C# (CSharp) Neos.IdentityServer.MultiFactor Certsの例

コード例 #1

        /// <summary>
        /// CreateCertificate implementation
        /// </summary>
        public virtual X509Certificate2 CreateCertificate(string upn, string password, int validity)
        {
            string pass = string.Empty;

            if (!string.IsNullOrEmpty(password))
            {
                pass = password;
            }
            return(Certs.CreateRSAEncryptionCertificateForUser(upn.ToLower(), validity, pass));
        }

コード例 #2

ファイル: Neos.IdentityServer.HubService.WebAdmin.cs プロジェクト: zjorz/adfsmfa

 /// <summary>
 /// CertificateExists method implementation
 /// </summary>
 internal bool CertificateExists(string thumbprint, byte location)
 {
     try
     {
         return(Certs.CertificateExists(thumbprint, (StoreLocation)location));
     }
     catch (Exception e)
     {
         _log.WriteEntry(string.Format("Error on WebAdminService Service CertificateExists method : {0}.", e.Message), EventLogEntryType.Error, 2010);
         throw e;
     }
 }

コード例 #3

ファイル: Neos.IdentityServer.MultiFactor.WebAdmin.cs プロジェクト: zjorz/adfsmfa

        /// <summary>
        /// DoRequestAdministrativeACL method implementation
        /// </summary>
        private ACLParametersRecord DoRequestAdministrativeACL(Dictionary <string, bool> servers, string domain, string account, string password, string path)
        {
            string        fqdn        = Dns.GetHostEntry("localhost").HostName;
            List <string> servernames = (from server in servers
                                         where (server.Key.ToLower() != fqdn.ToLower() && (server.Value == true))
                                         select server.Key.ToLower()).ToList <string>();

            if (servernames != null)
            {
                foreach (string srvfqdn in servernames)
                {
                    WebAdminClient webthemeclient = new WebAdminClient();
                    try
                    {
                        webthemeclient.Initialize(srvfqdn);
                        IWebAdminServices client = webthemeclient.Open();
                        try
                        {
                            ACLParametersRecord rec = client.GetAdministrativeACL(domain, account, password, path);
                            if (rec.Loaded)
                            {
                                Certs.ApplyACLs(rec, path);
                            }
                            return(rec);
                        }
                        catch (Exception e)
                        {
                            webthemeclient.UnInitialize();
                            _log.WriteEntry(string.Format("Error calling  DoRequestAdministrativeACL method : {0} => {1}.", srvfqdn, e.Message), EventLogEntryType.Error, 2011);
                        }
                        finally
                        {
                            webthemeclient.Close(client);
                        }
                    }
                    catch (Exception e)
                    {
                        _log.WriteEntry(string.Format("Error calling  DoRequestAdministrativeACL method : {0} => {1}.", srvfqdn, e.Message), EventLogEntryType.Error, 2011);
                        return(new ACLParametersRecord()
                        {
                            Loaded = false
                        });
                    }
                }
            }
            return(new ACLParametersRecord()
            {
                Loaded = false
            });
        }

コード例 #4

ファイル: Neos.IdentityServer.HubService.WebAdmin.cs プロジェクト: zjorz/adfsmfa

 /// <summary>
 /// CleanOrphanedPrivateKeys method implmentation
 /// </summary>
 internal int CleanOrphanedPrivateKeys(byte option, int delay)
 {
     try
     {
         Certs.CleanOrphanedPrivateKeysRegistry(option, delay);
         if (option == 0x00)
         {
             return(Certs.CleanOrphanedPrivateKeys());
         }
         else
         {
             return(0);
         }
     }
     catch (Exception ex)
     {
         _log.WriteEntry(string.Format("Error on WebAdminService Service CleanOrphanedPrivateKeys method : {0}.", ex.Message), EventLogEntryType.Error, 2010);
         throw ex;
     }
 }

コード例 #5

        /// <summary>
        /// CreatePipeServerSecurity method implementation
        /// </summary>
        private PipeSecurity CreatePipeServerSecurity()
        {
            SecurityIdentifier dom = GetDomainSid();

            if (Config == null)
            {
                Certs.InitializeAccountsSID(string.Empty, string.Empty, string.Empty);
            }
            else
            {
                Certs.InitializeAccountsSID(Config.Hosts.ActiveDirectoryHost.DomainName, Config.Hosts.ActiveDirectoryHost.Account, Config.Hosts.ActiveDirectoryHost.Password);
            }
            PipeSecurity       pipeSecurity = new PipeSecurity();
            SecurityIdentifier id1          = new SecurityIdentifier(WellKnownSidType.LocalSystemSid, null);
            SecurityIdentifier id2          = new SecurityIdentifier(Certs.ADFSServiceSID);
            SecurityIdentifier id3          = new SecurityIdentifier(WellKnownSidType.AccountDomainAdminsSid, dom);
            SecurityIdentifier id4          = new SecurityIdentifier(WellKnownSidType.BuiltinAdministratorsSid, null);
            SecurityIdentifier id5          = new SecurityIdentifier(WellKnownSidType.NetworkServiceSid, null);
            SecurityIdentifier id6          = new SecurityIdentifier(WellKnownSidType.WorldSid, null);
            SecurityIdentifier id7          = new SecurityIdentifier(Certs.ADFSAccountSID);
            SecurityIdentifier id8          = null;

            if (!string.IsNullOrEmpty(Certs.ADFSAdminGroupSID))
            {
                id8 = new SecurityIdentifier(Certs.ADFSAdminGroupSID);
            }

