public X509CertificateMessageHandler( X509CertificateValidator validator, Func <X509Certificate2, string> issuerMapper ) { _validator = validator; _issuerMapper = issuerMapper; }
private SamlSecurityTokenAuthenticator CreateSamlTokenAuthenticator(RecipientServiceModelSecurityTokenRequirement recipientRequirement, out SecurityTokenResolver outOfBandTokenResolver) { SamlSecurityTokenAuthenticator authenticator; if (recipientRequirement == null) { throw System.ServiceModel.DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("recipientRequirement"); } Collection <SecurityToken> collection = new Collection <SecurityToken>(); if (this.parent.ServiceCertificate.Certificate != null) { collection.Add(new X509SecurityToken(this.parent.ServiceCertificate.Certificate)); } List <SecurityTokenAuthenticator> supportingAuthenticators = new List <SecurityTokenAuthenticator>(); if ((this.parent.IssuedTokenAuthentication.KnownCertificates != null) && (this.parent.IssuedTokenAuthentication.KnownCertificates.Count > 0)) { for (int i = 0; i < this.parent.IssuedTokenAuthentication.KnownCertificates.Count; i++) { collection.Add(new X509SecurityToken(this.parent.IssuedTokenAuthentication.KnownCertificates[i])); } } X509CertificateValidator certificateValidator = this.parent.IssuedTokenAuthentication.GetCertificateValidator(); supportingAuthenticators.Add(new X509SecurityTokenAuthenticator(certificateValidator)); if (this.parent.IssuedTokenAuthentication.AllowUntrustedRsaIssuers) { supportingAuthenticators.Add(new RsaSecurityTokenAuthenticator()); } outOfBandTokenResolver = (collection.Count > 0) ? SecurityTokenResolver.CreateDefaultSecurityTokenResolver(new ReadOnlyCollection <SecurityToken>(collection), false) : null; if ((recipientRequirement.SecurityBindingElement == null) || (recipientRequirement.SecurityBindingElement.LocalServiceSettings == null)) { authenticator = new SamlSecurityTokenAuthenticator(supportingAuthenticators); } else { authenticator = new SamlSecurityTokenAuthenticator(supportingAuthenticators, recipientRequirement.SecurityBindingElement.LocalServiceSettings.MaxClockSkew); } authenticator.AudienceUriMode = this.parent.IssuedTokenAuthentication.AudienceUriMode; IList <string> allowedAudienceUris = authenticator.AllowedAudienceUris; if (this.parent.IssuedTokenAuthentication.AllowedAudienceUris != null) { for (int j = 0; j < this.parent.IssuedTokenAuthentication.AllowedAudienceUris.Count; j++) { allowedAudienceUris.Add(this.parent.IssuedTokenAuthentication.AllowedAudienceUris[j]); } } if (recipientRequirement.ListenUri != null) { allowedAudienceUris.Add(recipientRequirement.ListenUri.AbsoluteUri); } return(authenticator); }
internal X509PeerCertificateAuthentication(X509PeerCertificateAuthentication other) { this.certificateValidationMode = X509CertificateValidationMode.PeerOrChainTrust; this.revocationMode = X509RevocationMode.Online; this.trustedStoreLocation = StoreLocation.CurrentUser; this.certificateValidationMode = other.certificateValidationMode; this.customCertificateValidator = other.customCertificateValidator; this.revocationMode = other.revocationMode; this.trustedStoreLocation = other.trustedStoreLocation; this.isReadOnly = other.isReadOnly; }
/// <summary> /// Creates the objects used to validate the user identity tokens supported by the server. /// </summary> private void CreateUserIdentityValidators(ApplicationConfiguration configuration) { for (int ii = 0; ii < configuration.ServerConfiguration.UserTokenPolicies.Count; ii++) { UserTokenPolicy policy = configuration.ServerConfiguration.UserTokenPolicies[ii]; // ignore policies without an explicit id. if (String.IsNullOrEmpty(policy.PolicyId)) { continue; } // create a validator for an issued token policy. if (policy.TokenType == UserTokenType.IssuedToken) { // the name of the element in the configuration file. XmlQualifiedName qname = new XmlQualifiedName(policy.PolicyId, Namespaces.OpcUa); // find the id for the issuer certificate. CertificateIdentifier id = configuration.ParseExtension<CertificateIdentifier>(qname); if (id == null) { Utils.Trace( (int)Utils.TraceMasks.Error, "Could not load CertificateIdentifier for UserTokenPolicy {0}", policy.PolicyId); continue; } } // create a validator for a certificate token policy. if (policy.TokenType == UserTokenType.Certificate) { // the name of the element in the configuration file. XmlQualifiedName qname = new XmlQualifiedName(policy.PolicyId, Namespaces.OpcUa); // find the location of the trusted issuers. CertificateTrustList trustedIssuers = configuration.ParseExtension<CertificateTrustList>(qname); if (trustedIssuers == null) { Utils.Trace( (int)Utils.TraceMasks.Error, "Could not load CertificateTrustList for UserTokenPolicy {0}", policy.PolicyId); continue; } // trusts any certificate in the trusted people store. m_certificateValidator = new X509CertificateValidator(); } } }