//submit the request that created in the createCertifcate to the CA public int submitRequest(string certrequest, string hostname) { CCertConfig objCertConfig = new CCertConfig(); CCertRequest objCertRequest = new CCertRequest(); CCertAdmin objCertAdmin = new CCertAdmin(); string strCAConfig; int iDisposition; int requestID; string errorStatus; try { strCAConfig = objCertConfig.GetConfig(CC_DEFAULTCONFIG); //connect to the ca iDisposition = objCertRequest.Submit(CR_IN_BASE64, certrequest, null, strCAConfig); //submit the certiface request to the ca requestID = objCertRequest.GetRequestId(); //get the requestid that was created -the certifacte is in pending status SqlLite sql = new SqlLite(); sql.insertTable(hostname, iDisposition, requestID); //insert first certificate information // objCertAdmin.ResubmitRequest(strCAConfig, requestID); return(requestID); //return the reqid that was created for the certificate request in the pending queue } catch (Exception ex) { errorStatus = ex.Message; return(0); } }
/// <summary> /// Retrieves the most recent 'CA Exchange' certificate. If the certificate does not exist, the method /// will instruct CA server to generate or enroll a new one. /// </summary> /// <exception cref="UninitializedObjectException">The object is not properly initialized.</exception> /// <exception cref="ServerUnavailableException">CA server is not accessible via RPC/DCOM.</exception> /// <exception cref="UnauthorizedAccessException">The caller do not have at least <strong>Read</strong> permissions.</exception> /// <exception cref="PlatformNotSupportedException">Current CA is not <strong>Enterprise CA</strong>. Only Enterprise CAs supports this feature.</exception> /// <returns>CA Exchange certificate.</returns> public X509Certificate2 GetCAExchangeCertificate() { if (String.IsNullOrEmpty(Name)) { throw new UninitializedObjectException(); } if (!IsEnterprise) { throw new PlatformNotSupportedException(Error.E_NONENTERPRISE); } if (!Ping()) { ServerUnavailableException e = new ServerUnavailableException(DisplayName); e.Data.Add(nameof(e.Source), OfflineSource.DCOM); throw e; } var CertAdmin = new CCertAdmin(); try { Int32 index = (Int32)CertAdmin.GetCAProperty(ConfigString, CertAdmConstants.CrPropCaxchgcertcount, 0, 1, 0) - 1; if (index >= 0) { String Base64 = (String)CertAdmin.GetCAProperty(ConfigString, CertAdmConstants.CrPropCaxchgcert, index, 3, 1); return(new X509Certificate2(Convert.FromBase64String(Base64))); } throw new Exception(String.Format(Error.E_XCHGUNAVAILABLE, DisplayName)); } catch (Exception e) { throw Error.ComExceptionHandler(e); } finally { CryptographyUtils.ReleaseCom(CertAdmin); } }
void m_initialize(CertificateAuthority certificateAuthority) { if (!certificateAuthority.IsEnterprise) { throw new PlatformNotSupportedException(); } if (!certificateAuthority.Ping()) { ServerUnavailableException e = new ServerUnavailableException(certificateAuthority.DisplayName); e.Data.Add(nameof(e.Source), OfflineSource.DCOM); throw e; } Name = certificateAuthority.Name; DisplayName = certificateAuthority.DisplayName; ComputerName = certificateAuthority.ComputerName; ConfigString = certificateAuthority.ConfigString; CCertAdmin CertAdmin = new CCertAdmin(); Int32 KRACount = (Int32)CertAdmin.GetCAProperty(certificateAuthority.ConfigString, CertAdmConst.CrPropKracertcount, 0, CertAdmConst.ProptypeLong, 0); if (KRACount > 0) { for (Int32 index = 0; index < KRACount; index++) { String Base64 = (String)CertAdmin.GetCAProperty(certificateAuthority.ConfigString, CertAdmConst.CrPropKracert, index, CertAdmConst.ProptypeBinary, 1); _certs.Add(new X509Certificate2(Convert.FromBase64String(Base64))); } } }
