public FetchCertificate(X509FindType criteria, object match) { Criteria = criteria; MatchesValue = match; StoreLocation = StoreLocation.LocalMachine; StoreName = StoreName.My; }
public IOfferInfrastructure FromStore(X509FindType findType, string findValue) { var certOp = new CertificateFromStoreOperation(findType, findValue); var compositeSequence = _infrastructureSequence.NewCompositeSequence(certOp); certOp.Configure(new RemoteCompositeBuilder(compositeSequence, _webDeploy)); return _infrastructureBuilder; }
public void SetCertificate(StoreLocation storeLocation, StoreName storeName, X509FindType findType, object findValue) { if (findValue == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("findValue"); } ThrowIfImmutable(); var dotNetCertificate = SecurityUtils.GetCertificateFromStore(storeName, storeLocation, findType, findValue, null); IReadOnlyList<Certificate> uwpCertificates; try { uwpCertificates = GetCertificatesFromWinRTStore(dotNetCertificate); } catch (Exception) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(SecurityUtils.CreateCertificateLoadException( storeName, storeLocation, findType, findValue, null, 0)); } if (uwpCertificates.Count != 1) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(SecurityUtils.CreateCertificateLoadException( storeName, storeLocation, findType, findValue, null, uwpCertificates.Count)); } AttachUwpCertificate(dotNetCertificate, uwpCertificates[0]); _certificate = dotNetCertificate; }
/// <summary> /// Gets the find value. /// </summary> /// <param name="findType">Type of the find.</param> /// <param name="value">The value.</param> /// <returns>The find value formated as string.</returns> public static string GetFindValue(X509FindType findType, X509Certificate2 value) { string findValue = null; switch (findType) { case X509FindType.FindBySubjectDistinguishedName: findValue = GetSubjectDistinguishedName(value.SubjectName.Name); break; case X509FindType.FindByThumbprint: findValue = value.Thumbprint; break; case X509FindType.FindBySubjectName: findValue = value.SubjectName.Name; break; case X509FindType.FindBySerialNumber: findValue = value.SerialNumber; break; default: findValue = value.ToString(false); break; } return findValue; }
/// <summary> /// Will deploy certificate found by find type and find value from the local certificate store, to remote certificate store on server. /// </summary> /// <param name="findType"></param> /// <param name="findValue"></param> /// <returns></returns> public static IOfferRemoteConfiguration FromStore(this IOfferSslInfrastructure sslInfra, X509FindType findType, string findValue) { var infraBuilder = ((SslInfrastructureBuilder) sslInfra).InfrastructureBuilder; var certOp = new CertificateFromStoreOperation(findType, findValue); Configure.Operation(infraBuilder, certOp); return infraBuilder; }
internal static bool TryResolveCertificate(StoreName storeName, StoreLocation storeLocation, X509FindType findType, object findValue, out X509Certificate2 certificate) { X509Store store = new X509Store(storeName, storeLocation); store.Open(OpenFlags.ReadOnly); certificate = null; X509Certificate2Collection certs = null; X509Certificate2Collection matches = null; try { certs = store.Certificates; matches = certs.Find(findType, findValue, false); // Throwing InvalidOperationException here, following WCF precedent. // Might be worth introducing a more specific exception here. if (matches.Count == 1) { certificate = new X509Certificate2(matches[0]); return true; } } finally { CryptoHelper.ResetAllCertificates(matches); CryptoHelper.ResetAllCertificates(certs); store.Close(); } return false; }
/// <summary> /// Initializes a new instance of the <see cref="LocalMachineCertificateFactory"/> class. /// </summary> /// <param name="certificateSubject">The certificate subject.</param> /// <param name="findType"></param> public LocalMachineCertificateFactory(string certificateSubject, X509FindType findType) { _certificateSubject = certificateSubject; _findType = findType; ServicePointManager.ServerCertificateValidationCallback = RemoteCertificateValidationCallback; }
public X509SecurityTokenProvider(StoreLocation storeLocation, StoreName storeName, X509FindType findType, object findValue) { if (findValue == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("findValue"); } X509CertificateStore store = new X509CertificateStore(storeName, storeLocation); X509Certificate2Collection certificates = null; try { store.Open(OpenFlags.ReadOnly); certificates = store.Find(findType, findValue, false); if (certificates.Count < 1) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.CannotFindCert, storeName, storeLocation, findType, findValue))); } if (certificates.Count > 1) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.FoundMultipleCerts, storeName, storeLocation, findType, findValue))); } this.certificate = new X509Certificate2(certificates[0]); } finally { SecurityUtils.ResetAllCertificates(certificates); store.Close(); } }
public static X509Certificate2 Load(StoreName name, StoreLocation location, X509FindType type, string findValue) { if (string.IsNullOrWhiteSpace(findValue)) throw new ArgumentNullException("findValue"); var store = new X509Store(name, location); store.Open(OpenFlags.ReadOnly); try { var certificates = store.Certificates.Find(type, findValue, false); if (certificates.Count != 1) { throw new InvalidOperationException( string.Format(CultureInfo.InvariantCulture, "Finding certificate with [StoreName:{0}, StoreLocation:{1}, X509FindType: {2}, FindValue: {3}] matched {4} certificates. A unique match is required.", name, location, type, findValue, certificates.Count)); } return certificates[0]; } finally { store.Close(); } }
/// <summary> /// Creates a custom certificate search directive, based on the specified find type and value. /// </summary> /// <param name="findType"></param> /// <param name="findValue"></param> /// <returns></returns> public static CertificateSearchDirective CreateCustom(X509FindType findType, string findValue) { return new CertificateSearchDirective { FindType = findType, FindValue = findValue }; }
public SecurityBehavior(ServiceSecurity mode,StoreLocation storeLocation,StoreName storeName,X509FindType findType,string subjectName) { m_Mode = mode; m_StoreLocation = storeLocation; m_StoreName = storeName; m_FindType = findType; m_SubjectName = subjectName; }
private IEnumerable<X509Certificate2> Find(X509FindType findType, string criteria, bool validOnly) { try { return _storeWrapper.Find(findType, criteria, validOnly); } finally { if (_storeWrapper != null) { _storeWrapper.Close(); } } }
public void SetCertificate(StoreLocation storeLocation, StoreName storeName, X509FindType findType, object findValue) { if (findValue == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("findValue"); } ThrowIfImmutable(); _certificate = SecurityUtils.GetCertificateFromStore(storeName, storeLocation, findType, findValue, null); }
