//submit the request that created in the createCertifcate to the CA
public int submitRequest(string certrequest, string hostname)
{
CCertConfig objCertConfig = new CCertConfig();
CCertRequest objCertRequest = new CCertRequest();
CCertAdmin objCertAdmin = new CCertAdmin();
string strCAConfig;
int iDisposition;
int requestID;
string errorStatus;
try
{
strCAConfig = objCertConfig.GetConfig(CC_DEFAULTCONFIG); //connect to the ca
iDisposition = objCertRequest.Submit(CR_IN_BASE64, certrequest, null, strCAConfig); //submit the certiface request to the ca
requestID = objCertRequest.GetRequestId(); //get the requestid that was created -the certifacte is in pending status
SqlLite sql = new SqlLite();
sql.insertTable(hostname, iDisposition, requestID); //insert first certificate information
// objCertAdmin.ResubmitRequest(strCAConfig, requestID);
return(requestID); //return the reqid that was created for the certificate request in the pending queue
}
catch (Exception ex)
{
errorStatus = ex.Message;
return(0);
}
}
/// <summary>
/// Retrieves the most recent 'CA Exchange' certificate. If the certificate does not exist, the method
/// will instruct CA server to generate or enroll a new one.
/// </summary>
/// <exception cref="UninitializedObjectException">The object is not properly initialized.</exception>
/// <exception cref="ServerUnavailableException">CA server is not accessible via RPC/DCOM.</exception>
/// <exception cref="UnauthorizedAccessException">The caller do not have at least <strong>Read</strong> permissions.</exception>
/// <exception cref="PlatformNotSupportedException">Current CA is not <strong>Enterprise CA</strong>. Only Enterprise CAs supports this feature.</exception>
/// <returns>CA Exchange certificate.</returns>
public X509Certificate2 GetCAExchangeCertificate()
{
if (String.IsNullOrEmpty(Name))
{
throw new UninitializedObjectException();
}
if (!IsEnterprise)
{
throw new PlatformNotSupportedException(Error.E_NONENTERPRISE);
}
if (!Ping())
{
ServerUnavailableException e = new ServerUnavailableException(DisplayName);
e.Data.Add(nameof(e.Source), OfflineSource.DCOM);
throw e;
}
var CertAdmin = new CCertAdmin();
try {
Int32 index = (Int32)CertAdmin.GetCAProperty(ConfigString, CertAdmConstants.CrPropCaxchgcertcount, 0, 1, 0) - 1;
if (index >= 0)
{
String Base64 = (String)CertAdmin.GetCAProperty(ConfigString, CertAdmConstants.CrPropCaxchgcert, index, 3, 1);
return(new X509Certificate2(Convert.FromBase64String(Base64)));
}
throw new Exception(String.Format(Error.E_XCHGUNAVAILABLE, DisplayName));
} catch (Exception e) {
throw Error.ComExceptionHandler(e);
} finally {
CryptographyUtils.ReleaseCom(CertAdmin);
}
}
void m_initialize(CertificateAuthority certificateAuthority)
{
if (!certificateAuthority.IsEnterprise)
{
throw new PlatformNotSupportedException();
}
if (!certificateAuthority.Ping())
{
ServerUnavailableException e = new ServerUnavailableException(certificateAuthority.DisplayName);
e.Data.Add(nameof(e.Source), OfflineSource.DCOM);
throw e;
}
Name = certificateAuthority.Name;
DisplayName = certificateAuthority.DisplayName;
ComputerName = certificateAuthority.ComputerName;
ConfigString = certificateAuthority.ConfigString;
CCertAdmin CertAdmin = new CCertAdmin();
Int32 KRACount = (Int32)CertAdmin.GetCAProperty(certificateAuthority.ConfigString, CertAdmConst.CrPropKracertcount, 0, CertAdmConst.ProptypeLong, 0);
if (KRACount > 0)
{
for (Int32 index = 0; index < KRACount; index++)
{
String Base64 = (String)CertAdmin.GetCAProperty(certificateAuthority.ConfigString, CertAdmConst.CrPropKracert, index, CertAdmConst.ProptypeBinary, 1);
_certs.Add(new X509Certificate2(Convert.FromBase64String(Base64)));
}
}
}
/// <summary>
/// This method publishes certificate revocation lists (CRLs) for a certification authority (CA).
