예제 #1
0
		public void QueryOne() {
			var ipPort = GetEndpointWithFreeRandomPort();
			var appId = Guid.NewGuid();

			CertConfigCmd.Add(new CertConfigCmd.Options {
				ipport = ipPort,
				certhash = _testingCertThumbprint,
				appid = appId,
				certstorename = null,
			});

			var config = new CertificateBindingConfiguration();
			var bindingsByIpPort = config.Query(ipPort);
			Assert.AreEqual(1, bindingsByIpPort.Length);
			var binding = bindingsByIpPort[0];
			Assert.AreEqual(appId, binding.AppId);
			Assert.AreEqual(ipPort, binding.IpPort);
			Assert.AreEqual("MY", binding.StoreName);
			Assert.AreEqual(_testingCertThumbprint, binding.Thumbprint);
			Assert.AreEqual(false, binding.Options.DoNotPassRequestsToRawFilters);
			Assert.AreEqual(false, binding.Options.DoNotVerifyCertificateRevocation);
			Assert.AreEqual(false, binding.Options.EnableRevocationFreshnessTime);
			Assert.AreEqual(false, binding.Options.NegotiateCertificate);
			Assert.AreEqual(false, binding.Options.NoUsageCheck);
			Assert.AreEqual(TimeSpan.Zero, binding.Options.RevocationFreshnessTime);
			Assert.AreEqual(TimeSpan.Zero, binding.Options.RevocationUrlRetrievalTimeout);
			Assert.AreEqual(null, binding.Options.SslCtlIdentifier);
			Assert.AreEqual(null, binding.Options.SslCtlStoreName);
			Assert.AreEqual(false, binding.Options.UseDsMappers);
			Assert.AreEqual(false, binding.Options.VerifyRevocationWithCachedCertificateOnly);
		}
예제 #2
0
        public void QueryOne()
        {
            var ipPort = GetEndpointWithFreeRandomPort();
            var appId  = Guid.NewGuid();

            CertConfigCmd.Add(new CertConfigCmd.Options {
                ipport        = ipPort,
                certhash      = _testingCertThumbprint,
                appid         = appId,
                certstorename = null,
            });

            var config           = new CertificateBindingConfiguration();
            var bindingsByIpPort = config.Query(ipPort);

            Assert.AreEqual(1, bindingsByIpPort.Length);
            var binding = bindingsByIpPort[0];

            Assert.AreEqual(appId, binding.AppId);
            Assert.AreEqual(ipPort, binding.IpPort);
            Assert.AreEqual("MY", binding.StoreName);
            Assert.AreEqual(_testingCertThumbprint, binding.Thumbprint);
            Assert.AreEqual(false, binding.Options.DoNotPassRequestsToRawFilters);
            Assert.AreEqual(false, binding.Options.DoNotVerifyCertificateRevocation);
            Assert.AreEqual(false, binding.Options.EnableRevocationFreshnessTime);
            Assert.AreEqual(false, binding.Options.NegotiateCertificate);
            Assert.AreEqual(false, binding.Options.NoUsageCheck);
            Assert.AreEqual(TimeSpan.Zero, binding.Options.RevocationFreshnessTime);
            Assert.AreEqual(TimeSpan.Zero, binding.Options.RevocationUrlRetrievalTimeout);
            Assert.AreEqual(null, binding.Options.SslCtlIdentifier);
            Assert.AreEqual(null, binding.Options.SslCtlStoreName);
            Assert.AreEqual(false, binding.Options.UseDsMappers);
            Assert.AreEqual(false, binding.Options.VerifyRevocationWithCachedCertificateOnly);
        }
예제 #3
0
        // 测试命令行
        // netsh http show sslcert ipport=0.0.0.0:53963
        // netsh http add sslcert ipport=0.0.0.0:53963 appid={51D241DB-BFFB-4674-8E9E-D6428CF6539D} certhash=A553937A733BDD9B3A4663C6497484D0C17ECDF4

        // netsh http show sslcert ipport=0.0.0.0:53963
        // netsh http delete sslcert ipport = 0.0.0.0:53963


