/// <summary> /// Updates management interface flags by writing them to Certification Authority. /// </summary> /// <param name="restart"> /// Indiciates whether to restart certificate services to immediately apply changes. Updated settings has no effect /// until CA service is restarted. /// </param> /// <exception cref="UnauthorizedAccessException"> /// The caller do not have sufficient permissions to make changes in the CA configuration. /// </exception> /// <exception cref="ServerUnavailableException"> /// The target CA server could not be contacted via remote registry and RPC protocol. /// </exception> /// <returns> /// <strong>True</strong> if configuration was changed. If an object was not modified since it was instantiated, configuration is not updated /// and the method returns <strong>False</strong>. /// </returns> /// <remarks>The caller must have <strong>Administrator</strong> permissions on the target CA server.</remarks> public Boolean SetInfo(Boolean restart) { if (IsModified) { if (CryptoRegistry.Ping(ComputerName)) { CryptoRegistry.SetRReg((Int32)InterfaceFlags, "InterfaceFlags", RegistryValueKind.DWord, Name, ComputerName); if (restart) { CertificateAuthority.Restart(ComputerName); } IsModified = false; return(true); } if (CertificateAuthority.Ping(ComputerName)) { CryptoRegistry.SetRegFallback(ConfigString, String.Empty, "InterfaceFlags", (Int32)InterfaceFlags); if (restart) { CertificateAuthority.Restart(ComputerName); } IsModified = false; return(true); } ServerUnavailableException e = new ServerUnavailableException(DisplayName); e.Data.Add(nameof(e.Source), (OfflineSource)3); throw e; } return(false); }
void m_initialize(CertificateAuthority certificateAuthority) { String[] urls; Name = certificateAuthority.Name; DisplayName = certificateAuthority.DisplayName; ComputerName = certificateAuthority.ComputerName; ConfigString = certificateAuthority.ConfigString; if (CryptoRegistry.Ping(ComputerName)) { urls = (String[])CryptoRegistry.GetRReg("CACertPublicationURLs", Name, ComputerName); } else { if (CertificateAuthority.Ping(ComputerName)) { urls = (String[])CryptoRegistry.GetRegFallback(ConfigString, String.Empty, "CACertPublicationURLs"); } else { ServerUnavailableException e = new ServerUnavailableException(DisplayName); e.Data.Add(nameof(e.Source), (OfflineSource)3); throw e; } } m_aia = urls.Select(url => new AIA(url)).ToArray(); }
void getConfig(String computerName, String caName = null) { // if we found CA in DS, we are just fine, no need to touch CA server. if (foundInDs) { ComputerName = computerName; Name = caName; ConfigString = ConfigString = ComputerName + "\\" + Name; return; } // otherwise: // 1. if registry is accessible, read actual config string from registry if (RegistryOnline) { ComputerName = (String)CryptoRegistry.GetRReg("CAServerName", Active, computerName); Name = (String)CryptoRegistry.GetRReg("CommonName", Active, computerName); } else { // 2. if registry is not accessible, we must have a CA name in order to read it from ICertAdmin::GetConfig if (!String.IsNullOrEmpty(caName) && IsAccessible) { String configString = $@"{computerName}\{caName}"; ComputerName = (String)CryptoRegistry.GetRegFallback(configString, String.Empty, "CAServerName"); Name = (String)CryptoRegistry.GetRegFallback(configString, String.Empty, "CommonName"); } else { var e = new ServerUnavailableException(computerName); e.Data.Add(nameof(e.Source), OfflineSource.DCOM | OfflineSource.Registry); throw e; } } ConfigString = ComputerName + "\\" + Name; }
/// <summary> /// Gets the access control list (<strong>ACL</strong>) for the current Certification Authority. /// </summary> /// <returns>An ACL object.</returns> /// <remarks>Returned object inherits from <see cref="CommonObjectSecurity"/> and implements common methods.</remarks> public CASecurityDescriptor GetSecurityDescriptor() { var sd = new CASecurityDescriptor(this); Byte[] sdBinary; if (CryptoRegistry.Ping(ComputerName)) { sdBinary = (Byte[])CryptoRegistry.GetRReg("Security", Name, ComputerName); } else { if (Ping(ComputerName)) { sdBinary = (Byte[])CryptoRegistry.GetRegFallback(ConfigString, String.Empty, "Security"); } else { ServerUnavailableException e = new ServerUnavailableException(DisplayName); e.Data.Add(nameof(e.Source), (OfflineSource)3); throw e; } } sd.SetSecurityDescriptorBinaryForm(sdBinary); return(sd); }
