private void AddCertificate()
{
var store = new X509Store(_storeName, StoreLocation.LocalMachine);
store.Open(OpenFlags.ReadWrite);
store.Add(new X509Certificate2("RootTrustedCA.cer"));
var certificate = new X509Certificate2("Server.cer");
store.Add(certificate);
_certificateThumbprint = certificate.Thumbprint;
_certificateConfiguration = new CertificateConfiguration
{
FindBy = X509FindType.FindByThumbprint,
StoreLocation = StoreLocation.LocalMachine,
StoreName = _storeName,
Value = _certificateThumbprint
};
try
{
// Required for server to successfully pick up the certificate
_certificateConfiguration.BindCertificateToPort("6661");
_certificateConfiguration.BindCertificateToPort("6671");
_certificateConfiguration.BindCertificateToPort("6681");
}
catch
{
}
store.Close();
}
private X509Certificate2 LoadCertyficate(CertificateConfiguration configuration)
{
var file = configuration.FilePath;
if (Path.IsPathRooted(file) == false)
{
file = Path.Combine(Directory.GetCurrentDirectory(), file);
}
if (File.Exists(file) == false)
{
throw new FiltersConfigurationException($"Certificate file not found {file}");
}
try
{
var data = File.ReadAllBytes(file);
return(new X509Certificate2(data, configuration.Password, X509KeyStorageFlags.MachineKeySet));
}
catch (Exception e)
{
throw new FiltersConfigurationException($"Error from loading certificate {file}", e);
}
}
protected virtual CertificateConfiguration LoadCertificateConfiguration(Certificates cert)
{
object findValue;
X509FindType findType;
var certConfig = new CertificateConfiguration
{
SubjectDistinguishedName = cert.SubjectDistinguishedName,
};
if (!string.IsNullOrWhiteSpace(cert.SubjectDistinguishedName))
{
findValue = cert.SubjectDistinguishedName;
findType = X509FindType.FindBySubjectDistinguishedName;
}
else
{
Tracing.Error("No distinguished name or thumbprint for certificate: " + cert.Name);
return(certConfig);
}
try
{
certConfig.Certificate = X509Certificates.GetCertificateFromStore(StoreLocation.LocalMachine, StoreName.My, findType, findValue);
}
catch
{
Tracing.Error("No certificate found for: " + findValue);
throw new ConfigurationErrorsException("No certificate found for: " + findValue);
}
return(certConfig);
}
public void SignRequest()
{
var keyConfiguration = new CertificateConfiguration
{
CertificateRequestFileName = @"C:\Pluralsight\Test\Keys\FlightOps.csr",
CertificateFileName = @"C:\Pluralsight\Test\Keys\FlightOps.cer",
KeyLabel = "DuckAirlinesKey",
KeystoreFileName = @"C:\Pluralsight\Test\Keys\FlightOps.key",
PrivateKeyPassword = "******",
DistinguishedName = new DistinguishedName
{
CommonName = "Flight Operations",
OrganizationalUnit = "Security",
Organization = "Duck Airlines",
Locality = "Cleveland",
State = "OH",
Country = "US"
},
SigningKeyLabel = "Cleveland",
SigningKeyFileName = @"C:\Pluralsight\Test\Keys\ClevelandIca.key",
SigningKeyPassword = "******"
};
var certificateAuthority = new CertificateAuthority();
certificateAuthority.SubmitCertificateRequest(@"C:\Pluralsight\Test\Keys\FlightOps.csr");
certificateAuthority.IssueCertificate(keyConfiguration);
}
public static CertificateConfiguration GetCertificateConfiguration(this PsApiManagementSystemCertificate systemCertificate)
{
if (systemCertificate == null)
{
return(null);
}
var certificateConfiguration = new CertificateConfiguration(systemCertificate.StoreName);
if (!string.IsNullOrWhiteSpace(systemCertificate.EncodedCertificate))
