Exemplo n.º 1
0
 /// <param name="certificateAuthority">Specifies an existing <see cref="CertificateServices"/> object.</param>
 /// <exception cref="UninitializedObjectException">An object in the <strong>certificateAuthority</strong> parameter is not initialized.</exception>
 /// <exception cref="ServerUnavailableException">The CA server specified in the <strong>certificateAuthority</strong> parameter could not be contacted via RPC/DCOM protocol.</exception>
 public KRA(CertificateAuthority certificateAuthority)
 {
     if (String.IsNullOrEmpty(certificateAuthority.Name))
     {
         throw new UninitializedObjectException();
     }
     m_initialize(certificateAuthority);
 }
Exemplo n.º 2
0
 /// <summary>
 /// Updates CA server cryptography settings by writing them to Certification Authority.
 /// </summary>
 /// <param name="restart">
 ///		Indiciates whether to restart certificate services to immediately apply changes. Updated settings has no effect
 ///		until CA service is restarted.
 /// </param>
 /// <exception cref="ServerUnavailableException">
 ///		The target CA server could not be contacted via remote registry and RPC protocol.
 /// </exception>
 /// <returns>
 ///		<strong>True</strong> if configuration was changed. If an object was not modified since it was instantiated, configuration is not updated
 ///		and the method returns <strong>False</strong>.
 /// </returns>
 /// <remarks>
 ///		The caller must have <strong>Administrator</strong> permissions on the target CA server.
 /// </remarks>
 public Boolean SetInfo(Boolean restart)
 {
     if (!IsModified)
     {
         return(false);
     }
     if (CryptoRegistry.Ping(ComputerName))
     {
         if (ProviderIsCNG)
         {
             CryptoRegistry.SetRReg(publicKeyAlgorithm.FriendlyName, "CNGPublicKeyAlgorithm", RegistryValueKind.String, Name + "\\CSP", ComputerName);
             CryptoRegistry.SetRReg(hashingAlgorithm.FriendlyName, "CNGHashAlgorithm", RegistryValueKind.String, Name + "\\CSP", ComputerName);
             if (alternateSignatureAlgorithm)
             {
                 CryptoRegistry.SetRReg(1, "AlternateSignatureAlgorithm", RegistryValueKind.String, $@"{Name}\CSP", ComputerName);
             }
             else
             {
                 CryptoRegistry.SetRReg(0, "AlternateSignatureAlgorithm", RegistryValueKind.DWord, $@"{Name}\CSP", ComputerName);
             }
         }
         else
         {
             CryptoRegistry.SetRReg(getValueFromOid(hashingAlgorithm), "HashAlgorithm", RegistryValueKind.DWord, $@"{Name}\CSP", ComputerName);
         }
     }
     else
     {
         if (CertificateAuthority.Ping(ComputerName))
         {
             if (ProviderIsCNG)
             {
                 CryptoRegistry.SetRegFallback(ConfigString, "CSP", "CNGPublicKeyAlgorithm", publicKeyAlgorithm.FriendlyName);
                 CryptoRegistry.SetRegFallback(ConfigString, "CSP", "CNGHashAlgorithm", hashingAlgorithm.FriendlyName);
                 CryptoRegistry.SetRegFallback(ConfigString, "CSP", "CNGHashAlgorithm", alternateSignatureAlgorithm ? 1 : 0);
             }
             else
             {
                 CryptoRegistry.SetRegFallback(ConfigString, "CSP", "HashAlgorithm", getValueFromOid(hashingAlgorithm));
             }
         }
         else
         {
             ServerUnavailableException e = new ServerUnavailableException(DisplayName);
             e.Data.Add(nameof(e.Source), (OfflineSource)3);
             throw e;
         }
     }
     if (restart)
     {
         CertificateAuthority.Restart(ComputerName);
     }
     IsModified = false;
     return(true);
 }
Exemplo n.º 3
0
 void m_initialize(CertificateAuthority certificateAuthority)
 {
     Name         = certificateAuthority.Name;
     DisplayName  = certificateAuthority.DisplayName;
     ComputerName = certificateAuthority.ComputerName;
     ConfigString = certificateAuthority.ConfigString;
     if (CryptoRegistry.Ping(ComputerName))
     {
         ProviderIsCNG      = (Int32)CryptoRegistry.GetRReg("ProviderType", $@"{Name}\CSP", ComputerName) == 0;