public void SetCertificate (StoreLocation storeLocation, StoreName storeName, X509FindType findType, object findValue) { #if !MOBILE certificate = ConfigUtil.CreateCertificateFrom (storeLocation, storeName, findType, findValue); #else throw new NotImplementedException (); #endif }
public void ConfigureAnonymousMessageSecurity(StoreLocation location,StoreName storeName,X509FindType findType,object findValue) { Credentials.ServiceCertificate.SetCertificate(location,storeName,findType,findValue); Authorization.PrincipalPermissionMode = PrincipalPermissionMode.None; foreach(ServiceEndpoint endpoint in Description.Endpoints) { ServiceBusHelper.ConfigureBinding(endpoint.Binding); } }
/// <summary> /// Retrieves a certificate from the certificate store. /// </summary> /// <param name="location">The location.</param> /// <param name="name">The name.</param> /// <param name="findType">Type of the find.</param> /// <param name="value">The value.</param> /// <returns>A X509Certificate2</returns> public static X509Certificate2 GetCertificateFromStore(StoreLocation location, StoreName name, X509FindType findType, object value) { var store = new X509Store(name, location); try { store.Open(OpenFlags.ReadOnly); // work around possible bug in framework if (findType == X509FindType.FindByThumbprint) { var thumbprint = value.ToString(); thumbprint = thumbprint.Trim(); thumbprint = thumbprint.Replace(" ", ""); foreach (var cert in store.Certificates) { if (string.Equals(cert.Thumbprint, thumbprint, StringComparison.OrdinalIgnoreCase) || string.Equals(cert.Thumbprint, thumbprint, StringComparison.InvariantCultureIgnoreCase)) { return cert; } } } if (findType == X509FindType.FindBySerialNumber) { var serial = value.ToString(); serial = serial.Trim(); serial = serial.Replace(" ", ""); foreach (var cert in store.Certificates) { if (string.Equals(cert.SerialNumber, serial, StringComparison.OrdinalIgnoreCase) || string.Equals(cert.SerialNumber, serial, StringComparison.InvariantCultureIgnoreCase)) { return cert; } } } var certs = store.Certificates.Find(findType, value, false); if (certs.Count != 1) { throw new InvalidOperationException(string.Format("Certificate not found: {0}", value)); } return certs[0]; } finally { store.Close(); } }
public IOfferRemoteDeployment FromStore(X509FindType findType, string findValue, Action<IOfferCertificateOptions> options) { var certOptions = new CertificateOptions(); if (options != null) { options(certOptions); } var certOp = new CertificateFromStoreOperation(findType, findValue, certOptions); var compositeSequence = _remoteSequence.NewCompositeSequence(certOp); certOp.Configure(new RemoteCompositeBuilder(compositeSequence, _webDeploy)); return _remoteDeploymentBuilder; }
/// <summary> /// Will deploy certificate found by find type and find value from the local certificate store, to remote certificate store on server with provided options. /// </summary> /// <param name="findType"></param> /// <param name="findValue"></param> /// <param name="options"></param> /// <returns></returns> public static IOfferRemoteDeployment FromStore(this IOfferRemoteCertDeployment remoteCert, X509FindType findType, string findValue, Action<IOfferCertificateOptions> options) { var certOptions = new CertificateOptions(); if (options != null) { options(certOptions); } var remoteCertBuilder = ((RemoteCertDeploymentBuilder) remoteCert).RemoteDeployment; var certOp = new CertificateFromStoreOperation(findType, findValue, certOptions); Configure.Operation(remoteCertBuilder, certOp); return remoteCertBuilder; }
public void SetScopedCertificate(StoreLocation storeLocation, StoreName storeName, X509FindType findType, object findValue, Uri targetService) { if (findValue == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("findValue"); } if (targetService == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("targetService"); } this.ThrowIfImmutable(); X509Certificate2 certificate = System.ServiceModel.Security.SecurityUtils.GetCertificateFromStore(storeName, storeLocation, findType, findValue, null); this.ScopedCertificates[targetService] = certificate; }
internal static X509Certificate2 ResolveCertificate(StoreName storeName, StoreLocation storeLocation, X509FindType findType, object findValue) { X509Certificate2 certificate = null; // Throwing InvalidOperationException here, following WCF precedent. // Might be worth introducing a more specific exception here. if (!TryResolveCertificate(storeName, storeLocation, findType, findValue, out certificate)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError( new InvalidOperationException(SR.GetString(SR.ID1025, storeName, storeLocation, findType, findValue))); } return certificate; }
public X509SecurityTokenProvider (StoreLocation storeLocation, StoreName storeName, X509FindType findType, object findValue) { if (findValue == null) throw new ArgumentNullException ("findValue"); store = new X509Store (storeName, storeLocation); store.Open (OpenFlags.ReadOnly); foreach (X509Certificate2 hit in store.Certificates.Find (findType, findValue, true)) { if (cert != null) throw new SecurityTokenException ("X509SecurityTokenProvider does not allow such certificate specification that indicates more than one certificate. Use more specific find value."); cert = hit; } }
/// <summary> /// Call the Saml Helper Class and get the "Post" value, which can then be posted to the web page /// </summary> /// <param name="sender"></param> /// <param name="e"></param> public static string CreateSamlResponse(string recipient, string issuer, string domain, string subject, StoreLocation storeLocation, StoreName storeName, X509FindType findType, string certLocation, string certPassword, string certFindKey, Dictionary<string, string> attributes, string target) { string postData = ""; // Set Parameters to the method call to either the configuration value or a default value SigningHelper.SignatureType signatureType = SigningHelper.SignatureType.Response; postData = SamlHelper.GetPostSamlResponse(recipient, issuer, domain, subject, storeLocation, storeName, findType, certLocation, certPassword, certFindKey, attributes, signatureType); return postData; }
public void Copy(X509InitiatorCertificateClientElement from) { if (this.IsReadOnly()) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ConfigurationErrorsException(SR.GetString(SR.ConfigReadOnly))); } if (null == from) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("from"); } this.FindValue = from.FindValue; this.StoreLocation = from.StoreLocation; this.StoreName = from.StoreName; this.X509FindType = from.X509FindType; }
