153 lines
5.5 KiB
C#
153 lines
5.5 KiB
C#
|
//-----------------------------------------------------------------------------
|
||
|
|
// Copyright (c) Microsoft Corporation. All rights reserved.
|
||
|
|
//-----------------------------------------------------------------------------
|
||
|
|
|
||
|
|
namespace System.ServiceModel.Security
|
||
|
|
{
|
||
|
|
using System.Collections.Generic;
|
||
|
|
using System.Security.Cryptography.X509Certificates;
|
||
|
|
using System.ServiceModel;
|
||
|
|
|
||
|
|
public sealed class X509CertificateRecipientClientCredential
|
||
|
|
{
|
||
|
|
X509ServiceCertificateAuthentication authentication;
|
||
|
|
X509ServiceCertificateAuthentication sslCertificateAuthentication;
|
||
|
|
|
||
|
|
internal const StoreLocation DefaultStoreLocation = StoreLocation.CurrentUser;
|
||
|
|
internal const StoreName DefaultStoreName = StoreName.My;
|
||
|
|
internal const X509FindType DefaultFindType = X509FindType.FindBySubjectDistinguishedName;
|
||
|
|
|
||
|
|
X509Certificate2 defaultCertificate;
|
||
|
|
Dictionary<Uri, X509Certificate2> scopedCertificates;
|
||
|
|
bool isReadOnly;
|
||
|
|
|
||
|
|
internal X509CertificateRecipientClientCredential()
|
||
|
|
{
|
||
|
|
this.authentication = new X509ServiceCertificateAuthentication();
|
||
|
|
this.scopedCertificates = new Dictionary<Uri, X509Certificate2>();
|
||
|
|
}
|
||
|
|
|
||
|
|
internal X509CertificateRecipientClientCredential(X509CertificateRecipientClientCredential other)
|
||
|
|
{
|
||
|
|
this.authentication = new X509ServiceCertificateAuthentication(other.authentication);
|
||
|
|
if (other.sslCertificateAuthentication != null)
|
||
|
|
{
|
||
|
|
this.sslCertificateAuthentication = new X509ServiceCertificateAuthentication(other.sslCertificateAuthentication);
|
||
|
|
}
|
||
|
|
|
||
|
|
this.defaultCertificate = other.defaultCertificate;
|
||
|
|
this.scopedCertificates = new Dictionary<Uri, X509Certificate2>();
|
||
|
|
foreach (Uri uri in other.ScopedCertificates.Keys)
|
||
|
|
{
|
||
|
|
this.scopedCertificates.Add(uri, other.ScopedCertificates[uri]);
|
||
|
|
}
|
||
|
|
this.isReadOnly = other.isReadOnly;
|
||
|
|
}
|
||
|
|
|
||
|
|
public X509Certificate2 DefaultCertificate
|
||
|
|
{
|
||
|
|
get
|
||
|
|
{
|
||
|
|
|
||
|
|
return this.defaultCertificate;
|
||
|
|
}
|
||
|
|
set
|
||
|
|
{
|
||
|
|
ThrowIfImmutable();
|
||
|
|
this.defaultCertificate = value;
|
||
|
|
}
|
||
|
|
}
|
||
|
|
|
||
|
|
public Dictionary<Uri, X509Certificate2> ScopedCertificates
|
||
|
|
{
|
||
|
|
get
|
||
|
|
{
|
||
|
|
return this.scopedCertificates;
|
||
|
|
}
|
||
|
|
}
|
||
|
|
|
||
|
|
public X509ServiceCertificateAuthentication Authentication
|
||
|
|
{
|
||
|
|
get
|
||
|
|
{
|
||
|
|
|
||
|
|
return this.authentication;
|
||
|
|
}
|
||
|
|
}
|
||
|
|
|
||
|
|
public X509ServiceCertificateAuthentication SslCertificateAuthentication
|
||
|
|
{
|
||
|
|
get
|
||
|
|
{
|
||
|
|
return this.sslCertificateAuthentication;
|
||
|
|
}
|
||
|
|
set
|
||
|
|
{
|
||
|
|
ThrowIfImmutable();
|
||
|
|
this.sslCertificateAuthentication = value;
|
||
|
|
}
|
||
|
|
}
|
||
|
|
|
||
|
|
public void SetDefaultCertificate(string subjectName, StoreLocation storeLocation, StoreName storeName)
|
||
|
|
{
|
||
|
|
if (subjectName == null)
|
||
|
|
{
|
||
|
|
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("subjectName");
|
||
|
|
}
|
||
|
|
SetDefaultCertificate(storeLocation, storeName, DefaultFindType, subjectName);
|
||
|
|
}
|
||
|
|
|
||
|
|
public void SetDefaultCertificate(StoreLocation storeLocation, StoreName storeName, X509FindType findType, object findValue)
|
||
|
|
{
|
||
|
|
if (findValue == null)
|
||
|
|
{
|
||
|
|
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("findValue");
|
||
|
|
}
|
||
|
|
ThrowIfImmutable();
|
||
|
|
this.defaultCertificate = SecurityUtils.GetCertificateFromStore(storeName, storeLocation, findType, findValue, null);
|
||
|
|
}
|
||
|
|
|
||
|
|
public void SetScopedCertificate(string subjectName, StoreLocation storeLocation, StoreName storeName, Uri targetService)
|
||
|
|
{
|
||
|
|
if (subjectName == null)
|
||
|
|
{
|
||
|
|
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("subjectName");
|
||
|
|
}
|
||
|
|
SetScopedCertificate(DefaultStoreLocation, DefaultStoreName, DefaultFindType, subjectName, targetService);
|
||
|
|
}
|
||
|
|
|
||
|
|
public void SetScopedCertificate(StoreLocation storeLocation, StoreName storeName, X509FindType findType, object findValue, Uri targetService)
|
||
|
|
{
|
||
|
|
if (findValue == null)
|
||
|
|
{
|
||
|
|
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("findValue");
|
||
|
|
}
|
||
|
|
if (targetService == null)
|
||
|
|
{
|
||
|
|
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("targetService");
|
||
|
|
}
|
||
|
|
ThrowIfImmutable();
|
||
|
|
X509Certificate2 certificate = SecurityUtils.GetCertificateFromStore(storeName, storeLocation, findType, findValue, null);
|
||
|
|
ScopedCertificates[targetService] = certificate;
|
||
|
|
}
|
||
|
|
|
||
|
|
internal void MakeReadOnly()
|
||
|
|
{
|
||
|
|
this.isReadOnly = true;
|
||
|
|
this.Authentication.MakeReadOnly();
|
||
|
|
if (this.sslCertificateAuthentication != null)
|
||
|
|
{
|
||
|
|
this.sslCertificateAuthentication.MakeReadOnly();
|
||
|
|
}
|
||
|
|
}
|
||
|
|
|
||
|
|
void ThrowIfImmutable()
|
||
|
|
{
|
||
|
|
if (this.isReadOnly)
|
||
|
|
{
|
||
|
|
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.ObjectIsReadOnly)));
|
||
|
|
}
|
||
|
|
}
|
||
|
|
}
|
||
|
|
}
|