internal void InternalTryFindCertificateTest(string ipAddress, IEnumerable <string> findValues, X509FindType findType) { IEnumerable <X509Certificate2> foundCerts; IEnumerable <string> unfoundCerts = X509CertificateUtility.TryFindCertificate(ipAddress, StoreName.My, findValues, findType, out foundCerts); bool isThumbprintTest = findType == X509FindType.FindByThumbprint; this.VerifyCollectionEquity(foundCerts.Select(c => isThumbprintTest ? c.Thumbprint : c.Subject), Utility.installedCertificates.Select(p => isThumbprintTest ? p.Item1 : "CN=" + p.Item3)); this.VerifyCollectionEquity(unfoundCerts, Utility.uninstalledCertificates); }
public static void UninstallCertificates(IEnumerable <string> thumbprints) { IEnumerable <X509Certificate2> installedCerts; X509CertificateUtility.TryFindCertificate("localhost", StoreName.My, thumbprints, X509FindType.FindByThumbprint, out installedCerts); ProcessCertificates(new Action <X509Store, X509Certificate2>( (store, cert) => { store.Remove(cert); }), installedCerts); }
public void IsCertificateValidTest() { IEnumerable <X509Certificate2> foundCerts; X509CertificateUtility.TryFindCertificate( "localhost", StoreName.My, Utility.installedCertificates.Select(p => p.Item1), X509FindType.FindByThumbprint, out foundCerts); Assert.AreEqual(Utility.installedCertificates.Count(), foundCerts.Count()); Assert.IsTrue(foundCerts.All(cert => Utility.installedValidCertificates.Any(p => p.Item1 == cert.Thumbprint) == X509CertificateUtility.IsCertificateValid(cert))); }
/// <summary> /// Initializes the configuration options for the target Authentication Provider /// </summary> /// <param name="provider">The target Authentication Provider</param> /// <param name="option">The configuration options for the target Authentication Provider</param> private static void InitProviderOptions(IAuthenticationProvider provider, PnPCoreAuthenticationCredentialConfigurationOptions option) { switch (provider) { case X509CertificateAuthenticationProvider x509Certificate: x509Certificate.ClientId = option.ClientId; x509Certificate.TenantId = option.TenantId; x509Certificate.Certificate = X509CertificateUtility.LoadCertificate( option.X509Certificate.StoreName, option.X509Certificate.StoreLocation, option.X509Certificate.Thumbprint); break; case ExternalAuthenticationProvider aspNetCore: aspNetCore.ClientId = option.ClientId; aspNetCore.TenantId = option.TenantId; break; case CredentialManagerAuthenticationProvider credentialManager: credentialManager.ClientId = option.ClientId; credentialManager.TenantId = option.TenantId; credentialManager.CredentialManagerName = option.CredentialManager.CredentialManagerName; break; case OnBehalfOfAuthenticationProvider onBehalfOf: onBehalfOf.ClientId = option.ClientId; onBehalfOf.TenantId = option.TenantId; onBehalfOf.ClientSecret = option.OnBehalfOf.ClientSecret.ToSecureString(); break; case UsernamePasswordAuthenticationProvider usernamePassword: usernamePassword.ClientId = option.ClientId; usernamePassword.TenantId = option.TenantId; usernamePassword.Username = option.UsernamePassword.Username; usernamePassword.Password = option.UsernamePassword.Password.ToSecureString(); break; case InteractiveAuthenticationProvider interactive: interactive.ClientId = option.ClientId; interactive.TenantId = option.TenantId; interactive.RedirectUri = option.Interactive.RedirectUri; break; case DeviceCodeAuthenticationProvider deviceCode: deviceCode.ClientId = option.ClientId; deviceCode.TenantId = option.TenantId; deviceCode.RedirectUri = option.Interactive.RedirectUri; break; } }
public void FindIssuerTest() { IEnumerable <string> cns = Utility.installedCertificates.Select(p => p.Item3); IEnumerable <X509Certificate2> foundCerts; IEnumerable <string> unfoundCerts = X509CertificateUtility.TryFindCertificate(string.Empty, StoreName.My, cns, X509FindType.FindBySubjectName, out foundCerts); Assert.IsFalse(unfoundCerts.Any()); Assert.AreEqual(cns.Count(), foundCerts.Count()); X509Certificate2[] foundCertsResult = foundCerts.ToArray(); for (int i = 0; i < foundCertsResult.Count(); i++) { string issuerThumbprint = foundCertsResult[i].FindIssuer(new string[] { Utility.installedCertificates[i].Item1 }); Assert.AreEqual(Utility.installedCertificates[i].Item1, issuerThumbprint); } }
public void X509CertUtilityEncryptNoCertTest() { byte[] encoded = Encoding.UTF8.GetBytes("test"); Assert.ThrowsException <ArgumentNullException>(() => X509CertificateUtility.Encrypt(encoded, null)); }
public void X509CertUtilityEncryptNothingTest() { var certificate = X509CertificateUtility.LoadCertificate(StoreName.My, StoreLocation.CurrentUser, TestCommon.GetX509CertificateThumbprint()); Assert.ThrowsException <ArgumentNullException>(() => X509CertificateUtility.Encrypt(null, certificate)); }
