public CreatePrivateCertificateResult CreateCertificateWithPrivateKey(CreatePrivateCertificateModel model, ClaimsPrincipal user)
{
model.RequestDate = DateTime.Now;
KeyUsage keyUsage = dataTransformation.ParseKeyUsage(model.KeyUsage);
AdcsTemplate template = templateLogic.DiscoverTemplate(model.CipherAlgorithm, model.Provider, keyUsage);
if (!templateLogic.ValidateTemplateWithRequest(model, template))
{
throw new AdcsTemplateValidationException("Certificate request does not meet the requirements of the certificate template");
}
if (authorizationLogic.IsAuthorized(template, user))
{
CertificateRequest csr = certificateProvider.CreateCsrKeyPair(dataTransformation.NewCertificateSubjectFromModel(model), model.CipherAlgorithm, model.KeySize, model.Provider, SigningRequestProtocol.Pkcs10);
MicrosoftCertificateAuthority ca = configurationRepository.GetPrivateCertificateAuthority(model.HashAlgorithm);
CertificateAuthorityRequestResponse response = ca.Sign(csr, template.Name, template.KeyUsage);
CreatePrivateCertificateResult result = ProcessCertificateAuthorityResponse(model, response, csr.Subject, user);
this.Audit(result, user);
return(result);
}
else
{
return(ProcessNewPendingCertificateWorkflow(model));
}
}
public void PrivateCertificateProcessing_CreateCertificate_CngRsa2048_ClientServerAuth_ReturnedX509Certificate2HasClientServerAuthKeyUsage()
{
KeyUsage expected = KeyUsage.ServerAuthentication | KeyUsage.ClientAuthentication;
CreatePrivateCertificateModel model = new CreatePrivateCertificateModel()
{
CipherAlgorithm = CipherAlgorithm.RSA,
KeyUsage = expected.ToString(),
HashAlgorithm = HashAlgorithm.SHA256,
KeySize = 2048,
Provider = WindowsApi.Cng,
SubjectAlternativeNamesRaw = "integrationtestdomain.com,integrationtestdomain",
SubjectCity = "Seattle",
SubjectCommonName = "integrationtestdomain",
SubjectCountry = "US",
SubjectDepartment = "Engineering",
SubjectState = "WA",
SubjectOrganization = "IntegrationTestingCorp"
};
PrivateCertificateProcessing processor = new PrivateCertificateProcessing(certDb, configDb, certProvider, GetAuthorizationLogic_Allow(), templateLogic, GetAuditLogic());
CreatePrivateCertificateResult result = processor.CreateCertificateWithPrivateKey(model, user.Object);
X509Certificate2 cert = new X509Certificate2(result.PfxByte, result.Password);
KeyUsage actualKeyUsage = x509Normalization.GetKeyUsage(cert);
Assert.AreEqual(expected, actualKeyUsage);
}
public void PrivateCertificateProcessing_CreateCertificate_CngRsa2048_ClientServerAuth_Success()
{
KeyUsage keyUsage = KeyUsage.ServerAuthentication | KeyUsage.ClientAuthentication;
CreatePrivateCertificateModel model = new CreatePrivateCertificateModel()
{
CipherAlgorithm = CipherAlgorithm.RSA,
KeyUsage = keyUsage.ToString(),
HashAlgorithm = HashAlgorithm.SHA256,
KeySize = 2048,
Provider = WindowsApi.Cng,
SubjectAlternativeNamesRaw = "integrationtestdomain.com,integrationtestdomain",
SubjectCity = "Seattle",
SubjectCommonName = "integrationtestdomain",
SubjectCountry = "US",
SubjectDepartment = "Engineering",
SubjectState = "WA",
SubjectOrganization = "IntegrationTestingCorp"
};
PrivateCertificateProcessing processor = new PrivateCertificateProcessing(certDb, configDb, certProvider, GetAuthorizationLogic_Allow(), templateLogic, GetAuditLogic());
CreatePrivateCertificateResult result = processor.CreateCertificateWithPrivateKey(model, user.Object);
Assert.AreEqual(PrivateCertificateRequestStatus.Success, result.Status);
}
public JsonResult CreateCertificate(CreatePrivateCertificateModel model)
{
PrivateCertificateProcessing processor = new PrivateCertificateProcessing(certificateRepository, configurationRepository, certificateProvider, authorizationLogic, templateLogic, audit);
CreatePrivateCertificateResult result = processor.CreateCertificateWithPrivateKey(model, User);
return(http.RespondSuccess(result));
}
private CreatePrivateCertificateResult ProcessNewPendingCertificateWorkflow(CreatePrivateCertificateModel model)
{
CreatePrivateCertificateResult result = new CreatePrivateCertificateResult(PrivateCertificateRequestStatus.Pending, Guid.NewGuid());
PendingCertificate pendingCertificate = new PendingCertificate(model);
certificateRepository.Insert <PendingCertificate>(pendingCertificate);
return(result);
}
public bool ValidateTemplateWithRequest(CreatePrivateCertificateModel model, AdcsTemplate template)
{
if (model.KeySize < template.MinimumKeySize)
{
return(false);
}
else
{
return(true);
}
}
private void StartIISCertificateRenewal(NodeCredentialed node, ManagedCertificate managedCertificate, ClaimsPrincipal user)
{
//Collection<HostIISCertificateEntity> result = null;
try
{
X509Certificate2 cert = new X509Certificate2(Convert.FromBase64String(managedCertificate.X509Content));
CreatePrivateCertificateModel entity = new CreatePrivateCertificateModel(cert);
entity.KeyUsage = dataTransformation.GetEkuStringFromX509Certificate2(cert);
CreatePrivateCertificateResult newCert = privateCertificateProcessing.CreateCertificateWithPrivateKey(entity, user);
if (newCert.Status != PrivateCertificateRequestStatus.Success)
{
throw new CertificateAuthorityDeniedRequestException("Certificate request could not be processed");
}
DownloadPfxCertificateEntity pfx = certificateManagement.GetPfxCertificateContent(newCert.Id);
string password = certificateManagement.GetCertificatePassword(newCert.Id, user).DecryptedPassword;
Dictionary <string, object> cmdletParams = new Dictionary <string, object>()
{
{ "ComputerName", node.Hostname },
{ "Credential", powershell.NewPSCredential(node.CredentialContext.Username, node.CredentialContext.Password) },
{ "CertificateContent", Convert.ToBase64String(pfx.Content) },
{ "CertificateKey", password },
{ "BindingPath", managedCertificate.PSPath }
};
object result = powershell.InvokeScriptAsync <object>(iisCertificateRenewal, cmdletParams, user);
this.InvokeIISCertificateDiscovery(node.Id, user);
return;
//result = powershell.InvokeScriptAsync<HostIISCertificateEntity>(hostIisDiscoveryScript, cmdletParams, user);
//this.RecieveIISCertificateDiscoveryResult(result, node);
}
catch (Exception ex)
{
string msg = string.Format("An error occured while starting the certificate deployment job {0}", ex.ToString());
auditLogic.LogOpsError(user, node.Id.ToString(), EventCategory.PowershellJob, msg);
}
}
