public CreatePrivateCertificateResult CreateCertificateWithPrivateKey(CreatePrivateCertificateModel model, ClaimsPrincipal user) { model.RequestDate = DateTime.Now; KeyUsage keyUsage = dataTransformation.ParseKeyUsage(model.KeyUsage); AdcsTemplate template = templateLogic.DiscoverTemplate(model.CipherAlgorithm, model.Provider, keyUsage); if (!templateLogic.ValidateTemplateWithRequest(model, template)) { throw new AdcsTemplateValidationException("Certificate request does not meet the requirements of the certificate template"); } if (authorizationLogic.IsAuthorized(template, user)) { CertificateRequest csr = certificateProvider.CreateCsrKeyPair(dataTransformation.NewCertificateSubjectFromModel(model), model.CipherAlgorithm, model.KeySize, model.Provider, SigningRequestProtocol.Pkcs10); MicrosoftCertificateAuthority ca = configurationRepository.GetPrivateCertificateAuthority(model.HashAlgorithm); CertificateAuthorityRequestResponse response = ca.Sign(csr, template.Name, template.KeyUsage); CreatePrivateCertificateResult result = ProcessCertificateAuthorityResponse(model, response, csr.Subject, user); this.Audit(result, user); return(result); } else { return(ProcessNewPendingCertificateWorkflow(model)); } }
public void PrivateCertificateProcessing_CreateCertificate_CngRsa2048_ClientServerAuth_ReturnedX509Certificate2HasClientServerAuthKeyUsage() { KeyUsage expected = KeyUsage.ServerAuthentication | KeyUsage.ClientAuthentication; CreatePrivateCertificateModel model = new CreatePrivateCertificateModel() { CipherAlgorithm = CipherAlgorithm.RSA, KeyUsage = expected.ToString(), HashAlgorithm = HashAlgorithm.SHA256, KeySize = 2048, Provider = WindowsApi.Cng, SubjectAlternativeNamesRaw = "integrationtestdomain.com,integrationtestdomain", SubjectCity = "Seattle", SubjectCommonName = "integrationtestdomain", SubjectCountry = "US", SubjectDepartment = "Engineering", SubjectState = "WA", SubjectOrganization = "IntegrationTestingCorp" }; PrivateCertificateProcessing processor = new PrivateCertificateProcessing(certDb, configDb, certProvider, GetAuthorizationLogic_Allow(), templateLogic, GetAuditLogic()); CreatePrivateCertificateResult result = processor.CreateCertificateWithPrivateKey(model, user.Object); X509Certificate2 cert = new X509Certificate2(result.PfxByte, result.Password); KeyUsage actualKeyUsage = x509Normalization.GetKeyUsage(cert); Assert.AreEqual(expected, actualKeyUsage); }
public void PrivateCertificateProcessing_CreateCertificate_CngRsa2048_ClientServerAuth_Success() { KeyUsage keyUsage = KeyUsage.ServerAuthentication | KeyUsage.ClientAuthentication; CreatePrivateCertificateModel model = new CreatePrivateCertificateModel() { CipherAlgorithm = CipherAlgorithm.RSA, KeyUsage = keyUsage.ToString(), HashAlgorithm = HashAlgorithm.SHA256, KeySize = 2048, Provider = WindowsApi.Cng, SubjectAlternativeNamesRaw = "integrationtestdomain.com,integrationtestdomain", SubjectCity = "Seattle", SubjectCommonName = "integrationtestdomain", SubjectCountry = "US", SubjectDepartment = "Engineering", SubjectState = "WA", SubjectOrganization = "IntegrationTestingCorp" }; PrivateCertificateProcessing processor = new PrivateCertificateProcessing(certDb, configDb, certProvider, GetAuthorizationLogic_Allow(), templateLogic, GetAuditLogic()); CreatePrivateCertificateResult result = processor.CreateCertificateWithPrivateKey(model, user.Object); Assert.AreEqual(PrivateCertificateRequestStatus.Success, result.Status); }
public JsonResult CreateCertificate(CreatePrivateCertificateModel model) { PrivateCertificateProcessing processor = new PrivateCertificateProcessing(certificateRepository, configurationRepository, certificateProvider, authorizationLogic, templateLogic, audit); CreatePrivateCertificateResult result = processor.CreateCertificateWithPrivateKey(model, User); return(http.RespondSuccess(result)); }
private CreatePrivateCertificateResult ProcessNewPendingCertificateWorkflow(CreatePrivateCertificateModel model) { CreatePrivateCertificateResult result = new CreatePrivateCertificateResult(PrivateCertificateRequestStatus.Pending, Guid.NewGuid()); PendingCertificate pendingCertificate = new PendingCertificate(model); certificateRepository.Insert <PendingCertificate>(pendingCertificate); return(result); }
public bool ValidateTemplateWithRequest(CreatePrivateCertificateModel model, AdcsTemplate template) { if (model.KeySize < template.MinimumKeySize) { return(false); } else { return(true); } }
private void StartIISCertificateRenewal(NodeCredentialed node, ManagedCertificate managedCertificate, ClaimsPrincipal user) { //Collection<HostIISCertificateEntity> result = null; try { X509Certificate2 cert = new X509Certificate2(Convert.FromBase64String(managedCertificate.X509Content)); CreatePrivateCertificateModel entity = new CreatePrivateCertificateModel(cert); entity.KeyUsage = dataTransformation.GetEkuStringFromX509Certificate2(cert); CreatePrivateCertificateResult newCert = privateCertificateProcessing.CreateCertificateWithPrivateKey(entity, user); if (newCert.Status != PrivateCertificateRequestStatus.Success) { throw new CertificateAuthorityDeniedRequestException("Certificate request could not be processed"); } DownloadPfxCertificateEntity pfx = certificateManagement.GetPfxCertificateContent(newCert.Id); string password = certificateManagement.GetCertificatePassword(newCert.Id, user).DecryptedPassword; Dictionary <string, object> cmdletParams = new Dictionary <string, object>() { { "ComputerName", node.Hostname }, { "Credential", powershell.NewPSCredential(node.CredentialContext.Username, node.CredentialContext.Password) }, { "CertificateContent", Convert.ToBase64String(pfx.Content) }, { "CertificateKey", password }, { "BindingPath", managedCertificate.PSPath } }; object result = powershell.InvokeScriptAsync <object>(iisCertificateRenewal, cmdletParams, user); this.InvokeIISCertificateDiscovery(node.Id, user); return; //result = powershell.InvokeScriptAsync<HostIISCertificateEntity>(hostIisDiscoveryScript, cmdletParams, user); //this.RecieveIISCertificateDiscoveryResult(result, node); } catch (Exception ex) { string msg = string.Format("An error occured while starting the certificate deployment job {0}", ex.ToString()); auditLogic.LogOpsError(user, node.Id.ToString(), EventCategory.PowershellJob, msg); } }