public X509SecurityTokenProvider(StoreLocation storeLocation, StoreName storeName, X509FindType findType, object findValue)
{
if (findValue == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("findValue");
}
X509CertificateStore store = new X509CertificateStore(storeName, storeLocation);
X509Certificate2Collection certificates = null;
try
{
store.Open(OpenFlags.ReadOnly);
certificates = store.Find(findType, findValue, false);
if (certificates.Count < 1)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.CannotFindCert, storeName, storeLocation, findType, findValue)));
}
if (certificates.Count > 1)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.FoundMultipleCerts, storeName, storeLocation, findType, findValue)));
}
this.certificate = new X509Certificate2(certificates[0]);
}
finally
{
SecurityUtils.ResetAllCertificates(certificates);
store.Close();
}
}
public X509SecurityTokenProvider(StoreLocation storeLocation, StoreName storeName, X509FindType findType, object findValue)
{
if (findValue == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("findValue");
}
X509CertificateStore store = new X509CertificateStore(storeName, storeLocation);
X509Certificate2Collection certificates = null;
try
{
store.Open(OpenFlags.ReadOnly);
certificates = store.Find(findType, findValue, false);
if (certificates.Count < 1)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("CannotFindCert", new object[] { storeName, storeLocation, findType, findValue })));
}
if (certificates.Count > 1)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("FoundMultipleCerts", new object[] { storeName, storeLocation, findType, findValue })));
}
this.certificate = new X509Certificate2(certificates[0]);
}
finally
{
System.IdentityModel.SecurityUtils.ResetAllCertificates(certificates);
store.Close();
}
}
static bool StoreContainsCertificate(StoreName storeName, X509Certificate2 certificate)
{
X509CertificateStore store = new X509CertificateStore(storeName, StoreLocation.CurrentUser);
X509Certificate2Collection certificates = null;
try
{
store.Open(OpenFlags.ReadOnly);
certificates = store.Find(X509FindType.FindByThumbprint, certificate.GetCertHash(), false);
return(certificates.Count > 0);
}
finally
{
SecurityUtils.ResetAllCertificates(certificates);
store.Close();
}
}
static bool StoreContainsCertificate(StoreName storeName, X509Certificate2 certificate)
{
X509CertificateStore store = new X509CertificateStore(storeName, StoreLocation.CurrentUser);
X509Certificate2Collection certificates = null;
try
{
store.Open(OpenFlags.ReadOnly);
certificates = store.Find(X509FindType.FindByThumbprint, certificate.GetCertHash(), false);
// store.Find(X509FindType.FindByThumbprint, certificate.GetCertHash(), false) gets a cert
// from a store only by comparing SHA-1 certificate hash.
// This is vulnerable to known SHA1 collision attacks where an attacker can produce different certificates
// with the same thumbprint and get a service to trust one of the certificates and later use another.
// As a precaution, we will check if the certificate collection contains the given certificate by comparing certificate's raw data byte-by-byte.
return(SecurityUtils.CollectionContainsCertificate(certificates, certificate));
}
finally
{
SecurityUtils.ResetAllCertificates(certificates);
store.Close();
}
}
static bool StoreContainsCertificate(StoreName storeName, X509Certificate2 certificate)
{
X509CertificateStore store = new X509CertificateStore(storeName, StoreLocation.CurrentUser);
X509Certificate2Collection certificates = null;
try
{
store.Open(OpenFlags.ReadOnly);
certificates = store.Find(X509FindType.FindByThumbprint, certificate.GetCertHash(), false);
return certificates.Count > 0;
}
finally
{
SecurityUtils.ResetAllCertificates(certificates);
store.Close();
}
}
