private void ValidateEndpoint(InputEndpointType httpEndpoint) { if (httpEndpoint.Protocol != InputEndpointTypeProtocol.http && httpEndpoint.Protocol != InputEndpointTypeProtocol.https) { throw new ArgumentException( string.Format( "ValidateSFReverseProxySettings failed as HttpAppGatewayEndpoint.Protocol is invalid: {0}", httpEndpoint.Protocol)); } // // If protocol is https, then server certificates have to be specified. // if (httpEndpoint.Protocol == InputEndpointTypeProtocol.https) { if (!this.httpAppGatewaySettings.ContainsKey(FabricValidatorConstants.ParameterNames.HttpAppGatewayCredentialType) || this.httpAppGatewaySettings[FabricValidatorConstants.ParameterNames.HttpAppGatewayCredentialType].Value != "X509") { throw new ArgumentException( "ValidateSFReverseProxySettings failed as Credential type is not x509 when protocol is https"); } if (!this.httpAppGatewaySettings.ContainsKey(FabricValidatorConstants.ParameterNames.HttpAppGatewayCertificateFindValue) || this.httpAppGatewaySettings[FabricValidatorConstants.ParameterNames.HttpAppGatewayCertificateFindValue].Value.Length == 0) { throw new ArgumentException( "ValidateSFReverseProxySettings failed as Certificate find value not set when protocol is https"); } if (!this.httpAppGatewaySettings.ContainsKey(FabricValidatorConstants.ParameterNames.HttpAppGatewayCertificateValidationPolicy) || (this.httpAppGatewaySettings[FabricValidatorConstants.ParameterNames.HttpAppGatewayCertificateValidationPolicy].Value != FabricValidatorConstants.HttpAppGatewayPolicyNone && this.httpAppGatewaySettings[FabricValidatorConstants.ParameterNames.HttpAppGatewayCertificateValidationPolicy].Value != FabricValidatorConstants.ParameterNames.HttpAppGatewayServiceCertificateThumbprints && this.httpAppGatewaySettings[FabricValidatorConstants.ParameterNames.HttpAppGatewayCertificateValidationPolicy].Value != FabricValidatorConstants.HttpAppGatewayServiceCommonNameAndIssuer)) { throw new ArgumentException( "ValidateSFReverseProxySettings failed as ApplicationCertificateValidationPolicy set incorrectly when protocol is https."); } if (this.httpAppGatewaySettings[FabricValidatorConstants.ParameterNames.HttpAppGatewayCertificateValidationPolicy].Value == FabricValidatorConstants.ParameterNames.HttpAppGatewayServiceCertificateThumbprints && (!this.httpAppGatewaySettings.ContainsKey(FabricValidatorConstants.ParameterNames.HttpAppGatewayServiceCertificateThumbprints) || String.IsNullOrEmpty(this.httpAppGatewaySettings[FabricValidatorConstants.ParameterNames.HttpAppGatewayServiceCertificateThumbprints].Value))) { throw new ArgumentException( "ValidateSFReverseProxySettings failed as parameter ServiceCertificateThumbprints not found when ApplicationCertificateValidationPolicy is set to thumbprints."); } if (this.httpAppGatewaySettings[FabricValidatorConstants.ParameterNames.HttpAppGatewayCertificateValidationPolicy].Value == FabricValidatorConstants.HttpAppGatewayServiceCommonNameAndIssuer && (this.serviceCommonNameAndIssuerSettings == null || this.serviceCommonNameAndIssuerSettings.Count <= 0)) { throw new ArgumentException( "ValidateSFReverseProxySettings failed as section ServiceCommonNameAndIssuer not found or is empty when ApplicationCertificateValidationPolicy is set to ServiceCommonNameAndIssuer."); } } // // It is ok to have some nodetypes which have http endpoints while others have https endpoints for the app gateway. // This will be the configuration if the customer wants to expose only one nodetype via the load balancer and wants // to use the other nodetypes for internal communication. // }
public InputEndpointType ToInputEndpointType() { InputEndpointType endpoint = new InputEndpointType(); endpoint.Port = this.Port; endpoint.Protocol = (InputEndpointTypeProtocol)Enum.Parse(typeof(InputEndpointTypeProtocol), this.Protocol); return(endpoint); }
