void getInfoFromDs() { if (IsEnterprise && DsUtils.Ping()) { if (_certConfig.GetField(CertConfigConstants.FieldCommonName) == Name) { String cn = "CN=" + _certConfig.GetField(CertConfigConstants.FieldSanitizedShortName) + ",CN=Enrollment Services,CN=Public Key Services,CN=Services,CN=Configuration,DC=" + DsUtils.GetForestName().Replace(".", ",DC="); DistinguishedName = (String)DsUtils.GetEntryProperty(cn, DsUtils.PropDN); DisplayName = _certConfig.GetField(CertConfigConstants.FieldCommonName); try { String wes = _certConfig.GetField(CertConfigConstants.FieldEnrollmentServers); if (!String.IsNullOrEmpty(wes)) { getCesUri(wes); } } catch { } } } if (String.IsNullOrEmpty(DisplayName)) { DisplayName = Name; } }
/// <summary> /// Initializes a new instance of the Oid2 class using the specified Oid friendly name or value, OID registration group and search conditions. /// </summary> /// <param name="oid">Specifies the object identifier friendly name or value to search.</param> /// <param name="group">Specifies the OID registration group to search.</param> /// <param name="searchInDirectory">Specifies whether to search for an object identifier in Active Directory. If the machine is not /// domain-joined, an OID is searched by using local registration information.</param> public Oid2(String oid, OidGroupEnum group, Boolean searchInDirectory) { try { CryptoConfig.EncodeOID(oid); _searchBy = "ByValue"; } catch { _searchBy = "ByName"; } if (Environment.OSVersion.Version.Major >= 6) { _cng = true; } if (searchInDirectory) { if (DsUtils.Ping()) { initializeDS(oid, group); } else { initializeLocal(oid, group); } } else { initializeLocal(oid, group); } }
/// <summary> /// Unregisters object identifier from OID registration database. /// </summary> /// <param name="value">Specifies the object identifier value.</param> /// <param name="group">Specifies the OID group from which the OID is removed. </param> /// <param name="deleteFromDirectory"> /// Specifies whether to perform registration removal from Active Directory. If Active Directory is unavailable, /// the method will attempt to unregister OID from a local OID registration database. /// </param> /// <exception cref="ArgumentNullException"><strong>value</strong> parameter is null or empty.</exception> /// <returns> /// <strong>True</strong> if OID or OIDs were unregistered successfully. If specified OID information is not /// registered, the method returns <strong>False</strong>. An exception is thrown when caller do not have /// appropriate permissions. See <strong>Remarks</strong> section for additional details. /// </returns> /// <remarks> /// <strong>Permissions:</strong> a caller must have local administrator permissions in order to remove OID /// registration from local OID database. When <strong>deleteFromDirectory</strong> is set to <strong>True</strong>, /// a caller must be a member of <strong>Enterprise Admins</strong> group or have delegated permissions on a OID /// container in Active Directory. OID container location is /// <i>CN=OID, CN=Public Key Services, CN=Services,CN=Configuration, {Configuration naming context}</i>. /// </remarks> public static Boolean Unregister(String value, OidGroupEnum group, Boolean deleteFromDirectory) { if (String.IsNullOrEmpty(value)) { throw new ArgumentNullException(nameof(value)); } List <Oid2> oids = new List <Oid2>(); if (group == OidGroupEnum.AllGroups) { try { oids.AddRange(GetAllOids(value, deleteFromDirectory)); } catch { return(false); } } else { oids.Add(new Oid2(value, group, deleteFromDirectory)); if (String.IsNullOrEmpty(oids[0].Value)) { return(false); } } if (!deleteFromDirectory || !DsUtils.Ping()) { return(unregisterLocal(oids)); } List <Int32> valid = new List <Int32>(new[] { 0, 7, 8, 9 }); if (oids.Where(oid => !String.IsNullOrEmpty(oid.DistinguishedName)).Any(oid => oid.OidGroup != group && group != OidGroupEnum.AllGroups)) { return(false); } return(valid.Contains((Int32)group) && unregisterDS(oids[0].Value, group)); }
