/// <inheritdoc />
public void SetCertificateExtension(Int32 requestID, X509Extension extension)
{
if (extension == null)
{
throw new ArgumentNullException(nameof(extension));
}
var certAdmin = new CCertAdminClass();
// BSTR is length-prefixed type, so allocate extra 4 bytes to store BSTR length
IntPtr pbBstr = Marshal.AllocHGlobal(extension.RawData.Length + 4);
// write length in front of actual BSTR value
Marshal.WriteInt32(pbBstr, 0, extension.RawData.Length);
// copy raw bytes right after length prefix
Marshal.Copy(extension.RawData, 0, pbBstr + 4, extension.RawData.Length);
// create an instance of VARIANT and configure it
var variant = new OleAut.VARIANT {
vt = OleAut.VT_BSTR,
// the pointer to BSTR doesn't include prefix length, so skip 4 bytes
pvRecord = pbBstr + 4
};
Int32 flags = extension.Critical ? 1 : 0;
IntPtr pvarValue = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(OleAut.VARIANT)));
Marshal.StructureToPtr(variant, pvarValue, false);
try {
certAdmin.SetCertificateExtension(_configString, requestID, extension.Oid.Value, CertAdmConstants.ProptypeBinary, flags, pvarValue);
} finally {
Marshal.FreeHGlobal(pbBstr);
Marshal.FreeHGlobal(pvarValue);
CryptographyUtils.ReleaseCom(certAdmin);
}
}
/// <inheritdoc />
public Object GetConfigEntry(String entryName, String node = null)
{
if (entryName == null)
{
throw new ArgumentNullException(nameof(entryName));
}
if (String.Empty.Equals(entryName))
{
throw new ArgumentException("'entryName' parameter cannot be empty string.");
}
ICertAdmin2 certAdmin = new CCertAdminClass();
try {
return(useActive
? certAdmin.GetConfigEntry($"{ComputerName}\\{ActiveConfig}", node ?? String.Empty, entryName)
: certAdmin.GetConfigEntry(ComputerName, String.Empty, entryName));
} catch (Exception ex) {
if (ex is FileNotFoundException)
{
return(null);
}
throw;
} finally {
CryptographyUtils.ReleaseCom(certAdmin);
}
}
/// <inheritdoc />
public Int32 DeleteLastUpdatedRequests(DateTime notAfter)
{
ICertAdmin2 certAdmin = new CCertAdminClass();
try {
return(certAdmin.DeleteRow(_configString, (Int32)BulkRowRemovalOption.LastChanged, notAfter, (Int32)AdcsDbCRTable.Request, 0));
} finally {
CryptographyUtils.ReleaseCom(certAdmin);
}
}
/// <inheritdoc />
public Int32 DeleteExpiredCRLs(DateTime notAfter)
{
ICertAdmin2 certAdmin = new CCertAdminClass();
try {
return(certAdmin.DeleteRow(_configString, (Int32)BulkRowRemovalOption.Expired, notAfter, (Int32)AdcsDbCRTable.CRL, 0));
} finally {
CryptographyUtils.ReleaseCom(certAdmin);
}
}
/// <inheritdoc />
public Int32 DeleteDatabaseRow(Int32 requestID, AdcsDbCRTable table = AdcsDbCRTable.Request)
{
ICertAdmin2 certAdmin = new CCertAdminClass();
try {
return(certAdmin.DeleteRow(_configString, 0, new DateTime(), (Int32)table, requestID));
} finally {
CryptographyUtils.ReleaseCom(certAdmin);
}
}
/// <inheritdoc />
public void RevokeRequest(String serialNumber, DateTime?revocationDate = null, AdcsCrlReason reason = AdcsCrlReason.Unspecified)
{
ICertAdmin2 certAdmin = new CCertAdminClass();
try {
certAdmin.RevokeCertificate(_configString, serialNumber, (Int32)reason, revocationDate ?? DateTime.UtcNow);
} finally {
CryptographyUtils.ReleaseCom(certAdmin);
}
}
/// <inheritdoc />
public void DenyRequest(Int32 requestID)
{
ICertAdmin2 certAdmin = new CCertAdminClass();
try {
certAdmin.DenyRequest(_configString, requestID);
} finally {
CryptographyUtils.ReleaseCom(certAdmin);
}
}
/// <inheritdoc />
public AdcsPropCertState ApproveRequest(Int32 requestID)
{
ICertAdmin2 certAdmin = new CCertAdminClass();
try {
return((AdcsPropCertState)certAdmin.ResubmitRequest(_configString, requestID));
} finally {
CryptographyUtils.ReleaseCom(certAdmin);
}
}
void publishCRL(AdcsCrlPublishType crlFlags, DateTime?nexUpdate = null)
