/// <summary>
/// Updates the <see cref="Microsoft.ServiceFabric.Common.Security.RemoteX509SecuritySettings"/> to validate remote certificate.
/// </summary>
/// /// <param name="remoteX509SecuritySettings">Settings to validate remote certificate.</param>
public void UpdateSecuritySettings(RemoteX509SecuritySettings remoteX509SecuritySettings)
{
remoteX509SecuritySettings.ThrowIfNull(nameof(remoteX509SecuritySettings));
this.slimRWLock.EnterWriteLock();
this.remoteX509SecuritySettings = remoteX509SecuritySettings;
this.slimRWLock.ExitWriteLock();
}
public static X509SecuritySettings GetSecurityCredentials()
{
// get the X509Certificate either from Certificate store or from file.
var clientCert = new System.Security.Cryptography.X509Certificates.X509Certificate2(certLocation, "");
var remoteSecuritySettings = new RemoteX509SecuritySettings(new List <string> {
serverCertThumbprint
});
return(new X509SecuritySettings(clientCert, remoteSecuritySettings));
}
private void AppendSecurity(ServiceFabricClientBuilder builder, Manifest manifest)
{
if (!string.IsNullOrWhiteSpace(manifest.ClusterDetails.FindByValue))
{
builder.UseX509Security(_ =>
{
var certificate = FindCertificate(manifest.ClusterDetails);
var remoteSettings = new RemoteX509SecuritySettings(
new List <string>(new[] { certificate.Thumbprint }));
var settings = new X509SecuritySettings(certificate, remoteSettings);
return(Task.FromResult <SecuritySettings>(settings));
});
}
}
private RemoteX509SecuritySettings GetServerX509SecuritySettings()
{
var x509Names = new List <X509Name>();
RemoteX509SecuritySettings remoteX509SecuritySettings = null;
// ServerCommonName or ServerThumbprint must be provided when connecting with IP Address.
if (this.ServerCertThumbprint == null && this.ServerCommonName == null)
{
var uri = this.ConnectionEndpoint.Select(e => new Uri(e)).Where(u => u.HostNameType.Equals(UriHostNameType.Dns));
if (uri.Count() == 0)
{
throw new PSArgumentException(Resource.ErrorNoServerCommonNameIrServerCertThumbprint);
}
x509Names = uri.Select(x => new X509Name(x.Host)).ToList();
remoteX509SecuritySettings = new RemoteX509SecuritySettings(x509Names);
}
else if (this.ServerCommonName != null)
{
// Use Issuer thumbprint if provided.
if (this.IssuerCertThumbprints != null && this.IssuerCertThumbprints.Length > 0)
{
if (this.ServerCommonName.Length != this.IssuerCertThumbprints.Length)
{
throw new PSArgumentException(Resource.CommonNameIssuerThumbprintMismatch);
}
else
{
for (int i = 0; i < this.ServerCommonName.Length; i++)
{
x509Names.Add(new X509Name(this.ServerCommonName[i], this.IssuerCertThumbprints[i]));
}
}
}
else
{
x509Names = this.ServerCommonName.Select(name => new X509Name(name)).ToList();
}
remoteX509SecuritySettings = new RemoteX509SecuritySettings(x509Names);
}
else if (this.ServerCertThumbprint != null)
{
remoteX509SecuritySettings = new RemoteX509SecuritySettings(this.ServerCertThumbprint);
}
return(remoteX509SecuritySettings);
}
public static Task <IServiceFabricClient> ConnectAsync(this ServiceFabricClientBuilder serviceFabricClientBuilder, string ClusterEndPoint, string ThumbPrint, StoreLocation storeLocation = StoreLocation.CurrentUser)
{
var builder = serviceFabricClientBuilder.UseEndpoints(new Uri(ClusterEndPoint));
if (!string.IsNullOrWhiteSpace(ThumbPrint))
{
Func <CancellationToken, Task <SecuritySettings> > GetSecurityCredentials = (ct) =>
{
var store = new X509Store(StoreName.My, storeLocation);
store.Open(OpenFlags.ReadOnly);
var clientCert = store.Certificates.Find(X509FindType.FindByThumbprint, ThumbPrint, false)[0];
var remoteSecuritySettings = new RemoteX509SecuritySettings(new List <string> {
ThumbPrint
});
return(Task.FromResult <SecuritySettings>(new X509SecuritySettings(clientCert, remoteSecuritySettings)));
};
builder = builder.UseX509Security(GetSecurityCredentials);
}
builder.ClientSettings.ClientTimeout = TimeSpan.FromMinutes(15);
return(builder.BuildAsyncDirect());
}
/// <summary>
/// Initializes a new instance of the <see cref="ServerCertificateValidatorHttpWrapper"/> class to perform remote certificate validation using <paramref name="remoteX509SecuritySettings"/>
/// </summary>
/// <param name="remoteX509SecuritySettings">Settings to validate remote certificate.</param>
public ServerCertificateValidatorHttpWrapper(RemoteX509SecuritySettings remoteX509SecuritySettings)
: base(remoteX509SecuritySettings)
{
}
/// <summary>
/// Initializes a new instance of the <see cref="ServerCertificateValidator"/> class to perform remote certificate validation using <paramref name="remoteX509SecuritySettings"/>
/// </summary>
/// <param name="remoteX509SecuritySettings">Settings to validate remote certificate.</param>
public ServerCertificateValidator(RemoteX509SecuritySettings remoteX509SecuritySettings)
{
remoteX509SecuritySettings.ThrowIfNull(nameof(remoteX509SecuritySettings));
this.remoteX509SecuritySettings = remoteX509SecuritySettings;
}
