public static IEnumerable <X509Certificate> GetSigningCertificates(Uri url, X509CertificateValidationMode mode = X509CertificateValidationMode.None)
{
var certs = new List <X509Certificate2>();
using (var stream = GetMetadataStream(url))
{
var serializer = new MetadataSerializer();
serializer.CertificateValidationMode = mode;
var md = serializer.ReadMetadata(stream);
var ed = md as EntityDescriptor;
var stsd = (SecurityTokenServiceDescriptor)ed.RoleDescriptors.FirstOrDefault(x => x is SecurityTokenServiceDescriptor);
foreach (var key in stsd.Keys)
{
var clause = key.KeyInfo.FirstOrDefault() as X509RawDataKeyIdentifierClause;
if (clause != null)
{
var cert = new X509Certificate2(clause.GetX509RawData());
certs.Add(cert);
}
}
}
return(certs);
}
/// <summary>
/// Basic Http Binding constructor
/// </summary>
/// <param name="username">The UserName username</param>
/// <param name="password">The UserName password</param>
/// <param name="usernameWindows">The Windows ClientCredential username</param>
/// <param name="passwordWindows">The Windows ClientCredential password</param>
/// <param name="clientCertificate">The client x509 certificate.</param>
/// <param name="validationMode">An enumeration that lists the ways of validating a certificate.</param>
/// <param name="x509CertificateValidator">The certificate validator. If null then the certificate is always passed.</param>
public TransferByteClient(
string username = null, string password = null,
string usernameWindows = null, string passwordWindows = null,
X509Certificate2 clientCertificate = null,
X509CertificateValidationMode validationMode = X509CertificateValidationMode.Custom,
X509CertificateValidator x509CertificateValidator = null) :
base(
new Uri(Nequeo.Net.Properties.Settings.Default.TransferClientByteBaseAddress),
new System.ServiceModel.BasicHttpBinding()
{
MaxReceivedMessageSize = Nequeo.Net.Properties.Settings.Default.TransferClientByteMaxReceivedMessageSize,
TransferMode = System.ServiceModel.TransferMode.Buffered,
MaxBufferPoolSize = Nequeo.Net.Properties.Settings.Default.TransferClientByteMaxReceivedMessageSize,
MaxBufferSize = (int)Nequeo.Net.Properties.Settings.Default.TransferClientByteMaxReceivedMessageSize,
ReaderQuotas = new System.Xml.XmlDictionaryReaderQuotas()
{
MaxArrayLength = (int)Nequeo.Net.Properties.Settings.Default.TransferClientByteMaxReceivedMessageSize,
MaxBytesPerRead = (int)Nequeo.Net.Properties.Settings.Default.TransferClientByteMaxReceivedMessageSize,
MaxDepth = (int)Nequeo.Net.Properties.Settings.Default.TransferClientByteMaxReceivedMessageSize,
MaxNameTableCharCount = (int)Nequeo.Net.Properties.Settings.Default.TransferClientByteMaxReceivedMessageSize,
MaxStringContentLength = (int)Nequeo.Net.Properties.Settings.Default.TransferClientByteMaxReceivedMessageSize
}
}, username, password, usernameWindows, passwordWindows, clientCertificate, validationMode, x509CertificateValidator
)
{
// Attach to the async execute complete
// event handler.
base.AsyncExecuteComplete += new Nequeo.Threading.EventHandler <object, bool, System.Exception>(TransferClient_AsyncExecuteComplete);
}
internal static void Validate(X509CertificateValidationMode value)
{
if (!IsDefined(value))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidEnumArgumentException("value", (int)value, typeof(X509CertificateValidationMode)));
}
}
/// <summary>
/// Visits the call.
/// </summary>
/// <param name="destination">The destination.</param>
/// <param name="receiver">The receiver.</param>
/// <param name="callee">The callee.</param>
/// <param name="arguments">The arguments.</param>
/// <param name="isVirtualCall">if set to <c>true</c> [is virtual call].</param>
/// <param name="programContext">The program context.</param>
/// <param name="stateBeforeInstruction">The state before instruction.</param>
/// <param name="stateAfterInstruction">The state after instruction.</param>
public override void VisitCall(
Variable destination,
Variable receiver,
Method callee,
ExpressionList arguments,
bool isVirtualCall,
Microsoft.Fugue.IProgramContext programContext,
Microsoft.Fugue.IExecutionState stateBeforeInstruction,
Microsoft.Fugue.IExecutionState stateAfterInstruction)
{
if ((callee.DeclaringType.GetRuntimeType() == typeof(X509ServiceCertificateAuthentication) ||
callee.DeclaringType.GetRuntimeType() == typeof(X509ClientCertificateAuthentication)) &&
(callee.Name.Name.Equals("set_CertificateValidationMode", StringComparison.InvariantCultureIgnoreCase)))
{
IAbstractValue value = stateBeforeInstruction.Lookup((Variable)arguments[0]);
IIntValue intValue = value.IntValue(stateBeforeInstruction);
if (intValue != null)
{
X509CertificateValidationMode mode = (X509CertificateValidationMode)intValue.Value;
if (mode != X509CertificateValidationMode.ChainTrust)
{
Resolution resolution = base.GetResolution(mode.ToString(),
X509CertificateValidationMode.ChainTrust.ToString());
Problem problem = new Problem(resolution, programContext);
base.Problems.Add(problem);
}
}
}
base.VisitCall(destination, receiver, callee, arguments, isVirtualCall, programContext, stateBeforeInstruction, stateAfterInstruction);
}
//<snippet2>
// This method configures the IssuedTokenAuthentication property of a ServiceHost.
