/// <summary> /// Submit a certificate signing request to a certificate authority, such as a server running Active Directory Certificate Services, and return the certificate or response. /// </summary> /// <param name="csr">Certificate signing request to be submitted.</param> /// <param name="friendlyName">The friendly name of the certificate.</param> /// <param name="caServer">The certificate authority server instance.</param> /// <param name="csrResponse">Response from the certificate signing request, represented as a CsrResponse enum.</param> /// <param name="dispositionMessage">Message returned when a certificate signing fails.</param> public X509Certificate2 SubmitCertificateSigningRequest(CX509CertificateRequestCertificate csr, string friendlyName, string caServer, out CsrResponse csrResponse, out string dispositionMessage) { // Convert the certificate signing request to base-64.. CX509Enrollment enrollment = new CX509Enrollment(); enrollment.InitializeFromRequest(csr); enrollment.CertificateFriendlyName = friendlyName; string csrText = enrollment.CreateRequest(EncodingType.XCN_CRYPT_STRING_BASE64); // Submit the request to the certificate authority. CCertRequest certRequest = new CCertRequest(); int csrResponseCode = certRequest.Submit(CR_IN_BASE64 | CR_IN_FORMATANY, csrText, string.Empty, caServer); // React to our response response from the certificate authority. switch (csrResponseCode) { case 3: // Issued. csrResponse = CsrResponse.CR_DISP_ISSUED; dispositionMessage = ""; return new X509Certificate2(Encoding.UTF8.GetBytes(certRequest.GetCertificate(CR_OUT_BASE64 | CR_OUT_CHAIN))); case 5: // Pending. csrResponse = CsrResponse.CR_DISP_UNDER_SUBMISSION; dispositionMessage = ""; return null; default: // Failure. csrResponse = CsrResponse.CR_DISP_FAILED; dispositionMessage = certRequest.GetDispositionMessage(); return null; } }
private void btn_savepfx_Click(object sender, RoutedEventArgs e) { string passwd = txt_Pfxpasswd.Password; string caserver = txt_CAServer.Text; string dir = Directory.GetParent(Assembly.GetExecutingAssembly().Location).ToString(); if (Certs.Count == 0) { MessageBox.Show("No Request(s) To Save"); return; } foreach (Certificates c in Certs) { if (c.Status != "File Created!" && c.Status == "certificate issued") { CX509Enrollment objEnroll = new CX509EnrollmentClass(); var objCertRequest = new CCertRequest(); var iDisposition = objCertRequest.RetrievePending(Convert.ToInt32(c.ID), caserver); if (Convert.ToInt32(iDisposition) == 3) { var cert = objCertRequest.GetCertificate(CR_OUT_BASE64 | CR_OUT_CHAIN); objEnroll.Initialize(X509CertificateEnrollmentContext.ContextUser); objEnroll.InstallResponse( InstallResponseRestrictionFlags.AllowUntrustedRoot, cert, EncodingType.XCN_CRYPT_STRING_BASE64, null ); c.Status = "File Created!"; var fil = objEnroll.CreatePFX(passwd, PFXExportOptions.PFXExportChainWithRoot, EncodingType.XCN_CRYPT_STRING_BASE64); System.IO.File.WriteAllText(dir + @"\" + c.FQDN + ".pfx", fil); } } } }
public static bool Enroll(string username, WindowsCertificate agentCertificate, string caConfig, string template, string csr, out string errorMessage, out X509Certificate2 cert) { errorMessage = null; cert = null; string argsUser = username; X509Store store = new X509Store("My", StoreLocation.CurrentUser); store.Open(OpenFlags.ReadOnly); // Create a PKCS 10 inner request. CX509CertificateRequestPkcs10 pkcs10Req; try { pkcs10Req = new CX509CertificateRequestPkcs10(); pkcs10Req.InitializeDecode(csr, EncodingType.XCN_CRYPT_STRING_BASE64_ANY); } catch (Exception