private EnumProvisionStatus.Status ProvisionStage1()
{
var response = new APICall().ProvisionApi.GetIntermediateCert(DtoGobalSettings.ClientIdentity.Name);
if (response == null)
{
return(EnumProvisionStatus.Status.Error);
}
if (response.ProvisionStatus != EnumProvisionStatus.Status.IntermediateInstalled)
{
Logger.Error(response.Message);
return(response.ProvisionStatus);
}
var bytes = Convert.FromBase64String(response.Certificate);
var intermediateCert = new X509Certificate2(bytes);
if (!ServiceCertificate.ValidateCert(intermediateCert))
{
return(EnumProvisionStatus.Status.Error);
}
if (ServiceCertificate.StoreLocalMachine(intermediateCert, StoreName.CertificateAuthority))
{
var settingProvisionStatus = _serviceSetting.GetSetting("provision_status");
settingProvisionStatus.Value =
Convert.ToInt16(EnumProvisionStatus.Status.IntermediateInstalled).ToString();
_serviceSetting.UpdateSettingValue(settingProvisionStatus);
var intermediateThumbprint = _serviceSetting.GetSetting("intermediate_thumbprint");
intermediateThumbprint.Value = intermediateCert.Thumbprint;
_serviceSetting.UpdateSettingValue(intermediateThumbprint);
return(EnumProvisionStatus.Status.IntermediateInstalled);
}
return(EnumProvisionStatus.Status.Error);
}
public bool VerifyProvisionStatus()
{
Logger.Info("Verifying Client Provision Status");
var provisionStatusString = _serviceSetting.GetSetting("provision_status");
EnumProvisionStatus.Status provisionStatus;
if (string.IsNullOrEmpty(provisionStatusString.Value))
{
provisionStatus = EnumProvisionStatus.Status.NotStarted;
}
else
{
provisionStatus = (EnumProvisionStatus.Status)Convert.ToInt16(provisionStatusString.Value);
}
switch (provisionStatus)
{
case EnumProvisionStatus.Status.NotStarted:
//Computer is not provisioned, verify the CA exists
var caThumbprint = _serviceSetting.GetSetting("ca_thumbprint");
var ca = ServiceCertificate.GetCertificateFromStore(caThumbprint.Value, StoreName.Root);
if (ca == null)
{
Logger.Error("Certificate Authority Could Not Be Found. Application Cannot Continue.");
//Provisioning can never complete without the correct CA, don't return anything, just exit.
Task.Delay(10 * 1000).Wait();
Environment.Exit(1);
}
break;
case EnumProvisionStatus.Status.PendingConfirmation:
case EnumProvisionStatus.Status.Provisioned:
var deviceThumbprint = _serviceSetting.GetSetting("device_thumbprint");
var deviceCert = ServiceCertificate.GetCertificateFromStore(deviceThumbprint.Value, StoreName.My);
if (deviceCert == null)
{
Logger.Error("Device Certificate Could Not Be Found. Restarting Provisioning Process.");
return(false);
}
if (!ServiceCertificate.ValidateCert(deviceCert))
{
return(false);
}
var clientIdentity = deviceCert.Subject;
var expectedId = _serviceSetting.GetSetting("computer_identifier");
Logger.Debug("Current Expected Identity: " + expectedId.Value);
Logger.Debug("Current Identity: " + clientIdentity);
if (!clientIdentity.Contains(expectedId.Value))
{
Logger.Error("The Current Identity Doesn't Match The Expected Identity");
return(false);
}
break;
default:
var intermediateThumbprint = _serviceSetting.GetSetting("intermediate_thumbprint");
var intermediate = ServiceCertificate.GetCertificateFromStore(intermediateThumbprint.Value,
StoreName.CertificateAuthority);
if (intermediate == null)
{
Logger.Error("Intermediate Certificate Could Not Be Found. Restarting Provisioning Process.");
return(false);
}
if (!ServiceCertificate.ValidateCert(intermediate))
{
return(false);
}
break;
}
Logger.Info("Verification Complete");
return(true);
}