public static void ConfigureIssuedTokenServiceCredentials(
ServiceHost sh, bool allowCardspaceTokens, IList <X509Certificate2> knownissuers,
X509CertificateValidationMode certMode, X509RevocationMode revocationMode, SamlSerializer ser)
{
// Allow CardSpace tokens.
sh.Credentials.IssuedTokenAuthentication.AllowUntrustedRsaIssuers = allowCardspaceTokens;
// Set up known issuer certificates.
foreach (X509Certificate2 cert in knownissuers)
{
sh.Credentials.IssuedTokenAuthentication.KnownCertificates.Add(cert);
}
// Set issuer certificate validation and revocation checking modes.
sh.Credentials.IssuedTokenAuthentication.CertificateValidationMode =
X509CertificateValidationMode.PeerOrChainTrust;
sh.Credentials.IssuedTokenAuthentication.RevocationMode = X509RevocationMode.Online;
sh.Credentials.IssuedTokenAuthentication.TrustedStoreLocation = StoreLocation.LocalMachine;
// Set the SamlSerializer, if one is specified.
if (ser != null)
{
sh.Credentials.IssuedTokenAuthentication.SamlSerializer = ser;
}
}
internal X509ClientCertificateAuthentication()
{
this.certificateValidationMode = X509CertificateValidationMode.ChainTrust;
this.revocationMode = X509RevocationMode.Online;
this.trustedStoreLocation = StoreLocation.LocalMachine;
this.includeWindowsGroups = true;
}
void IChannelCredentials.SetServiceCertificateAuthentication(string storeLocation, string revocationMode, string certificationValidationMode)
{
lock (channelBuilderSettings)
{
StoreLocation location = (StoreLocation)Enum.Parse(typeof(StoreLocation), storeLocation);
X509RevocationMode mode = (X509RevocationMode)Enum.Parse(typeof(X509RevocationMode), revocationMode);
X509CertificateValidationMode validationMode = X509ServiceCertificateAuthentication.DefaultCertificateValidationMode;
if (!String.IsNullOrEmpty(certificationValidationMode))
{
validationMode = (X509CertificateValidationMode)Enum.Parse(typeof(X509CertificateValidationMode), certificationValidationMode);
}
KeyedByTypeCollection <IEndpointBehavior> behaviors = channelBuilderSettings.Behaviors;
ClientCredentials channelCredentials = behaviors.Find <ClientCredentials>();
if (channelCredentials == null)
{
channelCredentials = new ClientCredentials();
behaviors.Add(channelCredentials);
}
channelCredentials.ServiceCertificate.Authentication.TrustedStoreLocation = location;
channelCredentials.ServiceCertificate.Authentication.RevocationMode = mode;
channelCredentials.ServiceCertificate.Authentication.CertificateValidationMode = validationMode;
}
}
internal X509ClientCertificateAuthentication()
{
this.certificateValidationMode = X509CertificateValidationMode.ChainTrust;
this.revocationMode = X509RevocationMode.Online;
this.trustedStoreLocation = StoreLocation.LocalMachine;
this.includeWindowsGroups = true;
}
/// <summary>
/// Transport security NetTcp binding constructor.
/// </summary>
/// <param name="endPointAddress">The endpoint address to connect to.</param>
/// <param name="tcpClientCredentialType">The secure tcp client credential type</param>
/// <param name="username">The UserName username</param>
/// <param name="password">The UserName password</param>
/// <param name="usernameWindows">The Windows ClientCredential username</param>
/// <param name="passwordWindows">The Windows ClientCredential password</param>
/// <param name="clientCertificate">The client x509 certificate.</param>
/// <param name="validationMode">An enumeration that lists the ways of validating a certificate.</param>
/// <param name="x509CertificateValidator">The certificate validator. If null then the certificate is always passed.</param>
public TransferClient(string endPointAddress, System.ServiceModel.TcpClientCredentialType tcpClientCredentialType,
string username = null, string password = null,
string usernameWindows = null, string passwordWindows = null,
X509Certificate2 clientCertificate = null,
X509CertificateValidationMode validationMode = X509CertificateValidationMode.Custom,
X509CertificateValidator x509CertificateValidator = null) :
base(
new Uri(endPointAddress),
new System.ServiceModel.NetTcpBinding()
{
MaxReceivedMessageSize = Nequeo.Net.Properties.Settings.Default.TransferClientMaxReceivedMessageSize,
MaxBufferSize = (int)Nequeo.Net.Properties.Settings.Default.TransferClientMaxReceivedMessageSize,
TransferMode = System.ServiceModel.TransferMode.Buffered,
Security = new System.ServiceModel.NetTcpSecurity()
{
Mode = System.ServiceModel.SecurityMode.Transport,
Transport = new System.ServiceModel.TcpTransportSecurity()
{
ClientCredentialType = tcpClientCredentialType
}
}
}, username, password, usernameWindows, passwordWindows, clientCertificate, validationMode, x509CertificateValidator
)
{
// Attach to the async execute complete
// event handler.
