//
// Licensed to the Apache Software Foundation (ASF) under one or more
// contributor license agreements.  See the NOTICE file distributed with
// this work for additional information regarding copyright ownership.
// The ASF licenses this file to You under the Apache License, Version 2.0
// (the "License"); you may not use this file except in compliance with
// the License.  You may obtain a copy of the License at
//
//      http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//

//  .Net StockTrader Sample WCF Application for Benchmarking, Performance Analysis and Design Considerations for Service-Oriented Applications

//======================================================================================================
// This is the Order Processor Service Custom Certificate validator.  It utilizes the provide base class,
// CustomCertificateValidator, that comes with Config Service.  This base class uses a list of thumbprints
// for valid certificates we want to accept for clients connecting with client certificates to the secured
// message security mode endpoint.  See the StockTrader Setup and Configuration Guide for details.  You
// must override the base method getAllowedThumbprints and provide your custom list, per below.  For OPS,
// the only two certs that will be allowed are those that ship with the StockTrader sample.  
//======================================================================================================

using System;
using System.Collections.Generic;
using System.Text;
using Trade.Utility;

namespace Trade.ConfigServiceImplementation
{
    /// <summary>
    /// The Order Processor Service custom X.509 certificate validator, that uses the base class
    /// provided with Configuration Service.  This class is referenced in the config file, with the
    /// OPS_M_Security_Behavior behavior configuration for the host exe.
    /// </summary>
    public class CustomCertValidator : CustomCertificateValidator
    {
        /// <summary>
        /// Override to provide our list of valid cert thumbprints for the service.
        /// </summary>
        /// <returns></returns>
        protected override string[] getAllowedThumbprints()
        {
            List<string> thumbprints = new List<string>();

            //This is the thumbprint for the BSLClient Certificate in the BSLClient.pfx file.  Spaces should be removed.
            thumbprints.Add("59d185eae27b5d89df9a90927353206cc89b8a1b");

            //This is the thumbprint for the OPSHost Certificate in the OPSHost.pfx file.  Spaces should be removed. We add
            //this one as well for allowing the service certificate to be used when a node checks its own endpoints.
            thumbprints.Add("fa0f58bb605fa43369e279e8f9088872fde09943");

            return thumbprints.ToArray();
        }
    }
}