// The signing certificate, computed based on signing store settings.
public X509Certificate2 GetSigningCertificate()
{
Utility.IfNullThrowNullArgumentException(this.StoreIdentifyingValue, "signingStoreIdentifyingValue");
X509Certificate2 certificate = CertificateHelper.GetCertificate(
this.StoreName,
this.StoreLocation,
this.StoreFindType,
this.StoreIdentifyingValue);
// GetCertificate will throw an exception if no certificate is found.
// Here, we are sure that the certificate is not null.
return(certificate);
}
void Process(ReceivedCertificatesStoreSettings receivedCertificatesStoreSettings)
{
// The attributes should contain the following: Scheme, KeyId, Refs, Sig, [PrefixList]
string schemeUri;
string keyId;
string refs;
string sig;
string inclusivePrefixList;
this.GetCompactSignatureAttributes(out schemeUri, out keyId, out refs, out sig, out inclusivePrefixList);
this.CheckCompactSignatureAttributes(schemeUri, keyId, sig, refs, inclusivePrefixList);
// Look for a certificate that matches the KeyId in the compact signature header
X509Certificate2 certificate = CertificateHelper.GetCertificateByThumbprint(
receivedCertificatesStoreSettings.StoreName,
receivedCertificatesStoreSettings.StoreLocation,
Utility.ToHexString(keyId));
// Construct a ds:SignedInfo, then compute and verify signature
this.VerifySignature(refs, sig, inclusivePrefixList, certificate);
}
public static X509Certificate2 GetCertificate(
StoreName storeName,
StoreLocation storeLocation,
X509FindType findType,
string findValue)
{
X509Certificate2 certificate = null;
if (certificatesCache.TryGet(storeName, storeLocation, findType, findValue, out certificate))
{
return(certificate);
}
X509Store store = null;
X509Certificate2Collection certificates = null;
try
{
store = new X509Store(storeName, storeLocation);
store.Open(OpenFlags.ReadOnly);
certificates = store.Certificates;
if (findType == X509FindType.FindBySubjectName)
{
certificate = CertificateHelper.FindBySubjectName(certificates, findValue);
}
else if (findType == X509FindType.FindByThumbprint)
{
certificate = CertificateHelper.FindByThumbprint(certificates, findValue);
}
else if (findType == X509FindType.FindBySubjectDistinguishedName)
{
certificate = CertificateHelper.FindBySubjectDistinguishedName(certificates, findValue);
}
else
{
throw new CompactSignatureSecurityException(
string.Format(
CultureInfo.CurrentCulture,
"The value {0} of X509FindType is not supported. Please use FindBySubjectName or FindByThumbprint instead.",
findType));
}
}
finally
{
if (certificates != null)
{
for (int i = 0; i < certificates.Count; ++i)
{
certificates[i].Reset();
}
}
if (store != null)
{
store.Close();
}
}
if (certificate != null)
{
certificatesCache.Add(storeName, storeLocation, findType, findValue, certificate);
return(certificate);
}
throw new CompactSignatureSecurityException(
string.Format(
CultureInfo.CurrentCulture,
"No matching certificates were found for KeyId={0} and X509FindType={1}",
findValue,
findType));
}