public IOfferIisWebSiteOptions AddHttpsBinding(X509FindType findType, string findName, Action<IOfferBindingOptions> bindingOptions) { var options = new BindingOptions(); bindingOptions(options); var httpsOptions = new BindingOptions.SslBindingOptionsValues { FindType = findType, FindName = findName, BindingOptions = options.Values, CertLocation = CertLocation.Store }; _values.HttpsBindings.Add(httpsOptions); return this; }
static X509Certificate2Collection FilterCertificates(X509Certificate2Collection found, X509FindType findType, object findValue) { if (found.Count > 1 && findType == X509FindType.FindBySubjectName) { X509Certificate2Collection foundBuffer = new X509Certificate2Collection(); foreach (var item in found) { if (item.Subject == $"CN={findValue}") { foundBuffer.Add(item); } } return foundBuffer; } return found; }
public X509Certificate2 LoadCertificate(string storeName, StoreLocation storeLocation, X509FindType findType, string value) { // The following code gets the cert from the keystore X509Store store = CreateStoreObject(storeName, storeLocation); store.Open(OpenFlags.ReadOnly); X509Certificate2Collection certCollection = store.Certificates.Find(findType, value, false); X509Certificate2Enumerator enumerator = certCollection.GetEnumerator(); X509Certificate2 cert = null; while (enumerator.MoveNext()) { cert = enumerator.Current; } return cert; }
/// <summary> /// /// </summary> /// <param name="findType"></param> /// <param name="findName"></param> /// <returns></returns> protected static bool CheckCertificate( X509FindType findType , string findName) { try { X509Store store = new X509Store(StoreName.Root, StoreLocation.LocalMachine); store.Open(OpenFlags.MaxAllowed); X509Certificate2Collection certs = store.Certificates.Find(findType, findName, false); if (certs.Count == 0 || certs[0].NotAfter < DateTime.Now) { return false; } return true; } catch ( Exception ex ) { LogHelper.WriteException(ex); return false; } }
/// <summary> /// /// </summary> /// <param name="findBy"></param> /// <param name="value"></param> /// <returns></returns> public static X509Certificate2 FindCertificateAcrossCertStore(X509FindType findBy, string value) { var certColl = new X509Certificate2Collection(); foreach (var e in (StoreName[])Enum.GetValues(typeof(StoreName))) { var store = new X509Store(e, StoreLocation.CurrentUser); store.Open(OpenFlags.ReadOnly); certColl.AddRange(store.Certificates.Find(findBy, value, false)); store.Close(); if (certColl.Count != 0) { return certColl[0]; } } throw new Exception("Certificate not found: " + value); }
private static X509Certificate2 GetCertificate(StoreName storeName, StoreLocation storeLocation, X509FindType findByThumbprint, object findValue) { var store = new X509Store(storeName, storeLocation); try { store.Open(OpenFlags.ReadOnly); return store.Certificates .Find(findByThumbprint, findValue, validOnly: false) .Cast<X509Certificate2>() .FirstOrDefault(); } finally { store.Close(); } }
public void ConfigureMessageSecurity(StoreLocation location,StoreName storeName,X509FindType findType,object findValue,bool useProviders,string applicationName) { Credentials.ServiceCertificate.SetCertificate(location,storeName,findType,findValue); foreach(ServiceEndpoint endpoint in Description.Endpoints) { ServiceBusHelper.ConfigureBinding(endpoint.Binding,false); } if(useProviders) { Authorization.PrincipalPermissionMode = PrincipalPermissionMode.UseAspNetRoles; Credentials.UserNameAuthentication.UserNamePasswordValidationMode = UserNamePasswordValidationMode.MembershipProvider; SecurityBehavior.EnableRoleManager(); string application; if(String.IsNullOrEmpty(applicationName)) { applicationName = Membership.ApplicationName; } if(String.IsNullOrEmpty(applicationName) || applicationName == "/") { if(String.IsNullOrEmpty(Assembly.GetEntryAssembly().GetName().Name)) { application = AppDomain.CurrentDomain.FriendlyName; } else { application = Assembly.GetEntryAssembly().GetName().Name; } } else { application = applicationName; } Membership.ApplicationName = application; Roles.ApplicationName = application; } }
/// <summary> /// Returns a Base64 Encoded String with the SamlResponse in it. /// </summary> /// <param name="recipient">Recipient</param> /// <param name="issuer">Issuer</param> /// <param name="subject">Subject</param> /// <param name="certLocation">Certificate Location</param> /// <param name="certPassword">Certificate Password</param> /// <param name="attributes">A list of attributes to pass</param> /// <returns></returns> public static string GetPostSamlResponse(string recipient, string issuer, string domain, string subject, StoreLocation storeLocation, StoreName storeName, X509FindType findType, string certFile, string certPassword, object findValue, Dictionary <string, string> attributes, SigningHelper.SignatureType signatureType) { ResponseType response = new ResponseType(); // Create Response response.ResponseID = "_" + Guid.NewGuid().ToString(); response.MajorVersion = "1"; response.MinorVersion = "1"; response.IssueInstant = System.DateTime.UtcNow; response.Recipient = recipient; StatusType status = new StatusType(); status.StatusCode = new StatusCodeType(); status.StatusCode.Value = new XmlQualifiedName("Success", "urn:oasis:names:tc:SAML:1.0:protocol"); response.Status = status; // Create Assertion AssertionType assertionType = SamlHelper.CreateSaml11Assertion( issuer.Trim(), domain.Trim(), subject.Trim(), attributes); response.Assertion = new AssertionType[] { assertionType }; //Serialize XmlSerializerNamespaces ns = new XmlSerializerNamespaces(); ns.Add("samlp", "urn:oasis:names:tc:SAML:1.0:protocol"); ns.Add("saml", "urn:oasis:names:tc:SAML:1.0:assertion"); XmlSerializer responseSerializer = new XmlSerializer(response.GetType()); StringWriter stringWriter = new StringWriter(); XmlWriterSettings settings = new XmlWriterSettings(); settings.OmitXmlDeclaration = true; settings.Indent = true; settings.Encoding = Encoding.UTF8; XmlWriter responseWriter = XmlTextWriter.Create(stringWriter, settings); responseSerializer.Serialize(responseWriter, response, ns); responseWriter.Close(); string samlString = stringWriter.ToString(); stringWriter.Close(); // Sign the document XmlDocument doc = new XmlDocument(); doc.LoadXml(samlString); X509Certificate2 cert = null; if (System.IO.File.Exists(certFile)) { cert = new X509Certificate2(certFile, certPassword); } else { X509Store store = new X509Store(storeName, storeLocation); store.Open(OpenFlags.ReadOnly); X509Certificate2Collection coll = store.Certificates.Find(findType, findValue, true); if (coll.Count < 1) { throw new ArgumentException("Unable to locate certificate"); } cert = coll[0]; store.Close(); } XmlElement signature = SigningHelper.SignDoc( doc, cert, "ResponseID", response.ResponseID); doc.DocumentElement.InsertBefore(signature, doc.DocumentElement.ChildNodes[0]); if (SamlHelper.Logger.IsDebugEnabled) { SamlHelper.Logger.DebugFormat( "Saml Assertion before encoding = {0}", doc.OuterXml.ToString()); } // Base64Encode and URL Encode byte[] base64EncodedBytes = Encoding.UTF8.GetBytes(doc.OuterXml); string returnValue = System.Convert.ToBase64String( base64EncodedBytes); return(returnValue); }
