/// <summary>
/// Updates Authority Information Access configuration by writing them to Certification Authority.
/// </summary>
/// <param name="restart">Indiciates whether to restart certificate services to immediately apply changes. Updated settings has no effect until
/// CA service is restarted.
/// </param>
/// <remarks>
/// For this method to succeed, the caller must be granted CA <strong>Administrator</strong> permissions.
/// </remarks>
/// <exception cref="UnauthorizedAccessException">
/// The caller do not have sufficient permissions to make changes in the CA configuration.
/// </exception>
/// <exception cref="ServerUnavailableException">
/// The target CA server could not be contacted via remote registry and RPC protocol.
/// </exception>
/// <returns>
/// <strong>True</strong> if configuration was changed. If an object was not modified since it was instantiated, configuration is not updated
/// and the method returns <strong>False</strong>.
/// </returns>
/// <remarks>The caller must have <strong>Administrator</strong> permissions on the target CA server.</remarks>
public Boolean SetInfo(Boolean restart)
{
if (IsModified)
{
List <String> strings = URI.Length > 0
? URI.Select(str => str.RegURI).ToList()
: null;
if (CryptoRegistry.Ping(ComputerName))
{
CryptoRegistry.SetRReg(strings, "CACertPublicationURLs", Name, ComputerName);
if (restart)
{
CertificateAuthority.Restart(ComputerName);
}
IsModified = false;
return(true);
}
if (CertificateAuthority.Ping(ComputerName))
{
CryptoRegistry.SetRegFallback(ConfigString, String.Empty, "CACertPublicationURLs", strings);
if (restart)
{
CertificateAuthority.Restart(ComputerName);
}
IsModified = false;
return(true);
}
ServerUnavailableException e = new ServerUnavailableException(DisplayName);
e.Data.Add(nameof(e.Source), (OfflineSource)3);
throw e;
}
return(false);
}
void m_initialize(CertificateAuthority certificateAuthority)
{
String[] urls;
Name = certificateAuthority.Name;
DisplayName = certificateAuthority.DisplayName;
ComputerName = certificateAuthority.ComputerName;
ConfigString = certificateAuthority.ConfigString;
if (CryptoRegistry.Ping(ComputerName))
{
urls = (String[])CryptoRegistry.GetRReg("CACertPublicationURLs", Name, ComputerName);
}
else
{
if (CertificateAuthority.Ping(ComputerName))
{
urls = (String[])CryptoRegistry.GetRegFallback(ConfigString, String.Empty, "CACertPublicationURLs");
}
else
{
ServerUnavailableException e = new ServerUnavailableException(DisplayName);
e.Data.Add(nameof(e.Source), (OfflineSource)3);
throw e;
}
}
m_aia = urls.Select(url => new AIA(url)).ToArray();
}
/// <summary>
/// Updates issued certificate validity setting. Any issued certificate validity cannot exceed this value.
/// </summary>
/// <param name="restart">
/// Indiciates whether to restart certificate services to immediately apply changes. Updated settings has no effect until
/// CA service is restarted.
/// </param>
/// <exception cref="UnauthorizedAccessException">
/// The caller do not have sufficient permissions to make changes in the CA configuration.
/// </exception>
/// <exception cref="ServerUnavailableException">
/// The target CA server could not be contacted via remote registry and RPC protocol.
/// </exception>
/// <returns>
/// <strong>True</strong> if configuration was changed. If an object was not modified since it was instantiated, configuration is not updated
/// and the method returns <strong>False</strong>.