{
certificateConfiguration.EncodedCertificate = systemCertificate.EncodedCertificate;
}
if (systemCertificate.CertificatePassword != null)
{
certificateConfiguration.CertificatePassword = systemCertificate.CertificatePassword;
}
if (systemCertificate.CertificateInformation != null &&
string.IsNullOrEmpty(systemCertificate.EncodedCertificate))
{
certificateConfiguration.Certificate = systemCertificate.CertificateInformation.GetCertificateInformation();
}
return(certificateConfiguration);
}
public async Task SslStream_ClientAndServerUsesAuxRecord_Ok()
{
X509Certificate2 serverCert = CertificateConfiguration.GetServerCertificate();
var server = new SchSendAuxRecordTestServer(serverCert);
int port = server.StartServer();
var client = new SchSendAuxRecordTestClient("localhost", port);
var tasks = new Task[2];
tasks[0] = server.RunTest();
tasks[1] = client.RunTest();
await Task.WhenAll(tasks).TimeoutAfter(TestConfiguration.PassingTestTimeoutMilliseconds);
if (server.IsInconclusive)
{
_output.WriteLine("Test inconclusive: The Operating system preferred a non-CBC or Null cipher.");
}
else
{
Assert.True(server.AuxRecordDetected, "Server reports: Client auxiliary record not detected.");
Assert.True(client.AuxRecordDetected, "Client reports: Server auxiliary record not detected.");
}
}
public async Task HttpClient_ClientUsesAuxRecord_Ok()
{
X509Certificate2 serverCert = CertificateConfiguration.GetServerCertificate();
var server = new SchSendAuxRecordTestServer(serverCert);
int port = server.StartServer();
string requestString = "https://localhost:" + port.ToString();
using (var handler = new HttpClientHandler()
{
ServerCertificateCustomValidationCallback = LoopbackServer.AllowAllCertificates
})
using (var client = new HttpClient(handler))
{
var tasks = new Task[2];
tasks[0] = server.RunTest();
tasks[1] = client.GetStringAsync(requestString);
await Task.WhenAll(tasks).TimeoutAfter(15 * 1000);
if (server.IsInconclusive)
{
_output.WriteLine("Test inconclusive: The Operating system preferred a non-CBC or Null cipher.");
}
else
{
Assert.True(server.AuxRecordDetected, "Server reports: Client auxiliary record not detected.");
}
}
}
public static async Task AcceptSocketAsync(Socket server, Func <Socket, Stream, StreamReader, StreamWriter, Task> funcAsync, Options options = null)
{
options = options ?? new Options();
using (Socket s = await server.AcceptAsync().ConfigureAwait(false))
{
Stream stream = new NetworkStream(s, ownsSocket: false);
if (options.UseSsl)
{
var sslStream = new SslStream(stream);
using (var cert = CertificateConfiguration.GetServerCertificate())
{
await sslStream.AuthenticateAsServerAsync(
cert,
clientCertificateRequired : false,
enabledSslProtocols : options.SslProtocols,
checkCertificateRevocation : false).ConfigureAwait(false);
}
stream = sslStream;
}
using (var reader = new StreamReader(stream, Encoding.ASCII))
using (var writer = new StreamWriter(stream, Encoding.ASCII))
{
await funcAsync(s, stream, reader, writer).ConfigureAwait(false);
}
}
}
public CertificateValidationClientServer()
{
_serverCertificateCollection = CertificateConfiguration.GetServerCertificateCollection();
_serverCertificate = CertificateConfiguration.GetServerCertificate();
_clientCertificateCollection = CertificateConfiguration.GetClientCertificateCollection();
_clientCertificate = CertificateConfiguration.GetClientCertificate();
}