base.AsyncExecuteComplete += new Nequeo.Threading.EventHandler <object, bool, System.Exception>(TransferClient_AsyncExecuteComplete);
}
/// <summary>
/// Basic Http Binding constructor
/// </summary>
/// <param name="username">The UserName username</param>
/// <param name="password">The UserName password</param>
/// <param name="usernameWindows">The Windows ClientCredential username</param>
/// <param name="passwordWindows">The Windows ClientCredential password</param>
/// <param name="clientCertificate">The client x509 certificate.</param>
/// <param name="validationMode">An enumeration that lists the ways of validating a certificate.</param>
/// <param name="x509CertificateValidator">The certificate validator. If null then the certificate is always passed.</param>
public MessageClient(
string username = null, string password = null,
string usernameWindows = null, string passwordWindows = null,
X509Certificate2 clientCertificate = null,
X509CertificateValidationMode validationMode = X509CertificateValidationMode.Custom,
X509CertificateValidator x509CertificateValidator = null) :
base(
new Uri(Nequeo.Net.Properties.Settings.Default.MessageClientBaseAddress),
new System.ServiceModel.BasicHttpBinding()
{
MaxReceivedMessageSize = Nequeo.Net.Properties.Settings.Default.MessageClientMaxReceivedMessageSize,
TransferMode = System.ServiceModel.TransferMode.Buffered,
MaxBufferPoolSize = Nequeo.Net.Properties.Settings.Default.MessageClientMaxReceivedMessageSize,
MaxBufferSize = (int)Nequeo.Net.Properties.Settings.Default.MessageClientMaxReceivedMessageSize,
ReaderQuotas = new System.Xml.XmlDictionaryReaderQuotas()
{
MaxArrayLength = (int)Nequeo.Net.Properties.Settings.Default.MessageClientMaxReceivedMessageSize,
MaxBytesPerRead = (int)Nequeo.Net.Properties.Settings.Default.MessageClientMaxReceivedMessageSize,
MaxDepth = (int)Nequeo.Net.Properties.Settings.Default.MessageClientMaxReceivedMessageSize,
MaxNameTableCharCount = (int)Nequeo.Net.Properties.Settings.Default.MessageClientMaxReceivedMessageSize,
MaxStringContentLength = (int)Nequeo.Net.Properties.Settings.Default.MessageClientMaxReceivedMessageSize
}
}, username, password, usernameWindows, passwordWindows, clientCertificate, validationMode, x509CertificateValidator
)
{
// Start the async control.
_asyncAccount = new Nequeo.Threading.AsyncExecutionHandler <MessageClient>();
_asyncAccount.AsyncError += new Threading.EventHandler <Exception>(_asyncAccount_AsyncError);
_asyncAccount.AsyncComplete += new Threading.EventHandler <object, string>(_asyncAccount_AsyncComplete);
_asyncAccount.InitiliseAsyncInstance(this);
}
internal static void Validate(X509CertificateValidationMode value)
{
if (!IsDefined(value))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidEnumArgumentException("value", (int) value, typeof(X509CertificateValidationMode)));
}
}
public static IEnumerable<X509Certificate> GetSigningCertificates(Uri url, X509CertificateValidationMode mode = X509CertificateValidationMode.None)
{
var certs = new List<X509Certificate2>();
using (var stream = GetMetadataStream(url))
{
var serializer = new MetadataSerializer();
serializer.CertificateValidationMode = mode;
var md = serializer.ReadMetadata(stream);
var ed = md as EntityDescriptor;
var stsd = (SecurityTokenServiceDescriptor)ed.RoleDescriptors.FirstOrDefault(x => x is SecurityTokenServiceDescriptor);
foreach (var key in stsd.Keys)
{
var clause = key.KeyInfo.FirstOrDefault() as X509RawDataKeyIdentifierClause;
if (clause != null)
{
var cert = new X509Certificate2(clause.GetX509RawData());
certs.Add(cert);
}
}
}
return certs;
}
internal X509ServiceCertificateAuthentication(X509ServiceCertificateAuthentication other)
{
this.certificateValidationMode = other.certificateValidationMode;
this.customCertificateValidator = other.customCertificateValidator;
this.revocationMode = other.revocationMode;
this.trustedStoreLocation = other.trustedStoreLocation;
this.isReadOnly = other.isReadOnly;
}
internal X509ServiceCertificateAuthentication(X509ServiceCertificateAuthentication other)
{
_certificateValidationMode = other._certificateValidationMode;
_customCertificateValidator = other._customCertificateValidator;
_revocationMode = other._revocationMode;
_trustedStoreLocation = other._trustedStoreLocation;
_isReadOnly = other._isReadOnly;
}
internal X509PeerCertificateAuthentication(X509PeerCertificateAuthentication other)
{
this.certificateValidationMode = other.certificateValidationMode;
this.customCertificateValidator = other.customCertificateValidator;
this.revocationMode = other.revocationMode;
this.trustedStoreLocation = other.trustedStoreLocation;
this.isReadOnly = other.isReadOnly;
}
public static bool IsDefined(X509CertificateValidationMode validationMode)
{
return validationMode == X509CertificateValidationMode.None
|| validationMode == X509CertificateValidationMode.PeerTrust
|| validationMode == X509CertificateValidationMode.ChainTrust
|| validationMode == X509CertificateValidationMode.PeerOrChainTrust
|| validationMode == X509CertificateValidationMode.Custom;
}
public static bool IsDefined(X509CertificateValidationMode validationMode)
{
return(validationMode == X509CertificateValidationMode.None ||
validationMode == X509CertificateValidationMode.PeerTrust ||
validationMode == X509CertificateValidationMode.ChainTrust ||
validationMode == X509CertificateValidationMode.PeerOrChainTrust ||
validationMode == X509CertificateValidationMode.Custom);
}
public static bool IsDefined(X509CertificateValidationMode validationMode)
{
