protected void InvokeServerUnavailable(ServerUnavailableException args)
{
var e = ServerUnavailable;
if (e != null)
{
e(this, new ServerUnavailableEventArgs(args));
}
}
/// <summary>
/// Updates policy module extension lists by writing them to Certification Authority.
/// </summary>
/// <param name="restart">
/// Indiciates whether to restart certificate services to immediately apply changes. Updated settings has no effect
/// until CA service is restarted.</param>
/// <exception cref="UnauthorizedAccessException">
/// If the caller do not have sufficient permissions to make changes in the CA configuration.
/// </exception>
/// <exception cref="ServerUnavailableException">
/// If the target CA server could not be contacted via remote registry and RPC protocol.
/// </exception>
/// <returns>
/// <strong>True</strong> if configuration was changed. If an object was not modified since it was instantiated, configuration is not updated
/// and the method returns <strong>False</strong>.
/// </returns>
/// <remarks>The caller must have <strong>Administrator</strong> permissions on the target CA server.</remarks>
public Boolean SetInfo(Boolean restart)
{
if (IsModified)
{
List <String> oidstrings;
if (CryptoRegistry.Ping(ComputerName))
{
String path = $@"{Name}\PolicyModules\{ActivePolicyModule}";
oidstrings = EnabledExtensionList.Select(oid => oid.Value).ToList();
CryptoRegistry.SetRReg(oidstrings, "EnableRequestExtensionList", path, ComputerName);
oidstrings.Clear();
oidstrings.AddRange(OfflineExtensionList.Select(oid => oid.Value));
CryptoRegistry.SetRReg(oidstrings, "EnableEnrolleeRequestExtensionList", path, ComputerName);
oidstrings.Clear();
oidstrings.AddRange(DisabledExtensionList.Select(oid => oid.Value));
CryptoRegistry.SetRReg(oidstrings, "DisableExtensionList", path, ComputerName);
oidstrings.Clear();
if (restart)
{
CertificateAuthority.Restart(ComputerName);
}
IsModified = false;
return(true);
}
if (CertificateAuthority.Ping(ComputerName))
{
String path = $@"PolicyModules\{ActivePolicyModule}";
oidstrings = EnabledExtensionList.Select(oid => oid.Value).ToList();
CryptoRegistry.SetRegFallback(ConfigString, path, "EnableRequestExtensionList", oidstrings.ToArray());
oidstrings.Clear();
oidstrings.AddRange(OfflineExtensionList.Select(oid => oid.Value));
CryptoRegistry.SetRegFallback(ConfigString, path, "EnableEnrolleeRequestExtensionList", oidstrings.ToArray());
oidstrings.Clear();
oidstrings.AddRange(DisabledExtensionList.Select(oid => oid.Value));
CryptoRegistry.SetRegFallback(ConfigString, path, "DisableExtensionList", oidstrings.ToArray());
oidstrings.Clear();
if (restart)
{
CertificateAuthority.Restart(ComputerName);
}
IsModified = false;
return(true);
}
ServerUnavailableException e = new ServerUnavailableException(DisplayName);
e.Data.Add(nameof(e.Source), (OfflineSource)3);
throw e;
}
return(false);
}
/// <summary>
/// Updates CA server cryptography settings by writing them to Certification Authority.
/// </summary>
/// <param name="restart">
/// Indiciates whether to restart certificate services to immediately apply changes. Updated settings has no effect
/// until CA service is restarted.
/// </param>
/// <exception cref="ServerUnavailableException">
/// The target CA server could not be contacted via remote registry and RPC protocol.
/// </exception>
/// <returns>
/// <strong>True</strong> if configuration was changed. If an object was not modified since it was instantiated, configuration is not updated
/// and the method returns <strong>False</strong>.
/// </returns>
/// <remarks>
/// The caller must have <strong>Administrator</strong> permissions on the target CA server.