public async void SslStream_SendReceiveOverNetworkStream_Ok()
{
TcpListener listener = new TcpListener(IPAddress.Any, 0);
using (X509Certificate2 serverCertificate = CertificateConfiguration.GetServerCertificate())
using (TcpClient client = new TcpClient())
{
listener.Start();
Task clientConnectTask = client.ConnectAsync(IPAddress.Loopback, ((IPEndPoint)listener.LocalEndpoint).Port);
Task <TcpClient> listenerAcceptTask = listener.AcceptTcpClientAsync();
await Task.WhenAll(clientConnectTask, listenerAcceptTask);
TcpClient server = listenerAcceptTask.Result;
using (SslStream clientStream = new SslStream(
client.GetStream(),
false,
new RemoteCertificateValidationCallback(ValidateServerCertificate),
null,
EncryptionPolicy.RequireEncryption))
using (SslStream serverStream = new SslStream(
server.GetStream(),
false,
null,
null,
EncryptionPolicy.RequireEncryption))
{
Task clientAuthenticationTask = clientStream.AuthenticateAsClientAsync(
serverCertificate.GetNameInfo(X509NameType.SimpleName, false),
null,
SslProtocols.Tls12,
false);
Task serverAuthenticationTask = serverStream.AuthenticateAsServerAsync(
serverCertificate,
false,
SslProtocols.Tls12,
false);
await Task.WhenAll(clientAuthenticationTask, serverAuthenticationTask);
byte[] readBuffer = new byte[256];
Task <int> readTask = clientStream.ReadAsync(readBuffer, 0, readBuffer.Length);
byte[] writeBuffer = new byte[256];
Task writeTask = clientStream.WriteAsync(writeBuffer, 0, writeBuffer.Length);
bool result = Task.WaitAll(
new Task[1] {
writeTask
},
TestConfiguration.PassingTestTimeoutMilliseconds);
Assert.True(result, "WriteAsync timed-out.");
}
}
}
public async Task Manual_CertificateSentMatchesCertificateReceived_Success(
int numberOfRequests,
bool reuseClient) // validate behavior with and without connection pooling, which impacts client cert usage
{
var options = new LoopbackServer.Options {
UseSsl = true
};
using (var cert = CertificateConfiguration.GetClientCertificate())
{
Func <HttpClient> createClient = () =>
{
var handler = new HttpClientHandler()
{
ServerCertificateCustomValidationCallback = delegate { return(true); }
};
handler.ClientCertificates.Add(cert);
return(new HttpClient(handler));
};
Func <HttpClient, Socket, Uri, Task> makeAndValidateRequest = async(client, server, url) =>
{
await TestHelper.WhenAllCompletedOrAnyFailed(
client.GetStringAsync(url),
LoopbackServer.AcceptSocketAsync(server, async(socket, stream, reader, writer) =>
{
SslStream sslStream = Assert.IsType <SslStream>(stream);
Assert.Equal(cert, sslStream.RemoteCertificate);
await LoopbackServer.ReadWriteAcceptedAsync(socket, reader, writer);
}, options));
};
await LoopbackServer.CreateServerAsync(async (server, url) =>
{
if (reuseClient)
{
using (var client = createClient())
{
for (int i = 0; i < numberOfRequests; i++)
{
await makeAndValidateRequest(client, server, url);
}
}
}
else
{
for (int i = 0; i < numberOfRequests; i++)
{
using (var client = createClient())
{
await makeAndValidateRequest(client, server, url);
}
}
}
}, options);
}
}
private static X509Certificate2 LoadCertificate(Environment environment, CertificateConfiguration config)
{
if (config.Pfx == null)
{
throw new InvalidOperationException("Certificate file has not been specified");
}
return(new X509Certificate2(File.ReadAllBytes(Path.Combine(environment.Certificates, config.Pfx))));
}
/// <summary>
/// Generates the intermediate certificate.
