public static IEnumerable <X509Certificate> GetSigningCertificates(Uri url, X509CertificateValidationMode mode = X509CertificateValidationMode.None) { var certs = new List <X509Certificate2>(); using (var stream = GetMetadataStream(url)) { var serializer = new MetadataSerializer(); serializer.CertificateValidationMode = mode; var md = serializer.ReadMetadata(stream); var ed = md as EntityDescriptor; var stsd = (SecurityTokenServiceDescriptor)ed.RoleDescriptors.FirstOrDefault(x => x is SecurityTokenServiceDescriptor); foreach (var key in stsd.Keys) { var clause = key.KeyInfo.FirstOrDefault() as X509RawDataKeyIdentifierClause; if (clause != null) { var cert = new X509Certificate2(clause.GetX509RawData()); certs.Add(cert); } } } return(certs); }
/// <summary> /// Basic Http Binding constructor /// </summary> /// <param name="username">The UserName username</param> /// <param name="password">The UserName password</param> /// <param name="usernameWindows">The Windows ClientCredential username</param> /// <param name="passwordWindows">The Windows ClientCredential password</param> /// <param name="clientCertificate">The client x509 certificate.</param> /// <param name="validationMode">An enumeration that lists the ways of validating a certificate.</param> /// <param name="x509CertificateValidator">The certificate validator. If null then the certificate is always passed.</param> public TransferByteClient( string username = null, string password = null, string usernameWindows = null, string passwordWindows = null, X509Certificate2 clientCertificate = null, X509CertificateValidationMode validationMode = X509CertificateValidationMode.Custom, X509CertificateValidator x509CertificateValidator = null) : base( new Uri(Nequeo.Net.Properties.Settings.Default.TransferClientByteBaseAddress), new System.ServiceModel.BasicHttpBinding() { MaxReceivedMessageSize = Nequeo.Net.Properties.Settings.Default.TransferClientByteMaxReceivedMessageSize, TransferMode = System.ServiceModel.TransferMode.Buffered, MaxBufferPoolSize = Nequeo.Net.Properties.Settings.Default.TransferClientByteMaxReceivedMessageSize, MaxBufferSize = (int)Nequeo.Net.Properties.Settings.Default.TransferClientByteMaxReceivedMessageSize, ReaderQuotas = new System.Xml.XmlDictionaryReaderQuotas() { MaxArrayLength = (int)Nequeo.Net.Properties.Settings.Default.TransferClientByteMaxReceivedMessageSize, MaxBytesPerRead = (int)Nequeo.Net.Properties.Settings.Default.TransferClientByteMaxReceivedMessageSize, MaxDepth = (int)Nequeo.Net.Properties.Settings.Default.TransferClientByteMaxReceivedMessageSize, MaxNameTableCharCount = (int)Nequeo.Net.Properties.Settings.Default.TransferClientByteMaxReceivedMessageSize, MaxStringContentLength = (int)Nequeo.Net.Properties.Settings.Default.TransferClientByteMaxReceivedMessageSize } }, username, password, usernameWindows, passwordWindows, clientCertificate, validationMode, x509CertificateValidator ) { // Attach to the async execute complete // event handler. base.AsyncExecuteComplete += new Nequeo.Threading.EventHandler <object, bool, System.Exception>(TransferClient_AsyncExecuteComplete); }
internal static void Validate(X509CertificateValidationMode value) { if (!IsDefined(value)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidEnumArgumentException("value", (int)value, typeof(X509CertificateValidationMode))); } }
/// <summary> /// Visits the call. /// </summary> /// <param name="destination">The destination.</param> /// <param name="receiver">The receiver.</param> /// <param name="callee">The callee.</param> /// <param name="arguments">The arguments.</param> /// <param name="isVirtualCall">if set to <c>true</c> [is virtual call].</param> /// <param name="programContext">The program context.</param> /// <param name="stateBeforeInstruction">The state before instruction.</param> /// <param name="stateAfterInstruction">The state after instruction.</param> public override void VisitCall( Variable destination, Variable receiver, Method callee, ExpressionList arguments, bool isVirtualCall, Microsoft.Fugue.IProgramContext programContext, Microsoft.Fugue.IExecutionState stateBeforeInstruction, Microsoft.Fugue.IExecutionState stateAfterInstruction) { if ((callee.DeclaringType.GetRuntimeType() == typeof(X509ServiceCertificateAuthentication) || callee.DeclaringType.GetRuntimeType() == typeof(X509ClientCertificateAuthentication)) && (callee.Name.Name.Equals("set_CertificateValidationMode", StringComparison.InvariantCultureIgnoreCase))) { IAbstractValue value = stateBeforeInstruction.Lookup((Variable)arguments[0]); IIntValue intValue = value.IntValue(stateBeforeInstruction); if (intValue != null) { X509CertificateValidationMode mode = (X509CertificateValidationMode)intValue.Value; if (mode != X509CertificateValidationMode.ChainTrust) { Resolution resolution = base.GetResolution(mode.ToString(), X509CertificateValidationMode.ChainTrust.ToString()); Problem problem = new Problem(resolution, programContext); base.Problems.Add(problem); } } } base.VisitCall(destination, receiver, callee, arguments, isVirtualCall, programContext, stateBeforeInstruction, stateAfterInstruction); }