/// </remarks>
public Boolean SetInfo(Boolean restart)
{
if (!IsModified)
{
return(false);
}
if (CryptoRegistry.Ping(ComputerName))
{
if (ProviderIsCNG)
{
CryptoRegistry.SetRReg(publicKeyAlgorithm.FriendlyName, "CNGPublicKeyAlgorithm", RegistryValueKind.String, Name + "\\CSP", ComputerName);
CryptoRegistry.SetRReg(hashingAlgorithm.FriendlyName, "CNGHashAlgorithm", RegistryValueKind.String, Name + "\\CSP", ComputerName);
if (alternateSignatureAlgorithm)
{
CryptoRegistry.SetRReg(1, "AlternateSignatureAlgorithm", RegistryValueKind.String, $@"{Name}\CSP", ComputerName);
}
else
{
CryptoRegistry.SetRReg(0, "AlternateSignatureAlgorithm", RegistryValueKind.DWord, $@"{Name}\CSP", ComputerName);
}
}
else
{
CryptoRegistry.SetRReg(getValueFromOid(hashingAlgorithm), "HashAlgorithm", RegistryValueKind.DWord, $@"{Name}\CSP", ComputerName);
}
}
else
{
if (CertificateAuthority.Ping(ComputerName))
{
if (ProviderIsCNG)
{
CryptoRegistry.SetRegFallback(ConfigString, "CSP", "CNGPublicKeyAlgorithm", publicKeyAlgorithm.FriendlyName);
CryptoRegistry.SetRegFallback(ConfigString, "CSP", "CNGHashAlgorithm", hashingAlgorithm.FriendlyName);
CryptoRegistry.SetRegFallback(ConfigString, "CSP", "CNGHashAlgorithm", alternateSignatureAlgorithm ? 1 : 0);
}
else
{
CryptoRegistry.SetRegFallback(ConfigString, "CSP", "HashAlgorithm", getValueFromOid(hashingAlgorithm));
}
}
else
{
ServerUnavailableException e = new ServerUnavailableException(DisplayName);
e.Data.Add(nameof(e.Source), (OfflineSource)3);
throw e;
}
}
if (restart)
{
CertificateAuthority.Restart(ComputerName);
}
IsModified = false;
return(true);
}
void m_initialize(CertificateAuthority certificateAuthority)
{
List <Oid> Oids = new List <Oid>();
Name = certificateAuthority.Name;
DisplayName = certificateAuthority.DisplayName;
ComputerName = certificateAuthority.ComputerName;
ConfigString = certificateAuthority.ConfigString;
if (CryptoRegistry.Ping(ComputerName))
{
ActivePolicyModule = (String)CryptoRegistry.GetRReg("Active", $@"{Name}\PolicyModules", ComputerName);
String[] oidstrings = (String[])CryptoRegistry.GetRReg("EnableRequestExtensionList", $@"{Name}\PolicyModules\{ActivePolicyModule}", ComputerName);
Oids.AddRange(oidstrings.Select(item => new Oid(item)));
EnabledExtensionList = Oids.ToArray();
Oids.Clear();
oidstrings = (String[])CryptoRegistry.GetRReg("EnableEnrolleeRequestExtensionList", $@"{Name}\PolicyModules\{ActivePolicyModule}", ComputerName);
Oids.AddRange(oidstrings.Select(item => new Oid(item)));
OfflineExtensionList = Oids.ToArray();
Oids.Clear();
oidstrings = (String[])CryptoRegistry.GetRReg("DisableExtensionList", $@"{Name}\PolicyModules\{ActivePolicyModule}", ComputerName);
Oids.AddRange(oidstrings.Select(item => new Oid(item)));
DisabledExtensionList = Oids.ToArray();
Oids.Clear();
}
else
{
if (CertificateAuthority.Ping(ComputerName))
{
ActivePolicyModule = (String)CryptoRegistry.GetRReg("Active", $@"{Name}\PolicyModules", ComputerName);
String[] oidstrings = (String[])CryptoRegistry.GetRegFallback(ConfigString, $@"PolicyModules\{ActivePolicyModule}", "EnableRequestExtensionList");
Oids.AddRange(oidstrings.Select(item => new Oid(item)));
EnabledExtensionList = Oids.ToArray();
Oids.Clear();
oidstrings = (String[])CryptoRegistry.GetRegFallback(ConfigString, $@"PolicyModules\{ActivePolicyModule}", "EnableEnrolleeRequestExtensionList");
Oids.AddRange(oidstrings.Select(item => new Oid(item)));
OfflineExtensionList = Oids.ToArray();
Oids.Clear();
oidstrings = (String[])CryptoRegistry.GetRegFallback(ConfigString, $@"PolicyModules\{ActivePolicyModule}", "DisableExtensionList");
Oids.AddRange(oidstrings.Select(item => new Oid(item)));
DisabledExtensionList = Oids.ToArray();
}
else
{
ServerUnavailableException e = new ServerUnavailableException(DisplayName);
e.Data.Add(nameof(e.Source), (OfflineSource)3);
throw e;
}
}
}
/// <summary>
/// Updates CRL (Base and Delta CRL) setting.