/// <summary> /// Initializes a new instance of the Oid2 class using the specified Oid friendly name or value, OID registration group and search conditions. /// </summary> /// <param name="oid">Specifies the object identifier friendly name or value to search.</param> /// <param name="group">Specifies the OID registration group to search.</param> /// <param name="searchInDirectory">Specifies whether to search for an object identifier in Active Directory. If the machine is not /// domain-joined, an OID is searched by using local registration information.</param> public Oid2(String oid, OidGroupEnum group, Boolean searchInDirectory) { var flatOid = new Oid(oid); try { // try to validate if input OID contains OID value instead of friendly name Asn1Utils.EncodeObjectIdentifier(flatOid); oid = flatOid.Value; _searchBy = "ByValue"; } catch { _searchBy = "ByName"; } if (Environment.OSVersion.Version.Major >= 6) { _cng = true; } if (searchInDirectory) { if (DsUtils.Ping()) { initializeDS(oid, group); } else { initializeLocal(oid, group); } } else { initializeLocal(oid, group); } }
public CertificateTemplate(String findType, String findValue) { if (!DsUtils.Ping()) { throw new Exception(Error.E_DCUNAVAILABLE); } m_initialize(findType, findValue); }
/// <summary> /// Initializes a new instance of <strong>DsPkiContainer</strong> class. /// </summary> /// <exception cref="PlatformNotSupportedException"> /// The calling client is not a member of Active Directory domain or no domain controller can be contacted. /// </exception> protected DsPkiContainer() { if (!DsUtils.Ping()) { throw new PlatformNotSupportedException(); } _pkiConfigContext = $",CN=Public Key Services,CN=Services,{DsUtils.ConfigContext}"; }
/// <summary> /// Enumerates certificate templates registered in Active Directory. /// </summary> /// <returns>An array of certificate templates.</returns> public static CertificateTemplate[] EnumTemplates() { if (DsUtils.Ping()) { String cn = _baseDsPath; DirectoryEntries entries = DsUtils.GetChildItems(cn); return((from DirectoryEntry item in entries select new CertificateTemplate("name", (String)item.Properties["cn"].Value)).ToArray()); } throw new Exception(Error.E_DCUNAVAILABLE); }
/// <summary> /// Registers object identifier in the OID database, either, local or in Active Directory. /// </summary> /// <param name="value">An object identifier value to register.</param> /// <param name="friendlyName">A friendly name associated with the object identifier.</param> /// <param name="group">Specifies the OID group where specified object identifier should be registered.</param> /// <param name="writeInDirectory">Specifies, whether object is registered locally or in Active Directory.</param> /// <param name="localeId"> /// Specifies the locale ID. This parameter can be used to provide localized friendly name. This parameter can /// be used only when <strong>writeInDirectory</strong> is set to <strong>True</strong> in other cases it is /// silently ignored. /// </param> /// <param name="cpsUrl"> /// Specifies the URL to a <i>certificate practice statement</i> (<strong>CPS</strong>) location. /// </param> /// <exception cref="ArgumentNullException"> /// <strong>value</strong> and/or <strong>friendlyName</strong> is null or empty. /// </exception> /// <exception cref="ArgumentException"> /// Specified OID group is not supported. See <strong>Remarks</strong> section for more details. /// </exception> /// <exception cref="InvalidDataException"><strong>value</strong> parameter is not object idnetifier value.