From 804e915fdd75d1525f58a0e72ec46393034cafe2 Mon Sep 17 00:00:00 2001 From: Uwe Gradenegger Date: Thu, 16 Nov 2023 09:05:18 +0100 Subject: [PATCH] Release 1.6.1045.1129 --- .gitignore | 4 +- AutoVersionIncrement.cs | 4 +- CERTCLILIB.il | 1258 ----------------- CERTPOLICYLIB.il | 291 ---- CHANGELOG.md | 13 +- .../StringExtensions.cs | 14 +- Enums/WinError.cs | 5 + LocalizedStrings.Designer.cs | 30 +- LocalizedStrings.resx | 15 +- Models/ActiveDirectoryObject.cs | 7 +- Models/CertificateRequestPolicy.cs | 4 +- Models/CertificateRequestValidationResult.cs | 20 +- Models/CertificateTemplateCache.cs | 2 +- Models/DirectoryServicesMapping.cs | 2 - ...cSubjectRule.cs => OutboundSubjectRule.cs} | 3 +- Policy.cs | 13 +- README.md | 4 +- TameMyCerts.csproj | 5 +- ...ator.cs => CertificateContentValidator.cs} | 110 +- Validators/DirectoryServiceValidator.cs | 117 +- ...tificateExtensionSubjectAlternativeName.cs | 7 +- .../Sample_Offline_Computer_SidExtension.xml | 20 +- examples/Sample_Offline_Computer_SidUri.xml | 17 +- examples/Sample_Offline_User.xml | 20 +- .../Sample_Offline_User_DsBoundSubject.xml | 117 +- examples/Sample_Offline_User_NotAfter.xml | 8 +- examples/Sample_Offline_User_SidExtension.xml | 17 +- examples/Sample_Offline_User_SidUri.xml | 14 +- .../Sample_Offline_User_StaticSubject.xml | 22 +- examples/Sample_Offline_Webserver.xml | 3 +- ...e_Offline_Webserver_SupplementDnsNames.xml | 6 +- .../Sample_Online_Computer_DsBoundSan.xml | 19 +- examples/Sample_Online_Computer_StaticSan.xml | 11 +- .../Sample_Online_Computer_SupplementSpns.xml | 3 +- examples/Sample_Online_User_CDP-AIA-OCSP.xml | 6 +- examples/Sample_Online_User_NotAfter.xml | 6 +- examples/Sample_Online_User_StaticSubject.xml | 14 +- examples/Sample_Online_User_TPM.xml | 12 +- install.ps1 | 2 +- user-guide/audit-only-mode.adoc | 2 +- user-guide/configuring.adoc | 2 +- user-guide/csp-rules.adoc | 2 +- user-guide/deny-insecure-flags.adoc | 2 +- user-guide/ds-mapping.adoc | 2 +- user-guide/enddate.adoc | 2 +- user-guide/how-it-works.adoc | 2 +- user-guide/index.adoc | 2 +- user-guide/installing.adoc | 2 +- user-guide/key-rules.adoc | 2 +- user-guide/logs.adoc | 2 +- user-guide/modify-subject-dn.adoc | 2 +- user-guide/prerequisites.adoc | 2 +- user-guide/process-rules.adoc | 2 +- user-guide/san-rules.adoc | 2 +- user-guide/sid-extension.adoc | 2 +- user-guide/startdate.adoc | 2 +- user-guide/subject-rules.adoc | 2 +- user-guide/supplement-dns-names.adoc | 2 +- user-guide/troubleshooting.adoc | 2 +- user-guide/uninstalling.adoc | 2 +- 60 files changed, 393 insertions(+), 1894 deletions(-) delete mode 100644 CERTCLILIB.il delete mode 100644 CERTPOLICYLIB.il rename Models/DsBoundSubjectRule.cs => ClassExtensions/StringExtensions.cs (63%) rename Models/{StaticSubjectRule.cs => OutboundSubjectRule.cs} (91%) rename Validators/{StaticContentValidator.cs => CertificateContentValidator.cs} (51%) diff --git a/.gitignore b/.gitignore index dd808d4..60be0ac 100644 --- a/.gitignore +++ b/.gitignore @@ -31,6 +31,8 @@ bld/ # Visual Studio 2015/2017 cache/options directory .vs/ +.vscode/ + # Uncomment if you have tasks that create the project's static files in wwwroot #wwwroot/ @@ -341,4 +343,4 @@ ASALocalRun/ # BeatPulse healthcheck temp database healthchecksdb -helpers/* \ No newline at end of file +*.il diff --git a/AutoVersionIncrement.cs b/AutoVersionIncrement.cs index be50a78..6d739be 100644 --- a/AutoVersionIncrement.cs +++ b/AutoVersionIncrement.cs @@ -9,5 +9,5 @@ // Build Number // Revision -[assembly: AssemblyVersion("1.6.1027.907")] -[assembly: AssemblyFileVersion("1.6.1027.907")] +[assembly: AssemblyVersion("1.6.1045.1129")] +[assembly: AssemblyFileVersion("1.6.1045.1129")] diff --git a/CERTCLILIB.il b/CERTCLILIB.il deleted file mode 100644 index dd7a0d3..0000000 --- a/CERTCLILIB.il +++ /dev/null @@ -1,1258 +0,0 @@ - -// Microsoft (R) .NET Framework IL Disassembler. Version 4.8.3928.0 -// Copyright (c) Microsoft Corporation. Alle Rechte vorbehalten. - - - -// Metadata version: v4.0.30319 -.assembly extern mscorlib -{ - .publickeytoken = (B7 7A 5C 56 19 34 E0 89 ) // .z\V.4.. - .ver 4:0:0:0 -} -.assembly CERTCLILib -{ - .custom instance void [mscorlib]System.Runtime.InteropServices.ImportedFromTypeLibAttribute::.ctor(string) = ( 01 00 0A 43 45 52 54 43 4C 49 4C 69 62 00 00 ) // ...CERTCLILib.. - .custom instance void [mscorlib]System.Runtime.InteropServices.GuidAttribute::.ctor(string) = ( 01 00 24 33 37 32 46 43 45 33 32 2D 34 33 32 34 // ..$372FCE32-4324 - 2D 31 31 44 30 2D 38 38 31 30 2D 30 30 41 30 43 // -11D0-8810-00A0C - 39 30 33 42 38 33 43 00 00 ) // 903B83C.. - .custom instance void [mscorlib]System.Runtime.InteropServices.TypeLibVersionAttribute::.ctor(int32, - int32) = ( 01 00 01 00 00 00 00 00 00 00 00 00 ) - .hash algorithm 0x00008004 - .ver 1:0:0:0 -} -.module CERTCLILib.dll -// MVID: {C9EBF003-E9A0-49B8-BBFE-DA0BDF77D064} -.imagebase 0x00400000 -.file alignment 0x00000200 -.stackreserve 0x00100000 -.subsystem 0x0003 // WINDOWS_CUI -.corflags 0x00000001 // ILONLY -// Image base: 0x06C10000 - - -// =============== CLASS MEMBERS DECLARATION =================== - -.class interface public abstract auto ansi import CERTCLILib.ICertGetConfig -{ - .custom instance void [mscorlib]System.Runtime.InteropServices.GuidAttribute::.ctor(string) = ( 01 00 24 43 37 45 41 30 39 43 30 2D 43 45 31 37 // ..$C7EA09C0-CE17 - 2D 31 31 44 30 2D 38 38 33 33 2D 30 30 41 30 43 // -11D0-8833-00A0C - 39 30 33 42 38 33 43 00 00 ) // 903B83C.. - .custom instance void [mscorlib]System.Runtime.InteropServices.TypeLibTypeAttribute::.ctor(valuetype [mscorlib]System.Runtime.InteropServices.TypeLibTypeFlags) = ( 01 00 40 10 00 00 00 00 ) // ..@..... - .method public hidebysig newslot abstract virtual - instance string - marshal( bstr) - GetConfig([in] int32 Flags) runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 00 00 02 60 00 00 ) // .....`.. - } // end of method ICertGetConfig::GetConfig - -} // end of class CERTCLILib.ICertGetConfig - -.class interface public abstract auto ansi import CERTCLILib.CCertGetConfig - implements CERTCLILib.ICertGetConfig -{ - .custom instance void [mscorlib]System.Runtime.InteropServices.CoClassAttribute::.ctor(class [mscorlib]System.Type) = ( 01 00 1E 43 45 52 54 43 4C 49 4C 69 62 2E 43 43 // ...CERTCLILib.CC - 65 72 74 47 65 74 43 6F 6E 66 69 67 43 6C 61 73 // ertGetConfigClas - 73 00 00 ) // s.. - .custom instance void [mscorlib]System.Runtime.InteropServices.GuidAttribute::.ctor(string) = ( 01 00 24 43 37 45 41 30 39 43 30 2D 43 45 31 37 // ..$C7EA09C0-CE17 - 2D 31 31 44 30 2D 38 38 33 33 2D 30 30 41 30 43 // -11D0-8833-00A0C - 39 30 33 42 38 33 43 00 00 ) // 903B83C.. -} // end of class CERTCLILib.CCertGetConfig - -.class public auto ansi import CERTCLILib.CCertGetConfigClass - extends [mscorlib]System.Object - implements CERTCLILib.ICertGetConfig, - CERTCLILib.CCertGetConfig -{ - .custom instance void [mscorlib]System.Runtime.InteropServices.TypeLibTypeAttribute::.ctor(valuetype [mscorlib]System.Runtime.InteropServices.TypeLibTypeFlags) = ( 01 00 02 00 00 00 00 00 ) - .custom instance void [mscorlib]System.Runtime.InteropServices.GuidAttribute::.ctor(string) = ( 01 00 24 43 36 43 43 34 39 42 30 2D 43 45 31 37 // ..$C6CC49B0-CE17 - 2D 31 31 44 30 2D 38 38 33 33 2D 30 30 41 30 43 // -11D0-8833-00A0C - 39 30 33 42 38 33 43 00 00 ) // 903B83C.. - .custom instance void [mscorlib]System.Runtime.InteropServices.ClassInterfaceAttribute::.ctor(valuetype [mscorlib]System.Runtime.InteropServices.ClassInterfaceType) = ( 01 00 00 00 00 00 00 00 ) - .method public specialname rtspecialname - instance void .ctor() runtime managed internalcall - { - } // end of method CCertGetConfigClass::.ctor - - .method public hidebysig newslot virtual - instance string - marshal( bstr) - GetConfig([in] int32 Flags) runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 00 00 02 60 00 00 ) // .....`.. - .override CERTCLILib.ICertGetConfig::GetConfig - } // end of method CCertGetConfigClass::GetConfig - -} // end of class CERTCLILib.CCertGetConfigClass - -.class interface public abstract auto ansi import CERTCLILib.ICertConfig -{ - .custom instance void [mscorlib]System.Runtime.InteropServices.TypeLibTypeAttribute::.ctor(valuetype [mscorlib]System.Runtime.InteropServices.TypeLibTypeFlags) = ( 01 00 40 10 00 00 00 00 ) // ..@..... - .custom instance void [mscorlib]System.Runtime.InteropServices.GuidAttribute::.ctor(string) = ( 01 00 24 33 37 32 46 43 45 33 34 2D 34 33 32 34 // ..$372FCE34-4324 - 2D 31 31 44 30 2D 38 38 31 30 2D 30 30 41 30 43 // -11D0-8810-00A0C - 39 30 33 42 38 33 43 00 00 ) // 903B83C.. - .method public hidebysig newslot abstract virtual - instance int32 Reset([in] int32 Index) runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 00 00 02 60 00 00 ) // .....`.. - } // end of method ICertConfig::Reset - - .method public hidebysig newslot abstract virtual - instance int32 Next() runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 01 00 02 60 00 00 ) // .....`.. - } // end of method ICertConfig::Next - - .method public hidebysig newslot abstract virtual - instance string - marshal( bstr) - GetField([in] string marshal( bstr) strFieldName) runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 02 00 02 60 00 00 ) // .....`.. - } // end of method ICertConfig::GetField - - .method public hidebysig newslot abstract virtual - instance string - marshal( bstr) - GetConfig([in] int32 Flags) runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 03 00 02 60 00 00 ) // .....`.. - } // end of method ICertConfig::GetConfig - -} // end of class CERTCLILib.ICertConfig - -.class interface public abstract auto ansi import CERTCLILib.ICertConfig2 - implements CERTCLILib.ICertConfig -{ - .custom instance void [mscorlib]System.Runtime.InteropServices.TypeLibTypeAttribute::.ctor(valuetype [mscorlib]System.Runtime.InteropServices.TypeLibTypeFlags) = ( 01 00 40 10 00 00 00 00 ) // ..@..... - .custom instance void [mscorlib]System.Runtime.InteropServices.GuidAttribute::.ctor(string) = ( 01 00 24 37 41 31 38 45 44 44 45 2D 37 45 37 38 // ..