        /// <summary>
        /// 判断指定的端口是否存在HTTPS的绑定。
        /// 注意:在WindowsXP中,如果是非管理员,没有查询SSL相关的权限
        /// </summary>
        /// <param name="httpsPort"></param>
        /// <returns></returns>
        public static bool BindIsExist(int httpsPort)
        {
            var        configuration       = new CertificateBindingConfiguration();
            IPEndPoint sslPort             = new IPEndPoint(IPAddress.Any, httpsPort);
            var        certificateBindings = configuration.Query(sslPort);

            return(certificateBindings.Length > 0);
        }
        private List <CertificateBinding> GetCertificateBindings()
        {
            CertificateBindingConfiguration config = new CertificateBindingConfiguration();

            CertificateBinding[] results = config.Query();

            return(results.ToList());
        }
        private CertificateBinding GetCertificateBinding(CertificateBindingConfiguration config)
        {
            foreach (CertificateBinding binding in config.Query())
            {
                if (binding.AppId == HttpSysHostingOptions.AppId)
                {
                    return(binding);
                }
            }

            return(null);
        }
예제 #6
0
        private static void Show(string[] args, CertificateBindingConfiguration configuration)
        {
            Console.WriteLine("SSL Certificate bindings:\r\n-------------------------\r\n");
            var stores              = new Dictionary <string, X509Store>();
            var ipEndPoint          = args.Length > 1 ? ParseIpEndPoint(args[1]) : null;
            var certificateBindings = configuration.Query(ipEndPoint);

            foreach (var info in certificateBindings)
            {
                X509Store store;
                if (!stores.TryGetValue(info.StoreName, out store))
                {
                    store = new X509Store(info.StoreName, StoreLocation.LocalMachine);
                    store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);
                    stores.Add(info.StoreName, store);
                }

                var    certificate = store.Certificates.Find(X509FindType.FindByThumbprint, info.Thumbprint, false)[0];
                string certStr     = String.Format(
                    @" IP:port        : {2}
 Thumbprint     : {0}
 Subject        : {4}
 Issuer         : {5}
 Application ID : {3}
 Store Name     : {1}
 Verify Client Certificate Revocation                   : {6}
 Verify Revocation Using Cached Client Certificate Only : {7}
 Usage Check                 : {8}
 Revocation Freshness Time   : {9}
 URL Retrieval Timeout       : {10}
 Ctl Identifier : {11}
 Ctl Store Name : {12}
 DS Mapper Usage             : {13}
 Negotiate Client Certificate: {14}
",
                    info.Thumbprint, info.StoreName, info.IpPort, info.AppId, certificate.Subject, certificate.Issuer,
                    !info.Options.DoNotVerifyCertificateRevocation, info.Options.VerifyRevocationWithCachedCertificateOnly, !info.Options.NoUsageCheck,
                    info.Options.RevocationFreshnessTime + (info.Options.EnableRevocationFreshnessTime ? string.Empty : " (disabled)"),
                    info.Options.RevocationUrlRetrievalTimeout, info.Options.SslCtlIdentifier, info.Options.SslCtlStoreName,
                    info.Options.UseDsMappers, info.Options.NegotiateCertificate);
                Console.WriteLine(certStr);
            }
        }
예제 #7
0
		private static void Show(string[] args, CertificateBindingConfiguration configuration) {
			Console.WriteLine("SSL Certificate bindings:\r\n-------------------------\r\n");
			var stores = new Dictionary<string, X509Store>();
			var ipEndPoint = args.Length > 1 ? ParseIpEndPoint(args[1]) : null;
			var certificateBindings = configuration.Query(ipEndPoint);
			foreach (var info in certificateBindings){
				X509Store store;
				if (!stores.TryGetValue(info.StoreName, out store)){
					store = new X509Store(info.StoreName, StoreLocation.LocalMachine);
					store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);
					stores.Add(info.StoreName, store);
				}