public static X509Certificate2Collection FindMatchingCertificates( StoreLocation storeLocation, string storeName, X509FindType findType, string findValue, string secondaryFindValue, bool doTakeMostRecentOnly) { X509Store store; var certificates = new X509Certificate2Collection(); if (string.IsNullOrWhiteSpace(storeName) || string.IsNullOrWhiteSpace(findValue)) { Console.WriteLine("PaasCoordinator: No certificate configured"); // Fall back to 'anonymous' self-signed certificate so that WRP's web host // does not reject the connection for lacking a cert. This certificate is // installed by the ServiceFabric extension when no cluster security is configured. // It is not trusted in any way, and only works when cert security is disabled for // the cluster resource. // CoreCLR Does not support StoreLocation.LocalMachine, hence using StoreLocation.CurrentUser #if DotNetCoreClrLinux store = new X509Store(StoreName.My, StoreLocation.CurrentUser); #else store = new X509Store(StoreName.My, StoreLocation.LocalMachine); #endif try { store.Open(OpenFlags.ReadOnly); var certCollections = store.Certificates.Find( X509FindType.FindBySubjectDistinguishedName, "AnonymousCertDistiguishedName", false /*load self-signed cert*/); if (certCollections.Count > 0) { certificates.Add(certCollections[0]); } } finally { #if DotNetCoreClrLinux store.Dispose(); #else store.Close(); #endif } return(certificates); } IsCertificateAMatchForFindValue matchCert; switch (findType) { case X509FindType.FindByThumbprint: matchCert = IsMatchByThumbprint; break; case X509FindType.FindBySubjectName: matchCert = IsMatchBySubjectCommonName; break; default: throw new ArgumentException("Unsupported X509FindType: '{0}'; supported values are FindByThumbprint and FindBySubjectName", findType.ToString()); } // SFRP is generating ClusterManifests setting this value to StoreLocation.LocalMachine // Using hard-coded value of StoreLocation.CurrentUser for TP9 till SFRP is updated to set this value appropriately. #if DotNetCoreClrLinux using (store = new X509Store(storeName, StoreLocation.CurrentUser)) #else using (store = new X509Store(storeName, storeLocation)) #endif { X509Certificate2 selectedCert = null; try { bool excludeExpiredCerts = true; // todo [dragosav]: update when enabling support for expired certs bool isTimeValidCert = false; bool isExpiredCert = false; bool anyMatchFound = false; DateTime now = DateTime.Now; // cert validity is presented in local time. store.Open(OpenFlags.ReadOnly); var findValues = new List <string>() { findValue }; if (!string.IsNullOrEmpty(secondaryFindValue)) { findValues.Add(secondaryFindValue); } foreach (var value in findValues) { Console.WriteLine("Finding matching certificates for find value '{0}'; excludeExpiredCerts = '{1}'", findValue, excludeExpiredCerts); foreach (var enumeratedCert in store.Certificates) { isExpiredCert = DateTime.Compare(now, enumeratedCert.NotAfter) > 0; isTimeValidCert = !(excludeExpiredCerts && isExpiredCert) && DateTime.Compare(now, enumeratedCert.NotBefore) >= 0; if (matchCert(enumeratedCert, value) && isTimeValidCert) { anyMatchFound = true; Console.WriteLine("Found matching certificate: Thumbprint {0}, NotBefore {1}, NotAfter {2}, Subject {3}", enumeratedCert.Thumbprint, enumeratedCert.NotBefore, enumeratedCert.NotAfter, enumeratedCert.Subject); if (!doTakeMostRecentOnly) { // if taking all, add it here and continue certificates.Add(enumeratedCert); continue; } // Select the most recent and farthest valid matching cert. // This should make it predictible if certificate is compromised and it needs to be replaced with a newer one. if (selectedCert == null || selectedCert.NotBefore < enumeratedCert.NotBefore) { selectedCert = enumeratedCert; } else if (selectedCert.NotBefore == enumeratedCert.NotBefore && !selectedCert.Thumbprint.Equals(enumeratedCert.Thumbprint)) { // if both were issued at the same time, prefer the farthest valid selectedCert = selectedCert.NotAfter >= enumeratedCert.NotAfter ? selectedCert : enumeratedCert; } } } } if (selectedCert != null && doTakeMostRecentOnly) { Console.WriteLine("Selected certificate: Thumbprint {0}, NotBefore {1}, NotAfter {2}, Subject {3}", selectedCert.Thumbprint, selectedCert.NotBefore, selectedCert.NotAfter, selectedCert.Subject); certificates.Add(selectedCert); } else { Console.WriteLine("No {0} certificate found: StoreName {1}, StoreLocation {2}, FindType {3}, FindValue {4}", anyMatchFound ? "valid" : "matching", storeName, storeLocation, findType, findValue); } } finally { #if DotNetCoreClrLinux store.Dispose(); #else store.Close(); #endif } } if (certificates.Count == 0) { throw new InvalidOperationException("Could not load primary and secondary certificate"); } return(certificates); }
/// <summary> /// Can only call before openning the host /// </summary> public static void SetSecurityBehavior(this ServiceHost host, ServiceSecurity mode, StoreLocation storeLocation, StoreName storeName, X509FindType findType, string serviceCertificateName, bool useAspNetProviders, string applicationName) { SetSecurityBehavior(host, mode, storeLocation, storeName, findType, serviceCertificateName, useAspNetProviders, applicationName, false); }
public static void FindWithBadOids(X509FindType findType, string badOid) { RunExceptionTest <ArgumentException>(findType, badOid); }
/// <summary> /// Will deploy certificate found by find type and find value from the local certificate store, to remote certificate store on server with provided options. /// </summary> /// <param name="findType"></param> /// <param name="findValue"></param> /// <param name="options"></param> /// <returns></returns> public static IOfferRemoteConfiguration FromStore(this IOfferSslInfrastructure sslInfra, X509FindType findType, string findValue, Action <IOfferCertificateOptions> options) { var infraBuilder = ((SslInfrastructureBuilder)sslInfra).InfrastructureBuilder; var certOpt = new CertificateOptions(); options(certOpt); var certOp = new CertificateFromStoreOperation(findType, findValue, certOpt); OperationExecutor.Execute((RemoteBuilder)sslInfra, certOp); return(infraBuilder); }
private static X509Certificate2 FindCertificate(string commonName, X509Certificate2Collection collection, X509FindType x509FindType = X509FindType.FindBySubjectName) => collection .Find(x509FindType, commonName, false) .Cast <X509Certificate2>() .FirstOrDefault();
public void SetDefaultCertificate(StoreLocation storeLocation, StoreName storeName, X509FindType findType, object findValue) { if (findValue == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("findValue"); } ThrowIfImmutable(); _defaultCertificate = SecurityUtils.GetCertificateFromStore(storeName, storeLocation, findType, findValue, null); }
