/// <summary> /// Updates Authority Information Access configuration by writing them to Certification Authority. /// </summary> /// <param name="restart">Indiciates whether to restart certificate services to immediately apply changes. Updated settings has no effect until /// CA service is restarted. /// </param> /// <remarks> /// For this method to succeed, the caller must be granted CA <strong>Administrator</strong> permissions. /// </remarks> /// <exception cref="UnauthorizedAccessException"> /// The caller do not have sufficient permissions to make changes in the CA configuration. /// </exception> /// <exception cref="ServerUnavailableException"> /// The target CA server could not be contacted via remote registry and RPC protocol. /// </exception> /// <returns> /// <strong>True</strong> if configuration was changed. If an object was not modified since it was instantiated, configuration is not updated /// and the method returns <strong>False</strong>. /// </returns> /// <remarks>The caller must have <strong>Administrator</strong> permissions on the target CA server.</remarks> public Boolean SetInfo(Boolean restart) { if (IsModified) { List <String> strings = URI.Length > 0 ? URI.Select(str => str.RegURI).ToList() : null; if (CryptoRegistry.Ping(ComputerName)) { CryptoRegistry.SetRReg(strings, "CACertPublicationURLs", Name, ComputerName); if (restart) { CertificateAuthority.Restart(ComputerName); } IsModified = false; return(true); } if (CertificateAuthority.Ping(ComputerName)) { CryptoRegistry.SetRegFallback(ConfigString, String.Empty, "CACertPublicationURLs", strings); if (restart) { CertificateAuthority.Restart(ComputerName); } IsModified = false; return(true); } ServerUnavailableException e = new ServerUnavailableException(DisplayName); e.Data.Add(nameof(e.Source), (OfflineSource)3); throw e; } return(false); }
void m_initialize(CertificateAuthority certificateAuthority) { String[] urls; Name = certificateAuthority.Name; DisplayName = certificateAuthority.DisplayName; ComputerName = certificateAuthority.ComputerName; ConfigString = certificateAuthority.ConfigString; if (CryptoRegistry.Ping(ComputerName)) { urls = (String[])CryptoRegistry.GetRReg("CACertPublicationURLs", Name, ComputerName); } else { if (CertificateAuthority.Ping(ComputerName)) { urls = (String[])CryptoRegistry.GetRegFallback(ConfigString, String.Empty, "CACertPublicationURLs"); } else { ServerUnavailableException e = new ServerUnavailableException(DisplayName); e.Data.Add(nameof(e.Source), (OfflineSource)3); throw e; } } m_aia = urls.Select(url => new AIA(url)).ToArray(); }
/// <summary> /// Updates issued certificate validity setting. Any issued certificate validity cannot exceed this value. /// </summary> /// <param name="restart"> /// Indiciates whether to restart certificate services to immediately apply changes. Updated settings has no effect until /// CA service is restarted. /// </param> /// <exception cref="UnauthorizedAccessException"> /// The caller do not have sufficient permissions to make changes in the CA configuration. /// </exception> /// <exception cref="ServerUnavailableException"> /// The target CA server could not be contacted via remote registry and RPC protocol. /// </exception> /// <returns> /// <strong>True</strong> if configuration was changed. If an object was not modified since it was instantiated, configuration is not updated /// and the method returns <strong>False</strong>. /// </returns> /// <remarks>The caller must have <strong>Administrator</strong> permissions on the target CA server.