//<snippet2> // This method configures the IssuedTokenAuthentication property of a ServiceHost. public static void ConfigureIssuedTokenServiceCredentials( ServiceHost sh, bool allowCardspaceTokens, IList <X509Certificate2> knownissuers, X509CertificateValidationMode certMode, X509RevocationMode revocationMode, SamlSerializer ser) { // Allow CardSpace tokens. sh.Credentials.IssuedTokenAuthentication.AllowUntrustedRsaIssuers = allowCardspaceTokens; // Set up known issuer certificates. foreach (X509Certificate2 cert in knownissuers) { sh.Credentials.IssuedTokenAuthentication.KnownCertificates.Add(cert); } // Set issuer certificate validation and revocation checking modes. sh.Credentials.IssuedTokenAuthentication.CertificateValidationMode = X509CertificateValidationMode.PeerOrChainTrust; sh.Credentials.IssuedTokenAuthentication.RevocationMode = X509RevocationMode.Online; sh.Credentials.IssuedTokenAuthentication.TrustedStoreLocation = StoreLocation.LocalMachine; // Set the SamlSerializer, if one is specified. if (ser != null) { sh.Credentials.IssuedTokenAuthentication.SamlSerializer = ser; } }
internal X509ClientCertificateAuthentication() { this.certificateValidationMode = X509CertificateValidationMode.ChainTrust; this.revocationMode = X509RevocationMode.Online; this.trustedStoreLocation = StoreLocation.LocalMachine; this.includeWindowsGroups = true; }
void IChannelCredentials.SetServiceCertificateAuthentication(string storeLocation, string revocationMode, string certificationValidationMode) { lock (channelBuilderSettings) { StoreLocation location = (StoreLocation)Enum.Parse(typeof(StoreLocation), storeLocation); X509RevocationMode mode = (X509RevocationMode)Enum.Parse(typeof(X509RevocationMode), revocationMode); X509CertificateValidationMode validationMode = X509ServiceCertificateAuthentication.DefaultCertificateValidationMode; if (!String.IsNullOrEmpty(certificationValidationMode)) { validationMode = (X509CertificateValidationMode)Enum.Parse(typeof(X509CertificateValidationMode), certificationValidationMode); } KeyedByTypeCollection <IEndpointBehavior> behaviors = channelBuilderSettings.Behaviors; ClientCredentials channelCredentials = behaviors.Find <ClientCredentials>(); if (channelCredentials == null) { channelCredentials = new ClientCredentials(); behaviors.Add(channelCredentials); } channelCredentials.ServiceCertificate.Authentication.TrustedStoreLocation = location; channelCredentials.ServiceCertificate.Authentication.RevocationMode = mode; channelCredentials.ServiceCertificate.Authentication.CertificateValidationMode = validationMode; } }
/// <summary> /// Transport security NetTcp binding constructor. /// </summary> /// <param name="endPointAddress">The endpoint address to connect to.</param> /// <param name="tcpClientCredentialType">The secure tcp client credential type</param> /// <param name="username">The UserName username</param> /// <param name="password">The UserName password</param> /// <param name="usernameWindows">The Windows ClientCredential username</param> /// <param name="passwordWindows">The Windows ClientCredential password</param> /// <param name="clientCertificate">The client x509 certificate.</param> /// <param name="validationMode">An enumeration that lists the ways of validating a certificate.</param> /// <param name="x509CertificateValidator">The certificate validator. If null then the certificate is always passed.</param> public TransferClient(string endPointAddress, System.ServiceModel.TcpClientCredentialType tcpClientCredentialType, string username = null, string password = null, string usernameWindows = null, string passwordWindows = null, X509Certificate2 clientCertificate = null, X509CertificateValidationMode validationMode = X509CertificateValidationMode.Custom, X509CertificateValidator x509CertificateValidator = null) : base( new Uri(endPointAddress), new System.ServiceModel.NetTcpBinding() { MaxReceivedMessageSize = Nequeo.Net.Properties.Settings.Default.TransferClientMaxReceivedMessageSize, MaxBufferSize = (int)Nequeo.Net.Properties.Settings.Default.TransferClientMaxReceivedMessageSize, TransferMode = System.ServiceModel.TransferMode.Buffered, Security = new System.ServiceModel.NetTcpSecurity() { Mode = System.ServiceModel.SecurityMode.Transport, Transport = new System.ServiceModel.TcpTransportSecurity() { ClientCredentialType = tcpClientCredentialType } } }, username, password, usernameWindows, passwordWindows, clientCertificate, validationMode, x509CertificateValidator ) { // Attach to the async execute complete // event handler. base.AsyncExecuteComplete += new Nequeo.Threading.EventHandler <object, bool, System.Exception>(TransferClient_AsyncExecuteComplete); }
