How to authentificate with certificates

[ludger]

Hello!

I'm trying to build a .NET client, which authentificates with a certificate, as the UaExpert does. However, I cant find any code sample or documentation about reading a ICertificate from file. I've found the C++ code sample:

http://forum.unified-automation.com/topic323.html

Thanks a lot in advance,
Michael

[Support Team]

Hello Michael,

- You can configure the location of an existing application vertificate in the application settings. Please see the ApplicationCertificate section in app.config.
- You can load a Certificate from file using the constructors of the Certificate class.
- You can create a new certificate using the CertificateFactory class.

Best regards
Support Team

[ludger]

Hello,

thanks for answering! I'm interested in the 2nd option ("You can load a Certificate from file using the constructors of the Certificate class.") -- however, I'm not able to find a Certificate class. In your libraries, I can see the ICertificate and the CertificateStore, CertifcateFactory; in the Microsoft libs I see the X509Certificate. However, nothing allows me for reading a certificate from file.

Thanks in advance,
Michael

[Support Team]

Hello Michael,

We are very sorry. The Certificate class is marked as "internal", so you cannot use it.
But you can use SecurityUtils.LoadCertificate(byte[] bytes) instead.

Best regards
Support Team

[ludger]

Hello guys,

thanks a lot: this was the enabler for me to proceed. Somehow, I wasn't able to find it by myself.

Finally, I was able to setup a certificated session. I'd like to share the code with you:

Code: Select all

// Create a session
m_session = new Session(m_application);

if (true)
{
	// get the public certificate
	var publicFn = @"C:\Documents and Settings\miho\Application Data\unifiedautomation\uaexpert\PKI\CA\certs\uaexpert.der";
	var publicBytes = System.IO.File.ReadAllBytes(publicFn);
	var cert = SecurityUtils.LoadCertificate(publicBytes);

	// attach private key
	var privateFn = @"C:\Documents and Settings\miho\Application Data\unifiedautomation\uaexpert\PKI\CA\private\uaexpert_key.pem";
	var privateString = System.IO.File.ReadAllText(privateFn);
	var privateBytes = JavaScience.opensslkey.DecodeOpenSSLPrivateKey(privateString);
	System.Security.Cryptography.RSACryptoServiceProvider privateProv = JavaScience.opensslkey.DecodeRSAPrivateKey(privateBytes);
	cert.InternalCertificate.PrivateKey = privateProv;

	// add to session
	m_session.UserIdentity = new UserIdentity() { 
		IdentityType = UserIdentityType.Certificate, 
		Certificate = cert                        
	};
}

[..]

m_session.Connect(chosenEndpoint, m_session.DefaultRequestSettings);

For decoding the .PEM key I was using the .NET helper code here, which I simply turned into one class: http://www.jensign.com/opensslkey/index.html

Again, thanks,
Michael

[bradleyward]

Thank you, Michael, for posting your solution and code snippet. I'm not faced with this particular problem, but want to commend you for being a good online citizen!