</remarks> public Boolean SetInfo(Boolean restart) { if (!IsModified) { return(false); } if (CryptoRegistry.Ping(ComputerName)) { CryptoRegistry.SetRReg(Period, "ValidityPeriodUnits", RegistryValueKind.DWord, Name, ComputerName); CryptoRegistry.SetRReg(PeriodUnits, "ValidityPeriod", RegistryValueKind.String, Name, ComputerName); IsModified = false; if (restart) { CertificateAuthority.Restart(ComputerName); } return(true); } if (CertificateAuthority.Ping(ComputerName)) { CryptoRegistry.SetRegFallback(ConfigString, String.Empty, "ValidityPeriodUnits", Period); CryptoRegistry.SetRegFallback(ConfigString, String.Empty, "ValidityPeriod", PeriodUnits); IsModified = false; if (restart) { CertificateAuthority.Restart(ComputerName); } return(true); } ServerUnavailableException e = new ServerUnavailableException(DisplayName); e.Data.Add(nameof(e.Source), (OfflineSource)3); throw e; }
void m_initialize(CertificateAuthority certificateAuthority) { Name = certificateAuthority.Name; DisplayName = certificateAuthority.DisplayName; ComputerName = certificateAuthority.ComputerName; ConfigString = certificateAuthority.ConfigString; if (CryptoRegistry.Ping(ComputerName)) { m_validity = Convert.ToString((Int32)CryptoRegistry.GetRReg("ValidityPeriodUnits", Name, ComputerName)) + " "; m_validity += (String)CryptoRegistry.GetRReg("ValidityPeriod", Name, ComputerName); } else { if (certificateAuthority.Ping()) { m_validity = Convert.ToString((Int32)CryptoRegistry.GetRegFallback(ConfigString, String.Empty, "ValidityPeriodUnits")); m_validity += (String)CryptoRegistry.GetRegFallback(ConfigString, String.Empty, "ValidityPeriod"); } else { ServerUnavailableException e = new ServerUnavailableException(DisplayName); e.Data.Add(nameof(e.Source), (OfflineSource)3); throw e; } } }
void m_initialize(CertificateAuthority certificateAuthority) { String[] urls; keyMap = certificateAuthority.GetKeyMap(); buildVarValueMapping(certificateAuthority); Name = certificateAuthority.Name; DisplayName = certificateAuthority.DisplayName; ComputerName = certificateAuthority.ComputerName; ConfigString = certificateAuthority.ConfigString; if (CryptoRegistry.Ping(ComputerName)) { urls = (String[])CryptoRegistry.GetRReg("CRLPublicationURLs", Name, ComputerName); } else { if (CertificateAuthority.Ping(ComputerName)) { urls = (String[])CryptoRegistry.GetRegFallback(ConfigString, String.Empty, "CRLPublicationURLs"); } else { ServerUnavailableException e = new ServerUnavailableException(DisplayName); e.Data.Add(nameof(e.Source), (OfflineSource)3); throw e; } } m_cdp = urls.Select(url => new CDP(url)).ToArray(); ResolveUrLs(); }
void m_initialize(CertificateAuthority certificateAuthority) { if (!certificateAuthority.IsEnterprise) { throw new PlatformNotSupportedException(); } if (!certificateAuthority.Ping()) { ServerUnavailableException e = new ServerUnavailableException(certificateAuthority.DisplayName); e.Data.Add(nameof(e.Source), OfflineSource.DCOM); throw e; } Name = certificateAuthority.Name; DisplayName = certificateAuthority.DisplayName; ComputerName = certificateAuthority.ComputerName; ConfigString = certificateAuthority.ConfigString; CCertAdmin CertAdmin = new CCertAdmin(); Int32 KRACount = (Int32)CertAdmin.GetCAProperty(certificateAuthority.ConfigString, CertAdmConst.CrPropKracertcount, 0, CertAdmConst.ProptypeLong, 0); if (KRACount > 0) { for (Int32 index = 0; index < KRACount; index++) { String Base64 = (String)CertAdmin.GetCAProperty(certificateAuthority.ConfigString, CertAdmConst.CrPropKracert, index, CertAdmConst.ProptypeBinary, 1); _certs.Add(new X509Certificate2(Convert.FromBase64String(Base64))); } } }
