public void Setup()
{
AdcsTemplate result = null;
try
{
result = configDb.Get <AdcsTemplate>(x => x.Cipher == CipherAlgorithm.RSA && x.WindowsApi == WindowsApi.CryptoApi && x.KeyUsage == KeyUsage.ServerAuthentication).First();
//result = configDb.GetAdcsTemplate(HashAlgorithm.SHA256, CipherAlgorithm.RSA, WindowsApi.CryptoApi, KeyUsage.ServerAuthentication);
}
catch
{
if (result == null)
{
configDb.Insert <AdcsTemplate>(new AdcsTemplate()
{
WindowsApi = WindowsApi.CryptoApi,
Cipher = CipherAlgorithm.RSA,
//Hash = HashAlgorithm.SHA256,
KeyUsage = KeyUsage.ServerAuthentication,
Name = "ServerAuthentication-CapiRsa"
});
}
}
ActiveDirectoryMetadata idp = configDb.GetAll <ActiveDirectoryMetadata>().FirstOrDefault();
configDb.DropCollection <PrivateCertificateAuthorityConfig>();
PrivateCertificateAuthorityConfig caConfig = new PrivateCertificateAuthorityConfig()
{
CommonName = caCommonName,
ServerName = caServerName,
HashAlgorithm = HashAlgorithm.SHA256,
IdentityProviderId = idp.Id
};
}
public MicrosoftCertificateAuthorityOptions GetPrivateCertificateAuthorityOptions(HashAlgorithm hash)
{
PrivateCertificateAuthorityConfig caConfig = this.GetPrivateCertificateAuthorityConfigByHash(hash);
ActiveDirectoryMetadata idp = this.Get <ActiveDirectoryMetadata>(caConfig.IdentityProviderId);
MicrosoftCertificateAuthorityAuthenticationType authType;
if (idp.ActiveDirectoryMetadataType == Entities.Enumerations.ActiveDirectoryMetadataType.ActiveDirectoryBasic)
{
authType = MicrosoftCertificateAuthorityAuthenticationType.UsernamePassword;
}
else
{
authType = MicrosoftCertificateAuthorityAuthenticationType.WindowsKerberos;
}
MicrosoftCertificateAuthorityOptions options = new MicrosoftCertificateAuthorityOptions()
{
AuthenticationRealm = idp.Domain,
AuthenticationType = authType,
HashAlgorithm = hash,
CommonName = caConfig.CommonName,
ServerName = caConfig.ServerName,
Id = caConfig.Id,
Password = idp.Password,
Username = idp.Username
};
return(options);
}
public void UpdatePrivateCertificateAuthority(PrivateCertificateAuthorityConfig ca)
{
PrivateCertificateAuthorityConfig existingCa = configurationRepository.Get <PrivateCertificateAuthorityConfig>(ca.Id);
ca.Id = existingCa.Id;
configurationRepository.Update <PrivateCertificateAuthorityConfig>(ca);
}
private PrivateCertificateAuthorityConfig GetPrivateCertificateAuthorityConfigByHash(HashAlgorithm hash)
{
LiteCollection <PrivateCertificateAuthorityConfig> col = db.GetCollection <PrivateCertificateAuthorityConfig>(privateCertificateAuthorityCollectionName);
PrivateCertificateAuthorityConfig options = col.FindOne(Query.EQ("HashAlgorithm", hash.ToString()));
if (options == null)
{
throw new ConfigurationItemNotFoundException("could not find valid ca");
}
else
{
return(options);
}
}
public void AddPrivateCertificateAuthority(string serverName, string commonName, HashAlgorithm hash, Guid activeDirectoryIdentityProviderId)
{
if (string.IsNullOrWhiteSpace(serverName))
{
throw new ArgumentNullException(nameof(serverName));
}
if (string.IsNullOrWhiteSpace(commonName))
{
throw new ArgumentNullException(nameof(commonName));
}
PrivateCertificateAuthorityConfig ca = new PrivateCertificateAuthorityConfig()
{
Id = Guid.NewGuid(),
CommonName = commonName,
HashAlgorithm = hash,
ServerName = serverName,
IdentityProviderId = activeDirectoryIdentityProviderId
};
configurationRepository.Insert <PrivateCertificateAuthorityConfig>(ca);