/// <summary> /// Basic Http Binding constructor /// </summary> /// <param name="username">The UserName username</param> /// <param name="password">The UserName password</param> /// <param name="usernameWindows">The Windows ClientCredential username</param> /// <param name="passwordWindows">The Windows ClientCredential password</param> /// <param name="clientCertificate">The client x509 certificate.</param> /// <param name="validationMode">An enumeration that lists the ways of validating a certificate.</param> /// <param name="x509CertificateValidator">The certificate validator. If null then the certificate is always passed.</param> public MessageClient( string username = null, string password = null, string usernameWindows = null, string passwordWindows = null, X509Certificate2 clientCertificate = null, X509CertificateValidationMode validationMode = X509CertificateValidationMode.Custom, X509CertificateValidator x509CertificateValidator = null) : base( new Uri(Nequeo.Net.Properties.Settings.Default.MessageClientBaseAddress), new System.ServiceModel.BasicHttpBinding() { MaxReceivedMessageSize = Nequeo.Net.Properties.Settings.Default.MessageClientMaxReceivedMessageSize, TransferMode = System.ServiceModel.TransferMode.Buffered, MaxBufferPoolSize = Nequeo.Net.Properties.Settings.Default.MessageClientMaxReceivedMessageSize, MaxBufferSize = (int)Nequeo.Net.Properties.Settings.Default.MessageClientMaxReceivedMessageSize, ReaderQuotas = new System.Xml.XmlDictionaryReaderQuotas() { MaxArrayLength = (int)Nequeo.Net.Properties.Settings.Default.MessageClientMaxReceivedMessageSize, MaxBytesPerRead = (int)Nequeo.Net.Properties.Settings.Default.MessageClientMaxReceivedMessageSize, MaxDepth = (int)Nequeo.Net.Properties.Settings.Default.MessageClientMaxReceivedMessageSize, MaxNameTableCharCount = (int)Nequeo.Net.Properties.Settings.Default.MessageClientMaxReceivedMessageSize, MaxStringContentLength = (int)Nequeo.Net.Properties.Settings.Default.MessageClientMaxReceivedMessageSize } }, username, password, usernameWindows, passwordWindows, clientCertificate, validationMode, x509CertificateValidator ) { // Start the async control. _asyncAccount = new Nequeo.Threading.AsyncExecutionHandler <MessageClient>(); _asyncAccount.AsyncError += new Threading.EventHandler <Exception>(_asyncAccount_AsyncError); _asyncAccount.AsyncComplete += new Threading.EventHandler <object, string>(_asyncAccount_AsyncComplete); _asyncAccount.InitiliseAsyncInstance(this); }
internal static void Validate(X509CertificateValidationMode value) { if (!IsDefined(value)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidEnumArgumentException("value", (int) value, typeof(X509CertificateValidationMode))); } }
public static IEnumerable<X509Certificate> GetSigningCertificates(Uri url, X509CertificateValidationMode mode = X509CertificateValidationMode.None) { var certs = new List<X509Certificate2>(); using (var stream = GetMetadataStream(url)) { var serializer = new MetadataSerializer(); serializer.CertificateValidationMode = mode; var md = serializer.ReadMetadata(stream); var ed = md as EntityDescriptor; var stsd = (SecurityTokenServiceDescriptor)ed.RoleDescriptors.FirstOrDefault(x => x is SecurityTokenServiceDescriptor); foreach (var key in stsd.Keys) { var clause = key.KeyInfo.FirstOrDefault() as X509RawDataKeyIdentifierClause; if (clause != null) { var cert = new X509Certificate2(clause.GetX509RawData()); certs.Add(cert); } } } return certs; }
internal X509ServiceCertificateAuthentication(X509ServiceCertificateAuthentication other) { this.certificateValidationMode = other.certificateValidationMode; this.customCertificateValidator = other.customCertificateValidator; this.revocationMode = other.revocationMode; this.trustedStoreLocation = other.trustedStoreLocation; this.isReadOnly = other.isReadOnly; }
internal X509ServiceCertificateAuthentication(X509ServiceCertificateAuthentication other) { _certificateValidationMode = other._certificateValidationMode; _customCertificateValidator = other._customCertificateValidator; _revocationMode = other._revocationMode; _trustedStoreLocation = other._trustedStoreLocation; _isReadOnly = other._isReadOnly; }
