/// <param name="certificateAuthority">Specifies an existing <see cref="CertificateServices"/> object.</param> /// <exception cref="UninitializedObjectException">An object in the <strong>certificateAuthority</strong> parameter is not initialized.</exception> /// <exception cref="ServerUnavailableException">The CA server specified in the <strong>certificateAuthority</strong> parameter could not be contacted via RPC/DCOM protocol.</exception> public KRA(CertificateAuthority certificateAuthority) { if (String.IsNullOrEmpty(certificateAuthority.Name)) { throw new UninitializedObjectException(); } m_initialize(certificateAuthority); }
/// <summary> /// Updates CA server cryptography settings by writing them to Certification Authority. /// </summary> /// <param name="restart"> /// Indiciates whether to restart certificate services to immediately apply changes. Updated settings has no effect /// until CA service is restarted. /// </param> /// <exception cref="ServerUnavailableException"> /// The target CA server could not be contacted via remote registry and RPC protocol. /// </exception> /// <returns> /// <strong>True</strong> if configuration was changed. If an object was not modified since it was instantiated, configuration is not updated /// and the method returns <strong>False</strong>. /// </returns> /// <remarks> /// The caller must have <strong>Administrator</strong> permissions on the target CA server. /// </remarks> public Boolean SetInfo(Boolean restart) { if (!IsModified) { return(false); } if (CryptoRegistry.Ping(ComputerName)) { if (ProviderIsCNG) { CryptoRegistry.SetRReg(publicKeyAlgorithm.FriendlyName, "CNGPublicKeyAlgorithm", RegistryValueKind.String, Name + "\\CSP", ComputerName); CryptoRegistry.SetRReg(hashingAlgorithm.FriendlyName, "CNGHashAlgorithm", RegistryValueKind.String, Name + "\\CSP", ComputerName); if (alternateSignatureAlgorithm) { CryptoRegistry.SetRReg(1, "AlternateSignatureAlgorithm", RegistryValueKind.String, $@"{Name}\CSP", ComputerName); } else { CryptoRegistry.SetRReg(0, "AlternateSignatureAlgorithm", RegistryValueKind.DWord, $@"{Name}\CSP", ComputerName); } } else { CryptoRegistry.SetRReg(getValueFromOid(hashingAlgorithm), "HashAlgorithm", RegistryValueKind.DWord, $@"{Name}\CSP", ComputerName); } } else { if (CertificateAuthority.Ping(ComputerName)) { if (ProviderIsCNG) { CryptoRegistry.SetRegFallback(ConfigString, "CSP", "CNGPublicKeyAlgorithm", publicKeyAlgorithm.FriendlyName); CryptoRegistry.SetRegFallback(ConfigString, "CSP", "CNGHashAlgorithm", hashingAlgorithm.FriendlyName); CryptoRegistry.SetRegFallback(ConfigString, "CSP", "CNGHashAlgorithm", alternateSignatureAlgorithm ? 1 : 0); } else { CryptoRegistry.SetRegFallback(ConfigString, "CSP", "HashAlgorithm", getValueFromOid(hashingAlgorithm)); } } else { ServerUnavailableException e = new ServerUnavailableException(DisplayName); e.Data.Add(nameof(e.Source), (OfflineSource)3); throw e; } } if (restart) { CertificateAuthority.Restart(ComputerName); } IsModified = false; return(true); }
void m_initialize(CertificateAuthority certificateAuthority) { Name = certificateAuthority.Name; DisplayName = certificateAuthority.DisplayName; ComputerName = certificateAuthority.ComputerName; ConfigString = certificateAuthority.ConfigString; if (CryptoRegistry.Ping(ComputerName)) { ProviderIsCNG = (Int32)CryptoRegistry.GetRReg("ProviderType", $@"{Name}\CSP", ComputerName) == 0; ProviderName = (String)CryptoRegistry.GetRReg("Provider", $@"{Name}\CSP", ComputerName); publicKeyAlgorithm = ProviderIsCNG ? new Oid((String)CryptoRegistry.GetRReg("CNGPublicKeyAlgorithm", $@"{Name}\CSP", ComputerName)) : new Oid("1.2.840.113549.1.1.1"); // rsa if (ProviderIsCNG) { // CNG hashingAlgorithm = new Oid((String)CryptoRegistry.GetRReg("CNGHashAlgorithm", $@"{Name}\CSP", ComputerName)); try { Int32 altName = (Int32)CryptoRegistry.GetRReg("AlternateSignatureAlgorithm", $@"{Name}\CSP", ComputerName); alternateSignatureAlgorithm = altName != 0; } catch { alternateSignatureAlgorithm = false; } } else { // legacy Int32 algId = (Int32)CryptoRegistry.GetRReg("HashAlgorithm", $@"{Name}\CSP", ComputerName); hashingAlgorithm = getOidFromValue(algId); } return; } ProviderIsCNG = (Int32)CryptoRegistry.GetRegFallback(ConfigString, "CSP", "ProviderType") == 0; ProviderName = (String)CryptoRegistry.GetRegFallback(ConfigString, "CSP", "Provider"); publicKeyAlgorithm = ProviderIsCNG ? new Oid((String)CryptoRegistry.GetRegFallback(ConfigString, "CSP", "CNGPublicKeyAlgorithm")) : new Oid("1.2.840.113549.1.1.1"); // rsa if (ProviderIsCNG) { hashingAlgorithm = new Oid((String)CryptoRegistry.GetRegFallback(ConfigString, "CSP", "CNGHashAlgorithm")); } else { Int32 algId = (Int32)CryptoRegistry.GetRegFallback(ConfigString, "CSP", "HashAlgorithm"); hashingAlgorithm = getOidFromValue(algId); } if (ProviderIsCNG) { try { alternateSignatureAlgorithm = (Int32)CryptoRegistry.GetRegFallback(ConfigString, "CSP", "AlternateSignatureAlgorithm") != 0; } catch { alternateSignatureAlgorithm = false; } } }
/// <param name="certificateAuthority">Specifies an existing <see cref="CertificateAuthority"/> object.</param> /// <exception cref="UninitializedObjectException">An object in the <strong>certificateAuthority</strong> parameter is not initialized.</exception> public AuthorityInformationAccess(CertificateAuthority certificateAuthority) { if (!String.IsNullOrEmpty(certificateAuthority.Name)) { m_initialize(certificateAuthority); } else { throw new UninitializedObjectException(); } }
void buildVarValueMapping(CertificateAuthority ca) { _variableValueMapping.Add("<ServerDNSName>", ca.GetConfigEntry("ServerDNSName")); _variableValueMapping.Add("<ServerShortName>", ca.GetConfigEntry("ServerShortName")); _variableValueMapping.Add("<CaName>", ca.GetConfigEntry("CommonName")); _variableValueMapping.Add("<ConfigurationContainer>", ca.GetConfigEntry("ConfigurationContainer")); _variableValueMapping.Add("<CATruncatedName>", ca.GetConfigEntry("CATruncatedName")); _variableValueMapping.Add("<CRLNameSuffix>", ca.GetConfigEntry("ServerDNSName")); _variableValueMapping.Add("<DeltaCRLAllowed>", ca.GetConfigEntry("+")); _variableValueMapping.Add("<CDPObjectClass>", "?certificateRevocationList?base?objectClass=cRLDistributionPoint"); _variableValueMapping.Add("<CAObjectClass>", "?cACertificate?base?objectClass=certificationAuthority"); }
/// <param name="certificateAuthority">Specifies an existing <see cref="CertificateAuthority"/> object.</param> /// <exception cref="UninitializedObjectException">An object in the <strong>certificateAuthority</strong> parameter is not initialized.</exception> public CACryptography(CertificateAuthority certificateAuthority) { if (certificateAuthority == null) { throw new ArgumentNullException(nameof(certificateAuthority)); } if (String.IsNullOrEmpty(certificateAuthority.Name)) { throw new UninitializedObjectException(); } m_initialize(certificateAuthority); }
