Пример #1
0
        public static object DynamicInvokePut(resource resource)
        {
            if (String.IsNullOrEmpty(resource.name))
            {
                throw new ArgumentNullException("resource.name");
            }

            // Disallow concurrent resource instantation or configuration changes
            lock (ConfigController.BridgeLock)
            {
                AppDomain appDomain;
                if (String.IsNullOrWhiteSpace(ConfigController.CurrentAppDomainName))
                {
                    throw new InvalidOperationException("The Bridge resource folder has not been configured.");
                }
                if (!TypeCache.AppDomains.TryGetValue(ConfigController.CurrentAppDomainName, out appDomain))
                {
                    throw new ArgumentException("Resource not found", "resource");
                }

                Type loaderType = typeof(AssemblyLoader);
                var loader =
                    (AssemblyLoader)appDomain.CreateInstanceFromAndUnwrap(
                        loaderType.Assembly.Location,
                        loaderType.FullName);

                ResourceRequestContext context = new ResourceRequestContext
                {
                    BridgeConfiguration = ConfigController.BridgeConfiguration
                };
                return loader.IResourceCall(resource.name, "Put", new object[] { context });
            }
        }
Пример #2
0
        public static ResourceResponse DynamicInvokeGet(string resourceName, Dictionary<string, string> properties)
        {
            if (String.IsNullOrWhiteSpace(resourceName))
            {
                throw new ArgumentNullException("resourceName");
            }

            // Disallow concurrent resource instantation or configuration changes
            lock (ConfigController.ConfigLock)
            {
                AppDomain appDomain;
                if (!TypeCache.AppDomains.TryGetValue(ConfigController.CurrentAppDomainName, out appDomain))
                {
                    throw new ArgumentException("Resource not found");
                }

                Type loaderType = typeof(AssemblyLoader);
                var loader =
                    (AssemblyLoader)appDomain.CreateInstanceFromAndUnwrap(
                        loaderType.Assembly.Location,
                        loaderType.FullName);

                ResourceRequestContext context = new ResourceRequestContext
                {
                    BridgeConfiguration = ConfigController.BridgeConfiguration,
                    ResourceName = resourceName,
                    Properties = properties
                };

                object result = loader.IResourceCall(resourceName, "Get", new object[] { context });
                return (ResourceResponse) result;
            }
        }
Пример #3
0
        // Requests a certificate to be generated by the Bridge based on a user name and not machine name
        public override ResourceResponse Put(ResourceRequestContext context)
        {
            X509Certificate2 certificate;

            string subject; 
            if (!context.Properties.TryGetValue(subjectKeyName, out subject) || string.IsNullOrWhiteSpace(subject))
            {
                throw new ArgumentException("When PUTting to this resource, specify an non-empty 'subject'", "context.Properties");
            }

            // There can be multiple subjects, separated by ,
            string[] subjects = subject.Split(',');

            lock (s_certificateResourceLock)
            {
                if (!s_createdCertsBySubject.TryGetValue(subjects[0], out certificate))
                {
                    CertificateGenerator generator = CertificateResourceHelpers.GetCertificateGeneratorInstance(context.BridgeConfiguration);

                    certificate = generator.CreateUserCertificate(subjects).Certificate;
                    
                    // Cache the certificates
                    s_createdCertsBySubject.Add(subjects[0], certificate);
                    s_createdCertsByThumbprint.Add(certificate.Thumbprint, certificate);
                }
            }

