// Requests a certificate to be generated by the Bridge // If the certificate requested is for the local machine, for example if // server hostname is: foo.bar.com // local address is considered to be: 127.0.0.1, localhost, foo, foo.bar.com // Then we also install the certificate to the local machine, because it means we are about to run an HTTPS/SSL test against // this machine. // Otherwise, don't bother installing as the cert is for a remote machine. public override ResourceResponse Put(ResourceRequestContext context) { X509Certificate2 certificate; string subject; if (!context.Properties.TryGetValue(subjectKeyName, out subject) || string.IsNullOrWhiteSpace(subject)) { throw new ArgumentException("When PUTting to this resource, specify an non-empty 'subject'", "context.Properties"); } // There can be multiple subjects, separated by , string[] subjects = subject.Split(','); bool isLocal = IsLocalMachineResource(subjects[0]); lock (s_certificateResourceLock) { if (!s_createdCertsBySubject.TryGetValue(subjects[0], out certificate)) { CertificateGenerator generator = CertificateResourceHelpers.GetCertificateGeneratorInstance(context.BridgeConfiguration); if (isLocal) { // If we're PUTting a cert that refers to a hostname local to the bridge, // return the Local Machine cert that CertificateManager caches and add it to the collection // // If we are receiving a PUT to the same endpoint address as the bridge server, it means that // a test is going to be run on this box // // In keeping with the semantic of these classes, we must PUT before we can GET a cert certificate = CertificateManager.CreateAndInstallLocalMachineCertificates(generator); } else { CertificateCreationSettings certificateCreationSettings = new CertificateCreationSettings() { Subjects = subjects, }; certificate = generator.CreateMachineCertificate(certificateCreationSettings).Certificate; } X509Certificate2 dummy; if (!isLocal || !s_createdCertsByThumbprint.TryGetValue(certificate.Thumbprint, out dummy)) { // when isLocal, it's possible for there to be > 1 subject sharing the same thumbprint // in this case, we only cache the first isLocal subject, the rest we don't cache s_createdCertsBySubject.Add(subjects[0], certificate); s_createdCertsByThumbprint.Add(certificate.Thumbprint, certificate); } } } ResourceResponse response = new ResourceResponse(); response.Properties.Add(thumbprintKeyName, certificate.Thumbprint); response.Properties.Add(isLocalKeyName, isLocal.ToString()); return(response); }
// A bit of a misnomer - you can't really "put" a cert here, and Get will always return you the cert anyway public override ResourceResponse Put(ResourceRequestContext context) { X509Certificate2 certificate = CertificateResourceHelpers.GetCertificateGeneratorInstance(context.BridgeConfiguration).AuthorityCertificate.Certificate; ResourceResponse response = new ResourceResponse(); response.Properties.Add(thumbprintKeyName, certificate.Thumbprint); return(response); }
public override ResourceResponse Get(ResourceRequestContext context) { var certGenerator = CertificateResourceHelpers.GetCertificateGeneratorInstance(context.BridgeConfiguration); lock (s_certificateResourceLock) { ResourceResponse response = new ResourceResponse(); response.RawResponse = certGenerator.CrlEncoded; return(response); } }
// Requests a certificate to be generated by the Bridge based on a user name and not machine name public override ResourceResponse Put(ResourceRequestContext context) { X509Certificate2 certificate; string subject; if (!context.Properties.TryGetValue(subjectKeyName, out subject) || string.IsNullOrWhiteSpace(subject)) { throw new ArgumentException("When PUTting to this resource, specify an non-empty 'subject'", "context.Properties"); } // There can be multiple subjects, separated by , string[] subjects = subject.Split(','); lock (s_certificateResourceLock) { if (!s_createdCertsBySubject.TryGetValue(subjects[0], out certificate)) { CertificateGenerator generator = CertificateResourceHelpers.GetCertificateGeneratorInstance(context.BridgeConfiguration); CertificateCreationSettings certificateCreationSettings = new CertificateCreationSettings() { FriendlyName = "WCF Bridge - UserCertificateResource", Subject = subjects[0], SubjectAlternativeNames = subjects }; certificate = generator.CreateUserCertificate(certificateCreationSettings).Certificate; // Cache