/// <summary> /// Updates CRL (Base and Delta CRL) setting. /// </summary> /// <param name="restart"> /// Indiciates whether to restart certificate services to immediately apply changes. Updated settings has no effect until /// CA service is restarted. /// </param> /// <exception cref="UnauthorizedAccessException"> /// The caller do not have sufficient permissions to make changes in the CA configuration. /// </exception> /// <exception cref="ServerUnavailableException"> /// The target CA server could not be contacted via remote registry and RPC protocol. /// </exception> /// <returns> /// <strong>True</strong> if configuration was changed. If an object was not modified since it was instantiated, configuration is not updated /// and the method returns <strong>False</strong>. /// </returns> /// <remarks>The caller must have <strong>Administrator</strong> permissions on the target CA server.</remarks> public Boolean SetInfo(Boolean restart) { if (!IsModified) { return(false); } if (CryptoRegistry.Ping(ComputerName)) { // Base CRL CryptoRegistry.SetRReg(BaseUnits, "CRLPeriodUnits", RegistryValueKind.DWord, Name, ComputerName); CryptoRegistry.SetRReg(BasePeriod, "CRLPeriod", RegistryValueKind.String, Name, ComputerName); // Base CRL overlap CryptoRegistry.SetRReg(BaseOverlapUnits, "CRLOverlapUnits", RegistryValueKind.DWord, Name, ComputerName); CryptoRegistry.SetRReg(BaseOverlap, "CRLOverlapPeriod", RegistryValueKind.String, Name, ComputerName); // Delta CRL CryptoRegistry.SetRReg(DeltaUnits, "CRLDeltaPeriodUnits", RegistryValueKind.DWord, Name, ComputerName); CryptoRegistry.SetRReg(DeltaPeriod, "CRLDeltaPeriod", RegistryValueKind.String, Name, ComputerName); // Delta CRL overlap CryptoRegistry.SetRReg(DeltaOverlapUnits, "CRLDeltaOverlapUnits", RegistryValueKind.DWord, Name, ComputerName); CryptoRegistry.SetRReg(DeltaOverlap, "CRLDeltaOverlapPeriod", RegistryValueKind.String, Name, ComputerName); IsModified = false; if (restart) { CertificateAuthority.Restart(ComputerName); } return(true); } if (CertificateAuthority.Ping(ComputerName)) { // Base CRL CryptoRegistry.SetRegFallback(ConfigString, String.Empty, "CRLPeriodUnits", BaseUnits); CryptoRegistry.SetRegFallback(ConfigString, String.Empty, "CRLPeriod", BasePeriod); // Base CRL overlap CryptoRegistry.SetRegFallback(ConfigString, String.Empty, "CRLOverlapUnits", BaseOverlapUnits); CryptoRegistry.SetRegFallback(ConfigString, String.Empty, "CRLOverlapPeriod", BaseOverlap); // Delta CRL CryptoRegistry.SetRegFallback(ConfigString, String.Empty, "CRLDeltaPeriodUnits", DeltaUnits); CryptoRegistry.SetRegFallback(ConfigString, String.Empty, "CRLDeltaPeriod", DeltaPeriod); // Delta CRL overlap CryptoRegistry.SetRegFallback(ConfigString, String.Empty, "CRLDeltaOverlapUnits", DeltaOverlapUnits); CryptoRegistry.SetRegFallback(ConfigString, String.Empty, "CRLDeltaOverlapPeriod", DeltaOverlap); IsModified = false; if (restart) { CertificateAuthority.Restart(ComputerName); } return(true); } ServerUnavailableException e = new ServerUnavailableException(DisplayName); e.Data.Add("Source", (OfflineSource)3); throw e; }
void m_initialize(CertificateAuthority certificateAuthority) { Name = certificateAuthority.Name; DisplayName = certificateAuthority.DisplayName; ComputerName = certificateAuthority.ComputerName; ConfigString = certificateAuthority.ConfigString; if (CryptoRegistry.Ping(ComputerName)) { // Base CRL BaseUnits = (Int32)CryptoRegistry.GetRReg("CRLPeriodUnits", Name, ComputerName); BasePeriod = (String)CryptoRegistry.GetRReg("CRLPeriod", Name, ComputerName); // Base CRL overlap BaseOverlapUnits = (Int32)CryptoRegistry.GetRReg("CRLOverlapUnits", Name, ComputerName); BaseOverlap = (String)CryptoRegistry.GetRReg("CRLOverlapPeriod", Name, ComputerName); // Delta CRL DeltaUnits = (Int32)CryptoRegistry.GetRReg("CRLDeltaPeriodUnits", Name, ComputerName); DeltaPeriod = (String)CryptoRegistry.GetRReg("CRLDeltaPeriod", Name, ComputerName); // Delta CRL overlap DeltaOverlapUnits = (Int32)CryptoRegistry.GetRReg("CRLDeltaOverlapUnits", Name, ComputerName); DeltaOverlap = (String)CryptoRegistry.GetRReg("CRLDeltaOverlapPeriod", Name, ComputerName); } else { if (certificateAuthority.Ping()) { // Base CRL BaseUnits = (Int32)CryptoRegistry.GetRegFallback(ConfigString, String.Empty, "CRLPeriodUnits"); BasePeriod = (String)CryptoRegistry.GetRegFallback(ConfigString, String.Empty, "CRLPeriod"); // Base CRL overlap BaseOverlapUnits = (Int32)CryptoRegistry.GetRegFallback(ConfigString, String.Empty, "CRLOverlapUnits"); BaseOverlap = (String)CryptoRegistry.GetRegFallback(ConfigString, String.Empty, "CRLOverlapPeriod"); // Delta CRL DeltaUnits = (Int32)CryptoRegistry.GetRegFallback(ConfigString, String.Empty, "CRLDeltaPeriodUnits"); DeltaPeriod = (String)CryptoRegistry.GetRegFallback(ConfigString, String.Empty, "CRLDeltaPeriod"); // Delta CRL overlap DeltaOverlapUnits = (Int32)CryptoRegistry.GetRegFallback(ConfigString, String.Empty, "CRLDeltaOverlapUnits"); DeltaOverlap = (String)CryptoRegistry.GetRegFallback(ConfigString, String.Empty, "CRLDeltaOverlapPeriod"); } else { ServerUnavailableException e = new ServerUnavailableException(DisplayName); e.Data.Add("Source", (OfflineSource)3); throw e; } } }
/// <summary> /// Updates KRA configuration by writing KRA certificates to Certification Authority. The method writes all certificates contained in /// <see cref="Certificate"/> property. /// </summary> /// <param name="restart"> /// Indiciates whether to restart certificate services to immediately apply changes. Updated settings has no effect until /// CA service is restarted. /// </param> /// <exception cref="UnauthorizedAccessException"> /// The caller do not have sufficient permissions to make changes in the CA configuration. /// </exception> /// <exception cref="ServerUnavailableException"> /// The target CA server could not be contacted via RPC/DCOM transport. /// </exception> /// <remarks> /// <para>This method do not check whether the certificates in <see cref="Certificate"/> property are valid. /// The caller is responsible to check if the certificates are time-valid, trusted and not revoked.</para> /// </remarks> /// <returns> /// <strong>True</strong> if configuration was changed. If an object was not modified since it was instantiated, configuration is not updated /// and the method returns <strong>False</strong>. /// </returns> /// <remarks>The caller must have <strong>Administrator</strong> permissions on the target CA server.</remarks> public Boolean SetInfo(Boolean restart) { if (IsModified) { if (!CertificateAuthority.Ping(ComputerName)) { ServerUnavailableException e = new ServerUnavailableException(DisplayName); e.Data.Add(nameof(e.Source), OfflineSource.DCOM); throw e; } CCertAdmin CertAdmin = new CCertAdmin(); try { if (_certs.Count > 0) { Int32 kracount = (Int32)CertAdmin.GetCAProperty(ConfigString, CertAdmConst.CrPropKracertcount, 0, CertAdmConst.ProptypeLong, 0); if (kracount > 0) { CertAdmin.SetCAProperty(ConfigString, CertAdmConst.CrPropKracertcount, 0, CertAdmConst.ProptypeLong, 0); } for (Int32 index = 0; index < _certs.Count; index++) { String der = CryptographyUtils.EncodeDerString(_certs[index].RawData); CertAdmin.SetCAProperty(ConfigString, CertAdmConst.CrPropKracert, index, CertAdmConst.ProptypeBinary, der); } CertAdmin.SetCAProperty(ConfigString, CertAdmConst.CrPropKracertusedcount, 0, CertAdmConst.ProptypeLong, _certs.Count); } else { CertAdmin.SetCAProperty(ConfigString, CertAdmConst.CrPropKracertcount, 0, CertAdmConst.ProptypeLong, 0); CertAdmin.SetCAProperty(ConfigString, CertAdmConst.CrPropKracertusedcount, 0, CertAdmConst.ProptypeLong, 0); } } catch (Exception e) { throw Error.ComExceptionHandler(e); } finally { CryptographyUtils.ReleaseCom(CertAdmin); } IsModified = false; if (restart) { CertificateAuthority.Restart(ComputerName); } return(true); } return(false); }