ex) { errorMessage = "Unable to create PKCS10 request, malformed CSR?" + Environment.NewLine + ex.Message; return(false); } // Create a CMC outer request and initialize CX509CertificateRequestCmc cmcReq; try { cmcReq = new CX509CertificateRequestCmc(); cmcReq.InitializeFromInnerRequestTemplateName(pkcs10Req, template); cmcReq.RequesterName = argsUser; } catch (Exception ex) { errorMessage = "Unable to create CMC request, bad certificate template?" + Environment.NewLine + ex.Message; return(false); } if (agentCertificate.StoreLocation == StoreLocation.CurrentUser) { try { CSignerCertificate signer = new CSignerCertificate(); signer.Initialize(false, X509PrivateKeyVerify.VerifyNone, EncodingType.XCN_CRYPT_STRING_HEXRAW, agentCertificate.Certificate.Thumbprint); cmcReq.SignerCertificate = signer; } catch (COMException ex) when(ex.HResult == (int)WindowsCryptoApiErrors.CRYPT_E_NOT_FOUND) { errorMessage = "Agent certificate was not found in the CurrentUser store"; return(false); } catch (COMException ex) when(ex.HResult == (int)WindowsCryptoApiErrors.NTE_NO_KEY) { errorMessage = "Could not access the key of the agent certificate. Perhaps you do not have permissions for it?" + Environment.NewLine + Environment.NewLine + "Consult the manual for more information"; return(false); } catch (Exception ex) { errorMessage = "Unable to initialize signer, bad agent certificate?" + Environment.NewLine + ex.Message; return(false); } } else if (agentCertificate.StoreLocation == StoreLocation.LocalMachine) { try { CSignerCertificate signer = new CSignerCertificate(); signer.Initialize(true, X509PrivateKeyVerify.VerifyNone, EncodingType.XCN_CRYPT_STRING_HEXRAW, agentCertificate.Certificate.Thumbprint); cmcReq.SignerCertificate = signer; } catch (COMException ex) when(ex.HResult == (int)WindowsCryptoApiErrors.CRYPT_E_NOT_FOUND) { errorMessage = "Agent certificate was not found in the LocalMachine store"; return(false); } catch (COMException ex) when(ex.HResult == (int)WindowsCryptoApiErrors.NTE_NO_KEY) { errorMessage = "Could not access the key of the agent certificate. Perhaps you do not have permissions for it?" + Environment.NewLine + Environment.NewLine + "Consult the manual for more information"; return(false); } catch (Exception ex) { errorMessage = "Unable to initialize signer, bad agent certificate?" + Environment.NewLine + ex.Message; return(false); } } else { errorMessage = "Agent certificate was not found in any store"; return(false); } // encode the request cmcReq.Encode(); string strRequest = cmcReq.RawData[EncodingType.XCN_CRYPT_STRING_BASE64]; CCertRequest objCertRequest = new CCertRequest(); // Get CA config from UI string strCAConfig = caConfig; // Submit the request int iDisposition; try { iDisposition = objCertRequest.Submit(CR_IN_BASE64 | CR_IN_FORMATANY, strRequest, null, strCAConfig); } catch (Exception ex) { errorMessage = "Unable to submit signing request, bad CA config?" + Environment.NewLine + ex.Message; return(false); } // Check the submission status if (CR_DISP_ISSUED != iDisposition) // Not enrolled { string strDisposition = objCertRequest.GetDispositionMessage(); errorMessage = strDisposition; if (CR_DISP_UNDER_SUBMISSION == iDisposition) { return(false); } errorMessage = errorMessage + Environment.NewLine + objCertRequest.GetLastStatus(); return(false); } // Get the certificate string strCert = objCertRequest.GetCertificate(CR_OUT_BASE64); byte[] rawCert = Convert.FromBase64String(strCert); cert = new X509Certificate2(rawCert); return(true); }