				var certificate = store.Certificates.Find(X509FindType.FindByThumbprint, info.Thumbprint, false)[0];
				string certStr = String.Format(
@" IP:port        : {2}
 Thumbprint     : {0}
 Subject        : {4}
 Issuer         : {5}
 Application ID : {3}
 Store Name     : {1}
 Verify Client Certificate Revocation                   : {6}
 Verify Revocation Using Cached Client Certificate Only : {7}
 Usage Check                 : {8}
 Revocation Freshness Time   : {9}
 URL Retrieval Timeout       : {10}
 Ctl Identifier : {11}
 Ctl Store Name : {12}
 DS Mapper Usage             : {13}
 Negotiate Client Certificate: {14}
",
					info.Thumbprint, info.StoreName, info.IpPort, info.AppId, certificate.Subject, certificate.Issuer, 
					!info.Options.DoNotVerifyCertificateRevocation, info.Options.VerifyRevocationWithCachedCertificateOnly, !info.Options.NoUsageCheck,
					info.Options.RevocationFreshnessTime + (info.Options.EnableRevocationFreshnessTime ? string.Empty : " (disabled)"),
					info.Options.RevocationUrlRetrievalTimeout, info.Options.SslCtlIdentifier, info.Options.SslCtlStoreName, 
					info.Options.UseDsMappers, info.Options.NegotiateCertificate);
				Console.WriteLine(certStr);
			}
		}
예제 #8
0
        public void QueryAll()
        {
            var ipPort1 = GetEndpointWithFreeRandomPort();
            var appId1  = Guid.NewGuid();

            CertConfigCmd.Add(new CertConfigCmd.Options {
                ipport        = ipPort1,
                certhash      = _testingCertThumbprint,
                appid         = appId1,
                certstorename = StoreName.My.ToString(),
            });

            var ipPort2 = GetEndpointWithFreeRandomPort();
            var appId2  = Guid.NewGuid();

            CertConfigCmd.Add(new CertConfigCmd.Options {
                ipport                  = ipPort2,
                certhash                = _testingCertThumbprint,
                appid                   = appId2,
                certstorename           = StoreName.AuthRoot.ToString(),
                clientcertnegotiation   = true,
                revocationfreshnesstime = 100,
                usagecheck              = false,
                verifyrevocationwithcachedclientcertonly = true,
            });


            var config        = new CertificateBindingConfiguration();
            var allBindings   = config.Query();
            var addedBindings = allBindings.Where(b => b.IpPort.Equals(ipPort1) || b.IpPort.Equals(ipPort2)).ToArray();

            Assert.AreEqual(2, addedBindings.Length);
            var binding1 = addedBindings[0];

            Assert.AreEqual(appId1, binding1.AppId);
            Assert.AreEqual(ipPort1, binding1.IpPort);
            Assert.AreEqual(StoreName.My.ToString(), binding1.StoreName);
            Assert.AreEqual(_testingCertThumbprint, binding1.Thumbprint);
            Assert.AreEqual(false, binding1.Options.DoNotPassRequestsToRawFilters);
            Assert.AreEqual(false, binding1.Options.DoNotVerifyCertificateRevocation);
            Assert.AreEqual(false, binding1.Options.EnableRevocationFreshnessTime);
            Assert.AreEqual(false, binding1.Options.NegotiateCertificate);
            Assert.AreEqual(false, binding1.Options.NoUsageCheck);
            Assert.AreEqual(TimeSpan.Zero, binding1.Options.RevocationFreshnessTime);
            Assert.AreEqual(TimeSpan.Zero, binding1.Options.RevocationUrlRetrievalTimeout);
            Assert.AreEqual(null, binding1.Options.SslCtlIdentifier);
            Assert.AreEqual(null, binding1.Options.SslCtlStoreName);
            Assert.AreEqual(false, binding1.Options.UseDsMappers);
            Assert.AreEqual(false, binding1.Options.VerifyRevocationWithCachedCertificateOnly);

            var binding2 = addedBindings[1];

            Assert.AreEqual(appId2, binding2.AppId);
            Assert.AreEqual(ipPort2, binding2.IpPort);
            Assert.AreEqual(StoreName.AuthRoot.ToString(), binding2.StoreName);
            Assert.AreEqual(_testingCertThumbprint, binding2.Thumbprint);
            Assert.AreEqual(false, binding2.Options.DoNotPassRequestsToRawFilters);
            Assert.AreEqual(false, binding2.Options.DoNotVerifyCertificateRevocation);
            Assert.AreEqual(true, binding2.Options.EnableRevocationFreshnessTime);
            Assert.AreEqual(true, binding2.Options.NegotiateCertificate);
            Assert.AreEqual(true, binding2.Options.NoUsageCheck);
            Assert.AreEqual(TimeSpan.FromSeconds(100), binding2.Options.RevocationFreshnessTime);
            Assert.AreEqual(TimeSpan.Zero, binding2.Options.RevocationUrlRetrievalTimeout);
            Assert.AreEqual(null, binding2.Options.SslCtlIdentifier);
            Assert.AreEqual(null, binding2.Options.SslCtlStoreName);
            Assert.AreEqual(false, binding2.Options.UseDsMappers);
            Assert.AreEqual(true, binding2.Options.VerifyRevocationWithCachedCertificateOnly);
        }
예제 #9
0
		public void QueryAll() {
			var ipPort1 = GetEndpointWithFreeRandomPort();
			var appId1 = Guid.NewGuid();
			CertConfigCmd.Add(new CertConfigCmd.Options {
				ipport = ipPort1,
				certhash = _testingCertThumbprint,
				appid = appId1,
				certstorename = StoreName.My.ToString(),
			});