            ResourceResponse response = new ResourceResponse();
            response.Properties.Add(thumbprintKeyName, certificate.Thumbprint);

            return response;
        }
        protected override void ModifyHost(ServiceHost serviceHost, ResourceRequestContext context)
        {
            // Ensure the service certificate is installed before this endpoint resource is used
            //Create an expired certificate
            CertificateCreationSettings certificateCreationSettings = new CertificateCreationSettings()
            {
                FriendlyName = "WCF Bridge - TcpExpiredServerCertResource",
                ValidityType = CertificateValidityType.Expired,
                ValidityNotBefore = DateTime.UtcNow - TimeSpan.FromDays(4),
                ValidityNotAfter = DateTime.UtcNow - TimeSpan.FromDays(2),
                //If you specify multiple subjects, the first one becomes the subject, and all of them become Subject Alt Names.
                //In this case, the certificate subject is  CN=fqdn, OU=..., O=... , and SANs will be  fqdn, hostname, localhost
                //We do this so that a single bridge setup can deal with all the possible addresses that a client might use.
                //If we don't put "localhost' here, a long-running bridge will not be able to receive requests from both fqdn  and  localhost
                //because the certs won't match.
                Subject = s_fqdn,
                SubjectAlternativeNames = new string[] { s_fqdn, s_hostname, "localhost" }
            };

            X509Certificate2 cert = CertificateResourceHelpers.EnsureCustomCertificateInstalled(context.BridgeConfiguration, certificateCreationSettings, Address);

            serviceHost.Credentials.ServiceCertificate.SetCertificate(StoreLocation.LocalMachine,
                                                        StoreName.My,
                                                        X509FindType.FindByThumbprint,
                                                        cert.Thumbprint);
        }
Пример #5
0
        public static object DynamicInvokePut(resource resource)
        {
            if (String.IsNullOrEmpty(resource.name))
            {
                throw new ArgumentNullException("resource.name");
            }

            AppDomain appDomain;
            if (!TypeCache.AppDomains.TryGetValue(ConfigController.CurrentAppDomainName, out appDomain))
            {
                throw new ArgumentException("Resource not found");
            }

            Type loaderType = typeof(AssemblyLoader);
            var loader =
                (AssemblyLoader)appDomain.CreateInstanceFromAndUnwrap(
                    loaderType.Assembly.Location,
                    loaderType.FullName);

            ResourceRequestContext context = new ResourceRequestContext
            {
                BridgeConfiguration = ConfigController.BridgeConfiguration
            };
            return loader.IResourceCall(resource.name, "Put", new object[] { context });
        }
Пример #6
0
        public object Put(ResourceRequestContext context)
        {
            if (s_currentHost == null)
            {
                lock (s_currentHostLock)
                {
                    if (s_currentHost == null)
                    {
                        s_currentHost = new ServiceHost(
                            typeof(WcfUserNameService),
                            new Uri(string.Format("{0}://localhost:{1}/{2}/enf-base",
                                BaseAddressResource.Http,
                                BaseAddressResource.HttpPort,
                                AppDomain.CurrentDomain.FriendlyName))
                            );
                        s_currentHost.AddServiceEndpoint(
                            typeof(IWcfCustomUserNameService),
                            new BasicHttpBinding(),
                            Address);
                        ModifyBehaviors(s_currentHost.Description);
                        s_currentHost.Open();
                    }
                }
            }

            return s_currentHost.BaseAddresses[0].AbsoluteUri.ToString();
        }
Пример #7
0
        public object Put(ResourceRequestContext context)
        {
            if (s_currentHost == null)
            {
                lock (s_currentHostLock)
                {
                    if (s_currentHost == null)
                    {
                        s_currentHost = new ServiceHost(
                            typeof(WcfUserNameService),
                            new Uri(string.Format("{0}://localhost:{1}/{2}/CustomUserName",
                                BaseAddressResource.Https,
                                BaseAddressResource.HttpsPort,
                                AppDomain.CurrentDomain.FriendlyName))
                            );
                        s_currentHost.AddServiceEndpoint(
                            typeof(IWcfCustomUserNameService),
                            GetBinding(),
                            Address);
                        ModifyBehaviors(s_currentHost.Description);
                        s_currentHost.Open();
                    }
                }
            }