public string SendRequest(string request, string caserver) { var objCertRequest = new CCertRequest(); var iDisposition = objCertRequest.Submit( (int)Encoding.CR_IN_BASE64 | (int)Format.CR_IN_FORMATANY, //http://msdn.microsoft.com/en-us/library/windows/desktop/aa385054(v=vs.85).aspx request, string.Empty, caserver); return objCertRequest.GetRequestId().ToString(); }
public string SendRequestToCA(string certRequest) { // Create objects var certConfig = new CCertConfig(); var objCertRequest = new CCertRequest(); var caConfig = certConfig.GetConfig(CC_DEFAULTCONFIG); // Submit the request var iDisposition = objCertRequest.Submit( CR_IN_BASE64 | CR_IN_FORMATANY, certRequest, null, caConfig ); // Check the submission status if (CR_DISP_ISSUED != iDisposition) // Not enrolled { var strDis = objCertRequest.GetDispositionMessage(); Console.WriteLine(strDis); } // Get the certificate var strCert = objCertRequest.GetCertificate(CR_OUT_BASE64 | CR_OUT_CHAIN); return(strCert); }
public string SendRequest(string createRequest, string caServer, string templateName, string additionalAttributes = "") { var attributes = string.Format("CertificateTemplate: {0}", templateName); if (!string.IsNullOrEmpty(additionalAttributes)) { attributes += "\n" + additionalAttributes; } var certRequest = new CCertRequest(); var requestResult = (RequestDisposition)certRequest.Submit((int)EncodingType.XCN_CRYPT_STRING_BASE64HEADER, createRequest, attributes, caServer); string cert = null; if (requestResult == RequestDisposition.CR_DISP_ISSUED) { cert = certRequest.GetCertificate((int)EncodingType.XCN_CRYPT_STRING_BASE64REQUESTHEADER); } return(cert); }
public string RetrieveCertStatus(int id, string caServer) { int strDisposition; var msg = ""; var objCertRequest = new CCertRequest(); strDisposition = objCertRequest.RetrievePending(id, caServer); switch (strDisposition) { case (int)RequestDisposition.CR_DISP_INCOMPLETE: msg = "incomplete certificate"; break; case (int)RequestDisposition.CR_DISP_DENIED: msg = "request denied"; break; case (int)RequestDisposition.CR_DISP_ISSUED: msg = "certificate issued"; break; case (int)RequestDisposition.CR_DISP_UNDER_SUBMISSION: msg = "request pending"; break; case (int)RequestDisposition.CR_DISP_REVOKED: msg = "certificate revoked"; break; } return(msg); }
/// <summary> /// Retrieves the most recent 'CA Exchange' certificate. If the certificate does not exist, the method /// will instruct CA server to generate or enroll a new one. /// </summary> /// <exception cref="UninitializedObjectException">The object is not properly initialized.</exception> /// <exception cref="ServerUnavailableException">CA server is not accessible via RPC/DCOM.</exception> /// <exception cref="UnauthorizedAccessException">The caller do not have at least <strong>Read</strong> permissions.</exception> /// <exception cref="PlatformNotSupportedException">Current CA is not <strong>Enterprise CA</strong>. Only Enterprise CAs supports this feature.</exception> /// <returns>CA Exchange certificate.</returns> public X509Certificate2 GetCAExchangeCertificate() { if (String.IsNullOrEmpty(Name)) { throw new UninitializedObjectException(); } if (!IsEnterprise) { throw new PlatformNotSupportedException(Error.E_NONENTERPRISE); } if (!Ping()) { ServerUnavailableException e = new ServerUnavailableException(DisplayName); e.Data.Add(nameof(e.Source), OfflineSource.DCOM); throw e; } var CertRequest = new CCertRequest(); try { Int32 index = (Int32)CertRequest.GetCAProperty(ConfigString, CertAdmConstants.CrPropCaxchgcertcount, 0, 1, 0) - 1; if (index >= 0) { String Base64 = (String)CertRequest.GetCAProperty(ConfigString, CertAdmConstants.CrPropCaxchgcert, index, 3, 1); return(new X509Certificate2(Convert.FromBase64String(Base64))); } throw new Exception(String.Format(Error.E_XCHGUNAVAILABLE, DisplayName)); } catch (Exception e) { throw Error.ComExceptionHandler(e); } finally { CryptographyUtils.ReleaseCom(CertRequest); } }
