public void ServiceFault(int statusCode)
{
if (IsEnabled())
{
WriteEvent(ServiceFaultId, statusCode);
}
else
{
Utils.LogWarning(ServiceFaultEventId, ServiceFaultMessage, statusCode);
}
}
public void Warning(string format, params object[] args)
{
if (IsEnabled())
{
Warning(Utils.Format(format, args));
}
else
{
Utils.LogWarning(format, args);
}
}
/// <inheritdoc/>
public async Task <bool> Delete(string thumbprint)
{
const int kRetries = 5;
const int kRetryDelay = 100;
int retry = kRetries;
bool found = false;
do
{
lock (m_lock)
{
Entry entry = Find(thumbprint);
try
{
if (entry != null)
{
if (entry.PrivateKeyFile != null && entry.PrivateKeyFile.Exists)
{
entry.PrivateKeyFile.Delete();
found = true;
}
if (entry.CertificateFile != null && entry.CertificateFile.Exists)
{
entry.CertificateFile.Delete();
found = true;
}
}
retry = 0;
}
catch (IOException)
{
// file to delete may still be in use, retry
Utils.LogWarning("Failed to delete cert [{0}], retry.", thumbprint);
retry--;
}
if (found)
{
m_lastDirectoryCheck = DateTime.MinValue;
}
}
if (retry > 0)
{
await Task.Delay(kRetryDelay).ConfigureAwait(false);
}
} while (retry > 0);
return(found);
}
/// <summary>
/// Creates a fault message.
/// </summary>
/// <param name="request">The request.</param>
/// <param name="exception">The exception.</param>
/// <returns>A fault message.</returns>
protected static ServiceFault CreateFault(IServiceRequest request, Exception exception)
{
DiagnosticsMasks diagnosticsMask = DiagnosticsMasks.ServiceNoInnerStatus;
ServiceFault fault = new ServiceFault();
if (request != null)
{
fault.ResponseHeader.Timestamp = DateTime.UtcNow;
fault.ResponseHeader.RequestHandle = request.RequestHeader.RequestHandle;
if (request.RequestHeader != null)
{
diagnosticsMask = (DiagnosticsMasks)request.RequestHeader.ReturnDiagnostics;
}
}
ServiceResult result = null;
ServiceResultException sre = exception as ServiceResultException;
if (sre != null)
{
result = new ServiceResult(sre);
Utils.LogWarning("SERVER - Service Fault Occurred. Reason={0}", result.StatusCode);
if (sre.StatusCode == StatusCodes.BadUnexpectedError)
{
Utils.LogWarning(Utils.TraceMasks.StackTrace, sre, sre.ToString());
}
}
else
{
result = new ServiceResult(exception, StatusCodes.BadUnexpectedError);
Utils.LogError(exception, "SERVER - Unexpected Service Fault: {0}", exception.Message);
}
fault.ResponseHeader.ServiceResult = result.Code;
StringTable stringTable = new StringTable();
fault.ResponseHeader.ServiceDiagnostics = new DiagnosticInfo(
result,
diagnosticsMask,
true,
stringTable);
fault.ResponseHeader.StringTable = stringTable.ToArray();
return(fault);
}
/// <summary>
/// Finds a certificate in a store.
/// </summary>
/// <param name="needPrivateKey">if set to <c>true</c> the returned certificate must contain the private key.</param>
/// <returns>An instance of the <see cref="X509Certificate2"/> that is embedded by this instance or find it in
/// the selected store pointed out by the <see cref="StorePath"/> using selected <see cref="SubjectName"/>.</returns>
public async Task <X509Certificate2> Find(bool needPrivateKey)
{
X509Certificate2 certificate = null;
// check if the entire certificate has been specified.
if (m_certificate != null && (!needPrivateKey || m_certificate.HasPrivateKey))
{
certificate = m_certificate;
}
else
{
// open store.
using (ICertificateStore store = CertificateStoreIdentifier.CreateStore(StoreType))
{
store.Open(StorePath, false);
X509Certificate2Collection collection = await store.Enumerate().ConfigureAwait(false);
certificate = Find(collection, m_thumbprint, m_subjectName, needPrivateKey);
if (certificate != null)
{
if (needPrivateKey && store.SupportsLoadPrivateKey)
{
var message = new StringBuilder();
message.AppendLine("Loaded a certificate with private key from store {0}.");
message.AppendLine("Ensure to call LoadPrivateKeyEx with password provider before calling Find(true).");
Utils.LogWarning(message.ToString(), StoreType);
}
m_certificate = certificate;
}
}
}
// use the single instance in the certificate cache.
if (needPrivateKey)
{
certificate = m_certificate = CertificateFactory.Load(certificate, true);
}
return(certificate);
}
/// <summary>
/// Loads the cached version of a certificate.
/// </summary>
/// <param name="certificate">The certificate to load.</param>
/// <param name="ensurePrivateKeyAccessible">If true a key container is created for a certificate that must be deleted by calling Cleanup.</param>
/// <returns>The cached certificate.</returns>
/// <remarks>
/// This function is necessary because all private keys used for cryptography
/// operations must be in a key container.
/// Private keys stored in a PFX file have no key container by default.
/// </remarks>
public static X509Certificate2 Load(X509Certificate2 certificate, bool ensurePrivateKeyAccessible)
{
if (certificate == null)
{
return(null);
}
lock (m_certificatesLock)
{
X509Certificate2 cachedCertificate = null;
// check for existing cached certificate.
if (m_certificates.TryGetValue(certificate.Thumbprint, out cachedCertificate))
{
return(cachedCertificate);
}
// nothing more to do if no private key or dont care about accessibility.
if (!certificate.HasPrivateKey || !ensurePrivateKeyAccessible)
{
return(certificate);
}
if (ensurePrivateKeyAccessible)
{
if (!X509Utils.VerifyRSAKeyPair(certificate, certificate))
{
Utils.LogWarning("Trying to add certificate to cache with invalid private key.");
return(null);
}
}
// update the cache.
m_certificates[certificate.Thumbprint] = certificate;
if (m_certificates.Count > 100)
{
Utils.LogWarning("Certificate cache has {0} certificates in it.", m_certificates.Count);
}
}
return(certificate);
}
