void FillNodes(CertificateState filter)
{
MMCActionHelper.CheckedExec(delegate()
{
this.ResultNodes.Clear();
var serverDTO = (ScopeNode.Parent as ChildScopeNode).ServerDTO;
if ((int)filter == -1)
{
if (serverDTO.PrivateCertificates != null)
{
foreach (var dto in serverDTO.PrivateCertificates)
{
AddCert(dto.Certificate.GetX509Certificate2FromString());
}
}
}
else
{
using (var context = new VMCAEnumContext(serverDTO.VMCAClient, filter))
{
foreach (var cert in context.GetCertificates())
{
AddCert(cert);
}
}
}
});
}
/// <summary>
/// Get the Certificate for the specified store.
/// </summary>
/// <param name="host">The host who owns the certificate.</param>
/// <returns>The certificate as a byte array.</returns>
public static CertificateState GetRACertificate(string recoveryAgnt)
{
CertificateState cs = CertRATable[recoveryAgnt] as CertificateState;
if (cs != null)
{
return(cs);
}
return(null);
}
/// <summary>
/// Store the certificate for the specified host.
/// </summary>
/// <param name="certificate">The certificate to store.</param>
/// <param name="host">The host the certificate belongs to.</param>
public static void StoreRACertificate(byte[] certificate, string recoveryAgent)
{
if (CertRAList.Contains(recoveryAgent) == false)
{
CertRAList.Add(recoveryAgent);
}
if (CertRATable.ContainsKey(recoveryAgent))
{
CertRATable.Remove(recoveryAgent);
}
CertRATable[recoveryAgent] = new CertificateState(new X509Certificate(certificate), true, CertificateProblem.CertOK);
}
/// <summary>
/// Store the certificate for the specified host.
/// </summary>
/// <param name="certificate">The certificate to store.</param>
/// <param name="host">The host the certificate belongs to.</param>
public static void StoreCertificate(byte[] certificate, string host)
{
#if MONO
// this code will parse just the host out which will allow the code to find the cert it's looking for.
host = GetHostFromUri(host);
#endif
if (CertTable.ContainsKey(host))
{
CertTable.Remove(host);
//CertTable[host] = null;
}
CertTable[host] = new CertificateState(new X509Certificate(certificate), true, CertificateProblem.CertOK);
}
/// <summary>
/// Get the Certificate for the specified store.
/// </summary>
/// <param name="host">The host who owns the certificate.</param>
/// <returns>The certificate as a byte array.</returns>
public static CertificateState GetCertificate(string host)
{
#if MONO
// Fix for Bug 156874 - Linux client doesn't support connecting to servers with non-default ports
// Russ and I saw cases where a full Uri was being passed in on a GetCertificate. If that happens,
// this code will parse just the host out which will allow the code to find the cert it's looking for.
host = GetHostFromUri(host);
#endif
CertificateState cs = CertTable[host] as CertificateState;
if (cs != null)
{
return(cs);
}
return(null);
}
internal static string ToSerializedValue(this CertificateState value)
{
switch (value)
{
case CertificateState.Active:
return("active");
case CertificateState.Deleting:
return("deleting");
case CertificateState.DeleteFailed:
return("deletefailed");
}
return(null);
}
private static async Task WaitForCertificateState(Certificate certificate, CertificateState targetState)
{
TimeSpan timeout = TimeSpan.FromMinutes(3);
DateTime startTime = DateTime.UtcNow;
DateTime timeoutTime = startTime + timeout;
while (certificate.State != targetState)
{
await Task.Delay(TimeSpan.FromSeconds(5)).ConfigureAwait(false);
await certificate.RefreshAsync().ConfigureAwait(false);
if (DateTime.UtcNow > timeoutTime)
{
throw new TimeoutException(string.Format("Timed out waiting for certificate {0} to reach state {1}",
certificate.Thumbprint,
targetState));
}
}
}
public ResponseParser(String html)
{
if (CreateCertificateFlag.IsMatch(html))
{
CertificateState = CertificateState.Missing;
return;
}
if (MainPageRegex.IsMatch(html))
{
CertificateState = CertificateState.Unknown;
return;
}
Match regexMatch = CertificateExistsRegex.Match(html);
if (!regexMatch.Success)
{
throw new Exception(String.Format("Unknown response from pkild server: {0}", html));
}
if (regexMatch.Groups.Count != 2)
{
throw new Exception(
String.Format("Incorrect number of matching groups in regex search: Expected 2, got {0}", regexMatch.Groups.Count)
);
}
String stateString = regexMatch.Groups[1].ToString();
switch (stateString)
{
case RemoveCertificateValue:
CertificateState = CertificateState.Revoked;
break;
case RevokeCertificateValue:
CertificateState = CertificateState.Present;
break;
default:
throw new Exception("Unknown certificate state value: " + stateString);
}
GetRevocationNode(html);
}
/// <summary>
/// Implements the application certificate validation policy.
/// </summary>
/// <param name="srvPoint">The ServicePoint that will use the certificate.</param>
/// <param name="certificate">The certificate to validate.</param>
/// <param name="request">The request that received the certificate.</param>
/// <param name="certificateProblem">The problem encountered when using the certificate.</param>
/// <returns>True if the certificate is to be honored. Otherwise, false is returned.</returns>
public bool CheckValidationResult(ServicePoint srvPoint, X509Certificate certificate, WebRequest request, int certificateProblem)
{
bool honorCert = false;
string localHost = request.RequestUri.Host.ToLower();
if ((certificateProblem == 0))
{
honorCert = true;
}
else if (CertificateProblem.CertEXPIRED.Equals(certificateProblem))
{
CertificateState cs = CertTable[localHost] as CertificateState;
if (cs != null)
{
//update with proper certificate problem - client has to check for expiry
CertTable[localHost] = new CertificateState(new X509Certificate(certificate), cs.Accepted, (CertificateProblem)certificateProblem);
}
else
{
// This is a new cert add the certificate.
CertTable[localHost] = new CertificateState(new X509Certificate(certificate), false, (CertificateProblem)certificateProblem);
}
}
else
{
CertificateState cs = CertTable[localHost] as CertificateState;
if (cs != null && cs.IsValid(certificate))
{
honorCert = true;
}
else
{
// This is a new cert or replace the certificate.
CertTable[localHost] = new CertificateState(new X509Certificate(certificate), false, (CertificateProblem)certificateProblem);
}
}
return(honorCert);
}
public VMCAEnumContext (VMCAClient client, CertificateState filter)
{
Client = client;
Filter = filter;
}
public VMCAEnumContext(VMCAClient client, CertificateState filter)
{
Client = client;
Filter = filter;
}
public static string ToSerialString(this CertificateState value) => value switch
{
