ericlaw1979/FiddlerClientCertPicker.cs

## FiddlerClientCertPicker.cs
using System;
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;
using Fiddler;

[assembly: Fiddler.RequiredVersion("2.5.0.0")]
namespace ClientCertPicker
{
    public class ClientCertPicker: IFiddlerExtension
    {
        private X509Certificate ProvideCertificate(
            object sender,              // <------------ This points to the Session
            string targetHost,          // <------------ Target hostname
            X509CertificateCollection localCertificates, // <------------ Local certificates we made available via oSession["https-Client-Certificate"]
            X509Certificate remoteCertificate,           // <------------ Remote site's certificate
            string[] acceptableIssuers)
        {
            X509Store store = new X509Store("My", StoreLocation.CurrentUser);
            store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);

            X509Certificate2Collection oAllCerts = (X509Certificate2Collection)store.Certificates;

            X509Certificate2Collection oFilteredCerts = (X509Certificate2Collection)oAllCerts.Find(X509FindType.FindByTimeValid, DateTime.Now, false);
            X509Certificate2Collection oClientCerts = new X509Certificate2Collection();

            foreach (X509Certificate2 oCandidate in oFilteredCerts)
            {
                if (!oCandidate.HasPrivateKey || (null == oCandidate.Extensions))
                {
                    continue;
                }
                foreach (X509Extension oCE in oCandidate.Extensions)
                {
                    if (oCE.Oid.Value == "2.5.29.37" /* aka "Enhanced Key Usage" */)
                    {
                        if (HasClientAuthenticationFlag(oCandidate, oCE))
                        {
                            oClientCerts.Add(oCandidate);
                            continue;
                        }
                    }
                }
            }
            X509Certificate2Collection oPickedCerts = X509Certificate2UI.SelectFromCollection(oClientCerts,
                "Client Certificate", String.Format("Select a certificate to send to '{0}'", targetHost), X509SelectionFlag.SingleSelection);

            if ((oPickedCerts != null) && (oPickedCerts.Count > 0))
            {
                return oPickedCerts[0];
            }
            return null;
        }

        private static bool HasClientAuthenticationFlag(X509Certificate2 oCandidate, X509Extension oCE)
        {
            X509EnhancedKeyUsageExtension ext = (X509EnhancedKeyUsageExtension)oCE;
            OidCollection oids = ext.EnhancedKeyUsages;
            foreach (Oid oid in oids)
            {
                if (oid.Value == "1.3.6.1.5.5.7.3.2" /* aka "Client Authentication" */)
                {
                    return true;
                }
            }
            return false;
        }

        public void OnBeforeUnload() {}

        public void OnLoad()
        {
            FiddlerApplication.ClientCertificateProvider = new System.Net.Security.LocalCertificateSelectionCallback(ProvideCertificate);
            FiddlerApplication.Log.LogString("Overriding Client Certificate Selection");
        }
    }
}
	using System;
	using System.Security.Cryptography;
	using System.Security.Cryptography.X509Certificates;
	using Fiddler;

	[assembly: Fiddler.RequiredVersion("2.5.0.0")]
	namespace ClientCertPicker
	{
	public class ClientCertPicker: IFiddlerExtension
	{
	private X509Certificate ProvideCertificate(
	object sender, // <------------ This points to the Session
	string targetHost, // <------------ Target hostname
	X509CertificateCollection localCertificates, // <------------ Local certificates we made available via oSession["https-Client-Certificate"]
	X509Certificate remoteCertificate, // <------------ Remote site's certificate
	string[] acceptableIssuers)
	{
	X509Store store = new X509Store("My", StoreLocation.CurrentUser);
	store.Open(OpenFlags.ReadOnly \| OpenFlags.OpenExistingOnly);

	X509Certificate2Collection oAllCerts = (X509Certificate2Collection)store.Certificates;

	X509Certificate2Collection oFilteredCerts = (X509Certificate2Collection)oAllCerts.Find(X509FindType.FindByTimeValid, DateTime.Now, false);
	X509Certificate2Collection oClientCerts = new X509Certificate2Collection();

	foreach (X509Certificate2 oCandidate in oFilteredCerts)
	{
	if (!oCandidate.HasPrivateKey \|\| (null == oCandidate.Extensions))
	{
	continue;
	}
	foreach (X509Extension oCE in oCandidate.Extensions)
	{
	if (oCE.Oid.Value == "2.5.29.37" /* aka "Enhanced Key Usage" */)
	{
	if (HasClientAuthenticationFlag(oCandidate, oCE))
	{
	oClientCerts.Add(oCandidate);
	continue;
	}
	}
	}
	}
	X509Certificate2Collection oPickedCerts = X509Certificate2UI.SelectFromCollection(oClientCerts,
	"Client Certificate", String.Format("Select a certificate to send to '{0}'", targetHost), X509SelectionFlag.SingleSelection);

	if ((oPickedCerts != null) && (oPickedCerts.Count > 0))
	{
	return oPickedCerts[0];
	}
	return null;
	}

	private static bool HasClientAuthenticationFlag(X509Certificate2 oCandidate, X509Extension oCE)
	{
	X509EnhancedKeyUsageExtension ext = (X509EnhancedKeyUsageExtension)oCE;
	OidCollection oids = ext.EnhancedKeyUsages;
	foreach (Oid oid in oids)
	{
	if (oid.Value == "1.3.6.1.5.5.7.3.2" /* aka "Client Authentication" */)
	{
	return true;
	}
	}
	return false;
	}

	public void OnBeforeUnload() {}

	public void OnLoad()
	{
	FiddlerApplication.ClientCertificateProvider = new System.Net.Security.LocalCertificateSelectionCallback(ProvideCertificate);
	FiddlerApplication.Log.LogString("Overriding Client Certificate Selection");
	}
	}
	}