</exception> /// <exception cref="NotSupportedException"> /// A caller chose OID registration in Active Directory, however, the current computer is not a member of any /// Active Directory domain. /// </exception> /// <exception cref="InvalidOperationException"> /// An object identifier is already registered. /// </exception> /// <remarks> /// <para> /// <strong>Permissions:</strong> for this method to succeed, the caller must be a member of the local /// administrators group (if <strong>writeInDirectory</strong> is set to <strong>False</strong>) or /// be a member of <strong>Enterprise Admins</strong> group or has delegated write permissions on the /// <strong>OID</strong> container in Active Directory. OID container location is /// <i>CN=OID, CN=Public Key Services, CN=Services,CN=Configuration, {Configuration naming context}</i>. /// </para> /// <para> /// A newly registered OID is not resolvable by an application immediately. You may need to restart an application /// to allow new OID lookup. /// </para> /// <para> /// When <strong>writeInDirectory</strong> is set to <strong>True</strong>, <strong>group</strong> parameter /// is limited only to one of the following value: <strong>ApplicationPolicy</strong>,<strong>IssuancePolicy</strong> /// and <strong>CertificateTemplate</strong>. Other OID groups are not allowed to be stored in Active Directory. /// </para> /// </remarks> /// <returns>Registered object identifier.</returns> public static Oid2 Register(String value, String friendlyName, OidGroupEnum group, Boolean writeInDirectory, CultureInfo localeId, String cpsUrl = null) { if (String.IsNullOrEmpty(value)) { throw new ArgumentNullException(nameof(value)); } if (String.IsNullOrEmpty(friendlyName)) { throw new ArgumentNullException(nameof(friendlyName)); } try { Asn1Utils.EncodeObjectIdentifier(new Oid(value)); } catch { throw new InvalidDataException("The value is not valid OID string."); } String cn = null; if (writeInDirectory) { if (!DsUtils.Ping()) { throw new NotSupportedException("Workgroup environment is not supported."); } if (!String.IsNullOrEmpty(new Oid2(value, group, true).DistinguishedName)) { throw new InvalidOperationException("The object already exist."); } List <Int32> exclude = new List <Int32>(new[] { 0, 1, 2, 3, 4, 5, 6, 9, 10 }); if (exclude.Contains((Int32)group)) { throw new ArgumentException("The OID group is not valid."); } registerDS(new Oid(value, friendlyName), group, localeId, cpsUrl); cn = "CN=" + computeOidHash(value) + ",CN=OID," + DsUtils.ConfigContext; } else { registerLocal(new Oid(value, friendlyName), group); } return(new Oid2 { FriendlyName = friendlyName, Value = value, OidGroup = group, DistinguishedName = cn }); }
static ICertConfigEntryD lookInDs(String computerName) { if (!DsUtils.Ping()) { // we are in workgroup, so try to get DsEntry from whatever source we have using the name caller specified return(new CertConfigD().FindConfigEntryByServerName(computerName)); } // we are connected to AD. // If name is passed in NetBIOS form, then translate to FQDN, because DS entries reference by FQDN only if (!computerName.Contains(".")) { computerName = $"{computerName}.{DsUtils.GetCurrentDomainName()}"; } // try to find by FQDN return(new CertConfigD().FindConfigEntryByServerName(computerName)); }
/// <summary> /// Enumerates certificate templates registered in Active Directory. /// </summary> /// <returns>An array of certificate templates.</returns> public static CertificateTemplate[] EnumTemplates() { if (!DsUtils.Ping()) { throw new Exception(Error.E_DCUNAVAILABLE); } var retValue = new List <CertificateTemplate>(); foreach (DirectoryEntry dsEntry in DsUtils.GetChildItems(_baseDsPath)) { using (dsEntry) { retValue.Add(FromCommonName(dsEntry.Properties["cn"].Value.ToString())); } } return(retValue.ToArray()); }
