//submit the request that created in the createCertifcate to the CA
public int SubmitRequest(string certrequest, string hostname)
{
CCertConfig objCertConfig = new CCertConfig();
CCertRequest objCertRequest = new CCertRequest();
// CCertAdmin objCertAdmin = new CCertAdmin();
string strCAConfig;
int iDisposition;
int requestID;
string errorStatus;
try
{
strCAConfig = objCertConfig.GetConfig(CC_DEFAULTCONFIG); //connect to the ca
iDisposition = objCertRequest.Submit(CR_IN_BASE64, certrequest, null, strCAConfig); //submit the certiface request to the ca
requestID = objCertRequest.GetRequestId(); //get the requestid that was created -the certifacte is in pending status
Database db = new Database();
db.InsertToCertificateTable(hostname, iDisposition, requestID); //insert first certificate information
// objCertAdmin.ResubmitRequest(strCAConfig, requestID);
return(requestID); //return the reqid that was created for the certificate request in the pending queue
}
catch (Exception ex)
{
errorStatus = ex.Message;
Database db = new Database();
db.InsertToErrorMessageTable(hostname, 0, ex.Message, "SubmitRequest");//insert Error Message into The Error Table Log In The DataBase
return(0);
}
}
public string SendRequestToCA(string certRequest)
{
// Create objects
var certConfig = new CCertConfig();
var objCertRequest = new CCertRequest();
var caConfig = certConfig.GetConfig(CC_DEFAULTCONFIG);
// Submit the request
var iDisposition = objCertRequest.Submit(
CR_IN_BASE64 | CR_IN_FORMATANY,
certRequest,
null,
caConfig
);
// Check the submission status
if (CR_DISP_ISSUED != iDisposition) // Not enrolled
{
var strDis = objCertRequest.GetDispositionMessage();
Console.WriteLine(strDis);
}
// Get the certificate
var strCert = objCertRequest.GetCertificate(CR_OUT_BASE64 | CR_OUT_CHAIN);
return(strCert);
}
//get the certifacte status from the ca
public int retrieveStatus(int requestID, string hostname)
{
int iDisposition;
string strCAConfig;
CCertConfig objCertConfig = new CCertConfig();
CCertRequest objCertRequest = new CCertRequest();
try
{
SqlLite sql = new SqlLite();
/*Cheking if host name and req is belong to each other*/
if (sql.checkHostnameWithreqID(requestID, hostname))
{
return(-6);
}
if (sql.checkcertFlag(requestID)) //checking if the client allreay consumed the certificate
{
return(-3);
}
strCAConfig = objCertConfig.GetConfig(CC_DEFAULTCONFIG); //connect to the ca
iDisposition = objCertRequest.RetrievePending(requestID, strCAConfig); //retrive the certifcate status from the ca
sql.updateTable(iDisposition, requestID); //updat certificate table with more information about the cert
return(iDisposition); //return cert status
}
catch (Exception ex)
{
Console.Write(ex.Message);
return(-2);
}
}
static int Main(string[] args)
{
string caConfig;
int reason;
string serial;
if (args.Length == 1)
{
CCertConfig objCertConfig = new CCertConfig();
caConfig = objCertConfig.GetConfig(CC_UIPICKCONFIG);
reason = (int)RevokeReason.CRL_REASON_CESSATION_OF_OPERATION;
serial = args[0];
}
else if (args.Length == 3)
{
caConfig = args[0];
reason = int.Parse(args[1]);
serial = args[2];
}
else
{
Console.WriteLine("Usage: RevokeCert.exe [SerialNumber]");
Console.WriteLine("Usage: RevokeCert.exe [CAConfig] [Reason] [SerialNumber]");
return(2);
}
CCertAdmin admin = null;
try
{
admin = new CCertAdmin();
admin.RevokeCertificate(caConfig, serial, reason, DateTime.Now);
return(0);
}
catch (Exception ex)
{
Console.Error.WriteLine(ex.Message);