public static X509Certificate2Collection FindFromCollection( X509Certificate2Collection coll, X509FindType findType, object findValue, bool validOnly) { X509Certificate2Collection results = new X509Certificate2Collection(); using (IFindPal findPal = OpenPal(coll, results, validOnly)) { switch (findType) { case X509FindType.FindByThumbprint: { byte[] thumbPrint = ConfirmedCast <string>(findValue).DecodeHexString(); findPal.FindByThumbprint(thumbPrint); break; } case X509FindType.FindBySubjectName: { string subjectName = ConfirmedCast <string>(findValue); findPal.FindBySubjectName(subjectName); break; } case X509FindType.FindBySubjectDistinguishedName: { string subjectDistinguishedName = ConfirmedCast <string>(findValue); findPal.FindBySubjectDistinguishedName(subjectDistinguishedName); break; } case X509FindType.FindByIssuerName: { string issuerName = ConfirmedCast <string>(findValue); findPal.FindByIssuerName(issuerName); break; } case X509FindType.FindByIssuerDistinguishedName: { string issuerDistinguishedName = ConfirmedCast <string>(findValue); findPal.FindByIssuerDistinguishedName(issuerDistinguishedName); break; } case X509FindType.FindBySerialNumber: { string decimalOrHexString = ConfirmedCast <string>(findValue); // FindBySerialNumber allows the input format to be either in // hex or decimal. Since we can't know which one was intended, // it compares against both interpretations and treats a match // of either as a successful find. // string is big-endian, BigInteger constructor requires little-endian. byte[] hexBytes = decimalOrHexString.DecodeHexString(); Array.Reverse(hexBytes); BigInteger hexValue = PositiveBigIntegerFromByteArray(hexBytes); BigInteger decimalValue = LaxParseDecimalBigInteger(decimalOrHexString); findPal.FindBySerialNumber(hexValue, decimalValue); break; } case X509FindType.FindByTimeValid: { DateTime dateTime = ConfirmedCast <DateTime>(findValue); findPal.FindByTimeValid(dateTime); break; } case X509FindType.FindByTimeNotYetValid: { DateTime dateTime = ConfirmedCast <DateTime>(findValue); findPal.FindByTimeNotYetValid(dateTime); break; } case X509FindType.FindByTimeExpired: { DateTime dateTime = ConfirmedCast <DateTime>(findValue); findPal.FindByTimeExpired(dateTime); break; } case X509FindType.FindByTemplateName: { string expected = ConfirmedCast <string>(findValue); findPal.FindByTemplateName(expected); break; } case X509FindType.FindByApplicationPolicy: { string oidValue = ConfirmedOidValue(findPal, findValue, OidGroup.Policy); findPal.FindByApplicationPolicy(oidValue); break; } case X509FindType.FindByCertificatePolicy: { string oidValue = ConfirmedOidValue(findPal, findValue, OidGroup.Policy); findPal.FindByCertificatePolicy(oidValue); break; } case X509FindType.FindByExtension: { string oidValue = ConfirmedOidValue(findPal, findValue, OidGroup.ExtensionOrAttribute); findPal.FindByExtension(oidValue); break; } case X509FindType.FindByKeyUsage: { X509KeyUsageFlags keyUsage = ConfirmedX509KeyUsage(findValue); findPal.FindByKeyUsage(keyUsage); break; } case X509FindType.FindBySubjectKeyIdentifier: { byte[] keyIdentifier = ConfirmedCast <string>(findValue).DecodeHexString(); findPal.FindBySubjectKeyIdentifier(keyIdentifier); break; } default: throw new CryptographicException(SR.Cryptography_X509_InvalidFindType); } } return(results); }
/// <summary> /// Can only call before using the proxy for the first time /// </summary> public static void SetCertificate <T>(this ClientBase <T> proxy, StoreLocation storeLocation, StoreName storeName, X509FindType findType, string clientCertificateName) where T : class { if (proxy.State == CommunicationState.Opened) { throw new InvalidOperationException("Proxy channel is already opened"); } if (String.IsNullOrEmpty(clientCertificateName) == false) { proxy.ClientCredentials.ClientCertificate.SetCertificate(storeLocation, storeName, findType, clientCertificateName); } proxy.ClientCredentials.ServiceCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.PeerTrust; }
/// <summary> /// Removes the cert. /// </summary> /// <param name="name">The name.</param> /// <param name="storeLoc">The store loc.</param> /// <param name="fType">Type of the f.</param> /// <param name="findValue">The find value.</param> public static void RemoveCert(StoreName name, StoreLocation storeLoc, X509FindType fType, object findValue) { RemoveCert(name.ToString(), storeLoc, fType, findValue); }
/// <summary> /// Removes the cert. /// </summary> /// <param name="storeName">Name of the store.</param> /// <param name="fType">Type of the f.</param> /// <param name="findValue">The find value.</param> public static void RemoveCert(string storeName, X509FindType fType, object findValue) { RemoveCert(storeName, StoreLocation.LocalMachine, fType, findValue); }
/// <summary> /// GetPostSamlResponse - Returns a Base64 Encoded String with the SamlResponse in it. /// </summary> /// <param name="recipient">Recipient</param> /// <param name="issuer">Issuer</param> /// <param name="domain">Domain</param> /// <param name="subject">Subject</param> /// <param name="storeLocation">Certificate Store Location</param> /// <param name="storeName">Certificate Store Name</param> /// <param name="findType">Certificate Find Type</param> /// <param name="certLocation">Certificate Location</param> /// <param name="findValue">Certificate Find Value</param> /// <param name="certFile">Certificate File (used instead of the above Certificate Parameters)</param> /// <param name="certPassword">Certificate Password (used instead of the above Certificate Parameters)</param> /// <param name="attributes">A list of attributes to pass</param> /// <param name="signatureType">Whether to sign Response or Assertion</param> /// <returns>A base64Encoded string with a SAML response.