/// <summary>
/// Loads certificate templates available for enrollment. Certificate templates are populated in
/// <see cref="Templates"/> property if the method succeeds.
/// </summary>
/// <param name="userName">
/// Specifies the user name to authenticate in enrollment policy server.
/// <para>If the authentication type is set to <strong>ClientCertificate</strong>, this parameter must contains
/// authentication certificate's thumbprint.</para>
/// <para>This parameter must be omitted when <strong>Kerberos</strong> authentication is used.</para>
/// </param>
/// <param name="password">
/// Specifies the password to authenticate in enrollment policy server.
/// <para>This parameter must be used only when <strong>UserNameAndPassword</strong> authentication
/// method is used. This parameter must be omitted in all other authentication methods.</para>
/// </param>
public void LoadPolicy(String userName = null, SecureString password = null)
{
if (String.IsNullOrEmpty(URL.AbsoluteUri))
{
throw new UninitializedObjectException();
}
if (!String.IsNullOrEmpty(userName))
{
uName = userName;
}
if (password != null)
{
uPassword = password;
}
policy = new CX509EnrollmentPolicyWebService();
try {
if (!String.IsNullOrEmpty(uName))
{
switch (Authentication)
{
case PolicyAuthenticationEnum.UserNameAndPassword:
policy.SetCredential(0, (X509EnrollmentAuthFlags)Authentication, uName, Marshal.PtrToStringAuto(Marshal.SecureStringToBSTR(uPassword)));
break;
case PolicyAuthenticationEnum.ClientCertificate:
policy.SetCredential(0, (X509EnrollmentAuthFlags)Authentication, uName, null);
break;
}
}
X509CertificateEnrollmentContext context = UserContext
? X509CertificateEnrollmentContext.ContextUser
: X509CertificateEnrollmentContext.ContextMachine;
policy.Initialize(URL.AbsoluteUri, PolicyId, (X509EnrollmentAuthFlags)Authentication, false, context);
policy.LoadPolicy(X509EnrollmentPolicyLoadOption.LoadOptionDefault);
get_templates();
PolicyLoaded = true;
} catch (Exception e) {
throw Error.ComExceptionHandler(e);
}
}
void m_initialize2(String url, Boolean userContext, PolicyAuthenticationEnum auth, Boolean Private)
{
policy = new CX509EnrollmentPolicyWebService();
try {
if (!Private)
{
switch (auth)
{
case PolicyAuthenticationEnum.UserNameAndPassword:
policy.SetCredential(0, (X509EnrollmentAuthFlags)auth, uName, Marshal.PtrToStringAuto(Marshal.SecureStringToBSTR(uPassword)));
break;
case PolicyAuthenticationEnum.ClientCertificate:
policy.SetCredential(0, (X509EnrollmentAuthFlags)auth, uName, null);
break;
}
}
X509CertificateEnrollmentContext context = userContext
? X509CertificateEnrollmentContext.ContextUser
: X509CertificateEnrollmentContext.ContextMachine;
policy.Initialize(url, null, (X509EnrollmentAuthFlags)auth, false, context);
try {
policy.LoadPolicy(X509EnrollmentPolicyLoadOption.LoadOptionDefault);
} catch { }
try {
Name = policy.GetFriendlyName();
} catch { }
PolicyId = policy.GetPolicyServerId();
URL = new Uri(url);
Authentication = auth;
FilePath = policy.GetCachePath();
UserContext = userContext;
} catch (Exception e) {
throw Error.ComExceptionHandler(e);
} finally {
CryptographyUtils.ReleaseCom(policy);
}
}
/// <summary>
/// Sets the credential used to contact the certificate enrollment policy (CEP) server
/// </summary>
/// <param name="userName">
/// Specifies the user name to authenticate in enrollment policy server.
/// <para>
/// If the authentication type is set to <strong>ClientCertificate</strong>, this parameter must contains
/// authentication certificate's thumbprint.
/// </para>
/// <para>This parameter must be omitted when <strong>Kerberos</strong> authentication is used.</para>
/// </param>
/// <param name="password">
/// Specifies the password to authenticate in enrollment policy server.
/// <para>
/// This parameter must be used only when <strong>UserNameAndPassword</strong> authentication
/// method is used. This parameter must be omitted in all other authentication methods.
/// </para>
/// </param>
/// <exception cref="ArgumentNullException"><strong>userName</strong> parameter is null reference.</exception>
/// <remarks>
/// Currently this method do not set or update credentials in the credential vault, only default
/// class constructor combining with <see cref="Register"/> method provides this functionality.