void m_initialize(CertificateAuthority certificateAuthority) { Name = certificateAuthority.Name; DisplayName = certificateAuthority.DisplayName; ComputerName = certificateAuthority.ComputerName; ConfigString = certificateAuthority.ConfigString; if (CryptoRegistry.Ping(ComputerName)) { m_validity = Convert.ToString((Int32)CryptoRegistry.GetRReg("ValidityPeriodUnits", Name, ComputerName)) + " "; m_validity += (String)CryptoRegistry.GetRReg("ValidityPeriod", Name, ComputerName); } else { if (certificateAuthority.Ping()) { m_validity = Convert.ToString((Int32)CryptoRegistry.GetRegFallback(ConfigString, String.Empty, "ValidityPeriodUnits")); m_validity += (String)CryptoRegistry.GetRegFallback(ConfigString, String.Empty, "ValidityPeriod"); } else { ServerUnavailableException e = new ServerUnavailableException(DisplayName); e.Data.Add(nameof(e.Source), (OfflineSource)3); throw e; } } }
void m_initialize(CertificateAuthority certificateAuthority) { Name = certificateAuthority.Name; DisplayName = certificateAuthority.DisplayName; ComputerName = certificateAuthority.ComputerName; ConfigString = certificateAuthority.ConfigString; Version = certificateAuthority.Version; if (CryptoRegistry.Ping(ComputerName)) { CRLFlags = (CRLFlagEnum)CryptoRegistry.GetRReg("CRLFlags", Name, ComputerName); } else { if (CertificateAuthority.Ping(ComputerName)) { CRLFlags = (CRLFlagEnum)CryptoRegistry.GetRegFallback(ConfigString, "", "CRLFlags"); } else { ServerUnavailableException e = new ServerUnavailableException(DisplayName); e.Data.Add(nameof(e.Source), (OfflineSource)3); throw e; } } }
/// <summary> /// Updates Authority Information Access configuration by writing them to Certification Authority. /// </summary> /// <param name="restart">Indiciates whether to restart certificate services to immediately apply changes. Updated settings has no effect until /// CA service is restarted. /// </param> /// <remarks> /// For this method to succeed, the caller must be granted CA <strong>Administrator</strong> permissions. /// </remarks> /// <exception cref="UnauthorizedAccessException"> /// The caller do not have sufficient permissions to make changes in the CA configuration. /// </exception> /// <exception cref="ServerUnavailableException"> /// The target CA server could not be contacted via remote registry and RPC protocol. /// </exception> /// <returns> /// <strong>True</strong> if configuration was changed. If an object was not modified since it was instantiated, configuration is not updated /// and the method returns <strong>False</strong>. /// </returns> /// <remarks>The caller must have <strong>Administrator</strong> permissions on the target CA server.</remarks> public Boolean SetInfo(Boolean restart) { if (IsModified) { List <String> strings = URI.Length > 0 ? URI.Select(str => str.RegURI).ToList() : null; if (CryptoRegistry.Ping(ComputerName)) { CryptoRegistry.SetRReg(strings, "CACertPublicationURLs", Name, ComputerName); if (restart) { CertificateAuthority.Restart(ComputerName); } IsModified = false; return(true); } if (CertificateAuthority.Ping(ComputerName)) { CryptoRegistry.SetRegFallback(ConfigString, String.Empty, "CACertPublicationURLs", strings); if (restart) { CertificateAuthority.Restart(ComputerName); } IsModified = false; return(true); } ServerUnavailableException e = new ServerUnavailableException(DisplayName); e.Data.Add(nameof(e.Source), (OfflineSource)3); throw e; } return(false); }
/// <summary> /// Updates policy module flags by writing them to Certification Authority. /// </summary> /// <param name="restart"> /// Indicates whether to restart certificate services to immediately apply changes. Updated settings has no effect /// until CA service is restarted. /// </param> /// <exception cref="UnauthorizedAccessException"> /// The caller do not have sufficient permissions to make changes in the CA configuration. /// </exception> /// <exception cref="ServerUnavailableException"> /// The target CA server could not be contacted via remote registry and RPC protocol. /// </exception> /// <returns> /// <strong>True</strong> if configuration was changed. If an object was not modified since it was instantiated, configuration is not updated /// and the method returns <strong>False</strong>. /// </returns> /// <remarks>The caller must have <strong>Administrator</strong> permissions on the target CA server.</remarks> public Boolean SetInfo(Boolean restart) { if (IsModified) { if (CryptoRegistry.Ping(ComputerName)) { CryptoRegistry.SetRReg((Int32)EditFlags, "EditFlags", RegistryValueKind.DWord, $@"{Name}\PolicyModules\{activePolicyModule}", ComputerName); if (restart) { CertificateAuthority.Restart(ComputerName); } IsModified = false; return(true); } if (CertificateAuthority.Ping(ComputerName)) { CryptoRegistry.SetRegFallback(configString, $@"PolicyModules\{activePolicyModule}", "EditFlags", (Int32)EditFlags); if (restart) { CertificateAuthority.Restart(ComputerName); } IsModified = false; return(true); } ServerUnavailableException e = new ServerUnavailableException(DisplayName); e.Data.Add(nameof(e.Source), (OfflineSource)3); throw e; } return(false); }