/// </summary>
/// <param name="certificateConfiguration">The certificate configuration.</param>
private void GenerateIntermediateCertificate(CertificateConfiguration certificateConfiguration)
{
/***************************************************************/
/* Get the CA Certificate */
/***************************************************************/
var caKeyStore = crypt.KeysetOpen(crypt.UNUSED, crypt.KEYSET_FILE,
certificateConfiguration.SigningKeyFileName,
crypt.KEYOPT_READONLY);
var caPrivateKey = crypt.GetPrivateKey(caKeyStore, crypt.KEYID_NAME,
certificateConfiguration.SigningKeyLabel,
certificateConfiguration.SigningKeyPassword);
/* Create an RSA public/private key context, set a label for it, and generate a key into it */
var icaKeyPair = crypt.CreateContext(crypt.UNUSED, crypt.ALGO_RSA);
crypt.SetAttributeString(icaKeyPair, crypt.CTXINFO_LABEL, certificateConfiguration.KeyLabel);
crypt.SetAttribute(icaKeyPair, crypt.CTXINFO_KEYSIZE, 2048 / 8);
crypt.GenerateKey(icaKeyPair);
var icaKeyStore = crypt.KeysetOpen(crypt.UNUSED, crypt.KEYSET_FILE,
certificateConfiguration.KeystoreFileName,
crypt.KEYOPT_CREATE);
crypt.AddPrivateKey(icaKeyStore, icaKeyPair, certificateConfiguration.PrivateKeyPassword);
crypt.KeysetClose(icaKeyStore);
var certChain = crypt.CreateCert(crypt.UNUSED, crypt.CERTTYPE_CERTCHAIN);
crypt.SetAttribute(certChain, crypt.CERTINFO_SUBJECTPUBLICKEYINFO, icaKeyPair);
crypt.SetAttributeString(certChain, crypt.CERTINFO_COUNTRYNAME,
certificateConfiguration.DistinguishedName.Country);
crypt.SetAttributeString(certChain, crypt.CERTINFO_ORGANIZATIONNAME,
certificateConfiguration.DistinguishedName.Organization);
crypt.SetAttributeString(certChain, crypt.CERTINFO_ORGANIZATIONALUNITNAME,
certificateConfiguration.DistinguishedName.OrganizationalUnit);
crypt.SetAttributeString(certChain, crypt.CERTINFO_COMMONNAME,
certificateConfiguration.DistinguishedName.CommonName);
crypt.SetAttribute(certChain, crypt.CERTINFO_CA, 1);
crypt.SignCert(certChain, caPrivateKey);
crypt.AddPublicKey(icaKeyStore, certChain);
var dataSize = crypt.ExportCert(null, 0, crypt.CERTFORMAT_CERTIFICATE, certChain);
var exportedCert = new byte[dataSize];
crypt.ExportCert(exportedCert, dataSize * 2, crypt.CERTFORMAT_CERTIFICATE, certChain);
File.WriteAllBytes(certificateConfiguration.CertificateFileName, exportedCert);
crypt.DestroyCert(certChain);
crypt.KeysetClose(caKeyStore);
crypt.DestroyContext(caPrivateKey);
crypt.DestroyContext(icaKeyPair);
}
public async Task Manual_SSLBackendNotSupported_ThrowsPlatformNotSupportedException()
{
var handler = new HttpClientHandler();
handler.ClientCertificates.Add(CertificateConfiguration.GetClientCertificate());
using (var client = new HttpClient(handler))
{
await Assert.ThrowsAsync <PlatformNotSupportedException>(() => client.GetAsync(HttpTestServers.SecureRemoteEchoServer));
}
}
public void InstallIntermediateCertificatesTest()
{
Environment.SetEnvironmentVariable("AZURE_TEST_MODE", "Playback");
using (MockContext context = MockContext.Start(this.GetType()))
{
var testBase = new ApiManagementTestBase(context);
testBase.serviceProperties.Sku.Name = SkuType.Basic;
testBase.serviceProperties.Certificates = new List <CertificateConfiguration>();
var certConfig = new CertificateConfiguration()
{
StoreName = StoreName.CertificateAuthority.ToString("G"),
EncodedCertificate = testBase.base64EncodedTestCertificateData,
CertificatePassword = testBase.testCertificatePassword
};
testBase.serviceProperties.Certificates.Add(certConfig);
var base64ArrayCertificate = Convert.FromBase64String(testBase.base64EncodedTestCertificateData);
