public X509SecurityTokenProvider(StoreLocation storeLocation, StoreName storeName, X509FindType findType, object findValue)
        {
            if (findValue == null)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("findValue");
            }

            X509CertificateStore store = new X509CertificateStore(storeName, storeLocation);
            X509Certificate2Collection certificates = null;
            try
            {
                store.Open(OpenFlags.ReadOnly);
                certificates = store.Find(findType, findValue, false);
                if (certificates.Count < 1)
                {
                    throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.CannotFindCert, storeName, storeLocation, findType, findValue)));
                }
                if (certificates.Count > 1)
                {
                    throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(SR.GetString(SR.FoundMultipleCerts, storeName, storeLocation, findType, findValue)));
                }

                this.certificate = new X509Certificate2(certificates[0]);
            }
            finally
            {
                SecurityUtils.ResetAllCertificates(certificates);
                store.Close();
            }
        }
示例#2
0
        public X509SecurityTokenProvider(StoreLocation storeLocation, StoreName storeName, X509FindType findType, object findValue)
        {
            if (findValue == null)
            {
                throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("findValue");
            }
            X509CertificateStore       store        = new X509CertificateStore(storeName, storeLocation);
            X509Certificate2Collection certificates = null;

            try
            {
                store.Open(OpenFlags.ReadOnly);
                certificates = store.Find(findType, findValue, false);
                if (certificates.Count < 1)
                {
                    throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("CannotFindCert", new object[] { storeName, storeLocation, findType, findValue })));
                }
                if (certificates.Count > 1)
                {
                    throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new SecurityTokenException(System.IdentityModel.SR.GetString("FoundMultipleCerts", new object[] { storeName, storeLocation, findType, findValue })));
                }
                this.certificate = new X509Certificate2(certificates[0]);
            }
            finally
            {
                System.IdentityModel.SecurityUtils.ResetAllCertificates(certificates);
                store.Close();
            }
        }
            static bool StoreContainsCertificate(StoreName storeName, X509Certificate2 certificate)
            {
                X509CertificateStore       store        = new X509CertificateStore(storeName, StoreLocation.CurrentUser);
                X509Certificate2Collection certificates = null;

                try
                {
                    store.Open(OpenFlags.ReadOnly);
                    certificates = store.Find(X509FindType.FindByThumbprint, certificate.GetCertHash(), false);
                    return(certificates.Count > 0);
                }
                finally
                {
                    SecurityUtils.ResetAllCertificates(certificates);
                    store.Close();
                }
            }
            static bool StoreContainsCertificate(StoreName storeName, X509Certificate2 certificate)
            {
                X509CertificateStore       store        = new X509CertificateStore(storeName, StoreLocation.CurrentUser);
                X509Certificate2Collection certificates = null;

                try
                {
                    store.Open(OpenFlags.ReadOnly);
                    certificates = store.Find(X509FindType.FindByThumbprint, certificate.GetCertHash(), false);

                    // store.Find(X509FindType.FindByThumbprint, certificate.GetCertHash(), false) gets a cert
                    // from a store only by comparing SHA-1 certificate hash.
                    // This is vulnerable to known SHA1 collision attacks where an attacker can produce different certificates
                    // with the same thumbprint and get a service to trust one of the certificates and later use another.
                    // As a precaution, we will check if the certificate collection contains the given certificate by comparing certificate's raw data byte-by-byte.
                    return(SecurityUtils.CollectionContainsCertificate(certificates, certificate));
                }
                finally
                {
                    SecurityUtils.ResetAllCertificates(certificates);
                    store.Close();
                }
            }
 static bool StoreContainsCertificate(StoreName storeName, X509Certificate2 certificate)
 {
     X509CertificateStore store = new X509CertificateStore(storeName, StoreLocation.CurrentUser);
     X509Certificate2Collection certificates = null;
     try
     {
         store.Open(OpenFlags.ReadOnly);
         certificates = store.Find(X509FindType.FindByThumbprint, certificate.GetCertHash(), false);
         return certificates.Count > 0;
     }
     finally
     {
         SecurityUtils.ResetAllCertificates(certificates);
         store.Close();
     }
 }