}
public JsonResult AddCertificateAuthority(PrivateCertificateAuthorityConfig ca)
{
caConfigLogic.AddPrivateCertificateAuthority(ca);
return(http.RespondSuccess(ca));
}
public void InitializeTest()
{
user = new Mock <ClaimsPrincipal>();
string configPath = Path.GetTempFileName();
configDb = new LiteDbConfigurationRepository(configPath);
configDb.Insert <AdcsTemplate>(new AdcsTemplate()
{
WindowsApi = WindowsApi.CryptoApi,
Cipher = CipherAlgorithm.RSA,
//Hash = HashAlgorithm.SHA256,
KeyUsage = KeyUsage.ServerAuthentication,
Name = "ServerAuthentication-CapiRsa"
});
configDb.Insert <AdcsTemplate>(new AdcsTemplate()
{
WindowsApi = WindowsApi.CryptoApi,
Cipher = CipherAlgorithm.RSA,
//Hash = HashAlgorithm.SHA256,
KeyUsage = KeyUsage.None,
Name = "NoKeyUsage-CapiRsa"
});
configDb.Insert <AdcsTemplate>(new AdcsTemplate()
{
WindowsApi = WindowsApi.Cng,
Cipher = CipherAlgorithm.RSA,
// Hash = HashAlgorithm.SHA256,
KeyUsage = KeyUsage.ServerAuthentication,
Name = "ServerAuthentication-CngRsa"
});
configDb.Insert <AdcsTemplate>(new AdcsTemplate()
{
WindowsApi = WindowsApi.Cng,
Cipher = CipherAlgorithm.RSA,
//Hash = HashAlgorithm.SHA256,
KeyUsage = KeyUsage.ServerAuthentication | KeyUsage.ClientAuthentication,
Name = "ClientServerAuthentication-CngRsa"
});
configDb.Insert <AdcsTemplate>(new AdcsTemplate()
{
WindowsApi = WindowsApi.Cng,
Cipher = CipherAlgorithm.ECDH,
//Hash = HashAlgorithm.SHA256,
KeyUsage = KeyUsage.ServerAuthentication,
Name = "ServerAuthentication-CngEcdh"
});
configDb.Insert <AdcsTemplate>(new AdcsTemplate()
{
WindowsApi = WindowsApi.Cng,
Cipher = CipherAlgorithm.ECDSA,
//Hash = HashAlgorithm.SHA256,
KeyUsage = KeyUsage.ServerAuthentication,
Name = "ServerAuthentication-CngEcdsa"
});
Logic.SecretKeyProvider secretKeyProvider = new Logic.SecretKeyProvider();
AppConfig appConfig = new AppConfig()
{
EncryptionKey = secretKeyProvider.NewSecretBase64(32)
};
configDb.SetAppConfig(appConfig);
ActiveDirectoryMetadata identitySource = new ActiveDirectoryMetadata()
{
Domain = "cm.local",
Enabled = true,
ActiveDirectoryMetadataType = ActiveDirectoryMetadataType.ActiveDirectoryBasic,
Id = Guid.NewGuid(),
Name = "cm.local",
Password = password,
Username = username,
SearchBase = "DC=cm,DC=local"
};
PrivateCertificateAuthorityConfig caConfig = new PrivateCertificateAuthorityConfig()
{
CommonName = caCommonName,
ServerName = caServerName,
HashAlgorithm = HashAlgorithm.SHA256,
Id = Guid.NewGuid(),
IdentityProviderId = identitySource.Id
};
configDb.Insert <PrivateCertificateAuthorityConfig>(caConfig);
configDb.Insert <ActiveDirectoryMetadata>(identitySource);
templateLogic = new AdcsTemplateLogic(configDb, activeDirectory);
KeyUsage keyUsage = KeyUsage.ClientAuthentication | KeyUsage.ServerAuthentication;
//AdcsTemplate config = configDb.Get<AdcsTemplate>(x => x.Cipher == CipherAlgorithm.RSA && x.WindowsApi == WindowsApi.Cng && x.KeyUsage == keyUsage).First();
//var config = configDb.GetAdcsTemplate(HashAlgorithm.SHA256, CipherAlgorithm.RSA, WindowsApi.Cng, KeyUsage.ClientAuthentication | KeyUsage.ServerAuthentication);
string certDbPath = Path.GetTempFileName();
certDb = new LiteDbCertificateRepository(certDbPath);
}
public void AddPrivateCertificateAuthority(PrivateCertificateAuthorityConfig ca)
{
ca.Id = Guid.NewGuid();
configurationRepository.Insert <PrivateCertificateAuthorityConfig>(ca);
}