/// </returns>
/// <remarks>The caller must have <strong>Administrator</strong> permissions on the target CA server.</remarks>
public Boolean SetInfo(Boolean restart)
{
if (!IsModified)
{
return(false);
}
if (CryptoRegistry.Ping(ComputerName))
{
CryptoRegistry.SetRReg(Period, "ValidityPeriodUnits", RegistryValueKind.DWord, Name, ComputerName);
CryptoRegistry.SetRReg(PeriodUnits, "ValidityPeriod", RegistryValueKind.String, Name, ComputerName);
IsModified = false;
if (restart)
{
CertificateAuthority.Restart(ComputerName);
}
return(true);
}
if (CertificateAuthority.Ping(ComputerName))
{
CryptoRegistry.SetRegFallback(ConfigString, String.Empty, "ValidityPeriodUnits", Period);
CryptoRegistry.SetRegFallback(ConfigString, String.Empty, "ValidityPeriod", PeriodUnits);
IsModified = false;
if (restart)
{
CertificateAuthority.Restart(ComputerName);
}
return(true);
}
ServerUnavailableException e = new ServerUnavailableException(DisplayName);
e.Data.Add(nameof(e.Source), (OfflineSource)3);
throw e;
}
void m_initialize(CertificateAuthority certificateAuthority)
{
Name = certificateAuthority.Name;
DisplayName = certificateAuthority.DisplayName;
ComputerName = certificateAuthority.ComputerName;
ConfigString = certificateAuthority.ConfigString;
if (CryptoRegistry.Ping(ComputerName))
{
m_validity = Convert.ToString((Int32)CryptoRegistry.GetRReg("ValidityPeriodUnits", Name, ComputerName)) + " ";
m_validity += (String)CryptoRegistry.GetRReg("ValidityPeriod", Name, ComputerName);
}
else
{
if (certificateAuthority.Ping())
{
m_validity = Convert.ToString((Int32)CryptoRegistry.GetRegFallback(ConfigString, String.Empty, "ValidityPeriodUnits"));
m_validity += (String)CryptoRegistry.GetRegFallback(ConfigString, String.Empty, "ValidityPeriod");
}
else
{
ServerUnavailableException e = new ServerUnavailableException(DisplayName);
e.Data.Add(nameof(e.Source), (OfflineSource)3);
throw e;
}
}
}
void m_initialize(CertificateAuthority certificateAuthority)
{
String[] urls;
keyMap = certificateAuthority.GetKeyMap();
buildVarValueMapping(certificateAuthority);
Name = certificateAuthority.Name;
DisplayName = certificateAuthority.DisplayName;
ComputerName = certificateAuthority.ComputerName;
ConfigString = certificateAuthority.ConfigString;
if (CryptoRegistry.Ping(ComputerName))
{
urls = (String[])CryptoRegistry.GetRReg("CRLPublicationURLs", Name, ComputerName);
}
else
{
if (CertificateAuthority.Ping(ComputerName))
{
urls = (String[])CryptoRegistry.GetRegFallback(ConfigString, String.Empty, "CRLPublicationURLs");
}
else
{
ServerUnavailableException e = new ServerUnavailableException(DisplayName);
e.Data.Add(nameof(e.Source), (OfflineSource)3);
throw e;
}
}
m_cdp = urls.Select(url => new CDP(url)).ToArray();
ResolveUrLs();
}
void m_initialize(CertificateAuthority certificateAuthority)
{
if (!certificateAuthority.IsEnterprise)
{
throw new PlatformNotSupportedException();
}
if (!certificateAuthority.Ping())
{
ServerUnavailableException e = new ServerUnavailableException(certificateAuthority.DisplayName);
e.Data.Add(nameof(e.Source), OfflineSource.DCOM);
throw e;
}
Name = certificateAuthority.Name;
DisplayName = certificateAuthority.DisplayName;
ComputerName = certificateAuthority.ComputerName;
ConfigString = certificateAuthority.ConfigString;
CCertAdmin CertAdmin = new CCertAdmin();
Int32 KRACount = (Int32)CertAdmin.GetCAProperty(certificateAuthority.ConfigString, CertAdmConst.CrPropKracertcount, 0, CertAdmConst.ProptypeLong, 0);
if (KRACount > 0)
{
for (Int32 index = 0; index < KRACount; index++)
{
String Base64 = (String)CertAdmin.GetCAProperty(certificateAuthority.ConfigString, CertAdmConst.CrPropKracert, index, CertAdmConst.ProptypeBinary, 1);
_certs.Add(new X509Certificate2(Convert.FromBase64String(Base64)));
}
}
}
/// <summary>
/// Updates certificate template list issud by a Certification Authority. The method writes all certificates templates contained in
/// <see cref="Templates"/> property.
/// </summary>
/// <exception cref="UnauthorizedAccessException">
/// The caller do not have sufficient permissions to make changes in the CA configuration.