/// </summary>
/// <param name="restart">
/// Indiciates whether to restart certificate services to immediately apply changes. Updated settings has no effect until
/// CA service is restarted.
/// </param>
/// <exception cref="UnauthorizedAccessException">
/// The caller do not have sufficient permissions to make changes in the CA configuration.
/// </exception>
/// <exception cref="ServerUnavailableException">
/// The target CA server could not be contacted via remote registry and RPC protocol.
/// </exception>
/// <returns>
/// <strong>True</strong> if configuration was changed. If an object was not modified since it was instantiated, configuration is not updated
/// and the method returns <strong>False</strong>.
/// </returns>
/// <remarks>The caller must have <strong>Administrator</strong> permissions on the target CA server.</remarks>
public Boolean SetInfo(Boolean restart)
{
if (!IsModified)
{
return(false);
}
if (CryptoRegistry.Ping(ComputerName))
{
// Base CRL
CryptoRegistry.SetRReg(BaseUnits, "CRLPeriodUnits", RegistryValueKind.DWord, Name, ComputerName);
CryptoRegistry.SetRReg(BasePeriod, "CRLPeriod", RegistryValueKind.String, Name, ComputerName);
// Base CRL overlap
CryptoRegistry.SetRReg(BaseOverlapUnits, "CRLOverlapUnits", RegistryValueKind.DWord, Name, ComputerName);
CryptoRegistry.SetRReg(BaseOverlap, "CRLOverlapPeriod", RegistryValueKind.String, Name, ComputerName);
// Delta CRL
CryptoRegistry.SetRReg(DeltaUnits, "CRLDeltaPeriodUnits", RegistryValueKind.DWord, Name, ComputerName);
CryptoRegistry.SetRReg(DeltaPeriod, "CRLDeltaPeriod", RegistryValueKind.String, Name, ComputerName);
// Delta CRL overlap
CryptoRegistry.SetRReg(DeltaOverlapUnits, "CRLDeltaOverlapUnits", RegistryValueKind.DWord, Name, ComputerName);
CryptoRegistry.SetRReg(DeltaOverlap, "CRLDeltaOverlapPeriod", RegistryValueKind.String, Name, ComputerName);
IsModified = false;
if (restart)
{
CertificateAuthority.Restart(ComputerName);
}
return(true);
}
if (CertificateAuthority.Ping(ComputerName))
{
// Base CRL
CryptoRegistry.SetRegFallback(ConfigString, String.Empty, "CRLPeriodUnits", BaseUnits);
CryptoRegistry.SetRegFallback(ConfigString, String.Empty, "CRLPeriod", BasePeriod);
// Base CRL overlap
CryptoRegistry.SetRegFallback(ConfigString, String.Empty, "CRLOverlapUnits", BaseOverlapUnits);
CryptoRegistry.SetRegFallback(ConfigString, String.Empty, "CRLOverlapPeriod", BaseOverlap);
// Delta CRL
CryptoRegistry.SetRegFallback(ConfigString, String.Empty, "CRLDeltaPeriodUnits", DeltaUnits);
CryptoRegistry.SetRegFallback(ConfigString, String.Empty, "CRLDeltaPeriod", DeltaPeriod);
// Delta CRL overlap
CryptoRegistry.SetRegFallback(ConfigString, String.Empty, "CRLDeltaOverlapUnits", DeltaOverlapUnits);
CryptoRegistry.SetRegFallback(ConfigString, String.Empty, "CRLDeltaOverlapPeriod", DeltaOverlap);
IsModified = false;
if (restart)
{
CertificateAuthority.Restart(ComputerName);
}
return(true);
}
ServerUnavailableException e = new ServerUnavailableException(DisplayName);
e.Data.Add("Source", (OfflineSource)3);
throw e;
}
/// <summary>
/// Retrieves the most recent 'CA Exchange' certificate. If the certificate does not exist, the method
/// will instruct CA server to generate or enroll a new one.
