.EnableRevocationFreshnessTime);
Assert.AreEqual(false, binding1.Options.NegotiateCertificate);
Assert.AreEqual(false, binding1.Options.NoUsageCheck);
Assert.AreEqual(TimeSpan.Zero, binding1.Options.RevocationFreshnessTime);
Assert.AreEqual(TimeSpan.Zero, binding1.Options.RevocationUrlRetrievalTimeout);
Assert.AreEqual(null, binding1.Options.SslCtlIdentifier);
Assert.AreEqual(null, binding1.Options.SslCtlStoreName);
Assert.AreEqual(false, binding1.Options.UseDsMappers);
Assert.AreEqual(false, binding1.Options.VerifyRevocationWithCachedCertificateOnly);
var binding2 = addedBindings[1];
Assert.AreEqual(appId2, binding2.AppId);
Assert.AreEqual(ipPort2, binding2.IpPort);
Assert.AreEqual(StoreName.AuthRoot.ToString(), binding2.StoreName);
Assert.AreEqual(_testingCertThumbprint, binding2.Thumbprint);
Assert.AreEqual(false, binding2.Options.DoNotPassRequestsToRawFilters);
Assert.AreEqual(false, binding2.Options.DoNotVerifyCertificateRevocation);
Assert.AreEqual(true, binding2.Options.EnableRevocationFreshnessTime);
Assert.AreEqual(true, binding2.Options.NegotiateCertificate);
Assert.AreEqual(true, binding2.Options.NoUsageCheck);
Assert.AreEqual(TimeSpan.FromSeconds(100), binding2.Options.RevocationFreshnessTime);
Assert.AreEqual(TimeSpan.Zero, binding2.Options.RevocationUrlRetrievalTimeout);
Assert.AreEqual(null, binding2.Options.SslCtlIdentifier);
Assert.AreEqual(null, binding2.Options.SslCtlStoreName);
Assert.AreEqual(false, binding2.Options.UseDsMappers);
Assert.AreEqual(true, binding2.Options.VerifyRevocationWithCachedCertificateOnly);
}