</returns> public static string BuildPostSamlResponse(string recipient, string issuer, string domain, string subject, StoreLocation storeLocation, StoreName storeName, X509FindType findType, string certFile, string certPassword, object findValue, Dictionary <string, string> attributes, SigningHelper.SignatureType signatureType) { ResponseType response = new ResponseType(); // Response Main Area response.ID = "_" + Guid.NewGuid().ToString(); response.Destination = recipient; response.Version = "2.0"; response.IssueInstant = System.DateTime.UtcNow; NameIDType issuerForResponse = new NameIDType(); issuerForResponse.Value = issuer.Trim(); response.Issuer = issuerForResponse; StatusType status = new StatusType(); status.StatusCode = new StatusCodeType(); status.StatusCode.Value = "urn:oasis:names:tc:SAML:2.0:status:Success"; response.Status = status; XmlSerializerNamespaces ns = new XmlSerializerNamespaces(); ns.Add("saml2p", "urn:oasis:names:tc:SAML:2.0:protocol"); ns.Add("saml2", "urn:oasis:names:tc:SAML:2.0:assertion"); XmlSerializer responseSerializer = new XmlSerializer(response.GetType()); StringWriter stringWriter = new StringWriter(); XmlWriterSettings settings = new XmlWriterSettings(); settings.OmitXmlDeclaration = true; settings.Indent = true; settings.Encoding = Encoding.UTF8; XmlWriter responseWriter = XmlTextWriter.Create(stringWriter, settings); string samlString = string.Empty; AssertionType assertionType = Saml2Helper.CreateSamlAssertion( issuer.Trim(), recipient.Trim(), domain.Trim(), subject.Trim(), attributes); response.Items = new AssertionType[] { assertionType }; responseSerializer.Serialize(responseWriter, response, ns); responseWriter.Close(); samlString = stringWriter.ToString(); samlString = samlString.Replace("SubjectConfirmationData", string.Format("SubjectConfirmationData NotOnOrAfter=\"{0:o}\" Recipient=\"{1}\"", DateTime.UtcNow.AddMinutes(5), recipient)); samlString = samlString.Replace("<saml2:Assertion ", "<saml2:Assertion xmlns:saml2=\"urn:oasis:names:tc:SAML:2.0:assertion\" "); samlString = samlString.Replace("<saml2:AuthnContextClassRef>AuthnContextClassRef</saml2:AuthnContextClassRef>", "<saml2:AuthnContextClassRef>" + issuer + "</saml2:AuthnContextClassRef>"); stringWriter.Close(); XmlDocument doc = new XmlDocument(); doc.LoadXml(samlString); X509Certificate2 cert = null; if (System.IO.File.Exists(certFile)) { cert = new X509Certificate2(certFile, certPassword); } else { X509Store store = new X509Store(storeName, storeLocation); store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly); X509Certificate2Collection CertCol = store.Certificates; X509Certificate2Collection coll = store.Certificates.Find(findType, findValue.ToString(), false); if (coll.Count < 1) { throw new ArgumentException("Unable to locate certificate"); } cert = coll[0]; store.Close(); } XmlElement signature = SigningHelper.SignDoc(doc, cert, response.ID); doc.DocumentElement.InsertBefore(signature, doc.DocumentElement.ChildNodes[1]); string responseStr = doc.OuterXml; byte[] base64EncodedBytes = Encoding.UTF8.GetBytes(responseStr); string returnValue = System.Convert.ToBase64String( base64EncodedBytes); return(returnValue); }
/// <summary> /// Removes the cert. /// </summary> /// <param name="name">The name.</param> /// <param name="fType">Type of the f.</param> /// <param name="findValue">The find value.</param> public static void RemoveCert(StoreName name, X509FindType fType, object findValue) { RemoveCert(name.ToString(), StoreLocation.CurrentUser, fType, findValue); }
/// <summary> /// Removes the cert. /// </summary> /// <param name="storeLoc">The store loc.</param> /// <param name="fType">Type of the f.</param> /// <param name="findValue">The find value.</param> public static void RemoveCert(StoreLocation storeLoc, X509FindType fType, object findValue) { RemoveCert(StoreName.My, storeLoc, fType, findValue); }
internal static bool TryGetCertificateFromStore(StoreName storeName, StoreLocation storeLocation, X509FindType findType, object findValue, EndpointAddress target, out X509Certificate2 certificate) { certificate = GetCertificateFromStoreCore(storeName, storeLocation, findType, findValue, target, false); return(certificate != null); }
public static IEnumerable <string> TryFindCertificate( string machineIpOrFqdn, StoreName storeName, IEnumerable <string> findValues, X509FindType findType, out IEnumerable <X509Certificate2> foundCertificates, ITraceLogger traceLogger = null) { machineIpOrFqdn.MustNotBeNull("machineIpOrFqdn"); // The validation on each thumbprint string will be covered by RDBug 7682650. findValues.ToArray().MustNotBeEmptyCollection("findValues"); List <X509Certificate2> tmpFoundCertificates = new List <X509Certificate2>(); foundCertificates = Enumerable.Empty <X509Certificate2>(); List <string> result = new List <string>(); X509Store store = null; string strStoreName = storeName.ToString(); if (machineIpOrFqdn != string.Empty) { strStoreName = machineIpOrFqdn + "\\" + storeName; } try { try { store = new X509Store(strStoreName, StoreLocation.LocalMachine); store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly); } catch (CryptographicException ex) { // if the exception is access denied error, check if the read permission on the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg // of the remote node machineIpOrFqdn has been granted to the caller account. if (traceLogger != null) { traceLogger.WriteWarning(X509CertificateUtility.TraceType, ex.ToString()); } return(findValues); } foreach (string findValue in findValues) { X509Certificate2Collection certs = store.Certificates.Find(findType, findValue, validOnly: false); if (certs != null && findType == X509FindType.FindBySubjectName) { certs.MatchExactSubject(findValue); } if (certs == null || certs.Count == 0) { result.Add(findValue); } else { tmpFoundCertificates.Add(findType == X509FindType.FindByThumbprint ? certs[0] : certs.LatestExpired()); } } foundCertificates = tmpFoundCertificates; return(result); } finally { // In .net 4.6, X509Store is changed to implement IDisposable. // But unfortunately, SF today is built on .net 4.5 if (store != null) { store.Close(); } } }
public void SetServiceCertificate(object findValue, StoreLocation location, StoreName storeName, X509FindType findType) { ClientCredentials behavior = Endpoint.Behaviors.Find <ClientCredentials>(); behavior.ServiceCertificate.SetDefaultCertificate(location, storeName, findType, findValue); if (Endpoint.Address.Identity == null) { Uri address = Endpoint.Address.Uri; EndpointIdentity identity = new DnsEndpointIdentity(findValue.ToString()); Endpoint.Address = new EndpointAddress(address, identity); } }
/// <summary> /// Call the Saml Helper Class and get the "Post" value, which can then be posted to the web page /// </summary> /// <param name="sender"></param> /// <param name="e"></param> private void btnPostAssertion_Click(object sender, EventArgs e) { try { this.Cursor = Cursors.WaitCursor; // Set Attributes Dictionary <string, string> attributes = new Dictionary <string, string>(); foreach (ConfigurationData.AttributesRow row in configurationData.Attributes.Rows) { attributes.Add(row.Name, row.Value); } string postData = ""; // Set Parameters to the method call to either the configuration value or a default value StoreLocation storeLocation = configurationData.Configuration.Rows[0]["CertStoreLocation"].ToString().Length > 0 ? (StoreLocation)Enum.Parse(typeof(StoreLocation), configurationData.Configuration.Rows[0]["CertStoreLocation"].ToString()) : StoreLocation.LocalMachine; StoreName storeName = configurationData.Configuration.Rows[0]["CertStoreName"].ToString().Length > 0 ? (StoreName)Enum.Parse(typeof(StoreName), configurationData.Configuration.Rows[0]["CertStoreName"].ToString()) : StoreName.Root; X509FindType findType = configurationData.Configuration.Rows[0]["CertFindMethod"].ToString().Length > 0 ? (X509FindType)Enum.Parse(typeof(X509FindType), configurationData.Configuration.Rows[0]["CertFindMethod"].ToString()) : X509FindType.FindByThumbprint; string certFileLocation = configurationData.Configuration.Rows[0]["CertFileLocation"].ToString().Length > 0 ? configurationData.Configuration.Rows[0]["CertFileLocation"].ToString() : null; string certPassword = configurationData.Configuration.Rows[0]["CertPassword"].ToString().Length > 0 ? configurationData.Configuration.Rows[0]["CertPassword"].ToString() : null; string certFindKey = configurationData.Configuration.Rows[0]["CertFindKey"].ToString(); bool signResponse = this.rbSignResponse.Checked; bool signAssertion = this.rbSignAssertion.Checked; bool signVU475445 = this.rbSignVU475445.Checked; SigningHelper.SignatureType signatureType = SigningHelper.SignatureType.Response; if (signAssertion) { signatureType = SigningHelper.SignatureType.Assertion; } else if (signVU475445) { signatureType = SigningHelper.SignatureType.TestVU475445; } //if ( // Get SAML Post Value if (rb_v1.Checked) { postData = String.Format("SAMLResponse={0}&TARGET={1}", System.Web.HttpUtility.UrlEncode( davidsp8.common.Security.Saml11.SamlHelper.GetPostSamlResponse(txtRecipient.Text, txtIssuer.Text, txtDomain.Text, txtSubject.Text, storeLocation, storeName, findType, certFileLocation, certPassword, certFindKey, attributes, signatureType)), txtTarget.Text); } if (rb_v2.Checked) { postData = String.Format("SAMLResponse={0}&RelayState={1}", System.Web.HttpUtility.UrlEncode( davidsp8.common.Security.Saml20.SamlHelper.GetPostSamlResponse(txtRecipient.Text, txtIssuer.Text, txtDomain.Text, txtSubject.Text, storeLocation, storeName, findType, certFileLocation, certPassword, certFindKey, attributes, signatureType)), System.Web.HttpUtility.UrlEncode(txtTarget.Text)); } Logger.DebugFormat( "PostData = {0}", postData); webBrowser1.Navigate(this.txtRecipient.Text, "_self", Encoding.UTF8.GetBytes(postData), "Content-Type: application/x-www-form-urlencoded"); webBrowser1.Visible = true; webBrowser1.BringToFront(); btnShowBrowser.Text = "Hide Browser"; } catch (UriFormatException ex) { MessageBox.Show(ex.Message); } catch (Exception ex) { Logger.Error(ex.Message, ex); MessageBox.Show(ex.Message); } finally { this.Cursor = Cursors.Default; } }
private static X509Certificate2 LoadCertificateFromStore(string commonName, StoreName storeName, StoreLocation storeLocation, X509FindType x509FindType = X509FindType.FindBySubjectName) { //Log.Logger.Information($"Attempting to locate certificate by {x509FindType} = '{commonName}' from store '{storeLocation}/{storeName}'"); using (var store = new X509Store(storeName, storeLocation)) { store.Open(OpenFlags.ReadOnly); return(FindCertificate(commonName, store.Certificates, x509FindType)); } }
public X509CertificatesFinder(StoreLocation location, StoreName name, X509FindType findType) { _location = location; _name = name; _findType = findType; }
static internal X509Certificate2 GetCertificate(StoreName storeName, StoreLocation storeLocation, string key, X509FindType findType) { X509Certificate2 result; X509Store store = new X509Store(storeName, storeLocation); store.Open(OpenFlags.ReadOnly); try { X509Certificate2Collection matches; matches = store.Certificates.Find(findType, key, false); if (matches.Count > 1) { throw new InvalidOperationException(String.Format("More than one certificate with key '{0}' found in the store.", key)); } if (matches.Count == 0) { throw new InvalidOperationException(String.Format("No certificates with key '{0}' found in the store.", key)); } result = matches[0]; } finally { store.Close(); } return(result); }
/// <summary> /// Gets the cert. /// </summary> /// <param name="sLoc">The s loc.</param> /// <param name="fType">Type of the f.</param> /// <param name="findValue">The find value.</param> /// <param name="bValidOnly">if set to <c>true</c> [b valid only].</param> /// <returns></returns> public static X509Certificate2 GetCert(StoreLocation sLoc, X509FindType fType, object findValue, bool bValidOnly) { return(GetCert(StoreName.My.ToString(), sLoc, fType, findValue, bValidOnly)); }
public void SetScopedCertificate(StoreLocation storeLocation, StoreName storeName, X509FindType findType, object findValue, Uri targetService) { if (findValue == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("findValue"); } if (targetService == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("targetService"); } ThrowIfImmutable(); X509Certificate2 certificate = SecurityUtils.GetCertificateFromStore(storeName, storeLocation, findType, findValue, null); ScopedCertificates[targetService] = certificate; }
public static void SetSecurityBehavior(this ServiceHost host, ServiceSecurity mode, StoreLocation storeLocation, StoreName storeName, X509FindType findType, string serviceCertificateName, bool useAspNetProviders, string applicationName, bool impersonateAll) { if (host.State == CommunicationState.Opened) { throw new InvalidOperationException("Host is already opened"); } SecurityBehavior securityBehavior = new SecurityBehavior(mode, storeLocation, storeName, findType, serviceCertificateName); securityBehavior.UseAspNetProviders = useAspNetProviders; securityBehavior.ApplicationName = applicationName; securityBehavior.ImpersonateAll = impersonateAll; host.Description.Behaviors.Add(securityBehavior); }
public static X509Certificate2 CreateCertificateFrom(StoreLocation storeLocation, StoreName storeName, X509FindType findType, Object findValue) { var store = new X509Store(storeName, storeLocation); store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly); try { foreach (var c in store.Certificates.Find(findType, findValue, false)) { return(c); } throw new InvalidOperationException(String.Format("Specified X509 certificate with find type {0} and find value {1} was not found in X509 store {2} location {3}", findType, findValue, storeName, storeLocation)); } finally { store.Close(); } }
/// <summary> /// GetPostSamlResponse - Returns a Base64 Encoded String with the SamlResponse in it with a Default Signature type. /// </summary> /// <param name="recipient">Recipient</param> /// <param name="issuer">Issuer</param> /// <param name="domain">Domain</param> /// <param name="subject">Subject</param> /// <param name="storeLocation">Certificate Store Location</param> /// <param name="storeName">Certificate Store Name</param> /// <param name="findType">Certificate Find Type</param> /// <param name="certLocation">Certificate Location</param> /// <param name="findValue">Certificate Find Value</param> /// <param name="certFile">Certificate File (used instead of the above Certificate Parameters)</param> /// <param name="certPassword">Certificate Password (used instead of the above Certificate Parameters)</param> /// <param name="attributes">A list of attributes to pass</param> /// <returns>A base64Encoded string with a SAML response.</returns> public static string BuildPostSamlResponse(string recipient, string issuer, string domain, string subject, StoreLocation storeLocation, StoreName storeName, X509FindType findType, string certFile, string certPassword, object findValue, Dictionary <string, string> attributes) { return(BuildPostSamlResponse(recipient, issuer, domain, subject, storeLocation, storeName, findType, certFile, certPassword, findValue, attributes, SigningHelper.SignatureType.Response)); }