/// </exception>
/// <exception cref="ServerUnavailableException">
/// The target CA server could not be contacted via RPC/DCOM transport.
/// </exception>
/// <exception cref="NotSupportedException">One or more certificate templates are not supported by this CA version.</exception>
/// <remarks>
/// For this method to succeed, the caller must be granted CA <strong>Administrator</strong> permissions.
/// </remarks>
/// <returns>
/// <strong>True</strong> if configuration was changed. If an object was not modified since it was instantiated, configuration is not updated
/// and the method returns <strong>False</strong>.
/// </returns>
/// <remarks>The caller must have <strong>Administrator</strong> permissions on the target CA server.</remarks>
public Boolean SetInfo()
{
if (!IsModified)
{
return(false);
}
if (!CertificateAuthority.Ping(ComputerName))
{
ServerUnavailableException e = new ServerUnavailableException(DisplayName);
e.Data.Add(nameof(e.Source), OfflineSource.DCOM);
throw e;
}
CCertAdmin CertAdmin = new CCertAdmin();
StringBuilder SB = new StringBuilder();
if (Templates.Length > 0)
{
foreach (CertificateTemplate item in Templates)
{
SB.Append(item.Name + "\n");
SB.Append(item.OID.Value + "\n");
}
}
try {
CertAdmin.SetCAProperty(ConfigString, CertAdmConst.CrPropTemplates, 0, CertAdmConst.ProptypeString, SB.ToString());
} catch (Exception e) {
throw Error.ComExceptionHandler(e);
}
IsModified = false;
return(true);
}
/// <summary>
/// Updates CA server cryptography settings by writing them to Certification Authority.
/// </summary>
/// <param name="restart">
/// Indiciates whether to restart certificate services to immediately apply changes. Updated settings has no effect
/// until CA service is restarted.
/// </param>
/// <exception cref="ServerUnavailableException">
/// The target CA server could not be contacted via remote registry and RPC protocol.
/// </exception>
/// <returns>
/// <strong>True</strong> if configuration was changed. If an object was not modified since it was instantiated, configuration is not updated
/// and the method returns <strong>False</strong>.
/// </returns>
/// <remarks>
/// The caller must have <strong>Administrator</strong> permissions on the target CA server.
/// </remarks>
public Boolean SetInfo(Boolean restart)
{
if (!IsModified)
{
return(false);
}
if (CryptoRegistry.Ping(ComputerName))
{
if (ProviderIsCNG)
{
CryptoRegistry.SetRReg(publicKeyAlgorithm.FriendlyName, "CNGPublicKeyAlgorithm", RegistryValueKind.String, Name + "\\CSP", ComputerName);
CryptoRegistry.SetRReg(hashingAlgorithm.FriendlyName, "CNGHashAlgorithm", RegistryValueKind.String, Name + "\\CSP", ComputerName);
if (alternateSignatureAlgorithm)
{
CryptoRegistry.SetRReg(1, "AlternateSignatureAlgorithm", RegistryValueKind.String, $@"{Name}\CSP", ComputerName);
}
else
{
CryptoRegistry.SetRReg(0, "AlternateSignatureAlgorithm", RegistryValueKind.DWord, $@"{Name}\CSP", ComputerName);
}
}
else
{
CryptoRegistry.SetRReg(getValueFromOid(hashingAlgorithm), "HashAlgorithm", RegistryValueKind.DWord, $@"{Name}\CSP", ComputerName);
}
}
else
{
if (CertificateAuthority.Ping(ComputerName))
{
if (ProviderIsCNG)
{
CryptoRegistry.SetRegFallback(ConfigString, "CSP", "CNGPublicKeyAlgorithm", publicKeyAlgorithm.FriendlyName);
CryptoRegistry.SetRegFallback(ConfigString, "CSP", "CNGHashAlgorithm", hashingAlgorithm.FriendlyName);
CryptoRegistry.SetRegFallback(ConfigString, "CSP", "CNGHashAlgorithm", alternateSignatureAlgorithm ? 1 : 0);
}
else
{
CryptoRegistry.SetRegFallback(ConfigString, "CSP", "HashAlgorithm", getValueFromOid(hashingAlgorithm));
}
}
else
{
ServerUnavailableException e = new ServerUnavailableException(DisplayName);
e.Data.Add(nameof(e.Source), (OfflineSource)3);
throw e;
}
}
if (restart)
{
CertificateAuthority.Restart(ComputerName);
}
IsModified = false;
return(true);
}
/// <summary>
/// Updates CRL (Base and Delta CRL) setting.