/// <summary> /// Submit a certificate signing request to a certificate authority, such as a server running Active Directory Certificate Services, and return the certificate or response. /// </summary> /// <param name="csr">Certificate signing request to be submitted.</param> /// <param name="friendlyName">The friendly name of the certificate.</param> /// <param name="caServer">The certificate authority server instance.</param> /// <param name="csrResponse">Response from the certificate signing request, represented as a CsrResponse enum.</param> /// <param name="dispositionMessage">Message returned when a certificate signing fails.</param> public X509Certificate2 SubmitCertificateSigningRequest(CX509CertificateRequestCertificate csr, string friendlyName, string caServer, out CsrResponse csrResponse, out string dispositionMessage) { // Convert the certificate signing request to base-64.. CX509Enrollment enrollment = new CX509Enrollment(); enrollment.InitializeFromRequest(csr); enrollment.CertificateFriendlyName = friendlyName; string csrText = enrollment.CreateRequest(EncodingType.XCN_CRYPT_STRING_BASE64); // Submit the request to the certificate authority. CCertRequest certRequest = new CCertRequest(); int csrResponseCode = certRequest.Submit(CR_IN_BASE64 | CR_IN_FORMATANY, csrText, string.Empty, caServer); // React to our response response from the certificate authority. switch (csrResponseCode) { case 3: // Issued. csrResponse = CsrResponse.CR_DISP_ISSUED; dispositionMessage = ""; return(new X509Certificate2(Encoding.UTF8.GetBytes(certRequest.GetCertificate(CR_OUT_BASE64 | CR_OUT_CHAIN)))); case 5: // Pending. csrResponse = CsrResponse.CR_DISP_UNDER_SUBMISSION; dispositionMessage = ""; return(null); default: // Failure. csrResponse = CsrResponse.CR_DISP_FAILED; dispositionMessage = certRequest.GetDispositionMessage(); return(null); } }
//get the certifacte status from the ca public int retrieveStatus(int requestID, string hostname) { int iDisposition; string strCAConfig; CCertConfig objCertConfig = new CCertConfig(); CCertRequest objCertRequest = new CCertRequest(); try { SqlLite sql = new SqlLite(); /*Cheking if host name and req is belong to each other*/ if (sql.checkHostnameWithreqID(requestID, hostname)) { return(-6); } if (sql.checkcertFlag(requestID)) //checking if the client allreay consumed the certificate { return(-3); } strCAConfig = objCertConfig.GetConfig(CC_DEFAULTCONFIG); //connect to the ca iDisposition = objCertRequest.RetrievePending(requestID, strCAConfig); //retrive the certifcate status from the ca sql.updateTable(iDisposition, requestID); //updat certificate table with more information about the cert return(iDisposition); //return cert status } catch (Exception ex) { Console.Write(ex.Message); return(-2); } }