$7A18EDDE-7E78 - 2D 34 31 36 33 2D 38 44 45 44 2D 37 38 45 32 43 // -4163-8DED-78E2C - 39 43 45 45 39 32 34 00 00 ) // 9CEE924.. - .method public hidebysig newslot abstract virtual - instance int32 Reset([in] int32 Index) runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 00 00 02 60 00 00 ) // .....`.. - } // end of method ICertConfig2::Reset - - .method public hidebysig newslot abstract virtual - instance int32 Next() runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 01 00 02 60 00 00 ) // .....`.. - } // end of method ICertConfig2::Next - - .method public hidebysig newslot abstract virtual - instance string - marshal( bstr) - GetField([in] string marshal( bstr) strFieldName) runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 02 00 02 60 00 00 ) // .....`.. - } // end of method ICertConfig2::GetField - - .method public hidebysig newslot abstract virtual - instance string - marshal( bstr) - GetConfig([in] int32 Flags) runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 03 00 02 60 00 00 ) // .....`.. - } // end of method ICertConfig2::GetConfig - - .method public hidebysig newslot abstract virtual - instance void SetSharedFolder([in] string marshal( bstr) strSharedFolder) runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 00 00 03 60 00 00 ) // .....`.. - } // end of method ICertConfig2::SetSharedFolder - -} // end of class CERTCLILib.ICertConfig2 - -.class interface public abstract auto ansi import CERTCLILib.CCertConfig - implements CERTCLILib.ICertConfig2 -{ - .custom instance void [mscorlib]System.Runtime.InteropServices.CoClassAttribute::.ctor(class [mscorlib]System.Type) = ( 01 00 1B 43 45 52 54 43 4C 49 4C 69 62 2E 43 43 // ...CERTCLILib.CC - 65 72 74 43 6F 6E 66 69 67 43 6C 61 73 73 00 00 ) // ertConfigClass.. - .custom instance void [mscorlib]System.Runtime.InteropServices.GuidAttribute::.ctor(string) = ( 01 00 24 37 41 31 38 45 44 44 45 2D 37 45 37 38 // ..$7A18EDDE-7E78 - 2D 34 31 36 33 2D 38 44 45 44 2D 37 38 45 32 43 // -4163-8DED-78E2C - 39 43 45 45 39 32 34 00 00 ) // 9CEE924.. -} // end of class CERTCLILib.CCertConfig - -.class public auto ansi import CERTCLILib.CCertConfigClass - extends [mscorlib]System.Object - implements CERTCLILib.ICertConfig2, - CERTCLILib.CCertConfig -{ - .custom instance void [mscorlib]System.Runtime.InteropServices.TypeLibTypeAttribute::.ctor(valuetype [mscorlib]System.Runtime.InteropServices.TypeLibTypeFlags) = ( 01 00 02 00 00 00 00 00 ) - .custom instance void [mscorlib]System.Runtime.InteropServices.ClassInterfaceAttribute::.ctor(valuetype [mscorlib]System.Runtime.InteropServices.ClassInterfaceType) = ( 01 00 00 00 00 00 00 00 ) - .custom instance void [mscorlib]System.Runtime.InteropServices.GuidAttribute::.ctor(string) = ( 01 00 24 33 37 32 46 43 45 33 38 2D 34 33 32 34 // ..$372FCE38-4324 - 2D 31 31 44 30 2D 38 38 31 30 2D 30 30 41 30 43 // -11D0-8810-00A0C - 39 30 33 42 38 33 43 00 00 ) // 903B83C.. - .method public specialname rtspecialname - instance void .ctor() runtime managed internalcall - { - } // end of method CCertConfigClass::.ctor - - .method public hidebysig newslot virtual - instance int32 Reset([in] int32 Index) runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 00 00 02 60 00 00 ) // .....`.. - .override CERTCLILib.ICertConfig2::Reset - } // end of method CCertConfigClass::Reset - - .method public hidebysig newslot virtual - instance int32 Next() runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 01 00 02 60 00 00 ) // .....`.. - .override CERTCLILib.ICertConfig2::Next - } // end of method CCertConfigClass::Next - - .method public hidebysig newslot virtual - instance string - marshal( bstr) - GetField([in] string marshal( bstr) strFieldName) runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 02 00 02 60 00 00 ) // .....`.. - .override CERTCLILib.ICertConfig2::GetField - } // end of method CCertConfigClass::GetField - - .method public hidebysig newslot virtual - instance string - marshal( bstr) - GetConfig([in] int32 Flags) runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 03 00 02 60 00 00 ) // .....`.. - .override CERTCLILib.ICertConfig2::GetConfig - } // end of method CCertConfigClass::GetConfig - - .method public hidebysig newslot virtual - instance void SetSharedFolder([in] string marshal( bstr) strSharedFolder) runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 00 00 03 60 00 00 ) // .....`.. - .override CERTCLILib.ICertConfig2::SetSharedFolder - } // end of method CCertConfigClass::SetSharedFolder - -} // end of class CERTCLILib.CCertConfigClass - -.class interface public abstract auto ansi import CERTCLILib.ICertRequest -{ - .custom instance void [mscorlib]System.Runtime.InteropServices.GuidAttribute::.ctor(string) = ( 01 00 24 30 31 34 45 34 38 34 30 2D 35 35 32 33 // ..$014E4840-5523 - 2D 31 31 44 30 2D 38 38 31 32 2D 30 30 41 30 43 // -11D0-8812-00A0C - 39 30 33 42 38 33 43 00 00 ) // 903B83C.. - .custom instance void [mscorlib]System.Runtime.InteropServices.TypeLibTypeAttribute::.ctor(valuetype [mscorlib]System.Runtime.InteropServices.TypeLibTypeFlags) = ( 01 00 40 10 00 00 00 00 ) // ..@..... - .method public hidebysig newslot abstract virtual - instance int32 Submit([in] int32 Flags, - [in] string marshal( bstr) strRequest, - [in] string marshal( bstr) strAttributes, - [in] string marshal( bstr) strConfig) runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 00 00 02 60 00 00 ) // .....`.. - } // end of method ICertRequest::Submit - - .method public hidebysig newslot abstract virtual - instance int32 RetrievePending([in] int32 RequestId, - [in] string marshal( bstr) strConfig) runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 01 00 02 60 00 00 ) // .....`.. - } // end of method ICertRequest::RetrievePending - - .method public hidebysig newslot abstract virtual - instance int32 GetLastStatus() runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 02 00 02 60 00 00 ) // .....`.. - } // end of method ICertRequest::GetLastStatus - - .method public hidebysig newslot abstract virtual - instance int32 GetRequestId() runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 03 00 02 60 00 00 ) // .....`.. - } // end of method ICertRequest::GetRequestId - - .method public hidebysig newslot abstract virtual - instance string - marshal( bstr) - GetDispositionMessage() runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 04 00 02 60 00 00 ) // .....`.. - } // end of method ICertRequest::GetDispositionMessage - - .method public hidebysig newslot abstract virtual - instance string - marshal( bstr) - GetCACertificate([in] int32 fExchangeCertificate, - [in] string marshal( bstr) strConfig, - [in] int32 Flags) runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 05 00 02 60 00 00 ) // .....`.. - } // end of method ICertRequest::GetCACertificate - - .method public hidebysig newslot abstract virtual - instance string - marshal( bstr) - GetCertificate([in] int32 Flags) runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 06 00 02 60 00 00 ) // .....`.. - } // end of method ICertRequest::GetCertificate - -} // end of class CERTCLILib.ICertRequest - -.class interface public abstract auto ansi import CERTCLILib.ICertRequest2 - implements CERTCLILib.ICertRequest -{ - .custom instance void [mscorlib]System.Runtime.InteropServices.TypeLibTypeAttribute::.ctor(valuetype [mscorlib]System.Runtime.InteropServices.TypeLibTypeFlags) = ( 01 00 40 10 00 00 00 00 ) // ..@..... - .custom instance void [mscorlib]System.Runtime.InteropServices.GuidAttribute::.ctor(string) = ( 01 00 24 41 34 37 37 32 39 38 38 2D 34 41 38 35 // ..$A4772988-4A85 - 2D 34 46 41 39 2D 38 32 34 45 2D 42 35 43 46 35 // -4FA9-824E-B5CF5 - 43 31 36 34 30 35 41 00 00 ) // C16405A.. - .method public hidebysig newslot abstract virtual - instance int32 Submit([in] int32 Flags, - [in] string marshal( bstr) strRequest, - [in] string marshal( bstr) strAttributes, - [in] string marshal( bstr) strConfig) runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 00 00 02 60 00 00 ) // .....`.. - } // end of method ICertRequest2::Submit - - .method public hidebysig newslot abstract virtual - instance int32 RetrievePending([in] int32 RequestId, - [in] string marshal( bstr) strConfig) runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 01 00 02 60 00 00 ) // .....`.. - } // end of method ICertRequest2::RetrievePending - - .method public hidebysig newslot abstract virtual - instance int32 GetLastStatus() runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 02 00 02 60 00 00 ) // .....`.. - } // end of method ICertRequest2::GetLastStatus - - .method public hidebysig newslot abstract virtual - instance int32 GetRequestId() runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 03 00 02 60 00 00 ) // .....`.. - } // end of method ICertRequest2::GetRequestId - - .method public hidebysig newslot abstract virtual - instance string - marshal( bstr) - GetDispositionMessage() runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 04 00 02 60 00 00 ) // .....`.. - } // end of method ICertRequest2::GetDispositionMessage - - .method public hidebysig newslot abstract virtual - instance string - marshal( bstr) - GetCACertificate([in] int32 fExchangeCertificate, - [in] string marshal( bstr) strConfig, - [in] int32 Flags) runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 05 00 02 60 00 00 ) // .....`.. - } // end of method ICertRequest2::GetCACertificate - - .method public hidebysig newslot abstract virtual - instance string - marshal( bstr) - GetCertificate([in] int32 Flags) runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 06 00 02 60 00 00 ) // .....`.. - } // end of method ICertRequest2::GetCertificate - - .method public hidebysig newslot abstract virtual - instance int32 GetIssuedCertificate([in] string marshal( bstr) strConfig, - [in] int32 RequestId, - [in] string marshal( bstr) strSerialNumber) runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 00 00 03 60 00 00 ) // .....`.. - } // end of method ICertRequest2::GetIssuedCertificate - - .method public hidebysig newslot abstract virtual - instance string - marshal( bstr) - GetErrorMessageText([in] int32 hrMessage, - [in] int32 Flags) runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 01 00 03 60 00 00 ) // .....