public static void ClientCredentialType_Property_Sets(TcpClientCredentialType credentialType)
{
TcpTransportSecurity transport = new TcpTransportSecurity();
transport.ClientCredentialType = credentialType;
Assert.Equal <TcpClientCredentialType>(credentialType, transport.ClientCredentialType);
}
public TcpTransportSecurity()
{
_clientCredentialType = DefaultClientCredentialType;
_protectionLevel = DefaultProtectionLevel;
_extendedProtectionPolicy = ChannelBindingUtility.DefaultPolicy;
_sslProtocols = TransportDefaults.SslProtocols;
}
public BindingProperties(SecurityMode securityMode, MessageCredentialType messageCredentialType,
TcpClientCredentialType tcpClientCredentialType, ProtectionLevel protectionLevel,
int maxConnections, long maxReceivedMessageSize, long maxBufferPoolSize, int maxArrayLength,
int maxBytesPerRead, int maxDepth, int maxStringContentLength, int maxBufferSize,
TimeSpan openTimeout, TimeSpan closeTimeout, TimeSpan receiveTimeout, TimeSpan sendTimeout)
{
m_SecurityMode = securityMode;
m_MessageCredentialType = messageCredentialType;
m_TcpClientCredentialType = tcpClientCredentialType;
m_ProtectionLevel = protectionLevel;
m_MaxConnections = maxConnections;
m_MaxReceivedMessageSize = maxReceivedMessageSize;
m_MaxBufferPoolSize = maxBufferPoolSize;
m_MaxArrayLength = maxArrayLength;
m_MaxBytesPerRead = maxBytesPerRead;
m_MaxDepth = maxDepth;
m_MaxStringContentLength = maxStringContentLength;
m_MaxBufferSize = maxBufferSize;
m_OpenTimeout = openTimeout;
m_CloseTimeout = closeTimeout;
m_ReceiveTimeout = receiveTimeout;
m_SendTimeout = sendTimeout;
}
public TcpTransportSecurity()
{
this.clientCredentialType = DefaultClientCredentialType;
this.protectionLevel = DefaultProtectionLevel;
this.extendedProtectionPolicy = ChannelBindingUtility.DefaultPolicy;
this.sslProtocols = TransportDefaults.SslProtocols;
}
static CredentialTypeEx ConvertCredentials(TcpClientCredentialType credentials)
{
switch (credentials)
{
case TcpClientCredentialType.Certificate:
{
return(CredentialTypeEx.Certificate);
}
case TcpClientCredentialType.None:
{
return(CredentialTypeEx.None);
}
case TcpClientCredentialType.Windows:
{
return(CredentialTypeEx.Windows);
}
default:
{
throw new InvalidOperationException("Unknown credentials type");
}
}
}
internal static bool IsDefined(TcpClientCredentialType value)
{
if ((value != TcpClientCredentialType.None) && (value != TcpClientCredentialType.Windows))
{
return(value == TcpClientCredentialType.Certificate);
}
return(true);
}
internal static bool IsDefined(TcpClientCredentialType value)
{
if ((value != TcpClientCredentialType.None) && (value != TcpClientCredentialType.Windows))
{
return (value == TcpClientCredentialType.Certificate);
}
return true;
}
internal static bool IsDefined(TcpClientCredentialType value)
{
return(value == TcpClientCredentialType.None ||
value == TcpClientCredentialType.Windows ||
value == TcpClientCredentialType.Certificate);
}
public TcpTransportSecurity()
{
_clientCredentialType = DefaultClientCredentialType;
_protectionLevel = DefaultProtectionLevel;
_sslProtocols = TransportDefaults.SslProtocols;
}
internal static bool IsDefined(TcpClientCredentialType value)
{
return (value == TcpClientCredentialType.None ||
value == TcpClientCredentialType.Windows ||
value == TcpClientCredentialType.Certificate);
}
public TcpTransportSecurity()
{
_clientCredentialType = DefaultClientCredentialType;
_protectionLevel = DefaultProtectionLevel;
_sslProtocols = TransportDefaults.SslProtocols;
}
public TcpTransportSecurity()
{
_clientCredentialType = DefaultClientCredentialType;
_protectionLevel = DefaultProtectionLevel;
}
static CredentialTypeEx ConvertCredentials(TcpClientCredentialType credentials)
{
switch(credentials)
{
case TcpClientCredentialType.Certificate:
{
return CredentialTypeEx.Certificate;
}
case TcpClientCredentialType.None:
{
return CredentialTypeEx.None;
}
case TcpClientCredentialType.Windows:
{
return CredentialTypeEx.Windows;
}
default:
{
throw new InvalidOperationException("Unknown credentials type");
}
}
}
public TcpTransportSecurity()
{
_clientCredentialType = DefaultClientCredentialType;
_protectionLevel = DefaultProtectionLevel;
}
// This is one-stop setup for TestHelpers methods to start doing the desired work.