/// <summary> /// Can only call before using the proxy for the first time /// </summary> public static void SecureProxy <T>(this ClientBase <T> proxy, StoreLocation storeLocation, StoreName storeName, X509FindType findType, string clientCertificateName) where T : class { if (proxy.State == CommunicationState.Opened) { throw new InvalidOperationException("Proxy channel is already opened"); } SetCertificate(proxy, storeLocation, storeName, findType, clientCertificateName); ServiceEndpoint[] endpoints = { proxy.Endpoint }; proxy.ClientCredentials.ServiceCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.PeerTrust; SecurityBehavior.ConfigureBusinessToBusiness(endpoints); }
/// <summary> /// Gets the cert. /// </summary> /// <param name="sName">Name of the s.</param> /// <param name="fType">Type of the f.</param> /// <param name="findValue">The find value.</param> /// <param name="bValidOnly">if set to <c>true</c> [b valid only].</param> /// <returns></returns> public static X509Certificate2 GetCert(StoreName sName, X509FindType fType, object findValue, bool bValidOnly) { return(GetCert(sName.ToString(), StoreLocation.LocalMachine, fType, findValue, bValidOnly)); }
public X509Certificate2Collection Find(X509FindType findType, object findValue, bool validOnly) { throw new NotImplementedException(); }
/// <summary> /// /// </summary> /// <param name="UUID"></param> /// <param name="Destination"></param> /// <param name="ConsumerServiceURL"></param> /// <param name="certFile"></param> /// <param name="certPassword"></param> /// <param name="storeLocation"></param> /// <param name="storeName"></param> /// <param name="findType"></param> /// <param name="findValue"></param> /// <param name="signatureType"></param> /// <returns></returns> public static string BuildPostSamlRequest(string UUID, string Destination, string ConsumerServiceURL, int SecurityLevel, string certFile, string certPassword, StoreLocation storeLocation, StoreName storeName, X509FindType findType, object findValue, SigningHelper.SignatureType signatureType, string IdentityProvider, int Enviroment) { AuthnRequestType MyRequest = new AuthnRequestType(); MyRequest.ID = UUID; MyRequest.Version = "2.0"; DateTime now = DateTime.UtcNow; DateTime after = now.AddMinutes(10); string nowString = String.Empty; string afterString = String.Empty; if (IdentityProvider.Contains("sielte")) { // SIELTE nowString = now.AddMinutes(-2).ToString("yyyy'-'MM'-'dd'T'HH':'mm':'ss'Z'"); afterString = after.ToString("yyyy'-'MM'-'dd'T'HH':'mm':'ss'Z'"); } else { // POSTE - TIM - INFOCERT nowString = now.ToString("yyyy'-'MM'-'dd'T'HH':'mm':'ss'.'fff'Z'"); afterString = after.ToString("yyyy'-'MM'-'dd'T'HH':'mm':'ss'.'fff'Z'"); } MyRequest.IssueInstant = nowString; if (SecurityLevel > 1) { MyRequest.ForceAuthn = true; MyRequest.ForceAuthnSpecified = true; } MyRequest.Destination = Destination; MyRequest.AssertionConsumerServiceIndex = (ushort)Enviroment; // 1 for dev // 0 for production MyRequest.AssertionConsumerServiceIndexSpecified = true; MyRequest.AttributeConsumingServiceIndex = 1; MyRequest.AttributeConsumingServiceIndexSpecified = true; NameIDType IssuerForRequest = new NameIDType(); IssuerForRequest.Value = ConsumerServiceURL.Trim(); IssuerForRequest.Format = "urn:oasis:names:tc:SAML:2.0:nameid-format:entity"; IssuerForRequest.NameQualifier = ConsumerServiceURL; MyRequest.Issuer = IssuerForRequest; NameIDPolicyType NameIdPolicyForRequest = new NameIDPolicyType(); NameIdPolicyForRequest.Format = "urn:oasis:names:tc:SAML:2.0:nameid-format:transient"; NameIdPolicyForRequest.AllowCreate = true; NameIdPolicyForRequest.AllowCreateSpecified = true; MyRequest.NameIDPolicy = NameIdPolicyForRequest; ConditionsType Conditional = new ConditionsType(); if (IdentityProvider.Contains("sielte")) { // SIELTE Conditional.NotBefore = nowString; } else { // POSTE - TIM - INFOCERT Conditional.NotBefore = now.AddMinutes(-2).ToString("yyyy'-'MM'-'dd'T'HH':'mm':'ss'.'fff'Z'"); } Conditional.NotBeforeSpecified = true; Conditional.NotOnOrAfter = afterString; Conditional.NotOnOrAfterSpecified = true; MyRequest.Conditions = Conditional; RequestedAuthnContextType RequestedAuthn = new RequestedAuthnContextType(); RequestedAuthn.Comparison = AuthnContextComparisonType.minimum; RequestedAuthn.ComparisonSpecified = true; RequestedAuthn.ItemsElementName = new ItemsChoiceType7[] { ItemsChoiceType7.AuthnContextClassRef }; RequestedAuthn.Items = new string[] { "https://www.spid.gov.it/SpidL" + SecurityLevel.ToString() }; MyRequest.RequestedAuthnContext = RequestedAuthn; XmlSerializerNamespaces ns = new XmlSerializerNamespaces(); ns.Add("saml2p", "urn:oasis:names:tc:SAML:2.0:protocol"); //ns.Add("saml2", "urn:oasis:names:tc:SAML:2.0:assertion"); XmlSerializer responseSerializer = new XmlSerializer(MyRequest.GetType()); StringWriter stringWriter = new StringWriter(); XmlWriterSettings settings = new XmlWriterSettings(); settings.OmitXmlDeclaration = true; settings.Indent = true; settings.Encoding = Encoding.UTF8; XmlWriter responseWriter = XmlTextWriter.Create(stringWriter, settings); responseSerializer.Serialize(responseWriter, MyRequest, ns); responseWriter.Close(); string samlString = string.Empty; samlString = stringWriter.ToString(); stringWriter.Close(); XmlDocument doc = new XmlDocument(); doc.LoadXml(samlString); X509Certificate2 cert = null; if (System.IO.File.Exists(certFile)) { cert = new X509Certificate2(certFile, certPassword); } else { X509Store store = new X509Store(storeName, storeLocation); store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly); X509Certificate2Collection CertCol = store.Certificates; X509Certificate2Collection coll = store.Certificates.Find(findType, findValue.ToString(), false); if (coll.Count < 1) { throw new ArgumentException("Unable to locate certificate"); } cert = coll[0]; store.Close(); } XmlElement signature = SigningHelper.SignDoc(doc, cert, UUID); doc.DocumentElement.InsertBefore(signature, doc.DocumentElement.ChildNodes[1]); string responseStr = doc.OuterXml; //byte[] base64EncodedBytes = // Encoding.UTF8.GetBytes(responseStr); //string returnValue = System.Convert.ToBase64String( // base64EncodedBytes); return("<?xml version=\"1.0\" encoding=\"UTF-8\"?>" + responseStr); }