internal X509PeerCertificateAuthentication(X509PeerCertificateAuthentication other) { this.certificateValidationMode = other.certificateValidationMode; this.customCertificateValidator = other.customCertificateValidator; this.revocationMode = other.revocationMode; this.trustedStoreLocation = other.trustedStoreLocation; this.isReadOnly = other.isReadOnly; }
public static bool IsDefined(X509CertificateValidationMode validationMode) { return validationMode == X509CertificateValidationMode.None || validationMode == X509CertificateValidationMode.PeerTrust || validationMode == X509CertificateValidationMode.ChainTrust || validationMode == X509CertificateValidationMode.PeerOrChainTrust || validationMode == X509CertificateValidationMode.Custom; }
public static bool IsDefined(X509CertificateValidationMode validationMode) { return(validationMode == X509CertificateValidationMode.None || validationMode == X509CertificateValidationMode.PeerTrust || validationMode == X509CertificateValidationMode.ChainTrust || validationMode == X509CertificateValidationMode.PeerOrChainTrust || validationMode == X509CertificateValidationMode.Custom); }
public static bool IsDefined(X509CertificateValidationMode validationMode) { if (((validationMode != X509CertificateValidationMode.None) && (validationMode != X509CertificateValidationMode.PeerTrust)) && ((validationMode != X509CertificateValidationMode.ChainTrust) && (validationMode != X509CertificateValidationMode.PeerOrChainTrust))) { return (validationMode == X509CertificateValidationMode.Custom); } return true; }
public static bool IsDefined(X509CertificateValidationMode validationMode) { if (((validationMode != X509CertificateValidationMode.None) && (validationMode != X509CertificateValidationMode.PeerTrust)) && ((validationMode != X509CertificateValidationMode.ChainTrust) && (validationMode != X509CertificateValidationMode.PeerOrChainTrust))) { return(validationMode == X509CertificateValidationMode.Custom); } return(true); }
internal IssuedTokenServiceCredential() { this.audienceUriMode = System.IdentityModel.Selectors.AudienceUriMode.Always; this.certificateValidationMode = X509CertificateValidationMode.ChainTrust; this.revocationMode = X509RevocationMode.Online; this.trustedStoreLocation = StoreLocation.LocalMachine; this.allowedAudienceUris = new List <string>(); this.knownCertificates = new List <X509Certificate2>(); }
internal X509ClientCertificateAuthentication(X509ClientCertificateAuthentication other) { this.certificateValidationMode = other.certificateValidationMode; this.customCertificateValidator = other.customCertificateValidator; this.includeWindowsGroups = other.includeWindowsGroups; this.mapClientCertificateToWindowsAccount = other.mapClientCertificateToWindowsAccount; this.trustedStoreLocation = other.trustedStoreLocation; this.revocationMode = other.revocationMode; this.isReadOnly = other.isReadOnly; }
internal X509ClientCertificateAuthentication(X509ClientCertificateAuthentication other) { _certificateValidationMode = other._certificateValidationMode; _customCertificateValidator = other._customCertificateValidator; _includeWindowsGroups = other._includeWindowsGroups; _mapClientCertificateToWindowsAccount = other._mapClientCertificateToWindowsAccount; _trustedStoreLocation = other._trustedStoreLocation; _revocationMode = other._revocationMode; _isReadOnly = other._isReadOnly; }
public RemoteServiceProviderArgs( string baseUrl, string configurationClassName, int maxReceivedMessageSize, X509CertificateValidationMode certificateValidationMode, X509RevocationMode revocationMode) : this(baseUrl, null, configurationClassName, maxReceivedMessageSize, certificateValidationMode, revocationMode, null) { }
internal X509PeerCertificateAuthentication(X509PeerCertificateAuthentication other) { this.certificateValidationMode = X509CertificateValidationMode.PeerOrChainTrust; this.revocationMode = X509RevocationMode.Online; this.trustedStoreLocation = StoreLocation.CurrentUser; this.certificateValidationMode = other.certificateValidationMode; this.customCertificateValidator = other.customCertificateValidator; this.revocationMode = other.revocationMode; this.trustedStoreLocation = other.trustedStoreLocation; this.isReadOnly = other.isReadOnly; }
internal X509ServiceCertificateAuthentication(X509ServiceCertificateAuthentication other) { this.certificateValidationMode = X509CertificateValidationMode.ChainTrust; this.revocationMode = X509RevocationMode.Online; this.trustedStoreLocation = StoreLocation.CurrentUser; this.certificateValidationMode = other.certificateValidationMode; this.customCertificateValidator = other.customCertificateValidator; this.revocationMode = other.revocationMode; this.trustedStoreLocation = other.trustedStoreLocation; this.isReadOnly = other.isReadOnly; }