/// </summary>
/// <exception cref="UninitializedObjectException">The object is not properly initialized.</exception>
/// <exception cref="ServerUnavailableException">CA server is not accessible via RPC/DCOM.</exception>
/// <exception cref="UnauthorizedAccessException">The caller do not have at least <strong>Read</strong> permissions.</exception>
/// <returns>CA Exchange certificate.</returns>
public X509Certificate2 GetCAExchangeCertificate()
{
if (String.IsNullOrEmpty(Name))
{
throw new UninitializedObjectException();
}
if (!PingAdmin() && !PingRequest())
{
ServerUnavailableException e = new ServerUnavailableException(DisplayName);
e.Data.Add(nameof(e.Source), OfflineSource.DCOM);
throw e;
}
return(new X509Certificate2(_propReader.GetExchangeCertificate()));
}
/// <summary>
/// Returns all roles granted on the CA to the caller.
/// </summary>
/// <exception cref="UninitializedObjectException">The object is not properly initialized.</exception>
/// <exception cref="ServerUnavailableException">CA server is not accessible via RPC/DCOM.</exception>
/// <exception cref="UnauthorizedAccessException">The caller do not have at least <strong>Read</strong> permissions.</exception>
/// <returns>Granted roles.</returns>
public CARoleEnum GetMyRoles()
{
if (String.IsNullOrEmpty(ConfigString))
{
throw new UninitializedObjectException();
}
if (!IsAccessible)
{
ServerUnavailableException e = new ServerUnavailableException(DisplayName);
e.Data.Add("Source", OfflineSource.DCOM);
throw e;
}
CertAdmin = new CCertAdmin();
return((CARoleEnum)CertAdmin.GetMyRoles(ConfigString));
}
/// <summary>
/// Gets the access control list (<strong>ACL</strong>) for the current Certification Authority.
/// </summary>
/// <returns>An ACL object.</returns>
/// <remarks>Returned object inherits from <see cref="CommonObjectSecurity"/> and implements common methods.</remarks>
public CertSrvSecurityDescriptor GetSecurityDescriptor()
{
_regReader.SetRootNode(true);
if (!_regReader.RegistryOnline && !_regReader.DcomOnline)
{
ServerUnavailableException e = new ServerUnavailableException(DisplayName);
e.Data.Add(nameof(e.Source), OfflineSource.Registry | OfflineSource.DCOM);
throw e;
}
var sd = new CertSrvSecurityDescriptor(this);
sd.SetSecurityDescriptorBinaryForm(_regReader.GetBinaryEntry("Security"));
return(sd);
}
X509CRL2 getCRL(Boolean delta)
{
if (!IsAccessible)
{
var e = new ServerUnavailableException(DisplayName);
e.Data.Add(nameof(e.Source), OfflineSource.DCOM);
throw e;
}
Byte[] rawData = delta
? _propReader.GetLatestCertDeltaCrl()
: _propReader.GetLatestCertBaseCrl();
return(rawData == null
? null
: new X509CRL2(rawData));
}
/// <summary>
/// Initializes a new instance of <strong>CertSrvConfig</strong> from a string that contains a computer name where Certification Authority is installed.
/// </summary>
/// <param name="computerName">computer name where Certification Authority is installed.</param>
/// <exception cref="ArgumentException"><strong>computerName</strong> parameter cannot be null or empty string.</exception>
/// <exception cref="ServerUnavailableException">Certification Authority is not accessible via any supported protocol.</exception>
protected CertSrvConfig(String computerName)
{
if (String.IsNullOrWhiteSpace(computerName))
{
throw new ArgumentException(nameof(computerName));
}
ComputerName = computerName;
ConfigManager = new CertSrvConfigUtil(ComputerName);
if (!ConfigManager.RegistryOnline && !ConfigManager.DcomOnline)
{
var e = new ServerUnavailableException(ComputerName);
e.Data.Add(nameof(e.Source), OfflineSource.All);
throw e;
}
}
/// <summary>
/// Writes this object to a securable object's Access Control List.
/// </summary>
/// <exception cref="ServerUnavailableException">
/// The target Online Responder server could not be contacted via remote registry and RPC protocol.
/// </exception>
public void SetObjectSecurity()
{
var ocspAdmin = new OCSPAdminClass();
try {
ocspAdmin.SetSecurity(ComputerName, GetSecurityDescriptorSddlForm(AccessControlSections.All));
} catch (COMException cex) {
if (cex.ErrorCode == Error.RpcUnavailableException)
{
var e = new ServerUnavailableException(ComputerName);
e.Data.Add(nameof(e.Source), OfflineSource.DCOM);
throw e;
}
} finally {
CryptographyUtils.ReleaseCom(ocspAdmin);
}
}
/// <summary>
/// Returns all roles granted on the CA to the caller.
