protected virtual CertificateConfiguration LoadCertificateConfiguration(Certificates cert)
{
object findValue;
X509FindType findType;
var certConfig = new CertificateConfiguration
{
SubjectDistinguishedName = cert.SubjectDistinguishedName,
};
if (!string.IsNullOrWhiteSpace(cert.SubjectDistinguishedName))
{
findValue = cert.SubjectDistinguishedName;
findType = X509FindType.FindBySubjectDistinguishedName;
}
else
{
Tracing.Error("No distinguished name or thumbprint for certificate: " + cert.Name);
return(certConfig);
}
try
{
certConfig.Certificate = X509Certificates.GetCertificateFromStore(StoreLocation.LocalMachine, StoreName.My, findType, findValue);
}
catch
{
Tracing.Error("No certificate found for: " + findValue);
throw new ConfigurationErrorsException("No certificate found for: " + findValue);
}
return(certConfig);
}
public static X509Certificate2 GetValidClientCertificate()
{
return(X509Certificates.GetCertificateFromStore(
StoreLocation.CurrentUser,
StoreName.My,
X509FindType.FindBySubjectDistinguishedName,
Constants.Certificates.ValidClientCertificateName));
}
static void Main(string[] args)
{
signingCert = X509Certificates.GetCertificateFromStore(
"CN=roadie, OU=Research, O=LeastPrivilege, L=Heidelberg, S=BaWue, C=DE",
StoreLocation.LocalMachine);
BearerClearText();
SymmetricEncrypted();
}
public void X509CertificatesSucceedOnValidPrimaryString()
{
// arrange
string primary = PUBLIC_KEY_CERTIFICATE_STRING;
// act
var x509Certificates = new X509Certificates(primary);
// assert
Assert.IsNotNull(x509Certificates.Primary);
Assert.IsNull(x509Certificates.Secondary);
}
public void X509CertificatesSucceedOnValidPrimaryX509Certificate()
{
// arrange
using var primary = new X509Certificate2(System.Text.Encoding.ASCII.GetBytes(PUBLIC_KEY_CERTIFICATE_STRING));
// act
var x509Certificates = new X509Certificates(primary);
// assert
Assert.IsNotNull(x509Certificates.Primary);
Assert.IsNull(x509Certificates.Secondary);
}
public void X509CertificatesSucceedOnValidPrimaryAndSecondaryX509CertificateWithInfo()
{
// arrange
string primary = PUBLIC_KEY_CERTIFICATE_STRING;
string secondary = PUBLIC_KEY_CERTIFICATE_STRING;
// act
X509Certificates x509Certificates = new X509Certificates(primary, secondary);
// assert
Assert.IsNotNull(x509Certificates.Primary);
Assert.IsNotNull(x509Certificates.Secondary);
}
private static RequestSecurityTokenResponse RequestToken(RequestSecurityToken rst)
{
var factory = new WSTrustChannelFactory(
new CertificateWSTrustBinding(SecurityMode.TransportWithMessageCredential),
new EndpointAddress(idp));
factory.Credentials.ClientCertificate.Certificate = X509Certificates.GetCertificateFromStore("CN=Client");
RequestSecurityTokenResponse rstr;
var token = factory.CreateChannel().Issue(rst, out rstr);
return(rstr);
}
private static RequestSecurityTokenResponse RequestTokenInMemory(RequestSecurityToken rst)
{
var signingCert = X509Certificates.GetCertificateFromStore("CN=STS", StoreLocation.LocalMachine);
var encryptingCert = X509Certificates.GetCertificateFromStore("CN=Service", StoreLocation.LocalMachine);
var config = new InMemoryStsConfiguration(signingCert);
var sts = new InMemorySts(config, encryptingCert);
var id = new ClaimsIdentity(new List <Claim>
{
new Claim(ClaimTypes.Name, "dominick")
});
return(sts.Issue(ClaimsPrincipal.CreateFromIdentity(id), rst));
}
public void X509CertificatesSucceedOnJsonWithPrimaryCertificate()
{
// arrange
string json =
"{" +
" \"primary\": " +
MakeCertInfoJson(SUBJECT_NAME, SHA1THUMBPRINT, SHA256THUMBPRINT, ISSUER_NAME, NOT_BEFORE_UTC_STRING, NOT_AFTER_UTC_STRING, SERIAL_NUMBER, VERSION) +
"}";
// act
X509Certificates x509Certificates = JsonConvert.DeserializeObject <X509Certificates>(json);
// assert
Assert.IsNotNull(x509Certificates.Primary);
Assert.IsNull(x509Certificates.Secondary);
}
private static SecurityToken RequestSymmetricEncryptedToken(X509Certificate2 decryptionCert)
{
var factory = new WSTrustChannelFactory(
new CertificateWSTrustBinding(SecurityMode.TransportWithMessageCredential),
new EndpointAddress(idp));
factory.Credentials.ClientCertificate.Certificate = X509Certificates.GetCertificateFromStore("CN=Client");
var rst = new RequestSecurityToken
{
RequestType = RequestTypes.Issue,
AppliesTo = new EndpointAddress(encryptedRP),
KeyType = KeyTypes.Symmetric
};
var genericToken = factory.CreateChannel().Issue(rst) as GenericXmlSecurityToken;
var token = genericToken.ToSecurityToken(decryptionCert);
return(token);
}
private X509Certificate2 GetCertificateFromStore(string distinguishedName)
{
return(X509Certificates.GetCertificateFromStore(distinguishedName));
}
private static X509Certificate2 GetSigningCertificate()
{
return(X509Certificates.GetCertificateFromStore("CN=Service"));
}
public X509Certificate2 GetCertificate()
{
return(X509Certificates.GetCertificate("CollectServiceCertificate"));
}
private static void StoreDeployed()
{
var cert = X509Certificates.GetCertificate("Store");
X509Certificate2UI.DisplayCertificate(cert);
}
private static void DownloadSsl()
{
var cert = X509Certificates.DownloadSslCertificate("www.microsoft.com", 443);
X509Certificate2UI.DisplayCertificate(cert);
}
private static void OpenFromStore()
{
var cert = X509Certificates.GetCertificateFromStore("CN=Service");
X509Certificate2UI.DisplayCertificate(cert);
}