`.. - } // end of method ICertRequest2::GetErrorMessageText - - .method public hidebysig newslot abstract virtual - instance object - marshal( struct) - GetCAProperty([in] string marshal( bstr) strConfig, - [in] int32 PropId, - [in] int32 PropIndex, - [in] int32 PropType, - [in] int32 Flags) runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 02 00 03 60 00 00 ) // .....`.. - } // end of method ICertRequest2::GetCAProperty - - .method public hidebysig newslot abstract virtual - instance int32 GetCAPropertyFlags([in] string marshal( bstr) strConfig, - [in] int32 PropId) runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 03 00 03 60 00 00 ) // .....`.. - } // end of method ICertRequest2::GetCAPropertyFlags - - .method public hidebysig newslot abstract virtual - instance string - marshal( bstr) - GetCAPropertyDisplayName([in] string marshal( bstr) strConfig, - [in] int32 PropId) runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 04 00 03 60 00 00 ) // .....`.. - } // end of method ICertRequest2::GetCAPropertyDisplayName - - .method public hidebysig newslot abstract virtual - instance object - marshal( struct) - GetFullResponseProperty([in] int32 PropId, - [in] int32 PropIndex, - [in] int32 PropType, - [in] int32 Flags) runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 05 00 03 60 00 00 ) // .....`.. - } // end of method ICertRequest2::GetFullResponseProperty - -} // end of class CERTCLILib.ICertRequest2 - -.class interface public abstract auto ansi import CERTCLILib.ICertRequest3 - implements CERTCLILib.ICertRequest2 -{ - .custom instance void [mscorlib]System.Runtime.InteropServices.TypeLibTypeAttribute::.ctor(valuetype [mscorlib]System.Runtime.InteropServices.TypeLibTypeFlags) = ( 01 00 40 10 00 00 00 00 ) // ..@..... - .custom instance void [mscorlib]System.Runtime.InteropServices.GuidAttribute::.ctor(string) = ( 01 00 24 41 46 43 38 46 39 32 42 2D 33 33 41 32 // ..$AFC8F92B-33A2 - 2D 34 38 36 31 2D 42 46 33 36 2D 32 39 33 33 42 // -4861-BF36-2933B - 37 43 44 36 37 42 33 00 00 ) // 7CD67B3.. - .method public hidebysig newslot abstract virtual - instance int32 Submit([in] int32 Flags, - [in] string marshal( bstr) strRequest, - [in] string marshal( bstr) strAttributes, - [in] string marshal( bstr) strConfig) runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 00 00 02 60 00 00 ) // .....`.. - } // end of method ICertRequest3::Submit - - .method public hidebysig newslot abstract virtual - instance int32 RetrievePending([in] int32 RequestId, - [in] string marshal( bstr) strConfig) runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 01 00 02 60 00 00 ) // .....`.. - } // end of method ICertRequest3::RetrievePending - - .method public hidebysig newslot abstract virtual - instance int32 GetLastStatus() runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 02 00 02 60 00 00 ) // .....`.. - } // end of method ICertRequest3::GetLastStatus - - .method public hidebysig newslot abstract virtual - instance int32 GetRequestId() runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 03 00 02 60 00 00 ) // .....`.. - } // end of method ICertRequest3::GetRequestId - - .method public hidebysig newslot abstract virtual - instance string - marshal( bstr) - GetDispositionMessage() runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 04 00 02 60 00 00 ) // .....`.. - } // end of method ICertRequest3::GetDispositionMessage - - .method public hidebysig newslot abstract virtual - instance string - marshal( bstr) - GetCACertificate([in] int32 fExchangeCertificate, - [in] string marshal( bstr) strConfig, - [in] int32 Flags) runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 05 00 02 60 00 00 ) // .....`.. - } // end of method ICertRequest3::GetCACertificate - - .method public hidebysig newslot abstract virtual - instance string - marshal( bstr) - GetCertificate([in] int32 Flags) runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 06 00 02 60 00 00 ) // .....`.. - } // end of method ICertRequest3::GetCertificate - - .method public hidebysig newslot abstract virtual - instance int32 GetIssuedCertificate([in] string marshal( bstr) strConfig, - [in] int32 RequestId, - [in] string marshal( bstr) strSerialNumber) runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 00 00 03 60 00 00 ) // .....`.. - } // end of method ICertRequest3::GetIssuedCertificate - - .method public hidebysig newslot abstract virtual - instance string - marshal( bstr) - GetErrorMessageText([in] int32 hrMessage, - [in] int32 Flags) runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 01 00 03 60 00 00 ) // .....`.. - } // end of method ICertRequest3::GetErrorMessageText - - .method public hidebysig newslot abstract virtual - instance object - marshal( struct) - GetCAProperty([in] string marshal( bstr) strConfig, - [in] int32 PropId, - [in] int32 PropIndex, - [in] int32 PropType, - [in] int32 Flags) runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 02 00 03 60 00 00 ) // .....`.. - } // end of method ICertRequest3::GetCAProperty - - .method public hidebysig newslot abstract virtual - instance int32 GetCAPropertyFlags([in] string marshal( bstr) strConfig, - [in] int32 PropId) runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 03 00 03 60 00 00 ) // .....`.. - } // end of method ICertRequest3::GetCAPropertyFlags - - .method public hidebysig newslot abstract virtual - instance string - marshal( bstr) - GetCAPropertyDisplayName([in] string marshal( bstr) strConfig, - [in] int32 PropId) runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 04 00 03 60 00 00 ) // .....`.. - } // end of method ICertRequest3::GetCAPropertyDisplayName - - .method public hidebysig newslot abstract virtual - instance object - marshal( struct) - GetFullResponseProperty([in] int32 PropId, - [in] int32 PropIndex, - [in] int32 PropType, - [in] int32 Flags) runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 05 00 03 60 00 00 ) // .....`.. - } // end of method ICertRequest3::GetFullResponseProperty - - .method public hidebysig newslot abstract virtual - instance void SetCredential([in] int32 hWnd, - [in] valuetype CERTCLILib.X509EnrollmentAuthFlags AuthType, - [in] string marshal( bstr) strCredential, - [in] string marshal( bstr) strPassword) runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 00 00 04 60 00 00 ) // .....`.. - } // end of method ICertRequest3::SetCredential - - .method public hidebysig newslot abstract virtual - instance string - marshal( bstr) - GetRequestIdString() runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 01 00 04 60 00 00 ) // .....`.. - } // end of method ICertRequest3::GetRequestIdString - - .method public hidebysig newslot abstract virtual - instance int32 GetIssuedCertificate2([in] string marshal( bstr) strConfig, - [in] string marshal( bstr) strRequestId, - [in] string marshal( bstr) strSerialNumber) runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 02 00 04 60 00 00 ) // .....`.. - } // end of method ICertRequest3::GetIssuedCertificate2 - - .method public hidebysig newslot abstract virtual - instance bool GetRefreshPolicy() runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 03 00 04 60 00 00 ) // .....`.. - } // end of method ICertRequest3::GetRefreshPolicy - -} // end of class CERTCLILib.ICertRequest3 - -.class interface public abstract auto ansi import CERTCLILib.CCertRequest - implements CERTCLILib.ICertRequest3 -{ - .custom instance void [mscorlib]System.Runtime.InteropServices.GuidAttribute::.ctor(string) = ( 01 00 24 41 46 43 38 46 39 32 42 2D 33 33 41 32 // ..$AFC8F92B-33A2 - 2D 34 38 36 31 2D 42 46 33 36 2D 32 39 33 33 42 // -4861-BF36-2933B - 37 43 44 36 37 42 33 00 00 ) // 7CD67B3.. - .custom instance void [mscorlib]System.Runtime.InteropServices.CoClassAttribute::.ctor(class [mscorlib]System.Type) = ( 01 00 1C 43 45 52 54 43 4C 49 4C 69 62 2E 43 43 // ...CERTCLILib.CC - 65 72 74 52 65 71 75 65 73 74 43 6C 61 73 73 00 // ertRequestClass. - 00 ) -} // end of class CERTCLILib.CCertRequest - -.class public auto ansi import CERTCLILib.CCertRequestClass - extends [mscorlib]System.Object - implements CERTCLILib.ICertRequest3, - CERTCLILib.CCertRequest -{ - .custom instance void [mscorlib]System.Runtime.InteropServices.ClassInterfaceAttribute::.ctor(valuetype [mscorlib]System.Runtime.InteropServices.ClassInterfaceType) = ( 01 00 00 00 00 00 00 00 ) - .custom instance void [mscorlib]System.Runtime.InteropServices.TypeLibTypeAttribute::.ctor(valuetype [mscorlib]System.Runtime.InteropServices.TypeLibTypeFlags) = ( 01 00 02 00 00 00 00 00 ) - .custom instance void [mscorlib]System.Runtime.InteropServices.GuidAttribute::.ctor(string) = ( 01 00 24 39 38 41 46 46 33 46 30 2D 35 35 32 34 // ..$98AFF3F0-5524 - 2D 31 31 44 30 2D 38 38 31 32 2D 30 30 41 30 43 // -11D0-8812-00A0C - 39 30 33 42 38 33 43 00 00 ) // 903B83C.. - .method public specialname rtspecialname - instance void .ctor() runtime managed internalcall - { - } // end of method CCertRequestClass::.ctor - - .method public hidebysig newslot virtual - instance int32 Submit([in] int32 Flags, - [in] string marshal( bstr) strRequest, - [in] string marshal( bstr) strAttributes, - [in] string marshal( bstr) strConfig) runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 00 00 02 60 00 00 ) // .....`.. - .override CERTCLILib.ICertRequest3::Submit - } // end of method CCertRequestClass::Submit - - .method public hidebysig newslot virtual - instance int32 RetrievePending([in] int32 RequestId, - [in] string marshal( bstr) strConfig) runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 01 00 02 60 00 00 ) // .....`.. - .override CERTCLILib.ICertRequest3::RetrievePending - } // end of method CCertRequestClass::RetrievePending - - .method public hidebysig newslot virtual - instance int32 GetLastStatus() runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 02 00 02 60 00 00 ) // .....`.. - .override CERTCLILib.ICertRequest3::GetLastStatus - } // end of method CCertRequestClass::GetLastStatus - - .method public hidebysig newslot virtual - instance int32 GetRequestId() runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 03 00 02 60 00 00 ) // .....`.. - .override CERTCLILib.ICertRequest3::GetRequestId - } // end of method CCertRequestClass::GetRequestId - - .method public hidebysig newslot virtual - instance string - marshal( bstr) - GetDispositionMessage() runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 04 00 02 60 00 00 ) // .....