/// </summary>
/// <exception cref="UninitializedObjectException">The object is not properly initialized.</exception>
/// <exception cref="ServerUnavailableException">CA server is not accessible via RPC/DCOM.</exception>
/// <exception cref="UnauthorizedAccessException">The caller do not have at least <strong>Read</strong> permissions.</exception>
/// <returns>Granted roles.</returns>
public CertSrvClientRole GetMyRoles()
{
if (String.IsNullOrEmpty(ConfigString))
{
throw new UninitializedObjectException();
}
if (!IsAccessible)
{
ServerUnavailableException e = new ServerUnavailableException(DisplayName);
e.Data.Add(nameof(e.Source), OfflineSource.DCOM);
throw e;
}
var CertAdmin = new CCertAdmin();
return((CertSrvClientRole)CertAdmin.GetMyRoles(ConfigString));
}
void m_initialize(CertificateAuthority certificateAuthority)
{
Name = certificateAuthority.Name;
DisplayName = certificateAuthority.DisplayName;
ComputerName = certificateAuthority.ComputerName;
ConfigString = certificateAuthority.ConfigString;
if (CryptoRegistry.Ping(ComputerName))
{
// Base CRL
BaseUnits = (Int32)CryptoRegistry.GetRReg("CRLPeriodUnits", Name, ComputerName);
BasePeriod = (String)CryptoRegistry.GetRReg("CRLPeriod", Name, ComputerName);
// Base CRL overlap
BaseOverlapUnits = (Int32)CryptoRegistry.GetRReg("CRLOverlapUnits", Name, ComputerName);
BaseOverlap = (String)CryptoRegistry.GetRReg("CRLOverlapPeriod", Name, ComputerName);
// Delta CRL
DeltaUnits = (Int32)CryptoRegistry.GetRReg("CRLDeltaPeriodUnits", Name, ComputerName);
DeltaPeriod = (String)CryptoRegistry.GetRReg("CRLDeltaPeriod", Name, ComputerName);
// Delta CRL overlap
DeltaOverlapUnits = (Int32)CryptoRegistry.GetRReg("CRLDeltaOverlapUnits", Name, ComputerName);
DeltaOverlap = (String)CryptoRegistry.GetRReg("CRLDeltaOverlapPeriod", Name, ComputerName);
}
else
{
if (certificateAuthority.Ping())
{
// Base CRL
BaseUnits = (Int32)CryptoRegistry.GetRegFallback(ConfigString, String.Empty, "CRLPeriodUnits");
BasePeriod = (String)CryptoRegistry.GetRegFallback(ConfigString, String.Empty, "CRLPeriod");
// Base CRL overlap
BaseOverlapUnits = (Int32)CryptoRegistry.GetRegFallback(ConfigString, String.Empty, "CRLOverlapUnits");
BaseOverlap = (String)CryptoRegistry.GetRegFallback(ConfigString, String.Empty, "CRLOverlapPeriod");
// Delta CRL
DeltaUnits = (Int32)CryptoRegistry.GetRegFallback(ConfigString, String.Empty, "CRLDeltaPeriodUnits");
DeltaPeriod = (String)CryptoRegistry.GetRegFallback(ConfigString, String.Empty, "CRLDeltaPeriod");
// Delta CRL overlap
DeltaOverlapUnits = (Int32)CryptoRegistry.GetRegFallback(ConfigString, String.Empty, "CRLDeltaOverlapUnits");
DeltaOverlap = (String)CryptoRegistry.GetRegFallback(ConfigString, String.Empty, "CRLDeltaOverlapPeriod");
}
else
{
ServerUnavailableException e = new ServerUnavailableException(DisplayName);
e.Data.Add("Source", (OfflineSource)3);
throw e;
}
}
}
/// <summary>
/// Updates KRA configuration by writing KRA certificates to Certification Authority. The method writes all certificates contained in
/// <see cref="Certificate"/> property.
/// </summary>
/// <param name="restart">
/// Indiciates whether to restart certificate services to immediately apply changes. Updated settings has no effect until
/// CA service is restarted.
