private X509SecurityToken getToken(string which)
{
X509SecurityToken token = null;
X509CertificateStore store = null;
string serverKeyIdentifier = "bBwPfItvKp3b6TNDq+14qs58VJQ="; //"po3h4Y4J8ITs/pW3acuRjpT8V1o=";
string clientKeyIdentifier = "gBfo0147lM6cKnTbbMSuMVvmFY4="; //"Gu4aD7+bYTVtmSveoPIWTRtzD3M=";
//string serverKeyIdentifier = "po3h4Y4J8ITs/pW3acuRjpT8V1o=";
//string clientKeyIdentifier = "Gu4aD7+bYTVtmSveoPIWTRtzD3M=";
store = X509CertificateStore.LocalMachineStore(X509CertificateStore.MyStore);
store.OpenRead();
X509CertificateCollection coll;
if (which == "server")
{
coll = store.FindCertificateByKeyIdentifier(Convert.FromBase64String(serverKeyIdentifier));
}
else
{
coll = store.FindCertificateByKeyIdentifier(Convert.FromBase64String(clientKeyIdentifier));
}
if (coll.Count > 0)
{
X509Certificate cert = (X509Certificate)coll[0];
RSA rsa = cert.Key;
token = new X509SecurityToken(cert);
}
return(token);
}
private static X509SecurityToken RetrieveTokenFromStore (X509CertificateStore store, string keyIdentifier)
{
if (store == null)
throw new ArgumentNullException ("store");
X509SecurityToken token = null;
try
{
if (store.OpenRead ())
{
// Place the key ID of the certificate in a byte array
// This KeyID represents the Wse2Quickstart certificate included with the WSE 2.0 Quickstarts
// ClientBase64KeyId is defined in the ClientBase.AppBase class
X509CertificateCollection certs =
store.FindCertificateByKeyIdentifier (Convert.FromBase64String (keyIdentifier));
if (certs.Count > 0)
{
// Get the first certificate in the collection
token = new X509SecurityToken (((X509Certificate) certs[0]));
}
}
}
finally
{
if (store != null)
store.Close ();
}
return token;
}
/// <summary>
/// Retrieve the X509 certificate for a given subject name and location
/// </summary>
/// <param name="location">either CurrentUser store or LocalMachine store</param>
/// <param name="subject">subject name</param>
/// <returns>X509Certificate object</returns>
public static X509Certificate SearchCertificateBySubjectName(string location, string subject)
{
X509CertificateStore x509Store = null;
if (location == "CurrentUser")
{
x509Store = X509CertificateStore.CurrentUserStore(X509CertificateStore.MyStore);
}
else
{
x509Store = X509CertificateStore.LocalMachineStore(X509CertificateStore.MyStore);
}
bool open = x509Store.OpenRead();
X509Certificate certificate = null;
foreach (X509Certificate cert in x509Store.Certificates)
{
if (subject.ToUpper() == cert.GetName().ToUpper())
{
certificate = cert;
break;
}
}
return(certificate);
}
private static X509SecurityToken RetrieveTokenFromStore(X509CertificateStore store, string keyIdentifier)
{
if (store == null)
{
throw new ArgumentNullException("store");
}
X509SecurityToken token = null;
try
{
if (store.OpenRead())
{
// Place the key ID of the certificate in a byte array
// This KeyID represents the Wse2Quickstart certificate included with the WSE 2.0 Quickstarts
// ClientBase64KeyId is defined in the ClientBase.AppBase class
X509CertificateCollection certs = store.FindCertificateByKeyIdentifier(Convert.FromBase64String(keyIdentifier));
if (certs.Count > 0)
{
// Get the first certificate in the collection
token = new X509SecurityToken(((X509Certificate)certs[0]));
}
}
}
finally
{
if (store != null)
{
store.Close();
}
}
return(token);
}
/**
* sets proxy for all webrequests
* opens current user's SSL certificates store
*/
public static void LoadHttpConfig()
{
Trace.WriteLine("Loading proxy settings");
try
{
_defaultProxy = LoadDefaultProxy();
}
catch (Exception ex)
{
Trace.WriteLine("Error loading default proxy settings: " + ex);
}
GlobalProxySelection.Select = DefaultProxy;
X509CertificateStore store =
X509CertificateStore.CurrentUserStore(X509CertificateStore.MyStore);
if (store.OpenRead())
{
_certificates = store.Certificates;
Trace.WriteLine("Number of current user's certificates: " + _certificates.Count, "HttpReader");
}
Trace.WriteLine("Default connection limit: " + ServicePointManager.DefaultConnectionLimit);
Trace.WriteLine("Max service point idle time: " + ServicePointManager.MaxServicePointIdleTime);
Trace.WriteLine("Max service points: " + ServicePointManager.MaxServicePoints);
}
public bool IsContactCertificateInStore(string strContactID)
{
bool bRetVal = false;