/// <summary> /// This method publishes certificate revocation lists (CRLs) for a certification authority (CA). /// <para> /// The PublishCRL method publishes a CRL based on the CA's current certificate, as well as CRLs /// based on any CA certificates that have been renewed and are not yet expired. /// </para> /// </summary> /// <param name="deltaOnly"> /// A delta CRL is published, or the most recent delta CRL is republished if <strong>updateFilesOnly</strong> /// parameter is set. Note that if the CA has not enabled delta CRL publishing, use of this flag will result /// in an error.</param> /// <param name="updateFilesOnly"> /// The most recent base or delta CRL, is republished. The CA will not republish a CRL to a CRL distribution point /// if the CRL at the distribution point is already the most recent CRL. /// </param> /// <exception cref="UninitializedObjectException">The object is not properly initialized.</exception> /// <exception cref="ServerUnavailableException">CA server is not accessible via RPC/DCOM.</exception> public void PublishCRL(Boolean deltaOnly = false, Boolean updateFilesOnly = false) { if (String.IsNullOrEmpty(Name)) { throw new UninitializedObjectException(); } if (!Ping()) { ServerUnavailableException e = new ServerUnavailableException(DisplayName); e.Data.Add(nameof(e.Source), OfflineSource.DCOM); throw e; } var CertAdmin = new CCertAdmin(); try { if (deltaOnly) { CertAdmin.PublishCRLs(ConfigString, new DateTime(0), 0x2); } else if (updateFilesOnly) { CertAdmin.PublishCRLs(ConfigString, new DateTime(0), 0x11); } else { CertAdmin.PublishCRLs(ConfigString, new DateTime(0), 0x1); } } catch (Exception e) { throw Error.ComExceptionHandler(e); } finally { CryptographyUtils.ReleaseCom(CertAdmin); } }
/// <summary> /// Updates certificate template list issud by a Certification Authority. The method writes all certificates templates contained in /// <see cref="Templates"/> property. /// </summary> /// <exception cref="UnauthorizedAccessException"> /// The caller do not have sufficient permissions to make changes in the CA configuration. /// </exception> /// <exception cref="ServerUnavailableException"> /// The target CA server could not be contacted via RPC/DCOM transport. /// </exception> /// <exception cref="NotSupportedException">One or more certificate templates are not supported by this CA version.</exception> /// <remarks> /// For this method to succeed, the caller must be granted CA <strong>Administrator</strong> permissions. /// </remarks> /// <returns> /// <strong>True</strong> if configuration was changed. If an object was not modified since it was instantiated, configuration is not updated /// and the method returns <strong>False</strong>. /// </returns> /// <remarks>The caller must have <strong>Administrator</strong> permissions on the target CA server.</remarks> public Boolean SetInfo() { if (!IsModified) { return(false); } if (!CertificateAuthority.Ping(ComputerName)) { ServerUnavailableException e = new ServerUnavailableException(DisplayName); e.Data.Add(nameof(e.Source), OfflineSource.DCOM); throw e; } CCertAdmin CertAdmin = new CCertAdmin(); StringBuilder SB = new StringBuilder(); if (Templates.Length > 0) { foreach (CertificateTemplate item in Templates) { SB.Append(item.Name + "\n"); SB.Append(item.OID.Value + "\n"); } } try { CertAdmin.SetCAProperty(ConfigString, CertAdmConst.CrPropTemplates, 0, CertAdmConst.ProptypeString, SB.ToString()); } catch (Exception e) { throw Error.ComExceptionHandler(e); } IsModified = false; return(true); }