/// <summary> /// Updates issued certificate validity setting. Any issued certificate validity cannot exceed this value. /// </summary> /// <param name="restart"> /// Indiciates whether to restart certificate services to immediately apply changes. Updated settings has no effect until /// CA service is restarted. /// </param> /// <exception cref="UnauthorizedAccessException"> /// The caller do not have sufficient permissions to make changes in the CA configuration. /// </exception> /// <exception cref="ServerUnavailableException"> /// The target CA server could not be contacted via remote registry and RPC protocol. /// </exception> /// <returns> /// <strong>True</strong> if configuration was changed. If an object was not modified since it was instantiated, configuration is not updated /// and the method returns <strong>False</strong>. /// </returns> /// <remarks>The caller must have <strong>Administrator</strong> permissions on the target CA server.</remarks> public Boolean SetInfo(Boolean restart) { if (!IsModified) { return(false); } if (CryptoRegistry.Ping(ComputerName)) { CryptoRegistry.SetRReg(Period, "ValidityPeriodUnits", RegistryValueKind.DWord, Name, ComputerName); CryptoRegistry.SetRReg(PeriodUnits, "ValidityPeriod", RegistryValueKind.String, Name, ComputerName); IsModified = false; if (restart) { CertificateAuthority.Restart(ComputerName); } return(true); } if (CertificateAuthority.Ping(ComputerName)) { CryptoRegistry.SetRegFallback(ConfigString, String.Empty, "ValidityPeriodUnits", Period); CryptoRegistry.SetRegFallback(ConfigString, String.Empty, "ValidityPeriod", PeriodUnits); IsModified = false; if (restart) { CertificateAuthority.Restart(ComputerName); } return(true); } ServerUnavailableException e = new ServerUnavailableException(DisplayName); e.Data.Add(nameof(e.Source), (OfflineSource)3); throw e; }
/// <summary> /// Writes this object to a securable object's Access Control List. /// </summary> /// <param name="restart"> /// Indiciates whether to restart certificate services to immediately apply changes. Updated settings has /// no effect until CA service is restarted. /// </param> /// <exception cref="ServerUnavailableException"> /// The target CA server could not be contacted via remote registry and RPC protocol. /// </exception> public void SetObjectSecurity(Boolean restart) { if (CryptoRegistry.Ping(ComputerName)) { CryptoRegistry.SetRReg(GetSecurityDescriptorBinaryForm(), "Security", _name, ComputerName); if (restart) { CertificateAuthority.Restart(ComputerName); } return; } if (CertificateAuthority.Ping(ComputerName)) { CryptoRegistry.SetRegFallback(_config, String.Empty, "Security", GetSecurityDescriptorBinaryForm()); if (restart) { CertificateAuthority.Restart(ComputerName); } return; } ServerUnavailableException e = new ServerUnavailableException(DisplayName); e.Data.Add("Source", (OfflineSource)3); throw e; }
/// <param name="computerName">Specifies the fully qualified domain name (FQDN) of the computer where Certificate Services /// are installed.</param> /// <exception cref="ArgumentNullException">Te <strong>computerName</strong> parameter is null or empty.</exception> /// <exception cref="ServerUnavailableException">The computer specified in the <strong>computerName</strong> /// parameter could not be contacted via remote registry.</exception> public CertificateAuthority(String computerName) { if (String.IsNullOrEmpty(computerName)) { throw new ArgumentNullException(nameof(computerName)); } RegistryOnline = CryptoRegistry.Ping(computerName); IsAccessible = Ping(computerName); lookInDs(computerName); if (foundInDs) { buildFromCertConfigOnly(); initializeFromConfigString(ComputerName, Name); } else { if (RegistryOnline) { initializeFromServerName(computerName); } else { ServerUnavailableException e = new ServerUnavailableException(computerName); e.Data.Add(nameof(e.Source), OfflineSource.Registry); throw e; } } }