//submit the request that created in the createCertifcate to the CA public int SubmitRequest(string certrequest, string hostname) { CCertConfig objCertConfig = new CCertConfig(); CCertRequest objCertRequest = new CCertRequest(); // CCertAdmin objCertAdmin = new CCertAdmin(); string strCAConfig; int iDisposition; int requestID; string errorStatus; try { strCAConfig = objCertConfig.GetConfig(CC_DEFAULTCONFIG); //connect to the ca iDisposition = objCertRequest.Submit(CR_IN_BASE64, certrequest, null, strCAConfig); //submit the certiface request to the ca requestID = objCertRequest.GetRequestId(); //get the requestid that was created -the certifacte is in pending status Database db = new Database(); db.InsertToCertificateTable(hostname, iDisposition, requestID); //insert first certificate information // objCertAdmin.ResubmitRequest(strCAConfig, requestID); return(requestID); //return the reqid that was created for the certificate request in the pending queue } catch (Exception ex) { errorStatus = ex.Message; Database db = new Database(); db.InsertToErrorMessageTable(hostname, 0, ex.Message, "SubmitRequest");//insert Error Message into The Error Table Log In The DataBase return(0); } }
//get the issue Certificate from the ca public string GetCertificate(int requestID) { int iDisposition; int status = 0; string strCAConfig; string pstrCertificate; Database db = new Database(); pstrCertificate = null; CCertConfig objCertConfig = new CCertConfig(); CCertRequest objCertRequest = new CCertRequest(); try { strCAConfig = objCertConfig.GetConfig(CC_DEFAULTCONFIG); //connect to the ca iDisposition = objCertRequest.RetrievePending(requestID, strCAConfig); //getting certificate stauts must before getting the cert pstrCertificate = objCertRequest.GetCertificate(CR_OUT_BASE64); //retrive the Certificate status = db.UpdateCertificateInfo(pstrCertificate, requestID); //update cert with more information if (status == 0) { Certificate cert = new Certificate { CertValue = pstrCertificate }; //creatre cert with JSON type string certJson = Newtonsoft.Json.JsonConvert.SerializeObject(cert); //creatre cert with JSON type return(certJson); //return certificate } else { return("error Update Certificate Table"); } } catch (Exception ex) { db.InsertToErrorMessageTable("", requestID, ex.Message, "GetCertificate");//insert Error Message into The Error Table Log In The DataBase return("error" + ex.Message); } }
public IEnumerable <Template> GetCaTemplates(string caServer) { var certRequest = new CCertRequest(); var templates = new List <Template>(); var regex = new Regex(@"([A-Za-z]+)"); var value = certRequest.GetCAProperty(caServer, 29, 0, 4, 0).ToString(); var lines = Regex.Split(value, @"\n"); foreach (var line in lines) { var match = regex.Match(line); if (match.Success) { templates.Add(new Template { Name = line }); } } return(templates); }
void m_initialize(CertificateAuthority certificateAuthority) { if (!certificateAuthority.IsEnterprise) { throw new PlatformNotSupportedException(); } if (!certificateAuthority.Ping()) { var e = new ServerUnavailableException(certificateAuthority.DisplayName); e.Data.Add(nameof(e.Source), OfflineSource.DCOM); throw e; } Name = certificateAuthority.Name; DisplayName = certificateAuthority.DisplayName; ComputerName = certificateAuthority.ComputerName; version = certificateAuthority.Version; sku = certificateAuthority.Sku; configString = certificateAuthority.ConfigString; var CertAdmin = new CCertRequest(); String templates = (String)CertAdmin.GetCAProperty(certificateAuthority.ConfigString, CertAdmConstants.CrPropTemplates, 0, CertAdmConstants.ProptypeString, 0); var toBeAdded = new List <CertificateTemplate>(); if (templates != String.Empty) { String[] SplitString = { "\n" }; String[] TempArray = templates.Split(SplitString, StringSplitOptions.RemoveEmptyEntries); for (Int32 index = 0; index < TempArray.Length; index += 2) { toBeAdded.Add(new CertificateTemplate("Name", TempArray[index])); } Templates = toBeAdded.ToArray(); } else { Templates = new CertificateTemplate[0]; } }