static int Main(string[] args) { string caConfig; int reason; string serial; if (args.Length == 1) { CCertConfig objCertConfig = new CCertConfig(); caConfig = objCertConfig.GetConfig(CC_UIPICKCONFIG); reason = (int)RevokeReason.CRL_REASON_CESSATION_OF_OPERATION; serial = args[0]; } else if (args.Length == 3) { caConfig = args[0]; reason = int.Parse(args[1]); serial = args[2]; } else { Console.WriteLine("Usage: RevokeCert.exe [SerialNumber]"); Console.WriteLine("Usage: RevokeCert.exe [CAConfig] [Reason] [SerialNumber]"); return(2); } CCertAdmin admin = null; try { admin = new CCertAdmin(); admin.RevokeCertificate(caConfig, serial, reason, DateTime.Now); return(0); } catch (Exception ex) { Console.Error.WriteLine(ex.Message); return(1); } finally { if (admin != null) { Marshal.FinalReleaseComObject(admin); } } }
/// <summary> /// Returns all roles granted on the CA to the caller. /// </summary> /// <exception cref="UninitializedObjectException">The object is not properly initialized.</exception> /// <exception cref="ServerUnavailableException">CA server is not accessible via RPC/DCOM.</exception> /// <exception cref="UnauthorizedAccessException">The caller do not have at least <strong>Read</strong> permissions.</exception> /// <returns>Granted roles.</returns> public CARoleEnum GetMyRoles() { if (String.IsNullOrEmpty(ConfigString)) { throw new UninitializedObjectException(); } if (!IsAccessible) { ServerUnavailableException e = new ServerUnavailableException(DisplayName); e.Data.Add("Source", OfflineSource.DCOM); throw e; } CertAdmin = new CCertAdmin(); return((CARoleEnum)CertAdmin.GetMyRoles(ConfigString)); }
/// <summary> /// Returns all roles granted on the CA to the caller. /// </summary> /// <exception cref="UninitializedObjectException">The object is not properly initialized.</exception> /// <exception cref="ServerUnavailableException">CA server is not accessible via RPC/DCOM.</exception> /// <exception cref="UnauthorizedAccessException">The caller do not have at least <strong>Read</strong> permissions.</exception> /// <returns>Granted roles.</returns> public CertSrvClientRole GetMyRoles() { if (String.IsNullOrEmpty(ConfigString)) { throw new UninitializedObjectException(); } if (!IsAccessible) { ServerUnavailableException e = new ServerUnavailableException(DisplayName); e.Data.Add(nameof(e.Source), OfflineSource.DCOM); throw e; } var CertAdmin = new CCertAdmin(); return((CertSrvClientRole)CertAdmin.GetMyRoles(ConfigString)); }
public static void SetRegFallback( String configString, String node, String entry, List <String> value ) { CCertAdmin CertAdmin = new CCertAdmin(); try { CertAdmin.SetConfigEntry(configString, node, entry, value); } catch (Exception e) { throw Error.ComExceptionHandler(e); } finally { CryptographyUtils.ReleaseCom(CertAdmin); } }
/*Revock Certificate */ public int revokeCert(string serialNumber) { CCertConfig objCertConfig = new CCertConfig(); CCertAdmin objCertAdmin = new CCertAdmin(); try { string strCAConfig = objCertConfig.GetConfig(CC_DEFAULTCONFIG);//connect to the ca objCertAdmin.RevokeCertificate(strCAConfig, serialNumber, 0, DateTime.Now); return(0); } catch (Exception ex) { Console.Write(ex.Message); return(1); } }
//rennew certficiate that expired public int RenewCert(string Cert, int reqid) { int iDisposition; string CertifcateStr; string status; string HostName; CX509CertificateRequestPkcs10 objPkcs10 = new CX509CertificateRequestPkcs10(); CX509Enrollment objEnroll = new CX509Enrollment(); CCertConfig objCertConfig = new CCertConfig(); CX500DistinguishedName objDN = new CX500DistinguishedName(); CCertAdmin objCertAdmin = new CCertAdmin(); string strCAConfig; var inheritOptions = X509RequestInheritOptions.InheritPrivateKey | X509RequestInheritOptions.InheritSubjectFlag | X509RequestInheritOptions.InheritExtensionsFlag | X509RequestInheritOptions.InheritSubjectAltNameFlag; try { strCAConfig = objCertConfig.GetConfig(CC_DEFAULTCONFIG); //connect to the ca InstallCert(Cert); objPkcs10.InitializeFromCertificate(X509CertificateEnrollmentContext.ContextUser, Cert, EncodingType.XCN_CRYPT_STRING_BASE64HEADER, inheritOptions); //create