//Server Side
public void BeforeSendReply(ref System.ServiceModel.Channels.Message reply, object correlationState)
{
X509Certificate2 myCert = CryptoHelper.FindCertificate(StoreLocation.LocalMachine, StoreName.My, X509FindType.FindBySubjectDistinguishedName, "CN=klServer");
byte[] myHash = myCert.GetCertHash();
byte[] mySignedHash = CryptoHelper.Sign(myHash, myCert);
byte[] mySignedDetachedHash = CryptoHelper.SignDetached(myHash, myCert);
byte[] myEncryptedHash = CryptoHelper.Encrypt(mySignedHash, myCert);
byte[] myEncryptedDetachedHash = CryptoHelper.Encrypt(mySignedDetachedHash, myCert);
byte[] myDecodedHash = CryptoHelper.VerifyAndRemoveSignature(mySignedHash);
bool myOK = CryptoHelper.VerifyDetached(mySignedHash, mySignedDetachedHash);
char[] keyChars = new char[mySignedHash.Length];
for (int i = 0; i < mySignedHash.Length; i++)
{
keyChars[i] = (char)mySignedHash[i];
}
reply.Headers.Add((new CustomSecurityHeader(new string(keyChars))));
MessageBuffer buffer = reply.CreateBufferedCopy(Int32.MaxValue);
reply = buffer.CreateMessage();
Console.WriteLine("Service Sending:\n{0}", buffer.CreateMessage().ToString());
}
//Client Side
public void AfterReceiveReply(ref Message reply, object correlationState)
{
MessageBuffer buffer = reply.CreateBufferedCopy(Int32.MaxValue);
reply = buffer.CreateMessage();
Console.WriteLine("Client Received:\n{0}", buffer.CreateMessage().ToString());
X509Certificate2 myCert = CryptoHelper.FindCertificate(StoreLocation.LocalMachine, StoreName.My, X509FindType.FindBySubjectDistinguishedName, "CN=klServer");
byte[] myHash = myCert.GetCertHash();
Int32 headerPosition = reply.Headers.FindHeader(CustomHeaderNames.CustomHeaderName, CustomHeaderNames.CustomHeaderNamespace);
XmlDictionaryReader reader = reply.Headers.GetReaderAtHeader(headerPosition);
CustomSecurityHeader header = CustomSecurityHeader.ReadHeader(reader);
string mySignedHashString = header.Key;
char[] mysignedHashCharArray = mySignedHashString.ToArray();
byte[] mySignedHash = new byte[mySignedHashString.Length];
for (int i = 0; i < mySignedHashString.Length; i++)
{
mySignedHash[i] = (byte)mysignedHashCharArray[i];
}
byte[] myDecodedHash = CryptoHelper.VerifyAndRemoveSignature(mySignedHash);
for (int i = 0; i < myHash.Length; i++)
{
if (myDecodedHash[i] != myHash[i])
{
throw new Exception("Access Denied");
}
}
}
public static void RunLocalLicenseKeyHelper()
{
InstallPerServerLicensePkCertificates();
var mac = GetMacAddress();
var myMac = new byte[mac.Length];
for (int i = 0; i < mac.Length; i++)
{
myMac[i] = (byte)mac[i];
}
byte[] mySignedMacPrivateKey = SignMacWithPrivateKey(myMac);
byte[] myDecodedMacPrivate = CryptoHelper.VerifyAndRemoveSignature(mySignedMacPrivateKey);
for (int i = 0; i < myDecodedMacPrivate.Length; i++)
{
if (myDecodedMacPrivate[i] != myMac[i])
{
throw new Exception("kl License Key Invalid");
}
}
var myFile = File.OpenWrite("signedMac");
myFile.Write(mySignedMacPrivateKey, 0, mySignedMacPrivateKey.Length);
myFile.Close();
//Remove Certificates with private keys
var store = new X509Store(StoreName.My, StoreLocation.LocalMachine);
try
{
store.Open(OpenFlags.ReadWrite);
RemoveCertificates(store, "CN=klLicenseKeyGen");
}
finally
{
store.Close();
}
store = new X509Store(StoreName.TrustedPeople, StoreLocation.LocalMachine);
try
{
store.Open(OpenFlags.ReadWrite);
RemoveCertificates(store, "CN=klLicenseKeyGen");
}
finally
{
store.Close();
}
store = new X509Store("TRUST", StoreLocation.LocalMachine);
try
{
store.Open(OpenFlags.ReadWrite);
RemoveCertificates(store, "CN=klLicenseKeyGenBase");
}
finally
{
store.Close();
}
InstallPerServerLicensePublicCertificates();
myFile = File.OpenRead("signedMac");
long length = myFile.Length;
var myRead = new byte[length];
myFile.Read(myRead, 0, (int)length);
myFile.Close();
//Since we removed the private keys and instaleld the public ones, this step simulates the
//validation step that allows the WCF security to be installed on the machine with the specified MAC address.
var signedMessage = new SignedCms();
signedMessage.Decode(myRead);
signedMessage.CheckSignature(true);
byte[] myDecodedMac = signedMessage.ContentInfo.Content;
for (int i = 0; i < myDecodedMacPrivate.Length; i++)
{
if (myDecodedMac[i] != myMac[i])
{
throw new Exception("kl License Key Invalid");
}
}
//Now we have the prerequisites to install the certificates on this machine.
SecureString mySs = GetSecureStringFromConsole();
InstallWcfSecurityCertificates(mySs);
}