			var ipPort2 = GetEndpointWithFreeRandomPort();
			var appId2 = Guid.NewGuid();
			CertConfigCmd.Add(new CertConfigCmd.Options {
				ipport = ipPort2,
				certhash = _testingCertThumbprint,
				appid = appId2,
				certstorename = StoreName.AuthRoot.ToString(),
				clientcertnegotiation = true,
				revocationfreshnesstime = 100,
				usagecheck = false,
				verifyrevocationwithcachedclientcertonly = true,
			});


			var config = new CertificateBindingConfiguration();
			var allBindings = config.Query();
			var addedBindings = allBindings.Where(b => b.IpPort.Equals(ipPort1) || b.IpPort.Equals(ipPort2)).ToArray();
			Assert.AreEqual(2, addedBindings.Length);
			var binding1 = addedBindings[0];
			Assert.AreEqual(appId1, binding1.AppId);
			Assert.AreEqual(ipPort1, binding1.IpPort);
			Assert.AreEqual(StoreName.My.ToString(), binding1.StoreName);
			Assert.AreEqual(_testingCertThumbprint, binding1.Thumbprint);
			Assert.AreEqual(false, binding1.Options.DoNotPassRequestsToRawFilters);
			Assert.AreEqual(false, binding1.Options.DoNotVerifyCertificateRevocation);
			Assert.AreEqual(false, binding1.Options.EnableRevocationFreshnessTime);
			Assert.AreEqual(false, binding1.Options.NegotiateCertificate);
			Assert.AreEqual(false, binding1.Options.NoUsageCheck);
			Assert.AreEqual(TimeSpan.Zero, binding1.Options.RevocationFreshnessTime);
			Assert.AreEqual(TimeSpan.Zero, binding1.Options.RevocationUrlRetrievalTimeout);
			Assert.AreEqual(null, binding1.Options.SslCtlIdentifier);
			Assert.AreEqual(null, binding1.Options.SslCtlStoreName);
			Assert.AreEqual(false, binding1.Options.UseDsMappers);
			Assert.AreEqual(false, binding1.Options.VerifyRevocationWithCachedCertificateOnly);

			var binding2 = addedBindings[1];
			Assert.AreEqual(appId2, binding2.AppId);
			Assert.AreEqual(ipPort2, binding2.IpPort);
			Assert.AreEqual(StoreName.AuthRoot.ToString(), binding2.StoreName);
			Assert.AreEqual(_testingCertThumbprint, binding2.Thumbprint);
			Assert.AreEqual(false, binding2.Options.DoNotPassRequestsToRawFilters);
			Assert.AreEqual(false, binding2.Options.DoNotVerifyCertificateRevocation);
			Assert.AreEqual(true, binding2.Options.EnableRevocationFreshnessTime);
			Assert.AreEqual(true, binding2.Options.NegotiateCertificate);
			Assert.AreEqual(true, binding2.Options.NoUsageCheck);
			Assert.AreEqual(TimeSpan.FromSeconds(100), binding2.Options.RevocationFreshnessTime);
			Assert.AreEqual(TimeSpan.Zero, binding2.Options.RevocationUrlRetrievalTimeout);
			Assert.AreEqual(null, binding2.Options.SslCtlIdentifier);
			Assert.AreEqual(null, binding2.Options.SslCtlStoreName);
			Assert.AreEqual(false, binding2.Options.UseDsMappers);
			Assert.AreEqual(true, binding2.Options.VerifyRevocationWithCachedCertificateOnly);
		}