            return s_currentHost.Description.Endpoints.Count != 1 ? null : s_currentHost.Description.Endpoints[0].ListenUri.ToString();
        }
Пример #8
0
        internal static void ResetCertificateGenerator(ResourceRequestContext context)
        {
            var config = context.BridgeConfiguration;

            if (s_certificateGenerator == null)
            {
                lock (s_certificateHelperLock)
                {
                    if (s_certificateGenerator == null)
                    {
                        s_certificateGenerator = new CertificateGenerator()
                        {
                            CertificatePassword = config.BridgeCertificatePassword,
                            CrlUriBridgeHost = string.Format("http://{0}:{1}", config.BridgeHost, config.BridgePort),
                            CrlUriRelativePath = s_crlUriRelativePath,
                            ValidityPeriod = config.BridgeCertificateValidityPeriod
                        };

                        // Upon creation, we want to immediately get the authority certificate and install it 
                        // as it means we are about to run a test requiring certs
                        CertificateManager.InstallCertificateToRootStore(s_certificateGenerator.AuthorityCertificate.Certificate);
                    }
                }
            }
        }
        // A bit of a misnomer - you can't really "put" a cert here, and Get will always return you the cert anyway 
        public override ResourceResponse Put(ResourceRequestContext context)
        {
            X509Certificate2 certificate =
                CertificateResourceHelpers.GetCertificateGeneratorInstance(context.BridgeConfiguration).AuthorityCertificate.Certificate;

            ResourceResponse response = new ResourceResponse();
            response.Properties.Add(thumbprintKeyName, certificate.Thumbprint);

            return response;
        }
Пример #10
0
        protected override void ModifyHost(ServiceHost serviceHost, ResourceRequestContext context)
        {
            // Ensure the https certificate is installed before this endpoint resource is used
            string thumbprint = CertificateResourceHelpers.EnsureSslPortCertificateInstalled(context.BridgeConfiguration);

            serviceHost.Credentials.ServiceCertificate.SetCertificate(StoreLocation.LocalMachine,
                                                        StoreName.My,
                                                        X509FindType.FindByThumbprint,
                                                        thumbprint);
        }
Пример #11
0
        // Requests a certificate to be generated by the Bridge
        // If the certificate requested is for the local machine, for example if 
        // server hostname is: foo.bar.com
        // local address is considered to be: 127.0.0.1, localhost, foo, foo.bar.com
        // Then we also install the certificate to the local machine, because it means we are about to run an HTTPS/SSL test against 
        // this machine. 
        // Otherwise, don't bother installing as the cert is for a remote machine. 
        public override ResourceResponse Put(ResourceRequestContext context)
        {
            X509Certificate2 certificate;

            string subject; 
            if (!context.Properties.TryGetValue(subjectKeyName, out subject) || string.IsNullOrWhiteSpace(subject))
            {
                throw new ArgumentException("When PUTting to this resource, specify an non-empty 'subject'", "context.Properties");
            }

            // There can be multiple subjects, separated by ,
            string[] subjects = subject.Split(',');

            bool isLocal = IsLocalMachineResource(subjects[0]);

            lock (s_certificateResourceLock)
            {
                if (!s_createdCertsBySubject.TryGetValue(subjects[0], out certificate))
                {
                    CertificateGenerator generator = CertificateResourceHelpers.GetCertificateGeneratorInstance(context.BridgeConfiguration);

                    if (isLocal)
                    {
                        // If we're PUTting a cert that refers to a hostname local to the bridge, 
                        // return the Local Machine cert that CertificateManager caches and add it to the collection
                        //
                        // If we are receiving a PUT to the same endpoint address as the bridge server, it means that 
                        // a test is going to be run on this box
                        //
                        // In keeping with the semantic of these classes, we must PUT before we can GET a cert
                        certificate = CertificateManager.CreateAndInstallLocalMachineCertificates(generator);
                    }
                    else
                    {
                        CertificateCreationSettings certificateCreationSettings = new CertificateCreationSettings() { Subjects = subjects, };
                        certificate = generator.CreateMachineCertificate(certificateCreationSettings).Certificate;
                    }