if (((validationMode != X509CertificateValidationMode.None) && (validationMode != X509CertificateValidationMode.PeerTrust)) && ((validationMode != X509CertificateValidationMode.ChainTrust) && (validationMode != X509CertificateValidationMode.PeerOrChainTrust)))
{
return (validationMode == X509CertificateValidationMode.Custom);
}
return true;
}
internal X509ServiceCertificateAuthentication(X509ServiceCertificateAuthentication other)
{
_certificateValidationMode = other._certificateValidationMode;
_customCertificateValidator = other._customCertificateValidator;
_revocationMode = other._revocationMode;
_trustedStoreLocation = other._trustedStoreLocation;
_isReadOnly = other._isReadOnly;
}
public static bool IsDefined(X509CertificateValidationMode validationMode)
{
if (((validationMode != X509CertificateValidationMode.None) && (validationMode != X509CertificateValidationMode.PeerTrust)) && ((validationMode != X509CertificateValidationMode.ChainTrust) && (validationMode != X509CertificateValidationMode.PeerOrChainTrust)))
{
return(validationMode == X509CertificateValidationMode.Custom);
}
return(true);
}
internal IssuedTokenServiceCredential()
{
this.audienceUriMode = System.IdentityModel.Selectors.AudienceUriMode.Always;
this.certificateValidationMode = X509CertificateValidationMode.ChainTrust;
this.revocationMode = X509RevocationMode.Online;
this.trustedStoreLocation = StoreLocation.LocalMachine;
this.allowedAudienceUris = new List <string>();
this.knownCertificates = new List <X509Certificate2>();
}
internal X509ClientCertificateAuthentication(X509ClientCertificateAuthentication other)
{
this.certificateValidationMode = other.certificateValidationMode;
this.customCertificateValidator = other.customCertificateValidator;
this.includeWindowsGroups = other.includeWindowsGroups;
this.mapClientCertificateToWindowsAccount = other.mapClientCertificateToWindowsAccount;
this.trustedStoreLocation = other.trustedStoreLocation;
this.revocationMode = other.revocationMode;
this.isReadOnly = other.isReadOnly;
}
internal X509ClientCertificateAuthentication(X509ClientCertificateAuthentication other)
{
_certificateValidationMode = other._certificateValidationMode;
_customCertificateValidator = other._customCertificateValidator;
_includeWindowsGroups = other._includeWindowsGroups;
_mapClientCertificateToWindowsAccount = other._mapClientCertificateToWindowsAccount;
_trustedStoreLocation = other._trustedStoreLocation;
_revocationMode = other._revocationMode;
_isReadOnly = other._isReadOnly;
}
internal X509ClientCertificateAuthentication(X509ClientCertificateAuthentication other)
{
this.certificateValidationMode = other.certificateValidationMode;
this.customCertificateValidator = other.customCertificateValidator;
this.includeWindowsGroups = other.includeWindowsGroups;
this.mapClientCertificateToWindowsAccount = other.mapClientCertificateToWindowsAccount;
this.trustedStoreLocation = other.trustedStoreLocation;
this.revocationMode = other.revocationMode;
this.isReadOnly = other.isReadOnly;
}
public RemoteServiceProviderArgs(
string baseUrl,
string configurationClassName,
int maxReceivedMessageSize,
X509CertificateValidationMode certificateValidationMode,
X509RevocationMode revocationMode)
: this(baseUrl, null, configurationClassName, maxReceivedMessageSize, certificateValidationMode,
revocationMode, null)
{
}
internal X509PeerCertificateAuthentication(X509PeerCertificateAuthentication other)
{
this.certificateValidationMode = X509CertificateValidationMode.PeerOrChainTrust;
this.revocationMode = X509RevocationMode.Online;
this.trustedStoreLocation = StoreLocation.CurrentUser;
this.certificateValidationMode = other.certificateValidationMode;
this.customCertificateValidator = other.customCertificateValidator;
this.revocationMode = other.revocationMode;
this.trustedStoreLocation = other.trustedStoreLocation;
this.isReadOnly = other.isReadOnly;
}
internal X509ServiceCertificateAuthentication(X509ServiceCertificateAuthentication other)
{
this.certificateValidationMode = X509CertificateValidationMode.ChainTrust;
this.revocationMode = X509RevocationMode.Online;
this.trustedStoreLocation = StoreLocation.CurrentUser;
this.certificateValidationMode = other.certificateValidationMode;
this.customCertificateValidator = other.customCertificateValidator;
this.revocationMode = other.revocationMode;
this.trustedStoreLocation = other.trustedStoreLocation;
this.isReadOnly = other.isReadOnly;
}
/// <summary>
/// Default constructor
/// </summary>
/// <param name="endPointAddress">The specific end point address</param>
/// <param name="binding">Contains the binding elements that specify the protocols,
/// transports, and message encoders used for communication between clients and services.</param>
/// <param name="username">The UserName username</param>
/// <param name="password">The UserName password</param>
/// <param name="usernameWindows">The Windows ClientCredential username</param>
/// <param name="passwordWindows">The Windows ClientCredential password</param>
/// <param name="clientCertificate">The client x509 certificate.</param>
/// <param name="validationMode">An enumeration that lists the ways of validating a certificate.</param>
/// <param name="x509CertificateValidator">The certificate validator. If null then the certificate is always passed.</param>
public Client(string endPointAddress, System.ServiceModel.WebHttpBinding binding,
string username = null, string password = null,
string usernameWindows = null, string passwordWindows = null,
X509Certificate2 clientCertificate = null,
