| public static Load ( X509Certificate2 certificate, bool ensurePrivateKeyAccessible ) : X509Certificate2 | ||
| certificate | X509Certificate2 | The certificate to load. |
| ensurePrivateKeyAccessible | bool | If true a key conatiner is created for a certificate that must be deleted by calling Cleanup. |
| return | X509Certificate2 | |
/// <summary>
/// Finds a certificate in a store.
/// </summary>
/// <param name="needPrivateKey">if set to <c>true</c> the returned certificate must contain the private key.</param>
/// <returns>An instance of the <see cref="X509Certificate2"/> that is emebeded by this instance or find it in
/// the selected strore pointed out by the <see cref="StorePath"/> using selected <see cref="SubjectName"/>.</returns>
public async Task <X509Certificate2> Find(bool needPrivateKey)
{
X509Certificate2 certificate = null;
// check if the entire certificate has been specified.
if (m_certificate != null && (!needPrivateKey || m_certificate.HasPrivateKey))
{
certificate = m_certificate;
}
else
{
// open store.
using (ICertificateStore store = CertificateStoreIdentifier.CreateStore(StoreType))
{
store.Open(StorePath);
X509Certificate2Collection collection = await store.Enumerate();
certificate = Find(collection, m_thumbprint, m_subjectName, needPrivateKey);
if (certificate != null)
{
m_certificate = certificate;
}
}
}
// use the single instance in the certificate cache.
if (needPrivateKey)
{
certificate = m_certificate = CertificateFactory.Load(certificate, true);
}
return(certificate);
}
/// <summary>
/// Finds a certificate in a store.
/// </summary>
/// <param name="needPrivateKey">if set to <c>true</c> the returned certificate must contain the private key.</param>
/// <returns>An instance of the <see cref="X509Certificate2"/> that is embedded by this instance or find it in
/// the selected store pointed out by the <see cref="StorePath"/> using selected <see cref="SubjectName"/>.</returns>
public async Task <X509Certificate2> Find(bool needPrivateKey)
{
X509Certificate2 certificate = null;
// check if the entire certificate has been specified.
if (m_certificate != null && (!needPrivateKey || m_certificate.HasPrivateKey))
{
certificate = m_certificate;
}
else
{
// open store.
using (ICertificateStore store = CertificateStoreIdentifier.CreateStore(StoreType))
{
store.Open(StorePath, false);
X509Certificate2Collection collection = await store.Enumerate().ConfigureAwait(false);
certificate = Find(collection, m_thumbprint, m_subjectName, needPrivateKey);
if (certificate != null)
{
if (needPrivateKey && store.SupportsLoadPrivateKey)
{
var message = new StringBuilder();
message.AppendLine("Loaded a certificate with private key from store {0}.");
message.AppendLine("Ensure to call LoadPrivateKeyEx with password provider before calling Find(true).");
Utils.LogWarning(message.ToString(), StoreType);
}
m_certificate = certificate;
}
}
}
// use the single instance in the certificate cache.
if (needPrivateKey)
{
certificate = m_certificate = CertificateFactory.Load(certificate, true);
}
return(certificate);
}
public void InitializeSinglePolicy(
Type contractType,
ApplicationConfiguration configuration,
BindingFactory bindingFactory,
EndpointConfiguration endpointConfiguration,
List <EndpointDescription> endpoints,
MessageSecurityMode securityMode,
string securityPolicyUri)
{
// allow any url to match.
System.ServiceModel.ServiceBehaviorAttribute behavoir = this.Description.Behaviors.Find <System.ServiceModel.ServiceBehaviorAttribute>();
behavoir.AddressFilterMode = System.ServiceModel.AddressFilterMode.Any;
// specify service credentials
ServiceCredentials credentials = new ServiceCredentials();
credentials.ClientCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.Custom;
credentials.ClientCertificate.Authentication.TrustedStoreLocation = StoreLocation.LocalMachine;
credentials.ClientCertificate.Authentication.RevocationMode = X509RevocationMode.NoCheck;
credentials.ClientCertificate.Authentication.CustomCertificateValidator = configuration.CertificateValidator.GetChannelValidator();
if (configuration.SecurityConfiguration.ApplicationCertificate != null)
{
X509Certificate2 certificate = configuration.SecurityConfiguration.ApplicationCertificate.Find(true);
if (certificate != null)
{
credentials.ServiceCertificate.Certificate = CertificateFactory.Load(certificate, true);
}
}
this.Description.Behaviors.Add(credentials);
// check if explicitly specified.
ServiceThrottlingBehavior throttle = this.Description.Behaviors.Find <ServiceThrottlingBehavior>();
if (throttle == null)
{
throttle = new ServiceThrottlingBehavior();
throttle.MaxConcurrentCalls = 1000;
throttle.MaxConcurrentInstances = 100;
throttle.MaxConcurrentSessions = 100;
this.Description.Behaviors.Add(throttle);
}
// add the endpoints for each base address.
foreach (Uri baseAddress in this.BaseAddresses)
{
ServiceEndpoint endpoint = null;
// find endpoint configuration.
EndpointDescription description = null;
foreach (EndpointDescription current in endpoints)
{
if (new Uri(current.EndpointUrl) == baseAddress)
{
description = current;
break;
}
}
// skip endpoints without a matching base address.
if (description == null)
{
continue;
}
// set the supported profiles.
description.TransportProfileUri = Profiles.WsHttpXmlOrBinaryTransport;
// create the SOAP XML binding
Binding binding = bindingFactory.Create(baseAddress.Scheme, description, endpointConfiguration);
// add the session endpoint.
endpoint = this.AddServiceEndpoint(contractType, binding, baseAddress, baseAddress);
// set the protection level
if (securityMode == MessageSecurityMode.Sign)
{
endpoint.Contract.ProtectionLevel = System.Net.Security.ProtectionLevel.Sign;
}
// update the max items in graph (set to an low value by default).
foreach (OperationDescription operation in endpoint.Contract.Operations)
{
operation.Behaviors.Find <DataContractSerializerOperationBehavior>().MaxItemsInObjectGraph = Int32.MaxValue;
}
}
}