/// <summary> /// Default constructor /// </summary> /// <param name="endPointAddress">The specific end point address</param> /// <param name="binding">Contains the binding elements that specify the protocols, /// transports, and message encoders used for communication between clients and services.</param> /// <param name="username">The UserName username</param> /// <param name="password">The UserName password</param> /// <param name="usernameWindows">The Windows ClientCredential username</param> /// <param name="passwordWindows">The Windows ClientCredential password</param> /// <param name="clientCertificate">The client x509 certificate.</param> /// <param name="validationMode">An enumeration that lists the ways of validating a certificate.</param> /// <param name="x509CertificateValidator">The certificate validator. If null then the certificate is always passed.</param> public Client(string endPointAddress, System.ServiceModel.WebHttpBinding binding, string username = null, string password = null, string usernameWindows = null, string passwordWindows = null, X509Certificate2 clientCertificate = null, X509CertificateValidationMode validationMode = X509CertificateValidationMode.Custom, X509CertificateValidator x509CertificateValidator = null) : base( new Uri(endPointAddress), binding, username, password, usernameWindows, passwordWindows, clientCertificate, validationMode, x509CertificateValidator) { OnCreated(); }
/// <summary> /// Default constructor /// </summary> /// <param name="username">The UserName username</param> /// <param name="password">The UserName password</param> /// <param name="usernameWindows">The Windows ClientCredential username</param> /// <param name="passwordWindows">The Windows ClientCredential password</param> /// <param name="clientCertificate">The client x509 certificate.</param> /// <param name="validationMode">An enumeration that lists the ways of validating a certificate.</param> /// <param name="x509CertificateValidator">The certificate validator. If null then the certificate is always passed.</param> /// <remarks> /// Represents an interoperable binding that supports distributed transactions /// and secure, reliable sessions (WSHttpBinding binding). /// </remarks> public Client(string username = null, string password = null, string usernameWindows = null, string passwordWindows = null, X509Certificate2 clientCertificate = null, X509CertificateValidationMode validationMode = X509CertificateValidationMode.Custom, X509CertificateValidator x509CertificateValidator = null) : base( new Uri(Nequeo.Management.ServiceModel.Properties.Settings.Default.ServiceAddress), new System.ServiceModel.WSHttpBinding(), username, password, usernameWindows, passwordWindows, clientCertificate, validationMode, x509CertificateValidator) { OnCreated(); }
internal IssuedTokenServiceCredential(IssuedTokenServiceCredential other) { _audienceUriMode = other._audienceUriMode; _allowedAudienceUris = new List <string>(other._allowedAudienceUris); _samlSerializer = other._samlSerializer; _knownCertificates = new List <X509Certificate2>(other._knownCertificates); _certificateValidationMode = other._certificateValidationMode; _customCertificateValidator = other._customCertificateValidator; _trustedStoreLocation = other._trustedStoreLocation; _revocationMode = other._revocationMode; _allowUntrustedRsaIssuers = other._allowUntrustedRsaIssuers; _isReadOnly = other._isReadOnly; }
internal IssuedTokenServiceCredential(IssuedTokenServiceCredential other) { this.audienceUriMode = other.audienceUriMode; this.allowedAudienceUris = new List <string>(other.allowedAudienceUris); this.samlSerializer = other.samlSerializer; this.knownCertificates = new List <X509Certificate2>(other.knownCertificates); this.certificateValidationMode = other.certificateValidationMode; this.customCertificateValidator = other.customCertificateValidator; this.trustedStoreLocation = other.trustedStoreLocation; this.revocationMode = other.revocationMode; this.allowUntrustedRsaIssuers = other.allowUntrustedRsaIssuers; this.isReadOnly = other.isReadOnly; }
internal IssuedTokenServiceCredential(IssuedTokenServiceCredential other) { this.audienceUriMode = other.audienceUriMode; this.allowedAudienceUris = new List<string>(other.allowedAudienceUris); this.samlSerializer = other.samlSerializer; this.knownCertificates = new List<X509Certificate2>(other.knownCertificates); this.certificateValidationMode = other.certificateValidationMode; this.customCertificateValidator = other.customCertificateValidator; this.trustedStoreLocation = other.trustedStoreLocation; this.revocationMode = other.revocationMode; this.allowUntrustedRsaIssuers = other.allowUntrustedRsaIssuers; this.isReadOnly = other.isReadOnly; }
