public string SendRequestToCA(string certRequest) { // Create objects var certConfig = new CCertConfig(); var objCertRequest = new CCertRequest(); var caConfig = certConfig.GetConfig(CC_DEFAULTCONFIG); // Submit the request var iDisposition = objCertRequest.Submit( CR_IN_BASE64 | CR_IN_FORMATANY, certRequest, null, caConfig ); // Check the submission status if (CR_DISP_ISSUED != iDisposition) // Not enrolled { var strDis = objCertRequest.GetDispositionMessage(); Console.WriteLine(strDis); } // Get the certificate var strCert = objCertRequest.GetCertificate(CR_OUT_BASE64 | CR_OUT_CHAIN); return(strCert); }
//submit the request that created in the createCertifcate to the CA public int SubmitRequest(string certrequest, string hostname) { CCertConfig objCertConfig = new CCertConfig(); CCertRequest objCertRequest = new CCertRequest(); // CCertAdmin objCertAdmin = new CCertAdmin(); string strCAConfig; int iDisposition; int requestID; string errorStatus; try { strCAConfig = objCertConfig.GetConfig(CC_DEFAULTCONFIG); //connect to the ca iDisposition = objCertRequest.Submit(CR_IN_BASE64, certrequest, null, strCAConfig); //submit the certiface request to the ca requestID = objCertRequest.GetRequestId(); //get the requestid that was created -the certifacte is in pending status Database db = new Database(); db.InsertToCertificateTable(hostname, iDisposition, requestID); //insert first certificate information // objCertAdmin.ResubmitRequest(strCAConfig, requestID); return(requestID); //return the reqid that was created for the certificate request in the pending queue } catch (Exception ex) { errorStatus = ex.Message; Database db = new Database(); db.InsertToErrorMessageTable(hostname, 0, ex.Message, "SubmitRequest");//insert Error Message into The Error Table Log In The DataBase return(0); } }
//get the certifacte status from the ca public int retrieveStatus(int requestID, string hostname) { int iDisposition; string strCAConfig; CCertConfig objCertConfig = new CCertConfig(); CCertRequest objCertRequest = new CCertRequest(); try { SqlLite sql = new SqlLite(); /*Cheking if host name and req is belong to each other*/ if (sql.checkHostnameWithreqID(requestID, hostname)) { return(-6); } if (sql.checkcertFlag(requestID)) //checking if the client allreay consumed the certificate { return(-3); } strCAConfig = objCertConfig.GetConfig(CC_DEFAULTCONFIG); //connect to the ca iDisposition = objCertRequest.RetrievePending(requestID, strCAConfig); //retrive the certifcate status from the ca sql.updateTable(iDisposition, requestID); //updat certificate table with more information about the cert return(iDisposition); //return cert status } catch (Exception ex) { Console.Write(ex.Message); return(-2); } }
static int Main(string[] args) { string caConfig; int reason; string serial; if (args.Length == 1) { CCertConfig objCertConfig = new CCertConfig(); caConfig = objCertConfig.GetConfig(CC_UIPICKCONFIG); reason = (int)RevokeReason.CRL_REASON_CESSATION_OF_OPERATION; serial = args[0]; } else if (args.Length == 3) { caConfig = args[0]; reason = int.Parse(args[1]); serial = args[2]; } else { Console.WriteLine("Usage: RevokeCert.exe [SerialNumber]"); Console.WriteLine("Usage: RevokeCert.exe [CAConfig] [Reason] [SerialNumber]"); return(2); } CCertAdmin admin = null; try { admin = new CCertAdmin(); admin.RevokeCertificate(caConfig, serial, reason, DateTime.Now); return(0); } catch (Exception ex) { Console.Error.WriteLine(ex.Message); return(1); } finally { if (admin != null) { Marshal.FinalReleaseComObject(admin); } } }