/// <summary> /// Returns all CA certificates. /// </summary> /// <exception cref="UninitializedObjectException"> /// Current object is not initialized. /// </exception> /// <exception cref="ServerUnavailableException"> /// Current CA server could not be contacted via remote registry and RPC protocol. /// </exception> /// <returns>A collection of CA certificates.</returns> public X509Certificate2Collection GetCACerts() { if (String.IsNullOrEmpty(Name)) { throw new UninitializedObjectException(); } if (!Ping()) { var e = new ServerUnavailableException(DisplayName); e.Data.Add(nameof(e.Source), OfflineSource.DCOM); throw e; } var CertRequest = new CCertRequest(); var certs = new X509Certificate2Collection(); Int32 count = (Int32)CertRequest.GetCAProperty(ConfigString, CertAdmConstants.CrPropCasigcertcount, 0, 1, 0); for (Int32 index = 0; index < count; index++) { certs.Add(new X509Certificate(Convert.FromBase64String((String)CertRequest.GetCAProperty(ConfigString, CertAdmConstants.CrPropCasigcert, index, 3, 1)))); } CryptographyUtils.ReleaseCom(CertRequest); return(certs); }
//get the certifacte status from the ca public int RetrieveRequestStatus(int requestID, string hostname) { int iDisposition; string strCAConfig; CCertConfig objCertConfig = new CCertConfig(); CCertRequest objCertRequest = new CCertRequest(); try { Database db = new Database(); /*Cheking if host name and req is belong to each other*/ if (db.CheckIfReqIDBelongToHost(requestID, hostname)) { return(-6); } if (db.CheckIfCertificateConsumed(requestID)) //checking if the client allreay consumed the certificate { return(-3); } strCAConfig = objCertConfig.GetConfig(CC_DEFAULTCONFIG); //connect to the ca iDisposition = objCertRequest.RetrievePending(requestID, strCAConfig); //retrive the certifcate status from the ca db.UpdateUnlockFlagAndStatus(iDisposition, requestID); //updat certificate table with more information about the cert return(iDisposition); //return cert status } catch (Exception ex) { Database db = new Database(); db.InsertToErrorMessageTable(hostname, requestID, ex.Message, "RetrieveRequestStatus");//insert Error Message into The Error Table Log In The DataBase return(-2); } }
private static void Enroll(string publicKeyAsPem, string username, string agentCertificate, string caConfig) { string argsKey = agentCertificate; string argsUser = username; X509Store store = new X509Store("My", StoreLocation.CurrentUser); store.Open(OpenFlags.ReadOnly); publicKeyAsPem = string.Join("", publicKeyAsPem.Split(new[] { "\r\n" }, StringSplitOptions.RemoveEmptyEntries).Where(s => !s.StartsWith("--"))); // Create a PKCS 10 inner request. CX509PublicKey pubKey = new CX509PublicKey(); pubKey.InitializeFromEncodedPublicKeyInfo(publicKeyAsPem); CObjectId sha512 = new CObjectId(); sha512.InitializeFromValue("2.16.840.1.101.3.4.2.3"); CX509CertificateRequestPkcs10 pkcs10Req = new CX509CertificateRequestPkcs10(); pkcs10Req.InitializeFromPublicKey(X509CertificateEnrollmentContext.ContextUser, pubKey, ""); pkcs10Req.HashAlgorithm = sha512; string toSign = pkcs10Req.RawDataToBeSigned[EncodingType.XCN_CRYPT_STRING_HASHDATA]; //using (YubikeyPivTool piv = new YubikeyPivTool()) //{ // //piv. //} // Create a CMC outer request and initialize CX509CertificateRequestCmc cmcReq = new CX509CertificateRequestCmc(); cmcReq.InitializeFromInnerRequestTemplateName(pkcs10Req, "SmartcardLogon"); cmcReq.RequesterName = argsUser; CSignerCertificate signer = new