void getType() { Int32 type; if (RegistryOnline) { type = (Int32)CryptoRegistry.GetRReg("CAType", Active, ComputerName); } else { type = (Int32)CryptoRegistry.GetRegFallback(ConfigString, String.Empty, "CAType"); } switch (type) { case 0: Type = "Enterprise Root CA"; IsEnterprise = true; break; case 1: Type = "Enterprise Subordinate CA"; IsEnterprise = true; break; case 3: Type = "Standalone Root CA"; break; case 4: Type = "Standalone Subordinate CA"; break; default: Type = "Undefined"; break; } }
void m_initialize(CertificateAuthority certificateAuthority) { Name = certificateAuthority.Name; DisplayName = certificateAuthority.DisplayName; ComputerName = certificateAuthority.ComputerName; configString = certificateAuthority.ConfigString; version = certificateAuthority.Version; isEnterprise = certificateAuthority.IsEnterprise; if (CryptoRegistry.Ping(ComputerName)) { activePolicyModule = (String)CryptoRegistry.GetRReg("Active", $@"{Name}\PolicyModules", ComputerName); EditFlags = (PolicyModuleFlagEnum)CryptoRegistry.GetRReg("EditFlags", $@"{Name}\PolicyModules\{activePolicyModule}", ComputerName); } else { if (CertificateAuthority.Ping(ComputerName)) { activePolicyModule = (String)CryptoRegistry.GetRegFallback(configString, "PolicyModules", "EditFlags"); EditFlags = (PolicyModuleFlagEnum)CryptoRegistry.GetRegFallback(configString, $@"PolicyModules\{activePolicyModule}", "EditFlags"); } else { ServerUnavailableException e = new ServerUnavailableException(DisplayName); e.Data.Add(nameof(e.Source), (OfflineSource)3); throw e; } } }
void m_initialize(CertificateAuthority certificateAuthority) { String[] urls; keyMap = certificateAuthority.GetKeyMap(); buildVarValueMapping(certificateAuthority); Name = certificateAuthority.Name; DisplayName = certificateAuthority.DisplayName; ComputerName = certificateAuthority.ComputerName; ConfigString = certificateAuthority.ConfigString; if (CryptoRegistry.Ping(ComputerName)) { urls = (String[])CryptoRegistry.GetRReg("CRLPublicationURLs", Name, ComputerName); } else { if (CertificateAuthority.Ping(ComputerName)) { urls = (String[])CryptoRegistry.GetRegFallback(ConfigString, String.Empty, "CRLPublicationURLs"); } else { ServerUnavailableException e = new ServerUnavailableException(DisplayName); e.Data.Add(nameof(e.Source), (OfflineSource)3); throw e; } } m_cdp = urls.Select(url => new CDP(url)).ToArray(); ResolveUrLs(); }
void pingRegistry(String computerName) { RegistryOnline = CryptoRegistry.Ping(computerName); if (RegistryOnline) { Active = (String)CryptoRegistry.GetRReg("Active", "", computerName); } }
/// <summary> /// Updates policy module extension lists by writing them to Certification Authority. /// </summary> /// <param name="restart"> /// Indiciates whether to restart certificate services to immediately apply changes. Updated settings has no effect /// until CA service is restarted.</param> /// <exception cref="UnauthorizedAccessException"> /// If the caller do not have sufficient permissions to make changes in the CA configuration. /// </exception> /// <exception cref="ServerUnavailableException"> /// If the target CA server could not be contacted via remote registry and RPC protocol. /// </exception> /// <returns> /// <strong>True</strong> if configuration was changed. If an object was not modified since it was instantiated, configuration is not updated /// and the method returns <strong>False</strong>. /// </returns> /// <remarks>The caller must have <strong>Administrator</strong> permissions on the target CA server.</remarks> public Boolean SetInfo(Boolean restart) { if (IsModified) { List <String> oidstrings; if (CryptoRegistry.Ping(ComputerName)) { String path = $@"{Name}\PolicyModules\{ActivePolicyModule}"; oidstrings = EnabledExtensionList.Select(oid => oid.Value).ToList(); CryptoRegistry.SetRReg(oidstrings, "EnableRequestExtensionList", path, ComputerName); oidstrings.Clear(); oidstrings.AddRange(OfflineExtensionList.Select(oid => oid.Value)); CryptoRegistry.SetRReg(oidstrings, "EnableEnrolleeRequestExtensionList", path, ComputerName); oidstrings.Clear(); oidstrings.AddRange(DisabledExtensionList.Select(oid => oid.Value)); CryptoRegistry.SetRReg(oidstrings, "DisableExtensionList", path, ComputerName); oidstrings.Clear(); if (restart) { CertificateAuthority.Restart(ComputerName); } IsModified = false; return(true); } if (CertificateAuthority.Ping(ComputerName)) { String path = $@"PolicyModules\{ActivePolicyModule}"; oidstrings = EnabledExtensionList.Select(oid => oid.Value).ToList(); CryptoRegistry.SetRegFallback(ConfigString, path, "EnableRequestExtensionList", oidstrings.ToArray()); oidstrings.Clear(); oidstrings.AddRange(OfflineExtensionList.Select(oid => oid.Value)); CryptoRegistry.SetRegFallback(ConfigString, path, "EnableEnrolleeRequestExtensionList", oidstrings.ToArray()); oidstrings.Clear(); oidstrings.AddRange(DisabledExtensionList.Select(oid => oid.Value)); CryptoRegistry.SetRegFallback(ConfigString, path, "DisableExtensionList", oidstrings.ToArray()); oidstrings.Clear(); if (restart) { CertificateAuthority.Restart(ComputerName); } IsModified = false; return(true); } ServerUnavailableException e = new ServerUnavailableException(DisplayName); e.Data.Add(nameof(e.Source), (OfflineSource)3); throw e; } return(false); }
/// <summary> /// Updates CA server cryptography settings by writing them to Certification Authority. /// </summary> /// <param name="restart"> /// Indiciates whether to restart certificate services to immediately apply changes. Updated settings has no effect /// until CA service is restarted. /// </param> /// <exception cref="ServerUnavailableException"> /// The target CA server could not be contacted via remote registry and RPC protocol. /// </exception> /// <returns> /// <strong>True</strong> if configuration was changed. If an object was not modified since it was instantiated, configuration is not updated /// and the method returns <strong>False</strong>. /// </returns> /// <remarks> /// The caller must have <strong>Administrator</strong> permissions on the target CA server. /// </remarks> public Boolean SetInfo(Boolean restart) { if (!IsModified) { return(false); } if (CryptoRegistry.Ping(ComputerName)) { if (ProviderIsCNG) { CryptoRegistry.SetRReg(publicKeyAlgorithm.FriendlyName, "CNGPublicKeyAlgorithm", RegistryValueKind.String, Name + "\\CSP", ComputerName); CryptoRegistry.SetRReg(hashingAlgorithm.FriendlyName, "CNGHashAlgorithm", RegistryValueKind.String, Name + "\\CSP", ComputerName); if (alternateSignatureAlgorithm) { CryptoRegistry.SetRReg(1, "AlternateSignatureAlgorithm", RegistryValueKind.String, $@"{Name}\CSP", ComputerName); } else { CryptoRegistry.SetRReg(0, "AlternateSignatureAlgorithm", RegistryValueKind.DWord, $@"{Name}\CSP", ComputerName); } } else { CryptoRegistry.SetRReg(getValueFromOid(hashingAlgorithm), "HashAlgorithm", RegistryValueKind.DWord, $@"{Name}\CSP", ComputerName); } } else { if (CertificateAuthority.Ping(ComputerName)) { if (ProviderIsCNG) { CryptoRegistry.SetRegFallback(ConfigString, "CSP", "CNGPublicKeyAlgorithm", publicKeyAlgorithm.FriendlyName); CryptoRegistry.SetRegFallback(ConfigString, "CSP", "CNGHashAlgorithm", hashingAlgorithm.FriendlyName); CryptoRegistry.SetRegFallback(ConfigString, "CSP", "CNGHashAlgorithm", alternateSignatureAlgorithm ? 1 : 0); } else { CryptoRegistry.SetRegFallback(ConfigString, "CSP", "HashAlgorithm", getValueFromOid(hashingAlgorithm)); } } else { ServerUnavailableException e = new ServerUnavailableException(DisplayName); e.Data.Add(nameof(e.Source), (OfflineSource)3); throw e; } } if (restart) { CertificateAuthority.Restart(ComputerName); } IsModified = false; return(true); }
void m_initialize(CertificateAuthority certificateAuthority) { Name = certificateAuthority.Name; DisplayName = certificateAuthority.DisplayName; ComputerName = certificateAuthority.ComputerName; ConfigString = certificateAuthority.ConfigString; if (CryptoRegistry.Ping(ComputerName)) { ProviderIsCNG = (Int32)CryptoRegistry.GetRReg("ProviderType", $@"{Name}\CSP", ComputerName) == 0; ProviderName = (String)CryptoRegistry.GetRReg("Provider", $@"{Name}\CSP", ComputerName); publicKeyAlgorithm = ProviderIsCNG ? new Oid((String)CryptoRegistry.GetRReg("CNGPublicKeyAlgorithm", $@"{Name}\CSP", ComputerName)) : new Oid("1.2.840.113549.1.1.1"); // rsa if (ProviderIsCNG) { // CNG hashingAlgorithm = new Oid((String)CryptoRegistry.GetRReg("CNGHashAlgorithm", $@"{Name}\CSP", ComputerName)); try { Int32 altName = (Int32)CryptoRegistry.GetRReg("AlternateSignatureAlgorithm", $@"{Name}\CSP", ComputerName); alternateSignatureAlgorithm = altName != 0; } catch { alternateSignatureAlgorithm = false; } } else { // legacy Int32 algId = (Int32)CryptoRegistry.GetRReg("HashAlgorithm", $@"{Name}\CSP", ComputerName); hashingAlgorithm = getOidFromValue(algId); } return; } ProviderIsCNG = (Int32)CryptoRegistry.GetRegFallback(ConfigString, "CSP", "ProviderType") == 