/// <summary> /// Updates policy module flags by writing them to Certification Authority. /// </summary> /// <param name="restart"> /// Indicates whether to restart certificate services to immediately apply changes. Updated settings has no effect /// until CA service is restarted. /// </param> /// <exception cref="UnauthorizedAccessException"> /// The caller do not have sufficient permissions to make changes in the CA configuration. /// </exception> /// <exception cref="ServerUnavailableException"> /// The target CA server could not be contacted via remote registry and RPC protocol. /// </exception> /// <returns> /// <strong>True</strong> if configuration was changed. If an object was not modified since it was instantiated, configuration is not updated /// and the method returns <strong>False</strong>. /// </returns> /// <remarks>The caller must have <strong>Administrator</strong> permissions on the target CA server.</remarks> public Boolean SetInfo(Boolean restart) { if (IsModified) { if (CryptoRegistry.Ping(ComputerName)) { CryptoRegistry.SetRReg((Int32)EditFlags, "EditFlags", RegistryValueKind.DWord, $@"{Name}\PolicyModules\{activePolicyModule}", ComputerName); if (restart) { CertificateAuthority.Restart(ComputerName); } IsModified = false; return(true); } if (CertificateAuthority.Ping(ComputerName)) { CryptoRegistry.SetRegFallback(configString, $@"PolicyModules\{activePolicyModule}", "EditFlags", (Int32)EditFlags); if (restart) { CertificateAuthority.Restart(ComputerName); } IsModified = false; return(true); } ServerUnavailableException e = new ServerUnavailableException(DisplayName); e.Data.Add(nameof(e.Source), (OfflineSource)3); throw e; } return(false); }
/// <summary> /// Writes this object to a securable object's Access Control List. /// </summary> /// <param name="restart"> /// Indiciates whether to restart certificate services to immediately apply changes. Updated settings has /// no effect until CA service is restarted. /// </param> /// <exception cref="ServerUnavailableException"> /// The target CA server could not be contacted via remote registry and RPC protocol. /// </exception> public void SetObjectSecurity(Boolean restart) { if (CryptoRegistry.Ping(ComputerName)) { CryptoRegistry.SetRReg(GetSecurityDescriptorBinaryForm(), "Security", _name, ComputerName); if (restart) { CertificateAuthority.Restart(ComputerName); } return; } if (CertificateAuthority.Ping(ComputerName)) { CryptoRegistry.SetRegFallback(_config, String.Empty, "Security", GetSecurityDescriptorBinaryForm()); if (restart) { CertificateAuthority.Restart(ComputerName); } return; } ServerUnavailableException e = new ServerUnavailableException(DisplayName); e.Data.Add("Source", (OfflineSource)3); throw e; }
/// <summary> /// Updates management interface flags by writing them to Certification Authority. /// </summary> /// <param name="restart"> /// Indiciates whether to restart certificate services to immediately apply changes. Updated settings has no effect /// until CA service is restarted. /// </param> /// <exception cref="UnauthorizedAccessException"> /// The caller do not have sufficient permissions to make changes in the CA configuration. /// </exception> /// <exception cref="ServerUnavailableException"> /// The target CA server could not be contacted via remote registry and RPC protocol. /// </exception> /// <returns> /// <strong>True</strong> if configuration was changed. If an object was not modified since it was instantiated, configuration is not updated /// and the method returns <strong>False</strong>. /// </returns> /// <remarks>The caller must have <strong>Administrator</strong> permissions on the target CA server.</remarks> public Boolean SetInfo(Boolean restart) { if (IsModified) { if (CryptoRegistry.Ping(ComputerName)) { CryptoRegistry.SetRReg((Int32)InterfaceFlags, "InterfaceFlags", RegistryValueKind.DWord, Name, ComputerName); if (restart) { CertificateAuthority.Restart(ComputerName); } IsModified = false; return(true); } if (CertificateAuthority.Ping(ComputerName)) { CryptoRegistry.SetRegFallback(ConfigString, String.Empty, "InterfaceFlags", (Int32)InterfaceFlags); if (restart) { CertificateAuthority.Restart(ComputerName); } IsModified = false; return(true); } ServerUnavailableException e = new ServerUnavailableException(DisplayName); e.Data.Add(nameof(e.Source), (OfflineSource)3); throw e; } return(false); }