internal static bool InputEndpointEquals(InputEndpointType endpointA, InputEndpointType endpointB) { if (endpointA == null && endpointB == null) { return(true); } if (endpointA == null || endpointB == null) { return(false); } return(endpointA.Protocol == endpointB.Protocol && string.Compare(endpointA.Port, endpointB.Port, StringComparison.OrdinalIgnoreCase) == 0); }
private void ValidateEndpoint(InputEndpointType httpEndpoint, CertificatesType certificates, bool verifyCertificates) { if (httpEndpoint.Protocol != InputEndpointTypeProtocol.http && httpEndpoint.Protocol != InputEndpointTypeProtocol.https) { throw new ArgumentException( string.Format( "ValidateHttpGatewaySettings failed as HttpGatewayEndpoint.Protocol is invalid: {0}", httpEndpoint.Protocol)); } if (!verifyCertificates) { return; } // // If protocol is https, then server certificates have to be specified. // if (httpEndpoint.Protocol == InputEndpointTypeProtocol.https) { if (certificates == null || certificates.ServerCertificate == null || certificates.ServerCertificate.X509FindValue == null || certificates.ServerCertificate.X509FindValue.Length == 0) { throw new ArgumentException( "ValidateHttpGatewaySettings failed as ServerCertificate is not specified with HttpGatewayEndpoint Protocol https"); } } // // If server certificates are specified, the protocol should be https. // if (certificates != null && certificates.ServerCertificate != null && certificates.ServerCertificate.X509FindValue != null && certificates.ServerCertificate.X509FindValue.Length != 0) { if (httpEndpoint.Protocol != InputEndpointTypeProtocol.https) { throw new ArgumentException( "ValidateHttpGatewaySettings failed as ServerCertificate is specified and the HttpGatewayEndpoint Protocol is not https"); } } }
internal static NonWindowsFabricEndpointSet GetNonWindowsFabricEndpointSet(IDictionary <string, RoleInstanceEndpoint> roleInstanceEndpointMap) { Dictionary <string, InputEndpointType> nonWindowsFabricPorts = new Dictionary <string, InputEndpointType>(StringComparer.OrdinalIgnoreCase); Dictionary <string, FabricEndpointsTypeApplicationEndpoints> nonWindowsFabricPortRanges = new Dictionary <string, FabricEndpointsTypeApplicationEndpoints>(StringComparer.OrdinalIgnoreCase); foreach (KeyValuePair <string, RoleInstanceEndpoint> roleInstanceEndpoint in roleInstanceEndpointMap) { string roleInstanceEndpointName = roleInstanceEndpoint.Key; if (WindowsFabricAzureWrapperServiceCommon.FabricEndpointNames.FirstOrDefault(name => string.Compare(name, roleInstanceEndpointName, StringComparison.OrdinalIgnoreCase) == 0) == null) { string portRangeConfigurationSettingName = string.Format(CultureInfo.InvariantCulture, WindowsFabricAzureWrapperServiceCommon.NonWindowsFabricPortRangeConfigurationSettingNameTemplate, roleInstanceEndpointName); int portCount; if (TryGetConfigurationSettingValueAsInt(portRangeConfigurationSettingName, out portCount)) { int startPort = roleInstanceEndpoint.Value.IPEndpoint.Port; int endPort = startPort + portCount - 1; nonWindowsFabricPortRanges[roleInstanceEndpointName] = new FabricEndpointsTypeApplicationEndpoints { StartPort = startPort, EndPort = endPort }; } else { int port = roleInstanceEndpoint.Value.IPEndpoint.Port; nonWindowsFabricPorts[roleInstanceEndpointName] = new InputEndpointType { Port = port.ToString(CultureInfo.InvariantCulture), Protocol = InputEndpointTypeProtocol.tcp }; } } } return(new NonWindowsFabricEndpointSet { NonWindowsFabricPorts = nonWindowsFabricPorts, NonWindowsFabricPortRanges = nonWindowsFabricPortRanges }); }
private static string InputEndpointToString(InputEndpointType endpoint) { return(endpoint == null ? string.Empty : string.Format(CultureInfo.InvariantCulture, "< {0}, {1} >", endpoint.Protocol, endpoint.Port)); }
private void AddOptionalEndpointProtocol(List <SettingsTypeSectionParameter> parameters, string name, InputEndpointType endpoint) { AddEndPoint(parameters, name, endpoint != null ? endpoint.Protocol.ToString() : ""); }