/// <summary> /// Updates certificate template list issud by a Certification Authority. The method writes all certificates templates contained in /// <see cref="Templates"/> property. /// </summary> /// <exception cref="UnauthorizedAccessException"> /// The caller do not have sufficient permissions to make changes in the CA configuration. /// </exception> /// <exception cref="ServerUnavailableException"> /// The target CA server could not be contacted via RPC/DCOM transport. /// </exception> /// <exception cref="NotSupportedException">One or more certificate templates are not supported by this CA version.</exception> /// <remarks> /// For this method to succeed, the caller must be granted CA <strong>Administrator</strong> permissions. /// </remarks> /// <returns> /// <strong>True</strong> if configuration was changed. If an object was not modified since it was instantiated, configuration is not updated /// and the method returns <strong>False</strong>. /// </returns> /// <remarks>The caller must have <strong>Administrator</strong> permissions on the target CA server.</remarks> public Boolean SetInfo() { if (!IsModified) { return(false); } if (!CertificateAuthority.Ping(ComputerName)) { ServerUnavailableException e = new ServerUnavailableException(DisplayName); e.Data.Add(nameof(e.Source), OfflineSource.DCOM); throw e; } CCertAdmin CertAdmin = new CCertAdmin(); StringBuilder SB = new StringBuilder(); if (Templates.Length > 0) { foreach (CertificateTemplate item in Templates) { SB.Append(item.Name + "\n"); SB.Append(item.OID.Value + "\n"); } } try { CertAdmin.SetCAProperty(ConfigString, CertAdmConst.CrPropTemplates, 0, CertAdmConst.ProptypeString, SB.ToString()); } catch (Exception e) { throw Error.ComExceptionHandler(e); } IsModified = false; return(true); }
/// <summary> /// Updates CA server cryptography settings by writing them to Certification Authority. /// </summary> /// <param name="restart"> /// Indiciates whether to restart certificate services to immediately apply changes. Updated settings has no effect /// until CA service is restarted. /// </param> /// <exception cref="ServerUnavailableException"> /// The target CA server could not be contacted via remote registry and RPC protocol. /// </exception> /// <returns> /// <strong>True</strong> if configuration was changed. If an object was not modified since it was instantiated, configuration is not updated /// and the method returns <strong>False</strong>. /// </returns> /// <remarks> /// The caller must have <strong>Administrator</strong> permissions on the target CA server. /// </remarks> public Boolean SetInfo(Boolean restart) { if (!IsModified) { return(false); } if (CryptoRegistry.Ping(ComputerName)) { if (ProviderIsCNG) { CryptoRegistry.SetRReg(publicKeyAlgorithm.FriendlyName, "CNGPublicKeyAlgorithm", RegistryValueKind.String, Name + "\\CSP", ComputerName); CryptoRegistry.SetRReg(hashingAlgorithm.FriendlyName, "CNGHashAlgorithm", RegistryValueKind.String, Name + "\\CSP", ComputerName); if (alternateSignatureAlgorithm) { CryptoRegistry.SetRReg(1, "AlternateSignatureAlgorithm", RegistryValueKind.String, $@"{Name}\CSP", ComputerName); } else { CryptoRegistry.SetRReg(0, "AlternateSignatureAlgorithm", RegistryValueKind.DWord, $@"{Name}\CSP", ComputerName); } } else { CryptoRegistry.SetRReg(getValueFromOid(hashingAlgorithm), "HashAlgorithm", RegistryValueKind.DWord, $@"{Name}\CSP", ComputerName); } } else { if (CertificateAuthority.Ping(ComputerName)) { if (ProviderIsCNG) { CryptoRegistry.SetRegFallback(ConfigString, "CSP", "CNGPublicKeyAlgorithm", publicKeyAlgorithm.FriendlyName); CryptoRegistry.SetRegFallback(ConfigString, "CSP", "CNGHashAlgorithm", hashingAlgorithm.FriendlyName); CryptoRegistry.SetRegFallback(ConfigString, "CSP", "CNGHashAlgorithm", alternateSignatureAlgorithm ? 1 : 0); } else { CryptoRegistry.SetRegFallback(ConfigString, "CSP", "HashAlgorithm", getValueFromOid(hashingAlgorithm)); } } else { ServerUnavailableException e = new ServerUnavailableException(DisplayName); e.Data.Add(nameof(e.Source), (OfflineSource)3); throw e; } } if (restart) { CertificateAuthority.Restart(ComputerName); } IsModified = false; return(true); }