         ProviderName       = (String)CryptoRegistry.GetRReg("Provider", $@"{Name}\CSP", ComputerName);
         publicKeyAlgorithm = ProviderIsCNG
                                 ? new Oid((String)CryptoRegistry.GetRReg("CNGPublicKeyAlgorithm", $@"{Name}\CSP", ComputerName))
                                 : new Oid("1.2.840.113549.1.1.1"); // rsa
         if (ProviderIsCNG)
         {
             // CNG
             hashingAlgorithm = new Oid((String)CryptoRegistry.GetRReg("CNGHashAlgorithm", $@"{Name}\CSP", ComputerName));
             try {
                 Int32 altName = (Int32)CryptoRegistry.GetRReg("AlternateSignatureAlgorithm", $@"{Name}\CSP", ComputerName);
                 alternateSignatureAlgorithm = altName != 0;
             } catch {
                 alternateSignatureAlgorithm = false;
             }
         }
         else
         {
             // legacy
             Int32 algId = (Int32)CryptoRegistry.GetRReg("HashAlgorithm", $@"{Name}\CSP", ComputerName);
             hashingAlgorithm = getOidFromValue(algId);
         }
         return;
     }
     ProviderIsCNG      = (Int32)CryptoRegistry.GetRegFallback(ConfigString, "CSP", "ProviderType") == 0;
     ProviderName       = (String)CryptoRegistry.GetRegFallback(ConfigString, "CSP", "Provider");
     publicKeyAlgorithm = ProviderIsCNG
                         ? new Oid((String)CryptoRegistry.GetRegFallback(ConfigString, "CSP", "CNGPublicKeyAlgorithm"))
                         : new Oid("1.2.840.113549.1.1.1"); // rsa
     if (ProviderIsCNG)
     {
         hashingAlgorithm = new Oid((String)CryptoRegistry.GetRegFallback(ConfigString, "CSP", "CNGHashAlgorithm"));
     }
     else
     {
         Int32 algId = (Int32)CryptoRegistry.GetRegFallback(ConfigString, "CSP", "HashAlgorithm");
         hashingAlgorithm = getOidFromValue(algId);
     }
     if (ProviderIsCNG)
     {
         try {
             alternateSignatureAlgorithm = (Int32)CryptoRegistry.GetRegFallback(ConfigString, "CSP", "AlternateSignatureAlgorithm") != 0;
         } catch {
             alternateSignatureAlgorithm = false;
         }
     }
 }
Exemplo n.º 4
0
 /// <param name="certificateAuthority">Specifies an existing <see cref="CertificateAuthority"/> object.</param>
 /// <exception cref="UninitializedObjectException">An object in the <strong>certificateAuthority</strong> parameter is not initialized.</exception>
 public AuthorityInformationAccess(CertificateAuthority certificateAuthority)
 {
     if (!String.IsNullOrEmpty(certificateAuthority.Name))
     {
         m_initialize(certificateAuthority);
     }
     else
     {
         throw new UninitializedObjectException();
     }
 }
Exemplo n.º 5
0
 void buildVarValueMapping(CertificateAuthority ca)
 {
     _variableValueMapping.Add("<ServerDNSName>", ca.GetConfigEntry("ServerDNSName"));
     _variableValueMapping.Add("<ServerShortName>", ca.GetConfigEntry("ServerShortName"));
     _variableValueMapping.Add("<CaName>", ca.GetConfigEntry("CommonName"));
     _variableValueMapping.Add("<ConfigurationContainer>", ca.GetConfigEntry("ConfigurationContainer"));
     _variableValueMapping.Add("<CATruncatedName>", ca.GetConfigEntry("CATruncatedName"));
     _variableValueMapping.Add("<CRLNameSuffix>", ca.GetConfigEntry("ServerDNSName"));
     _variableValueMapping.Add("<DeltaCRLAllowed>", ca.GetConfigEntry("+"));
     _variableValueMapping.Add("<CDPObjectClass>", "?certificateRevocationList?base?objectClass=cRLDistributionPoint");
     _variableValueMapping.Add("<CAObjectClass>", "?cACertificate?base?objectClass=certificationAuthority");
 }
Exemplo n.º 6
0
 /// <param name="certificateAuthority">Specifies an existing <see cref="CertificateAuthority"/> object.</param>
 /// <exception cref="UninitializedObjectException">An object in the <strong>certificateAuthority</strong> parameter is not initialized.</exception>
 public CACryptography(CertificateAuthority certificateAuthority)
 {
     if (certificateAuthority == null)
     {
         throw new ArgumentNullException(nameof(certificateAuthority));
     }