/// <summary> /// Updates Certification Authority configuration on a server. /// </summary> /// <param name="restart"> /// Indicates whether to restart certificate services to immediately apply changes. Updated settings has no effect /// until CA service is restarted. /// </param> /// <exception cref="ServerUnavailableException"> /// The target CA server could not be contacted via remote registry and RPC protocol. /// </exception> /// <returns> /// <strong>True</strong> if configuration was changed. If an object was not modified since it was instantiated, configuration is not updated /// and the method returns <strong>False</strong>. /// </returns> /// <remarks> /// The caller must have <strong>Administrator</strong> permissions on the target CA server. /// </remarks> public Boolean Commit(Boolean restart) { if (!IsModified) { return(IsModified); } OnCommit(); foreach (RegConfigEntry entry in ConfigEntries.Where(x => x.Action == RegConfigEntryAction.Delete)) { ConfigManager.SetRootNode(!entry.IsRoot); ConfigManager.DeleteEntry(entry.Name, entry.Node); } foreach (RegConfigEntry entry in ConfigEntries.Where(x => x.Action == RegConfigEntryAction.Write)) { ConfigManager.SetRootNode(!entry.IsRoot); ConfigManager.SetEntry(entry.Name, entry.Node, entry.Value); } IsModified = false; if (restart) { CertificateAuthority.Restart(ComputerName); } return(true); }
/// <summary> /// Updates policy module extension lists by writing them to Certification Authority. /// </summary> /// <param name="restart"> /// Indiciates whether to restart certificate services to immediately apply changes. Updated settings has no effect /// until CA service is restarted.</param> /// <exception cref="UnauthorizedAccessException"> /// If the caller do not have sufficient permissions to make changes in the CA configuration. /// </exception> /// <exception cref="ServerUnavailableException"> /// If the target CA server could not be contacted via remote registry and RPC protocol. /// </exception> /// <returns> /// <strong>True</strong> if configuration was changed. If an object was not modified since it was instantiated, configuration is not updated /// and the method returns <strong>False</strong>. /// </returns> /// <remarks>The caller must have <strong>Administrator</strong> permissions on the target CA server.</remarks> public Boolean SetInfo(Boolean restart) { if (IsModified) { List <String> oidstrings; if (CryptoRegistry.Ping(ComputerName)) { String path = $@"{Name}\PolicyModules\{ActivePolicyModule}"; oidstrings = EnabledExtensionList.Select(oid => oid.Value).ToList(); CryptoRegistry.SetRReg(oidstrings, "EnableRequestExtensionList", path, ComputerName); oidstrings.Clear(); oidstrings.AddRange(OfflineExtensionList.Select(oid => oid.Value)); CryptoRegistry.SetRReg(oidstrings, "EnableEnrolleeRequestExtensionList", path, ComputerName); oidstrings.Clear(); oidstrings.AddRange(DisabledExtensionList.Select(oid => oid.Value)); CryptoRegistry.SetRReg(oidstrings, "DisableExtensionList", path, ComputerName); oidstrings.Clear(); if (restart) { CertificateAuthority.Restart(ComputerName); } IsModified = false; return(true); } if (CertificateAuthority.Ping(ComputerName)) { String path = $@"PolicyModules\{ActivePolicyModule}"; oidstrings = EnabledExtensionList.Select(oid => oid.Value).ToList(); CryptoRegistry.SetRegFallback(ConfigString, path, "EnableRequestExtensionList", oidstrings.ToArray()); oidstrings.Clear(); oidstrings.AddRange(OfflineExtensionList.Select(oid => oid.Value)); CryptoRegistry.SetRegFallback(ConfigString, path, "EnableEnrolleeRequestExtensionList", oidstrings.ToArray()); oidstrings.Clear(); oidstrings.AddRange(DisabledExtensionList.Select(oid => oid.Value)); CryptoRegistry.SetRegFallback(ConfigString, path, "DisableExtensionList", oidstrings.ToArray()); oidstrings.Clear(); if (restart) { CertificateAuthority.Restart(ComputerName); } IsModified = false; return(true); } ServerUnavailableException e = new ServerUnavailableException(DisplayName); e.Data.Add(nameof(e.Source), (OfflineSource)3); throw e; } return(false); }