CSignerCertificate(); signer.Initialize(false, X509PrivateKeyVerify.VerifyNone, (EncodingType)0xc, argsKey); cmcReq.SignerCertificate = signer; // encode the request cmcReq.Encode(); string strRequest = cmcReq.RawData[EncodingType.XCN_CRYPT_STRING_BASE64]; CCertRequest objCertRequest = new CCertRequest(); // Get CA config from UI string strCAConfig = caConfig; // Submit the request int iDisposition = objCertRequest.Submit(CR_IN_BASE64 | CR_IN_FORMATANY, strRequest, null, strCAConfig); // Check the submission status if (CR_DISP_ISSUED != iDisposition) // Not enrolled { string strDisposition = objCertRequest.GetDispositionMessage(); if (CR_DISP_UNDER_SUBMISSION == iDisposition) { Console.WriteLine("The submission is pending: " + strDisposition); return; } Console.WriteLine("The submission failed: " + strDisposition); Console.WriteLine("Last status: " + objCertRequest.GetLastStatus()); return; } // Get the certificate string strCert = objCertRequest.GetCertificate(CR_OUT_BASE64); string argsCrt = "tmp.crt"; File.WriteAllText(argsCrt, "-----BEGIN CERTIFICATE-----\n" + strCert + "-----END CERTIFICATE-----\n"); }
public string SelectCA() { var certConfig = new CCertConfig(); var certRequest = new CCertRequest(); try { // Get CA config from UI var caConfig = certConfig.GetConfig((int)CertificateConfiguration.CC_UIPICKCONFIG); if (string.IsNullOrWhiteSpace(caConfig)) { return(null); } // Get CA Connection string var ca = certConfig.GetField("Config"); // Get CA Type var caType = certRequest.GetCAProperty(caConfig, 10, 0, 1, 0).ToString(); var caTypeText = ""; switch (caType) { case "0": caTypeText = "ENTERPRISE ROOT CA"; break; case "1": caTypeText = "ENTERPRISE SUB CA"; break; case "3": caTypeText = "STANDALONE ROOT CA"; break; case "4": caTypeText = "STANDALONE SUB CA"; break; } return(ca); } catch (Exception ex) { string error = null; if (ex.HResult.ToString() == "-2147023673") { error = "Closed By user"; } else if (ex.HResult.ToString() == "-2147024637") { error = "Can't find available Servers"; } else { error = ex.Message + " " + ex.HResult; } throw new Exception(error, ex); } }
private void btn_savecer_Click(object sender, RoutedEventArgs e) { string caserver = txt_CAServer.Text; string dir = Directory.GetParent(Assembly.GetExecutingAssembly().Location).ToString(); if (Certs.Count == 0) { MessageBox.Show("No Request(s) To Save"); return; } foreach (Certificates c in Certs) { var objCertRequest = new CCertRequest(); int reqid = Convert.ToInt32(c.ID); var iDisposition = objCertRequest.RetrievePending(reqid, caserver); if (Convert.ToInt32(iDisposition) == 3) { string cert = objCertRequest.GetCertificate(0); System.IO.File.WriteAllText(dir + @"\" + c.FQDN + ".cer", cert); c.Status = "File Created!"; } } }
static void Main(string[] args) { if (args.Length != 5) { Console.WriteLine("Usage: Signer.exe [EnrollmentCertificateThumbprint] [BehalfOfUser] [PathToCSR] [OutputFileName] [CertificateTemplate]"); return; } string argsKey = args[0]; string argsUser = args[1]; string argsCsr = args[2]; string argsCrt = args[3]; string argsCrtTmpl = args[4]; string csr = string.Join("\n", File.ReadAllLines(argsCsr).Where(s => s.Length > 0 && !s.StartsWith("--"))); // Create a PKCS 10 inner request. CX509CertificateRequestPkcs10 pkcs10Req = new CX509CertificateRequestPkcs10(); pkcs10Req.InitializeDecode(csr); // Create a CMC outer request and initialize CX509CertificateRequestCmc cmcReq = new CX509CertificateRequestCmc(); cmcReq.InitializeFromInnerRequestTemplateName(pkcs10Req, argsCrtTmpl); cmcReq.RequesterName = argsUser; CSignerCertificate signer = new