     if (String.IsNullOrEmpty(certificateAuthority.Name))
     {
         throw new UninitializedObjectException();
     }
     m_initialize(certificateAuthority);
 }
Exemplo n.º 7
0
        /// <summary>
        /// Updates CRL (Base and Delta CRL) setting.
        /// </summary>
        /// <param name="restart">
        /// Indiciates whether to restart certificate services to immediately apply changes. Updated settings has no effect until
        /// CA service is restarted.
        /// </param>
        /// <exception cref="UnauthorizedAccessException">
        /// The caller do not have sufficient permissions to make changes in the CA configuration.
        /// </exception>
        /// <exception cref="ServerUnavailableException">
        /// The target CA server could not be contacted via remote registry and RPC protocol.
        /// </exception>
        /// <returns>
        /// <strong>True</strong> if configuration was changed. If an object was not modified since it was instantiated, configuration is not updated
        /// and the method returns <strong>False</strong>.
        /// </returns>
        /// <remarks>The caller must have <strong>Administrator</strong> permissions on the target CA server.</remarks>
        public Boolean SetInfo(Boolean restart)
        {
            if (!IsModified)
            {
                return(false);
            }
            if (CryptoRegistry.Ping(ComputerName))
            {
                // Base CRL
                CryptoRegistry.SetRReg(BaseUnits, "CRLPeriodUnits", RegistryValueKind.DWord, Name, ComputerName);
                CryptoRegistry.SetRReg(BasePeriod, "CRLPeriod", RegistryValueKind.String, Name, ComputerName);
                // Base CRL overlap
                CryptoRegistry.SetRReg(BaseOverlapUnits, "CRLOverlapUnits", RegistryValueKind.DWord, Name, ComputerName);
                CryptoRegistry.SetRReg(BaseOverlap, "CRLOverlapPeriod", RegistryValueKind.String, Name, ComputerName);
                // Delta CRL
                CryptoRegistry.SetRReg(DeltaUnits, "CRLDeltaPeriodUnits", RegistryValueKind.DWord, Name, ComputerName);
                CryptoRegistry.SetRReg(DeltaPeriod, "CRLDeltaPeriod", RegistryValueKind.String, Name, ComputerName);
                // Delta CRL overlap
                CryptoRegistry.SetRReg(DeltaOverlapUnits, "CRLDeltaOverlapUnits", RegistryValueKind.DWord, Name, ComputerName);
                CryptoRegistry.SetRReg(DeltaOverlap, "CRLDeltaOverlapPeriod", RegistryValueKind.String, Name, ComputerName);
                IsModified = false;
                if (restart)
                {
                    CertificateAuthority.Restart(ComputerName);
                }
                return(true);
            }
            if (CertificateAuthority.Ping(ComputerName))
            {
                // Base CRL
                CryptoRegistry.SetRegFallback(ConfigString, String.Empty, "CRLPeriodUnits", BaseUnits);
                CryptoRegistry.SetRegFallback(ConfigString, String.Empty, "CRLPeriod", BasePeriod);
                // Base CRL overlap
                CryptoRegistry.SetRegFallback(ConfigString, String.Empty, "CRLOverlapUnits", BaseOverlapUnits);
                CryptoRegistry.SetRegFallback(ConfigString, String.Empty, "CRLOverlapPeriod", BaseOverlap);
                // Delta CRL
                CryptoRegistry.SetRegFallback(ConfigString, String.Empty, "CRLDeltaPeriodUnits", DeltaUnits);
                CryptoRegistry.SetRegFallback(ConfigString, String.Empty, "CRLDeltaPeriod", DeltaPeriod);
                // Delta CRL overlap
                CryptoRegistry.SetRegFallback(ConfigString, String.Empty, "CRLDeltaOverlapUnits", DeltaOverlapUnits);
                CryptoRegistry.SetRegFallback(ConfigString, String.Empty, "CRLDeltaOverlapPeriod", DeltaOverlap);
                IsModified = false;
                if (restart)
                {
                    CertificateAuthority.Restart(ComputerName);
                }
                return(true);
            }
            ServerUnavailableException e = new ServerUnavailableException(DisplayName);