/// <summary> /// Updates certificate template list issued by a Certification Authority. The method writes all certificates templates contained in /// <see cref="Templates"/> property. /// </summary> /// <exception cref="UnauthorizedAccessException"> /// The caller do not have sufficient permissions to make changes in the CA configuration. /// </exception> /// <exception cref="ServerUnavailableException"> /// The target CA server could not be contacted via RPC/DCOM transport. /// </exception> /// <exception cref="NotSupportedException">One or more certificate templates are not supported by this CA version.</exception> /// <remarks> /// For this method to succeed, the caller must be granted CA <strong>Administrator</strong> permissions. /// </remarks> /// <returns> /// <strong>True</strong> if configuration was changed. If an object was not modified since it was instantiated, configuration is not updated /// and the method returns <strong>False</strong>. /// </returns> /// <remarks>The caller must have <strong>Administrator</strong> permissions on the target CA server.</remarks> public Boolean SetInfo() { if (!IsModified) { return(false); } if (!CertificateAuthority.Ping(ComputerName)) { var e = new ServerUnavailableException(DisplayName); e.Data.Add(nameof(e.Source), OfflineSource.DCOM); throw e; } var writer = new CertPropWriterD(configString); writer.SetTemplates(_templates.ToArray()); IsModified = false; return(true); }
void m_initialize(CertificateAuthority certificateAuthority) { if (!certificateAuthority.IsEnterprise) { throw new PlatformNotSupportedException(); } if (!certificateAuthority.Ping()) { ServerUnavailableException e = new ServerUnavailableException(certificateAuthority.DisplayName); e.Data.Add(nameof(e.Source), OfflineSource.DCOM); throw e; } Name = certificateAuthority.Name; DisplayName = certificateAuthority.DisplayName; ComputerName = certificateAuthority.ComputerName; version = certificateAuthority.Version; sku = certificateAuthority.Sku; configString = certificateAuthority.ConfigString; CCertAdmin CertAdmin = new CCertAdmin(); String templates = (String)CertAdmin.GetCAProperty(certificateAuthority.ConfigString, CertAdmConstants.CrPropTemplates, 0, CertAdmConstants.ProptypeString, 0); List <CertificateTemplate> tobeadded = new List <CertificateTemplate>(); if (templates != String.Empty) { String[] SplitString = { "\n" }; String[] TempArray = templates.Split(SplitString, StringSplitOptions.RemoveEmptyEntries); for (Int32 index = 0; index < TempArray.Length; index += 2) { tobeadded.Add(new CertificateTemplate("Name", TempArray[index])); } Templates = tobeadded.ToArray(); } else { Templates = null; } }
void m_initialize(CertificateAuthority certificateAuthority) { if (!certificateAuthority.IsEnterprise) { throw new PlatformNotSupportedException(); } version = certificateAuthority.Version; sku = certificateAuthority.Sku; configString = certificateAuthority.ConfigString; ICertPropReaderD propReader; if (certificateAuthority.PingRequest()) { propReader = new CertPropReaderD(configString, false); } else if (certificateAuthority.PingAdmin()) { propReader = new CertPropReaderD(configString, true); } else { var e = new ServerUnavailableException(certificateAuthority.DisplayName); e.Data.Add(nameof(e.Source), OfflineSource.DCOM); throw e; } Name = certificateAuthority.Name; DisplayName = certificateAuthority.DisplayName; ComputerName = certificateAuthority.ComputerName; String[,] templates = propReader.GetCaTemplates(); for (Int32 i = 0; i <= templates.GetUpperBound(0); i++) { _templates.Add(CertificateTemplate.FromCommonName(templates[i, 0])); } }