new cert request from exists expired cert objDN = objPkcs10.Subject; //getting old cert subject (hostname) HostName = objDN.Name.ToString().Substring(3); objEnroll.InitializeFromRequest(objPkcs10); //create enroll rquest CertifcateStr = objEnroll.CreateRequest(EncodingType.XCN_CRYPT_STRING_BASE64); //crearte new cert request Database db = new Database(); var cert = db.ReturnCertificateInformation(HostName); db.DeleteCertificateRecordFromDb(reqid); // revokeCert(cert.serialnumber); iDisposition = SubmitRequest(CertifcateStr, HostName); //submit cert to the ca objCertAdmin.ResubmitRequest(strCAConfig, iDisposition); //issue the Certificate if (iDisposition > 0) //if cert was created delete the old cert from the table { DeleteCertificateFromStore(objDN.Name.ToString()); return(iDisposition); } return(0); } catch (Exception ex) { status = ex.Message; Database db = new Database(); db.InsertToErrorMessageTable("", reqid, ex.Message, "RenewCert");//insert Error Message into The Error Table Log In The DataBase return(1); } }
/// <summary> /// Updates KRA configuration by writing KRA certificates to Certification Authority. The method writes all certificates contained in /// <see cref="Certificate"/> property. /// </summary> /// <param name="restart"> /// Indiciates whether to restart certificate services to immediately apply changes. Updated settings has no effect until /// CA service is restarted. /// </param> /// <exception cref="UnauthorizedAccessException"> /// The caller do not have sufficient permissions to make changes in the CA configuration. /// </exception> /// <exception cref="ServerUnavailableException"> /// The target CA server could not be contacted via RPC/DCOM transport. /// </exception> /// <remarks> /// <para>This method do not check whether the certificates in <see cref="Certificate"/> property are valid. /// The caller is responsible to check if the certificates are time-valid, trusted and not revoked.</para> /// </remarks> /// <returns> /// <strong>True</strong> if configuration was changed. If an object was not modified since it was instantiated, configuration is not updated /// and the method returns <strong>False</strong>. /// </returns> /// <remarks>The caller must have <strong>Administrator</strong> permissions on the target CA server.</remarks> public Boolean SetInfo(Boolean restart) { if (IsModified) { if (!CertificateAuthority.Ping(ComputerName)) { ServerUnavailableException e = new ServerUnavailableException(DisplayName); e.Data.Add(nameof(e.Source), OfflineSource.DCOM); throw e; } CCertAdmin CertAdmin = new CCertAdmin(); try { if (_certs.Count > 0) { Int32 kracount = (Int32)CertAdmin.GetCAProperty(ConfigString, CertAdmConst.CrPropKracertcount, 0, CertAdmConst.ProptypeLong, 0); if (kracount > 0) { CertAdmin.SetCAProperty(ConfigString, CertAdmConst.CrPropKracertcount, 0, CertAdmConst.ProptypeLong, 0); } for (Int32 index = 0; index < _certs.Count; index++) { String der = CryptographyUtils.EncodeDerString(_certs[index].RawData); CertAdmin.SetCAProperty(ConfigString, CertAdmConst.CrPropKracert, index, CertAdmConst.ProptypeBinary, der); } CertAdmin.SetCAProperty(ConfigString, CertAdmConst.CrPropKracertusedcount, 0, CertAdmConst.ProptypeLong, _certs.Count); } else { CertAdmin.SetCAProperty(ConfigString, CertAdmConst.CrPropKracertcount, 0, CertAdmConst.ProptypeLong, 0); CertAdmin.SetCAProperty(ConfigString, CertAdmConst.CrPropKracertusedcount, 0, CertAdmConst.ProptypeLong, 0); } } catch (Exception e) { throw Error.ComExceptionHandler(e); } finally { CryptographyUtils.ReleaseCom(CertAdmin); } IsModified = false; if (restart) { CertificateAuthority.Restart(ComputerName); } return(true); } return(false); }
