Last active
December 25, 2015 17:19
-
-
Save MarkRobertJohnson/7012670 to your computer and use it in GitHub Desktop.
Extract certificate from WCF secure envelope
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
var ms = new MemoryStream(secureEnvelopeBytes); | |
var xRdr = new XmlTextReader(ms); | |
var message = Message.CreateMessage(xRdr, int.MaxValue, MessageVersion.Soap12); | |
var securityHeader = message.Headers.FirstOrDefault(x => x.Name == "Security"); | |
if (securityHeader != null) | |
{ | |
var securityElement = XElement.Parse(securityHeader.ToString()); | |
var binarySecurityToken = securityElement.Descendants( | |
XName.Get("BinarySecurityToken", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd")).Single(); | |
var certBytes = Convert.FromBase64String(binarySecurityToken.Value); | |
var cert = new X509Certificate2(certBytes); | |
if (cert != null) | |
{ | |
var certChain = new X509Chain(); | |
certChain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck; | |
var result = certChain.Build(cert); | |
var lastCertInChain = certChain.ChainElements.Cast<X509ChainElement>().LastOrDefault(); | |
return CreateSingleRemoverWithSubjectIssuedBy(cert.Subject, lastCertInChain.Certificate.Thumbprint, maxPayloadSize); | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment