public CertificateAuthority(String computerName) { if (String.IsNullOrEmpty(computerName)) { throw new ArgumentNullException(nameof(computerName)); } // temporary. Can be overwritten later from more trustworthy source (readInfoFromDsEntry) ComputerName = computerName; IsAccessible = Ping(computerName); _regReader = new CertSrvConfigUtil(computerName); // try to find in AD if possible ICertConfigEntryD dsEntry = lookInDs(computerName); // if we found in AD, then it is easy money. Or read directly from server if (dsEntry != null) { readInfoFromDsEntry(dsEntry); getDistinguishedName(dsEntry); } else { readInfoFromServer(); } _propReader = new CertPropReaderD(ConfigString, false); // read other stuff initialize(); }
CertificateAuthority(ICertConfigEntryD entry) { IsAccessible = Ping(entry.ComputerName); // write basic info from ICertConfig without contacting the server. readInfoFromDsEntry(entry); _regReader = new CertSrvConfigUtil(ComputerName); // Cause delay 2x (1xRegistry, 1xDCOM) _propReader = new CertPropReaderD(ComputerName, false); // read other stuff initialize(); }
void readInfoFromDsEntry(ICertConfigEntryD dsEntry) { ComputerName = dsEntry.ComputerName; Name = dsEntry.CommonName; DisplayName = dsEntry.DisplayName; ConfigString = dsEntry.ConfigString; if (dsEntry.WebEnrollmentServers != null) { EnrollmentEndpoints.AddRange(dsEntry.WebEnrollmentServers.Select(x => new PolicyEnrollEndpointUri(x))); } }
void getDistinguishedName(ICertConfigEntryD dsEntry) { if (dsEntry == null || (dsEntry.Flags & CertConfigLocation.DsEntry) == 0) { return; } // at this point we know that we are connected to AD and can try to lookup for DistinguishedName attribute. //Console.WriteLine($"DEBUG: user forest : {DsUtils.GetCurrentForestName()}"); //Console.WriteLine($"DEBUG: computer forest : {DsUtils.GetComputerForestName()}"); //Console.WriteLine($"DEBUG: user domain : {DsUtils.GetUserDomainName()}"); //Console.WriteLine($"DEBUG: computer domain : {DsUtils.GetComputerDomainName()}"); //Console.WriteLine($"DEBUG: domain path 1 : {String.Join(".", ComputerName.Split('.').Where((v, i) => i != 0))}"); //Console.WriteLine($"DEBUG: domain path : {String.Join(",DC=", ComputerName.Split('.').Where((v, i) => i != 0))}"); //Console.WriteLine($"DEBUG: config context : {DsUtils.ConfigContext}"); //String domain = String.Join(",DC=", ComputerName.Split('.').Where((v, i) => i != 0)); var dsEnroll = (DsCertEnrollContainer)DsPkiContainer.GetAdPkiContainer(DsContainerType.EnrollmentServices); DistinguishedName = dsEnroll.EnrollmentServers .FirstOrDefault(x => x.ComputerName.Equals(ComputerName, StringComparison.OrdinalIgnoreCase)) ?.DistinguishedName; //Console.WriteLine($"DEBUG: full dn : {dn}"); }