/// </summary>
/// <param name="restart">
/// Indiciates whether to restart certificate services to immediately apply changes. Updated settings has no effect until
/// CA service is restarted.
/// </param>
/// <exception cref="UnauthorizedAccessException">
/// The caller do not have sufficient permissions to make changes in the CA configuration.
/// </exception>
/// <exception cref="ServerUnavailableException">
/// The target CA server could not be contacted via remote registry and RPC protocol.
/// </exception>
/// <returns>
/// <strong>True</strong> if configuration was changed. If an object was not modified since it was instantiated, configuration is not updated
/// and the method returns <strong>False</strong>.
/// </returns>
/// <remarks>The caller must have <strong>Administrator</strong> permissions on the target CA server.</remarks>
public Boolean SetInfo(Boolean restart)
{
if (!IsModified)
{
return(false);
}
if (CryptoRegistry.Ping(ComputerName))
{
// Base CRL
CryptoRegistry.SetRReg(BaseUnits, "CRLPeriodUnits", RegistryValueKind.DWord, Name, ComputerName);
CryptoRegistry.SetRReg(BasePeriod, "CRLPeriod", RegistryValueKind.String, Name, ComputerName);
// Base CRL overlap
CryptoRegistry.SetRReg(BaseOverlapUnits, "CRLOverlapUnits", RegistryValueKind.DWord, Name, ComputerName);
CryptoRegistry.SetRReg(BaseOverlap, "CRLOverlapPeriod", RegistryValueKind.String, Name, ComputerName);
// Delta CRL
CryptoRegistry.SetRReg(DeltaUnits, "CRLDeltaPeriodUnits", RegistryValueKind.DWord, Name, ComputerName);
CryptoRegistry.SetRReg(DeltaPeriod, "CRLDeltaPeriod", RegistryValueKind.String, Name, ComputerName);
// Delta CRL overlap
CryptoRegistry.SetRReg(DeltaOverlapUnits, "CRLDeltaOverlapUnits", RegistryValueKind.DWord, Name, ComputerName);
CryptoRegistry.SetRReg(DeltaOverlap, "CRLDeltaOverlapPeriod", RegistryValueKind.String, Name, ComputerName);
IsModified = false;
if (restart)
{
CertificateAuthority.Restart(ComputerName);
}
return(true);
}
if (CertificateAuthority.Ping(ComputerName))
{
// Base CRL
CryptoRegistry.SetRegFallback(ConfigString, String.Empty, "CRLPeriodUnits", BaseUnits);
CryptoRegistry.SetRegFallback(ConfigString, String.Empty, "CRLPeriod", BasePeriod);
// Base CRL overlap
CryptoRegistry.SetRegFallback(ConfigString, String.Empty, "CRLOverlapUnits", BaseOverlapUnits);
CryptoRegistry.SetRegFallback(ConfigString, String.Empty, "CRLOverlapPeriod", BaseOverlap);
// Delta CRL
CryptoRegistry.SetRegFallback(ConfigString, String.Empty, "CRLDeltaPeriodUnits", DeltaUnits);
CryptoRegistry.SetRegFallback(ConfigString, String.Empty, "CRLDeltaPeriod", DeltaPeriod);
// Delta CRL overlap
CryptoRegistry.SetRegFallback(ConfigString, String.Empty, "CRLDeltaOverlapUnits", DeltaOverlapUnits);
CryptoRegistry.SetRegFallback(ConfigString, String.Empty, "CRLDeltaOverlapPeriod", DeltaOverlap);
IsModified = false;
if (restart)
{
CertificateAuthority.Restart(ComputerName);
}
return(true);
}
ServerUnavailableException e = new ServerUnavailableException(DisplayName);
e.Data.Add("Source", (OfflineSource)3);
throw e;
}
void m_initialize(CertificateAuthority certificateAuthority)
{
Name = certificateAuthority.Name;