public static void SetHelperParameters(
TestBinding useBinding,
string hostName,
string appName,
int selfHostPortStartingNumber,
int numSelfHostPorts,
// security-related parameters
SecurityMode bindingSecurityMode,
HttpClientCredentialType httpClientCredentialType,
TcpClientCredentialType tcpClientCredentialType,
string serverDnsEndpointIdentity,
string clientCertThumbprint,
StoreName clientCertStoreName,
StoreLocation clientCertStoreLocation,
int openTimeoutMSecs, int closeTimeoutMSecs, int receiveTimeoutMSecs, int sendTimeoutMSecs,
int customConnectionPoolSize,
bool debugMode
)
{
UseBinding = useBinding;
s_debugMode = debugMode;
s_hostName = hostName;
s_selfHostPorts = numSelfHostPorts;
s_bindingSecurityMode = bindingSecurityMode;
s_httpClientCredentialType = httpClientCredentialType;
s_tcpClientCredentialType = tcpClientCredentialType;
s_serverDnsEndpointIdentity = serverDnsEndpointIdentity;
s_clientCertThumbprint = clientCertThumbprint;
s_clientCertStoreLocation = clientCertStoreLocation;
s_clientCertStoreName = clientCertStoreName;
s_openTimeoutMSeconds = openTimeoutMSecs;
s_closeTimeoutMSeconds = closeTimeoutMSecs;
s_receiveTimeoutMSeconds = receiveTimeoutMSecs;
s_sendTimeoutMSeconds = sendTimeoutMSecs;
s_customConnectionPoolSize = customConnectionPoolSize;
//
// validate security parameters to make it easier to identify incorrect ones
//
if (bindingSecurityMode == SecurityMode.Transport)
{
// For cert auth we need:
if (httpClientCredentialType == HttpClientCredentialType.Certificate || tcpClientCredentialType == TcpClientCredentialType.Certificate)
{
// a thumbprint
if (string.IsNullOrEmpty(clientCertThumbprint))
{
throw new ArgumentException("Client certificate thumbprint must be provided for certificate authentication");
}
// server's DNS endpoint identity string
if (string.IsNullOrEmpty(serverDnsEndpointIdentity))
{
throw new ArgumentException("Server's DNS endpoint identity must be provided for certificate authentication");
}
// WCF authentication errors are not always informative so we place some diagnostics here
if (debugMode)
{
using (X509Store store = new X509Store(s_clientCertStoreName, s_clientCertStoreLocation))
{
Console.WriteLine(String.Format("Looking for cert in store: {0} location:{1}",
s_clientCertStoreName.ToString(), s_clientCertStoreLocation.ToString()));
store.Open(OpenFlags.ReadOnly);
X509Certificate2Collection foundCertificates = store.Certificates.Find(X509FindType.FindByThumbprint, clientCertThumbprint, false);
foreach (var cert in foundCertificates)
{
string hasPrivateKey, dnsName = "", altDnsName = "", privateKeys = "";
try
{
dnsName = cert.GetNameInfo(X509NameType.DnsName, false);
}
catch { }
try
{
altDnsName = cert.GetNameInfo(X509NameType.DnsFromAlternativeName, false);
}
catch { }
try
{
hasPrivateKey = cert.HasPrivateKey.ToString();
}
catch (Exception e)
{
hasPrivateKey = e.Message;
}
try
{
privateKeys += "RSA key: " + (cert.GetRSAPrivateKey()?.KeySize).ToString();
}
catch (Exception ee)
{
privateKeys = ee.Message;
}
Console.WriteLine(String.Format("Found cert with Name: {0}, Authority: {1}, Subject {2}, Has private key: {3}, privateKeyLength: {4} dnsName: {5}, altDnsName: {6} .",
cert.FriendlyName, cert.Issuer, cert.Subject, hasPrivateKey, privateKeys, dnsName, altDnsName));
}
}
}
}
}
else if (bindingSecurityMode == SecurityMode.None)
{
// Reject incompatible parameters
if (s_httpClientCredentialType != HttpClientCredentialType.None || s_tcpClientCredentialType != TcpClientCredentialType.None)