                    X509Certificate2 dummy;
                    if (!isLocal || !s_createdCertsByThumbprint.TryGetValue(certificate.Thumbprint, out dummy))
                    {
                        // when isLocal, it's possible for there to be > 1 subject sharing the same thumbprint
                        // in this case, we only cache the first isLocal subject, the rest we don't cache
                        s_createdCertsBySubject.Add(subjects[0], certificate);
                        s_createdCertsByThumbprint.Add(certificate.Thumbprint, certificate);
                    }
                }
            }

            ResourceResponse response = new ResourceResponse();
            response.Properties.Add(thumbprintKeyName, certificate.Thumbprint);
            response.Properties.Add(isLocalKeyName, isLocal.ToString());

            return response;
        }
        public override ResourceResponse Get(ResourceRequestContext context)
        {
            var certGenerator = CertificateResourceHelpers.GetCertificateGeneratorInstance(context.BridgeConfiguration);

            lock (s_certificateResourceLock)
            {
                ResourceResponse response = new ResourceResponse();
                response.RawResponse = certGenerator.CrlEncoded;
                return response;
            }
        }
        protected override void ModifyHost(ServiceHost serviceHost, ResourceRequestContext context)
        {
            // Ensure the https certificate is installed before this endpoint resource is used
            string thumbprint = CertificateResourceHelpers.EnsureSslPortCertificateInstalled(context.BridgeConfiguration);

            serviceHost.Credentials.ClientCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.Custom;
            serviceHost.Credentials.ClientCertificate.Authentication.CustomCertificateValidator = new MyX509CertificateValidator("DO_NOT_TRUST_WcfBridgeRootCA");
            serviceHost.Credentials.ServiceCertificate.SetCertificate(StoreLocation.LocalMachine,
                                                      StoreName.My,
                                                      X509FindType.FindByThumbprint,
                                                      thumbprint);
        }
Пример #14
0
        protected override void ModifyHost(ServiceHost serviceHost, ResourceRequestContext context)
        {
            // Ensure the https certificate is installed before this endpoint resource is used
            CertificateManager.InstallMyCertificate(context.BridgeConfiguration,
                                                    context.BridgeConfiguration.BridgeHttpsCertificate);

            string certThumbprint = HttpsResource.EnsureHttpsCertificateInstalled(context.BridgeConfiguration);

            serviceHost.Credentials.ServiceCertificate.SetCertificate(StoreLocation.LocalMachine,
                                                      StoreName.My,
                                                      X509FindType.FindByThumbprint,
                                                      certThumbprint);
        }
Пример #15
0
 public object Get(ResourceRequestContext context)
 {
     var http = GetHttpProtocol(context) + AppDomain.CurrentDomain.FriendlyName;
     var https = GetHttpsProtocol(context) + AppDomain.CurrentDomain.FriendlyName;
     var tcp = GetTcpProtocol(context) + AppDomain.CurrentDomain.FriendlyName;
     return new Dictionary<string, string>()
     {
         { "HttpServerBaseAddress", GetHttpProtocol(context) },
         { "HttpBaseAddress", http },
         { "HttpsBaseAddress", https },
         { "HttpsBasicBaseAddress", https },
         { "HttpsDigestBaseAddress", https },
         { "HttpsNtlmBaseAddress", https },
         { "HttpsWindowsBaseAddress", https },
         { "TcpBaseAddress", tcp }
     };
 }
        protected override void ModifyHost(ServiceHost serviceHost, ResourceRequestContext context)
        {
            // Ensure the service certificate is installed before this endpoint resource is used
            //Create a certificate and add to the revocation list
            CertificateCreationSettings certificateCreationSettings = new CertificateCreationSettings()
            {
                IsValidCert = false,
                Subjects = new string[] { s_fqdn, s_hostname, "localhost" }
            };