/// <para>
/// The PublishCRL method publishes a CRL based on the CA's current certificate, as well as CRLs
/// based on any CA certificates that have been renewed and are not yet expired.
/// </para>
/// </summary>
/// <param name="deltaOnly">
/// A delta CRL is published, or the most recent delta CRL is republished if <strong>updateFilesOnly</strong>
/// parameter is set. Note that if the CA has not enabled delta CRL publishing, use of this flag will result
/// in an error.</param>
/// <param name="updateFilesOnly">
/// The most recent base or delta CRL, is republished. The CA will not republish a CRL to a CRL distribution point
/// if the CRL at the distribution point is already the most recent CRL.
/// </param>
/// <exception cref="UninitializedObjectException">The object is not properly initialized.</exception>
/// <exception cref="ServerUnavailableException">CA server is not accessible via RPC/DCOM.</exception>
public void PublishCRL(Boolean deltaOnly = false, Boolean updateFilesOnly = false)
{
if (String.IsNullOrEmpty(Name))
{
throw new UninitializedObjectException();
}
if (!Ping())
{
ServerUnavailableException e = new ServerUnavailableException(DisplayName);
e.Data.Add(nameof(e.Source), OfflineSource.DCOM);
throw e;
}
var CertAdmin = new CCertAdmin();
try {
if (deltaOnly)
{
CertAdmin.PublishCRLs(ConfigString, new DateTime(0), 0x2);
}
else if (updateFilesOnly)
{
CertAdmin.PublishCRLs(ConfigString, new DateTime(0), 0x11);
}
else
{
CertAdmin.PublishCRLs(ConfigString, new DateTime(0), 0x1);
}
} catch (Exception e) {
throw Error.ComExceptionHandler(e);
} finally { CryptographyUtils.ReleaseCom(CertAdmin); }
}
/// <summary>
/// Updates certificate template list issud by a Certification Authority. The method writes all certificates templates contained in
/// <see cref="Templates"/> property.
/// </summary>
/// <exception cref="UnauthorizedAccessException">
/// The caller do not have sufficient permissions to make changes in the CA configuration.
/// </exception>
/// <exception cref="ServerUnavailableException">
/// The target CA server could not be contacted via RPC/DCOM transport.
/// </exception>
/// <exception cref="NotSupportedException">One or more certificate templates are not supported by this CA version.</exception>
/// <remarks>
/// For this method to succeed, the caller must be granted CA <strong>Administrator</strong> permissions.
/// </remarks>
/// <returns>
/// <strong>True</strong> if configuration was changed. If an object was not modified since it was instantiated, configuration is not updated
/// and the method returns <strong>False</strong>.
/// </returns>
/// <remarks>The caller must have <strong>Administrator</strong> permissions on the target CA server.</remarks>
public Boolean SetInfo()
{
if (!IsModified)
{
return(false);
}
if (!CertificateAuthority.Ping(ComputerName))
{
ServerUnavailableException e = new ServerUnavailableException(DisplayName);
e.Data.Add(nameof(e.Source), OfflineSource.DCOM);
throw e;
}
CCertAdmin CertAdmin = new CCertAdmin();
StringBuilder SB = new StringBuilder();
if (Templates.Length > 0)
{
foreach (CertificateTemplate item in Templates)
{
SB.Append(item.Name + "\n");
SB.Append(item.OID.Value + "\n");
}
}
try {
CertAdmin.SetCAProperty(ConfigString, CertAdmConst.CrPropTemplates, 0, CertAdmConst.ProptypeString, SB.ToString());
} catch (Exception e) {
throw Error.ComExceptionHandler(e);
}
IsModified = false;
return(true);
}
static int Main(string[] args)
{
string caConfig;
int reason;
string serial;
if (args.Length == 1)
{
CCertConfig objCertConfig = new CCertConfig();
caConfig = objCertConfig.GetConfig(CC_UIPICKCONFIG);
reason = (int)RevokeReason.CRL_REASON_CESSATION_OF_OPERATION;
serial = args[0];
}
else if (args.Length == 3)
{
caConfig = args[0];
reason = int.Parse(args[1]);
serial = args[2];
}
else
{
Console.WriteLine("Usage: RevokeCert.exe [SerialNumber]");
Console.WriteLine("Usage: RevokeCert.exe [CAConfig] [Reason] [SerialNumber]");
return(2);
}
CCertAdmin admin = null;
try
{
admin = new CCertAdmin();
admin.RevokeCertificate(caConfig, serial, reason, DateTime.Now);
return(0);
}
catch (Exception ex)
{
Console.Error.WriteLine(ex.Message);
return(1);
}
finally
{
if (admin != null)
{
Marshal.FinalReleaseComObject(admin);
}
}
}
/// <summary>
/// Returns all roles granted on the CA to the caller.