`.. - .override CERTCLILib.ICertRequest3::GetDispositionMessage - } // end of method CCertRequestClass::GetDispositionMessage - - .method public hidebysig newslot virtual - instance string - marshal( bstr) - GetCACertificate([in] int32 fExchangeCertificate, - [in] string marshal( bstr) strConfig, - [in] int32 Flags) runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 05 00 02 60 00 00 ) // .....`.. - .override CERTCLILib.ICertRequest3::GetCACertificate - } // end of method CCertRequestClass::GetCACertificate - - .method public hidebysig newslot virtual - instance string - marshal( bstr) - GetCertificate([in] int32 Flags) runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 06 00 02 60 00 00 ) // .....`.. - .override CERTCLILib.ICertRequest3::GetCertificate - } // end of method CCertRequestClass::GetCertificate - - .method public hidebysig newslot virtual - instance int32 GetIssuedCertificate([in] string marshal( bstr) strConfig, - [in] int32 RequestId, - [in] string marshal( bstr) strSerialNumber) runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 00 00 03 60 00 00 ) // .....`.. - .override CERTCLILib.ICertRequest3::GetIssuedCertificate - } // end of method CCertRequestClass::GetIssuedCertificate - - .method public hidebysig newslot virtual - instance string - marshal( bstr) - GetErrorMessageText([in] int32 hrMessage, - [in] int32 Flags) runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 01 00 03 60 00 00 ) // .....`.. - .override CERTCLILib.ICertRequest3::GetErrorMessageText - } // end of method CCertRequestClass::GetErrorMessageText - - .method public hidebysig newslot virtual - instance object - marshal( struct) - GetCAProperty([in] string marshal( bstr) strConfig, - [in] int32 PropId, - [in] int32 PropIndex, - [in] int32 PropType, - [in] int32 Flags) runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 02 00 03 60 00 00 ) // .....`.. - .override CERTCLILib.ICertRequest3::GetCAProperty - } // end of method CCertRequestClass::GetCAProperty - - .method public hidebysig newslot virtual - instance int32 GetCAPropertyFlags([in] string marshal( bstr) strConfig, - [in] int32 PropId) runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 03 00 03 60 00 00 ) // .....`.. - .override CERTCLILib.ICertRequest3::GetCAPropertyFlags - } // end of method CCertRequestClass::GetCAPropertyFlags - - .method public hidebysig newslot virtual - instance string - marshal( bstr) - GetCAPropertyDisplayName([in] string marshal( bstr) strConfig, - [in] int32 PropId) runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 04 00 03 60 00 00 ) // .....`.. - .override CERTCLILib.ICertRequest3::GetCAPropertyDisplayName - } // end of method CCertRequestClass::GetCAPropertyDisplayName - - .method public hidebysig newslot virtual - instance object - marshal( struct) - GetFullResponseProperty([in] int32 PropId, - [in] int32 PropIndex, - [in] int32 PropType, - [in] int32 Flags) runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 05 00 03 60 00 00 ) // .....`.. - .override CERTCLILib.ICertRequest3::GetFullResponseProperty - } // end of method CCertRequestClass::GetFullResponseProperty - - .method public hidebysig newslot virtual - instance void SetCredential([in] int32 hWnd, - [in] valuetype CERTCLILib.X509EnrollmentAuthFlags AuthType, - [in] string marshal( bstr) strCredential, - [in] string marshal( bstr) strPassword) runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 00 00 04 60 00 00 ) // .....`.. - .override CERTCLILib.ICertRequest3::SetCredential - } // end of method CCertRequestClass::SetCredential - - .method public hidebysig newslot virtual - instance string - marshal( bstr) - GetRequestIdString() runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 01 00 04 60 00 00 ) // .....`.. - .override CERTCLILib.ICertRequest3::GetRequestIdString - } // end of method CCertRequestClass::GetRequestIdString - - .method public hidebysig newslot virtual - instance int32 GetIssuedCertificate2([in] string marshal( bstr) strConfig, - [in] string marshal( bstr) strRequestId, - [in] string marshal( bstr) strSerialNumber) runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 02 00 04 60 00 00 ) // .....`.. - .override CERTCLILib.ICertRequest3::GetIssuedCertificate2 - } // end of method CCertRequestClass::GetIssuedCertificate2 - - .method public hidebysig newslot virtual - instance bool GetRefreshPolicy() runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 03 00 04 60 00 00 ) // .....`.. - .override CERTCLILib.ICertRequest3::GetRefreshPolicy - } // end of method CCertRequestClass::GetRefreshPolicy - -} // end of class CERTCLILib.CCertRequestClass - -.class interface public abstract auto ansi import CERTCLILib.ICertServerPolicy -{ - .custom instance void [mscorlib]System.Runtime.InteropServices.TypeLibTypeAttribute::.ctor(valuetype [mscorlib]System.Runtime.InteropServices.TypeLibTypeFlags) = ( 01 00 40 10 00 00 00 00 ) // ..@..... - .custom instance void [mscorlib]System.Runtime.InteropServices.GuidAttribute::.ctor(string) = ( 01 00 24 41 41 30 30 30 39 32 32 2D 46 46 42 45 // ..$AA000922-FFBE - 2D 31 31 43 46 2D 38 38 30 30 2D 30 30 41 30 43 // -11CF-8800-00A0C - 39 30 33 42 38 33 43 00 00 ) // 903B83C.. - .method public hidebysig newslot abstract virtual - instance void SetContext([in] int32 Context) runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 00 00 02 60 00 00 ) // .....`.. - } // end of method ICertServerPolicy::SetContext - - .method public hidebysig newslot abstract virtual - instance object - marshal( struct) - GetRequestProperty([in] string marshal( bstr) strPropertyName, - [in] int32 PropertyType, - [out] native int pvarPropertyValue) runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 01 00 02 60 00 00 ) // .....`.. - } // end of method ICertServerPolicy::GetRequestProperty - - .method public hidebysig newslot abstract virtual - instance string - marshal( bstr) - GetRequestAttribute([in] string marshal( bstr) strAttributeName) runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 02 00 02 60 00 00 ) // .....`.. - } // end of method ICertServerPolicy::GetRequestAttribute - - .method public hidebysig newslot abstract virtual - instance object - marshal( struct) - GetCertificateProperty([in] string marshal( bstr) strPropertyName, - [in] int32 PropertyType, - [out] native int pvarPropertyValue) runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 03 00 02 60 00 00 ) // .....`.. - } // end of method ICertServerPolicy::GetCertificateProperty - - .method public hidebysig newslot abstract virtual - instance void SetCertificateProperty([in] string marshal( bstr) strPropertyName, - [in] int32 PropertyType, - [in] object& marshal( struct) pvarPropertyValue) runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 04 00 02 60 00 00 ) // .....`.. - } // end of method ICertServerPolicy::SetCertificateProperty - - .method public hidebysig newslot abstract virtual - instance object - marshal( struct) - GetCertificateExtension([in] string marshal( bstr) strExtensionName, - [in] int32 Type, - [out] native int pvarValue) runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 05 00 02 60 00 00 ) // .....`.. - } // end of method ICertServerPolicy::GetCertificateExtension - - .method public hidebysig newslot abstract virtual - instance int32 GetCertificateExtensionFlags() runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 06 00 02 60 00 00 ) // .....`.. - } // end of method ICertServerPolicy::GetCertificateExtensionFlags - - .method public hidebysig newslot abstract virtual - instance void SetCertificateExtension([in] string marshal( bstr) strExtensionName, - [in] int32 Type, - [in] int32 ExtFlags, - [in] native int pvarValue) runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 07 00 02 60 00 00 ) // .....`.. - } // end of method ICertServerPolicy::SetCertificateExtension - - .method public hidebysig newslot abstract virtual - instance void EnumerateExtensionsSetup([in] int32 Flags) runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 08 00 02 60 00 00 ) // .....`.. - } // end of method ICertServerPolicy::EnumerateExtensionsSetup - - .method public hidebysig newslot abstract virtual - instance string - marshal( bstr) - EnumerateExtensions() runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 09 00 02 60 00 00 ) // .....`.. - } // end of method ICertServerPolicy::EnumerateExtensions - - .method public hidebysig newslot abstract virtual - instance void EnumerateExtensionsClose() runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 0A 00 02 60 00 00 ) // .....`.. - } // end of method ICertServerPolicy::EnumerateExtensionsClose - - .method public hidebysig newslot abstract virtual - instance void EnumerateAttributesSetup([in] int32 Flags) runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 0B 00 02 60 00 00 ) // .....`.. - } // end of method ICertServerPolicy::EnumerateAttributesSetup - - .method public hidebysig newslot abstract virtual - instance string - marshal( bstr) - EnumerateAttributes() runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 0C 00 02 60 00 00 ) // .....`.. - } // end of method ICertServerPolicy::EnumerateAttributes - - .method public hidebysig newslot abstract virtual - instance void EnumerateAttributesClose() runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 0D 00 02 60 00 00 ) // .....`.. - } // end of method ICertServerPolicy::EnumerateAttributesClose - -} // end of class CERTCLILib.ICertServerPolicy - -.class interface public abstract auto ansi import CERTCLILib.CCertServerPolicy - implements CERTCLILib.ICertServerPolicy -{ - .custom instance void [mscorlib]System.Runtime.InteropServices.CoClassAttribute::.ctor(class [mscorlib]System.Type) = ( 01 00 21 43 45 52 54 43 4C 49 4C 69 62 2E 43 43 // ..!CERTCLILib.CC - 65 72 74 53 65 72 76 65 72 50 6F 6C 69 63 79 43 // ertServerPolicyC - 6C 61 73 73 00 00 ) // lass.. - .custom instance void [mscorlib]System.Runtime.InteropServices.GuidAttribute::.ctor(string) = ( 01 00 24 41 41 30 30 30 39 32 32 2D 46 46 42 45 // ..