/// <summary>
/// Retrieves the most recent 'CA Exchange' certificate. If the certificate does not exist, the method
/// will instruct CA server to generate or enroll a new one.
/// </summary>
/// <exception cref="UninitializedObjectException">The object is not properly initialized.</exception>
/// <exception cref="ServerUnavailableException">CA server is not accessible via RPC/DCOM.</exception>
/// <exception cref="UnauthorizedAccessException">The caller do not have at least <strong>Read</strong> permissions.</exception>
/// <exception cref="PlatformNotSupportedException">Current CA is not <strong>Enterprise CA</strong>. Only Enterprise CAs supports this feature.</exception>
/// <returns>CA Exchange certificate.</returns>
public X509Certificate2 GetCAExchangeCertificate()
{
if (String.IsNullOrEmpty(Name))
{
throw new UninitializedObjectException();
}
if (!IsEnterprise)
{
throw new PlatformNotSupportedException(Error.E_NONENTERPRISE);
}
if (!Ping())
{
ServerUnavailableException e = new ServerUnavailableException(DisplayName);
e.Data.Add(nameof(e.Source), OfflineSource.DCOM);
throw e;
}
var CertAdmin = new CCertAdmin();
try {
Int32 index = (Int32)CertAdmin.GetCAProperty(ConfigString, CertAdmConstants.CrPropCaxchgcertcount, 0, 1, 0) - 1;
if (index >= 0)
{
String Base64 = (String)CertAdmin.GetCAProperty(ConfigString, CertAdmConstants.CrPropCaxchgcert, index, 3, 1);
return(new X509Certificate2(Convert.FromBase64String(Base64)));
}
throw new Exception(String.Format(Error.E_XCHGUNAVAILABLE, DisplayName));
} catch (Exception e) {
throw Error.ComExceptionHandler(e);
} finally {
CryptographyUtils.ReleaseCom(CertAdmin);
}
}
void m_initialize(CertificateAuthority certificateAuthority)
{
if (!certificateAuthority.IsEnterprise)
{
throw new PlatformNotSupportedException();
}
if (!certificateAuthority.Ping())
{
ServerUnavailableException e = new ServerUnavailableException(certificateAuthority.DisplayName);
e.Data.Add(nameof(e.Source), OfflineSource.DCOM);
throw e;
}
Name = certificateAuthority.Name;
DisplayName = certificateAuthority.DisplayName;
ComputerName = certificateAuthority.ComputerName;
ConfigString = certificateAuthority.ConfigString;
CCertAdmin CertAdmin = new CCertAdmin();
Int32 KRACount = (Int32)CertAdmin.GetCAProperty(certificateAuthority.ConfigString, CertAdmConst.CrPropKracertcount, 0, CertAdmConst.ProptypeLong, 0);
if (KRACount > 0)
{
for (Int32 index = 0; index < KRACount; index++)
{
String Base64 = (String)CertAdmin.GetCAProperty(certificateAuthority.ConfigString, CertAdmConst.CrPropKracert, index, CertAdmConst.ProptypeBinary, 1);
_certs.Add(new X509Certificate2(Convert.FromBase64String(Base64)));
}
}
}
/// <summary>
/// Returns all CA certificates.
/// </summary>
/// <exception cref="UninitializedObjectException">
/// Current object is not initialized.
/// </exception>
/// <exception cref="ServerUnavailableException">
/// Current CA server could not be contacted via remote registry and RPC protocol.
/// </exception>
/// <returns>A collection of CA certificates.</returns>
public X509Certificate2Collection GetCACerts()
{
if (String.IsNullOrEmpty(Name))
{
throw new UninitializedObjectException();
}
if (!Ping())
{
ServerUnavailableException e = new ServerUnavailableException(DisplayName);
e.Data.Add(nameof(e.Source), OfflineSource.DCOM);
throw e;
}
var CertAdmin = new CCertAdmin();
X509Certificate2Collection certs = new X509Certificate2Collection();
Int32 count = (Int32)CertAdmin.GetCAProperty(ConfigString, CertAdmConstants.CrPropCasigcertcount, 0, 1, 0);
for (Int32 index = 0; index < count; index++)
{
certs.Add(new X509Certificate(Convert.FromBase64String((String)CertAdmin.GetCAProperty(ConfigString, CertAdmConstants.CrPropCasigcert, index, 3, 1))));
}
CryptographyUtils.ReleaseCom(CertAdmin);
return(certs);
}
void getVersion()
{
if (RegistryOnline)
{
switch ((Int32)CryptoRegistry.GetRReg("Version", String.Empty, ComputerName))
{
case 0x00010001: Version = "2000"; break;
case 0x00020002: Version = "2003"; break;
case 0x00030001: Version = "2008"; break;
case 0x00040001: Version = "2008R2"; break;
case 0x00050001: Version = "2012"; break;
case 0x00060001: Version = "2012R2"; break;
case 0x00070001: Version = "2016"; break;
}
SetupStatus = (SetupStatusEnum)CryptoRegistry.GetRReg("SetupStatus", String.Empty, ComputerName);
}
else
{
String ver = (String)_certAdmin.GetCAProperty(ConfigString, CertAdmConstants.CrPropProductversion, 0, 4, 0);
String[] vers = ver.Split(new [] { ":" }, StringSplitOptions.RemoveEmptyEntries);
switch (vers[0])
{
case "5.0": Version = "2000"; break;
case "5.2": Version = "2003"; break;
case "6.0": Version = "2008"; break;
case "6.1": Version = "2008R2"; break;
case "6.2": Version = "2012"; break;
case "6.3": Version = "2012R2"; break;
default:
Version = vers[0].StartsWith("10.0")
? "2016"
: "Unknown";
break;
}
SetupStatus = SetupStatusEnum.Unknown;
}
}
/// <summary>
/// Updates KRA configuration by writing KRA certificates to Certification Authority. The method writes all certificates contained in
/// <see cref="Certificate"/> property.
