public void ValidateTemplatePublishedActiveDirectory(AdcsTemplate template)
        {
            IEnumerable <ActiveDirectoryMetadata> metadataList = configurationRepository.GetAll <ActiveDirectoryMetadata>();

            if (metadataList == null)
            {
                throw new AdcsTemplateValidationException("There are no active directory domains configured.");
            }

            foreach (ActiveDirectoryMetadata metadata in metadataList)
            {
                List <AdcsCertificateTemplate> templates = this.GetActiveDirectoryTemplates(metadata);

                if (!templates.Where(x => x.Name == template.Name).Any())
                {
                    throw new AdcsTemplateValidationException("Adcs template is not published in Active Directory");
                }

                if (templates.Where(x => x.Name == template.Name).Count() > 1)
                {
                    throw new AdcsTemplateValidationException("Search for Adcs templates by name in Active Directory returned more than one result, this is not allowed");
                }

                AdcsCertificateTemplate adTemplate = templates.Where(x => x.Name == template.Name).First();


                if (template.WindowsApi != adTemplate.WindowsApi)
                {
                    string msg = string.Format("Certificate Manager Template Windows API does not match the template in active directory. AD shows {0}, CertificateManager requested {1}", adTemplate.WindowsApi, template.WindowsApi);
                    throw new AdcsTemplateValidationException(msg);
                }

                if (template.Cipher != adTemplate.Cipher)
                {
                    string msg = string.Format("Certificate Manager Template cipher algorithm does not match the template in active directory. AD shows {0}, CertificateManager requested {1}", adTemplate.Cipher, template.Cipher);
                    throw new AdcsTemplateValidationException(msg);
                }
                if (!adTemplate.AllowsClientProvidedSubject())
                {
                    throw new AdcsTemplateValidationException("Adcs template was found in Active Directory, but the template does not allow the client to specify the subject");
                }

                if (adTemplate.RequiresStrongKeyProtection())
                {
                    throw new AdcsTemplateValidationException("Adcs template in Active Directory requires strong key protection. Certificate Manager inplements strong key protection that is incompatible with Active Directory Certificate Services. ");
                }

                if (adTemplate.PendAllRequests())
                {
                    throw new AdcsTemplateValidationException("Issuance requires pending the certificate for manager approval. This is not compatible with Certificate Manager");
                }

                if (adTemplate.RequireUserInteraction())
                {
                    throw new AdcsTemplateValidationException("Issuance requires user interaction. This is not compatible with Certificate Manager");
                }
            }
        }
        public void AdcsTemplateLogic_GetActiveDirectoryPublishedTemplate_ValidName_ReturnsObjectWithMatchingName()
        {
            string name = "ServerAuthentication-CngRsa";

            AdcsTemplateLogic templateLogic = new AdcsTemplateLogic(null, activeDirectory);

            AdcsCertificateTemplate template = templateLogic.GetActiveDirectoryPublishedTemplate(name, metadata);

            Assert.AreEqual(name, template.Name);
        }
예제 #3
0
        public void AdcsTemplateLogic_GetActiveDirectoryPublishedTemplate_ValidNameAndCipherEdsa_ReturnsObjectWithExpectedCipherAlgorithm()
        {
            string          name           = "ServerAuthentication-CngEcdsa";
            CipherAlgorithm expectedCipher = CipherAlgorithm.ECDSA;

            AdcsTemplateLogic templateLogic = new AdcsTemplateLogic(null, activeDirectory);

            AdcsCertificateTemplate template = templateLogic.GetActiveDirectoryPublishedTemplate(name, metadata);

            Assert.AreEqual(expectedCipher, template.Cipher);
        }