X509CertificateStore certStore = X509CertificateStore.LocalMachineStore(X509CertificateStore.MyStore);
if (certStore == null)
{
throw new Exception("Error opening Local Machine Store");
}
if (certStore.OpenRead())
{
X509CertificateCollection certColl = certStore.FindCertificateBySubjectName(strContactID);
if (certColl.Count == 0)
{
bRetVal = false;
}
else
{
bRetVal = true;
}
}
// Close the certificate store
certStore.Close();
return(bRetVal);
}
public static void EncryptContractNote(STPProvider.PostTradeServiceWse postTradeSvc)
{
//Open the current user certificate store and look for Personal category
X509CertificateStore localStore = X509CertificateStore.CurrentUserStore(X509CertificateStore.MyStore);
localStore.OpenRead();
//Find STP-Provider A Certificate
X509CertificateCollection certCollection = localStore.FindCertificateBySubjectString("STP-Provider A");
X509Certificate provCert = certCollection[0];
//Create a new security token that is of X509 type
//Token represent claim (authentication information)
X509SecurityToken token = new X509SecurityToken(provCert);
postTradeSvc.RequestSoapContext.Security.Tokens.Add(token);
//Instruct WSE inbound filter to encrypt the message before it is transmitted over wire
postTradeSvc.RequestSoapContext.Security.Elements.Add(new EncryptedData(token));
}
public void EncryptAckResponse()
{
//Open the current user certificate store and look for Personal category
X509CertificateStore localStore = X509CertificateStore.CurrentUserStore(X509CertificateStore.MyStore);
localStore.OpenRead();
//Find Vendor A Certificate
X509CertificateCollection certCollection = localStore.FindCertificateBySubjectString("Vendor B");
X509Certificate provCert = certCollection[0];
//Create a new security token that is of X509 type
//Token represent claim (authentication information)
X509SecurityToken token = new X509SecurityToken(provCert);
ResponseSoapContext.Current.Security.Tokens.Add(token);
//Instruct WSE inbound filter to encrypt the message before it is transmitted over wire
ResponseSoapContext.Current.Security.Elements.Add(new EncryptedData(token));
}
/// <summary>
/// Returns the X.509 SecurityToken that will be used to encrypt the
/// messages.
/// </summary>
/// <returns>Returns </returns>
public X509SecurityToken GetEncryptionToken()
{
X509SecurityToken token = null;
//
// The certificate for the target receiver should have been imported
// into the "My" certificate store. This store is listed as "Personal"
// in the Certificate Manager
//
X509CertificateStore store = X509CertificateStore.CurrentUserStore(X509CertificateStore.MyStore);
bool open = store.OpenRead();
try
{
//
// Open a dialog to allow user to select the certificate to use
//
StoreDialog dialog = new StoreDialog(store);
X509Certificate cert = dialog.SelectCertificate(IntPtr.Zero, "Select Certificate", "Choose a Certificate below for encrypting.");
if (cert == null)
{
throw new ApplicationException("You chose not to select an X509 certificate for encrypting your messages.");
}
else if (!cert.SupportsDataEncryption)
{
throw new ApplicationException("The certificate must support key encipherment.");
}
else
{
token = new X509SecurityToken(cert);
}
}
finally
{
if (store != null)
{
store.Close();
}
}
return(token);
}
public static bool VerifySignFM(byte[] data, byte[] signedData)
{
//Open STP certificate store
X509CertificateStore store = X509CertificateStore.CurrentUserStore("STPCertificateStore");
store.OpenRead();
//retrieve broker certificate
X509Certificate brokerCertificate = store.Certificates[0];
Console.WriteLine("Certificate Subject :" + brokerCertificate.FriendlyDisplayName);
Console.WriteLine("Valid From :" + brokerCertificate.GetEffectiveDateString());
Console.WriteLine("Valid To :" + brokerCertificate.GetExpirationDateString());
Console.WriteLine("Serial No:" + brokerCertificate.GetSerialNumberString());
//initialize RSA to use public key stored in broker certificate
RSAParameters publicParam = brokerCertificate.Key.ExportParameters(false);
RSACryptoServiceProvider rsCrypto = new RSACryptoServiceProvider();
rsCrypto.ImportParameters(publicParam);
//verify digital signature
return(rsCrypto.VerifyData(data, new SHA1Managed(), signedData));
}
/// <summary>
/// Gets the security token for signing messages.