/// </param>
/// <exception cref="UnauthorizedAccessException">
/// The caller do not have sufficient permissions to make changes in the CA configuration.
/// </exception>
/// <exception cref="ServerUnavailableException">
/// The target CA server could not be contacted via RPC/DCOM transport.
/// </exception>
/// <remarks>
/// <para>This method do not check whether the certificates in <see cref="Certificate"/> property are valid.
/// The caller is responsible to check if the certificates are time-valid, trusted and not revoked.</para>
/// </remarks>
/// <returns>
/// <strong>True</strong> if configuration was changed. If an object was not modified since it was instantiated, configuration is not updated
/// and the method returns <strong>False</strong>.
/// </returns>
/// <remarks>The caller must have <strong>Administrator</strong> permissions on the target CA server.</remarks>
public Boolean SetInfo(Boolean restart)
{
if (IsModified)
{
if (!CertificateAuthority.Ping(ComputerName))
{
ServerUnavailableException e = new ServerUnavailableException(DisplayName);
e.Data.Add(nameof(e.Source), OfflineSource.DCOM);
throw e;
}
CCertAdmin CertAdmin = new CCertAdmin();
try {
if (_certs.Count > 0)
{
Int32 kracount = (Int32)CertAdmin.GetCAProperty(ConfigString, CertAdmConst.CrPropKracertcount, 0, CertAdmConst.ProptypeLong, 0);
if (kracount > 0)
{
CertAdmin.SetCAProperty(ConfigString, CertAdmConst.CrPropKracertcount, 0, CertAdmConst.ProptypeLong, 0);
}
for (Int32 index = 0; index < _certs.Count; index++)
{
String der = CryptographyUtils.EncodeDerString(_certs[index].RawData);
CertAdmin.SetCAProperty(ConfigString, CertAdmConst.CrPropKracert, index, CertAdmConst.ProptypeBinary, der);
}
CertAdmin.SetCAProperty(ConfigString, CertAdmConst.CrPropKracertusedcount, 0, CertAdmConst.ProptypeLong, _certs.Count);
}
else
{
CertAdmin.SetCAProperty(ConfigString, CertAdmConst.CrPropKracertcount, 0, CertAdmConst.ProptypeLong, 0);
CertAdmin.SetCAProperty(ConfigString, CertAdmConst.CrPropKracertusedcount, 0, CertAdmConst.ProptypeLong, 0);
}
} catch (Exception e) {
throw Error.ComExceptionHandler(e);
} finally {
CryptographyUtils.ReleaseCom(CertAdmin);
}
IsModified = false;
if (restart)
{
CertificateAuthority.Restart(ComputerName);
}
return(true);
}
return(false);
}
/// <summary>
/// Updates certificate template list issued by a Certification Authority. The method writes all certificates templates contained in
/// <see cref="Templates"/> property.
/// </summary>
/// <exception cref="UnauthorizedAccessException">
/// The caller do not have sufficient permissions to make changes in the CA configuration.
/// </exception>
/// <exception cref="ServerUnavailableException">
/// The target CA server could not be contacted via RPC/DCOM transport.
/// </exception>
/// <exception cref="NotSupportedException">One or more certificate templates are not supported by this CA version.</exception>
/// <remarks>
/// For this method to succeed, the caller must be granted CA <strong>Administrator</strong> permissions.
/// </remarks>
/// <returns>
/// <strong>True</strong> if configuration was changed. If an object was not modified since it was instantiated, configuration is not updated
/// and the method returns <strong>False</strong>.
/// </returns>
/// <remarks>The caller must have <strong>Administrator</strong> permissions on the target CA server.</remarks>
public Boolean SetInfo()
{
if (!IsModified)
{
return(false);
}
if (!CertificateAuthority.Ping(ComputerName))
{
var e = new ServerUnavailableException(DisplayName);
e.Data.Add(nameof(e.Source), OfflineSource.DCOM);
throw e;
}
var writer = new CertPropWriterD(configString);
writer.SetTemplates(_templates.ToArray());
IsModified = false;
return(true);
}
void initializeFromConfigString(String computerName, String name)
{
if (!RegistryOnline && !IsAccessible)
{
if (foundInDs)
{
buildFromCertConfigOnly();
}
else
{
var e = new ServerUnavailableException(computerName);
e.Data.Add(nameof(e.Source), (OfflineSource)3);
throw e;
}
}
else
{
getConfig(computerName, name);
initialize();
}
}
/// <summary>
/// Returns all CA certificates.
