public void ItLoadsACertificateFromString()
{
MnoHelper.Environment = "production";
string strCert = MnoHelper.Sso.X509Certificate;
// Build certificate
ASCIIEncoding ascii = new ASCIIEncoding();
var bytCert = ascii.GetBytes(strCert);
X509Certificate2 cert = new X509Certificate2(bytCert);
// Create SAML x509 certificate from string
Certificate samlCert = new Certificate();
samlCert.LoadCertificate(strCert);
Assert.IsTrue(cert.Equals(samlCert.cert));
}
private X509Certificate2 FindParent (X509Certificate2 certificate)
{
X509Certificate2Collection subset = CertificateCollection.Find (X509FindType.FindBySubjectDistinguishedName, certificate.Issuer, false);
string aki = GetAuthorityKeyIdentifier (certificate);
if ((aki != null) && (aki.Length > 0)) {
subset.AddRange (CertificateCollection.Find (X509FindType.FindBySubjectKeyIdentifier, aki, false));
}
X509Certificate2 parent = SelectBestFromCollection (certificate, subset);
// if parent==certificate we're looping but it's not (probably) a bug and not a true cyclic (over n certs)
return certificate.Equals (parent) ? null : parent;
}
public Task AuthenticateAsClient(X509Certificate2 certificate)
{
var ssl = new SslStream(Stream, false, (sender, x509Certificate, chain, errors) =>
{
if (errors == SslPolicyErrors.None)
return true;
return certificate.Equals(x509Certificate);
}, null);
var tempStream = new SslStreamWrapper(ssl);
Stream = tempStream;
Func<AsyncCallback, object, IAsyncResult> begin =
(cb, s) => ssl.BeginAuthenticateAsClient(this._uri.Host,
new X509Certificate2Collection(certificate),SslProtocols.Tls, false, cb, s);
var task = Task.Factory.FromAsync(begin, ssl.EndAuthenticateAsClient, null);
return task;
}
private bool Exists (X509Certificate2 certificate)
{
if ((store == null) || (list == null) || (certificate == null))
return false;
foreach (X509Certificate2 c in list) {
if (certificate.Equals (c)) {
return true;
}
}
return false;
}
private static string FindExistingFilename(X509Certificate2 cert, string storePath, out bool hadCandidates)
{
hadCandidates = false;
foreach (string maybeMatch in Directory.EnumerateFiles(storePath, cert.Thumbprint + PfxWildcard))
{
hadCandidates = true;
try
{
using (X509Certificate2 candidate = new X509Certificate2(maybeMatch))
{
if (candidate.Equals(cert))
{
return maybeMatch;
}
}
}
catch (CryptographicException)
{
// Contents weren't interpretable as a certificate, so it's not a match.
}
}
return null;
}
/// <summary>
/// This method is used verify that a connection can be made to the LDAP directory holding
/// the root certificate for all environments begin set using the {@link Environments} class.
/// </summary>
public static void VerifyRootCertificateFromLdap()
{
foreach (var environment in Environments.TrustedEnvironments)
{
using (var connection = LdapFactory.CreateLdapConnection(environment))
{
var ldapRootProp = Properties.Get("ldap.ca.dn.danid." + environment);
var request = new SearchRequest(ldapRootProp,(string)null, SearchScope.Base, LdapFactory.RootCertificateBinary );
var response = (SearchResponse)connection.SendRequest(request);
var bytes = (byte[])response.Entries[0].Attributes[LdapFactory.RootCertificateBinary][0];
var rootCertificateFromLdap = new X509Certificate2(bytes);
var rootCertificate = RootCertificates.LookupCertificate(environment);
if (rootCertificateFromLdap.Equals(rootCertificate))
{
Logger.Info("Root certificate retrieved from LDAP with DN: " + rootCertificateFromLdap.SubjectName);
}
else
{
Logger.Error("ERROR: Could not retrieve root certificate from LDAP for environment " + environment);
}
}
}
}
internal bool Contains (X509Certificate2 certificate)
{
for (int i=0; i < _list.Count; i++) {
if (certificate.Equals (( _list [i] as X509ChainElement).Certificate))
return true;
}
return false;
}
public void Remove (X509Certificate2 certificate)
{
if (certificate == null)
throw new ArgumentNullException ("certificate");
for (int i=0; i < InnerList.Count; i++) {
X509Certificate2 c = (X509Certificate2) InnerList [i];
if (certificate.Equals (c)) {
InnerList.RemoveAt (i);
// only first instance is removed
return;
}
}
}
public bool Contains (X509Certificate2 certificate)
{
if (certificate == null)
throw new ArgumentNullException ("certificate");
foreach (X509Certificate2 c in InnerList) {
if (certificate.Equals (c))
return true;
}
return false;
}
private X509Certificate2Collection FindMatches(string storeName, StoreLocation storeLocation)
{
using (X509Certificate2 cer = new X509Certificate2(CerData))
{
X509Certificate2Collection matches = new X509Certificate2Collection();
using (X509Store store = new X509Store(storeName, storeLocation))
{
store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);
foreach (X509Certificate2 candidate in store.Certificates)
{
// X509Certificate2.Equals() compares issuer and serial.
if (cer.Equals(candidate))
{
matches.Add(candidate);
}
}
return matches;
}
}
}