/// </summary>
/// <returns>Returns </returns>
public X509SecurityToken GetSecurityToken()
{
X509SecurityToken securityToken;
//
// open the current user's certificate store
//
X509CertificateStore store = X509CertificateStore.CurrentUserStore(X509CertificateStore.MyStore);
bool open = store.OpenRead();
try
{
//
// Open a dialog to allow user to select the certificate to use
//
StoreDialog dialog = new StoreDialog(store);
X509Certificate cert = dialog.SelectCertificate(IntPtr.Zero, "Select Certificate", "Choose a Certificate below for signing.");
if (cert == null)
{
throw new ApplicationException("You chose not to select an X509 certificate for signing your messages.");
}
else if (!cert.SupportsDigitalSignature)
{
throw new ApplicationException("The certificate must support digital signatures and have a private key available.");
}
else
{
securityToken = new X509SecurityToken(cert);
}
}
finally
{
if (store != null)
{
store.Close();
}
}
return(securityToken);
}
public X509Certificate GetContactCertificate(string strContactID)
{
X509CertificateStore certStore = X509CertificateStore.LocalMachineStore(X509CertificateStore.MyStore);
if (certStore == null)
{
throw new Exception("Error opening Local Machine Store");
}
X509Certificate cert = null;
if (certStore.OpenRead())
{
X509CertificateCollection certColl = certStore.FindCertificateBySubjectName(strContactID);
if (certColl.Count == 1)
{
cert = certColl[0];
}
}
// Close the certificate store
certStore.Close();
return(cert);
}
private static Microsoft.Web.Services2.Security.X509.X509Certificate X509CertificateByThumbprint(string Thumbprint)
{
X509Certificate x509 = null;
if (string.IsNullOrEmpty(Thumbprint))
{
throw new ArgumentNullException("Thumbprint is null or empty", new Exception("Thumbprint is mandatory"));
}
Thumbprint = Thumbprint.Replace("\u200e", string.Empty).Replace("\u200f", string.Empty).Replace(" ", string.Empty).Replace(":", string.Empty);
X509CertificateStore store = new X509CertificateStore(X509CertificateStore.StoreProvider.System, X509CertificateStore.StoreLocation.LocalMachine, X509CertificateStore.RootStore);
store.OpenRead();
foreach (X509Certificate cert in store.Certificates)
{
if (cert.GetCertHashString().Trim().ToUpper() == Thumbprint.Trim().ToUpper())
{
x509 = cert;
break;
}
}
store.Close();
if (x509 == null)
{
store = new X509CertificateStore(X509CertificateStore.StoreProvider.System, X509CertificateStore.StoreLocation.LocalMachine, X509CertificateStore.MyStore);
store.OpenRead();
foreach (X509Certificate cert in store.Certificates)
{
if (cert.GetCertHashString().Trim().ToUpper() == Thumbprint.Trim().ToUpper())
{
x509 = cert;
break;
}
}
store.Close();
}
if (x509 == null)
{
store = new X509CertificateStore(X509CertificateStore.StoreProvider.System, X509CertificateStore.StoreLocation.CurrentUser, X509CertificateStore.RootStore);
store.OpenRead();
foreach (X509Certificate cert in store.Certificates)
{
if (cert.GetCertHashString().Trim().ToUpper() == Thumbprint.Trim().ToUpper())
{
x509 = cert;
break;
}
}
store.Close();
}
if (x509 == null)
{
store = new X509CertificateStore(X509CertificateStore.StoreProvider.System, X509CertificateStore.StoreLocation.CurrentUser, X509CertificateStore.MyStore);
store.OpenRead();
foreach (X509Certificate cert in store.Certificates)
{
if (cert.GetCertHashString().Trim().ToUpper() == Thumbprint.Trim().ToUpper())
{
x509 = cert;
break;
}
}
store.Close();
}
if (x509 == null)
{
if (!string.IsNullOrEmpty(Thumbprint))
{
throw new CryptographicException("A x509 certificate for " + Thumbprint + " was not found");
}
else
{
throw new CryptographicException("A x509 certificate was not found");
}
}
return(x509);
}