/// </summary>
/// <exception cref="UninitializedObjectException">
/// Current object is not initialized.
/// </exception>
/// <exception cref="ServerUnavailableException">
/// Current CA server could not be contacted via remote registry and RPC protocol.
/// </exception>
/// <returns>A collection of CA certificates.</returns>
public X509Certificate2Collection GetCACerts()
{
if (String.IsNullOrEmpty(Name))
{
throw new UninitializedObjectException();
}
if (!PingAdmin() && !PingRequest())
{
var e = new ServerUnavailableException(DisplayName);
e.Data.Add(nameof(e.Source), OfflineSource.DCOM);
throw e;
}
var certs = new X509Certificate2Collection();
Int32 count = _propReader.GetCaCertificateCount();
for (Int32 index = 0; index < count; index++)
{
certs.Add(new X509Certificate(_propReader.GetCaCertificate(index)));
}
return(certs);
}
void m_initialize(CertificateAuthority certificateAuthority)
{
if (!certificateAuthority.IsEnterprise)
{
throw new PlatformNotSupportedException();
}
if (!certificateAuthority.Ping())
{
ServerUnavailableException e = new ServerUnavailableException(certificateAuthority.DisplayName);
e.Data.Add(nameof(e.Source), OfflineSource.DCOM);
throw e;
}
Name = certificateAuthority.Name;
DisplayName = certificateAuthority.DisplayName;
ComputerName = certificateAuthority.ComputerName;
version = certificateAuthority.Version;
sku = certificateAuthority.Sku;
configString = certificateAuthority.ConfigString;
CCertAdmin CertAdmin = new CCertAdmin();
String templates = (String)CertAdmin.GetCAProperty(certificateAuthority.ConfigString, CertAdmConstants.CrPropTemplates, 0, CertAdmConstants.ProptypeString, 0);
List <CertificateTemplate> tobeadded = new List <CertificateTemplate>();
if (templates != String.Empty)
{
String[] SplitString = { "\n" };
String[] TempArray = templates.Split(SplitString, StringSplitOptions.RemoveEmptyEntries);
for (Int32 index = 0; index < TempArray.Length; index += 2)
{
tobeadded.Add(new CertificateTemplate("Name", TempArray[index]));
}
Templates = tobeadded.ToArray();
}
else
{
Templates = null;
}
}
void m_initialize(CertificateAuthority certificateAuthority)
{
if (!certificateAuthority.IsEnterprise)
{
throw new PlatformNotSupportedException();
}
version = certificateAuthority.Version;
sku = certificateAuthority.Sku;
configString = certificateAuthority.ConfigString;
ICertPropReaderD propReader;
if (certificateAuthority.PingRequest())
{
propReader = new CertPropReaderD(configString, false);
}
else if (certificateAuthority.PingAdmin())
{
propReader = new CertPropReaderD(configString, true);
}
else
{
var e = new ServerUnavailableException(certificateAuthority.DisplayName);
e.Data.Add(nameof(e.Source), OfflineSource.DCOM);
throw e;
}
Name = certificateAuthority.Name;
DisplayName = certificateAuthority.DisplayName;
ComputerName = certificateAuthority.ComputerName;
String[,] templates = propReader.GetCaTemplates();
for (Int32 i = 0; i <= templates.GetUpperBound(0); i++)
{
_templates.Add(CertificateTemplate.FromCommonName(templates[i, 0]));
}
}
void initializeFromConfigString(String computerName, String name)
{
String tempConfig = computerName + "\\" + name;
if (!RegistryOnline && !IsAccessible)
{
if (foundInDs)
{
buildFromCertConfigOnly();
}
else
{
ServerUnavailableException e = new ServerUnavailableException(computerName);
e.Data.Add("Source", (OfflineSource)3);
throw e;
}
}
else
{
getConfig(computerName, tempConfig);
initialize();
}
}
/// <summary>
/// Returns all CA certificates.
/// </summary>
/// <exception cref="UninitializedObjectException">
/// Current object is not initialized.
/// </exception>
/// <exception cref="ServerUnavailableException">
/// Current CA server could not be contacted via remote registry and RPC protocol.