//rennew certficiate that expired public int RenewCert(string Cert, int reqid) { int iDisposition; string CertifcateStr; string status; string HostName; CX509CertificateRequestPkcs10 objPkcs10 = new CX509CertificateRequestPkcs10(); CX509Enrollment objEnroll = new CX509Enrollment(); CCertConfig objCertConfig = new CCertConfig(); CX500DistinguishedName objDN = new CX500DistinguishedName(); CCertAdmin objCertAdmin = new CCertAdmin(); string strCAConfig; var inheritOptions = X509RequestInheritOptions.InheritPrivateKey | X509RequestInheritOptions.InheritSubjectFlag | X509RequestInheritOptions.InheritExtensionsFlag | X509RequestInheritOptions.InheritSubjectAltNameFlag; try { strCAConfig = objCertConfig.GetConfig(CC_DEFAULTCONFIG); //connect to the ca InstallCert(Cert); objPkcs10.InitializeFromCertificate(X509CertificateEnrollmentContext.ContextUser, Cert, EncodingType.XCN_CRYPT_STRING_BASE64HEADER, inheritOptions); //create new cert request from exists expired cert objDN = objPkcs10.Subject; //getting old cert subject (hostname) HostName = objDN.Name.ToString().Substring(3); objEnroll.InitializeFromRequest(objPkcs10); //create enroll rquest CertifcateStr = objEnroll.CreateRequest(EncodingType.XCN_CRYPT_STRING_BASE64); //crearte new cert request Database db = new Database(); var cert = db.ReturnCertificateInformation(HostName); db.DeleteCertificateRecordFromDb(reqid); // revokeCert(cert.serialnumber); iDisposition = SubmitRequest(CertifcateStr, HostName); //submit cert to the ca objCertAdmin.ResubmitRequest(strCAConfig, iDisposition); //issue the Certificate if (iDisposition > 0) //if cert was created delete the old cert from the table { DeleteCertificateFromStore(objDN.Name.ToString()); return(iDisposition); } return(0); } catch (Exception ex) { status = ex.Message; Database db = new Database(); db.InsertToErrorMessageTable("", reqid, ex.Message, "RenewCert");//insert Error Message into The Error Table Log In The DataBase return(1); } }
/*Revock Certificate */ public int revokeCert(string serialNumber) { CCertConfig objCertConfig = new CCertConfig(); CCertAdmin objCertAdmin = new CCertAdmin(); try { string strCAConfig = objCertConfig.GetConfig(CC_DEFAULTCONFIG);//connect to the ca objCertAdmin.RevokeCertificate(strCAConfig, serialNumber, 0, DateTime.Now); return(0); } catch (Exception ex) { Console.Write(ex.Message); return(1); } }
/*Revock Certificate */ public int RevokeCertificate(string serialNumber) { CCertConfig objCertConfig = new CCertConfig(); CCertAdmin objCertAdmin = new CCertAdmin(); try { string strCAConfig = objCertConfig.GetConfig(CC_DEFAULTCONFIG);//connect to the ca objCertAdmin.RevokeCertificate(strCAConfig, serialNumber, 0, DateTime.Now); return(0); } catch (Exception ex) { Database db = new Database(); db.InsertToErrorMessageTable("", 0, ex.Message, "RevokeCertificate");//insert Error Message into The Error Table Log In The DataBase return(1); } }
private void llBrowseCA_LinkClicked(object sender, LinkLabelLinkClickedEventArgs e) { try { CCertConfig objCertConfig = new CCertConfig(); string config = objCertConfig.GetConfig(CC_UIPICKCONFIG); if (!string.IsNullOrEmpty(config)) { txtCSREndpoint.Text = config; txtCSREndpoint.BackColor = Color.White; } } catch (Exception) { } }
//get the issue Certificate from the ca public string GetCertificate(int requestID) { int iDisposition; int status = 0; string strCAConfig; string pstrCertificate; Database db = new Database(); pstrCertificate = null; CCertConfig objCertConfig = new CCertConfig(); CCertRequest objCertRequest = new CCertRequest(); try { strCAConfig = objCertConfig.GetConfig(CC_DEFAULTCONFIG); //connect to the ca iDisposition = objCertRequest.RetrievePending(requestID, strCAConfig); //getting certificate stauts must before getting the cert pstrCertificate = objCertRequest.GetCertificate(CR_OUT_BASE64); //retrive the Certificate status = db.UpdateCertificateInfo(pstrCertificate, requestID); //update cert with more information if (status == 0) { Certificate cert = new Certificate { CertValue = pstrCertificate }; //creatre cert with JSON type string certJson = Newtonsoft.Json.JsonConvert.SerializeObject(cert); //creatre cert with JSON type return(certJson); //return certificate } else { return("error Update Certificate Table"); } } catch (Exception ex) { db.InsertToErrorMessageTable("", requestID, ex.Message, "GetCertificate");//insert Error Message into The Error Table Log In The DataBase return("error" + ex.Message); } }
