/// <summary> /// Retrieves the most recent 'CA Exchange' certificate. If the certificate does not exist, the method /// will instruct CA server to generate or enroll a new one. /// </summary> /// <exception cref="UninitializedObjectException">The object is not properly initialized.</exception> /// <exception cref="ServerUnavailableException">CA server is not accessible via RPC/DCOM.</exception> /// <exception cref="UnauthorizedAccessException">The caller do not have at least <strong>Read</strong> permissions.</exception> /// <exception cref="PlatformNotSupportedException">Current CA is not <strong>Enterprise CA</strong>. Only Enterprise CAs supports this feature.</exception> /// <returns>CA Exchange certificate.</returns> public X509Certificate2 GetCAExchangeCertificate() { if (String.IsNullOrEmpty(Name)) { throw new UninitializedObjectException(); } if (!IsEnterprise) { throw new PlatformNotSupportedException(Error.E_NONENTERPRISE); } if (!Ping()) { ServerUnavailableException e = new ServerUnavailableException(DisplayName); e.Data.Add(nameof(e.Source), OfflineSource.DCOM); throw e; } var CertAdmin = new CCertAdmin(); try { Int32 index = (Int32)CertAdmin.GetCAProperty(ConfigString, CertAdmConstants.CrPropCaxchgcertcount, 0, 1, 0) - 1; if (index >= 0) { String Base64 = (String)CertAdmin.GetCAProperty(ConfigString, CertAdmConstants.CrPropCaxchgcert, index, 3, 1); return(new X509Certificate2(Convert.FromBase64String(Base64))); } throw new Exception(String.Format(Error.E_XCHGUNAVAILABLE, DisplayName)); } catch (Exception e) { throw Error.ComExceptionHandler(e); } finally { CryptographyUtils.ReleaseCom(CertAdmin); } }
void m_initialize(CertificateAuthority certificateAuthority) { if (!certificateAuthority.IsEnterprise) { throw new PlatformNotSupportedException(); } if (!certificateAuthority.Ping()) { ServerUnavailableException e = new ServerUnavailableException(certificateAuthority.DisplayName); e.Data.Add(nameof(e.Source), OfflineSource.DCOM); throw e; } Name = certificateAuthority.Name; DisplayName = certificateAuthority.DisplayName; ComputerName = certificateAuthority.ComputerName; ConfigString = certificateAuthority.ConfigString; CCertAdmin CertAdmin = new CCertAdmin(); Int32 KRACount = (Int32)CertAdmin.GetCAProperty(certificateAuthority.ConfigString, CertAdmConst.CrPropKracertcount, 0, CertAdmConst.ProptypeLong, 0); if (KRACount > 0) { for (Int32 index = 0; index < KRACount; index++) { String Base64 = (String)CertAdmin.GetCAProperty(certificateAuthority.ConfigString, CertAdmConst.CrPropKracert, index, CertAdmConst.ProptypeBinary, 1); _certs.Add(new X509Certificate2(Convert.FromBase64String(Base64))); } } }
/// <summary> /// Returns all CA certificates. /// </summary> /// <exception cref="UninitializedObjectException"> /// Current object is not initialized. /// </exception> /// <exception cref="ServerUnavailableException"> /// Current CA server could not be contacted via remote registry and RPC protocol. /// </exception> /// <returns>A collection of CA certificates.</returns> public X509Certificate2Collection GetCACerts() { if (String.IsNullOrEmpty(Name)) { throw new UninitializedObjectException(); } if (!Ping()) { ServerUnavailableException e = new ServerUnavailableException(DisplayName); e.Data.Add(nameof(e.Source), OfflineSource.DCOM); throw e; } var CertAdmin = new CCertAdmin(); X509Certificate2Collection certs = new X509Certificate2Collection(); Int32 count = (Int32)CertAdmin.GetCAProperty(ConfigString, CertAdmConstants.CrPropCasigcertcount, 0, 1, 0); for (Int32 index = 0; index < count; index++) { certs.Add(new X509Certificate(Convert.FromBase64String((String)CertAdmin.GetCAProperty(ConfigString, CertAdmConstants.CrPropCasigcert, index, 3, 1)))); } CryptographyUtils.ReleaseCom(CertAdmin); return(certs); }
void getVersion() { if (RegistryOnline) { switch ((Int32)CryptoRegistry.GetRReg("Version", String.Empty, ComputerName)) { case 0x00010001: Version = "2000"; break; case 0x00020002: Version = "2003"; break; case 0x00030001: Version = "2008"; break; case 0x00040001: Version = "2008R2"; break; case 0x00050001: Version = "2012"; break; case 0x00060001: Version = "2012R2"; break; case 0x00070001: Version = "2016"; break; } SetupStatus = (SetupStatusEnum)CryptoRegistry.GetRReg("SetupStatus", String.Empty, ComputerName); } else { String ver = (String)_certAdmin.GetCAProperty(ConfigString, CertAdmConstants.CrPropProductversion, 0, 4, 0); String[] vers = ver.Split(new [] { ":" }, StringSplitOptions.RemoveEmptyEntries); switch (vers[0]) { case "5.0": Version = "2000"; break; case "5.2": Version = "2003"; break; case "6.0": Version = "2008"; break; case "6.1": Version = "2008R2"; break; case "6.2": Version = "2012"; break; case "6.3": Version = "2012R2"; break; default: Version = vers[0].StartsWith("10.0") ? "2016" : "Unknown"; break; } SetupStatus = SetupStatusEnum.Unknown; } }