/// </exception>
/// <returns>A collection of CA certificates.</returns>
public X509Certificate2Collection GetCACerts()
{
if (String.IsNullOrEmpty(Name))
{
throw new UninitializedObjectException();
}
if (!Ping())
{
ServerUnavailableException e = new ServerUnavailableException(DisplayName);
e.Data.Add(nameof(e.Source), OfflineSource.DCOM);
throw e;
}
var CertAdmin = new CCertAdmin();
X509Certificate2Collection certs = new X509Certificate2Collection();
Int32 count = (Int32)CertAdmin.GetCAProperty(ConfigString, CertAdmConstants.CrPropCasigcertcount, 0, 1, 0);
for (Int32 index = 0; index < count; index++)
{
certs.Add(new X509Certificate(Convert.FromBase64String((String)CertAdmin.GetCAProperty(ConfigString, CertAdmConstants.CrPropCasigcert, index, 3, 1))));
}
CryptographyUtils.ReleaseCom(CertAdmin);
return(certs);
}
public Schema[] GetSchema(TableList table = TableList.Request)
{
if (String.IsNullOrEmpty(Name))
{
throw new UninitializedObjectException();
}
if (!Ping())
{
ServerUnavailableException e = new ServerUnavailableException(DisplayName);
e.Data.Add(nameof(e.Source), OfflineSource.DCOM);
throw e;
}
CCertView CaView = new CCertView();
try {
List <Schema> items = new List <Schema>();
CaView.OpenConnection(ConfigString);
CaView.SetTable((Int32)table);
IEnumCERTVIEWCOLUMN columns = CaView.EnumCertViewColumn(0);
while (columns.Next() != -1)
{
String name = columns.GetName();
String displayname = columns.GetDisplayName();
DataTypeEnum dataType = (DataTypeEnum)columns.GetType();
Int32 maxLength = columns.GetMaxLength();
Boolean isIndexed = Convert.ToBoolean(columns.IsIndexed());
items.Add(new Schema(name, displayname, dataType, maxLength, isIndexed));
}
columns.Reset();
CryptographyUtils.ReleaseCom(columns);
return(items.ToArray());
} catch (Exception e) {
throw Error.ComExceptionHandler(e);
} finally {
CryptographyUtils.ReleaseCom(CaView);
}
}
void getConfig(String computerName, String configString = "")
{
if (RegistryOnline)
{
Active = (String)CryptoRegistry.GetRReg("Active", "", computerName);
ComputerName = (String)CryptoRegistry.GetRReg("CAServerName", Active, computerName);
Name = (String)CryptoRegistry.GetRReg("CommonName", Active, computerName);
}
else
{
if (!String.IsNullOrEmpty(configString) && IsAccessible)
{
ComputerName = (String)CryptoRegistry.GetRegFallback(configString, String.Empty, "CAServerName");
Name = (String)CryptoRegistry.GetRegFallback(configString, String.Empty, "CommonName");
}
else
{
ServerUnavailableException e = new ServerUnavailableException(computerName);
e.Data.Add(nameof(e.Source), (OfflineSource)3);
throw e;
}
}
ConfigString = ComputerName + "\\" + Name;
}
public new void InvokeServerUnavailable(ServerUnavailableException ex)
{
base.InvokeServerUnavailable(ex);
}
protected void InvokeServerUnavailable(ServerUnavailableException args)
{
ServerUnavailable?.Invoke(this, new ServerUnavailableEventArgs(args));
}
public ServerUnavailableEventArgs(ServerUnavailableException ex)
{
Exception = ex;
}
private void OnConnectionFail(ServerUnavailableException obj)
{
_log.Error("Failed to connect to SoS Online.", obj);
}
public void InvokeServerUnavailable(ServerUnavailableException serverUnavailableException)
{
((WatcherFake)CiEntryPointSetting.GetWatcher(Settings)).InvokeServerUnavailable(serverUnavailableException);
}
private void OnSosOnlineFailure(string userFriendlyErrorMessage, ServerUnavailableException ex)
{
_loading.Visible = false;
SosMessageBox.Show("Error connecting", userFriendlyErrorMessage, "Hmmmm");
_sosOnlineStatus.Text = userFriendlyErrorMessage;
}
private void OnAddBuildsFail(string userTargedErrorMessage, ServerUnavailableException ex)
{
_log.Error("Failed to connect to SoS online", ex);
InvokeUpdateStatusBar(userTargedErrorMessage, ex);
}