public ServiceChannelConfigurationArgs( Type channelFactoryClass, Uri serviceUri, bool authenticationRequired, int maxReceivedMessageSize, X509CertificateValidationMode certificateValidationMode, X509RevocationMode revocationMode) { this.ChannelFactoryClass = channelFactoryClass; this.ServiceUri = serviceUri; this.AuthenticationRequired = authenticationRequired; this.MaxReceivedMessageSize = maxReceivedMessageSize; this.CertificateValidationMode = certificateValidationMode; this.RevocationMode = revocationMode; }
/// <summary> /// Default constructor /// </summary> /// <param name="endPointAddress">The endpoint address to connect to.</param> /// <param name="binding">The endpoint binding.</param> /// <param name="username">The UserName username</param> /// <param name="password">The UserName password</param> /// <param name="usernameWindows">The Windows ClientCredential username</param> /// <param name="passwordWindows">The Windows ClientCredential password</param> /// <param name="clientCertificate">The client x509 certificate.</param> /// <param name="validationMode">An enumeration that lists the ways of validating a certificate.</param> /// <param name="x509CertificateValidator">The certificate validator. If null then the certificate is always passed.</param> public TransferByteClient(string endPointAddress, System.ServiceModel.Channels.Binding binding, string username = null, string password = null, string usernameWindows = null, string passwordWindows = null, X509Certificate2 clientCertificate = null, X509CertificateValidationMode validationMode = X509CertificateValidationMode.Custom, X509CertificateValidator x509CertificateValidator = null) : base( new Uri(endPointAddress), binding, username, password, usernameWindows, passwordWindows, clientCertificate, validationMode, x509CertificateValidator ) { // Attach to the async execute complete // event handler. base.AsyncExecuteComplete += new Nequeo.Threading.EventHandler <object, bool, System.Exception>(TransferClient_AsyncExecuteComplete); }
public ExpectedJwtSecurityTokenRequirement ( uint? tokenSize = null, Int32? clock = null, uint? life = null, X509CertificateValidator cert = null, string name = JwtConstants.ReservedClaims.Sub, string role = null, X509RevocationMode? revMode = null, X509CertificateValidationMode? certMode = null, StoreLocation? storeLoc = null, ExpectedException expectedException = null, string handler = JwtSecurityTokenHandlerType, string requirement = Elements.JwtSecurityTokenRequirement, string attributeEx1 = "", string attributeEx2 = "", string attributeEx3 = "", string attributeEx4 = "", string elementEx1 = comment, string elementEx2 = comment, string elementEx3 = comment, string elementEx4 = comment, string elementEx5 = comment, string elementEx6 = comment, string elementClose = closeRequirement ) { MaxTokenSizeInBytes = tokenSize; NameClaimType = name; RoleClaimType = role; CertValidator = cert; ClockSkewInSeconds = clock; DefaultTokenLifetimeInMinutes = life; CertRevocationMode = revMode; CertValidationMode = certMode; CertStoreLocation = storeLoc; ExpectedException = expectedException ?? ExpectedException.NoExceptionExpected; string[] sParams = { handler, requirement, CertRevocationMode == null ? string.Empty : Attribute( Attributes.RevocationMode, CertRevocationMode.Value.ToString() ), attributeEx1, CertValidationMode == null ? string.Empty : Attribute( Attributes.ValidationMode, CertValidationMode.Value.ToString() ), attributeEx2, CertValidator == null ? string.Empty : Attribute( Attributes.Validator, CertValidator.GetType().ToString() +", System.IdentityModel.Tokens.Jwt.Tests" ), attributeEx3, CertStoreLocation == null ? string.Empty : Attribute( Attributes.TrustedStoreLocation, CertStoreLocation.ToString() ), attributeEx4, elementEx1, ClockSkewInSeconds == null ? string.Empty : ElementValue( Elements.MaxClockSkewInMinutes, ClockSkewInSeconds.Value.ToString() ), elementEx2, MaxTokenSizeInBytes == null ? string.Empty : ElementValue( Elements.MaxTokenSizeInBytes, MaxTokenSizeInBytes.Value.ToString() ), elementEx3, DefaultTokenLifetimeInMinutes == null ? string.Empty : ElementValue( Elements.DefaultTokenLifetimeInMinutes, DefaultTokenLifetimeInMinutes.Value.ToString() ), elementEx4, NameClaimType == null ? string.Empty : ElementValue( Elements.NameClaimType, NameClaimType ), elementEx5, RoleClaimType == null ? string.Empty : ElementValue( Elements.RoleClaimType, RoleClaimType ), elementEx6, elementClose, }; Config = string.Format(ElementTemplate, sParams); }
public ServiceChannelConfigurationArgs( Type channelFactoryClass, Uri serviceUri, bool authenticationRequired, long maxReceivedMessageSize, X509CertificateValidationMode certificateValidationMode, X509RevocationMode revocationMode) { this.ChannelFactoryClass = channelFactoryClass; this.ServiceUri = serviceUri; this.AuthenticationRequired = authenticationRequired; this.MaxReceivedMessageSize = maxReceivedMessageSize; this.CertificateValidationMode = certificateValidationMode; this.RevocationMode = revocationMode; this.SendTimeoutSeconds = 0; this.TransferMode = TransferMode.Buffered; }
public X509CertificateValidatorEx( X509CertificateValidationMode certificateValidationMode, X509RevocationMode revocationMode, StoreLocation trustedStoreLocation) { this.certificateValidationMode = certificateValidationMode; switch (this.certificateValidationMode) { case X509CertificateValidationMode.None: { this.validator = X509CertificateValidator.None; break; } case X509CertificateValidationMode.PeerTrust: { this.validator = X509CertificateValidator.PeerTrust; break; } case X509CertificateValidationMode.ChainTrust: { bool useMachineContext = trustedStoreLocation == StoreLocation.LocalMachine; this.chainPolicy = new X509ChainPolicy(); this.chainPolicy.RevocationMode = revocationMode; this.validator = X509CertificateValidator.CreateChainTrustValidator(useMachineContext, this.chainPolicy); break; } case X509CertificateValidationMode.PeerOrChainTrust: { bool useMachineContext = trustedStoreLocation == StoreLocation.LocalMachine; this.chainPolicy = new X509ChainPolicy(); this.chainPolicy.RevocationMode = revocationMode; this.validator = X509CertificateValidator.CreatePeerOrChainTrustValidator(useMachineContext, this.chainPolicy); break; } case X509CertificateValidationMode.Custom: default: throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.ID4256))); } }
internal IssuedTokenServiceCredential(IssuedTokenServiceCredential other) { this.audienceUriMode = System.IdentityModel.Selectors.AudienceUriMode.Always; this.certificateValidationMode = X509CertificateValidationMode.ChainTrust; this.revocationMode = X509RevocationMode.Online; this.trustedStoreLocation = StoreLocation.LocalMachine; this.audienceUriMode = other.audienceUriMode; this.allowedAudienceUris = new List <string>(other.allowedAudienceUris); this.samlSerializer = other.samlSerializer; this.knownCertificates = new List <X509Certificate2>(other.knownCertificates); this.certificateValidationMode = other.certificateValidationMode; this.customCertificateValidator = other.customCertificateValidator; this.trustedStoreLocation = other.trustedStoreLocation; this.revocationMode = other.revocationMode; this.allowUntrustedRsaIssuers = other.allowUntrustedRsaIssuers; this.isReadOnly = other.isReadOnly; }
private static X509CertificateValidator ReadCertificateValidator(X509CertificateValidationMode mode) { switch (mode) { case X509CertificateValidationMode.None: return(X509CertificateValidator.None); case X509CertificateValidationMode.ChainTrust: return(X509CertificateValidator.ChainTrust); case X509CertificateValidationMode.PeerTrust: return(X509CertificateValidator.PeerTrust); case X509CertificateValidationMode.PeerOrChainTrust: return(X509CertificateValidator.PeerOrChainTrust); } throw new ConfigurationErrorsException(string.Format("Certificate validation mode {0} not supported", mode)); }
public MetadataBasedIssuerNameRegistry( Uri metadataAddress, string issuerName, X509CertificateValidationMode mode = X509CertificateValidationMode.None, bool lazyLoad = false) { if (metadataAddress == null) throw new ArgumentNullException("metadataAddress"); if (String.IsNullOrWhiteSpace(issuerName)) throw new ArgumentNullException("issuerName"); this.metadataAddress = metadataAddress; this.issuerName = issuerName; this.mode = mode; if (!lazyLoad) { LoadMetadata(); } }