$AA000922-FFBE - 2D 31 31 43 46 2D 38 38 30 30 2D 30 30 41 30 43 // -11CF-8800-00A0C - 39 30 33 42 38 33 43 00 00 ) // 903B83C.. -} // end of class CERTCLILib.CCertServerPolicy - -.class public auto ansi import CERTCLILib.CCertServerPolicyClass - extends [mscorlib]System.Object - implements CERTCLILib.ICertServerPolicy, - CERTCLILib.CCertServerPolicy -{ - .custom instance void [mscorlib]System.Runtime.InteropServices.GuidAttribute::.ctor(string) = ( 01 00 24 41 41 30 30 30 39 32 36 2D 46 46 42 45 // ..$AA000926-FFBE - 2D 31 31 43 46 2D 38 38 30 30 2D 30 30 41 30 43 // -11CF-8800-00A0C - 39 30 33 42 38 33 43 00 00 ) // 903B83C.. - .custom instance void [mscorlib]System.Runtime.InteropServices.ClassInterfaceAttribute::.ctor(valuetype [mscorlib]System.Runtime.InteropServices.ClassInterfaceType) = ( 01 00 00 00 00 00 00 00 ) - .custom instance void [mscorlib]System.Runtime.InteropServices.TypeLibTypeAttribute::.ctor(valuetype [mscorlib]System.Runtime.InteropServices.TypeLibTypeFlags) = ( 01 00 02 00 00 00 00 00 ) - .method public specialname rtspecialname - instance void .ctor() runtime managed internalcall - { - } // end of method CCertServerPolicyClass::.ctor - - .method public hidebysig newslot virtual - instance void SetContext([in] int32 Context) runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 00 00 02 60 00 00 ) // .....`.. - .override CERTCLILib.ICertServerPolicy::SetContext - } // end of method CCertServerPolicyClass::SetContext - - .method public hidebysig newslot virtual - instance object - marshal( struct) - GetRequestProperty([in] string marshal( bstr) strPropertyName, - [in] int32 PropertyType, - [out] native int pvarPropertyValue) runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 01 00 02 60 00 00 ) // .....`.. - .override CERTCLILib.ICertServerPolicy::GetRequestProperty - } // end of method CCertServerPolicyClass::GetRequestProperty - - .method public hidebysig newslot virtual - instance string - marshal( bstr) - GetRequestAttribute([in] string marshal( bstr) strAttributeName) runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 02 00 02 60 00 00 ) // .....`.. - .override CERTCLILib.ICertServerPolicy::GetRequestAttribute - } // end of method CCertServerPolicyClass::GetRequestAttribute - - .method public hidebysig newslot virtual - instance object - marshal( struct) - GetCertificateProperty([in] string marshal( bstr) strPropertyName, - [in] int32 PropertyType, - [out] native int pvarPropertyValue) runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 03 00 02 60 00 00 ) // .....`.. - .override CERTCLILib.ICertServerPolicy::GetCertificateProperty - } // end of method CCertServerPolicyClass::GetCertificateProperty - - .method public hidebysig newslot virtual - instance void SetCertificateProperty([in] string marshal( bstr) strPropertyName, - [in] int32 PropertyType, - [in] object& marshal( struct) pvarPropertyValue) runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 04 00 02 60 00 00 ) // .....`.. - .override CERTCLILib.ICertServerPolicy::SetCertificateProperty - } // end of method CCertServerPolicyClass::SetCertificateProperty - - .method public hidebysig newslot virtual - instance object - marshal( struct) - GetCertificateExtension([in] string marshal( bstr) strExtensionName, - [in] int32 Type, - [out] native int pvarValue) runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 05 00 02 60 00 00 ) // .....`.. - .override CERTCLILib.ICertServerPolicy::GetCertificateExtension - } // end of method CCertServerPolicyClass::GetCertificateExtension - - .method public hidebysig newslot virtual - instance int32 GetCertificateExtensionFlags() runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 06 00 02 60 00 00 ) // .....`.. - .override CERTCLILib.ICertServerPolicy::GetCertificateExtensionFlags - } // end of method CCertServerPolicyClass::GetCertificateExtensionFlags - - .method public hidebysig newslot virtual - instance void SetCertificateExtension([in] string marshal( bstr) strExtensionName, - [in] int32 Type, - [in] int32 ExtFlags, - [in] native int pvarValue) runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 07 00 02 60 00 00 ) // .....`.. - .override CERTCLILib.ICertServerPolicy::SetCertificateExtension - } // end of method CCertServerPolicyClass::SetCertificateExtension - - .method public hidebysig newslot virtual - instance void EnumerateExtensionsSetup([in] int32 Flags) runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 08 00 02 60 00 00 ) // .....`.. - .override CERTCLILib.ICertServerPolicy::EnumerateExtensionsSetup - } // end of method CCertServerPolicyClass::EnumerateExtensionsSetup - - .method public hidebysig newslot virtual - instance string - marshal( bstr) - EnumerateExtensions() runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 09 00 02 60 00 00 ) // .....`.. - .override CERTCLILib.ICertServerPolicy::EnumerateExtensions - } // end of method CCertServerPolicyClass::EnumerateExtensions - - .method public hidebysig newslot virtual - instance void EnumerateExtensionsClose() runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 0A 00 02 60 00 00 ) // .....`.. - .override CERTCLILib.ICertServerPolicy::EnumerateExtensionsClose - } // end of method CCertServerPolicyClass::EnumerateExtensionsClose - - .method public hidebysig newslot virtual - instance void EnumerateAttributesSetup([in] int32 Flags) runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 0B 00 02 60 00 00 ) // .....`.. - .override CERTCLILib.ICertServerPolicy::EnumerateAttributesSetup - } // end of method CCertServerPolicyClass::EnumerateAttributesSetup - - .method public hidebysig newslot virtual - instance string - marshal( bstr) - EnumerateAttributes() runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 0C 00 02 60 00 00 ) // .....`.. - .override CERTCLILib.ICertServerPolicy::EnumerateAttributes - } // end of method CCertServerPolicyClass::EnumerateAttributes - - .method public hidebysig newslot virtual - instance void EnumerateAttributesClose() runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 0D 00 02 60 00 00 ) // .....`.. - .override CERTCLILib.ICertServerPolicy::EnumerateAttributesClose - } // end of method CCertServerPolicyClass::EnumerateAttributesClose - -} // end of class CERTCLILib.CCertServerPolicyClass - -.class interface public abstract auto ansi import CERTCLILib.ICertServerExit -{ - .custom instance void [mscorlib]System.Runtime.InteropServices.TypeLibTypeAttribute::.ctor(valuetype [mscorlib]System.Runtime.InteropServices.TypeLibTypeFlags) = ( 01 00 40 10 00 00 00 00 ) // ..@..... - .custom instance void [mscorlib]System.Runtime.InteropServices.GuidAttribute::.ctor(string) = ( 01 00 24 34 42 41 39 45 42 39 30 2D 37 33 32 43 // ..$4BA9EB90-732C - 2D 31 31 44 30 2D 38 38 31 36 2D 30 30 41 30 43 // -11D0-8816-00A0C - 39 30 33 42 38 33 43 00 00 ) // 903B83C.. - .method public hidebysig newslot abstract virtual - instance void SetContext([in] int32 Context) runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 00 00 02 60 00 00 ) // .....`.. - } // end of method ICertServerExit::SetContext - - .method public hidebysig newslot abstract virtual - instance object - marshal( struct) - GetRequestProperty([in] string marshal( bstr) strPropertyName, - [in] int32 PropertyType, - [out] native int pvarPropertyValue) runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 01 00 02 60 00 00 ) // .....`.. - } // end of method ICertServerExit::GetRequestProperty - - .method public hidebysig newslot abstract virtual - instance string - marshal( bstr) - GetRequestAttribute([in] string marshal( bstr) strAttributeName) runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 02 00 02 60 00 00 ) // .....`.. - } // end of method ICertServerExit::GetRequestAttribute - - .method public hidebysig newslot abstract virtual - instance object - marshal( struct) - GetCertificateProperty([in] string marshal( bstr) strPropertyName, - [in] int32 PropertyType, - [out] native int pvarPropertyValue) runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 03 00 02 60 00 00 ) // .....`.. - } // end of method ICertServerExit::GetCertificateProperty - - .method public hidebysig newslot abstract virtual - instance object - marshal( struct) - GetCertificateExtension([in] string marshal( bstr) strExtensionName, - [in] int32 Type, - [out] native int pvarValue) runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 04 00 02 60 00 00 ) // .....`.. - } // end of method ICertServerExit::GetCertificateExtension - - .method public hidebysig newslot abstract virtual - instance int32 GetCertificateExtensionFlags() runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 05 00 02 60 00 00 ) // .....`.. - } // end of method ICertServerExit::GetCertificateExtensionFlags - - .method public hidebysig newslot abstract virtual - instance void EnumerateExtensionsSetup([in] int32 Flags) runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 06 00 02 60 00 00 ) // .....`.. - } // end of method ICertServerExit::EnumerateExtensionsSetup - - .method public hidebysig newslot abstract virtual - instance string - marshal( bstr) - EnumerateExtensions() runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 07 00 02 60 00 00 ) // .....`.. - } // end of method ICertServerExit::EnumerateExtensions - - .method public hidebysig newslot abstract virtual - instance void EnumerateExtensionsClose() runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 08 00 02 60 00 00 ) // .....`.. - } // end of method ICertServerExit::EnumerateExtensionsClose - - .method public hidebysig newslot abstract virtual - instance void EnumerateAttributesSetup([in] int32 Flags) runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 09 00 02 60 00 00 ) // .....`.. - } // end of method ICertServerExit::EnumerateAttributesSetup - - .method public hidebysig newslot abstract virtual - instance string - marshal( bstr) - EnumerateAttributes() runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 0A 00 02 60 00 00 ) // .....`.. - } // end of method ICertServerExit::EnumerateAttributes - - .method public hidebysig newslot abstract virtual - instance void EnumerateAttributesClose() runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 0B 00 02 60 00 00 ) // .....