DisplayName = certificateAuthority.DisplayName;
ComputerName = certificateAuthority.ComputerName;
ConfigString = certificateAuthority.ConfigString;
if (CryptoRegistry.Ping(ComputerName))
{
// Base CRL
BaseUnits = (Int32)CryptoRegistry.GetRReg("CRLPeriodUnits", Name, ComputerName);
BasePeriod = (String)CryptoRegistry.GetRReg("CRLPeriod", Name, ComputerName);
// Base CRL overlap
BaseOverlapUnits = (Int32)CryptoRegistry.GetRReg("CRLOverlapUnits", Name, ComputerName);
BaseOverlap = (String)CryptoRegistry.GetRReg("CRLOverlapPeriod", Name, ComputerName);
// Delta CRL
DeltaUnits = (Int32)CryptoRegistry.GetRReg("CRLDeltaPeriodUnits", Name, ComputerName);
DeltaPeriod = (String)CryptoRegistry.GetRReg("CRLDeltaPeriod", Name, ComputerName);
// Delta CRL overlap
DeltaOverlapUnits = (Int32)CryptoRegistry.GetRReg("CRLDeltaOverlapUnits", Name, ComputerName);
DeltaOverlap = (String)CryptoRegistry.GetRReg("CRLDeltaOverlapPeriod", Name, ComputerName);
}
else
{
if (certificateAuthority.Ping())
{
// Base CRL
BaseUnits = (Int32)CryptoRegistry.GetRegFallback(ConfigString, String.Empty, "CRLPeriodUnits");
BasePeriod = (String)CryptoRegistry.GetRegFallback(ConfigString, String.Empty, "CRLPeriod");
// Base CRL overlap
BaseOverlapUnits = (Int32)CryptoRegistry.GetRegFallback(ConfigString, String.Empty, "CRLOverlapUnits");
BaseOverlap = (String)CryptoRegistry.GetRegFallback(ConfigString, String.Empty, "CRLOverlapPeriod");
// Delta CRL
DeltaUnits = (Int32)CryptoRegistry.GetRegFallback(ConfigString, String.Empty, "CRLDeltaPeriodUnits");
DeltaPeriod = (String)CryptoRegistry.GetRegFallback(ConfigString, String.Empty, "CRLDeltaPeriod");
// Delta CRL overlap
DeltaOverlapUnits = (Int32)CryptoRegistry.GetRegFallback(ConfigString, String.Empty, "CRLDeltaOverlapUnits");
DeltaOverlap = (String)CryptoRegistry.GetRegFallback(ConfigString, String.Empty, "CRLDeltaOverlapPeriod");
}
else
{
ServerUnavailableException e = new ServerUnavailableException(DisplayName);
e.Data.Add("Source", (OfflineSource)3);
throw e;
}
}
}
/// <summary>
/// Updates KRA configuration by writing KRA certificates to Certification Authority. The method writes all certificates contained in
/// <see cref="Certificate"/> property.
/// </summary>
/// <param name="restart">
/// Indiciates whether to restart certificate services to immediately apply changes. Updated settings has no effect until
/// CA service is restarted.
/// </param>
/// <exception cref="UnauthorizedAccessException">
/// The caller do not have sufficient permissions to make changes in the CA configuration.
/// </exception>
/// <exception cref="ServerUnavailableException">
/// The target CA server could not be contacted via RPC/DCOM transport.
/// </exception>
/// <remarks>
/// <para>This method do not check whether the certificates in <see cref="Certificate"/> property are valid.
/// The caller is responsible to check if the certificates are time-valid, trusted and not revoked.</para>
/// </remarks>
/// <returns>
/// <strong>True</strong> if configuration was changed. If an object was not modified since it was instantiated, configuration is not updated
/// and the method returns <strong>False</strong>.