            X509Certificate2 cert = CertificateResourceHelpers.EnsureRevokedCertificateInstalled(context.BridgeConfiguration, certificateCreationSettings, Address);
            CertificateManager.RevokeCertificate(CertificateResourceHelpers.GetCertificateGeneratorInstance(context.BridgeConfiguration), cert.SerialNumber);

            serviceHost.Credentials.ServiceCertificate.SetCertificate(StoreLocation.LocalMachine,
                                                        StoreName.My,
                                                        X509FindType.FindByThumbprint,
                                                        cert.Thumbprint);
        }
Пример #17
0
        protected override void ModifyHost(ServiceHost serviceHost, ResourceRequestContext context)
        {
            // Ensure the service certificate is installed before this endpoint resource is used
            //Create a certificate and add to the revocation list
            CertificateCreationSettings certificateCreationSettings = new CertificateCreationSettings()
            {
                FriendlyName = "WCF Bridge - TcpRevokedServerCertResource",
                ValidityType = CertificateValidityType.Revoked,
                Subject = s_fqdn,
                SubjectAlternativeNames = new string[] { s_fqdn, s_hostname, "localhost" }
            };

            X509Certificate2 cert = CertificateResourceHelpers.EnsureCustomCertificateInstalled(context.BridgeConfiguration, certificateCreationSettings, Address);

            serviceHost.Credentials.ServiceCertificate.SetCertificate(StoreLocation.LocalMachine,
                                                        StoreName.My,
                                                        X509FindType.FindByThumbprint,
                                                        cert.Thumbprint);
        }
Пример #18
0
        // Requests a certificate to be generated by the Bridge based on a user name and not machine name
        public override ResourceResponse Put(ResourceRequestContext context)
        {
            X509Certificate2 certificate;

            string subject;
            if (!context.Properties.TryGetValue(subjectKeyName, out subject) || string.IsNullOrWhiteSpace(subject))
            {
                throw new ArgumentException("When PUTting to this resource, specify an non-empty 'subject'", "context.Properties");
            }

            // There can be multiple subjects, separated by ,
            string[] subjects = subject.Split(',');

            lock (s_certificateResourceLock)
            {
                if (!s_createdCertsBySubject.TryGetValue(subjects[0], out certificate))
                {
                    CertificateGenerator generator = CertificateResourceHelpers.GetCertificateGeneratorInstance(context.BridgeConfiguration);

                    CertificateCreationSettings certificateCreationSettings = new CertificateCreationSettings()
                    {
                        FriendlyName = "WCF Bridge - UserCertificateResource",
                        Subject = subjects[0],
                        SubjectAlternativeNames = subjects
                    };
                    certificate = generator.CreateUserCertificate(certificateCreationSettings).Certificate;

                    // Cache the certificates
                    s_createdCertsBySubject.Add(subjects[0], certificate);
                    s_createdCertsByThumbprint.Add(certificate.Thumbprint, certificate);

                    // Created certs get put onto the local machine
                    // We ideally don't want this to happen, but until we find a way to have BridgeClient not need elevation for cert installs
                    // we need this to happen so that running locally doesn't require elevation as it messes up our CI and developer builds
                    CertificateManager.InstallCertificateToMyStore(certificate);
                }
            }

            ResourceResponse response = new ResourceResponse();
            response.Properties.Add(thumbprintKeyName, certificate.Thumbprint);

            return response;
        }
        protected override void ModifyHost(ServiceHost serviceHost, ResourceRequestContext context)
        {
            // Ensure the service certificate is installed before this endpoint resource is used
            // Exactly one subject name, which is going to be the CN

            CertificateCreationSettings certificateCreationSettings = new CertificateCreationSettings()
            {
                FriendlyName = "WCF Bridge - TcpCertificateWithSubjectCanonicalNameLocalhostResource",
                Subject = "localhost",
                SubjectAlternativeNames = new string[0],
                ValidityType = CertificateValidityType.NonAuthoritativeForMachine
            };

