1

我想知道,有没有办法找到 WCF 服务证书,使用.config文件中的几个搜索条件?

例如,如果我想按主题名称查找证书,那么我的配置将包含以下几行:

        <serviceCertificate findValue="host.domain.com"
                            storeLocation="LocalMachine"
                            storeName="My"
                            x509FindType="FindBySubjectName"/>

如果我想按主题名称和应用程序策略查找证书,我应该在配置文件中添加什么?

我知道,该X509Certificate2Collection课程允许这样做: 

            return store
                .Certificates
                .Find(X509FindType.FindByApplicationPolicy, "1.3.6.1.5.5.7.3.1", false)
                .Find(X509FindType.FindBySubjectName, "host.domain.com", false)
                .Cast<X509Certificate2>()
                .SingleOrDefault();

那么.config-files呢?

4

1 回答 1

2

编写一个自定义服务行为,您将能够从配置中提供您的应用程序策略和主题名称,在证书存储中连续执行两次查找。

public class ServerCertificateServiceBehavior : IServiceBehavior
{
    private X509Certificate2 certificate;

    public ServerCertificateServiceBehavior(StoreName storeName, StoreLocation storeLocation, string subjectName, string applicationPolicy)
    {
        X509Store store = new X509Store(storeName, storeLocation);
        store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);

        certificate = store
            .Certificates
            .Find(X509FindType.FindByApplicationPolicy, applicationPolicy, false)
            .Find(X509FindType.FindBySubjectName, subjectName, false)
            .Cast<X509Certificate2>()
            .SingleOrDefault();
    }

    public void AddBindingParameters(ServiceDescription serviceDescription, ServiceHostBase serviceHostBase, Collection<ServiceEndpoint> endpoints, BindingParameterCollection bindingParameters)
    {
        serviceHostBase.Credentials.ServiceCertificate.Certificate = this.certificate;
    }

    public void ApplyDispatchBehavior(ServiceDescription serviceDescription, ServiceHostBase serviceHostBase) { }
    public void Validate(ServiceDescription serviceDescription, ServiceHostBase serviceHostBase) { }
}

扩展元素:

public class ServerCertificateServiceBehaviorExtensionElement : BehaviorExtensionElement
{
    [ConfigurationProperty("applicationPolicy", IsRequired = true)]
    public string ApplicationPolicy
    {
        get
        {
            return (string)base["applicationPolicy"];
        }
        set
        {
            base["applicationPolicy"] = value;
        }
    }

    [ConfigurationProperty("subjectName", IsRequired = true)]
    public string SubjectName
    {
        get
        {
            return (string)base["subjectName"];
        }
        set
        {
            base["subjectName"] = value;
        }
    }

    [ConfigurationProperty("storeLocation", DefaultValue = 2)]
    public StoreLocation StoreLocation
    {
        get
        {
            return (StoreLocation)base["storeLocation"];
        }
        set
        {
            base["storeLocation"] = value;
        }
    }

    [ConfigurationProperty("storeName", DefaultValue = 5)]
    public StoreName StoreName
    {
        get
        {
            return (StoreName)base["storeName"];
        }
        set
        {
            base["storeName"] = value;
        }
    }

    public override Type BehaviorType
    {
        get { return typeof(ServerCertificateServiceBehavior); }
    }
    protected override object CreateBehavior()
    {
        return new ServerCertificateServiceBehavior(
                this.StoreName, 
                this.StoreLocation, 
                this.SubjectName, 
                this.ApplicationPolicy);
    }
}

配置变为:

<behaviors>
  <serviceBehaviors>
    <behavior name="YourServiceBehaviorConfiguration">
      <!-- ... -->
      <serverCertificate storeLocation="LocalMachine"
                         storeName="My"
                         subjectName="host.domain.com"
                         applicationPolicy="1.3.6.1.5.5.7.3.1" />
    </behavior>
  </serviceBehaviors>
</behaviors>
<extensions>
  <behaviorExtensions>
    <add name="serverCertificate" type="Extensions.ServerCertificateServiceBehaviorExtensionElement, Extensions, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null"/>
  </behaviorExtensions>
</extensions>
于 2012-08-24T13:00:53.350 回答