예제 #1
0
        // Requests a certificate to be generated by the Bridge based on a user name and not machine name
        public override ResourceResponse Put(ResourceRequestContext context)
        {
            X509Certificate2 certificate;

            string subject;

            if (!context.Properties.TryGetValue(subjectKeyName, out subject) || string.IsNullOrWhiteSpace(subject))
            {
                throw new ArgumentException("When PUTting to this resource, specify an non-empty 'subject'", "context.Properties");
            }

            // There can be multiple subjects, separated by ,
            string[] subjects = subject.Split(',');

            lock (s_certificateResourceLock)
            {
                if (!s_createdCertsBySubject.TryGetValue(subjects[0], out certificate))
                {
                    CertificateGenerator generator = CertificateResourceHelpers.GetCertificateGeneratorInstance(context.BridgeConfiguration);

                    CertificateCreationSettings certificateCreationSettings = new CertificateCreationSettings()
                    {
                        FriendlyName            = "WCF Bridge - UserCertificateResource",
                        Subject                 = subjects[0],
                        SubjectAlternativeNames = subjects
                    };
                    certificate = generator.CreateUserCertificate(certificateCreationSettings).Certificate;

                    // Cache the certificates
                    s_createdCertsBySubject.Add(subjects[0], certificate);
                    s_createdCertsByThumbprint.Add(certificate.Thumbprint, certificate);

                    // Created certs get put onto the local machine
                    // We ideally don't want this to happen, but until we find a way to have BridgeClient not need elevation for cert installs
                    // we need this to happen so that running locally doesn't require elevation as it messes up our CI and developer builds
                    CertificateManager.InstallCertificateToMyStore(certificate);
                }
            }

            ResourceResponse response = new ResourceResponse();

            response.Properties.Add(thumbprintKeyName, certificate.Thumbprint);

            return(response);
        }
예제 #2
0
        private static int Main(string[] args)
        {
            ApplyAppSettings();

            if (args.Length > 0)
            {
                if (string.Compare(args[0], "-Uninstall", true) == 0)
                {
                    UninstallAllCerts();
                    return(0);
                }
                else if (string.Compare(args[0], "-help", true) == 0)
                {
                    Usage();
                    return(0);
                }
                else
                {
                    Usage();
                    return(1);
                }
            }

            UninstallAllCerts();

            CertificateGenerator certificateGenerate = new CertificateGenerator();

            certificateGenerate.CertificatePassword = "******";
            certificateGenerate.CrlServiceUri       = s_fqdn;
            certificateGenerate.ValidityPeriod      = s_ValidatePeriod;

            if (!string.IsNullOrEmpty(s_testserverbase))
            {
                certificateGenerate.CrlUriRelativePath += "/" + s_testserverbase;
            }
            certificateGenerate.CrlUriRelativePath += "/TestHost.svc/Crl";

            //Create and install root and server cert
            CertificateManager.CreateAndInstallLocalMachineCertificates(certificateGenerate);

            //Create and Install expired cert
            CertificateCreationSettings certificateCreationSettings = new CertificateCreationSettings()
            {
                FriendlyName      = "WCF Bridge - TcpExpiredServerCertResource",
                ValidityType      = CertificateValidityType.Expired,
                ValidityNotBefore = DateTime.UtcNow - TimeSpan.FromDays(4),
                ValidityNotAfter  = DateTime.UtcNow - TimeSpan.FromDays(2),
                //If you specify multiple subjects, the first one becomes the subject, and all of them become Subject Alt Names.
                //In this case, the certificate subject is  CN=fqdn, OU=..., O=... , and SANs will be  fqdn, hostname, localhost
                //We do this so that a single WCF service setup can deal with all the possible addresses that a client might use.
                Subject = s_fqdn,
                SubjectAlternativeNames = new string[] { s_fqdn, s_hostname, "localhost" }
            };

            CreateAndInstallMachineCertificate(certificateGenerate, certificateCreationSettings);