var cert = new X509Certificate2(base64ArrayCertificate, testBase.testCertificatePassword);
var createdService = testBase.client.ApiManagementService.CreateOrUpdate(
resourceGroupName: testBase.rgName,
serviceName: testBase.serviceName,
parameters: testBase.serviceProperties);
ValidateService(createdService,
testBase.serviceName,
testBase.rgName,
testBase.subscriptionId,
testBase.location,
testBase.serviceProperties.PublisherEmail,
testBase.serviceProperties.PublisherName,
testBase.serviceProperties.Sku.Name,
testBase.tags,
PlatformVersion.Stv2);
Assert.NotNull(createdService.Certificates);
Assert.Single(createdService.Certificates);
Assert.Equal(StoreName.CertificateAuthority.ToString("G"), createdService.Certificates.First().StoreName, ignoreCase: true);
Assert.Equal(cert.Thumbprint, createdService.Certificates.First().Certificate.Thumbprint, ignoreCase: true);
// Delete
testBase.client.ApiManagementService.Delete(
resourceGroupName: testBase.rgName,
serviceName: testBase.serviceName);
Assert.Throws <ErrorResponseException>(() =>
{
testBase.client.ApiManagementService.Get(
resourceGroupName: testBase.rgName,
serviceName: testBase.serviceName);
});
}
}
internal PsApiManagementSystemCertificate(CertificateConfiguration certificateConfiguration)
: this()
{
if (certificateConfiguration == null)
{
throw new ArgumentNullException("certificateConfiguration");
}
CertificateInformation = certificateConfiguration.Certificate != null ? new PsApiManagementCertificateInformation(certificateConfiguration.Certificate) : null;
StoreName = certificateConfiguration.StoreName;
}
private bool DoHandshake(SslStream clientSslStream, SslStream serverSslStream)
{
using (X509Certificate2 certificate = CertificateConfiguration.GetServerCertificate())
{
Task[] auth = new Task[2];
auth[0] = clientSslStream.AuthenticateAsClientAsync(certificate.GetNameInfo(X509NameType.SimpleName, false));
auth[1] = serverSslStream.AuthenticateAsServerAsync(certificate);
bool finished = Task.WaitAll(auth, TestConfiguration.PassingTestTimeoutMilliseconds);
return(finished);
}
}
public void SslStream_StreamToStream_Authentication_Success()
{
VirtualNetwork network = new VirtualNetwork();
using (var clientStream = new VirtualNetworkStream(network, isServer: false))
using (var serverStream = new VirtualNetworkStream(network, isServer: true))
using (var client = new SslStream(clientStream, false, AllowAnyServerCertificate))
using (var server = new SslStream(serverStream))
using (X509Certificate2 certificate = CertificateConfiguration.GetServerCertificate())
{
Task[] auth = new Task[2];
auth[0] = client.AuthenticateAsClientAsync(certificate.GetNameInfo(X509NameType.SimpleName, false));
auth[1] = server.AuthenticateAsServerAsync(certificate);
bool finished = Task.WaitAll(auth, TestConfiguration.PassingTestTimeoutMilliseconds);
Assert.True(finished, "Handshake completed in the allotted time");
}
}
public static async Task DownloadCertificates(
DeviceManagementClient client,
string connectionString,
string containerName,
CertificateConfiguration certificateConfiguration)
{
HashSet <string> certificateFilesSet = new HashSet <string>();
MergeCertificateFileNames(certificateConfiguration.rootCATrustedCertificates_Root, certificateFilesSet);
MergeCertificateFileNames(certificateConfiguration.rootCATrustedCertificates_CA, certificateFilesSet);
MergeCertificateFileNames(certificateConfiguration.rootCATrustedCertificates_TrustedPublisher, certificateFilesSet);
MergeCertificateFileNames(certificateConfiguration.rootCATrustedCertificates_TrustedPeople, certificateFilesSet);
