/// <summary>
/// Sets the client credentials for a channel factory.
/// </summary>
/// <param name="channelFactory"></param>
public void SetClientCredentials(ChannelFactory channelFactory)
{
if (channelFactory == null)
{
throw new ArgumentNullException("channelFactory");
}
if (channelFactory.Credentials == null)
{
throw new ArgumentException("ChannelFactory credentials may not be null.");
}
channelFactory.Credentials.ClientCertificate.Certificate = null;
// Set client certificate
if (_enableSsl)
{
channelFactory.Credentials.ClientCertificate.SetCertificate(StoreLocation.LocalMachine, StoreName.My,
X509FindType.FindBySubjectName, Transport.ClientDomainName);
}
// Set the trust level for service certificates
X509ServiceCertificateAuthentication x509ServiceCertificateAuthentication =
channelFactory.Credentials.ServiceCertificate.Authentication;
x509ServiceCertificateAuthentication.CertificateValidationMode =
X509CertificateValidationMode.PeerOrChainTrust;
x509ServiceCertificateAuthentication.TrustedStoreLocation =
StoreLocation.LocalMachine;
x509ServiceCertificateAuthentication.RevocationMode = X509RevocationMode.NoCheck;
x509ServiceCertificateAuthentication.CustomCertificateValidator = new X509CertificateValidator();
}
public TlsClientSession(string host, X509Certificate2 clientCert, X509ServiceCertificateAuthentication auth)
{
stream = new MemoryStream();
if (clientCert == null)
{
ssl = new SslClientStream(stream, host, true, SecurityProtocolType.Tls);
}
else
{
ssl = new SslClientStream(stream, host, true, SecurityProtocolType.Tls, new X509CertificateCollection(new X509Certificate [] { clientCert }));
mutual = true;
ssl.ClientCertSelection += delegate(
X509CertificateCollection clientCertificates,
X509Certificate serverCertificate,
string targetHost,
X509CertificateCollection serverRequestedCertificates)
{
return(clientCertificates [0]);
};
}
X509CertificateValidator v = null;
switch (auth.CertificateValidationMode)
{
case X509CertificateValidationMode.None:
v = X509CertificateValidator.None;
break;
case X509CertificateValidationMode.PeerTrust:
v = X509CertificateValidator.PeerTrust;
break;
case X509CertificateValidationMode.ChainTrust:
v = X509CertificateValidator.ChainTrust;
break;
case X509CertificateValidationMode.PeerOrChainTrust:
v = X509CertificateValidator.PeerOrChainTrust;
break;
case X509CertificateValidationMode.Custom:
v = auth.CustomCertificateValidator;
break;
}
ssl.ServerCertValidationDelegate = delegate(X509Certificate certificate, int [] certificateErrors)
{
v.Validate(new X509Certificate2(certificate)); // will throw SecurityTokenvalidationException if invalid.
return(true);
};
}
internal void ApplyConfiguration(X509ServiceCertificateAuthentication cert)
{
if (cert == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("cert");
}
cert.CertificateValidationMode = this.CertificateValidationMode;
cert.RevocationMode = this.RevocationMode;
cert.TrustedStoreLocation = this.TrustedStoreLocation;
if (!string.IsNullOrEmpty(this.CustomCertificateValidatorType))
{
Type c = Type.GetType(this.CustomCertificateValidatorType, true);
if (!typeof(X509CertificateValidator).IsAssignableFrom(c))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ConfigurationErrorsException(System.ServiceModel.SR.GetString("ConfigInvalidCertificateValidatorType", new object[] { this.CustomCertificateValidatorType, typeof(X509CertificateValidator).ToString() })));
}
cert.CustomCertificateValidator = (X509CertificateValidator)Activator.CreateInstance(c);
}
}
//</snippet20>
//<snippet21>
public void snippet21(CalculatorClient cc)
{
X509CertificateRecipientClientCredential rcc = cc.ClientCredentials.ServiceCertificate;
X509ServiceCertificateAuthentication xauth = rcc.Authentication;
}
public TlsClientSession (string host, X509Certificate2 clientCert, X509ServiceCertificateAuthentication auth)
{
stream = new MemoryStream ();
if (clientCert == null)
ssl = new SslClientStream (stream, host, true, SecurityProtocolType.Tls);
else {
ssl = new SslClientStream (stream, host, true, SecurityProtocolType.Tls, new X509CertificateCollection (new X509Certificate [] {clientCert}));
mutual = true;
ssl.ClientCertSelection += delegate (
X509CertificateCollection clientCertificates,
X509Certificate serverCertificate,
string targetHost,
X509CertificateCollection serverRequestedCertificates) {
return clientCertificates [0];
};
}
X509CertificateValidator v = null;
switch (auth.CertificateValidationMode) {
case X509CertificateValidationMode.None:
v = X509CertificateValidator.None;
break;
case X509CertificateValidationMode.PeerTrust:
v = X509CertificateValidator.PeerTrust;
break;
case X509CertificateValidationMode.ChainTrust:
v = X509CertificateValidator.ChainTrust;
break;
case X509CertificateValidationMode.PeerOrChainTrust:
v = X509CertificateValidator.PeerOrChainTrust;
break;
case X509CertificateValidationMode.Custom:
v = auth.CustomCertificateValidator;
break;
}
ssl.ServerCertValidationDelegate = delegate (X509Certificate certificate, int [] certificateErrors) {
v.Validate (new X509Certificate2 (certificate)); // will throw SecurityTokenvalidationException if invalid.
return true;
};
}