            e.Data.Add("Source", (OfflineSource)3);
            throw e;
        }
Exemplo n.º 8
0
 void m_initialize(CertificateAuthority certificateAuthority)
 {
     Name         = certificateAuthority.Name;
     DisplayName  = certificateAuthority.DisplayName;
     ComputerName = certificateAuthority.ComputerName;
     ConfigString = certificateAuthority.ConfigString;
     if (CryptoRegistry.Ping(ComputerName))
     {
         // Base CRL
         BaseUnits  = (Int32)CryptoRegistry.GetRReg("CRLPeriodUnits", Name, ComputerName);
         BasePeriod = (String)CryptoRegistry.GetRReg("CRLPeriod", Name, ComputerName);
         // Base CRL overlap
         BaseOverlapUnits = (Int32)CryptoRegistry.GetRReg("CRLOverlapUnits", Name, ComputerName);
         BaseOverlap      = (String)CryptoRegistry.GetRReg("CRLOverlapPeriod", Name, ComputerName);
         // Delta CRL
         DeltaUnits  = (Int32)CryptoRegistry.GetRReg("CRLDeltaPeriodUnits", Name, ComputerName);
         DeltaPeriod = (String)CryptoRegistry.GetRReg("CRLDeltaPeriod", Name, ComputerName);
         // Delta CRL overlap
         DeltaOverlapUnits = (Int32)CryptoRegistry.GetRReg("CRLDeltaOverlapUnits", Name, ComputerName);
         DeltaOverlap      = (String)CryptoRegistry.GetRReg("CRLDeltaOverlapPeriod", Name, ComputerName);
     }
     else
     {
         if (certificateAuthority.Ping())
         {
             // Base CRL
             BaseUnits  = (Int32)CryptoRegistry.GetRegFallback(ConfigString, String.Empty, "CRLPeriodUnits");
             BasePeriod = (String)CryptoRegistry.GetRegFallback(ConfigString, String.Empty, "CRLPeriod");
             // Base CRL overlap
             BaseOverlapUnits = (Int32)CryptoRegistry.GetRegFallback(ConfigString, String.Empty, "CRLOverlapUnits");
             BaseOverlap      = (String)CryptoRegistry.GetRegFallback(ConfigString, String.Empty, "CRLOverlapPeriod");
             // Delta CRL
             DeltaUnits  = (Int32)CryptoRegistry.GetRegFallback(ConfigString, String.Empty, "CRLDeltaPeriodUnits");
             DeltaPeriod = (String)CryptoRegistry.GetRegFallback(ConfigString, String.Empty, "CRLDeltaPeriod");
             // Delta CRL overlap
             DeltaOverlapUnits = (Int32)CryptoRegistry.GetRegFallback(ConfigString, String.Empty, "CRLDeltaOverlapUnits");
             DeltaOverlap      = (String)CryptoRegistry.GetRegFallback(ConfigString, String.Empty, "CRLDeltaOverlapPeriod");
         }
         else
         {
             ServerUnavailableException e = new ServerUnavailableException(DisplayName);
             e.Data.Add("Source", (OfflineSource)3);
             throw e;
         }
     }
 }
Exemplo n.º 9
0
 /// <summary>
 /// Updates KRA configuration by writing KRA certificates to Certification Authority. The method writes all certificates contained in
 /// <see cref="Certificate"/> property.
 /// </summary>
 /// <param name="restart">
 /// Indiciates whether to restart certificate services to immediately apply changes. Updated settings has no effect until
 /// CA service is restarted.
 /// </param>
 ///  <exception cref="UnauthorizedAccessException">
 /// The caller do not have sufficient permissions to make changes in the CA configuration.
 /// </exception>
 /// <exception cref="ServerUnavailableException">
 /// The target CA server could not be contacted via RPC/DCOM transport.
 /// </exception>
 /// <remarks>
 /// <para>This method do not check whether the certificates in <see cref="Certificate"/> property are valid.
 /// The caller is responsible to check if the certificates are time-valid, trusted and not revoked.</para>
 /// </remarks>
 /// <returns>
