示例#1
0
        /// <summary>
        /// Test if the host fits to the binding
        /// 100: full match
        /// 90: partial match (Certificate less specific, e.g. *.example.com cert for sub.example.com binding)
        /// 50,59,48,...: partial match (IIS less specific, e.g. sub.example.com cert for *.example.com binding)
        /// 10: default match (catch-all binding)
        /// 0: no match
        /// </summary>
        /// <param name=""></param>
        /// <param name=""></param>
        /// <returns></returns>
        private int Fits(IIISBinding iis, Identifier certificate, SSLFlags flags)
        {
            // The default (empty) binding matches with all hostnames.
            // But it's not supported with Central SSL
            if (string.IsNullOrEmpty(iis.Host) && (!flags.HasFlag(SSLFlags.CentralSsl)))
            {
                return(10);
            }

            // Match sub.example.com (certificate) with *.example.com (IIS)
            if (iis.Host.StartsWith("*.") && !certificate.Value.StartsWith("*."))
            {
                if (certificate.Value.ToLower().EndsWith(iis.Host.ToLower().Replace("*.", ".")))
                {
                    // If there is a binding for *.a.b.c.com (5) and one for *.c.com (3)
                    // then the hostname test.a.b.c.com (5) is a better (more specific)
                    // for the former than for the latter, so we prefer to use that.
                    var hostLevel    = certificate.Value.Split('.').Length;
                    var bindingLevel = iis.Host.Split('.').Length;
                    return(50 - (hostLevel - bindingLevel));
                }
                return(0);
            }

            // Match *.example.com (certificate) with sub.example.com (IIS)
            if (!iis.Host.StartsWith("*.") && certificate.Value.StartsWith("*."))
            {
                if (iis.Host.ToLower().EndsWith(certificate.Value.ToLower().Replace("*.", ".")))
                {
                    // But it should not match with another.sub.example.com.
                    var hostLevel    = certificate.Value.Split('.').Length;
                    var bindingLevel = iis.Host.Split('.').Length;
                    if (hostLevel == bindingLevel)
                    {
                        return(90);
                    }
                }
                else if (iis.Host.ToLower().Equals(certificate.Value.ToLower().Replace("*.", "")))
                {
                    if (iis.Host.Split('.').Length == 2)
                    {
                        return(89);
                    }
                }
                return(0);
            }

            // Full match
            return(string.Equals(iis.Host, certificate.Value, StringComparison.CurrentCultureIgnoreCase) ? 100 : 0);
        }
示例#2
0
 static string lookupKey(IIISSite site, IIISBinding binding) =>
 site.Id + "#" + binding.BindingInformation.ToLower();