internal ADCertificateTemplateAccessRule(ActiveDirectoryAccessRule AccessRule)
{
Identity = AccessRule.IdentityReference.ToString();
ActiveDirectoryRights Rights = AccessRule.ActiveDirectoryRights;
if (Rights.HasFlag(ActiveDirectoryRights.GenericRead) || Rights.HasFlag(ActiveDirectoryRights.GenericExecute))
{
Read = true;
}
if (Rights.HasFlag(ActiveDirectoryRights.WriteDacl))
{
Write = true;
}
if (Rights.HasFlag(ActiveDirectoryRights.GenericAll))
{
FullControl = true;
}
if (Rights.HasFlag(ActiveDirectoryRights.ExtendedRight))
{
switch (AccessRule.ObjectType.ToString())
{
case ExtendedRightGuid.Enroll:
Enroll = true;
break;
case ExtendedRightGuid.AutoEnroll:
AutoEnroll = true;
break;
}
}
}
void fromActiveDirectorySecurity()
{
ActiveDirectorySecurity dsSecurity;
using (var entry = new DirectoryEntry("LDAP://" + _x500Name)) {
dsSecurity = entry.ObjectSecurity;
}
try {
SetOwner(dsSecurity.GetOwner(typeof(NTAccount)));
} catch {
SetOwner(dsSecurity.GetOwner(typeof(SecurityIdentifier)));
}
IEnumerable <IdentityReference> users = dsSecurity
.GetAccessRules(true, true, typeof(NTAccount))
.Cast <ActiveDirectoryAccessRule>()
.Select(x => x.IdentityReference)
.Distinct();
foreach (IdentityReference user in users)
{
foreach (AccessControlType accessType in Enum.GetValues(typeof(AccessControlType)))
{
CertTemplateRights rights = 0;
IEnumerable <ActiveDirectoryAccessRule> aceList = dsSecurity.GetAccessRules(true, true, typeof(NTAccount))
.Cast <ActiveDirectoryAccessRule>()
.Where(x => x.IdentityReference == user && x.AccessControlType == accessType);
foreach (ActiveDirectoryAccessRule ace in aceList)
{
ActiveDirectoryRights aceRights = ace.ActiveDirectoryRights;
if (aceRights.HasFlag(ActiveDirectoryRights.GenericRead) || aceRights.HasFlag(ActiveDirectoryRights.GenericExecute))
{
rights |= CertTemplateRights.Read;
}
if (aceRights.HasFlag(ActiveDirectoryRights.WriteDacl))
{
rights |= CertTemplateRights.Write;
}
if (aceRights.HasFlag(ActiveDirectoryRights.GenericAll))
{
rights |= CertTemplateRights.FullControl;
}
if (aceRights.HasFlag(ActiveDirectoryRights.ExtendedRight))
{
switch (ace.ObjectType.ToString())
{
case GUID_ENROLL:
rights |= CertTemplateRights.Enroll;
break;
case GUID_AUTOENROLL:
rights |= CertTemplateRights.Autoenroll;
break;
}
}
}
if (rights > 0)
{
AddAccessRule(new CertTemplateAccessRule(user, rights, accessType));
}
}
}
}