            // Allow Everyone read and write access to the pipe.
            pipeSecurity.SetAccessRule(new PipeAccessRule(id1, PipeAccessRights.FullControl, AccessControlType.Allow));
            pipeSecurity.SetAccessRule(new PipeAccessRule(id2, PipeAccessRights.FullControl, AccessControlType.Allow));
            pipeSecurity.SetAccessRule(new PipeAccessRule(id3, PipeAccessRights.FullControl, AccessControlType.Allow));
            pipeSecurity.SetAccessRule(new PipeAccessRule(id4, PipeAccessRights.FullControl, AccessControlType.Allow));
            pipeSecurity.SetAccessRule(new PipeAccessRule(id5, PipeAccessRights.ReadWrite, AccessControlType.Allow));
            pipeSecurity.SetAccessRule(new PipeAccessRule(id6, PipeAccessRights.ReadWrite, AccessControlType.Allow));
            pipeSecurity.SetAccessRule(new PipeAccessRule(id7, PipeAccessRights.FullControl, AccessControlType.Allow));
            if (id8 != null)
            {
                pipeSecurity.SetAccessRule(new PipeAccessRule(id8, PipeAccessRights.FullControl, AccessControlType.Allow));
            }
            return(pipeSecurity);
        }

コード例 #6

ファイル: Neos.IdentityServer.HubService.WebAdmin.cs プロジェクト: zjorz/adfsmfa

        /// <summary>
        /// PushCertificate method implmentation
        /// </summary>
        internal void PushCertificate(string cert)
        {
            X509Certificate2 x509 = new X509Certificate2(Convert.FromBase64String(cert), "", X509KeyStorageFlags.Exportable | X509KeyStorageFlags.PersistKeySet);

            try
            {
                if (x509 == null)
                {
                    return;
                }
                X509Store store = new X509Store(StoreName.My, StoreLocation.LocalMachine);
                store.Open(OpenFlags.MaxAllowed);
                store.Add(x509);
                store.Close();
            }
            finally
            {
                Certs.CleanSelfSignedCertificate(x509, StoreLocation.LocalMachine);
                x509.Reset();
                SIDs.internalUpdateCertificatesACLs(KeyMgtOptions.AllCerts);
            }
        }

コード例 #7

ファイル: Neos.IdentityServer.MultiFactor.WebAdmin.cs プロジェクト: zjorz/adfsmfa

 /// <summary>
 /// DispatchACLs method implmentation
 /// </summary>
 public ACLParametersRecord GetAdministrativeACL(string domain, string account, string password, string path)
 {
     try
     {
         if (_aclrecord.Loaded != true)
         {
             if (IsPrimaryComputer(_servers))
             {
                 _aclrecord = Certs.FetchACLs(domain, account, password, path);
             }
             else
             {
                 _aclrecord = DoRequestAdministrativeACL(_servers, domain, account, password, path);
             }
         }
     }
     catch (Exception e)
     {
         _log.WriteEntry(string.Format("Error on WebAdminService Service GetAdministrative ACL method : {0}.", e.Message), EventLogEntryType.Error, 2010);
         _aclrecord.Loaded = false;
     }
     return(_aclrecord);
 }

コード例 #8

ファイル: Neos.IdentityServer.MultiFactor.Certificates.cs プロジェクト: lvov13/adfsmfa

 /// <summary>
 /// Constructor
 /// </summary>
 public RSAEncryption(string xorsecret, string thumbprint) : base(xorsecret)
 {
     Certificate = Certs.GetCertificate(thumbprint, StoreLocation.LocalMachine);
 }

コード例 #9

ファイル: Neos.IdentityServer.HubService.WebAdmin.cs プロジェクト: zjorz/adfsmfa

        /// <summary>
        /// CreateRSACertificateForSQLEncryption method implementation
        /// </summary>
        internal string CreateRSACertificateForSQLEncryption(Dictionary <string, bool> servers, string subject, int years)
        {
            SIDs.Initialize();

            string thumbprint = null;

            try
            {
                string           strcert = string.Empty;
                X509Certificate2 cert    = null;
                try
                {
                    cert = Certs.CreateRSACertificateForSQLEncryption(subject, years, out strcert);
                    if (cert == null)
                    {
                        return(null);
                    }
                    else
                    {
                        thumbprint = cert.Thumbprint;
                    }
                }
                finally
                {
                    cert.Reset();
                }

                SIDs.internalUpdateCertificatesACLs(KeyMgtOptions.MFACerts);

                string        fqdn        = Dns.GetHostEntry("localhost").HostName;
                List <string> servernames = (from server in servers
                                             where (server.Key.ToLower() != fqdn.ToLower())
                                             select server.Key.ToLower()).ToList <string>();
                foreach (string srv in servernames)
                {
                    WebAdminClient manager = new WebAdminClient();
                    manager.Initialize(srv);
                    try
                    {
                        IWebAdminServices client = manager.Open();
                        try
                        {
                            client.PushCertificate(strcert);
                        }
                        finally
                        {
                            manager.Close(client);
                        }
                    }
                    catch (Exception e)
                    {
                        _log.WriteEntry(string.Format("Error on WebAdminService Service CreateRSACertificateForSQLEncryption method : {0} / {1}.", srv, e.Message), EventLogEntryType.Error, 2010);
                    }
                    finally
                    {
                        manager.UnInitialize();
                    }
                }
            }
            catch (Exception e)
            {
                _log.WriteEntry(string.Format("Error on WebAdminService Service CreateRSACertificateForSQLEncryption method : {0}.", e.Message), EventLogEntryType.Error, 2010);
                throw e;
            }
            return(thumbprint);
        }