public CreatePrivateCertificateResult CreateCertificateWithPrivateKey(CreatePrivateCertificateModel model, ClaimsPrincipal user)
{
model.RequestDate = DateTime.Now;
KeyUsage keyUsage = dataTransformation.ParseKeyUsage(model.KeyUsage);
AdcsTemplate template = templateLogic.DiscoverTemplate(model.CipherAlgorithm, model.Provider, keyUsage);
if (!templateLogic.ValidateTemplateWithRequest(model, template))
{
throw new AdcsTemplateValidationException("Certificate request does not meet the requirements of the certificate template");
}
if (authorizationLogic.IsAuthorized(template, user))
{
CertificateRequest csr = certificateProvider.CreateCsrKeyPair(dataTransformation.NewCertificateSubjectFromModel(model), model.CipherAlgorithm, model.KeySize, model.Provider, SigningRequestProtocol.Pkcs10);
MicrosoftCertificateAuthority ca = configurationRepository.GetPrivateCertificateAuthority(model.HashAlgorithm);
CertificateAuthorityRequestResponse response = ca.Sign(csr, template.Name, template.KeyUsage);
CreatePrivateCertificateResult result = ProcessCertificateAuthorityResponse(model, response, csr.Subject, user);
this.Audit(result, user);
return(result);
}
else
{
return(ProcessNewPendingCertificateWorkflow(model));
}
}
public CreatePrivateCertificateResult IssuePendingCertificate(Guid id, ClaimsPrincipal user)
{
PendingCertificate pendingCertificate = certificateRepository.Get <PendingCertificate>(id);
KeyUsage keyUsage = dataTransformation.ParseKeyUsage(pendingCertificate.KeyUsage);
AdcsTemplate template = templateLogic.DiscoverTemplate(pendingCertificate.CipherAlgorithm, pendingCertificate.Provider, keyUsage);
if (authorizationLogic.IsAuthorized(template, user))
{
CertificateRequest csr = certificateProvider.CreateCsrKeyPair(dataTransformation.NewCertificateSubjectFromModel(pendingCertificate), pendingCertificate.CipherAlgorithm, pendingCertificate.KeySize, pendingCertificate.Provider, SigningRequestProtocol.Pkcs10);
MicrosoftCertificateAuthority ca = configurationRepository.GetPrivateCertificateAuthority(pendingCertificate.HashAlgorithm);
CertificateAuthorityRequestResponse response = ca.Sign(csr, template.Name, template.KeyUsage);
CreatePrivateCertificateResult result = ProcessCertificateAuthorityResponse(pendingCertificate, response, csr.Subject, user);
certificateRepository.Delete <PendingCertificate>(id);
return(result);
}
else
{
throw new UnauthorizedAccessException("Current user is not authorized to issue pending certificates");
}
}
public void MicrosoftCertificateAuthority_Sign_CngEcdh256_CertificateAuthorityRequestResponse_Issued()
{
string templateName = "ServerAuthentication-CngEcdh";
int keysize = 256;
string commonName = "domain.com";
WindowsApi api = WindowsApi.Cng;
CipherAlgorithm cipher = CipherAlgorithm.ECDH;
KeyUsage keyUsage = KeyUsage.ServerAuthentication;
CertificateSubject subject = new CertificateSubject(commonName);
Win32CertificateProvider provider = new Win32CertificateProvider();
CertificateRequest csr = provider.CreateCsrKeyPair(subject, cipher, keysize, api, SigningRequestProtocol.Pkcs10);
MicrosoftCertificateAuthority ca = new MicrosoftCertificateAuthority(new MicrosoftCertificateAuthorityOptions()
{
AuthenticationRealm = domain,
AuthenticationType = MicrosoftCertificateAuthorityAuthenticationType.UsernamePassword,
HashAlgorithm = HashAlgorithm.SHA256,
ServerName = caServerName,
CommonName = caCommonName,
Username = username,
Password = password
});
CertificateAuthorityRequestResponse response = ca.Sign(csr, templateName, keyUsage);
Assert.AreEqual(CertificateRequestStatus.Issued, response.CertificateRequestStatus);
}
public SignPrivateCertificateResult SignCertificate(SignPrivateCertificateModel model, ClaimsPrincipal user)
{
CertificateRequest csr = certificateProvider.InitializeFromEncodedCsr(model.EncodedCsr);
AdcsTemplate template = templateLogic.DiscoverTemplate(csr.CipherAlgorithm, WindowsApi.Cng, KeyUsage.ServerAuthentication);
if (authorizationLogic.IsAuthorized(template, user))
{
MicrosoftCertificateAuthority ca = configurationRepository.GetPrivateCertificateAuthority(model.HashAlgorithm);
CertificateAuthorityRequestResponse response = ca.Sign(csr, template.Name, template.KeyUsage);
return(HandleCertificateAuthorityResponse(model, response, csr.Subject));
}
else
{
return(ProcessPendingSigningWorkflow(model));
}
}