/// </remarks>
public void SetCredential(String userName, SecureString password)
{
if (String.IsNullOrEmpty(userName))
{
throw new ArgumentNullException(nameof(userName));
}
if (URL == null)
{
throw new UninitializedObjectException();
}
uName = userName;
uPassword = password;
switch (Authentication)
{
case PolicyAuthenticationEnum.UserNameAndPassword:
policy.SetCredential(0, (X509EnrollmentAuthFlags)Authentication, userName, Marshal.PtrToStringAuto(Marshal.SecureStringToBSTR(password)));
break;
case PolicyAuthenticationEnum.ClientCertificate:
policy.SetCredential(0, (X509EnrollmentAuthFlags)Authentication, userName, null);
break;
}
}
public bool enrollWithIX509EnrollmentHelper()
{
bool bRet = true;
try
{
IX509EnrollmentPolicyServer objPolicyServer = null;
IX509CertificateTemplates objTemplates = null;
IX509CertificateTemplate objTemplate = null;
IX509EnrollmentHelper objEnrollHelper = null;
IX509Enrollment2 objEnroll2 = null;
objPolicyServer = new CX509EnrollmentPolicyWebService();
objPolicyServer.Initialize(
m_strPolicyServerUrl,
null,
m_PolicyServerAuthType,
true,
m_context);
//This call sets authentication type and authentication credential
//to policy server to the object referenced by objPolicyServer.
//This call is necessary even for Kerberos authentication type.
objPolicyServer.SetCredential(
0,
m_PolicyServerAuthType,
m_strPolicyServerUsername,
m_strPolicyServerPassword);
objPolicyServer.LoadPolicy(X509EnrollmentPolicyLoadOption.LoadOptionDefault);
objTemplates = objPolicyServer.GetTemplates();
objTemplate = objTemplates.get_ItemByName(m_strTemplateName);
//There is no need to cache credential for Kerberos authentication type
if (m_EnrollmentServerAuthType == X509EnrollmentAuthFlags.X509AuthUsername)
{
objEnrollHelper = new CX509EnrollmentHelper();
objEnrollHelper.Initialize(m_context);
//This call caches the authentication credential to
//enrollment server in Windows vault
objEnrollHelper.AddEnrollmentServer(
m_strEnrollmentServerUrl,
m_EnrollmentServerAuthType,
m_strEnrollmentServerUsername,
m_strEnrollmentServerPassword);
}
objEnroll2 = new CX509Enrollment();
objEnroll2.InitializeFromTemplate(
m_context,
objPolicyServer,
objTemplate);
//This call reads authentication cache to
//enrollment server from Windows vault
objEnroll2.Enroll();
}
catch (Exception e)
{
bRet = false;
Console.WriteLine("Error: {0}", e.Message);
}
if (bRet)
{
Console.WriteLine("Certificate enrollment succeeded.");
}
else
{
Console.WriteLine("Certificate enrollment failed.");
}
return(bRet);
}
public bool enrollWithIX509EnrollmentHelper()
{
bool bRet = true;
try
{
IX509EnrollmentPolicyServer objPolicyServer = null;
IX509CertificateTemplates objTemplates = null;
IX509CertificateTemplate objTemplate = null;
IX509EnrollmentHelper objEnrollHelper = null;
IX509Enrollment2 objEnroll2 = null;
objPolicyServer = new CX509EnrollmentPolicyWebService();
objPolicyServer.Initialize(
m_strPolicyServerUrl,
null,
m_PolicyServerAuthType,
true,
m_context);
//This call sets authentication type and authentication credential
//to policy server to the object referenced by objPolicyServer.
//This call is necessary even for Kerberos authentication type.
objPolicyServer.SetCredential(
0,
m_PolicyServerAuthType,
m_strPolicyServerUsername,
m_strPolicyServerPassword);
objPolicyServer.LoadPolicy(X509EnrollmentPolicyLoadOption.LoadOptionDefault);
objTemplates = objPolicyServer.GetTemplates();
objTemplate = objTemplates.get_ItemByName(m_strTemplateName);
//There is no need to cache credential for Kerberos authentication type
if (m_EnrollmentServerAuthType == X509EnrollmentAuthFlags.X509AuthUsername)
{
objEnrollHelper = new CX509EnrollmentHelper();
objEnrollHelper.Initialize(m_context);
//This call caches the authentication credential to
//enrollment server in Windows vault
objEnrollHelper.AddEnrollmentServer(
m_strEnrollmentServerUrl,
m_EnrollmentServerAuthType,
m_strEnrollmentServerUsername,
m_strEnrollmentServerPassword);
}
objEnroll2 = new CX509Enrollment();
objEnroll2.InitializeFromTemplate(
m_context,
objPolicyServer,
objTemplate);
//This call reads authentication cache to
//enrollment server from Windows vault
objEnroll2.Enroll();
}
catch (Exception e)
{
bRet = false;
Console.WriteLine("Error: {0}", e.Message);
}
if (bRet)
Console.WriteLine("Certificate enrollment succeeded.");
else
Console.WriteLine("Certificate enrollment failed.");
return bRet;
}