relax! it’s just 0s and 1s

May 20 2008

X509Certificate properties

Published by Raja Nadar under WSE, c#, security

as part of some WSE implementation, I had a small utility to read the details of a X509 Certificate. especially the SKID (Subject Key Identifier), of the certificate. actually, WSE comes with a certificate reader tool, which reads the SKID of the certificate.

however, i had 2 issues, using this tool:

i needed to read the properties from a file, which was the X509 certificate, instead of reading it from the certificate stores.
i also needed a string representation of the certificate to be stored in the database. (i like the idea of a database oriented certificate management)

In order to read the X509Certificate properties, there are 2 namespaces available.

using Microsoft.Web.Services2.Security.X509;
using System.Security.Cryptography.X509Certificates;

however, of the 2 namespaces, the Microsoft.Web.Services2.Security.X509 seems to give the Subject Key Identifier of the certificate. it makes all the more sense to use this namespace, when you are working with WSE enabled web services.

the code snippet to read the certificate properties: (certificate is assumed to be in a file location)

using (FileStream stream = new FileStream(certificateFilePath, FileMode.Open))
{
    byte[] blob = new byte[(int)stream.Length];
    stream.Read(blob, 0, (int)stream.Length);
 
    using (X509Certificate cert = new X509Certificate(blob))
    {
        this.textBoxBlob.Text = Convert.ToBase64String(blob);
        this.textBoxSubject.Text = cert.Subject;
        this.textBoxTokenIssuer.Text = cert.Issuer;
        this.textBoxSKID.Text = Convert.ToBase64String(cert.GetKeyIdentifier());
        this.textBoxExpiry.Text = cert.GetExpirationDateString();
    }
}

Notes:

You can get the WSE DLL from here.
the X509Certificate belongs to the Microsoft.Web.Services2.Security.X509 namespace.
Convert.ToBase64String(blob) is very useful if you want to store the certificate in a database field. it is one of the ways to eliminate certificate management, for your application.
The Subject Key Identifier is what uniquely identifies your certificate. when WSE is used in a declarative manner, typically the SKID, Subject and Token Issuer are used in the configuration files.

there’s a solution to every problem; given enough time and money..

No responses yet

antiques
- February 2009 (1)
- December 2008 (1)
- July 2008 (1)
- June 2008 (5)
- May 2008 (10)
recent scribblings
tags
ado.net entity alphanumeric app.config attributes certificate closes compiled query config files css delegates dlinq general html ikvm incremental key l2s linq lucene multiple result sets pdf pdfbox plead reflector resx scan skid sql subject key identifier test case testing testrunconfig twain unique unit validation vs 2008 vsmdi vsts wcf web.config wia windows image acquisition WSE x509
chronicles

March 2010

M T W T F S S

« Feb

1 2 3 4 5 6 7

8 9 10 11 12 13 14

15 16 17 18 19 20 21

22 23 24 25 26 27 28

29 30 31
search
categories
- .net (7)
- .net 3.5 (1)
- ADO.NET (1)
- bugs (1)
- c# (7)
- c# 3.0 (2)
- css (1)
- enterprise library (1)
- fun (1)
- general (1)
- ikvm (1)
- linq (3)
- mysql (1)
- pdfbox (1)
- reflector (1)
- security (2)
- software engineering (1)
- sql 2005 (1)
- syndication (1)
- unit testing (2)
- validation (1)
- vs 2008 (1)
- wcf (1)
- wia (1)
- WSE (1)
blog - just like that!
google ads

March 2010
M	T	W	T	F	S	S
« Feb
1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28
29	30	31

relax! it’s just 0s and 1s

life’s good when you relax a BIT

X509Certificate properties

antiques

recent scribblings

tags

chronicles

search

categories

blog - just like that!

google ads