/// <summary> /// Default constructor /// </summary> /// <param name="endPointAddress">The endpoint address to connect to.</param> /// <param name="binding">The endpoint binding.</param> /// <param name="username">The UserName username</param> /// <param name="password">The UserName password</param> /// <param name="usernameWindows">The Windows ClientCredential username</param> /// <param name="passwordWindows">The Windows ClientCredential password</param> /// <param name="clientCertificate">The client x509 certificate.</param> /// <param name="validationMode">An enumeration that lists the ways of validating a certificate.</param> /// <param name="x509CertificateValidator">The certificate validator. If null then the certificate is always passed.</param> public MessageClient(string endPointAddress, System.ServiceModel.Channels.Binding binding, string username = null, string password = null, string usernameWindows = null, string passwordWindows = null, X509Certificate2 clientCertificate = null, X509CertificateValidationMode validationMode = X509CertificateValidationMode.Custom, X509CertificateValidator x509CertificateValidator = null) : base( new Uri(endPointAddress), binding, username, password, usernameWindows, passwordWindows, clientCertificate, validationMode, x509CertificateValidator ) { // Start the async control. _asyncAccount = new Nequeo.Threading.AsyncExecutionHandler <MessageClient>(); _asyncAccount.AsyncError += new Threading.EventHandler <Exception>(_asyncAccount_AsyncError); _asyncAccount.AsyncComplete += new Threading.EventHandler <object, string>(_asyncAccount_AsyncComplete); _asyncAccount.InitiliseAsyncInstance(this); }
/// <summary> /// Initializes a new instance of the /// <see cref="FormattingServiceConfig" /> /// class. /// </summary> /// <param name="serviceUri">The service's URI</param> /// <param name="serviceCertificate">The service certificate name or file path</param> /// <param name="clientCertificate">The client certificate</param> /// <param name="certificateValidationMode">The certificate validation mode</param> /// <param name="doTrustAllCertificates">A value indicating whether all certificates shall be trusted or not</param> public FormattingServiceConfig( Uri uri, string serviceCertificate, string clientCertificate, X509CertificateValidationMode certificateValidationMode = X509CertificateValidationMode.ChainTrust, bool doTrustAllCertificates = false ) { Uri serviceUri = new Uri("https://cpprod.skidata.net:10232/"); this.ServiceUri = serviceUri; //this.Username = username; ////this.Password = password; this.ClientCertificate = "ISRA"; this.ServiceCertificate = "C:\\CERTIFICAT\\Format.Service_server.cer"; this.CertificateValidationMode = certificateValidationMode; this.DoTrustAllCertificates = doTrustAllCertificates; }
public X509CertificateValidatorEx(X509CertificateValidationMode certificateValidationMode, X509RevocationMode revocationMode, StoreLocation trustedStoreLocation) { this.certificateValidationMode = certificateValidationMode; switch (this.certificateValidationMode) { case X509CertificateValidationMode.None: { this.validator = X509CertificateValidator.None; break; } case X509CertificateValidationMode.PeerTrust: { this.validator = X509CertificateValidator.PeerTrust; break; } case X509CertificateValidationMode.ChainTrust: { bool useMachineContext = trustedStoreLocation == StoreLocation.LocalMachine; this.chainPolicy = new X509ChainPolicy(); this.chainPolicy.RevocationMode = revocationMode; this.validator = X509CertificateValidator.CreateChainTrustValidator(useMachineContext, this.chainPolicy); break; } case X509CertificateValidationMode.PeerOrChainTrust: { bool useMachineContext = trustedStoreLocation == StoreLocation.LocalMachine; this.chainPolicy = new X509ChainPolicy(); this.chainPolicy.RevocationMode = revocationMode; this.validator = X509CertificateValidator.CreatePeerOrChainTrustValidator(useMachineContext, this.chainPolicy); break; } default: throw new InvalidOperationException(string.Format(CultureInfo.InvariantCulture, ErrorMessages.IDX10637, this.certificateValidationMode)); } }
internal X509ServiceCertificateAuthentication() { this.certificateValidationMode = X509CertificateValidationMode.ChainTrust; this.revocationMode = X509RevocationMode.Online; this.trustedStoreLocation = StoreLocation.CurrentUser; }
protected virtual X509CertificateValidator GetCertificateValidator(X509CertificateValidationMode x509CertificateValidationMode) { //setup the right validator (only validates the credential of the certificate used to sign, not the certificate itself or the signature) switch (x509CertificateValidationMode) { case X509CertificateValidationMode.ChainTrust: return X509CertificateValidator.ChainTrust; case X509CertificateValidationMode.PeerTrust: return X509CertificateValidator.PeerTrust; case X509CertificateValidationMode.PeerOrChainTrust: return X509CertificateValidator.PeerOrChainTrust; case X509CertificateValidationMode.None: return X509CertificateValidator.None; case X509CertificateValidationMode.Custom: throw new ArgumentException("Custom Certificate Validation Mode is not supported by the SAML Plugin"); //we could expose a custom plugin type and try to load it here } throw new ArgumentException("Selected Certificate Validation Mode is not supported by the SAML Plugin"); }