/// </returns>
/// <remarks>The caller must have <strong>Administrator</strong> permissions on the target CA server.</remarks>
public Boolean SetInfo(Boolean restart)
{
if (IsModified)
{
if (!CertificateAuthority.Ping(ComputerName))
{
ServerUnavailableException e = new ServerUnavailableException(DisplayName);
e.Data.Add(nameof(e.Source), OfflineSource.DCOM);
throw e;
}
CCertAdmin CertAdmin = new CCertAdmin();
try {
if (_certs.Count > 0)
{
Int32 kracount = (Int32)CertAdmin.GetCAProperty(ConfigString, CertAdmConst.CrPropKracertcount, 0, CertAdmConst.ProptypeLong, 0);
if (kracount > 0)
{
CertAdmin.SetCAProperty(ConfigString, CertAdmConst.CrPropKracertcount, 0, CertAdmConst.ProptypeLong, 0);
}
for (Int32 index = 0; index < _certs.Count; index++)
{
String der = CryptographyUtils.EncodeDerString(_certs[index].RawData);
CertAdmin.SetCAProperty(ConfigString, CertAdmConst.CrPropKracert, index, CertAdmConst.ProptypeBinary, der);
}
CertAdmin.SetCAProperty(ConfigString, CertAdmConst.CrPropKracertusedcount, 0, CertAdmConst.ProptypeLong, _certs.Count);
}
else
{
CertAdmin.SetCAProperty(ConfigString, CertAdmConst.CrPropKracertcount, 0, CertAdmConst.ProptypeLong, 0);
CertAdmin.SetCAProperty(ConfigString, CertAdmConst.CrPropKracertusedcount, 0, CertAdmConst.ProptypeLong, 0);
}
} catch (Exception e) {
throw Error.ComExceptionHandler(e);
} finally {
CryptographyUtils.ReleaseCom(CertAdmin);
}
IsModified = false;
if (restart)
{
CertificateAuthority.Restart(ComputerName);
}
return(true);
}
return(false);
}
/// <summary>
/// Updates certificate template list issued by a Certification Authority. The method writes all certificates templates contained in
/// <see cref="Templates"/> property.
/// </summary>
/// <exception cref="UnauthorizedAccessException">
/// The caller do not have sufficient permissions to make changes in the CA configuration.
/// </exception>
/// <exception cref="ServerUnavailableException">
/// The target CA server could not be contacted via RPC/DCOM transport.
/// </exception>
/// <exception cref="NotSupportedException">One or more certificate templates are not supported by this CA version.</exception>
/// <remarks>
/// For this method to succeed, the caller must be granted CA <strong>Administrator</strong> permissions.
/// </remarks>
/// <returns>
/// <strong>True</strong> if configuration was changed. If an object was not modified since it was instantiated, configuration is not updated
/// and the method returns <strong>False</strong>.
/// </returns>
/// <remarks>The caller must have <strong>Administrator</strong> permissions on the target CA server.</remarks>
public Boolean SetInfo()
{
if (!IsModified)
{
return(false);
}
if (!CertificateAuthority.Ping(ComputerName))
{
var e = new ServerUnavailableException(DisplayName);
e.Data.Add(nameof(e.Source), OfflineSource.DCOM);
throw e;
}
var writer = new CertPropWriterD(configString);
writer.SetTemplates(_templates.ToArray());
IsModified = false;
return(true);
}
void m_initialize(CertificateAuthority certificateAuthority)
{
if (!certificateAuthority.IsEnterprise)
{
throw new PlatformNotSupportedException();
}
if (!certificateAuthority.Ping())
{
ServerUnavailableException e = new ServerUnavailableException(certificateAuthority.DisplayName);
e.Data.Add(nameof(e.Source), OfflineSource.DCOM);
throw e;
}
Name = certificateAuthority.Name;
DisplayName = certificateAuthority.DisplayName;
ComputerName = certificateAuthority.ComputerName;
version = certificateAuthority.Version;
sku = certificateAuthority.Sku;
configString = certificateAuthority.ConfigString;
CCertAdmin CertAdmin = new CCertAdmin();
String templates = (String)CertAdmin.GetCAProperty(certificateAuthority.ConfigString, CertAdmConstants.CrPropTemplates, 0, CertAdmConstants.ProptypeString, 0);
List <CertificateTemplate> tobeadded = new List <CertificateTemplate>();
if (templates != String.Empty)
{
String[] SplitString = { "\n" };
String[] TempArray = templates.Split(SplitString, StringSplitOptions.RemoveEmptyEntries);
for (Int32 index = 0; index < TempArray.Length; index += 2)
{
tobeadded.Add(new CertificateTemplate("Name", TempArray[index]));
}
Templates = tobeadded.ToArray();
}
else
{
Templates = null;
}
}