173 lines
6.1 KiB
C#
173 lines
6.1 KiB
C#
|
//-----------------------------------------------------------------------------
|
||
|
|
// Copyright (c) Microsoft Corporation. All rights reserved.
|
||
|
|
//-----------------------------------------------------------------------------
|
||
|
|
|
||
|
|
namespace System.ServiceModel.Security
|
||
|
|
{
|
||
|
|
using System.Security.Cryptography.X509Certificates;
|
||
|
|
using System.ServiceModel.Channels;
|
||
|
|
using System.ServiceModel.Security;
|
||
|
|
|
||
|
|
public class PeerCredential
|
||
|
|
{
|
||
|
|
internal const StoreLocation DefaultStoreLocation = StoreLocation.CurrentUser;
|
||
|
|
internal const StoreName DefaultStoreName = StoreName.My;
|
||
|
|
internal const X509FindType DefaultFindType = X509FindType.FindBySubjectDistinguishedName;
|
||
|
|
|
||
|
|
X509Certificate2 certificate;
|
||
|
|
string meshPassword;
|
||
|
|
X509PeerCertificateAuthentication peerAuthentication;
|
||
|
|
X509PeerCertificateAuthentication messageSenderAuthentication;
|
||
|
|
bool isReadOnly;
|
||
|
|
|
||
|
|
internal PeerCredential()
|
||
|
|
{
|
||
|
|
peerAuthentication = new X509PeerCertificateAuthentication();
|
||
|
|
messageSenderAuthentication = new X509PeerCertificateAuthentication();
|
||
|
|
}
|
||
|
|
|
||
|
|
internal PeerCredential(PeerCredential other)
|
||
|
|
{
|
||
|
|
this.certificate = other.certificate;
|
||
|
|
this.meshPassword = other.meshPassword;
|
||
|
|
this.peerAuthentication = new X509PeerCertificateAuthentication(other.peerAuthentication);
|
||
|
|
this.messageSenderAuthentication = new X509PeerCertificateAuthentication(other.messageSenderAuthentication);
|
||
|
|
this.isReadOnly = other.isReadOnly;
|
||
|
|
}
|
||
|
|
|
||
|
|
public X509Certificate2 Certificate
|
||
|
|
{
|
||
|
|
get
|
||
|
|
{
|
||
|
|
return this.certificate;
|
||
|
|
}
|
||
|
|
set
|
||
|
|
{
|
||
|
|
ThrowIfImmutable();
|
||
|
|
this.certificate = value;
|
||
|
|
}
|
||
|
|
}
|
||
|
|
|
||
|
|
public string MeshPassword
|
||
|
|
{
|
||
|
|
get
|
||
|
|
{
|
||
|
|
return this.meshPassword;
|
||
|
|
}
|
||
|
|
set
|
||
|
|
{
|
||
|
|
ThrowIfImmutable();
|
||
|
|
this.meshPassword = value;
|
||
|
|
}
|
||
|
|
}
|
||
|
|
|
||
|
|
public X509PeerCertificateAuthentication PeerAuthentication
|
||
|
|
{
|
||
|
|
get
|
||
|
|
{
|
||
|
|
return this.peerAuthentication;
|
||
|
|
}
|
||
|
|
set
|
||
|
|
{
|
||
|
|
ThrowIfImmutable();
|
||
|
|
this.peerAuthentication = value;
|
||
|
|
}
|
||
|
|
}
|
||
|
|
|
||
|
|
public X509PeerCertificateAuthentication MessageSenderAuthentication
|
||
|
|
{
|
||
|
|
get
|
||
|
|
{
|
||
|
|
return this.messageSenderAuthentication;
|
||
|
|
}
|
||
|
|
set
|
||
|
|
{
|
||
|
|
ThrowIfImmutable();
|
||
|
|
this.messageSenderAuthentication = value;
|
||
|
|
}
|
||
|
|
}
|
||
|
|
|
||
|
|
public void SetCertificate(string subjectName, StoreLocation storeLocation, StoreName storeName)
|
||
|
|
{
|
||
|
|
if (subjectName == null)
|
||
|
|
{
|
||
|
|
