protected virtual CertificateConfiguration LoadCertificateConfiguration(Certificates cert)
{
object findValue;
X509FindType findType;
var certConfig = new CertificateConfiguration
{
SubjectDistinguishedName = cert.SubjectDistinguishedName,
};
if (!string.IsNullOrWhiteSpace(cert.SubjectDistinguishedName))
{
findValue = cert.SubjectDistinguishedName;
findType = X509FindType.FindBySubjectDistinguishedName;
}
else
{
Tracing.Error("No distinguished name or thumbprint for certificate: " + cert.Name);
return(certConfig);
}
try
{
certConfig.Certificate = X509Certificates.GetCertificateFromStore(StoreLocation.LocalMachine, StoreName.My, findType, findValue);
}
catch
{
Tracing.Error("No certificate found for: " + findValue);
throw new ConfigurationErrorsException("No certificate found for: " + findValue);
}
return(certConfig);
}
public static X509Certificate2 GetValidClientCertificate()
{
return(X509Certificates.GetCertificateFromStore(
StoreLocation.CurrentUser,
StoreName.My,
X509FindType.FindBySubjectDistinguishedName,
Constants.Certificates.ValidClientCertificateName));
}
static void Main(string[] args)
{
signingCert = X509Certificates.GetCertificateFromStore(
"CN=roadie, OU=Research, O=LeastPrivilege, L=Heidelberg, S=BaWue, C=DE",
StoreLocation.LocalMachine);
BearerClearText();
SymmetricEncrypted();
}
private static RequestSecurityTokenResponse RequestToken(RequestSecurityToken rst)
{
var factory = new WSTrustChannelFactory(
new CertificateWSTrustBinding(SecurityMode.TransportWithMessageCredential),
new EndpointAddress(idp));
factory.Credentials.ClientCertificate.Certificate = X509Certificates.GetCertificateFromStore("CN=Client");
RequestSecurityTokenResponse rstr;
var token = factory.CreateChannel().Issue(rst, out rstr);
return(rstr);
}
private static RequestSecurityTokenResponse RequestTokenInMemory(RequestSecurityToken rst)
{
var signingCert = X509Certificates.GetCertificateFromStore("CN=STS", StoreLocation.LocalMachine);
var encryptingCert = X509Certificates.GetCertificateFromStore("CN=Service", StoreLocation.LocalMachine);
var config = new InMemoryStsConfiguration(signingCert);
var sts = new InMemorySts(config, encryptingCert);
var id = new ClaimsIdentity(new List <Claim>
{
new Claim(ClaimTypes.Name, "dominick")
});
return(sts.Issue(ClaimsPrincipal.CreateFromIdentity(id), rst));
}
private static SecurityToken RequestSymmetricEncryptedToken(X509Certificate2 decryptionCert)
{
var factory = new WSTrustChannelFactory(
new CertificateWSTrustBinding(SecurityMode.TransportWithMessageCredential),
new EndpointAddress(idp));
factory.Credentials.ClientCertificate.Certificate = X509Certificates.GetCertificateFromStore("CN=Client");
var rst = new RequestSecurityToken
{
RequestType = RequestTypes.Issue,
AppliesTo = new EndpointAddress(encryptedRP),
KeyType = KeyTypes.Symmetric
};
var genericToken = factory.CreateChannel().Issue(rst) as GenericXmlSecurityToken;
var token = genericToken.ToSecurityToken(decryptionCert);
return(token);
}
private X509Certificate2 GetCertificateFromStore(string distinguishedName)
{
return(X509Certificates.GetCertificateFromStore(distinguishedName));
}
private static X509Certificate2 GetSigningCertificate()
{
return(X509Certificates.GetCertificateFromStore("CN=Service"));
}
private static void OpenFromStore()
{
var cert = X509Certificates.GetCertificateFromStore("CN=Service");
X509Certificate2UI.DisplayCertificate(cert);
}