0; ProviderName = (String)CryptoRegistry.GetRegFallback(ConfigString, "CSP", "Provider"); publicKeyAlgorithm = ProviderIsCNG ? new Oid((String)CryptoRegistry.GetRegFallback(ConfigString, "CSP", "CNGPublicKeyAlgorithm")) : new Oid("1.2.840.113549.1.1.1"); // rsa if (ProviderIsCNG) { hashingAlgorithm = new Oid((String)CryptoRegistry.GetRegFallback(ConfigString, "CSP", "CNGHashAlgorithm")); } else { Int32 algId = (Int32)CryptoRegistry.GetRegFallback(ConfigString, "CSP", "HashAlgorithm"); hashingAlgorithm = getOidFromValue(algId); } if (ProviderIsCNG) { try { alternateSignatureAlgorithm = (Int32)CryptoRegistry.GetRegFallback(ConfigString, "CSP", "AlternateSignatureAlgorithm") != 0; } catch { alternateSignatureAlgorithm = false; } } }
void m_initialize(CertificateAuthority certificateAuthority) { List <Oid> Oids = new List <Oid>(); Name = certificateAuthority.Name; DisplayName = certificateAuthority.DisplayName; ComputerName = certificateAuthority.ComputerName; ConfigString = certificateAuthority.ConfigString; if (CryptoRegistry.Ping(ComputerName)) { ActivePolicyModule = (String)CryptoRegistry.GetRReg("Active", $@"{Name}\PolicyModules", ComputerName); String[] oidstrings = (String[])CryptoRegistry.GetRReg("EnableRequestExtensionList", $@"{Name}\PolicyModules\{ActivePolicyModule}", ComputerName); Oids.AddRange(oidstrings.Select(item => new Oid(item))); EnabledExtensionList = Oids.ToArray(); Oids.Clear(); oidstrings = (String[])CryptoRegistry.GetRReg("EnableEnrolleeRequestExtensionList", $@"{Name}\PolicyModules\{ActivePolicyModule}", ComputerName); Oids.AddRange(oidstrings.Select(item => new Oid(item))); OfflineExtensionList = Oids.ToArray(); Oids.Clear(); oidstrings = (String[])CryptoRegistry.GetRReg("DisableExtensionList", $@"{Name}\PolicyModules\{ActivePolicyModule}", ComputerName); Oids.AddRange(oidstrings.Select(item => new Oid(item))); DisabledExtensionList = Oids.ToArray(); Oids.Clear(); } else { if (CertificateAuthority.Ping(ComputerName)) { ActivePolicyModule = (String)CryptoRegistry.GetRReg("Active", $@"{Name}\PolicyModules", ComputerName); String[] oidstrings = (String[])CryptoRegistry.GetRegFallback(ConfigString, $@"PolicyModules\{ActivePolicyModule}", "EnableRequestExtensionList"); Oids.AddRange(oidstrings.Select(item => new Oid(item))); EnabledExtensionList = Oids.ToArray(); Oids.Clear(); oidstrings = (String[])CryptoRegistry.GetRegFallback(ConfigString, $@"PolicyModules\{ActivePolicyModule}", "EnableEnrolleeRequestExtensionList"); Oids.AddRange(oidstrings.Select(item => new Oid(item))); OfflineExtensionList = Oids.ToArray(); Oids.Clear(); oidstrings = (String[])CryptoRegistry.GetRegFallback(ConfigString, $@"PolicyModules\{ActivePolicyModule}", "DisableExtensionList"); Oids.AddRange(oidstrings.Select(item => new Oid(item))); DisabledExtensionList = Oids.ToArray(); } else { ServerUnavailableException e = new ServerUnavailableException(DisplayName); e.Data.Add(nameof(e.Source), (OfflineSource)3); throw e; } } }
/// <summary> /// Updates CRL (Base and Delta CRL) setting. /// </summary> /// <param name="restart"> /// Indiciates whether to restart certificate services to immediately apply changes. Updated settings has no effect until /// CA service is restarted. /// </param> /// <exception cref="UnauthorizedAccessException"> /// The caller do not have sufficient permissions to make changes in the CA configuration. /// </exception> /// <exception cref="ServerUnavailableException"> /// The target CA server could not be contacted via remote registry and RPC protocol. /// </exception> /// <returns> /// <strong>True</strong> if configuration was changed. If an object was not modified since it was instantiated, configuration is not updated /// and the method returns <strong>False</strong>. /// </returns> /// <remarks>The caller must have <strong>Administrator</strong> permissions on the target CA server.