X509CertificateValidationMode validationMode = X509CertificateValidationMode.Custom,
X509CertificateValidator x509CertificateValidator = null) :
base(
new Uri(endPointAddress), binding,
username, password, usernameWindows, passwordWindows, clientCertificate, validationMode, x509CertificateValidator)
{
OnCreated();
}
/// <summary>
/// Default constructor
/// </summary>
/// <param name="username">The UserName username</param>
/// <param name="password">The UserName password</param>
/// <param name="usernameWindows">The Windows ClientCredential username</param>
/// <param name="passwordWindows">The Windows ClientCredential password</param>
/// <param name="clientCertificate">The client x509 certificate.</param>
/// <param name="validationMode">An enumeration that lists the ways of validating a certificate.</param>
/// <param name="x509CertificateValidator">The certificate validator. If null then the certificate is always passed.</param>
/// <remarks>
/// Represents an interoperable binding that supports distributed transactions
/// and secure, reliable sessions (WSHttpBinding binding).
/// </remarks>
public Client(string username = null, string password = null,
string usernameWindows = null, string passwordWindows = null,
X509Certificate2 clientCertificate = null,
X509CertificateValidationMode validationMode = X509CertificateValidationMode.Custom,
X509CertificateValidator x509CertificateValidator = null) :
base(
new Uri(Nequeo.Management.ServiceModel.Properties.Settings.Default.ServiceAddress),
new System.ServiceModel.WSHttpBinding(),
username, password, usernameWindows, passwordWindows, clientCertificate, validationMode, x509CertificateValidator)
{
OnCreated();
}
internal IssuedTokenServiceCredential(IssuedTokenServiceCredential other)
{
_audienceUriMode = other._audienceUriMode;
_allowedAudienceUris = new List <string>(other._allowedAudienceUris);
_samlSerializer = other._samlSerializer;
_knownCertificates = new List <X509Certificate2>(other._knownCertificates);
_certificateValidationMode = other._certificateValidationMode;
_customCertificateValidator = other._customCertificateValidator;
_trustedStoreLocation = other._trustedStoreLocation;
_revocationMode = other._revocationMode;
_allowUntrustedRsaIssuers = other._allowUntrustedRsaIssuers;
_isReadOnly = other._isReadOnly;
}
internal IssuedTokenServiceCredential(IssuedTokenServiceCredential other)
{
this.audienceUriMode = other.audienceUriMode;
this.allowedAudienceUris = new List <string>(other.allowedAudienceUris);
this.samlSerializer = other.samlSerializer;
this.knownCertificates = new List <X509Certificate2>(other.knownCertificates);
this.certificateValidationMode = other.certificateValidationMode;
this.customCertificateValidator = other.customCertificateValidator;
this.trustedStoreLocation = other.trustedStoreLocation;
this.revocationMode = other.revocationMode;
this.allowUntrustedRsaIssuers = other.allowUntrustedRsaIssuers;
this.isReadOnly = other.isReadOnly;
}
internal IssuedTokenServiceCredential(IssuedTokenServiceCredential other)
{
this.audienceUriMode = other.audienceUriMode;
this.allowedAudienceUris = new List<string>(other.allowedAudienceUris);
this.samlSerializer = other.samlSerializer;
this.knownCertificates = new List<X509Certificate2>(other.knownCertificates);
this.certificateValidationMode = other.certificateValidationMode;
this.customCertificateValidator = other.customCertificateValidator;
this.trustedStoreLocation = other.trustedStoreLocation;
this.revocationMode = other.revocationMode;
this.allowUntrustedRsaIssuers = other.allowUntrustedRsaIssuers;
this.isReadOnly = other.isReadOnly;
}
public ServiceChannelConfigurationArgs(
Type channelFactoryClass,
Uri serviceUri,
bool authenticationRequired,
int maxReceivedMessageSize,
X509CertificateValidationMode certificateValidationMode,
X509RevocationMode revocationMode)
{
this.ChannelFactoryClass = channelFactoryClass;
this.ServiceUri = serviceUri;
this.AuthenticationRequired = authenticationRequired;
this.MaxReceivedMessageSize = maxReceivedMessageSize;
this.CertificateValidationMode = certificateValidationMode;
this.RevocationMode = revocationMode;
}
/// <summary>
/// Default constructor
/// </summary>
/// <param name="endPointAddress">The endpoint address to connect to.</param>
/// <param name="binding">The endpoint binding.</param>
/// <param name="username">The UserName username</param>
/// <param name="password">The UserName password</param>
/// <param name="usernameWindows">The Windows ClientCredential username</param>
/// <param name="passwordWindows">The Windows ClientCredential password</param>
/// <param name="clientCertificate">The client x509 certificate.</param>
/// <param name="validationMode">An enumeration that lists the ways of validating a certificate.</param>
/// <param name="x509CertificateValidator">The certificate validator. If null then the certificate is always passed.</param>
public TransferByteClient(string endPointAddress, System.ServiceModel.Channels.Binding binding,
string username = null, string password = null,
string usernameWindows = null, string passwordWindows = null,
X509Certificate2 clientCertificate = null,
X509CertificateValidationMode validationMode = X509CertificateValidationMode.Custom,
X509CertificateValidator x509CertificateValidator = null) :
base(
new Uri(endPointAddress),
binding, username, password, usernameWindows, passwordWindows, clientCertificate, validationMode, x509CertificateValidator
)
{
// Attach to the async execute complete
// event handler.