public static Object GetRegFallback( String configString, String node, String entry ) { CCertAdmin CertAdmin = new CCertAdmin(); try { Object retn = CertAdmin.GetConfigEntry(configString, node, entry); CryptographyUtils.ReleaseCom(CertAdmin); return(retn); } catch (Exception e) { throw Error.ComExceptionHandler(e); } finally { CryptographyUtils.ReleaseCom(CertAdmin); } }
/*Revock Certificate */ public int RevokeCertificate(string serialNumber) { CCertConfig objCertConfig = new CCertConfig(); CCertAdmin objCertAdmin = new CCertAdmin(); try { string strCAConfig = objCertConfig.GetConfig(CC_DEFAULTCONFIG);//connect to the ca objCertAdmin.RevokeCertificate(strCAConfig, serialNumber, 0, DateTime.Now); return(0); } catch (Exception ex) { Database db = new Database(); db.InsertToErrorMessageTable("", 0, ex.Message, "RevokeCertificate");//insert Error Message into The Error Table Log In The DataBase return(1); } }
void m_initialize(CertificateAuthority certificateAuthority) { if (!certificateAuthority.IsEnterprise) { throw new PlatformNotSupportedException(); } if (!certificateAuthority.Ping()) { ServerUnavailableException e = new ServerUnavailableException(certificateAuthority.DisplayName); e.Data.Add(nameof(e.Source), OfflineSource.DCOM); throw e; } Name = certificateAuthority.Name; DisplayName = certificateAuthority.DisplayName; ComputerName = certificateAuthority.ComputerName; version = certificateAuthority.Version; sku = certificateAuthority.Sku; configString = certificateAuthority.ConfigString; CCertAdmin CertAdmin = new CCertAdmin(); String templates = (String)CertAdmin.GetCAProperty(certificateAuthority.ConfigString, CertAdmConstants.CrPropTemplates, 0, CertAdmConstants.ProptypeString, 0); List <CertificateTemplate> tobeadded = new List <CertificateTemplate>(); if (templates != String.Empty) { String[] SplitString = { "\n" }; String[] TempArray = templates.Split(SplitString, StringSplitOptions.RemoveEmptyEntries); for (Int32 index = 0; index < TempArray.Length; index += 2) { tobeadded.Add(new CertificateTemplate("Name", TempArray[index])); } Templates = tobeadded.ToArray(); } else { Templates = null; } }
/// <inheritdoc /> public void SetTemplates(CertificateTemplate[] templates) { if (templates == null) { throw new ArgumentNullException(nameof(templates)); } var sb = new StringBuilder(); foreach (CertificateTemplate item in templates) { sb.Append(item.Name + "\n"); sb.Append(item.OID.Value + "\n"); } var certAdmin = new CCertAdmin(); try { certAdmin.SetCAProperty(_configString, CertAdmConstants.CrPropTemplates, 0, CertAdmConstants.ProptypeString, sb.ToString()); } catch (Exception e) { throw Error.ComExceptionHandler(e); } }
/// <summary> /// Returns all CA certificates. /// </summary> /// <exception cref="UninitializedObjectException"> /// Current object is not initialized. /// </exception> /// <exception cref="ServerUnavailableException"> /// Current CA server could not be contacted via remote registry and RPC protocol. /// </exception> /// <returns>A collection of CA certificates.</returns> public X509Certificate2Collection GetCACerts() { if (String.IsNullOrEmpty(Name)) { throw new UninitializedObjectException(); } if (!Ping()) { ServerUnavailableException e = new ServerUnavailableException(DisplayName); e.Data.Add(nameof(e.Source), OfflineSource.DCOM); throw e; } var CertAdmin = new CCertAdmin(); X509Certificate2Collection certs = new X509Certificate2Collection(); Int32 count = (Int32)CertAdmin.GetCAProperty(ConfigString, CertAdmConstants.CrPropCasigcertcount, 0, 1, 0); for (Int32 index = 0; index < count; index++) { certs.Add(new X509Certificate(Convert.FromBase64String((String)CertAdmin.GetCAProperty(ConfigString, CertAdmConstants.CrPropCasigcert, index, 3, 1)))); } CryptographyUtils.ReleaseCom(CertAdmin); return(certs); }