{
throw new ArgumentException(String.Format("Client credential types ({0} {1}) are incompatible with binding security mode {2}",
s_httpClientCredentialType, s_tcpClientCredentialType, bindingSecurityMode));
}
}
else
{
throw new ArgumentException("Only SecurityMode.None and SecurityMode.Transport are supported", "bindingSecurityMode");
}
// pre-set urls
s_httpHelloUrl = "http://" + hostName + "/" + appName + "/Service1.svc";
MultiPortUrlHelper(selfHostPortStartingNumber, numSelfHostPorts, hostName, "http://{0}:{1}/Service1.svc", out s_sh_httpHelloUrls);
s_httpsHelloUrl = "https://" + hostName + "/" + appName + "/Service1.svc";
MultiPortUrlHelper(selfHostPortStartingNumber, numSelfHostPorts, hostName, "https://{0}:{1}/Service1.svc", out s_sh_httpsHelloUrls);
s_httpStreamingUrl = "http://" + hostName + "/" + appName + "/StreamingService.svc";
MultiPortUrlHelper(selfHostPortStartingNumber, numSelfHostPorts, hostName, "http://{0}:{1}/StreamingService.svc", out s_sh_httpStreamingUrls);
s_httpsStreamingUrl = "https://" + hostName + "/" + appName + "/StreamingService.svc";
MultiPortUrlHelper(selfHostPortStartingNumber, numSelfHostPorts, hostName, "https://{0}:{1}/StreamingService.svc", out s_sh_httpsStreamingUrls);
s_httpDuplexUrl = "http://" + hostName + "/" + appName + "/DuplexService.svc";
s_tcpHelloUrl = "net.tcp://" + hostName + ":808/" + appName + "/Service1.svc";
MultiPortUrlHelper(selfHostPortStartingNumber, numSelfHostPorts, hostName, "net.tcp://{0}:{1}/Service1.svc", out s_sh_tcpHelloUrls);
s_tcpDupUrl = "net.tcp://" + hostName + ":808/" + appName + "/DuplexService.svc";
MultiPortUrlHelper(selfHostPortStartingNumber, numSelfHostPorts, hostName, "net.tcp://{0}:{1}/DuplexService.svc", out s_sh_tcpDupUrls);
s_tcpStreamingUrl = "net.tcp://" + hostName + ":808/" + appName + "/StreamingService.svc";
MultiPortUrlHelper(selfHostPortStartingNumber, numSelfHostPorts, hostName, "net.tcp://{0}:{1}/StreamingService.svc", out s_sh_tcpStreamingUrls);
s_netHttpHelloUrl = "ws://" + hostName + "/" + appName + "/Service1.svc/websocket";
MultiPortUrlHelper(selfHostPortStartingNumber, numSelfHostPorts, hostName, "net.tcp://{0}:{1}/Service1.svc/nethttp", out s_sh_netHttpHelloUrl);
s_netHttpDupUrl = "ws://" + hostName + "/" + appName + "/DuplexService.svc/websocket";
MultiPortUrlHelper(selfHostPortStartingNumber, numSelfHostPorts, hostName, "net.tcp://{0}:{1}/DuplexService.svc/websocket", out s_sh_netHttpDupUrl);
s_netHttpStreamingUrl = "ws://" + hostName + "/" + appName + "/StreamingService.svc/websocket";
MultiPortUrlHelper(selfHostPortStartingNumber, numSelfHostPorts, hostName, "net.tcp://{0}:{1}/StreamingService.svc", out s_sh_netHttpStreamingUrl);
s_netHttpDupStreamingUrl = "ws://" + hostName + "/" + appName + "/DuplexStreamingService.svc";
MultiPortUrlHelper(selfHostPortStartingNumber, numSelfHostPorts, hostName, "net.tcp://{0}:{1}/DuplexStreamingService.svc", out s_sh_netHttpDupStreamingUrl);
}
public static void ClientCredentialType_Property_Sets(TcpClientCredentialType credentialType)
{
TcpTransportSecurity transport = new TcpTransportSecurity();
transport.ClientCredentialType = credentialType;
Assert.Equal<TcpClientCredentialType>(credentialType, transport.ClientCredentialType);
}
public TcpTransportSecurity()
{
this.clientCredentialType = DefaultClientCredentialType;
this.protectionLevel = DefaultProtectionLevel;
this.extendedProtectionPolicy = ChannelBindingUtility.DefaultPolicy;
}