`.. - } // end of method ICertServerExit::EnumerateAttributesClose - -} // end of class CERTCLILib.ICertServerExit - -.class interface public abstract auto ansi import CERTCLILib.CCertServerExit - implements CERTCLILib.ICertServerExit -{ - .custom instance void [mscorlib]System.Runtime.InteropServices.CoClassAttribute::.ctor(class [mscorlib]System.Type) = ( 01 00 1F 43 45 52 54 43 4C 49 4C 69 62 2E 43 43 // ...CERTCLILib.CC - 65 72 74 53 65 72 76 65 72 45 78 69 74 43 6C 61 // ertServerExitCla - 73 73 00 00 ) // ss.. - .custom instance void [mscorlib]System.Runtime.InteropServices.GuidAttribute::.ctor(string) = ( 01 00 24 34 42 41 39 45 42 39 30 2D 37 33 32 43 // ..$4BA9EB90-732C - 2D 31 31 44 30 2D 38 38 31 36 2D 30 30 41 30 43 // -11D0-8816-00A0C - 39 30 33 42 38 33 43 00 00 ) // 903B83C.. -} // end of class CERTCLILib.CCertServerExit - -.class public auto ansi import CERTCLILib.CCertServerExitClass - extends [mscorlib]System.Object - implements CERTCLILib.ICertServerExit, - CERTCLILib.CCertServerExit -{ - .custom instance void [mscorlib]System.Runtime.InteropServices.GuidAttribute::.ctor(string) = ( 01 00 24 34 43 34 41 35 45 34 30 2D 37 33 32 43 // ..$4C4A5E40-732C - 2D 31 31 44 30 2D 38 38 31 36 2D 30 30 41 30 43 // -11D0-8816-00A0C - 39 30 33 42 38 33 43 00 00 ) // 903B83C.. - .custom instance void [mscorlib]System.Runtime.InteropServices.ClassInterfaceAttribute::.ctor(valuetype [mscorlib]System.Runtime.InteropServices.ClassInterfaceType) = ( 01 00 00 00 00 00 00 00 ) - .custom instance void [mscorlib]System.Runtime.InteropServices.TypeLibTypeAttribute::.ctor(valuetype [mscorlib]System.Runtime.InteropServices.TypeLibTypeFlags) = ( 01 00 02 00 00 00 00 00 ) - .method public specialname rtspecialname - instance void .ctor() runtime managed internalcall - { - } // end of method CCertServerExitClass::.ctor - - .method public hidebysig newslot virtual - instance void SetContext([in] int32 Context) runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 00 00 02 60 00 00 ) // .....`.. - .override CERTCLILib.ICertServerExit::SetContext - } // end of method CCertServerExitClass::SetContext - - .method public hidebysig newslot virtual - instance object - marshal( struct) - GetRequestProperty([in] string marshal( bstr) strPropertyName, - [in] int32 PropertyType, - [out] native int pvarPropertyValue) runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 01 00 02 60 00 00 ) // .....`.. - .override CERTCLILib.ICertServerExit::GetRequestProperty - } // end of method CCertServerExitClass::GetRequestProperty - - .method public hidebysig newslot virtual - instance string - marshal( bstr) - GetRequestAttribute([in] string marshal( bstr) strAttributeName) runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 02 00 02 60 00 00 ) // .....`.. - .override CERTCLILib.ICertServerExit::GetRequestAttribute - } // end of method CCertServerExitClass::GetRequestAttribute - - .method public hidebysig newslot virtual - instance object - marshal( struct) - GetCertificateProperty([in] string marshal( bstr) strPropertyName, - [in] int32 PropertyType, - [out] native int pvarPropertyValue) runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 03 00 02 60 00 00 ) // .....`.. - .override CERTCLILib.ICertServerExit::GetCertificateProperty - } // end of method CCertServerExitClass::GetCertificateProperty - - .method public hidebysig newslot virtual - instance object - marshal( struct) - GetCertificateExtension([in] string marshal( bstr) strExtensionName, - [in] int32 Type, - [out] native int pvarValue) runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 04 00 02 60 00 00 ) // .....`.. - .override CERTCLILib.ICertServerExit::GetCertificateExtension - } // end of method CCertServerExitClass::GetCertificateExtension - - .method public hidebysig newslot virtual - instance int32 GetCertificateExtensionFlags() runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 05 00 02 60 00 00 ) // .....`.. - .override CERTCLILib.ICertServerExit::GetCertificateExtensionFlags - } // end of method CCertServerExitClass::GetCertificateExtensionFlags - - .method public hidebysig newslot virtual - instance void EnumerateExtensionsSetup([in] int32 Flags) runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 06 00 02 60 00 00 ) // .....`.. - .override CERTCLILib.ICertServerExit::EnumerateExtensionsSetup - } // end of method CCertServerExitClass::EnumerateExtensionsSetup - - .method public hidebysig newslot virtual - instance string - marshal( bstr) - EnumerateExtensions() runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 07 00 02 60 00 00 ) // .....`.. - .override CERTCLILib.ICertServerExit::EnumerateExtensions - } // end of method CCertServerExitClass::EnumerateExtensions - - .method public hidebysig newslot virtual - instance void EnumerateExtensionsClose() runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 08 00 02 60 00 00 ) // .....`.. - .override CERTCLILib.ICertServerExit::EnumerateExtensionsClose - } // end of method CCertServerExitClass::EnumerateExtensionsClose - - .method public hidebysig newslot virtual - instance void EnumerateAttributesSetup([in] int32 Flags) runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 09 00 02 60 00 00 ) // .....`.. - .override CERTCLILib.ICertServerExit::EnumerateAttributesSetup - } // end of method CCertServerExitClass::EnumerateAttributesSetup - - .method public hidebysig newslot virtual - instance string - marshal( bstr) - EnumerateAttributes() runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 0A 00 02 60 00 00 ) // .....`.. - .override CERTCLILib.ICertServerExit::EnumerateAttributes - } // end of method CCertServerExitClass::EnumerateAttributes - - .method public hidebysig newslot virtual - instance void EnumerateAttributesClose() runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 0B 00 02 60 00 00 ) // .....`.. - .override CERTCLILib.ICertServerExit::EnumerateAttributesClose - } // end of method CCertServerExitClass::EnumerateAttributesClose - -} // end of class CERTCLILib.CCertServerExitClass - -.class public auto ansi sealed CERTCLILib.X509EnrollmentAuthFlags - extends [mscorlib]System.Enum -{ - .field public specialname rtspecialname int32 value__ - .field public static literal valuetype CERTCLILib.X509EnrollmentAuthFlags X509AuthNone = int32(0x00000000) - .field public static literal valuetype CERTCLILib.X509EnrollmentAuthFlags X509AuthAnonymous = int32(0x00000001) - .field public static literal valuetype CERTCLILib.X509EnrollmentAuthFlags X509AuthKerberos = int32(0x00000002) - .field public static literal valuetype CERTCLILib.X509EnrollmentAuthFlags X509AuthUsername = int32(0x00000004) - .field public static literal valuetype CERTCLILib.X509EnrollmentAuthFlags X509AuthCertificate = int32(0x00000008) -} // end of class CERTCLILib.X509EnrollmentAuthFlags - - -// ============================================================= - -// *********** DISASSEMBLY COMPLETE *********************** -// Warnung: Win32-Ressourcendatei "CERTCLILIB.res" wurde erstellt. diff --git a/CERTPOLICYLIB.il b/CERTPOLICYLIB.il deleted file mode 100644 index 612c552..0000000 --- a/CERTPOLICYLIB.il +++ /dev/null @@ -1,291 +0,0 @@ - -// Microsoft (R) .NET Framework IL Disassembler. Version 4.8.3928.0 -// Copyright (c) Microsoft Corporation. Alle Rechte vorbehalten. - - - -// Metadata version: v4.0.30319 -.assembly extern mscorlib -{ - .publickeytoken = (B7 7A 5C 56 19 34 E0 89 ) // .z\V.4.. - .ver 4:0:0:0 -} -.assembly CERTPOLICYLib -{ - .custom instance void [mscorlib]System.Runtime.InteropServices.TypeLibVersionAttribute::.ctor(int32, - int32) = ( 01 00 01 00 00 00 00 00 00 00 00 00 ) - .custom instance void [mscorlib]System.Runtime.InteropServices.GuidAttribute::.ctor(string) = ( 01 00 24 33 41 30 42 37 35 34 30 2D 43 32 43 38 // ..$3A0B7540-C2C8 - 2D 31 31 44 32 2D 42 33 31 33 2D 30 30 43 30 34 // -11D2-B313-00C04 - 46 37 39 44 43 37 32 00 00 ) // F79DC72.. - .custom instance void [mscorlib]System.Runtime.InteropServices.ImportedFromTypeLibAttribute::.ctor(string) = ( 01 00 0D 43 45 52 54 50 4F 4C 49 43 59 4C 69 62 // ...CERTPOLICYLib - 00 00 ) - .hash algorithm 0x00008004 - .ver 1:0:0:0 -} -.module CERTPOLICYLib.dll -// MVID: {E1129AE2-FAA4-490B-9546-69BB7452B9B6} -.imagebase 0x00400000 -.file alignment 0x00000200 -.stackreserve 0x00100000 -.subsystem 0x0003 // WINDOWS_CUI -.corflags 0x00000001 // ILONLY -// Image base: 0x07020000 - - -// =============== CLASS MEMBERS DECLARATION =================== - -.class interface public abstract auto ansi import CERTPOLICYLib.ICertPolicy -{ - .custom instance void [mscorlib]System.Runtime.InteropServices.TypeLibTypeAttribute::.ctor(valuetype [mscorlib]System.Runtime.InteropServices.TypeLibTypeFlags) = ( 01 00 40 10 00 00 00 00 ) // ..@..... - .custom instance void [mscorlib]System.Runtime.InteropServices.GuidAttribute::.ctor(string) = ( 01 00 24 33 38 42 42 35 41 30 30 2D 37 36 33 36 // ..$38BB5A00-7636 - 2D 31 31 44 30 2D 42 34 31 33 2D 30 30 41 30 43 // -11D0-B413-00A0C - 39 31 42 42 46 38 43 00 00 ) // 91BBF8C.. - .method public hidebysig newslot abstract virtual - instance void Initialize([in] string marshal( bstr) strConfig) runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 00 00 02 60 00 00 ) // .....`.. - } // end of method ICertPolicy::Initialize - - .method public hidebysig newslot abstract virtual - instance int32 VerifyRequest([in] string marshal( bstr) strConfig, - [in] int32 Context, - [in] int32 bNewRequest, - [in] int32 Flags) runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 01 00 02 60 00 00 ) // .....`.. - } // end of method ICertPolicy::VerifyRequest - - .method public hidebysig newslot abstract virtual - instance string - marshal( bstr) - GetDescription() runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 02 00 02 60 00 00 ) // .....`.. - } // end of method ICertPolicy::GetDescription - - .method public hidebysig newslot abstract virtual - instance void ShutDown() runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 03 00 02 60 00 00 ) // .....`.. - } // end of method ICertPolicy::ShutDown - -} // end of class CERTPOLICYLib.ICertPolicy - -.class interface public abstract auto ansi import CERTPOLICYLib.ICertPolicy2 - implements CERTPOLICYLib.ICertPolicy -{ - .custom instance void [mscorlib]System.Runtime.InteropServices.TypeLibTypeAttribute::.ctor(valuetype [mscorlib]System.Runtime.InteropServices.TypeLibTypeFlags) = ( 01 00 40 10 00 00 00 00 ) // ..