/// <summary> /// Updates CRL (Base and Delta CRL) setting. /// </summary> /// <param name="restart"> /// Indiciates whether to restart certificate services to immediately apply changes. Updated settings has no effect until /// CA service is restarted. /// </param> /// <exception cref="UnauthorizedAccessException"> /// The caller do not have sufficient permissions to make changes in the CA configuration. /// </exception> /// <exception cref="ServerUnavailableException"> /// The target CA server could not be contacted via remote registry and RPC protocol. /// </exception> /// <returns> /// <strong>True</strong> if configuration was changed. If an object was not modified since it was instantiated, configuration is not updated /// and the method returns <strong>False</strong>. /// </returns> /// <remarks>The caller must have <strong>Administrator</strong> permissions on the target CA server.</remarks> public Boolean SetInfo(Boolean restart) { if (!IsModified) { return(false); } if (CryptoRegistry.Ping(ComputerName)) { // Base CRL CryptoRegistry.SetRReg(BaseUnits, "CRLPeriodUnits", RegistryValueKind.DWord, Name, ComputerName); CryptoRegistry.SetRReg(BasePeriod, "CRLPeriod", RegistryValueKind.String, Name, ComputerName); // Base CRL overlap CryptoRegistry.SetRReg(BaseOverlapUnits, "CRLOverlapUnits", RegistryValueKind.DWord, Name, ComputerName); CryptoRegistry.SetRReg(BaseOverlap, "CRLOverlapPeriod", RegistryValueKind.String, Name, ComputerName); // Delta CRL CryptoRegistry.SetRReg(DeltaUnits, "CRLDeltaPeriodUnits", RegistryValueKind.DWord, Name, ComputerName); CryptoRegistry.SetRReg(DeltaPeriod, "CRLDeltaPeriod", RegistryValueKind.String, Name, ComputerName); // Delta CRL overlap CryptoRegistry.SetRReg(DeltaOverlapUnits, "CRLDeltaOverlapUnits", RegistryValueKind.DWord, Name, ComputerName); CryptoRegistry.SetRReg(DeltaOverlap, "CRLDeltaOverlapPeriod", RegistryValueKind.String, Name, ComputerName); IsModified = false; if (restart) { CertificateAuthority.Restart(ComputerName); } return(true); } if (CertificateAuthority.Ping(ComputerName)) { // Base CRL CryptoRegistry.SetRegFallback(ConfigString, String.Empty, "CRLPeriodUnits", BaseUnits); CryptoRegistry.SetRegFallback(ConfigString, String.Empty, "CRLPeriod", BasePeriod); // Base CRL overlap CryptoRegistry.SetRegFallback(ConfigString, String.Empty, "CRLOverlapUnits", BaseOverlapUnits); CryptoRegistry.SetRegFallback(ConfigString, String.Empty, "CRLOverlapPeriod", BaseOverlap); // Delta CRL CryptoRegistry.SetRegFallback(ConfigString, String.Empty, "CRLDeltaPeriodUnits", DeltaUnits); CryptoRegistry.SetRegFallback(ConfigString, String.Empty, "CRLDeltaPeriod", DeltaPeriod); // Delta CRL overlap CryptoRegistry.SetRegFallback(ConfigString, String.Empty, "CRLDeltaOverlapUnits", DeltaOverlapUnits); CryptoRegistry.SetRegFallback(ConfigString, String.Empty, "CRLDeltaOverlapPeriod", DeltaOverlap); IsModified = false; if (restart) { CertificateAuthority.Restart(ComputerName); } return(true); } ServerUnavailableException e = new ServerUnavailableException(DisplayName); e.Data.Add("Source", (OfflineSource)3); throw e; }