CSignerCertificate(); signer.Initialize(false, X509PrivateKeyVerify.VerifyNone, (EncodingType)0xc, argsKey); cmcReq.SignerCertificate = signer; // encode the request cmcReq.Encode(); string strRequest = cmcReq.RawData[EncodingType.XCN_CRYPT_STRING_BASE64]; CCertConfig objCertConfig = new CCertConfig(); CCertRequest objCertRequest = new CCertRequest(); // Get CA config from UI string strCAConfig = objCertConfig.GetConfig(CC_UIPICKCONFIG); // Submit the request int iDisposition = objCertRequest.Submit(CR_IN_BASE64 | CR_IN_FORMATANY, strRequest, null, strCAConfig); // Check the submission status if (CR_DISP_ISSUED != iDisposition) // Not enrolled { string strDisposition = objCertRequest.GetDispositionMessage(); if (CR_DISP_UNDER_SUBMISSION == iDisposition) { Console.WriteLine("The submission is pending: " + strDisposition); return; } Console.WriteLine("The submission failed: " + strDisposition); Console.WriteLine("Last status: " + objCertRequest.GetLastStatus()); return; } // Get the certificate string strCert = objCertRequest.GetCertificate(CR_OUT_BASE64); File.WriteAllText(argsCrt, "-----BEGIN CERTIFICATE-----\n" + strCert + "-----END CERTIFICATE-----\n"); }
static void Main(string[] args) { string requesterName = @"DOMAIN\otherUser"; string caName = @"CA1.DOMAIN.LOCAL\DOMAIN-CA1-CA"; string template = "User"; // signerCertificate's private key must be accessible to this process var signerCertificate = FindCertificateByThumbprint("3f817d138f32a9a8df2aa6e43b8aed76eb93a932"); // create a new private key for the certificate CX509PrivateKey privateKey = new CX509PrivateKey(); // http://blogs.technet.com/b/pki/archive/2009/08/05/how-to-create-a-web-server-ssl-certificate-manually.aspx privateKey.ProviderName = "Microsoft Enhanced Cryptographic Provider v1.0"; privateKey.MachineContext = false; privateKey.Length = 2048; privateKey.KeySpec = X509KeySpec.XCN_AT_KEYEXCHANGE; privateKey.ExportPolicy = X509PrivateKeyExportFlags.XCN_NCRYPT_ALLOW_EXPORT_NONE; privateKey.Create(); // PKCS 10 Request // we use v1 to avoid compat issues on w2k8 IX509CertificateRequestPkcs10 req = (IX509CertificateRequestPkcs10) new CX509CertificateRequestPkcs10(); req.InitializeFromPrivateKey(X509CertificateEnrollmentContext.ContextUser, privateKey, template); // PKCS 7 Wrapper var signer = new CSignerCertificate(); signer.Initialize(false, X509PrivateKeyVerify.VerifyAllowUI, EncodingType.XCN_CRYPT_STRING_BASE64_ANY, Convert.ToBase64String(signerCertificate.GetRawCertData())); var wrapper = new CX509CertificateRequestPkcs7(); wrapper.InitializeFromInnerRequest(req); wrapper.RequesterName = requesterName; wrapper.SignerCertificate = signer; // get CSR var enroll = new CX509Enrollment(); enroll.InitializeFromRequest(wrapper); var csr = enroll.CreateRequest(); //File.WriteAllText("csr.p7b", csr); // submit const int CR_IN_BASE64 = 1, CR_OUT_BASE64 = 1; const int CR_IN_PKCS7 = 0x300; ICertRequest2 liveCsr = new CCertRequest(); var disposition = (RequestDisposition)liveCsr.Submit(CR_IN_BASE64 | CR_IN_PKCS7, csr, null, caName); if (disposition == RequestDisposition.CR_DISP_ISSUED) { string resp = liveCsr.GetCertificate(CR_OUT_BASE64); //File.WriteAllText("resp.cer", resp); // install the response var install = new CX509Enrollment(); install.Initialize(X509CertificateEnrollmentContext.ContextUser); install.InstallResponse(InstallResponseRestrictionFlags.AllowUntrustedRoot, resp, EncodingType.XCN_CRYPT_STRING_BASE64_ANY, null); } else { Console.WriteLine("disp: " + disposition.ToString()); } Console.WriteLine("done"); Console.ReadLine(); }