/// </summary>
/// <exception cref="UninitializedObjectException">The object is not properly initialized.</exception>
/// <exception cref="ServerUnavailableException">CA server is not accessible via RPC/DCOM.</exception>
/// <exception cref="UnauthorizedAccessException">The caller do not have at least <strong>Read</strong> permissions.</exception>
/// <returns>Granted roles.</returns>
public CARoleEnum GetMyRoles()
{
if (String.IsNullOrEmpty(ConfigString))
{
throw new UninitializedObjectException();
}
if (!IsAccessible)
{
ServerUnavailableException e = new ServerUnavailableException(DisplayName);
e.Data.Add("Source", OfflineSource.DCOM);
throw e;
}
CertAdmin = new CCertAdmin();
return((CARoleEnum)CertAdmin.GetMyRoles(ConfigString));
}
/// <summary>
/// Returns all roles granted on the CA to the caller.
/// </summary>
/// <exception cref="UninitializedObjectException">The object is not properly initialized.</exception>
/// <exception cref="ServerUnavailableException">CA server is not accessible via RPC/DCOM.</exception>
/// <exception cref="UnauthorizedAccessException">The caller do not have at least <strong>Read</strong> permissions.</exception>
/// <returns>Granted roles.</returns>
public CertSrvClientRole GetMyRoles()
{
if (String.IsNullOrEmpty(ConfigString))
{
throw new UninitializedObjectException();
}
if (!IsAccessible)
{
ServerUnavailableException e = new ServerUnavailableException(DisplayName);
e.Data.Add(nameof(e.Source), OfflineSource.DCOM);
throw e;
}
var CertAdmin = new CCertAdmin();
return((CertSrvClientRole)CertAdmin.GetMyRoles(ConfigString));
}
public static void SetRegFallback(
String configString,
String node,
String entry,
List <String> value
)
{
CCertAdmin CertAdmin = new CCertAdmin();
try {
CertAdmin.SetConfigEntry(configString, node, entry, value);
} catch (Exception e) {
throw Error.ComExceptionHandler(e);
} finally {
CryptographyUtils.ReleaseCom(CertAdmin);
}
}
/*Revock Certificate */
public int revokeCert(string serialNumber)
{
CCertConfig objCertConfig = new CCertConfig();
CCertAdmin objCertAdmin = new CCertAdmin();
try
{
string strCAConfig = objCertConfig.GetConfig(CC_DEFAULTCONFIG);//connect to the ca
objCertAdmin.RevokeCertificate(strCAConfig, serialNumber, 0, DateTime.Now);
return(0);
}
catch (Exception ex)
{
Console.Write(ex.Message);
return(1);
}
}
//rennew certficiate that expired
public int RenewCert(string Cert, int reqid)
{
int iDisposition;
string CertifcateStr;
string status;
string HostName;
CX509CertificateRequestPkcs10 objPkcs10 = new CX509CertificateRequestPkcs10();
CX509Enrollment objEnroll = new CX509Enrollment();
CCertConfig objCertConfig = new CCertConfig();
CX500DistinguishedName objDN = new CX500DistinguishedName();
CCertAdmin objCertAdmin = new CCertAdmin();
string strCAConfig;
var inheritOptions = X509RequestInheritOptions.InheritPrivateKey | X509RequestInheritOptions.InheritSubjectFlag | X509RequestInheritOptions.InheritExtensionsFlag | X509RequestInheritOptions.InheritSubjectAltNameFlag;
try
{
strCAConfig = objCertConfig.GetConfig(CC_DEFAULTCONFIG); //connect to the ca
InstallCert(Cert);
objPkcs10.InitializeFromCertificate(X509CertificateEnrollmentContext.ContextUser, Cert, EncodingType.XCN_CRYPT_STRING_BASE64HEADER, inheritOptions); //create new cert request from exists expired cert
objDN = objPkcs10.Subject; //getting old cert subject (hostname)
HostName = objDN.Name.ToString().Substring(3);
objEnroll.InitializeFromRequest(objPkcs10); //create enroll rquest
CertifcateStr = objEnroll.CreateRequest(EncodingType.XCN_CRYPT_STRING_BASE64); //crearte new cert request