/// </summary>
/// <param name="restart">
/// Indiciates whether to restart certificate services to immediately apply changes. Updated settings has no effect until
/// CA service is restarted.
/// </param>
/// <exception cref="UnauthorizedAccessException">
/// The caller do not have sufficient permissions to make changes in the CA configuration.
/// </exception>
/// <exception cref="ServerUnavailableException">
/// The target CA server could not be contacted via RPC/DCOM transport.
/// </exception>
/// <remarks>
/// <para>This method do not check whether the certificates in <see cref="Certificate"/> property are valid.
/// The caller is responsible to check if the certificates are time-valid, trusted and not revoked.</para>
/// </remarks>
/// <returns>
/// <strong>True</strong> if configuration was changed. If an object was not modified since it was instantiated, configuration is not updated
/// and the method returns <strong>False</strong>.
/// </returns>
/// <remarks>The caller must have <strong>Administrator</strong> permissions on the target CA server.</remarks>
public Boolean SetInfo(Boolean restart)
{
if (IsModified)
{
if (!CertificateAuthority.Ping(ComputerName))
{
ServerUnavailableException e = new ServerUnavailableException(DisplayName);
e.Data.Add(nameof(e.Source), OfflineSource.DCOM);
throw e;
}
CCertAdmin CertAdmin = new CCertAdmin();
try {
if (_certs.Count > 0)
{
Int32 kracount = (Int32)CertAdmin.GetCAProperty(ConfigString, CertAdmConst.CrPropKracertcount, 0, CertAdmConst.ProptypeLong, 0);
if (kracount > 0)
{
CertAdmin.SetCAProperty(ConfigString, CertAdmConst.CrPropKracertcount, 0, CertAdmConst.ProptypeLong, 0);
}
for (Int32 index = 0; index < _certs.Count; index++)
{
String der = CryptographyUtils.EncodeDerString(_certs[index].RawData);
CertAdmin.SetCAProperty(ConfigString, CertAdmConst.CrPropKracert, index, CertAdmConst.ProptypeBinary, der);
}
CertAdmin.SetCAProperty(ConfigString, CertAdmConst.CrPropKracertusedcount, 0, CertAdmConst.ProptypeLong, _certs.Count);
}
else
{
CertAdmin.SetCAProperty(ConfigString, CertAdmConst.CrPropKracertcount, 0, CertAdmConst.ProptypeLong, 0);
CertAdmin.SetCAProperty(ConfigString, CertAdmConst.CrPropKracertusedcount, 0, CertAdmConst.ProptypeLong, 0);
}
} catch (Exception e) {
throw Error.ComExceptionHandler(e);
} finally {
CryptographyUtils.ReleaseCom(CertAdmin);
}
IsModified = false;
if (restart)
{
CertificateAuthority.Restart(ComputerName);
}
return(true);
}
return(false);
}
void getVersion()
{
if (RegistryOnline)
{
switch ((Int32)CryptoRegistry.GetRReg("Version", String.Empty, ComputerName))
{
case 0x00010001: Version = "2000"; break;
case 0x00020002: Version = "2003"; break;
case 0x00030001: Version = "2008"; break;
case 0x00040001: Version = "2008R2"; break;
case 0x00050001: Version = "2012"; break;
case 0x00060001: Version = "2012R2"; break;
}
SetupStatus = (SetupStatusEnum)CryptoRegistry.GetRReg("SetupStatus", String.Empty, ComputerName);
}
else
{
String ver = (String)CertAdmin.GetCAProperty(ConfigString, CertAdmConst.CR_PROP_PRODUCTVERSION, 0, 4, 0);
String[] vers = ver.Split(new [] { ":" }, StringSplitOptions.RemoveEmptyEntries);
switch (vers[0])
{
case "5.0": Version = "2000"; break;
case "5.2": Version = "2003"; break;
case "6.0": Version = "2008"; break;
case "6.1": Version = "2008R2"; break;
case "6.2": Version = "2012"; break;
case "6.3": Version = "2012R2"; break;
}
SetupStatus = SetupStatusEnum.Unknown;
}
}
void m_initialize(CertificateAuthority certificateAuthority)
{
if (!certificateAuthority.IsEnterprise)
{
throw new PlatformNotSupportedException();
}
if (!certificateAuthority.Ping())
{
ServerUnavailableException e = new ServerUnavailableException(certificateAuthority.DisplayName);
e.Data.Add(nameof(e.Source), OfflineSource.DCOM);
throw e;
}
Name = certificateAuthority.Name;
DisplayName = certificateAuthority.DisplayName;
ComputerName = certificateAuthority.ComputerName;
version = certificateAuthority.Version;
sku = certificateAuthority.Sku;
configString = certificateAuthority.ConfigString;
CCertAdmin CertAdmin = new CCertAdmin();
String templates = (String)CertAdmin.GetCAProperty(certificateAuthority.ConfigString, CertAdmConstants.CrPropTemplates, 0, CertAdmConstants.ProptypeString, 0);
List <CertificateTemplate> tobeadded = new List <CertificateTemplate>();
if (templates != String.Empty)
{
String[] SplitString = { "\n" };
String[] TempArray = templates.Split(SplitString, StringSplitOptions.RemoveEmptyEntries);
for (Int32 index = 0; index < TempArray.Length; index += 2)
{
tobeadded.Add(new CertificateTemplate("Name", TempArray[index]));
}
Templates = tobeadded.ToArray();
}
else
{
Templates = null;
}
}