            //Create and Install TcpCertificateWithServerAltName
            certificateCreationSettings = new CertificateCreationSettings()
            {
                FriendlyName            = "WCF Bridge - TcpCertificateWithServerAltNameResource",
                Subject                 = "not-real-subject-name",
                SubjectAlternativeNames = new string[] { "not-real-subject-name", "not-real-subject-name.example.com", s_fqdn, s_hostname, "localhost" }
            };
            CreateAndInstallMachineCertificate(certificateGenerate, certificateCreationSettings);

            //TcpCertificateWithSubjectCanonicalNameDomainName
            certificateCreationSettings = new CertificateCreationSettings()
            {
                FriendlyName            = "WCF Bridge - TcpCertificateWithSubjectCanonicalNameDomainNameResource",
                Subject                 = s_hostname,
                SubjectAlternativeNames = new string[0],
                ValidityType            = CertificateValidityType.NonAuthoritativeForMachine
            };
            CreateAndInstallMachineCertificate(certificateGenerate, certificateCreationSettings);

            //WCF Bridge - TcpCertificateWithSubjectCanonicalNameFqdn
            certificateCreationSettings = new CertificateCreationSettings()
            {
                FriendlyName            = "WCF Bridge - TcpCertificateWithSubjectCanonicalNameFqdnResource",
                Subject                 = s_fqdn,
                SubjectAlternativeNames = new string[0],
                ValidityType            = CertificateValidityType.NonAuthoritativeForMachine
            };
            CreateAndInstallMachineCertificate(certificateGenerate, certificateCreationSettings);

            //TcpCertificateWithSubjectCanonicalNameLocalhost
            certificateCreationSettings = new CertificateCreationSettings()
            {
                FriendlyName            = "WCF Bridge - TcpCertificateWithSubjectCanonicalNameLocalhostResource",
                Subject                 = "localhost",
                SubjectAlternativeNames = new string[0],
                ValidityType            = CertificateValidityType.NonAuthoritativeForMachine
            };
            CreateAndInstallMachineCertificate(certificateGenerate, certificateCreationSettings);

            //TcpRevokedServerCert
            certificateCreationSettings = new CertificateCreationSettings()
            {
                FriendlyName            = "WCF Bridge - TcpRevokedServerCertResource",
                ValidityType            = CertificateValidityType.Revoked,
                Subject                 = s_fqdn,
                SubjectAlternativeNames = new string[] { s_fqdn, s_hostname, "localhost" }
            };
            CreateAndInstallMachineCertificate(certificateGenerate, certificateCreationSettings);

            //TcpInvalidEkuServerCert
            certificateCreationSettings = new CertificateCreationSettings()
            {
                FriendlyName            = "WCF Bridge - TcpInvalidEkuServerCert",
                ValidityType            = CertificateValidityType.Valid,
                Subject                 = s_fqdn,
                SubjectAlternativeNames = new string[] { s_fqdn, s_hostname, "localhost" },
                EKU = new List <Org.BouncyCastle.Asn1.X509.KeyPurposeID> {
                    Org.BouncyCastle.Asn1.X509.KeyPurposeID.IdKPClientAuth
                }
            };
            CreateAndInstallMachineCertificate(certificateGenerate, certificateCreationSettings);

            //STSMetaData
            certificateCreationSettings = new CertificateCreationSettings()
            {
                FriendlyName = "WCF Bridge - STSMetaData",
                ValidityType = CertificateValidityType.Valid,
                Subject      = "STSMetaData",
                EKU          = new List <Org.BouncyCastle.Asn1.X509.KeyPurposeID>()
            };
            CreateAndInstallMachineCertificate(certificateGenerate, certificateCreationSettings);

            //Create and install client cert
            certificateCreationSettings = new CertificateCreationSettings()
            {
                FriendlyName = "WCF Bridge - UserCertificateResource",
                Subject      = "WCF Client Certificate",
            };
            X509Certificate2 certificate = certificateGenerate.CreateUserCertificate(certificateCreationSettings).Certificate;

            CertificateManager.AddToStoreIfNeeded(StoreName.My, StoreLocation.LocalMachine, certificate);

            //Create CRL and save it
            File.WriteAllBytes(s_CrlFileLocation, certificateGenerate.CrlEncoded);

            return(0);
        }