</remarks> public Boolean SetInfo(Boolean restart) { if (!IsModified) { return(false); } if (CryptoRegistry.Ping(ComputerName)) { // Base CRL CryptoRegistry.SetRReg(BaseUnits, "CRLPeriodUnits", RegistryValueKind.DWord, Name, ComputerName); CryptoRegistry.SetRReg(BasePeriod, "CRLPeriod", RegistryValueKind.String, Name, ComputerName); // Base CRL overlap CryptoRegistry.SetRReg(BaseOverlapUnits, "CRLOverlapUnits", RegistryValueKind.DWord, Name, ComputerName); CryptoRegistry.SetRReg(BaseOverlap, "CRLOverlapPeriod", RegistryValueKind.String, Name, ComputerName); // Delta CRL CryptoRegistry.SetRReg(DeltaUnits, "CRLDeltaPeriodUnits", RegistryValueKind.DWord, Name, ComputerName); CryptoRegistry.SetRReg(DeltaPeriod, "CRLDeltaPeriod", RegistryValueKind.String, Name, ComputerName); // Delta CRL overlap CryptoRegistry.SetRReg(DeltaOverlapUnits, "CRLDeltaOverlapUnits", RegistryValueKind.DWord, Name, ComputerName); CryptoRegistry.SetRReg(DeltaOverlap, "CRLDeltaOverlapPeriod", RegistryValueKind.String, Name, ComputerName); IsModified = false; if (restart) { CertificateAuthority.Restart(ComputerName); } return(true); } if (CertificateAuthority.Ping(ComputerName)) { // Base CRL CryptoRegistry.SetRegFallback(ConfigString, String.Empty, "CRLPeriodUnits", BaseUnits); CryptoRegistry.SetRegFallback(ConfigString, String.Empty, "CRLPeriod", BasePeriod); // Base CRL overlap CryptoRegistry.SetRegFallback(ConfigString, String.Empty, "CRLOverlapUnits", BaseOverlapUnits); CryptoRegistry.SetRegFallback(ConfigString, String.Empty, "CRLOverlapPeriod", BaseOverlap); // Delta CRL CryptoRegistry.SetRegFallback(ConfigString, String.Empty, "CRLDeltaPeriodUnits", DeltaUnits); CryptoRegistry.SetRegFallback(ConfigString, String.Empty, "CRLDeltaPeriod", DeltaPeriod); // Delta CRL overlap CryptoRegistry.SetRegFallback(ConfigString, String.Empty, "CRLDeltaOverlapUnits", DeltaOverlapUnits); CryptoRegistry.SetRegFallback(ConfigString, String.Empty, "CRLDeltaOverlapPeriod", DeltaOverlap); IsModified = false; if (restart) { CertificateAuthority.Restart(ComputerName); } return(true); } ServerUnavailableException e = new ServerUnavailableException(DisplayName); e.Data.Add("Source", (OfflineSource)3); throw e; }
void getVersion() { if (RegistryOnline) { switch ((Int32)CryptoRegistry.GetRReg("Version", String.Empty, ComputerName)) { case 0x00010001: Version = "2000"; break; case 0x00020002: Version = "2003"; break; case 0x00030001: Version = "2008"; break; case 0x00040001: Version = "2008R2"; break; case 0x00050001: Version = "2012"; break; case 0x00060001: Version = "2012R2"; break; // there are no functional changes between 2016 and 2019, so treat them both as 2016 case 0x00070001: case 0x00080001: Version = "2016"; break; } SetupStatus = (SetupStatusEnum)CryptoRegistry.GetRReg("SetupStatus", String.Empty, ComputerName); } else { String ver = (String)_certRequest.GetCAProperty(ConfigString, CertAdmConstants.CrPropProductversion, 0, 4, 0); String[] vers = ver.Split(new [] { ":" }, StringSplitOptions.RemoveEmptyEntries); switch (vers[0]) { case "5.0": Version = "2000"; break; case "5.2": Version = "2003"; break; case "6.0": Version = "2008"; break; case "6.1": Version = "2008R2"; break; case "6.2": Version = "2012"; break; case "6.3": Version = "2012R2"; break; default: Version = vers[0].StartsWith("10.0") ? "2016" : "Unknown"; break; } SetupStatus = SetupStatusEnum.Unknown; } }
/// <param name="computerName"> /// Specifies the computer name where Certificate Services are installed. /// </param> /// <param name="name"> /// Specifies the common name of the Certification Authority that is installed on the /// computer specified in the <strong>computerName</strong> parameter. /// </param> /// <exception cref="ArgumentNullException">Either <strong>computerName</strong> or <strong>name</strong> parameter is null or empty.</exception> /// <exception cref="ServerUnavailableException">The server could not be contacted via both methods: remote registry /// and RPC/DCOM transport.</exception> /// <remarks> /// This constructor allows to connect to a CA server if it can be contacted at least via RPC/DCOM. /// <para>The default behavior is to retrieve registry information via remote registry functions. If the connection is /// unsuccessfull, the code falls back to RPC/DCOM connections (by using <strong>ICertAdmin2</strong> COM interface) to /// get registry data.</para> /// </remarks> public CertificateAuthority(String computerName, String name) { if (String.IsNullOrEmpty(computerName)) { throw new ArgumentNullException(nameof(computerName)); } if (String.IsNullOrEmpty(name)) { throw new ArgumentNullException(nameof(name)); } RegistryOnline = CryptoRegistry.Ping(computerName); IsAccessible = Ping(computerName); lookInDs(computerName); initializeFromConfigString(computerName, name); }
internal String GetConfigEntry(String entry) { switch (entry) { case "CAServerName": return(ComputerName); case "ServerShortName": return(ComputerName.Split('.')[0]); case "CommonName": return(Name); case "CATruncatedName": return(DsUtils.GetSanitizedName(Name)); case "ConfigurationContainer": return((String)CryptoRegistry.GetRReg("DSConfigDN", Name, ComputerName)); default: return(String.Empty); } }