//get the certifacte status from the ca public int RetrieveRequestStatus(int requestID, string hostname) { int iDisposition; string strCAConfig; CCertConfig objCertConfig = new CCertConfig(); CCertRequest objCertRequest = new CCertRequest(); try { Database db = new Database(); /*Cheking if host name and req is belong to each other*/ if (db.CheckIfReqIDBelongToHost(requestID, hostname)) { return(-6); } if (db.CheckIfCertificateConsumed(requestID)) //checking if the client allreay consumed the certificate { return(-3); } strCAConfig = objCertConfig.GetConfig(CC_DEFAULTCONFIG); //connect to the ca iDisposition = objCertRequest.RetrievePending(requestID, strCAConfig); //retrive the certifcate status from the ca db.UpdateUnlockFlagAndStatus(iDisposition, requestID); //updat certificate table with more information about the cert return(iDisposition); //return cert status } catch (Exception ex) { Database db = new Database(); db.InsertToErrorMessageTable(hostname, requestID, ex.Message, "RetrieveRequestStatus");//insert Error Message into The Error Table Log In The DataBase return(-2); } }
static void Main(string[] args) { if (args.Length != 5) { Console.WriteLine("Usage: Signer.exe [EnrollmentCertificateThumbprint] [BehalfOfUser] [PathToCSR] [OutputFileName] [CertificateTemplate]"); return; } string argsKey = args[0]; string argsUser = args[1]; string argsCsr = args[2]; string argsCrt = args[3]; string argsCrtTmpl = args[4]; string csr = string.Join("\n", File.ReadAllLines(argsCsr).Where(s => s.Length > 0 && !s.StartsWith("--"))); // Create a PKCS 10 inner request. CX509CertificateRequestPkcs10 pkcs10Req = new CX509CertificateRequestPkcs10(); pkcs10Req.InitializeDecode(csr); // Create a CMC outer request and initialize CX509CertificateRequestCmc cmcReq = new CX509CertificateRequestCmc(); cmcReq.InitializeFromInnerRequestTemplateName(pkcs10Req, argsCrtTmpl); cmcReq.RequesterName = argsUser; CSignerCertificate signer = new CSignerCertificate(); signer.Initialize(false, X509PrivateKeyVerify.VerifyNone, (EncodingType)0xc, argsKey); cmcReq.SignerCertificate = signer; // encode the request cmcReq.Encode(); string strRequest = cmcReq.RawData[EncodingType.XCN_CRYPT_STRING_BASE64]; CCertConfig objCertConfig = new CCertConfig(); CCertRequest objCertRequest = new CCertRequest(); // Get CA config from UI string strCAConfig = objCertConfig.GetConfig(CC_UIPICKCONFIG); // Submit the request int iDisposition = objCertRequest.Submit(CR_IN_BASE64 | CR_IN_FORMATANY, strRequest, null, strCAConfig); // Check the submission status if (CR_DISP_ISSUED != iDisposition) // Not enrolled { string strDisposition = objCertRequest.GetDispositionMessage(); if (CR_DISP_UNDER_SUBMISSION == iDisposition) { Console.WriteLine("The submission is pending: " + strDisposition); return; } Console.WriteLine("The submission failed: " + strDisposition); Console.WriteLine("Last status: " + objCertRequest.GetLastStatus()); return; } // Get the certificate string strCert = objCertRequest.GetCertificate(CR_OUT_BASE64); File.WriteAllText(argsCrt, "-----BEGIN CERTIFICATE-----\n" + strCert + "-----END CERTIFICATE-----\n"); }
public string SelectCA() { var certConfig = new CCertConfig(); var certRequest = new CCertRequest(); try { // Get CA config from UI var caConfig = certConfig.GetConfig((int)CertificateConfiguration.CC_UIPICKCONFIG); if (string.IsNullOrWhiteSpace(caConfig)) { return(null); } // Get CA Connection string var ca = certConfig.GetField("Config"); // Get CA Type var caType = certRequest.GetCAProperty(caConfig, 10, 0, 1, 0).ToString(); var caTypeText = ""; switch (caType) { case "0": caTypeText = "ENTERPRISE ROOT CA"; break; case "1": caTypeText = "ENTERPRISE SUB CA"; break; case "3": caTypeText = "STANDALONE ROOT CA"; break; case "4": caTypeText = "STANDALONE SUB CA"; break; } return(ca); } catch (Exception ex) { string error = null; if (ex.HResult.ToString() == "-2147023673") { error = "Closed By user"; } else if (ex.HResult.ToString() == "-2147024637") { error = "Can't find available Servers"; } else { error = ex.Message + " " + ex.HResult; } throw new Exception(error, ex); } }