 /// <strong>True</strong> if configuration was changed. If an object was not modified since it was instantiated, configuration is not updated
 /// and the method returns <strong>False</strong>.
 /// </returns>
 /// <remarks>The caller must have <strong>Administrator</strong> permissions on the target CA server.</remarks>
 public Boolean SetInfo(Boolean restart)
 {
     if (IsModified)
     {
         if (!CertificateAuthority.Ping(ComputerName))
         {
             ServerUnavailableException e = new ServerUnavailableException(DisplayName);
             e.Data.Add(nameof(e.Source), OfflineSource.DCOM);
             throw e;
         }
         CCertAdmin CertAdmin = new CCertAdmin();
         try {
             if (_certs.Count > 0)
             {
                 Int32 kracount = (Int32)CertAdmin.GetCAProperty(ConfigString, CertAdmConst.CrPropKracertcount, 0, CertAdmConst.ProptypeLong, 0);
                 if (kracount > 0)
                 {
                     CertAdmin.SetCAProperty(ConfigString, CertAdmConst.CrPropKracertcount, 0, CertAdmConst.ProptypeLong, 0);
                 }
                 for (Int32 index = 0; index < _certs.Count; index++)
                 {
                     String der = CryptographyUtils.EncodeDerString(_certs[index].RawData);
                     CertAdmin.SetCAProperty(ConfigString, CertAdmConst.CrPropKracert, index, CertAdmConst.ProptypeBinary, der);
                 }
                 CertAdmin.SetCAProperty(ConfigString, CertAdmConst.CrPropKracertusedcount, 0, CertAdmConst.ProptypeLong, _certs.Count);
             }
             else
             {
                 CertAdmin.SetCAProperty(ConfigString, CertAdmConst.CrPropKracertcount, 0, CertAdmConst.ProptypeLong, 0);
                 CertAdmin.SetCAProperty(ConfigString, CertAdmConst.CrPropKracertusedcount, 0, CertAdmConst.ProptypeLong, 0);
             }
         } catch (Exception e) {
             throw Error.ComExceptionHandler(e);
         } finally {
             CryptographyUtils.ReleaseCom(CertAdmin);
         }
         IsModified = false;
         if (restart)
         {
             CertificateAuthority.Restart(ComputerName);
         }
         return(true);
     }
     return(false);
 }
Exemplo n.º 10
0
        /// <summary>
        /// Updates certificate template list issued by a Certification Authority. The method writes all certificates templates contained in
        /// <see cref="Templates"/> property.
        /// </summary>
        /// <exception cref="UnauthorizedAccessException">
        /// The caller do not have sufficient permissions to make changes in the CA configuration.
        /// </exception>
        /// <exception cref="ServerUnavailableException">
        /// The target CA server could not be contacted via RPC/DCOM transport.
        /// </exception>
        /// <exception cref="NotSupportedException">One or more certificate templates are not supported by this CA version.</exception>
        /// <remarks>
        /// For this method to succeed, the caller must be granted CA <strong>Administrator</strong> permissions.
        /// </remarks>
        /// <returns>
        /// <strong>True</strong> if configuration was changed. If an object was not modified since it was instantiated, configuration is not updated
        /// and the method returns <strong>False</strong>.
        /// </returns>
        /// <remarks>The caller must have <strong>Administrator</strong> permissions on the target CA server.</remarks>
        public Boolean SetInfo()
        {
            if (!IsModified)
            {
                return(false);
            }