return(1);
}
finally
{
if (admin != null)
{
Marshal.FinalReleaseComObject(admin);
}
}
}
//rennew certficiate that expired
public int RenewCert(string Cert, int reqid)
{
int iDisposition;
string CertifcateStr;
string status;
string HostName;
CX509CertificateRequestPkcs10 objPkcs10 = new CX509CertificateRequestPkcs10();
CX509Enrollment objEnroll = new CX509Enrollment();
CCertConfig objCertConfig = new CCertConfig();
CX500DistinguishedName objDN = new CX500DistinguishedName();
CCertAdmin objCertAdmin = new CCertAdmin();
string strCAConfig;
var inheritOptions = X509RequestInheritOptions.InheritPrivateKey | X509RequestInheritOptions.InheritSubjectFlag | X509RequestInheritOptions.InheritExtensionsFlag | X509RequestInheritOptions.InheritSubjectAltNameFlag;
try
{
strCAConfig = objCertConfig.GetConfig(CC_DEFAULTCONFIG); //connect to the ca
InstallCert(Cert);
objPkcs10.InitializeFromCertificate(X509CertificateEnrollmentContext.ContextUser, Cert, EncodingType.XCN_CRYPT_STRING_BASE64HEADER, inheritOptions); //create new cert request from exists expired cert
objDN = objPkcs10.Subject; //getting old cert subject (hostname)
HostName = objDN.Name.ToString().Substring(3);
objEnroll.InitializeFromRequest(objPkcs10); //create enroll rquest
CertifcateStr = objEnroll.CreateRequest(EncodingType.XCN_CRYPT_STRING_BASE64); //crearte new cert request
Database db = new Database();
var cert = db.ReturnCertificateInformation(HostName);
db.DeleteCertificateRecordFromDb(reqid);
// revokeCert(cert.serialnumber);
iDisposition = SubmitRequest(CertifcateStr, HostName); //submit cert to the ca
objCertAdmin.ResubmitRequest(strCAConfig, iDisposition); //issue the Certificate
if (iDisposition > 0) //if cert was created delete the old cert from the table
{
DeleteCertificateFromStore(objDN.Name.ToString());
return(iDisposition);
}
return(0);
}
catch (Exception ex)
{
status = ex.Message;
Database db = new Database();
db.InsertToErrorMessageTable("", reqid, ex.Message, "RenewCert");//insert Error Message into The Error Table Log In The DataBase
return(1);
}
}
/*Revock Certificate */
public int revokeCert(string serialNumber)
{
CCertConfig objCertConfig = new CCertConfig();
CCertAdmin objCertAdmin = new CCertAdmin();
try
{
string strCAConfig = objCertConfig.GetConfig(CC_DEFAULTCONFIG);//connect to the ca
objCertAdmin.RevokeCertificate(strCAConfig, serialNumber, 0, DateTime.Now);
return(0);
}
catch (Exception ex)
{
Console.Write(ex.Message);
return(1);
}
}
/*Revock Certificate */
public int RevokeCertificate(string serialNumber)
{
CCertConfig objCertConfig = new CCertConfig();
CCertAdmin objCertAdmin = new CCertAdmin();
try
{
string strCAConfig = objCertConfig.GetConfig(CC_DEFAULTCONFIG);//connect to the ca
objCertAdmin.RevokeCertificate(strCAConfig, serialNumber, 0, DateTime.Now);
return(0);
}
catch (Exception ex)
{
Database db = new Database();
db.InsertToErrorMessageTable("", 0, ex.Message, "RevokeCertificate");//insert Error Message into The Error Table Log In The DataBase
return(1);
}
}
private void llBrowseCA_LinkClicked(object sender, LinkLabelLinkClickedEventArgs e)
{
try
{
CCertConfig objCertConfig = new CCertConfig();
string config = objCertConfig.GetConfig(CC_UIPICKCONFIG);
if (!string.IsNullOrEmpty(config))
{
txtCSREndpoint.Text = config;
txtCSREndpoint.BackColor = Color.White;
}
}
catch (Exception)
{
}
}
/// <summary>
/// Enumerates registered Enterprise Certification Authorities from the current Active Directory forest.