            X509Certificate2 cert = CertificateResourceHelpers.EnsureCustomCertificateInstalled(context.BridgeConfiguration, certificateCreationSettings, Address);

            serviceHost.Credentials.ServiceCertificate.SetCertificate(StoreLocation.LocalMachine,
                                                        StoreName.My,
                                                        X509FindType.FindByThumbprint,
                                                        cert.Thumbprint);
        }
        protected override void ModifyHost(ServiceHost serviceHost, ResourceRequestContext context)
        {
            // Ensure the service certificate is installed before this endpoint resource is used

            // CN=not-real-subject-name means that a cert for "not-real-subject-name" will be installed 
            // Per #422 this shouldn't matter as we now check with SAN
            
            CertificateCreationSettings certificateCreationSettings = new CertificateCreationSettings()
            {
                FriendlyName = "WCF Bridge - TcpCertificateWithServerAltNameResource",
                Subject = "not-real-subject-name",
                SubjectAlternativeNames = new string[] { "not-real-subject-name", "not-real-subject-name.example.com", s_fqdn, s_hostname, "localhost" }
            };

            X509Certificate2 cert = CertificateResourceHelpers.EnsureCustomCertificateInstalled(context.BridgeConfiguration, certificateCreationSettings, Address);

            serviceHost.Credentials.ServiceCertificate.SetCertificate(StoreLocation.LocalMachine,
                                                        StoreName.My,
                                                        X509FindType.FindByThumbprint,
                                                        cert.Thumbprint);
        }
Пример #21
0
        public override ResourceResponse Get(ResourceRequestContext context)
        {
            X509Certificate2 certificate =
                CertificateResourceHelpers.GetCertificateGeneratorInstance(context.BridgeConfiguration).AuthorityCertificate.Certificate;

            string exportAsPemString = string.Empty;
            bool exportAsPem;

            ResourceResponse response = new ResourceResponse();

            if (context.Properties.TryGetValue(exportAsPemKeyName, out exportAsPemString) && bool.TryParse(exportAsPemString, out exportAsPem) && exportAsPem)
            {
                response.RawResponse = Encoding.ASCII.GetBytes(GetCertificateAsPem(certificate));
            }
            else
            {
                response.Properties.Add(thumbprintKeyName, certificate.Thumbprint);
                response.Properties.Add(certificateKeyName, Convert.ToBase64String(certificate.RawData));
            }

            return response;
        }
        public override ResourceResponse Put(ResourceRequestContext context)
        {
            var certGenerator = CertificateResourceHelpers.GetCertificateGeneratorInstance(context.BridgeConfiguration);

            string serialNumber;

            lock (s_certificateResourceLock)
            {
                if (context.Properties.TryGetValue(revokeSerialNumberKeyName, out serialNumber) && !string.IsNullOrWhiteSpace(serialNumber))
                {
                    certGenerator.RevokeCertificateBySerialNumber(serialNumber);
                }

                ResourceResponse response = new ResourceResponse();
                response.Properties.Add(crlUriKeyName, certGenerator.CrlUri);

                response.Properties.Add(
                    revokedCertificatesKeyName,
                    string.Join<string>(",", certGenerator.RevokedCertificates));

                return response;
            }
        }
Пример #23
0
        public static ResourceResponse DynamicInvokeGet(string resourceName, Dictionary<string, string> properties)
        {
            if (String.IsNullOrWhiteSpace(resourceName))
            {
                throw new ArgumentNullException("resourceName");
            }

            // Disallow concurrent resource instantation or configuration changes
            lock (ConfigController.ConfigLock)
            {
                AssemblyLoader loader = GetLoaderFromAppDomain();