MergeCertificateFileNames(certificateConfiguration.certificateStore_CA_System, certificateFilesSet);
MergeCertificateFileNames(certificateConfiguration.certificateStore_Root_System, certificateFilesSet);
MergeCertificateFileNames(certificateConfiguration.certificateStore_My_User, certificateFilesSet);
MergeCertificateFileNames(certificateConfiguration.certificateStore_My_System, certificateFilesSet);
await DownloadCertificates(client, connectionString, containerName, certificateFilesSet);
}
public void SslStream_StreamToStream_Authentication_IncorrectServerName_Fail()
{
VirtualNetwork network = new VirtualNetwork();
using (var clientStream = new VirtualNetworkStream(network, isServer: false))
using (var serverStream = new VirtualNetworkStream(network, isServer: true))
using (var client = new SslStream(clientStream))
using (var server = new SslStream(serverStream))
using (var certificate = CertificateConfiguration.GetServerCertificate())
{
Task[] auth = new Task[2];
auth[0] = client.AuthenticateAsClientAsync("incorrectServer");
auth[1] = server.AuthenticateAsServerAsync(certificate);
Assert.Throws <AuthenticationException>(() =>
{
auth[0].GetAwaiter().GetResult();
});
auth[1].GetAwaiter().GetResult();
}
}
private static async Task <(X509Certificate2 ActiveCertificate, X509Certificate2 SecondaryCertificate)> GetCertificates(IWebHostEnvironment environment, IConfiguration configuration)
{
var certificateConfiguration = new CertificateConfiguration
{
// Use an Azure key vault
CertificateNameKeyVault = configuration["CertificateNameKeyVault"], //"StsCert",
KeyVaultEndpoint = configuration["AzureKeyVaultEndpoint"], // "https://damienbod.vault.azure.net"
// Use a local store with thumbprint
//UseLocalCertStore = Convert.ToBoolean(configuration["UseLocalCertStore"]),
//CertificateThumbprint = configuration["CertificateThumbprint"],
// development certificate
DevelopmentCertificatePfx = Path.Combine(environment.ContentRootPath, "sts_dev_cert.pfx"),
DevelopmentCertificatePassword = "******" //configuration["DevelopmentCertificatePassword"] //"1234",
};
(X509Certificate2 ActiveCertificate, X509Certificate2 SecondaryCertificate)certs = await CertificateService.GetCertificates(
certificateConfiguration).ConfigureAwait(false);
return(certs);
}
public void IssueCertificate(CertificateConfiguration certificateConfiguration)
{
var caKeyStore = crypt.KeysetOpen(crypt.UNUSED, crypt.KEYSET_FILE, certificateConfiguration.SigningKeyFileName,
crypt.KEYOPT_READONLY);
var caKey = crypt.GetPrivateKey(caKeyStore, crypt.KEYID_NAME, certificateConfiguration.SigningKeyLabel, certificateConfiguration.SigningKeyPassword);
var certStore = crypt.KeysetOpen(crypt.UNUSED, crypt.KEYSET_ODBC_STORE, @"TrustUsTest",
crypt.KEYOPT_NONE);
var certRequest = crypt.CAGetItem(certStore, crypt.CERTTYPE_REQUEST_CERT, crypt.KEYID_NAME,
certificateConfiguration.DistinguishedName.CommonName);
crypt.CACertManagement(crypt.CERTACTION_ISSUE_CERT, certStore, caKey, certRequest);
var caGetItem = crypt.CAGetItem(certStore, crypt.CERTTYPE_CERTCHAIN, crypt.KEYID_NAME,
certificateConfiguration.DistinguishedName.CommonName);
var certificate = new Certificate();
File.WriteAllText(certificateConfiguration.CertificateFileName, certificate.ExportCertificateAsText(caGetItem));
crypt.KeysetClose(caKeyStore);
crypt.KeysetClose(certStore);
}
public static async Task <(X509Certificate2 ActiveCertificate, X509Certificate2 SecondaryCertificate)> GetCertificates(CertificateConfiguration certificateConfiguration)
{
(X509Certificate2 ActiveCertificate, X509Certificate2 SecondaryCertificate)certs = (null, null);
if (certificateConfiguration.UseLocalCertStore)
{