void m_initialize(CertificateAuthority certificateAuthority) { Name = certificateAuthority.Name; DisplayName = certificateAuthority.DisplayName; ComputerName = certificateAuthority.ComputerName; ConfigString = certificateAuthority.ConfigString; if (CryptoRegistry.Ping(ComputerName)) { // Base CRL BaseUnits = (Int32)CryptoRegistry.GetRReg("CRLPeriodUnits", Name, ComputerName); BasePeriod = (String)CryptoRegistry.GetRReg("CRLPeriod", Name, ComputerName); // Base CRL overlap BaseOverlapUnits = (Int32)CryptoRegistry.GetRReg("CRLOverlapUnits", Name, ComputerName); BaseOverlap = (String)CryptoRegistry.GetRReg("CRLOverlapPeriod", Name, ComputerName); // Delta CRL DeltaUnits = (Int32)CryptoRegistry.GetRReg("CRLDeltaPeriodUnits", Name, ComputerName); DeltaPeriod = (String)CryptoRegistry.GetRReg("CRLDeltaPeriod", Name, ComputerName); // Delta CRL overlap DeltaOverlapUnits = (Int32)CryptoRegistry.GetRReg("CRLDeltaOverlapUnits", Name, ComputerName); DeltaOverlap = (String)CryptoRegistry.GetRReg("CRLDeltaOverlapPeriod", Name, ComputerName); } else { if (certificateAuthority.Ping()) { // Base CRL BaseUnits = (Int32)CryptoRegistry.GetRegFallback(ConfigString, String.Empty, "CRLPeriodUnits"); BasePeriod = (String)CryptoRegistry.GetRegFallback(ConfigString, String.Empty, "CRLPeriod"); // Base CRL overlap BaseOverlapUnits = (Int32)CryptoRegistry.GetRegFallback(ConfigString, String.Empty, "CRLOverlapUnits"); BaseOverlap = (String)CryptoRegistry.GetRegFallback(ConfigString, String.Empty, "CRLOverlapPeriod"); // Delta CRL DeltaUnits = (Int32)CryptoRegistry.GetRegFallback(ConfigString, String.Empty, "CRLDeltaPeriodUnits"); DeltaPeriod = (String)CryptoRegistry.GetRegFallback(ConfigString, String.Empty, "CRLDeltaPeriod"); // Delta CRL overlap DeltaOverlapUnits = (Int32)CryptoRegistry.GetRegFallback(ConfigString, String.Empty, "CRLDeltaOverlapUnits"); DeltaOverlap = (String)CryptoRegistry.GetRegFallback(ConfigString, String.Empty, "CRLDeltaOverlapPeriod"); } else { ServerUnavailableException e = new ServerUnavailableException(DisplayName); e.Data.Add("Source", (OfflineSource)3); throw e; } } }
/// <summary> /// Updates KRA configuration by writing KRA certificates to Certification Authority. The method writes all certificates contained in /// <see cref="Certificate"/> property. /// </summary> /// <param name="restart"> /// Indiciates whether to restart certificate services to immediately apply changes. Updated settings has no effect until /// CA service is restarted. /// </param> /// <exception cref="UnauthorizedAccessException"> /// The caller do not have sufficient permissions to make changes in the CA configuration. /// </exception> /// <exception cref="ServerUnavailableException"> /// The target CA server could not be contacted via RPC/DCOM transport. /// </exception> /// <remarks> /// <para>This method do not check whether the certificates in <see cref="Certificate"/> property are valid. /// The caller is responsible to check if the certificates are time-valid, trusted and not revoked.</para> /// </remarks> /// <returns> /// <strong>True</strong> if configuration was changed. If an object was not modified since it was instantiated, configuration is not updated /// and the method returns <strong>False</strong>. /// </returns> /// <remarks>The caller must have <strong>Administrator</strong> permissions on the target CA server.