x509

I'm working on a project where I need the following. WCF service on the server side (.NET 3.5) WPF client for the client side (.NET 3.0) I have an existing application that I have to use the authentication and authorization from (on the server side). I also need to store some metadata about the user in the WCF Service's Thread Principal (a site object). I do this so that I can get at it in the WCF service if I absolutely have to; some business logic may require it. So my plan was to do the following... Create a custom ServiceAuthorizationManager for the server and in there I will log in the

I would like to write a JAX-WS web service that signs my SOAP messages using the http://www.w3.org/TR/xmldsig-core/ recommendation. With what I found on the internet I wrote a JAX-WS handler ( SOAPHandler<SOAPMessageContext> ) that manages to change a copy of the SOAP request: @Override public boolean handleMessage(SOAPMessageContext smc) { Boolean outboundProperty = (Boolean) smc.get(MessageContext.MESSAGE_OUTBOUND_PROPERTY); SOAPMessage message = smc.getMessage(); if (outboundProperty) { try { SOAPPart soapPart = message.getSOAPPart(); SOAPEnvelope soapEnvelope = soapPart.getEnvelope();

Let's say I have three certificates (in Base64 format) Root | --- CA | --- Cert (client/signing/whatever) How can I validate the certs and certificate path/chain in C#? (All those three certs may not be in my computer cert store) Edit : BouncyCastle has the function to verify. But I'm trying not to use any third-party library. byte[] b1 = Convert.FromBase64String(x509Str1); byte[] b2 = Convert.FromBase64String(x509Str2); X509Certificate cer1 = new X509CertificateParser().ReadCertificate(b1); X509Certificate cer2 = new X509CertificateParser().ReadCertificate(b2); cer1.Verify(cer2.GetPublicKey()

through the bouncycastle wiki page I was able to understand how to create a X.509 root certificate and a certification request, but I do not quite understand how to proceed concept- and programming wise after that. Lets assume party A does a cert request and gets his client certificate from the CA. How can some party B validate A's certificate? What kind of certificate does A need? A root certificate? A 'normal' client certificate? And how does the validation work on programming level, if we assume that A has successfully send his certificate in DER or PEM format to B? Any help is much

We're trying to implement some functionality of a Web-Service from one of our partners. Now, the content which is beeing transmitted, should be encrypted with a public key, which we have to provide. The security-specification says that the public-certificate has to be X.509 standard. Doesn't X.509 rely on the private / public key method? Because I only get one .pem file, containing a private key, and a certificate, but no public key, using the following command: openssl req -new -x509 -days 365 -nodes -out ./cert.pem -keyout ./cert.pem Do I have to modify the command in order to create a

According to the X.509, a certificate has an attribute subject. C=US, ST=Maryland, L=Pasadena, O=Brent Baccala, OU=FreeSoft, CN=www.freesoft.org/emailAddress=baccala@freesoft.org This is the typical subject value. The question is what are the types(or tags) of those attributes(C, ST, L, O, OU, CN) and what is their format? Mathias Brossard IETF PKIX (latest version RFC 5280 ) is a well accepted profile for certificates. From section 4.1.2.4, the following fields must be supported (I've added between parenthesis is the OpenSSL long and optional short name): country (countryName, C),