base.AsyncExecuteComplete += new Nequeo.Threading.EventHandler <object, bool, System.Exception>(TransferClient_AsyncExecuteComplete);
}
public ServiceChannelConfigurationArgs(
Type channelFactoryClass,
Uri serviceUri,
bool authenticationRequired,
int maxReceivedMessageSize,
X509CertificateValidationMode certificateValidationMode,
X509RevocationMode revocationMode)
{
this.ChannelFactoryClass = channelFactoryClass;
this.ServiceUri = serviceUri;
this.AuthenticationRequired = authenticationRequired;
this.MaxReceivedMessageSize = maxReceivedMessageSize;
this.CertificateValidationMode = certificateValidationMode;
this.RevocationMode = revocationMode;
}
public ExpectedJwtSecurityTokenRequirement
(
uint? tokenSize = null, Int32? clock = null, uint? life = null, X509CertificateValidator cert = null, string name = JwtConstants.ReservedClaims.Sub, string role = null, X509RevocationMode? revMode = null, X509CertificateValidationMode? certMode = null, StoreLocation? storeLoc = null, ExpectedException expectedException = null,
string handler = JwtSecurityTokenHandlerType, string requirement = Elements.JwtSecurityTokenRequirement,
string attributeEx1 = "", string attributeEx2 = "", string attributeEx3 = "", string attributeEx4 = "",
string elementEx1 = comment, string elementEx2 = comment, string elementEx3 = comment, string elementEx4 = comment, string elementEx5 = comment, string elementEx6 = comment,
string elementClose = closeRequirement
)
{
MaxTokenSizeInBytes = tokenSize;
NameClaimType = name;
RoleClaimType = role;
CertValidator = cert;
ClockSkewInSeconds = clock;
DefaultTokenLifetimeInMinutes = life;
CertRevocationMode = revMode;
CertValidationMode = certMode;
CertStoreLocation = storeLoc;
ExpectedException = expectedException ?? ExpectedException.NoExceptionExpected;
string[] sParams =
{
handler,
requirement,
CertRevocationMode == null ? string.Empty : Attribute( Attributes.RevocationMode, CertRevocationMode.Value.ToString() ),
attributeEx1,
CertValidationMode == null ? string.Empty : Attribute( Attributes.ValidationMode, CertValidationMode.Value.ToString() ),
attributeEx2,
CertValidator == null ? string.Empty : Attribute( Attributes.Validator, CertValidator.GetType().ToString() +", System.IdentityModel.Tokens.Jwt.Tests" ),
attributeEx3,
CertStoreLocation == null ? string.Empty : Attribute( Attributes.TrustedStoreLocation, CertStoreLocation.ToString() ),
attributeEx4,
elementEx1,
ClockSkewInSeconds == null ? string.Empty : ElementValue( Elements.MaxClockSkewInMinutes, ClockSkewInSeconds.Value.ToString() ),
elementEx2,
MaxTokenSizeInBytes == null ? string.Empty : ElementValue( Elements.MaxTokenSizeInBytes, MaxTokenSizeInBytes.Value.ToString() ),
elementEx3,
DefaultTokenLifetimeInMinutes == null ? string.Empty : ElementValue( Elements.DefaultTokenLifetimeInMinutes, DefaultTokenLifetimeInMinutes.Value.ToString() ),
elementEx4,
NameClaimType == null ? string.Empty : ElementValue( Elements.NameClaimType, NameClaimType ),
elementEx5,
RoleClaimType == null ? string.Empty : ElementValue( Elements.RoleClaimType, RoleClaimType ),
elementEx6,
elementClose,
};
Config = string.Format(ElementTemplate, sParams);
}
public ServiceChannelConfigurationArgs(
Type channelFactoryClass,
Uri serviceUri,
bool authenticationRequired,
long maxReceivedMessageSize,
X509CertificateValidationMode certificateValidationMode,
X509RevocationMode revocationMode)
{
this.ChannelFactoryClass = channelFactoryClass;
this.ServiceUri = serviceUri;
this.AuthenticationRequired = authenticationRequired;
this.MaxReceivedMessageSize = maxReceivedMessageSize;
this.CertificateValidationMode = certificateValidationMode;
this.RevocationMode = revocationMode;
this.SendTimeoutSeconds = 0;
this.TransferMode = TransferMode.Buffered;
}
public ServiceChannelConfigurationArgs(
Type channelFactoryClass,
Uri serviceUri,
bool authenticationRequired,
long maxReceivedMessageSize,
X509CertificateValidationMode certificateValidationMode,
X509RevocationMode revocationMode)
{
this.ChannelFactoryClass = channelFactoryClass;
this.ServiceUri = serviceUri;
this.AuthenticationRequired = authenticationRequired;
this.MaxReceivedMessageSize = maxReceivedMessageSize;
this.CertificateValidationMode = certificateValidationMode;
this.RevocationMode = revocationMode;
this.SendTimeoutSeconds = 0;
this.TransferMode = TransferMode.Buffered;
}
public X509CertificateValidatorEx(
X509CertificateValidationMode certificateValidationMode,
X509RevocationMode revocationMode,
StoreLocation trustedStoreLocation)
{
this.certificateValidationMode = certificateValidationMode;
switch (this.certificateValidationMode)
{
case X509CertificateValidationMode.None:
{
this.validator = X509CertificateValidator.None;
break;
}
case X509CertificateValidationMode.PeerTrust:
{
this.validator = X509CertificateValidator.PeerTrust;
break;
}
case X509CertificateValidationMode.ChainTrust:
{
bool useMachineContext = trustedStoreLocation == StoreLocation.LocalMachine;
this.chainPolicy = new X509ChainPolicy();
this.chainPolicy.RevocationMode = revocationMode;
this.validator = X509CertificateValidator.CreateChainTrustValidator(useMachineContext, this.chainPolicy);