                ResourceRequestContext context = new ResourceRequestContext
                {
                    BridgeConfiguration = ConfigController.BridgeConfiguration,
                    ResourceName = resourceName,
                    Properties = properties
                };

                object result = loader.IResourceCall(resourceName, "Get", new object[] { context });
                return (ResourceResponse)result;
            }
        }
 public static string GetHttpsProtocol(ResourceRequestContext context)
 {
     return string.Format("https://{0}:{1}/",
                         context.BridgeConfiguration.BridgeHost,
                         context.BridgeConfiguration.BridgeHttpsPort);
 }
Пример #25
0
 protected override void ModifyHost(ServiceHost serviceHost, ResourceRequestContext context)
 {
     AuthenticationResourceHelper.ConfigureServiceHostUseDigestAuth(serviceHost);
     base.ModifyHost(serviceHost, context);
 }
 public ResourceResponse Put(ResourceRequestContext context)
 {
     throw new NotImplementedException("Cannot PUT on this resource");
 }
Пример #27
0
 protected override string GetHost(ResourceRequestContext context)
 {
     return Environment.MachineName;
 }
 public abstract override ResourceResponse Put(ResourceRequestContext context); 
        public override ResourceResponse Get(ResourceRequestContext context)
        {
            string thumbprint;
            bool thumbprintPresent = context.Properties.TryGetValue(thumbprintKeyName, out thumbprint) && !string.IsNullOrWhiteSpace(thumbprint);

            string subject;
            bool subjectPresent = context.Properties.TryGetValue(subjectKeyName, out subject) && !string.IsNullOrWhiteSpace(subject);

            ResourceResponse response = new ResourceResponse();

            // if no subject and no thumbprint parameter provided, provide a list of certs already PUT to this resource 
            if (!thumbprintPresent && !subjectPresent)
            {
                string retVal = string.Empty;
                string[] subjects;
                string[] thumbprints;

                lock (s_certificateResourceLock)
                {
                    int certNum = s_createdCertsBySubject.Count;
                    subjects = new string[certNum];
                    thumbprints = new string[certNum];

                    foreach (var keyVal in s_createdCertsBySubject)
                    {
                        --certNum;
                        subjects[certNum] = keyVal.Key;
                        thumbprints[certNum] = keyVal.Value.Thumbprint;
                    }
                }

                // this isn't ideal, as semantically in JSON they aren't grouped together. Our current Json serializer implementation 
                // doesn't support serializing nested key-val pairs
                response.Properties.Add(subjectsKeyName, string.Join(",", subjects));
                response.Properties.Add(thumbprintsKeyName, string.Join(",", thumbprints));
                return response;
            }
            else
            {
                // Otherwise, check on the creation state given the certificate thumbprint or subject
                // thumbprint is given priority if present

                X509Certificate2 certificate = null;
                bool certHasBeenCreated = false;

                lock (s_certificateResourceLock)
                {
                    if (thumbprintPresent)
                    {
                        certHasBeenCreated = s_createdCertsByThumbprint.TryGetValue(thumbprint, out certificate);
                    }
                    else if (subjectPresent)
                    {
                        certHasBeenCreated = s_createdCertsBySubject.TryGetValue(subject, out certificate);
                    }
                }

                if (certHasBeenCreated)
                {
                    var certGenerator = CertificateResourceHelpers.GetCertificateGeneratorInstance(context.BridgeConfiguration); 

                    response.Properties.Add(thumbprintKeyName, certificate.Thumbprint);
                    response.Properties.Add(certificateKeyName, Convert.ToBase64String(certificate.Export(X509ContentType.Pfx, certGenerator.CertificatePassword)));
                }
                else
                {
                    response.Properties.Add(thumbprintKeyName, string.Empty);
                    response.Properties.Add(certificateKeyName, string.Empty);
                }
                return response;
            }
        }
 public static string GetTcpProtocol(ResourceRequestContext context)
 {
     return string.Format("net.tcp://{0}:{1}/",
                         context.BridgeConfiguration.BridgeHost,
                         context.BridgeConfiguration.BridgeTcpPort);
 }