{
ICertAdmin2 certAdmin = new CCertAdminClass();
try {
certAdmin.PublishCRLs(_configString, nexUpdate ?? DateTime.UtcNow, (Int32)crlFlags);
} finally {
CryptographyUtils.ReleaseCom(certAdmin);
}
}
String readActiveConfig()
{
ICertAdmin2 certAdmin = new CCertAdminClass();
try {
String active = (String)certAdmin.GetConfigEntry(ComputerName, String.Empty, "Active");
IsAccessible = true;
return(active);
} catch {
IsAccessible = false;
} finally {
CryptographyUtils.ReleaseCom(certAdmin);
}
return(null);
}
static void Main(string[] args)
{
CCertAdminClass admin = new CCertAdminClass();
CCertEncodeAltNameClass altNames = new CCertEncodeAltNameClass();
altNames.Reset(2);
altNames.SetNameEntry(0, 3, "mail2.domain.com"); // 3 for CERT_ALT_NAME_DNS_NAME
altNames.SetNameEntry(1, 3, "websso.sysfil.systest.sanpaoloimi.com");
BStrWrapper wrapper = new BStrWrapper(altNames.Encode());
admin.SetCertificateExtension("10.190.65.163\\EDETOCVM-CA", 23, "2.5.29.17", 3, 0, wrapper); // #define PROPTYPE_BINARY 0x00000003 // Binary data
}
/// <inheritdoc />
public Int32 ImportCertificate(X509Certificate2 certificate)
{
if (certificate == null)
{
throw new ArgumentNullException(nameof(certificate));
}
ICertAdmin2 certAdmin = new CCertAdminClass();
try {
return(certAdmin.ImportCertificate(
_configString,
CryptographyUtils.EncodeDerString(certificate.RawData),
(Int32)ImportForeignOption.AllowForeign));
} finally {
CryptographyUtils.ReleaseCom(certAdmin);
}
}
/// <inheritdoc />
public AdcsPropCertState GetCertificateStatus(String serialNumber)
{
if (serialNumber == null)
{
throw new ArgumentNullException(nameof(serialNumber));
}
if (String.IsNullOrWhiteSpace(serialNumber))
{
throw new ArgumentException("'serialNumber' parameter cannot be empty string");
}
ICertAdmin2 certAdmin = new CCertAdminClass();
try {
return((AdcsPropCertState)certAdmin.IsValidCertificate(_configString, serialNumber));
} finally {
CryptographyUtils.ReleaseCom(certAdmin);
}
}
/// <inheritdoc />
public void DeleteConfigEntry(String entryName, String node = null)
{
ICertAdmin2 certAdmin = new CCertAdminClass();
try {
if (useActive)
{
certAdmin.SetConfigEntry($"{ComputerName}\\{ActiveConfig}", node ?? String.Empty, entryName, null);
}
else
{
certAdmin.SetConfigEntry(ComputerName, String.Empty, entryName, null);
}
} catch (Exception ex) {
if (!(ex is FileNotFoundException))
{
throw;
}
} finally {
CryptographyUtils.ReleaseCom(certAdmin);
}
}
/// <inheritdoc />
public void SetConfigEntry(Object data, String entryName, String node = null)
{
if (data == null)
{
throw new ArgumentNullException(nameof(data));
}
ICertAdmin2 certAdmin = new CCertAdminClass();
try {
switch (data)
{
case String _:
case Int32 _:
if (useActive)
{
certAdmin.SetConfigEntry($"{ComputerName}\\{ActiveConfig}", node ?? String.Empty, entryName, data);
}
else
{
certAdmin.SetConfigEntry(ComputerName, String.Empty, entryName, data);
}
break;
case Boolean b:
if (useActive)
{
certAdmin.SetConfigEntry($"{ComputerName}\\{ActiveConfig}", node ?? String.Empty, entryName, b ? 1 : 0);
}
else
{
certAdmin.SetConfigEntry(ComputerName, String.Empty, entryName, b ? 1 : 0);
}
break;
case IEnumerable <String> array:
if (useActive)
{
certAdmin.SetConfigEntry($"{ComputerName}\\{ActiveConfig}", node ?? String.Empty, entryName, array.ToArray());
}
else
{
certAdmin.SetConfigEntry(ComputerName, String.Empty, entryName, array.ToArray());
}
break;
case IEnumerable <Byte> array:
if (useActive)
{
certAdmin.SetConfigEntry($"{ComputerName}\\{ActiveConfig}", node ?? String.Empty, entryName, array.ToArray());
}
else
{
certAdmin.SetConfigEntry(ComputerName, String.Empty, entryName, array.ToArray());
}
break;
default:
throw new ArgumentException();
}
} finally {
CryptographyUtils.ReleaseCom(certAdmin);
}
}
