/// <summary>
/// Updates policy module flags by writing them to Certification Authority.
/// </summary>
/// <param name="restart">
/// Indicates whether to restart certificate services to immediately apply changes. Updated settings has no effect
/// until CA service is restarted.
/// </param>
/// <exception cref="UnauthorizedAccessException">
/// The caller do not have sufficient permissions to make changes in the CA configuration.
/// </exception>
/// <exception cref="ServerUnavailableException">
/// The target CA server could not be contacted via remote registry and RPC protocol.
/// </exception>
/// <returns>
/// <strong>True</strong> if configuration was changed. If an object was not modified since it was instantiated, configuration is not updated
/// and the method returns <strong>False</strong>.
/// </returns>
/// <remarks>The caller must have <strong>Administrator</strong> permissions on the target CA server.</remarks>
public Boolean SetInfo(Boolean restart)
{
if (IsModified)
{
if (CryptoRegistry.Ping(ComputerName))
{
CryptoRegistry.SetRReg((Int32)EditFlags, "EditFlags", RegistryValueKind.DWord, $@"{Name}\PolicyModules\{activePolicyModule}", ComputerName);
if (restart)
{
CertificateAuthority.Restart(ComputerName);
}
IsModified = false;
return(true);
}
if (CertificateAuthority.Ping(ComputerName))
{
CryptoRegistry.SetRegFallback(configString, $@"PolicyModules\{activePolicyModule}", "EditFlags", (Int32)EditFlags);
if (restart)
{
CertificateAuthority.Restart(ComputerName);
}
IsModified = false;
return(true);
}
ServerUnavailableException e = new ServerUnavailableException(DisplayName);
e.Data.Add(nameof(e.Source), (OfflineSource)3);
throw e;
}
return(false);
}
/// <summary>
/// Writes this object to a securable object's Access Control List.
/// </summary>
/// <param name="restart">
/// Indiciates whether to restart certificate services to immediately apply changes. Updated settings has
/// no effect until CA service is restarted.
/// </param>
/// <exception cref="ServerUnavailableException">
/// The target CA server could not be contacted via remote registry and RPC protocol.
/// </exception>
public void SetObjectSecurity(Boolean restart)
{
if (CryptoRegistry.Ping(ComputerName))
{
CryptoRegistry.SetRReg(GetSecurityDescriptorBinaryForm(), "Security", _name, ComputerName);
if (restart)
{
CertificateAuthority.Restart(ComputerName);
}
return;
}
if (CertificateAuthority.Ping(ComputerName))
{
CryptoRegistry.SetRegFallback(_config, String.Empty, "Security", GetSecurityDescriptorBinaryForm());
if (restart)
{
CertificateAuthority.Restart(ComputerName);
}
return;
}
ServerUnavailableException e = new ServerUnavailableException(DisplayName);
e.Data.Add("Source", (OfflineSource)3);
throw e;
}
/// <summary>
/// Updates management interface flags by writing them to Certification Authority.
/// </summary>
/// <param name="restart">
/// Indiciates whether to restart certificate services to immediately apply changes. Updated settings has no effect
/// until CA service is restarted.
/// </param>
/// <exception cref="UnauthorizedAccessException">
/// The caller do not have sufficient permissions to make changes in the CA configuration.
/// </exception>
/// <exception cref="ServerUnavailableException">
/// The target CA server could not be contacted via remote registry and RPC protocol.
/// </exception>
/// <returns>
/// <strong>True</strong> if configuration was changed. If an object was not modified since it was instantiated, configuration is not updated
/// and the method returns <strong>False</strong>.
/// </returns>
/// <remarks>The caller must have <strong>Administrator</strong> permissions on the target CA server.</remarks>
public Boolean SetInfo(Boolean restart)
{
if (IsModified)
{
if (CryptoRegistry.Ping(ComputerName))
{
CryptoRegistry.SetRReg((Int32)InterfaceFlags, "InterfaceFlags", RegistryValueKind.DWord, Name, ComputerName);
if (restart)
{
CertificateAuthority.Restart(ComputerName);
}
IsModified = false;
return(true);
}
if (CertificateAuthority.Ping(ComputerName))
{
CryptoRegistry.SetRegFallback(ConfigString, String.Empty, "InterfaceFlags", (Int32)InterfaceFlags);
if (restart)
{
CertificateAuthority.Restart(ComputerName);
}
IsModified = false;
return(true);
}
ServerUnavailableException e = new ServerUnavailableException(DisplayName);
e.Data.Add(nameof(e.Source), (OfflineSource)3);
throw e;
}
return(false);
}
/// <summary>
/// Updates Certification Authority configuration on a server.