/// </summary>
/// <param name="findType">Specifies CA object search type. The search type can be either: <strong>Name</strong>
/// or <strong>Server</strong>.</param>
/// <param name="findValue">Specifies search pattern for a type specifed in <strong>findType</strong> argument.
/// Wildcard characters: * and ? are accepted.</param>
/// <returns>Enterprise Certification Authority collection.</returns>
public static CertificateAuthority[] EnumEnterpriseCAs(String findType, String findValue)
{
if (!DsUtils.Ping())
{
throw new Exception("Non-domain environments are not supported.");
}
List <CertificateAuthority> CAs = new List <CertificateAuthority>();
CCertConfig certConfig = new CCertConfig();
while (certConfig.Next() >= 0)
{
Int32 flags = Convert.ToInt32(certConfig.GetField("Flags"));
if ((flags & 1) == 0)
{
continue;
}
Wildcard wildcard = new Wildcard(findValue, RegexOptions.IgnoreCase);
switch (findType.ToLower())
{
case "name":
if (!wildcard.IsMatch(certConfig.GetField("CommonName")))
{
continue;
}
break;
case "server":
if (!wildcard.IsMatch(certConfig.GetField("Server")))
{
continue;
}
break;
default:
throw new ArgumentException("The value for 'findType' must be either 'Name' or 'Server'.");
}
CAs.Add(new CertificateAuthority(certConfig.GetField("Server"), certConfig.GetField("SanitizedName")));
}
CryptographyUtils.ReleaseCom(certConfig);
return(CAs.ToArray());
}
//get the issue Certificate from the ca
public string GetCertificate(int requestID)
{
int iDisposition;
int status = 0;
string strCAConfig;
string pstrCertificate;
Database db = new Database();
pstrCertificate = null;
CCertConfig objCertConfig = new CCertConfig();
CCertRequest objCertRequest = new CCertRequest();
try
{
strCAConfig = objCertConfig.GetConfig(CC_DEFAULTCONFIG); //connect to the ca
iDisposition = objCertRequest.RetrievePending(requestID, strCAConfig); //getting certificate stauts must before getting the cert
pstrCertificate = objCertRequest.GetCertificate(CR_OUT_BASE64); //retrive the Certificate
status = db.UpdateCertificateInfo(pstrCertificate, requestID); //update cert with more information
if (status == 0)
{
Certificate cert = new Certificate {
CertValue = pstrCertificate
}; //creatre cert with JSON type
string certJson = Newtonsoft.Json.JsonConvert.SerializeObject(cert); //creatre cert with JSON type
return(certJson); //return certificate
}
else
{
return("error Update Certificate Table");
}
}
catch (Exception ex)
{
db.InsertToErrorMessageTable("", requestID, ex.Message, "GetCertificate");//insert Error Message into The Error Table Log In The DataBase
return("error" + ex.Message);
}
}
//get the certifacte status from the ca
public int RetrieveRequestStatus(int requestID, string hostname)
{
int iDisposition;
string strCAConfig;
CCertConfig objCertConfig = new CCertConfig();
CCertRequest objCertRequest = new CCertRequest();
try
{
Database db = new Database();
/*Cheking if host name and req is belong to each other*/
if (db.CheckIfReqIDBelongToHost(requestID, hostname))
{
return(-6);
}
if (db.CheckIfCertificateConsumed(requestID)) //checking if the client allreay consumed the certificate
{
return(-3);
}
strCAConfig = objCertConfig.GetConfig(CC_DEFAULTCONFIG); //connect to the ca
iDisposition = objCertRequest.RetrievePending(requestID, strCAConfig); //retrive the certifcate status from the ca
db.UpdateUnlockFlagAndStatus(iDisposition, requestID); //updat certificate table with more information about the cert
return(iDisposition); //return cert status
}
catch (Exception ex)
{
Database db = new Database();
db.InsertToErrorMessageTable(hostname, requestID, ex.Message, "RetrieveRequestStatus");//insert Error Message into The Error Table Log In The DataBase
return(-2);
}
}
static void Main(string[] args)
{
if (args.Length != 5)
{
Console.WriteLine("Usage: Signer.exe [EnrollmentCertificateThumbprint] [BehalfOfUser] [PathToCSR] [OutputFileName] [CertificateTemplate]");
return;
}
string argsKey = args[0];
string argsUser = args[1];
string argsCsr = args[2];
string argsCrt = args[3];
string argsCrtTmpl = args[4];
string csr = string.Join("\n", File.ReadAllLines(argsCsr).Where(s => s.Length > 0 && !s.StartsWith("--")));
// Create a PKCS 10 inner request.