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("subjectName");
|
||
|
|
}
|
||
|
|
this.SetCertificate(storeLocation, storeName, DefaultFindType, subjectName);
|
||
|
|
}
|
||
|
|
|
||
|
|
public void SetCertificate(StoreLocation storeLocation, StoreName storeName, X509FindType findType, object findValue)
|
||
|
|
{
|
||
|
|
if (findValue == null)
|
||
|
|
{
|
||
|
|
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("findValue");
|
||
|
|
}
|
||
|
|
ThrowIfImmutable();
|
||
|
|
this.certificate = SecurityUtils.GetCertificateFromStore(storeName, storeLocation, findType, findValue, null);
|
||
|
|
}
|
||
|
|
|
||
|
|
internal void MakeReadOnly()
|
||
|
|
{
|
||
|
|
this.isReadOnly = true;
|
||
|
|
this.peerAuthentication.MakeReadOnly();
|
||
|
|
this.messageSenderAuthentication.MakeReadOnly();
|
||
|
|
}
|
||
|
|
|
||
|
|
void ThrowIfImmutable()
|
||
|
|
{
|
||
|
|
if (this.isReadOnly)
|
||
|
|
{
|
||
|
|
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new InvalidOperationException(SR.GetString(SR.ObjectIsReadOnly)));
|
||
|
|
}
|
||
|
|
}
|
||
|
|
|
||
|
|
bool SameAuthenticators(X509PeerCertificateAuthentication one, X509PeerCertificateAuthentication two)
|
||
|
|
{
|
||
|
|
if (one.CertificateValidationMode != two.CertificateValidationMode)
|
||
|
|
return false;
|
||
|
|
if (one.CertificateValidationMode != X509CertificateValidationMode.Custom)
|
||
|
|
{
|
||
|
|
return (one.GetType().Equals(two.GetType()));
|
||
|
|
}
|
||
|
|
else
|
||
|
|
{
|
||
|
|
System.IdentityModel.Selectors.X509CertificateValidator first = null, second = null;
|
||
|
|
one.TryGetCertificateValidator(out first);
|
||
|
|
two.TryGetCertificateValidator(out second);
|
||
|
|
return (first != null && second != null && first.Equals(second));
|
||
|
|
}
|
||
|
|
}
|
||
|
|
|
||
|
|
internal bool Equals(PeerCredential that, PeerAuthenticationMode mode, bool messageAuthentication)
|
||
|
|
{
|
||
|
|
if (messageAuthentication)
|
||
|
|
{
|
||
|
|
if (!SameAuthenticators(this.MessageSenderAuthentication, that.messageSenderAuthentication))
|
||
|
|
return false;
|
||
|
|
if (this.Certificate != null && that.Certificate != null && !this.Certificate.Equals(that.Certificate))
|
||
|
|
return false;
|
||
|
|
}
|
||
|
|
switch (mode)
|
||
|
|
{
|
||
|
|
case PeerAuthenticationMode.None:
|
||
|
|
return true;
|
||
|
|
case PeerAuthenticationMode.Password:
|
||
|
|
if (!this.MeshPassword.Equals(that.MeshPassword))
|
||
|
|
return false;
|
||
|
|
if (this.Certificate == null && that.Certificate == null)
|
||
|
|
return true;
|
||
|
|
if ((this.Certificate == null) || !this.Certificate.Equals(that.Certificate))
|
||
|
|
return false;
|
||
|
|
break;
|
||
|
|
case PeerAuthenticationMode.MutualCertificate:
|
||
|
|
if (!this.Certificate.Equals(that.Certificate))
|
||
|
|
return false;
|
||
|
|
if (!SameAuthenticators(this.PeerAuthentication, that.PeerAuthentication))
|
||
|
|
return false;
|
||
|
|
break;
|
||
|
|
}
|
||
|
|
return true;
|
||
|
|
}
|
||
|
|
}
|
||
|
|
}
|