/// <summary> /// Enumerates registered in Certification Authorities from the current Active Directory forest. /// </summary> /// <param name="findType">Specifies CA object search type. The search type can be either: <strong>Name</strong> /// or <strong>Server</strong>.</param> /// <param name="findValue">Specifies search pattern for a type specified in <strong>findType</strong> argument. /// Wildcard characters: * and ? are accepted.</param> /// <returns>An array of Certification Authorities.</returns> public static CertificateAuthority[] EnumEnterpriseCAs(String findType = "Server", String findValue = "*") { if (!DsUtils.Ping()) { throw new Exception("Non-domain environments are not supported."); } List <CertificateAuthority> CAs = new List <CertificateAuthority>(); var certConfig = new CertConfigD(); foreach (ICertConfigEntryD entry in certConfig.EnumConfigEntries()) { if (!entry.Flags.HasFlag(CertConfigLocation.DsEntry)) { continue; } Wildcard wildcard = new Wildcard(findValue, RegexOptions.IgnoreCase); switch (findType.ToLower()) { case "name": if (!wildcard.IsMatch(entry.CommonName)) { continue; } break; case "server": if (!wildcard.IsMatch(entry.ComputerName)) { continue; } break; default: throw new ArgumentException("The value for 'findType' must be either 'Name' or 'Server'."); } CAs.Add(new CertificateAuthority(entry)); } return(CAs.ToArray()); }
/// <summary> /// Enumerates registered Enterprise Certification Authorities from the current Active Directory forest. /// </summary> /// <param name="findType">Specifies CA object search type. The search type can be either: <strong>Name</strong> /// or <strong>Server</strong>.</param> /// <param name="findValue">Specifies search pattern for a type specifed in <strong>findType</strong> argument. /// Wildcard characters: * and ? are accepted.</param> /// <returns>Enterprise Certification Authority collection.</returns> public static CertificateAuthority[] EnumEnterpriseCAs(String findType, String findValue) { if (!DsUtils.Ping()) { throw new Exception("Non-domain environments are not supported."); } List <CertificateAuthority> CAs = new List <CertificateAuthority>(); CCertConfig certConfig = new CCertConfig(); while (certConfig.Next() >= 0) { Int32 flags = Convert.ToInt32(certConfig.GetField("Flags")); if ((flags & 1) == 0) { continue; } Wildcard wildcard = new Wildcard(findValue, RegexOptions.IgnoreCase); switch (findType.ToLower()) { case "name": if (!wildcard.IsMatch(certConfig.GetField("CommonName"))) { continue; } break; case "server": if (!wildcard.IsMatch(certConfig.GetField("Server"))) { continue; } break; default: throw new ArgumentException("The value for 'findType' must be either 'Name' or 'Server'."); } CAs.Add(new CertificateAuthority(certConfig.GetField("Server"), certConfig.GetField("SanitizedName"))); } CryptographyUtils.ReleaseCom(certConfig); return(CAs.ToArray()); }
void lookInDs(String computerName) { if (!DsUtils.Ping()) { return; } if (!computerName.Contains(".")) { computerName = computerName + "." + DsUtils.GetCurrentDomainName(); } _certConfig.Reset(0); //TODO while (_certConfig.Next() >= 0) { Int32 flags = Convert.ToInt32(_certConfig.GetField(CertConfigConstants.FieldFlags)); Boolean serverNameMatch = String.Equals(_certConfig.GetField(CertConfigConstants.FieldServer), computerName, StringComparison.InvariantCultureIgnoreCase); if (serverNameMatch && (flags & 1) > 0) { foundInDs = true; return; } } }
void getInfoFromDs() { if (IsEnterprise && DsUtils.Ping()) { string domain = (string)DsUtils.GetEntryProperty(String.Join(".", this.ComputerName.Split('.').Where((v, i) => i != 0)) + "/RootDSE", "rootDomainNamingContext"); String dn = "CN=" + this.Name + ",CN=Enrollment Services,CN=Public Key Services,CN=Services,CN=Configuration," + domain; DistinguishedName = dn; DisplayName = (String)DsUtils.GetEntryProperty(dn, "DisplayName"); try { String wes = (String)DsUtils.GetEntryProperty(dn, "msPKI-Enrollment-Servers"); if (!String.IsNullOrEmpty(wes)) { getCesUri(wes); } } catch { } } if (String.IsNullOrEmpty(DisplayName)) { DisplayName = Name; } }