using X509Store store = new X509Store(StoreName.My, StoreLocation.LocalMachine);
store.Open(OpenFlags.ReadOnly);
var storeCerts = store.Certificates.Find(X509FindType.FindByThumbprint, certificateConfiguration.CertificateThumbprint, false);
certs.ActiveCertificate = storeCerts[0];
store.Close();
}
else
{
if (!string.IsNullOrEmpty(certificateConfiguration.KeyVaultEndpoint))
{
var credential = new DefaultAzureCredential();
var keyVaultCertificateService = new KeyVaultCertificateService(
certificateConfiguration.KeyVaultEndpoint,
certificateConfiguration.CertificateNameKeyVault);
var secretClient = new SecretClient(
vaultUri: new Uri(certificateConfiguration.KeyVaultEndpoint),
credential);
var certificateClient = new CertificateClient(
vaultUri: new Uri(certificateConfiguration.KeyVaultEndpoint),
credential);
certs = await keyVaultCertificateService.GetCertificatesFromKeyVault(secretClient, certificateClient).ConfigureAwait(false);
}
}
// search for local PFX with password, usually local dev
if (certs.ActiveCertificate == null)
{
certs.ActiveCertificate = new X509Certificate2(
certificateConfiguration.DevelopmentCertificatePfx,
certificateConfiguration.DevelopmentCertificatePassword);
}
return(certs);
}
private void GenerateIntermediateCertificate(CertificateConfiguration configuration)
{
}
private void OnAccept(Task <TcpClient> result)
{
TcpClient client = null;
// Accept current connection
try
{
client = result.Result;
}
catch
{
}
// If we have a connection, then process it
if (client != null)
{
OnClientAccepted(client);
ClientState state;
// Start authentication for SSL?
if (_useSsl)
{
state = new ClientState(client, _sslEncryptionPolicy);
_log.WriteLine("Server: starting SSL authentication.");
SslStream sslStream = null;
X509Certificate2 certificate = CertificateConfiguration.GetServerCertificate();
try
{
sslStream = (SslStream)state.Stream;
_log.WriteLine("Server: attempting to open SslStream.");
sslStream.AuthenticateAsServerAsync(certificate, false, _sslProtocols, false).ContinueWith(t =>
{
certificate.Dispose();
OnAuthenticate(t, state);
}, TaskScheduler.Default);
}
catch (Exception ex)
{
_log.WriteLine("Server: Exception: {0}", ex);
certificate.Dispose();
state.Dispose(); // close connection to client
}
}
else
{
state = new ClientState(client);
// Start listening for data from the client connection
try
{
state.Stream.BeginRead(state.ReceiveBuffer, 0, state.ReceiveBuffer.Length, OnReceive, state);
}
catch
{
}
}
}
// Listen for more client connections
try
{
_listener.AcceptTcpClientAsync().ContinueWith(t => OnAccept(t), TaskScheduler.Default);
}
catch
{
}
}
/// <summary>
/// Initializes a new instance of the <see cref="AzureADIdentityClientBase"/> class.
/// </summary>
/// <param name="certificateConfiguration">An instance of CertificateConfiguration.</param>
public AzureADIdentityClientBase(CertificateConfiguration certificateConfiguration, ILogger <AzureADIdentityClientBase> logger)
{
this.logger = logger ?? throw new ArgumentNullException(nameof(logger));
this.certificateConfiguration = certificateConfiguration ?? throw new ArgumentNullException(nameof(certificateConfiguration));
}
public void RegisterForUpdate(CertificateConfiguration certificateConfiguration)
{
_certificatesToRefresh.Add(certificateConfiguration);
}
public ClientCertificateMiddleware(RequestDelegate next, IOptions <CertificateConfiguration> options)
{
_next = next;
_config = options.Value;
}
public ServerAsyncAuthenticateTest()
{
_log = TestLogging.GetInstance();
_logVerbose = VerboseTestLogging.GetInstance();
_serverCertificate = CertificateConfiguration.GetServerCertificate();
}