public void X509CertUtilityDecryptNoCertTest() { byte[] encoded = Encoding.UTF8.GetBytes("doesntmatterwhatthisis"); Assert.ThrowsException <ArgumentNullException>(() => X509CertificateUtility.Decrypt(encoded, null)); }
/// <summary> /// Configure Kestrel to use Certificate-based Authentication /// </summary> /// <param name="options"></param> private static void ConfigureKestrelCertAuth(KestrelServerOptions options) { using var scope = options.ApplicationServices.CreateScope(); var logger = scope.ServiceProvider .GetService <ILoggerFactory>() ?.CreateLogger(nameof(Program)); var settings = scope.ServiceProvider .GetService <IOptionsMonitor <KestrelAuthenticationConfiguration> >() ?.CurrentValue; if (settings is null) { logger.LogWarning($"{nameof(KestrelAuthenticationConfiguration)} is null, can't configure kestrel"); return; } if (!settings.Enabled) { logger.LogWarning("skipping configuration of kestrel"); return; } if (string.IsNullOrWhiteSpace(settings.Certificate)) { logger.LogError("no certificate given, provide path to a valid certificate with '" + $"{nameof(KestrelAuthenticationConfiguration)}:{nameof(KestrelAuthenticationConfiguration.Certificate)}'"); return; } X509Certificate2 certificate = null; if (Path.GetExtension(settings.Certificate) == "pfx") { certificate = settings.Password is null ? new X509Certificate2(settings.Certificate) : new X509Certificate2(settings.Certificate, settings.Password); } var certpath = Environment.GetEnvironmentVariable("ASPNETCORE_SSLCERT_PATH"); if (!string.IsNullOrEmpty(certpath) || Path.GetExtension(settings.Certificate) == "crt") { var port = Environment.GetEnvironmentVariable("ASPNETCORE_SSL_PORT"); certificate = X509CertificateUtility.LoadFromCrt(certpath) ?? X509CertificateUtility.LoadFromCrt(settings.Certificate); settings.Port = int.Parse(port ?? settings.Port.ToString()); } var connectionOptions = new HttpsConnectionAdapterOptions { ServerCertificate = certificate }; var inDocker = bool.Parse(Environment.GetEnvironmentVariable("DOTNET_RUNNING_IN_CONTAINER") ?? "false"); if (!inDocker) { logger.LogInformation("Not running in docker, adding client certificate validation"); connectionOptions.ClientCertificateMode = ClientCertificateMode.RequireCertificate; connectionOptions.ClientCertificateValidation = CertificateValidator.DisableChannelValidation; } logger.LogInformation($"loaded certificate: {connectionOptions.ServerCertificate}"); if (string.IsNullOrWhiteSpace(settings.IpAddress)) { logger.LogError("no ip-address given, provide a valid ipv4 or ipv6 binding-address or 'localhost' for '" + $"{nameof(KestrelAuthenticationConfiguration)}:{nameof(KestrelAuthenticationConfiguration.IpAddress)}'"); return; } if (settings.IpAddress == "localhost") { logger.LogInformation($"binding to: https://localhost:{settings.Port}"); options.ListenLocalhost(settings.Port, listenOptions => { listenOptions.UseHttps(connectionOptions); }); } else if (settings.IpAddress == "*") { logger.LogInformation($"binding to: https://*:{settings.Port}"); options.ListenAnyIP(settings.Port, listenOptions => { listenOptions.UseHttps(connectionOptions); }); } else { var ip = IPAddress.Parse(settings.IpAddress); logger.LogInformation($"binding to: https://{ip}:{settings.Port}"); options.Listen(ip, settings.Port, listenOptions => { listenOptions.UseHttps(connectionOptions); }); } }
/// <summary> /// Returns a SharePoint ClientContext using Azure Active Directory App Only Authentication. This requires that you have a certificated created, and updated the key credentials key in the application manifest in the azure AD accordingly. /// </summary> /// <param name="siteUrl">Site for which the ClientContext object will be instantiated</param> /// <param name="clientId">The Azure AD Application Client ID</param> /// <param name="tenant">The Azure AD Tenant, e.g. mycompany.onmicrosoft.com</param> /// <param name="storeName">The name of the store for the certificate</param> /// <param name="storeLocation">The location of the store for the certificate</param> /// <param name="thumbPrint">The thumbprint of the certificate to locate in the store</param> /// <returns></returns> public ClientContext GetAzureADAppOnlyAuthenticatedContext(string siteUrl, string clientId, string tenant, StoreName storeName, StoreLocation storeLocation, string thumbPrint) { var cert = X509CertificateUtility.LoadCertificate(storeName, storeLocation, thumbPrint); return(GetAzureADAppOnlyAuthenticatedContext(siteUrl, clientId, tenant, cert)); }