Exemple #1
0
        private async Task ApplyClientCertificateSettings()
        {
            if (ClientCertificateOptions == ClientCertificateOption.Manual)
            {
                if (_clientCertificates != null && _clientCertificates.Count > 0)
                {
                    RTCertificate cert = await CertificateHelper.ConvertDotNetClientCertToWinRtClientCertAsync(_clientCertificates[0]);

                    if (cert == null)
                    {
                        throw new PlatformNotSupportedException(string.Format(CultureInfo.InvariantCulture,
                                                                              SR.net_http_feature_UWPClientCertSupportRequiresCertInPersonalCertificateStore));
                    }

                    _rtFilter.ClientCertificate = cert;
                }

                return;
            }

            // Get the certs that can be used for Client Authentication.
            var query = new RTCertificateQuery();
            var ekus  = query.EnhancedKeyUsages;

            ekus.Add(ClientAuthenticationOID);
            var clientCertificates = await RTCertificateStores.FindAllAsync(query).AsTask().ConfigureAwait(false);

            if (clientCertificates.Count > 0)
            {
                _rtFilter.ClientCertificate = clientCertificates[0];
            }
        }
        // There are currently only two ways to convert a .NET X509Certificate2 object into a WinRT Certificate without
        // losing its private keys, each with its own limitations:
        //
        // (1) Using the X509Certificate2.Export method with PKCS12/PFX to obtain a byte[] representation (including private
        //     keys) that can then be passed into the IBuffer-based WinRT Certificate constructor. Unfortunately, the
        //     X509Certificate2.Export operation will only succeed if the app-provided X509Certificate2 object was created
        //     with the non-default X509KeyStorageFlags.Exportable flag.
        //
        // (2) Going through the certificate store. That is, retrieving the certificate represented by the X509Certificate2
        //     object as a WinRT Certificate via WinRT CertificateStores APIs. Of course, this requires the certificate to
        //     have been added to a certificate store in the first place.
        //
        // Furthermore, WinRT WebSockets only support certificates that have been added to the personal certificate store
        // (i.e., "MY" store) due to other WinRT-specific private key limitations. With that in mind, approach (2) is the
        // most appropriate for our needs, as it guarantees that WinRT WebSockets will be able to handle the resulting
        // WinRT Certificate during ConnectAsync.
        internal static async Task <RTCertificate> ConvertDotNetClientCertToWinRtClientCertAsync(X509Certificate2 dotNetCertificate)
        {
            var query = new RTCertificateQuery
            {
                Thumbprint        = dotNetCertificate.GetCertHash(),
                IncludeDuplicates = false,
                StoreName         = "MY"
            };

            IReadOnlyList <RTCertificate> certificates = await RTCertificateStores.FindAllAsync(query).AsTask().ConfigureAwait(false);

            if (certificates.Count > 0)
            {
                return(certificates[0]);
            }

            return(null);
        }
Exemple #3
0
        private async Task ApplyClientCertificateSettings()
        {
            if (ClientCertificateOptions == ClientCertificateOption.Manual)
            {
                return;
            }

            // Get the certs that can be used for Client Authentication.
            var query = new RTCertificateQuery();
            var ekus  = query.EnhancedKeyUsages;

            ekus.Add(ClientAuthenticationOID);
            var clientCertificates = await RTCertificateStores.FindAllAsync(query).AsTask().ConfigureAwait(false);

            if (clientCertificates.Count > 0)
            {
                _rtFilter.ClientCertificate = clientCertificates[0];
            }
        }
Exemple #4
0
        // There are currently only two ways to convert a .NET X509Certificate2 object into a WinRT Certificate without
        // losing its private keys, each with its own limitations:
        //
        // (1) Using the X509Certificate2.Export method with PKCS12/PFX to obtain a byte[] representation (including private
        //     keys) that can then be passed into the IBuffer-based WinRT Certificate constructor. Unfortunately, the
        //     X509Certificate2.Export operation will only succeed if the app-provided X509Certificate2 object was created
        //     with the non-default X509KeyStorageFlags.Exportable flag.
        //
        // (2) Going through the certificate store. That is, retrieving the certificate represented by the X509Certificate2
        //     object as a WinRT Certificate via WinRT CertificateStores APIs. Of course, this requires the certificate to
        //     have been added to a certificate store in the first place.
        //
        // Furthermore, WinRT WebSockets only support certificates that have been added to the personal certificate store
        // (i.e., "MY" store) due to other WinRT-specific private key limitations. With that in mind, approach (2) is the
        // most appropriate for our needs, as it guarantees that WinRT WebSockets will be able to handle the resulting
        // WinRT Certificate during ConnectAsync.
        private static RTCertificate ConvertDotNetClientCertToWinRtClientCert(X509Certificate2 dotNetCertificate)
        {
            var query = new RTCertificateQuery
            {
                Thumbprint        = dotNetCertificate.GetCertHash(),
                IncludeDuplicates = false,
                StoreName         = "MY"
            };

            IReadOnlyList <RTCertificate> certificates = RTCertificateStores.FindAllAsync(query).AsTask().GetAwaiter().GetResult();

            if (certificates.Count > 0)
            {
                return(certificates[0]);
            }

            throw new PlatformNotSupportedException(string.Format(
                                                        CultureInfo.InvariantCulture,
                                                        SR.net_WebSockets_UWPClientCertSupportRequiresCertInPersonalCertificateStore));
        }