void m_initialize(CertificateAuthority certificateAuthority) { Name = certificateAuthority.Name; DisplayName = certificateAuthority.DisplayName; ComputerName = certificateAuthority.ComputerName; ConfigString = certificateAuthority.ConfigString; if (CryptoRegistry.Ping(ComputerName)) { // Base CRL BaseUnits = (Int32)CryptoRegistry.GetRReg("CRLPeriodUnits", Name, ComputerName); BasePeriod = (String)CryptoRegistry.GetRReg("CRLPeriod", Name, ComputerName); // Base CRL overlap BaseOverlapUnits = (Int32)CryptoRegistry.GetRReg("CRLOverlapUnits", Name, ComputerName); BaseOverlap = (String)CryptoRegistry.GetRReg("CRLOverlapPeriod", Name, ComputerName); // Delta CRL DeltaUnits = (Int32)CryptoRegistry.GetRReg("CRLDeltaPeriodUnits", Name, ComputerName); DeltaPeriod = (String)CryptoRegistry.GetRReg("CRLDeltaPeriod", Name, ComputerName); // Delta CRL overlap DeltaOverlapUnits = (Int32)CryptoRegistry.GetRReg("CRLDeltaOverlapUnits", Name, ComputerName); DeltaOverlap = (String)CryptoRegistry.GetRReg("CRLDeltaOverlapPeriod", Name, ComputerName); } else { if (certificateAuthority.Ping()) { // Base CRL BaseUnits = (Int32)CryptoRegistry.GetRegFallback(ConfigString, String.Empty, "CRLPeriodUnits"); BasePeriod = (String)CryptoRegistry.GetRegFallback(ConfigString, String.Empty, "CRLPeriod"); // Base CRL overlap BaseOverlapUnits = (Int32)CryptoRegistry.GetRegFallback(ConfigString, String.Empty, "CRLOverlapUnits"); BaseOverlap = (String)CryptoRegistry.GetRegFallback(ConfigString, String.Empty, "CRLOverlapPeriod"); // Delta CRL DeltaUnits = (Int32)CryptoRegistry.GetRegFallback(ConfigString, String.Empty, "CRLDeltaPeriodUnits"); DeltaPeriod = (String)CryptoRegistry.GetRegFallback(ConfigString, String.Empty, "CRLDeltaPeriod"); // Delta CRL overlap DeltaOverlapUnits = (Int32)CryptoRegistry.GetRegFallback(ConfigString, String.Empty, "CRLDeltaOverlapUnits"); DeltaOverlap = (String)CryptoRegistry.GetRegFallback(ConfigString, String.Empty, "CRLDeltaOverlapPeriod"); } else { ServerUnavailableException e = new ServerUnavailableException(DisplayName); e.Data.Add("Source", (OfflineSource)3); throw e; } } }
void getVersion() { if (RegistryOnline) { switch ((Int32)CryptoRegistry.GetRReg("Version", String.Empty, ComputerName)) { case 0x00010001: Version = "2000"; break; case 0x00020002: Version = "2003"; break; case 0x00030001: Version = "2008"; break; case 0x00040001: Version = "2008R2"; break; case 0x00050001: Version = "2012"; break; case 0x00060001: Version = "2012R2"; break; case 0x00070001: Version = "2016"; break; } SetupStatus = (SetupStatusEnum)CryptoRegistry.GetRReg("SetupStatus", String.Empty, ComputerName); } else { String ver = (String)CertAdmin.GetCAProperty(ConfigString, CertAdmConst.CrPropProductversion, 0, 4, 0); String[] vers = ver.Split(new [] { ":" }, StringSplitOptions.RemoveEmptyEntries); switch (vers[0]) { case "5.0": Version = "2000"; break; case "5.2": Version = "2003"; break; case "6.0": Version = "2008"; break; case "6.1": Version = "2008R2"; break; case "6.2": Version = "2012"; break; case "6.3": Version = "2012R2"; break; } SetupStatus = SetupStatusEnum.Unknown; } }
void getConfig(String computerName, String configString = "") { if (RegistryOnline) { Active = (String)CryptoRegistry.GetRReg("Active", "", computerName); ComputerName = (String)CryptoRegistry.GetRReg("CAServerName", Active, computerName); Name = (String)CryptoRegistry.GetRReg("CommonName", Active, computerName); } else { if (!String.IsNullOrEmpty(configString) && IsAccessible) { ComputerName = (String)CryptoRegistry.GetRegFallback(configString, String.Empty, "CAServerName"); Name = (String)CryptoRegistry.GetRegFallback(configString, String.Empty, "CommonName"); } else { ServerUnavailableException e = new ServerUnavailableException(computerName); e.Data.Add(nameof(e.Source), (OfflineSource)3); throw e; } } ConfigString = ComputerName + "\\" + Name; }
/// <summary> /// Gets autoenrollment state and settings. /// </summary> /// <param name="userContext">Specifies whether to retrieve autoenrollment for user or machine context.</param> /// <returns>Autoenrollment state and settings. TODO</returns> public static Int32 GetAutoenrollmentState(Boolean userContext) { return((Int32)CryptoRegistry.GetLKey("Autoenrollment", userContext)); }