public void ValidateTemplatePublishedActiveDirectory(AdcsTemplate template) { IEnumerable <ActiveDirectoryMetadata> metadataList = configurationRepository.GetAll <ActiveDirectoryMetadata>(); if (metadataList == null) { throw new AdcsTemplateValidationException("There are no active directory domains configured."); } foreach (ActiveDirectoryMetadata metadata in metadataList) { List <AdcsCertificateTemplate> templates = this.GetActiveDirectoryTemplates(metadata); if (!templates.Where(x => x.Name == template.Name).Any()) { throw new AdcsTemplateValidationException("Adcs template is not published in Active Directory"); } if (templates.Where(x => x.Name == template.Name).Count() > 1) { throw new AdcsTemplateValidationException("Search for Adcs templates by name in Active Directory returned more than one result, this is not allowed"); } AdcsCertificateTemplate adTemplate = templates.Where(x => x.Name == template.Name).First(); if (template.WindowsApi != adTemplate.WindowsApi) { string msg = string.Format("Certificate Manager Template Windows API does not match the template in active directory. AD shows {0}, CertificateManager requested {1}", adTemplate.WindowsApi, template.WindowsApi); throw new AdcsTemplateValidationException(msg); } if (template.Cipher != adTemplate.Cipher) { string msg = string.Format("Certificate Manager Template cipher algorithm does not match the template in active directory. AD shows {0}, CertificateManager requested {1}", adTemplate.Cipher, template.Cipher); throw new AdcsTemplateValidationException(msg); } if (!adTemplate.AllowsClientProvidedSubject()) { throw new AdcsTemplateValidationException("Adcs template was found in Active Directory, but the template does not allow the client to specify the subject"); } if (adTemplate.RequiresStrongKeyProtection()) { throw new AdcsTemplateValidationException("Adcs template in Active Directory requires strong key protection. Certificate Manager inplements strong key protection that is incompatible with Active Directory Certificate Services. "); } if (adTemplate.PendAllRequests()) { throw new AdcsTemplateValidationException("Issuance requires pending the certificate for manager approval. This is not compatible with Certificate Manager"); } if (adTemplate.RequireUserInteraction()) { throw new AdcsTemplateValidationException("Issuance requires user interaction. This is not compatible with Certificate Manager"); } } }
public void AdcsTemplateLogic_GetActiveDirectoryPublishedTemplate_ValidName_ReturnsObjectWithMatchingName() { string name = "ServerAuthentication-CngRsa"; AdcsTemplateLogic templateLogic = new AdcsTemplateLogic(null, activeDirectory); AdcsCertificateTemplate template = templateLogic.GetActiveDirectoryPublishedTemplate(name, metadata); Assert.AreEqual(name, template.Name); }
public void AdcsTemplateLogic_GetActiveDirectoryPublishedTemplate_ValidNameAndCipherEdsa_ReturnsObjectWithExpectedCipherAlgorithm() { string name = "ServerAuthentication-CngEcdsa"; CipherAlgorithm expectedCipher = CipherAlgorithm.ECDSA; AdcsTemplateLogic templateLogic = new AdcsTemplateLogic(null, activeDirectory); AdcsCertificateTemplate template = templateLogic.GetActiveDirectoryPublishedTemplate(name, metadata); Assert.AreEqual(expectedCipher, template.Cipher); }