Database db = new Database();
var cert = db.ReturnCertificateInformation(HostName);
db.DeleteCertificateRecordFromDb(reqid);
// revokeCert(cert.serialnumber);
iDisposition = SubmitRequest(CertifcateStr, HostName); //submit cert to the ca
objCertAdmin.ResubmitRequest(strCAConfig, iDisposition); //issue the Certificate
if (iDisposition > 0) //if cert was created delete the old cert from the table
{
DeleteCertificateFromStore(objDN.Name.ToString());
return(iDisposition);
}
return(0);
}
catch (Exception ex)
{
status = ex.Message;
Database db = new Database();
db.InsertToErrorMessageTable("", reqid, ex.Message, "RenewCert");//insert Error Message into The Error Table Log In The DataBase
return(1);
}
}
/// <summary>
/// Updates KRA configuration by writing KRA certificates to Certification Authority. The method writes all certificates contained in
/// <see cref="Certificate"/> property.
/// </summary>
/// <param name="restart">
/// Indiciates whether to restart certificate services to immediately apply changes. Updated settings has no effect until
/// CA service is restarted.
/// </param>
/// <exception cref="UnauthorizedAccessException">
/// The caller do not have sufficient permissions to make changes in the CA configuration.
/// </exception>
/// <exception cref="ServerUnavailableException">
/// The target CA server could not be contacted via RPC/DCOM transport.
/// </exception>
/// <remarks>
/// <para>This method do not check whether the certificates in <see cref="Certificate"/> property are valid.
/// The caller is responsible to check if the certificates are time-valid, trusted and not revoked.</para>
/// </remarks>
/// <returns>
/// <strong>True</strong> if configuration was changed. If an object was not modified since it was instantiated, configuration is not updated
/// and the method returns <strong>False</strong>.
/// </returns>
/// <remarks>The caller must have <strong>Administrator</strong> permissions on the target CA server.</remarks>
public Boolean SetInfo(Boolean restart)
{
if (IsModified)
{
if (!CertificateAuthority.Ping(ComputerName))
{
ServerUnavailableException e = new ServerUnavailableException(DisplayName);
e.Data.Add(nameof(e.Source), OfflineSource.DCOM);
throw e;
}
CCertAdmin CertAdmin = new CCertAdmin();
try {
if (_certs.Count > 0)
{
Int32 kracount = (Int32)CertAdmin.GetCAProperty(ConfigString, CertAdmConst.CrPropKracertcount, 0, CertAdmConst.ProptypeLong, 0);
if (kracount > 0)
{
CertAdmin.SetCAProperty(ConfigString, CertAdmConst.CrPropKracertcount, 0, CertAdmConst.ProptypeLong, 0);
}
for (Int32 index = 0; index < _certs.Count; index++)
{
String der = CryptographyUtils.EncodeDerString(_certs[index].RawData);
CertAdmin.SetCAProperty(ConfigString, CertAdmConst.CrPropKracert, index, CertAdmConst.ProptypeBinary, der);
}
CertAdmin.SetCAProperty(ConfigString, CertAdmConst.CrPropKracertusedcount, 0, CertAdmConst.ProptypeLong, _certs.Count);
}
else
{
CertAdmin.SetCAProperty(ConfigString, CertAdmConst.CrPropKracertcount, 0, CertAdmConst.ProptypeLong, 0);
CertAdmin.SetCAProperty(ConfigString, CertAdmConst.CrPropKracertusedcount, 0, CertAdmConst.ProptypeLong, 0);
}
} catch (Exception e) {
throw Error.ComExceptionHandler(e);
} finally {
CryptographyUtils.ReleaseCom(CertAdmin);
}
IsModified = false;
if (restart)
{
CertificateAuthority.Restart(ComputerName);
}
return(true);
}
return(false);
}
public static Object GetRegFallback(
String configString,
String node,
String entry
)
{
CCertAdmin CertAdmin = new CCertAdmin();
try {
Object retn = CertAdmin.GetConfigEntry(configString, node, entry);
