173 lines
6.1 KiB
C#
Raw Normal View History

//-----------------------------------------------------------------------------
// Copyright (c) Microsoft Corporation. All rights reserved.
//-----------------------------------------------------------------------------
namespace System.ServiceModel.Security
{
using System.Security.Cryptography.X509Certificates;
using System.ServiceModel.Channels;
using System.ServiceModel.Security;
public class PeerCredential
{
internal const StoreLocation DefaultStoreLocation = StoreLocation.CurrentUser;
internal const StoreName DefaultStoreName = StoreName.My;
internal const X509FindType DefaultFindType = X509FindType.FindBySubjectDistinguishedName;
X509Certificate2 certificate;
string meshPassword;
X509PeerCertificateAuthentication peerAuthentication;
X509PeerCertificateAuthentication messageSenderAuthentication;
bool isReadOnly;
internal PeerCredential()
{
peerAuthentication = new X509PeerCertificateAuthentication();
messageSenderAuthentication = new X509PeerCertificateAuthentication();
}
internal PeerCredential(PeerCredential other)
{
this.certificate = other.certificate;
this.meshPassword = other.meshPassword;
this.peerAuthentication = new X509PeerCertificateAuthentication(other.peerAuthentication);
this.messageSenderAuthentication = new X509PeerCertificateAuthentication(other.messageSenderAuthentication);
this.isReadOnly = other.isReadOnly;
}
public X509Certificate2 Certificate
{
get
{
return this.certificate;
}
set
{
ThrowIfImmutable();
this.certificate = value;
}
}
public string MeshPassword
{
get
{
return this.meshPassword;
}
set
{
ThrowIfImmutable();
this.meshPassword = value;
}
}
public X509PeerCertificateAuthentication PeerAuthentication
{
get
{
return this.peerAuthentication;
}
set
{
ThrowIfImmutable();
this.peerAuthentication = value;
}
}
public X509PeerCertificateAuthentication MessageSenderAuthentication
{
get
{
return this.messageSenderAuthentication;
}
set
{
ThrowIfImmutable();
this.messageSenderAuthentication = value;
}
}
public void SetCertificate(string subjectName, StoreLocation storeLocation, StoreName storeName)
{
if (subjectName == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("subjectName");
}
this.SetCertificate(storeLocation, storeName, DefaultFindType, subjectName);
}
public void SetCertificate(StoreLocation storeLocation, StoreName storeName, X509FindType findType, object findValue)
{
if (findValue == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("findValue");
}
ThrowIfImmutable();
this.certificate = SecurityUtils.GetCertificateFromStore(storeName, storeLocation, findType, findValue, null);
}
internal void MakeReadOnly()
{
this.isReadOnly = true;
this.peerAuthentication.MakeReadOnly();
this.messageSenderAuthentication.MakeReadOnly();
}
void ThrowIfImmutable()
{
if (this.isReadOnly)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.ObjectIsReadOnly)));
}
}
bool SameAuthenticators(X509PeerCertificateAuthentication one, X509PeerCertificateAuthentication two)
{
if (one.CertificateValidationMode != two.CertificateValidationMode)
return false;
if (one.CertificateValidationMode != X509CertificateValidationMode.Custom)
{
return (one.GetType().Equals(two.GetType()));
}
else
{
System.IdentityModel.Selectors.X509CertificateValidator first = null, second = null;
one.TryGetCertificateValidator(out first);
two.TryGetCertificateValidator(out second);
return (first != null && second != null && first.Equals(second));
}
}
internal bool Equals(PeerCredential that, PeerAuthenticationMode mode, bool messageAuthentication)
{
if (messageAuthentication)
{
if (!SameAuthenticators(this.MessageSenderAuthentication, that.messageSenderAuthentication))
return false;
if (this.Certificate != null && that.Certificate != null && !this.Certificate.Equals(that.Certificate))
return false;
}
switch (mode)
{
case PeerAuthenticationMode.None:
return true;
case PeerAuthenticationMode.Password:
if (!this.MeshPassword.Equals(that.MeshPassword))
return false;
if (this.Certificate == null && that.Certificate == null)
return true;
if ((this.Certificate == null) || !this.Certificate.Equals(that.Certificate))
return false;
break;
case PeerAuthenticationMode.MutualCertificate:
if (!this.Certificate.Equals(that.Certificate))
return false;
if (!SameAuthenticators(this.PeerAuthentication, that.PeerAuthentication))
return false;
break;
}
return true;
}
}
}