break;
}
case X509CertificateValidationMode.PeerOrChainTrust:
{
bool useMachineContext = trustedStoreLocation == StoreLocation.LocalMachine;
this.chainPolicy = new X509ChainPolicy();
this.chainPolicy.RevocationMode = revocationMode;
this.validator = X509CertificateValidator.CreatePeerOrChainTrustValidator(useMachineContext, this.chainPolicy);
break;
}
case X509CertificateValidationMode.Custom:
default:
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.ID4256)));
}
}
internal IssuedTokenServiceCredential(IssuedTokenServiceCredential other)
{
this.audienceUriMode = System.IdentityModel.Selectors.AudienceUriMode.Always;
this.certificateValidationMode = X509CertificateValidationMode.ChainTrust;
this.revocationMode = X509RevocationMode.Online;
this.trustedStoreLocation = StoreLocation.LocalMachine;
this.audienceUriMode = other.audienceUriMode;
this.allowedAudienceUris = new List <string>(other.allowedAudienceUris);
this.samlSerializer = other.samlSerializer;
this.knownCertificates = new List <X509Certificate2>(other.knownCertificates);
this.certificateValidationMode = other.certificateValidationMode;
this.customCertificateValidator = other.customCertificateValidator;
this.trustedStoreLocation = other.trustedStoreLocation;
this.revocationMode = other.revocationMode;
this.allowUntrustedRsaIssuers = other.allowUntrustedRsaIssuers;
this.isReadOnly = other.isReadOnly;
}
public X509CertificateValidatorEx(
X509CertificateValidationMode certificateValidationMode,
X509RevocationMode revocationMode,
StoreLocation trustedStoreLocation)
{
this.certificateValidationMode = certificateValidationMode;
switch (this.certificateValidationMode)
{
case X509CertificateValidationMode.None:
{
this.validator = X509CertificateValidator.None;
break;
}
case X509CertificateValidationMode.PeerTrust:
{
this.validator = X509CertificateValidator.PeerTrust;
break;
}
case X509CertificateValidationMode.ChainTrust:
{
bool useMachineContext = trustedStoreLocation == StoreLocation.LocalMachine;
this.chainPolicy = new X509ChainPolicy();
this.chainPolicy.RevocationMode = revocationMode;
this.validator = X509CertificateValidator.CreateChainTrustValidator(useMachineContext, this.chainPolicy);
break;
}
case X509CertificateValidationMode.PeerOrChainTrust:
{
bool useMachineContext = trustedStoreLocation == StoreLocation.LocalMachine;
this.chainPolicy = new X509ChainPolicy();
this.chainPolicy.RevocationMode = revocationMode;
this.validator = X509CertificateValidator.CreatePeerOrChainTrustValidator(useMachineContext, this.chainPolicy);
break;
}
case X509CertificateValidationMode.Custom:
default:
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.ID4256)));
}
}
private static X509CertificateValidator ReadCertificateValidator(X509CertificateValidationMode mode)
{
switch (mode)
{
case X509CertificateValidationMode.None:
return(X509CertificateValidator.None);
case X509CertificateValidationMode.ChainTrust:
return(X509CertificateValidator.ChainTrust);
case X509CertificateValidationMode.PeerTrust:
return(X509CertificateValidator.PeerTrust);
case X509CertificateValidationMode.PeerOrChainTrust:
return(X509CertificateValidator.PeerOrChainTrust);
}
throw new ConfigurationErrorsException(string.Format("Certificate validation mode {0} not supported", mode));
}
public MetadataBasedIssuerNameRegistry(
Uri metadataAddress,
string issuerName,
X509CertificateValidationMode mode = X509CertificateValidationMode.None,
bool lazyLoad = false)
{
if (metadataAddress == null) throw new ArgumentNullException("metadataAddress");
if (String.IsNullOrWhiteSpace(issuerName)) throw new ArgumentNullException("issuerName");
this.metadataAddress = metadataAddress;
this.issuerName = issuerName;
this.mode = mode;
if (!lazyLoad)
{
LoadMetadata();
}
}
/// <summary>
/// Default constructor
/// </summary>
/// <param name="endPointAddress">The endpoint address to connect to.</param>
/// <param name="binding">The endpoint binding.</param>
/// <param name="username">The UserName username</param>
/// <param name="password">The UserName password</param>
/// <param name="usernameWindows">The Windows ClientCredential username</param>
/// <param name="passwordWindows">The Windows ClientCredential password</param>
/// <param name="clientCertificate">The client x509 certificate.</param>
/// <param name="validationMode">An enumeration that lists the ways of validating a certificate.</param>
/// <param name="x509CertificateValidator">The certificate validator. If null then the certificate is always passed.</param>
public MessageClient(string endPointAddress, System.ServiceModel.Channels.Binding binding,
string username = null, string password = null,
string usernameWindows = null, string passwordWindows = null,
X509Certificate2 clientCertificate = null,
X509CertificateValidationMode validationMode = X509CertificateValidationMode.Custom,
X509CertificateValidator x509CertificateValidator = null) :
base(
new Uri(endPointAddress),
binding,
username, password, usernameWindows, passwordWindows, clientCertificate, validationMode, x509CertificateValidator
)
{
// Start the async control.
