/// <summary> /// CreateCertificate implementation /// </summary> public virtual X509Certificate2 CreateCertificate(string upn, string password, int validity) { string pass = string.Empty; if (!string.IsNullOrEmpty(password)) { pass = password; } return(Certs.CreateRSAEncryptionCertificateForUser(upn.ToLower(), validity, pass)); }
/// <summary> /// CertificateExists method implementation /// </summary> internal bool CertificateExists(string thumbprint, byte location) { try { return(Certs.CertificateExists(thumbprint, (StoreLocation)location)); } catch (Exception e) { _log.WriteEntry(string.Format("Error on WebAdminService Service CertificateExists method : {0}.", e.Message), EventLogEntryType.Error, 2010); throw e; } }
/// <summary> /// DoRequestAdministrativeACL method implementation /// </summary> private ACLParametersRecord DoRequestAdministrativeACL(Dictionary <string, bool> servers, string domain, string account, string password, string path) { string fqdn = Dns.GetHostEntry("localhost").HostName; List <string> servernames = (from server in servers where (server.Key.ToLower() != fqdn.ToLower() && (server.Value == true)) select server.Key.ToLower()).ToList <string>(); if (servernames != null) { foreach (string srvfqdn in servernames) { WebAdminClient webthemeclient = new WebAdminClient(); try { webthemeclient.Initialize(srvfqdn); IWebAdminServices client = webthemeclient.Open(); try { ACLParametersRecord rec = client.GetAdministrativeACL(domain, account, password, path); if (rec.Loaded) { Certs.ApplyACLs(rec, path); } return(rec); } catch (Exception e) { webthemeclient.UnInitialize(); _log.WriteEntry(string.Format("Error calling DoRequestAdministrativeACL method : {0} => {1}.", srvfqdn, e.Message), EventLogEntryType.Error, 2011); } finally { webthemeclient.Close(client); } } catch (Exception e) { _log.WriteEntry(string.Format("Error calling DoRequestAdministrativeACL method : {0} => {1}.", srvfqdn, e.Message), EventLogEntryType.Error, 2011); return(new ACLParametersRecord() { Loaded = false }); } } } return(new ACLParametersRecord() { Loaded = false }); }
/// <summary> /// CleanOrphanedPrivateKeys method implmentation /// </summary> internal int CleanOrphanedPrivateKeys(byte option, int delay) { try { Certs.CleanOrphanedPrivateKeysRegistry(option, delay); if (option == 0x00) { return(Certs.CleanOrphanedPrivateKeys()); } else { return(0); } } catch (Exception ex) { _log.WriteEntry(string.Format("Error on WebAdminService Service CleanOrphanedPrivateKeys method : {0}.", ex.Message), EventLogEntryType.Error, 2010); throw ex; } }
/// <summary> /// CreatePipeServerSecurity method implementation /// </summary> private PipeSecurity CreatePipeServerSecurity() { SecurityIdentifier dom = GetDomainSid(); if (Config == null) { Certs.InitializeAccountsSID(string.Empty, string.Empty, string.Empty); } else { Certs.InitializeAccountsSID(Config.Hosts.ActiveDirectoryHost.DomainName, Config.Hosts.ActiveDirectoryHost.Account, Config.Hosts.ActiveDirectoryHost.Password); } PipeSecurity pipeSecurity = new PipeSecurity(); SecurityIdentifier id1 = new SecurityIdentifier(WellKnownSidType.LocalSystemSid, null); SecurityIdentifier id2 = new SecurityIdentifier(Certs.ADFSServiceSID); SecurityIdentifier id3 = new SecurityIdentifier(WellKnownSidType.AccountDomainAdminsSid, dom); SecurityIdentifier id4 = new SecurityIdentifier(WellKnownSidType.BuiltinAdministratorsSid, null); SecurityIdentifier id5 = new SecurityIdentifier(WellKnownSidType.NetworkServiceSid, null); SecurityIdentifier id6 = new SecurityIdentifier(WellKnownSidType.WorldSid, null); SecurityIdentifier id7 = new SecurityIdentifier(Certs.ADFSAccountSID); SecurityIdentifier id8 = null; if (!string.IsNullOrEmpty(Certs.ADFSAdminGroupSID)) { id8 = new SecurityIdentifier(Certs.ADFSAdminGroupSID); } // Allow Everyone read and