public void ValidateTemplatePublishedActiveDirectory(AdcsTemplate template)
{
IEnumerable <ActiveDirectoryMetadata> metadataList = configurationRepository.GetAll <ActiveDirectoryMetadata>();
if (metadataList == null)
{
throw new AdcsTemplateValidationException("There are no active directory domains configured.");
}
foreach (ActiveDirectoryMetadata metadata in metadataList)
{
List <AdcsCertificateTemplate> templates = this.GetActiveDirectoryTemplates(metadata);
if (!templates.Where(x => x.Name == template.Name).Any())
{
throw new AdcsTemplateValidationException("Adcs template is not published in Active Directory");
}
if (templates.Where(x => x.Name == template.Name).Count() > 1)
{
throw new AdcsTemplateValidationException("Search for Adcs templates by name in Active Directory returned more than one result, this is not allowed");
}
AdcsCertificateTemplate adTemplate = templates.Where(x => x.Name == template.Name).First();
if (template.WindowsApi != adTemplate.WindowsApi)
{
string msg = string.Format("Certificate Manager Template Windows API does not match the template in active directory. AD shows {0}, CertificateManager requested {1}", adTemplate.WindowsApi, template.WindowsApi);
throw new AdcsTemplateValidationException(msg);
}
if (template.Cipher != adTemplate.Cipher)
{
string msg = string.Format("Certificate Manager Template cipher algorithm does not match the template in active directory. AD shows {0}, CertificateManager requested {1}", adTemplate.Cipher, template.Cipher);
throw new AdcsTemplateValidationException(msg);
}
if (!adTemplate.AllowsClientProvidedSubject())
{
throw new AdcsTemplateValidationException("Adcs template was found in Active Directory, but the template does not allow the client to specify the subject");
}
if (adTemplate.RequiresStrongKeyProtection())
{
throw new AdcsTemplateValidationException("Adcs template in Active Directory requires strong key protection. Certificate Manager inplements strong key protection that is incompatible with Active Directory Certificate Services. ");
}
if (adTemplate.PendAllRequests())
{
throw new AdcsTemplateValidationException("Issuance requires pending the certificate for manager approval. This is not compatible with Certificate Manager");
}
if (adTemplate.RequireUserInteraction())
{
throw new AdcsTemplateValidationException("Issuance requires user interaction. This is not compatible with Certificate Manager");
}
}
}
public void AdcsTemplateLogic_GetActiveDirectoryPublishedTemplate_ValidName_ReturnsObjectWithMatchingName()
{
string name = "ServerAuthentication-CngRsa";
AdcsTemplateLogic templateLogic = new AdcsTemplateLogic(null, activeDirectory);
AdcsCertificateTemplate template = templateLogic.GetActiveDirectoryPublishedTemplate(name, metadata);
Assert.AreEqual(name, template.Name);
}
public void AdcsTemplateLogic_GetActiveDirectoryPublishedTemplate_ValidNameAndCipherEdsa_ReturnsObjectWithExpectedCipherAlgorithm()
{
string name = "ServerAuthentication-CngEcdsa";
CipherAlgorithm expectedCipher = CipherAlgorithm.ECDSA;
AdcsTemplateLogic templateLogic = new AdcsTemplateLogic(null, activeDirectory);
AdcsCertificateTemplate template = templateLogic.GetActiveDirectoryPublishedTemplate(name, metadata);
Assert.AreEqual(expectedCipher, template.Cipher);
}