@..... - .custom instance void [mscorlib]System.Runtime.InteropServices.GuidAttribute::.ctor(string) = ( 01 00 24 33 44 42 34 39 31 30 45 2D 38 30 30 31 // ..$3DB4910E-8001 - 2D 34 42 46 31 2D 41 41 31 42 2D 46 34 33 41 38 // -4BF1-AA1B-F43A8 - 30 38 33 31 37 41 30 00 00 ) // 08317A0.. - .method public hidebysig newslot abstract virtual - instance void Initialize([in] string marshal( bstr) strConfig) runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 00 00 02 60 00 00 ) // .....`.. - } // end of method ICertPolicy2::Initialize - - .method public hidebysig newslot abstract virtual - instance int32 VerifyRequest([in] string marshal( bstr) strConfig, - [in] int32 Context, - [in] int32 bNewRequest, - [in] int32 Flags) runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 01 00 02 60 00 00 ) // .....`.. - } // end of method ICertPolicy2::VerifyRequest - - .method public hidebysig newslot abstract virtual - instance string - marshal( bstr) - GetDescription() runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 02 00 02 60 00 00 ) // .....`.. - } // end of method ICertPolicy2::GetDescription - - .method public hidebysig newslot abstract virtual - instance void ShutDown() runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 03 00 02 60 00 00 ) // .....`.. - } // end of method ICertPolicy2::ShutDown - - .method public hidebysig newslot abstract virtual - instance class CERTPOLICYLib.CCertManagePolicyModule - marshal( interface ) - GetManageModule() runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 00 00 03 60 00 00 ) // .....`.. - } // end of method ICertPolicy2::GetManageModule - -} // end of class CERTPOLICYLib.ICertPolicy2 - -.class interface public abstract auto ansi import CERTPOLICYLib.CCertPolicy - implements CERTPOLICYLib.ICertPolicy2 -{ - .custom instance void [mscorlib]System.Runtime.InteropServices.GuidAttribute::.ctor(string) = ( 01 00 24 33 44 42 34 39 31 30 45 2D 38 30 30 31 // ..$3DB4910E-8001 - 2D 34 42 46 31 2D 41 41 31 42 2D 46 34 33 41 38 // -4BF1-AA1B-F43A8 - 30 38 33 31 37 41 30 00 00 ) // 08317A0.. - .custom instance void [mscorlib]System.Runtime.InteropServices.CoClassAttribute::.ctor(class [mscorlib]System.Type) = ( 01 00 1E 43 45 52 54 50 4F 4C 49 43 59 4C 69 62 // ...CERTPOLICYLib - 2E 43 43 65 72 74 50 6F 6C 69 63 79 43 6C 61 73 // .CCertPolicyClas - 73 00 00 ) // s.. -} // end of class CERTPOLICYLib.CCertPolicy - -.class public auto ansi import CERTPOLICYLib.CCertPolicyClass - extends [mscorlib]System.Object - implements CERTPOLICYLib.ICertPolicy2, - CERTPOLICYLib.CCertPolicy -{ - .custom instance void [mscorlib]System.Runtime.InteropServices.TypeLibTypeAttribute::.ctor(valuetype [mscorlib]System.Runtime.InteropServices.TypeLibTypeFlags) = ( 01 00 02 00 00 00 00 00 ) - .custom instance void [mscorlib]System.Runtime.InteropServices.ClassInterfaceAttribute::.ctor(valuetype [mscorlib]System.Runtime.InteropServices.ClassInterfaceType) = ( 01 00 00 00 00 00 00 00 ) - .custom instance void [mscorlib]System.Runtime.InteropServices.GuidAttribute::.ctor(string) = ( 01 00 24 33 42 36 36 35 34 44 30 2D 43 32 43 38 // ..$3B6654D0-C2C8 - 2D 31 31 44 32 2D 42 33 31 33 2D 30 30 43 30 34 // -11D2-B313-00C04 - 46 37 39 44 43 37 32 00 00 ) // F79DC72.. - .method public specialname rtspecialname - instance void .ctor() runtime managed internalcall - { - } // end of method CCertPolicyClass::.ctor - - .method public hidebysig newslot virtual - instance void Initialize([in] string marshal( bstr) strConfig) runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 00 00 02 60 00 00 ) // .....`.. - .override CERTPOLICYLib.ICertPolicy2::Initialize - } // end of method CCertPolicyClass::Initialize - - .method public hidebysig newslot virtual - instance int32 VerifyRequest([in] string marshal( bstr) strConfig, - [in] int32 Context, - [in] int32 bNewRequest, - [in] int32 Flags) runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 01 00 02 60 00 00 ) // .....`.. - .override CERTPOLICYLib.ICertPolicy2::VerifyRequest - } // end of method CCertPolicyClass::VerifyRequest - - .method public hidebysig newslot virtual - instance string - marshal( bstr) - GetDescription() runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 02 00 02 60 00 00 ) // .....`.. - .override CERTPOLICYLib.ICertPolicy2::GetDescription - } // end of method CCertPolicyClass::GetDescription - - .method public hidebysig newslot virtual - instance void ShutDown() runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 03 00 02 60 00 00 ) // .....`.. - .override CERTPOLICYLib.ICertPolicy2::ShutDown - } // end of method CCertPolicyClass::ShutDown - - .method public hidebysig newslot virtual - instance class CERTPOLICYLib.CCertManagePolicyModule - marshal( interface ) - GetManageModule() runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 00 00 03 60 00 00 ) // .....`.. - .override CERTPOLICYLib.ICertPolicy2::GetManageModule - } // end of method CCertPolicyClass::GetManageModule - -} // end of class CERTPOLICYLib.CCertPolicyClass - -.class interface public abstract auto ansi import CERTPOLICYLib.ICertManageModule -{ - .custom instance void [mscorlib]System.Runtime.InteropServices.GuidAttribute::.ctor(string) = ( 01 00 24 45 37 44 37 41 44 34 32 2D 42 44 33 44 // ..$E7D7AD42-BD3D - 2D 31 31 44 31 2D 39 41 34 44 2D 30 30 43 30 34 // -11D1-9A4D-00C04 - 46 43 32 39 37 45 42 00 00 ) // FC297EB.. - .custom instance void [mscorlib]System.Runtime.InteropServices.TypeLibTypeAttribute::.ctor(valuetype [mscorlib]System.Runtime.InteropServices.TypeLibTypeFlags) = ( 01 00 40 10 00 00 00 00 ) // ..@..... - .method public hidebysig newslot abstract virtual - instance object - marshal( struct) - GetProperty([in] string marshal( bstr) strConfig, - [in] string marshal( bstr) strStorageLocation, - [in] string marshal( bstr) strPropertyName, - [in] int32 Flags) runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 00 00 02 60 00 00 ) // .....`.. - } // end of method ICertManageModule::GetProperty - - .method public hidebysig newslot abstract virtual - instance void SetProperty([in] string marshal( bstr) strConfig, - [in] string marshal( bstr) strStorageLocation, - [in] string marshal( bstr) strPropertyName, - [in] int32 Flags, - [in] object& marshal( struct) pvarProperty) runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 01 00 02 60 00 00 ) // .....`.. - } // end of method ICertManageModule::SetProperty - - .method public hidebysig newslot abstract virtual - instance void Configure([in] string marshal( bstr) strConfig, - [in] string marshal( bstr) strStorageLocation, - [in] int32 Flags) runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 02 00 02 60 00 00 ) // .....`.. - } // end of method ICertManageModule::Configure - -} // end of class CERTPOLICYLib.ICertManageModule - -.class interface public abstract auto ansi import CERTPOLICYLib.CCertManagePolicyModule - implements CERTPOLICYLib.ICertManageModule -{ - .custom instance void [mscorlib]System.Runtime.InteropServices.CoClassAttribute::.ctor(class [mscorlib]System.Type) = ( 01 00 2A 43 45 52 54 50 4F 4C 49 43 59 4C 69 62 // ..*CERTPOLICYLib - 2E 43 43 65 72 74 4D 61 6E 61 67 65 50 6F 6C 69 // .CCertManagePoli - 63 79 4D 6F 64 75 6C 65 43 6C 61 73 73 00 00 ) // cyModuleClass.. - .custom instance void [mscorlib]System.Runtime.InteropServices.GuidAttribute::.ctor(string) = ( 01 00 24 45 37 44 37 41 44 34 32 2D 42 44 33 44 // ..$E7D7AD42-BD3D - 2D 31 31 44 31 2D 39 41 34 44 2D 30 30 43 30 34 // -11D1-9A4D-00C04 - 46 43 32 39 37 45 42 00 00 ) // FC297EB.. -} // end of class CERTPOLICYLib.CCertManagePolicyModule - -.class public auto ansi import CERTPOLICYLib.CCertManagePolicyModuleClass - extends [mscorlib]System.Object - implements CERTPOLICYLib.ICertManageModule, - CERTPOLICYLib.CCertManagePolicyModule -{ - .custom instance void [mscorlib]System.Runtime.InteropServices.GuidAttribute::.ctor(string) = ( 01 00 24 33 42 42 34 34 33 36 30 2D 43 32 43 38 // ..$3BB44360-C2C8 - 2D 31 31 44 32 2D 42 33 31 33 2D 30 30 43 30 34 // -11D2-B313-00C04 - 46 37 39 44 43 37 32 00 00 ) // F79DC72.. - .custom instance void [mscorlib]System.Runtime.InteropServices.ClassInterfaceAttribute::.ctor(valuetype [mscorlib]System.Runtime.InteropServices.ClassInterfaceType) = ( 01 00 00 00 00 00 00 00 ) - .custom instance void [mscorlib]System.Runtime.InteropServices.TypeLibTypeAttribute::.ctor(valuetype [mscorlib]System.Runtime.InteropServices.TypeLibTypeFlags) = ( 01 00 02 00 00 00 00 00 ) - .method public specialname rtspecialname - instance void .ctor() runtime managed internalcall - { - } // end of method CCertManagePolicyModuleClass::.ctor - - .method public hidebysig newslot virtual - instance object - marshal( struct) - GetProperty([in] string marshal( bstr) strConfig, - [in] string marshal( bstr) strStorageLocation, - [in] string marshal( bstr) strPropertyName, - [in] int32 Flags) runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 00 00 02 60 00 00 ) // .....`.. - .override CERTPOLICYLib.ICertManageModule::GetProperty - } // end of method CCertManagePolicyModuleClass::GetProperty - - .method public hidebysig newslot virtual - instance void SetProperty([in] string marshal( bstr) strConfig, - [in] string marshal( bstr) strStorageLocation, - [in] string marshal( bstr) strPropertyName, - [in] int32 Flags, - [in] object& marshal( struct) pvarProperty) runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 01 00 02 60 00 00 ) // .....`.. - .override CERTPOLICYLib.ICertManageModule::SetProperty - } // end of method CCertManagePolicyModuleClass::SetProperty - - .method public hidebysig newslot virtual - instance void Configure([in] string marshal( bstr) strConfig, - [in] string marshal( bstr) strStorageLocation, - [in] int32 Flags) runtime managed internalcall - { - .custom instance void [mscorlib]System.Runtime.InteropServices.DispIdAttribute::.ctor(int32) = ( 01 00 02 00 02 60 00 00 ) // .....