/// </summary>
/// <param name="restart">
/// Indicates whether to restart certificate services to immediately apply changes. Updated settings has no effect
/// until CA service is restarted.
/// </param>
/// <exception cref="ServerUnavailableException">
/// The target CA server could not be contacted via remote registry and RPC protocol.
/// </exception>
/// <returns>
/// <strong>True</strong> if configuration was changed. If an object was not modified since it was instantiated, configuration is not updated
/// and the method returns <strong>False</strong>.
/// </returns>
/// <remarks>
/// The caller must have <strong>Administrator</strong> permissions on the target CA server.
/// </remarks>
public Boolean Commit(Boolean restart)
{
if (!IsModified)
{
return(IsModified);
}
OnCommit();
foreach (RegConfigEntry entry in ConfigEntries.Where(x => x.Action == RegConfigEntryAction.Delete))
{
ConfigManager.SetRootNode(!entry.IsRoot);
ConfigManager.DeleteEntry(entry.Name, entry.Node);
}
foreach (RegConfigEntry entry in ConfigEntries.Where(x => x.Action == RegConfigEntryAction.Write))
{
ConfigManager.SetRootNode(!entry.IsRoot);
ConfigManager.SetEntry(entry.Name, entry.Node, entry.Value);
}
IsModified = false;
if (restart)
{
CertificateAuthority.Restart(ComputerName);
}
return(true);
}
/// <summary>
/// Updates policy module extension lists by writing them to Certification Authority.
/// </summary>
/// <param name="restart">
/// Indiciates whether to restart certificate services to immediately apply changes. Updated settings has no effect
/// until CA service is restarted.</param>
/// <exception cref="UnauthorizedAccessException">
/// If the caller do not have sufficient permissions to make changes in the CA configuration.
/// </exception>
/// <exception cref="ServerUnavailableException">
/// If the target CA server could not be contacted via remote registry and RPC protocol.
/// </exception>
/// <returns>
/// <strong>True</strong> if configuration was changed. If an object was not modified since it was instantiated, configuration is not updated
/// and the method returns <strong>False</strong>.
/// </returns>
/// <remarks>The caller must have <strong>Administrator</strong> permissions on the target CA server.</remarks>
public Boolean SetInfo(Boolean restart)
{
if (IsModified)
{
List <String> oidstrings;
if (CryptoRegistry.Ping(ComputerName))
{
String path = $@"{Name}\PolicyModules\{ActivePolicyModule}";
oidstrings = EnabledExtensionList.Select(oid => oid.Value).ToList();
CryptoRegistry.SetRReg(oidstrings, "EnableRequestExtensionList", path, ComputerName);
oidstrings.Clear();
oidstrings.AddRange(OfflineExtensionList.Select(oid => oid.Value));
CryptoRegistry.SetRReg(oidstrings, "EnableEnrolleeRequestExtensionList", path, ComputerName);
oidstrings.Clear();
oidstrings.AddRange(DisabledExtensionList.Select(oid => oid.Value));
CryptoRegistry.SetRReg(oidstrings, "DisableExtensionList", path, ComputerName);
oidstrings.Clear();
if (restart)
{
CertificateAuthority.Restart(ComputerName);
}
IsModified = false;
return(true);
}
if (CertificateAuthority.Ping(ComputerName))
{
String path = $@"PolicyModules\{ActivePolicyModule}";
oidstrings = EnabledExtensionList.Select(oid => oid.Value).ToList();
CryptoRegistry.SetRegFallback(ConfigString, path, "EnableRequestExtensionList", oidstrings.ToArray());
oidstrings.Clear();
oidstrings.AddRange(OfflineExtensionList.Select(oid => oid.Value));
CryptoRegistry.SetRegFallback(ConfigString, path, "EnableEnrolleeRequestExtensionList", oidstrings.ToArray());
oidstrings.Clear();
oidstrings.AddRange(DisabledExtensionList.Select(oid => oid.Value));
CryptoRegistry.SetRegFallback(ConfigString, path, "DisableExtensionList", oidstrings.ToArray());
oidstrings.Clear();
if (restart)
{
CertificateAuthority.Restart(ComputerName);
}
IsModified = false;
return(true);
}
ServerUnavailableException e = new ServerUnavailableException(DisplayName);
e.Data.Add(nameof(e.Source), (OfflineSource)3);
throw e;
}
return(false);
}