CryptographyUtils.ReleaseCom(CertAdmin);
return(retn);
} catch (Exception e) {
throw Error.ComExceptionHandler(e);
} finally {
CryptographyUtils.ReleaseCom(CertAdmin);
}
}
/*Revock Certificate */
public int RevokeCertificate(string serialNumber)
{
CCertConfig objCertConfig = new CCertConfig();
CCertAdmin objCertAdmin = new CCertAdmin();
try
{
string strCAConfig = objCertConfig.GetConfig(CC_DEFAULTCONFIG);//connect to the ca
objCertAdmin.RevokeCertificate(strCAConfig, serialNumber, 0, DateTime.Now);
return(0);
}
catch (Exception ex)
{
Database db = new Database();
db.InsertToErrorMessageTable("", 0, ex.Message, "RevokeCertificate");//insert Error Message into The Error Table Log In The DataBase
return(1);
}
}
void m_initialize(CertificateAuthority certificateAuthority)
{
if (!certificateAuthority.IsEnterprise)
{
throw new PlatformNotSupportedException();
}
if (!certificateAuthority.Ping())
{
ServerUnavailableException e = new ServerUnavailableException(certificateAuthority.DisplayName);
e.Data.Add(nameof(e.Source), OfflineSource.DCOM);
throw e;
}
Name = certificateAuthority.Name;
DisplayName = certificateAuthority.DisplayName;
ComputerName = certificateAuthority.ComputerName;
version = certificateAuthority.Version;
sku = certificateAuthority.Sku;
configString = certificateAuthority.ConfigString;
CCertAdmin CertAdmin = new CCertAdmin();
String templates = (String)CertAdmin.GetCAProperty(certificateAuthority.ConfigString, CertAdmConstants.CrPropTemplates, 0, CertAdmConstants.ProptypeString, 0);
List <CertificateTemplate> tobeadded = new List <CertificateTemplate>();
if (templates != String.Empty)
{
String[] SplitString = { "\n" };
String[] TempArray = templates.Split(SplitString, StringSplitOptions.RemoveEmptyEntries);
for (Int32 index = 0; index < TempArray.Length; index += 2)
{
tobeadded.Add(new CertificateTemplate("Name", TempArray[index]));
}
Templates = tobeadded.ToArray();
}
else
{
Templates = null;
}
}
/// <inheritdoc />
public void SetTemplates(CertificateTemplate[] templates)
{
if (templates == null)
{
throw new ArgumentNullException(nameof(templates));
}
var sb = new StringBuilder();
foreach (CertificateTemplate item in templates)
{
sb.Append(item.Name + "\n");
sb.Append(item.OID.Value + "\n");
}
var certAdmin = new CCertAdmin();
try {
certAdmin.SetCAProperty(_configString, CertAdmConstants.CrPropTemplates, 0, CertAdmConstants.ProptypeString, sb.ToString());
} catch (Exception e) {
throw Error.ComExceptionHandler(e);
}
}
/// <summary>
/// Returns all CA certificates.
/// </summary>
/// <exception cref="UninitializedObjectException">
/// Current object is not initialized.
/// </exception>
/// <exception cref="ServerUnavailableException">
/// Current CA server could not be contacted via remote registry and RPC protocol.
/// </exception>
/// <returns>A collection of CA certificates.</returns>
public X509Certificate2Collection GetCACerts()
{
if (String.IsNullOrEmpty(Name))
{
throw new UninitializedObjectException();
}
if (!Ping())
{
ServerUnavailableException e = new ServerUnavailableException(DisplayName);
e.Data.Add(nameof(e.Source), OfflineSource.DCOM);
throw e;
}
var CertAdmin = new CCertAdmin();
X509Certificate2Collection certs = new X509Certificate2Collection();
Int32 count = (Int32)CertAdmin.GetCAProperty(ConfigString, CertAdmConstants.CrPropCasigcertcount, 0, 1, 0);
for (Int32 index = 0; index < count; index++)
{
certs.Add(new X509Certificate(Convert.FromBase64String((String)CertAdmin.GetCAProperty(ConfigString, CertAdmConstants.CrPropCasigcert, index, 3, 1))));
}
CryptographyUtils.ReleaseCom(CertAdmin);
return(certs);
}