_asyncAccount = new Nequeo.Threading.AsyncExecutionHandler <MessageClient>();
_asyncAccount.AsyncError += new Threading.EventHandler <Exception>(_asyncAccount_AsyncError);
_asyncAccount.AsyncComplete += new Threading.EventHandler <object, string>(_asyncAccount_AsyncComplete);
_asyncAccount.InitiliseAsyncInstance(this);
}
/// <summary>
/// Initializes a new instance of the
/// <see cref="FormattingServiceConfig" />
/// class.
/// </summary>
/// <param name="serviceUri">The service's URI</param>
/// <param name="serviceCertificate">The service certificate name or file path</param>
/// <param name="clientCertificate">The client certificate</param>
/// <param name="certificateValidationMode">The certificate validation mode</param>
/// <param name="doTrustAllCertificates">A value indicating whether all certificates shall be trusted or not</param>
public FormattingServiceConfig(
Uri uri,
string serviceCertificate,
string clientCertificate,
X509CertificateValidationMode certificateValidationMode = X509CertificateValidationMode.ChainTrust,
bool doTrustAllCertificates = false
)
{
Uri serviceUri = new Uri("https://cpprod.skidata.net:10232/");
this.ServiceUri = serviceUri;
//this.Username = username;
////this.Password = password;
this.ClientCertificate = "ISRA";
this.ServiceCertificate = "C:\\CERTIFICAT\\Format.Service_server.cer";
this.CertificateValidationMode = certificateValidationMode;
this.DoTrustAllCertificates = doTrustAllCertificates;
}
public X509CertificateValidatorEx(X509CertificateValidationMode certificateValidationMode, X509RevocationMode revocationMode, StoreLocation trustedStoreLocation)
{
this.certificateValidationMode = certificateValidationMode;
switch (this.certificateValidationMode)
{
case X509CertificateValidationMode.None:
{
this.validator = X509CertificateValidator.None;
break;
}
case X509CertificateValidationMode.PeerTrust:
{
this.validator = X509CertificateValidator.PeerTrust;
break;
}
case X509CertificateValidationMode.ChainTrust:
{
bool useMachineContext = trustedStoreLocation == StoreLocation.LocalMachine;
this.chainPolicy = new X509ChainPolicy();
this.chainPolicy.RevocationMode = revocationMode;
this.validator = X509CertificateValidator.CreateChainTrustValidator(useMachineContext, this.chainPolicy);
break;
}
case X509CertificateValidationMode.PeerOrChainTrust:
{
bool useMachineContext = trustedStoreLocation == StoreLocation.LocalMachine;
this.chainPolicy = new X509ChainPolicy();
this.chainPolicy.RevocationMode = revocationMode;
this.validator = X509CertificateValidator.CreatePeerOrChainTrustValidator(useMachineContext, this.chainPolicy);
break;
}
default:
throw new InvalidOperationException(string.Format(CultureInfo.InvariantCulture, ErrorMessages.IDX10637, this.certificateValidationMode));
}
}
internal X509ServiceCertificateAuthentication()
{
this.certificateValidationMode = X509CertificateValidationMode.ChainTrust;
this.revocationMode = X509RevocationMode.Online;
this.trustedStoreLocation = StoreLocation.CurrentUser;
}
protected virtual X509CertificateValidator GetCertificateValidator(X509CertificateValidationMode x509CertificateValidationMode)
{
//setup the right validator (only validates the credential of the certificate used to sign, not the certificate itself or the signature)
switch (x509CertificateValidationMode)
{
case X509CertificateValidationMode.ChainTrust:
return X509CertificateValidator.ChainTrust;
case X509CertificateValidationMode.PeerTrust:
return X509CertificateValidator.PeerTrust;
case X509CertificateValidationMode.PeerOrChainTrust:
return X509CertificateValidator.PeerOrChainTrust;
case X509CertificateValidationMode.None:
return X509CertificateValidator.None;
case X509CertificateValidationMode.Custom:
throw new ArgumentException("Custom Certificate Validation Mode is not supported by the SAML Plugin");
//we could expose a custom plugin type and try to load it here
}
throw new ArgumentException("Selected Certificate Validation Mode is not supported by the SAML Plugin");
}