/// <summary> /// Updates KRA configuration by writing KRA certificates to Certification Authority. The method writes all certificates contained in /// <see cref="Certificate"/> property. /// </summary> /// <param name="restart"> /// Indiciates whether to restart certificate services to immediately apply changes. Updated settings has no effect until /// CA service is restarted. /// </param> /// <exception cref="UnauthorizedAccessException"> /// The caller do not have sufficient permissions to make changes in the CA configuration. /// </exception> /// <exception cref="ServerUnavailableException"> /// The target CA server could not be contacted via RPC/DCOM transport. /// </exception> /// <remarks> /// <para>This method do not check whether the certificates in <see cref="Certificate"/> property are valid. /// The caller is responsible to check if the certificates are time-valid, trusted and not revoked.</para> /// </remarks> /// <returns> /// <strong>True</strong> if configuration was changed. If an object was not modified since it was instantiated, configuration is not updated /// and the method returns <strong>False</strong>. /// </returns> /// <remarks>The caller must have <strong>Administrator</strong> permissions on the target CA server.</remarks> public Boolean SetInfo(Boolean restart) { if (IsModified) { if (!CertificateAuthority.Ping(ComputerName)) { ServerUnavailableException e = new ServerUnavailableException(DisplayName); e.Data.Add(nameof(e.Source), OfflineSource.DCOM); throw e; } CCertAdmin CertAdmin = new CCertAdmin(); try { if (_certs.Count > 0) { Int32 kracount = (Int32)CertAdmin.GetCAProperty(ConfigString, CertAdmConst.CrPropKracertcount, 0, CertAdmConst.ProptypeLong, 0); if (kracount > 0) { CertAdmin.SetCAProperty(ConfigString, CertAdmConst.CrPropKracertcount, 0, CertAdmConst.ProptypeLong, 0); } for (Int32 index = 0; index < _certs.Count; index++) { String der = CryptographyUtils.EncodeDerString(_certs[index].RawData); CertAdmin.SetCAProperty(ConfigString, CertAdmConst.CrPropKracert, index, CertAdmConst.ProptypeBinary, der); } CertAdmin.SetCAProperty(ConfigString, CertAdmConst.CrPropKracertusedcount, 0, CertAdmConst.ProptypeLong, _certs.Count); } else { CertAdmin.SetCAProperty(ConfigString, CertAdmConst.CrPropKracertcount, 0, CertAdmConst.ProptypeLong, 0); CertAdmin.SetCAProperty(ConfigString, CertAdmConst.CrPropKracertusedcount, 0, CertAdmConst.ProptypeLong, 0); } } catch (Exception e) { throw Error.ComExceptionHandler(e); } finally { CryptographyUtils.ReleaseCom(CertAdmin); } IsModified = false; if (restart) { CertificateAuthority.Restart(ComputerName); } return(true); } return(false); }
void getVersion() { if (RegistryOnline) { switch ((Int32)CryptoRegistry.GetRReg("Version", String.Empty, ComputerName)) { case 0x00010001: Version = "2000"; break; case 0x00020002: Version = "2003"; break; case 0x00030001: Version = "2008"; break; case 0x00040001: Version = "2008R2"; break; case 0x00050001: Version = "2012"; break; case 0x00060001: Version = "2012R2"; break; } SetupStatus = (SetupStatusEnum)CryptoRegistry.GetRReg("SetupStatus", String.Empty, ComputerName); } else { String ver = (String)CertAdmin.GetCAProperty(ConfigString, CertAdmConst.CR_PROP_PRODUCTVERSION, 0, 4, 0); String[] vers = ver.Split(new [] { ":" }, StringSplitOptions.RemoveEmptyEntries); switch (vers[0]) { case "5.0": Version = "2000"; break; case "5.2": Version = "2003"; break; case "6.0": Version = "2008"; break; case "6.1": Version = "2008R2"; break; case "6.2": Version = "2012"; break; case "6.3": Version = "2012R2"; break; } SetupStatus = SetupStatusEnum.Unknown; } }
void m_initialize(CertificateAuthority certificateAuthority) { if (!certificateAuthority.IsEnterprise) { throw new PlatformNotSupportedException(); } if (!certificateAuthority.Ping()) { ServerUnavailableException e = new ServerUnavailableException(certificateAuthority.DisplayName); e.Data.Add(nameof(e.Source), OfflineSource.DCOM); throw e; } Name = certificateAuthority.Name; DisplayName = certificateAuthority.DisplayName; ComputerName = certificateAuthority.ComputerName; version = certificateAuthority.Version; sku = certificateAuthority.Sku; configString = certificateAuthority.ConfigString; CCertAdmin CertAdmin = new CCertAdmin(); String templates = (String)CertAdmin.GetCAProperty(certificateAuthority.ConfigString, CertAdmConstants.CrPropTemplates, 0, CertAdmConstants.ProptypeString, 0); List <CertificateTemplate> tobeadded = new List <CertificateTemplate>(); if (templates != String.Empty) { String[] SplitString = { "\n" }; String[] TempArray = templates.Split(SplitString, StringSplitOptions.RemoveEmptyEntries); for (Int32 index = 0; index < TempArray.Length; index += 2) { tobeadded.Add(new CertificateTemplate("Name", TempArray[index])); } Templates = tobeadded.ToArray(); } else { Templates = null; } }