the certificates s_createdCertsBySubject.Add(subjects[0], certificate); s_createdCertsByThumbprint.Add(certificate.Thumbprint, certificate); // Created certs get put onto the local machine // We ideally don't want this to happen, but until we find a way to have BridgeClient not need elevation for cert installs // we need this to happen so that running locally doesn't require elevation as it messes up our CI and developer builds CertificateManager.InstallCertificateToMyStore(certificate); } } ResourceResponse response = new ResourceResponse(); response.Properties.Add(thumbprintKeyName, certificate.Thumbprint); return(response); }
public override ResourceResponse Get(ResourceRequestContext context) { X509Certificate2 certificate = CertificateResourceHelpers.GetCertificateGeneratorInstance(context.BridgeConfiguration).AuthorityCertificate.Certificate; string exportAsPemString = string.Empty; bool exportAsPem; ResourceResponse response = new ResourceResponse(); if (context.Properties.TryGetValue(exportAsPemKeyName, out exportAsPemString) && bool.TryParse(exportAsPemString, out exportAsPem) && exportAsPem) { response.RawResponse = Encoding.ASCII.GetBytes(GetCertificateAsPem(certificate)); } else { response.Properties.Add(thumbprintKeyName, certificate.Thumbprint); response.Properties.Add(certificateKeyName, Convert.ToBase64String(certificate.RawData)); } return(response); }
public override ResourceResponse Put(ResourceRequestContext context) { var certGenerator = CertificateResourceHelpers.GetCertificateGeneratorInstance(context.BridgeConfiguration); string serialNumber; lock (s_certificateResourceLock) { if (context.Properties.TryGetValue(revokeSerialNumberKeyName, out serialNumber) && !string.IsNullOrWhiteSpace(serialNumber)) { certGenerator.RevokeCertificateBySerialNumber(serialNumber); } ResourceResponse response = new ResourceResponse(); response.Properties.Add(crlUriKeyName, certGenerator.CrlUri); response.Properties.Add( revokedCertificatesKeyName, string.Join <string>(",", certGenerator.RevokedCertificates)); return(response); } }
public override ResourceResponse Get(ResourceRequestContext context) { string thumbprint; bool thumbprintPresent = context.Properties.TryGetValue(thumbprintKeyName, out thumbprint) && !string.IsNullOrWhiteSpace(thumbprint); string subject; bool subjectPresent = context.Properties.TryGetValue(subjectKeyName, out subject) && !string.IsNullOrWhiteSpace(subject); ResourceResponse response = new ResourceResponse(); // if no subject and no thumbprint parameter provided, provide a list of certs already PUT to this resource if (!thumbprintPresent && !subjectPresent) { string retVal = string.Empty; string[] subjects; string[] thumbprints; lock (s_certificateResourceLock) { int certNum = s_createdCertsBySubject.Count; subjects = new string[certNum]; thumbprints = new string[certNum]; foreach (var keyVal in s_createdCertsBySubject) { --certNum; subjects[certNum] = keyVal.Key; thumbprints[certNum] = keyVal.Value.Thumbprint; } } // this isn't ideal, as semantically in JSON they aren't grouped together. Our current Json serializer implementation // doesn't support serializing nested key-val pairs response.Properties.Add(subjectsKeyName, string.Join(",", subjects)); response.Properties.Add(thumbprintsKeyName, string.Join(",", thumbprints)); return(response); } else { // Otherwise, check on the creation state given the certificate thumbprint or subject // thumbprint is given priority if present X509Certificate2 certificate = null; bool certHasBeenCreated = false; lock (s_certificateResourceLock) { if (thumbprintPresent) { certHasBeenCreated = s_createdCertsByThumbprint.TryGetValue(thumbprint, out certificate); } else if (subjectPresent) { certHasBeenCreated = s_createdCertsBySubject.TryGetValue(subject, out certificate); } } if (certHasBeenCreated) { var certGenerator = CertificateResourceHelpers.GetCertificateGeneratorInstance(context.BridgeConfiguration); response.Properties.Add(thumbprintKeyName, certificate.Thumbprint); response.Properties.Add(certificateKeyName, Convert.ToBase64String(certificate.Export(X509ContentType.Pfx, certGenerator.CertificatePassword))); } else { response.Properties.Add(thumbprintKeyName, string.Empty); response.Properties.Add(certificateKeyName, string.Empty); } return(response); } }