            if (!CertificateAuthority.Ping(ComputerName))
            {
                var e = new ServerUnavailableException(DisplayName);
                e.Data.Add(nameof(e.Source), OfflineSource.DCOM);
                throw e;
            }

            var writer = new CertPropWriterD(configString);

            writer.SetTemplates(_templates.ToArray());
            IsModified = false;
            return(true);
        }
Exemplo n.º 11
0
        void m_initialize(CertificateAuthority certificateAuthority)
        {
            if (!certificateAuthority.IsEnterprise)
            {
                throw new PlatformNotSupportedException();
            }
            if (!certificateAuthority.Ping())
            {
                ServerUnavailableException e = new ServerUnavailableException(certificateAuthority.DisplayName);
                e.Data.Add(nameof(e.Source), OfflineSource.DCOM);
                throw e;
            }
            Name         = certificateAuthority.Name;
            DisplayName  = certificateAuthority.DisplayName;
            ComputerName = certificateAuthority.ComputerName;
            version      = certificateAuthority.Version;
            sku          = certificateAuthority.Sku;
            configString = certificateAuthority.ConfigString;

            CCertAdmin CertAdmin = new CCertAdmin();
            String     templates = (String)CertAdmin.GetCAProperty(certificateAuthority.ConfigString, CertAdmConstants.CrPropTemplates, 0, CertAdmConstants.ProptypeString, 0);
            List <CertificateTemplate> tobeadded = new List <CertificateTemplate>();

            if (templates != String.Empty)
            {
                String[] SplitString = { "\n" };
                String[] TempArray   = templates.Split(SplitString, StringSplitOptions.RemoveEmptyEntries);
                for (Int32 index = 0; index < TempArray.Length; index += 2)
                {
                    tobeadded.Add(new CertificateTemplate("Name", TempArray[index]));
                }
                Templates = tobeadded.ToArray();
            }
            else
            {
                Templates = null;
            }
        }
Exemplo n.º 12
0
        void m_initialize(CertificateAuthority certificateAuthority)
        {
            if (!certificateAuthority.IsEnterprise)
            {
                throw new PlatformNotSupportedException();
            }

            version      = certificateAuthority.Version;
            sku          = certificateAuthority.Sku;
            configString = certificateAuthority.ConfigString;

            ICertPropReaderD propReader;

            if (certificateAuthority.PingRequest())
            {
                propReader = new CertPropReaderD(configString, false);
            }
            else if (certificateAuthority.PingAdmin())
            {
                propReader = new CertPropReaderD(configString, true);
            }
            else
            {
                var e = new ServerUnavailableException(certificateAuthority.DisplayName);
                e.Data.Add(nameof(e.Source), OfflineSource.DCOM);
                throw e;
            }

            Name         = certificateAuthority.Name;
            DisplayName  = certificateAuthority.DisplayName;
            ComputerName = certificateAuthority.ComputerName;

            String[,] templates = propReader.GetCaTemplates();
            for (Int32 i = 0; i <= templates.GetUpperBound(0); i++)
            {
                _templates.Add(CertificateTemplate.FromCommonName(templates[i, 0]));
            }
        }