/// <summary> /// Save specified certificate to backup /// </summary> /// <param name="certDto">Certificate</param> /// <returns></returns> public bool SaveCertificateToBackupDisc(CertificateDto certDto) { if (!IsUserAccessGranted(WindowsIdentity.GetCurrent().Name)) { Audit.WriteEvent("User '" + WindowsIdentity.GetCurrent().Name + "' had denied access for method SaveCertificateToBackupDisc", EventLogEntryType.FailureAudit); } X509Certificate2 certificate = certDto.GetCert(); activeCertificates.Add(certificate); CertificateHandler.ExportToFileSystem(X509ContentType.Pfx, certificate, certificate.SubjectName.Name); string logMessage = "Certificate with subject name '" + certificate.SubjectName.Name + "' is saved on backup server.'"; Audit.WriteEvent(logMessage, EventLogEntryType.Information); return true; }
/// <summary> /// This method is used for integrity update. /// Integrity update implies data copy from hot to backup server. /// </summary> /// <param name="param">Data from hot server</param> /// <returns></returns> public bool SetModel(CAModelDto param) { bool retVal = true; // Copy and install valid CA certificate to backup server if (File.Exists(PFX_PATH)) { System.IO.File.Delete(PFX_PATH); } CertificateHandler.ReplaceCACertificateInStore(caCertificate, param.CaCertificate.GetCert()); caCertificate = param.CaCertificate.GetCert(); caPrivateKey = DotNetUtilities.GetKeyPair(caCertificate.PrivateKey).Private; CertificateHandler.ExportToFileSystem(X509ContentType.Pfx, caCertificate, caCertificate.SubjectName.Name); // Export and install active client certificates on backup server activeCertificates.Clear(); foreach(var cerDto in param.ActiveCertificates) { X509Certificate2 cert = cerDto.GetCert(); activeCertificates.Add(cert); CertificateHandler.ExportToFileSystem(X509ContentType.Pfx, cert, cert.SubjectName.Name); string fileName = cert.SubjectName.Name.Contains("=") ? cert.SubjectName.Name.Split('=')[1] : cert.SubjectName.Name; if (!File.Exists(CERT_FOLDER_PATH + cert.SubjectName.Name + fileName + ".pfx")) { CertificateHandler.AddCertificateToStore(cert, StoreName.TrustedPeople, StoreLocation.LocalMachine); } } // Set active revocation list on backup server revocationList.Clear(); foreach (var cerDto in param.RevocationList) { X509Certificate2 cert = cerDto.GetCert(); revocationList.Add(cert); } clientDict.Clear(); foreach (var pair in param.ClientDict) { clientDict.Add(pair.Key, pair.Value); } return retVal; }