write access to the pipe. pipeSecurity.SetAccessRule(new PipeAccessRule(id1, PipeAccessRights.FullControl, AccessControlType.Allow)); pipeSecurity.SetAccessRule(new PipeAccessRule(id2, PipeAccessRights.FullControl, AccessControlType.Allow)); pipeSecurity.SetAccessRule(new PipeAccessRule(id3, PipeAccessRights.FullControl, AccessControlType.Allow)); pipeSecurity.SetAccessRule(new PipeAccessRule(id4, PipeAccessRights.FullControl, AccessControlType.Allow)); pipeSecurity.SetAccessRule(new PipeAccessRule(id5, PipeAccessRights.ReadWrite, AccessControlType.Allow)); pipeSecurity.SetAccessRule(new PipeAccessRule(id6, PipeAccessRights.ReadWrite, AccessControlType.Allow)); pipeSecurity.SetAccessRule(new PipeAccessRule(id7, PipeAccessRights.FullControl, AccessControlType.Allow)); if (id8 != null) { pipeSecurity.SetAccessRule(new PipeAccessRule(id8, PipeAccessRights.FullControl, AccessControlType.Allow)); } return(pipeSecurity); }
/// <summary> /// PushCertificate method implmentation /// </summary> internal void PushCertificate(string cert) { X509Certificate2 x509 = new X509Certificate2(Convert.FromBase64String(cert), "", X509KeyStorageFlags.Exportable | X509KeyStorageFlags.PersistKeySet); try { if (x509 == null) { return; } X509Store store = new X509Store(StoreName.My, StoreLocation.LocalMachine); store.Open(OpenFlags.MaxAllowed); store.Add(x509); store.Close(); } finally { Certs.CleanSelfSignedCertificate(x509, StoreLocation.LocalMachine); x509.Reset(); SIDs.internalUpdateCertificatesACLs(KeyMgtOptions.AllCerts); } }
/// <summary> /// DispatchACLs method implmentation /// </summary> public ACLParametersRecord GetAdministrativeACL(string domain, string account, string password, string path) { try { if (_aclrecord.Loaded != true) { if (IsPrimaryComputer(_servers)) { _aclrecord = Certs.FetchACLs(domain, account, password, path); } else { _aclrecord = DoRequestAdministrativeACL(_servers, domain, account, password, path); } } } catch (Exception e) { _log.WriteEntry(string.Format("Error on WebAdminService Service GetAdministrative ACL method : {0}.", e.Message), EventLogEntryType.Error, 2010); _aclrecord.Loaded = false; } return(_aclrecord); }
/// <summary> /// Constructor /// </summary> public RSAEncryption(string xorsecret, string thumbprint) : base(xorsecret) { Certificate = Certs.GetCertificate(thumbprint, StoreLocation.LocalMachine); }
/// <summary> /// CreateRSACertificateForSQLEncryption method implementation /// </summary> internal string CreateRSACertificateForSQLEncryption(Dictionary <string, bool> servers, string subject, int years) { SIDs.Initialize(); string thumbprint = null; try { string strcert = string.Empty; X509Certificate2 cert = null; try { cert = Certs.CreateRSACertificateForSQLEncryption(subject, years, out strcert); if (cert == null) { return(null); } else { thumbprint = cert.Thumbprint; } } finally { cert.Reset(); } SIDs.internalUpdateCertificatesACLs(KeyMgtOptions.MFACerts); string fqdn = Dns.GetHostEntry("localhost").HostName; List <string> servernames = (from server in servers where (server.Key.ToLower() != fqdn.ToLower()) select server.Key.ToLower()).ToList <string>(); foreach (string srv in servernames) { WebAdminClient manager = new WebAdminClient(); manager.Initialize(srv); try { IWebAdminServices client = manager.Open(); try { client.PushCertificate(strcert); } finally { manager.Close(client); } } catch (Exception e) { _log.WriteEntry(string.Format("Error on WebAdminService Service CreateRSACertificateForSQLEncryption method : {0} / {1}.", srv, e.Message), EventLogEntryType.Error, 2010); } finally { manager.UnInitialize(); } } } catch (Exception e) { _log.WriteEntry(string.Format("Error on WebAdminService Service CreateRSACertificateForSQLEncryption method : {0}.", e.Message), EventLogEntryType.Error, 2010); throw e; } return(thumbprint); }