CX509CertificateRequestPkcs10 pkcs10Req = new CX509CertificateRequestPkcs10();
pkcs10Req.InitializeDecode(csr);
// Create a CMC outer request and initialize
CX509CertificateRequestCmc cmcReq = new CX509CertificateRequestCmc();
cmcReq.InitializeFromInnerRequestTemplateName(pkcs10Req, argsCrtTmpl);
cmcReq.RequesterName = argsUser;
CSignerCertificate signer = new CSignerCertificate();
signer.Initialize(false, X509PrivateKeyVerify.VerifyNone, (EncodingType)0xc, argsKey);
cmcReq.SignerCertificate = signer;
// encode the request
cmcReq.Encode();
string strRequest = cmcReq.RawData[EncodingType.XCN_CRYPT_STRING_BASE64];
CCertConfig objCertConfig = new CCertConfig();
CCertRequest objCertRequest = new CCertRequest();
// Get CA config from UI
string strCAConfig = objCertConfig.GetConfig(CC_UIPICKCONFIG);
// Submit the request
int iDisposition = objCertRequest.Submit(CR_IN_BASE64 | CR_IN_FORMATANY, strRequest, null, strCAConfig);
// Check the submission status
if (CR_DISP_ISSUED != iDisposition) // Not enrolled
{
string strDisposition = objCertRequest.GetDispositionMessage();
if (CR_DISP_UNDER_SUBMISSION == iDisposition)
{
Console.WriteLine("The submission is pending: " + strDisposition);
return;
}
Console.WriteLine("The submission failed: " + strDisposition);
Console.WriteLine("Last status: " + objCertRequest.GetLastStatus());
return;
}
// Get the certificate
string strCert = objCertRequest.GetCertificate(CR_OUT_BASE64);
File.WriteAllText(argsCrt, "-----BEGIN CERTIFICATE-----\n" + strCert + "-----END CERTIFICATE-----\n");
}
public string SelectCA()
{
var certConfig = new CCertConfig();
var certRequest = new CCertRequest();
try
{
// Get CA config from UI
var caConfig = certConfig.GetConfig((int)CertificateConfiguration.CC_UIPICKCONFIG);
if (string.IsNullOrWhiteSpace(caConfig))
{
return(null);
}
// Get CA Connection string
var ca = certConfig.GetField("Config");
// Get CA Type
var caType = certRequest.GetCAProperty(caConfig, 10, 0, 1, 0).ToString();
var caTypeText = "";
switch (caType)
{
case "0":
caTypeText = "ENTERPRISE ROOT CA";
break;
case "1":
caTypeText = "ENTERPRISE SUB CA";
break;
case "3":
caTypeText = "STANDALONE ROOT CA";
break;
case "4":
caTypeText = "STANDALONE SUB CA";
break;
}
return(ca);
}
catch (Exception ex)
{
string error = null;
if (ex.HResult.ToString() == "-2147023673")
{
error = "Closed By user";
}
else if (ex.HResult.ToString() == "-2147024637")
{
error = "Can't find available Servers";
}
else
{
error = ex.Message + " " + ex.HResult;
}
throw new Exception(error, ex);
}
}