</remarks> public Boolean SetInfo(Boolean restart) { if (IsModified) { if (!CertificateAuthority.Ping(ComputerName)) { ServerUnavailableException e = new ServerUnavailableException(DisplayName); e.Data.Add(nameof(e.Source), OfflineSource.DCOM); throw e; } CCertAdmin CertAdmin = new CCertAdmin(); try { if (_certs.Count > 0) { Int32 kracount = (Int32)CertAdmin.GetCAProperty(ConfigString, CertAdmConst.CrPropKracertcount, 0, CertAdmConst.ProptypeLong, 0); if (kracount > 0) { CertAdmin.SetCAProperty(ConfigString, CertAdmConst.CrPropKracertcount, 0, CertAdmConst.ProptypeLong, 0); } for (Int32 index = 0; index < _certs.Count; index++) { String der = CryptographyUtils.EncodeDerString(_certs[index].RawData); CertAdmin.SetCAProperty(ConfigString, CertAdmConst.CrPropKracert, index, CertAdmConst.ProptypeBinary, der); } CertAdmin.SetCAProperty(ConfigString, CertAdmConst.CrPropKracertusedcount, 0, CertAdmConst.ProptypeLong, _certs.Count); } else { CertAdmin.SetCAProperty(ConfigString, CertAdmConst.CrPropKracertcount, 0, CertAdmConst.ProptypeLong, 0); CertAdmin.SetCAProperty(ConfigString, CertAdmConst.CrPropKracertusedcount, 0, CertAdmConst.ProptypeLong, 0); } } catch (Exception e) { throw Error.ComExceptionHandler(e); } finally { CryptographyUtils.ReleaseCom(CertAdmin); } IsModified = false; if (restart) { CertificateAuthority.Restart(ComputerName); } return(true); } return(false); }
/// <summary> /// Updates certificate template list issued by a Certification Authority. The method writes all certificates templates contained in /// <see cref="Templates"/> property. /// </summary> /// <exception cref="UnauthorizedAccessException"> /// The caller do not have sufficient permissions to make changes in the CA configuration. /// </exception> /// <exception cref="ServerUnavailableException"> /// The target CA server could not be contacted via RPC/DCOM transport. /// </exception> /// <exception cref="NotSupportedException">One or more certificate templates are not supported by this CA version.</exception> /// <remarks> /// For this method to succeed, the caller must be granted CA <strong>Administrator</strong> permissions. /// </remarks> /// <returns> /// <strong>True</strong> if configuration was changed. If an object was not modified since it was instantiated, configuration is not updated /// and the method returns <strong>False</strong>. /// </returns> /// <remarks>The caller must have <strong>Administrator</strong> permissions on the target CA server.</remarks> public Boolean SetInfo() { if (!IsModified) { return(false); } if (!CertificateAuthority.Ping(ComputerName)) { var e = new ServerUnavailableException(DisplayName); e.Data.Add(nameof(e.Source), OfflineSource.DCOM); throw e; } var writer = new CertPropWriterD(configString); writer.SetTemplates(_templates.ToArray()); IsModified = false; return(true); }
void m_initialize(CertificateAuthority certificateAuthority) { if (!certificateAuthority.IsEnterprise) { throw new PlatformNotSupportedException(); } if (!certificateAuthority.Ping()) { ServerUnavailableException e = new ServerUnavailableException(certificateAuthority.DisplayName); e.Data.Add(nameof(e.Source), OfflineSource.DCOM); throw e; } Name = certificateAuthority.Name; DisplayName = certificateAuthority.DisplayName; ComputerName = certificateAuthority.ComputerName; version = certificateAuthority.Version; sku = certificateAuthority.Sku; configString = certificateAuthority.ConfigString; CCertAdmin CertAdmin = new CCertAdmin(); String templates = (String)CertAdmin.GetCAProperty(certificateAuthority.ConfigString, CertAdmConstants.CrPropTemplates, 0, CertAdmConstants.ProptypeString, 0); List <CertificateTemplate> tobeadded = new List <CertificateTemplate>(); if (templates != String.Empty) { String[] SplitString = { "\n" }; String[] TempArray = templates.Split(SplitString, StringSplitOptions.RemoveEmptyEntries); for (Int32 index = 0; index < TempArray.Length; index += 2) { tobeadded.Add(new CertificateTemplate("Name", TempArray[index])); } Templates = tobeadded.ToArray(); } else { Templates = null; } }