`.. - .override CERTPOLICYLib.ICertManageModule::Configure - } // end of method CCertManagePolicyModuleClass::Configure - -} // end of class CERTPOLICYLib.CCertManagePolicyModuleClass - - -// ============================================================= - -// *********** DISASSEMBLY COMPLETE *********************** -// Warnung: Win32-Ressourcendatei "CERTPOLICYLIB.res" wurde erstellt. diff --git a/CHANGELOG.md b/CHANGELOG.md index 1abd78e..dd8fbc9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,20 +1,15 @@ ## Changelog for the TameMyCerts policy module {#changelog} -### Version \ +### Version 1.6.1045.1129 -_This version was released on \_. +_This version was released on Nov 12, 2023._ -> **NOTE** > TameMyCerts has developed into a reliable, secure and stable enterprise product. Many organizations around the world are relying on it to improve their security and their PKI workflows. Professional development, testing and documentation consumes a considerable amount of time and resources. Whilst still being fully committed on keeping source code available for the community, _digitally signed binaries_, a _print-optimized documentation_ and _priority support_ are benefits **only available for customers with an active maintenance contract**. This is a major release containing lots of bug fixes for edge-cases as well as many new exciting features, whilst staying backwards-compatible to existing configuration files. -- The _SubjectDistingushedName_ directive within _DirectoryServicesMapping_ has been renamed to _DsBoundSubject_. **Note that this breaks existing policy files. These must be adjusted when upgrading.** -- The _RelativeDistingushedName_ directive within _DirectoryServicesMapping_ has been renamed to _DsBoundSubjectRule_. **Note that this breaks existing policy files. These must be adjusted when upgrading.** -- TameMyCerts now implements caching for policy configuration files. Instead of loading them over and over again for any incoming request, this is now only done if the file has changed. -- TameMyCerts now supports for building or extending the Subject Alternative Name extension of issued certificates with configurable attributes from a mapped Active Directory object. You configure a _DsBoundSubjectAlternativeName_ Node containing at least one _DsBoundSubjectRule_ within _DirectoryServicesMapping_. -- TameMyCerts now supports setting static values into the Subject Relative Distinguished Name with the _StaticSubject_ directive containing at least one _StaticSubjectRule_. -- TameMyCerts now supports setting static values into the Subject Alternative Name with the _StaticSubjectAlternativeName_ directive containing at least one _StaticSubjectRule_. +- TameMyCerts now supports modifying the Subject Distinguished Name and Subject Alternative Name of issued certificates with attributes of mapped Active Directory objects, values from certificate request fields, static strings, or a combination of all these. **Note that this breaks existing policy files. These must be adjusted when upgrading.** +- TameMyCerts now implements caching for policy configuration files. Instead of loading them over and over again for any incoming request, this is now only done if the file has changed.. - TameMyCerts now supports configuring per-Template CRL Distribution Point, Authority Information Access, and Online Certificate Status Protocol URIs. Configure them with the _CrlDistributionPoints_, _AuthorityInformationAccess_ and _OnlineCertificateStatusProtocol_ directives. - TameMyCerts now automatically determines the desired key algorithm from the certificate template. The _KeyAlgorithm_ parameter has therefore been removed. Existing configurations will continue to work but without using the configured _KeyAlgorithm_. - TameMyCerts now reads all available request properties directly from the certification authority instead of parsing the inline request. The inline certificate request will now only be parsed when _AllowedProcesses_ or _DisallowedProcesses_ directives are configured, as this information cannot be obtained from the CA directly. There are rare cases where it may not be possible to parse the inline certificate request. In this case, the requested properties will be treated as non-existent. diff --git a/Models/DsBoundSubjectRule.cs b/ClassExtensions/StringExtensions.cs similarity index 63% rename from Models/DsBoundSubjectRule.cs rename to ClassExtensions/StringExtensions.cs index 5e4fa58..1f94235 100644 --- a/Models/DsBoundSubjectRule.cs +++ b/ClassExtensions/StringExtensions.cs @@ -12,13 +12,15 @@ // See the License for the specific language governing permissions and // limitations under the License. -namespace TameMyCerts.Models +using System.Text.RegularExpressions; + +namespace TameMyCerts.ClassExtensions { - // Must be public due to XML serialization, otherwise 0x80131509 / System.InvalidOperationException - public class DsBoundSubjectRule + public static class StringExtensions { - public string Field { get; set; } = string.Empty; - public string DirectoryServicesAttribute { get; set; } = "userPrincipalName"; - public bool Mandatory { get; set; } + public static string ReplaceCaseInsensitive(this string input, string from, string to) + { + return Regex.Replace(input, from, to, RegexOptions.IgnoreCase); + } } } \ No newline at end of file diff --git a/Enums/WinError.cs b/Enums/WinError.cs index 59f9272..978a59d 100644 --- a/Enums/WinError.cs +++ b/Enums/WinError.cs @@ -49,6 +49,11 @@ internal static class WinError /// public const int CERTSRV_E_KEY_LENGTH = unchecked((int)0x80094811); + /// + /// The certificate is not valid for the requested usage. + /// + public const int CERT_E_WRONG_USAGE = unchecked((int)0x800B0110); + /// /// The certificate has an invalid name. The name is not included in the permitted list or is explicitly excluded. /// diff --git a/LocalizedStrings.Designer.cs b/LocalizedStrings.Designer.cs index 0b9d594..65858e2 100644 --- a/LocalizedStrings.Designer.cs +++ b/LocalizedStrings.Designer.cs @@ -408,6 +408,24 @@ internal static string FinVal_No_Identity { } } + /// + /// Looks up a localized string similar to The field name "{0}" that was specified for construction of a Subject Relative Distinguished name is unsupported.. + /// + internal static string Rdn_Invalid_Field { + get { + return ResourceManager.GetString("Rdn_Invalid_Field", resourceCulture); + } + } + + /// + /// Looks up a localized string similar to The value "{0}" for that was specified for construction of the Subject Relative Distinguished Name of type "{1}" is too long. The maximum length is {2} characters for this RDN, but the attribute is {3} characters long.. + /// + internal static string Rdn_Value_Too_Long { + get { + return ResourceManager.GetString("Rdn_Value_Too_Long", resourceCulture); + } + } + /// /// Looks up a localized string similar to Cryptographic provider "{0}" used to create the certificate request is explicitly disallowed.. /// @@ -634,20 +652,20 @@ internal static string ReqVal_Unsupported_San_Type { } /// - /// Looks up a localized string similar to The field name "{0}" that was specified for construction of a static subject relative distinguished is unsupported.. + /// Looks up a localized string similar to Unable to add entry of type "{0}" with value "{1}" to the Subject Alternative Name certificate extension. Either type or value is invalid.. /// - internal static string StatVal_Rdn_Invalid_Field { + internal static string San_unable_to_add { get { - return ResourceManager.GetString("StatVal_Rdn_Invalid_Field", resourceCulture); + return ResourceManager.GetString("San_unable_to_add", resourceCulture); } } /// - /// Looks up a localized string similar to The value "{0}" for that was specified for construction of the static subject relative distinguished name with type "{1}" is too long. The maximum length is {2} characters for this RDN but the attribute is {3} characters long.. + /// Looks up a localized string similar to The "{0}" token for the construction of a Subject Relative Distinguished Name is unknown. Ensure that Directory Service Mapping is enabled if it is an AD attribute, and that the originating certificate request contains the token, if it is a request field.. /// - internal static string StatVal_Rdn_Value_Too_Long { + internal static string Token_invalid { get { - return ResourceManager.GetString("StatVal_Rdn_Value_Too_Long", resourceCulture); + return ResourceManager.GetString("Token_invalid", resourceCulture); } } } diff --git a/LocalizedStrings.resx b/LocalizedStrings.resx index 1406723..c9958fd 100644 --- a/LocalizedStrings.resx +++ b/LocalizedStrings.resx @@ -300,11 +300,11 @@ The mandatory "{0}" attribute is not present on {1}. Unable to apply syntax rules. - - The field name "{0}" that was specified for construction of a static subject relative distinguished is unsupported. + + The field name "{0}" that was specified for construction of a Subject Relative Distinguished name is unsupported. - - The value "{0}" for that was specified for construction of the static subject relative distinguished name with type "{1}" is too long. The maximum length is {2} characters for this RDN but the attribute is {3} characters long. + + The value "{0}" for that was specified for construction of the Subject Relative Distinguished Name of type "{1}" is too long. The maximum length is {2} characters for this RDN, but the attribute is {3} characters long. The attempt to add the mandatory directory attribute "{0}" to the mandatory "{1}" subject alternative name type failed for {2}. This may be because of an incompatibility of data types. @@ -318,4 +318,11 @@ The resulting certificate wouldn't contain any identity in form of a commonName or a Subject Alternative Name. + + Unable to add entry of type "{0}" with value "{1}" to the Subject Alternative Name certificate extension. Either type or value is invalid. + + + The "{0}" token for the construction of a Subject Relative Distinguished Name is unknown. Ensure that Directory Service Mapping is enabled if it is an AD attribute, and that the originating certificate request contains the token, if it is a request field. + " + \ No newline at end of file diff --git a/Models/ActiveDirectoryObject.cs b/Models/ActiveDirectoryObject.cs index 7f58496..8bf89b2 100644 --- a/Models/ActiveDirectoryObject.cs +++ b/Models/ActiveDirectoryObject.cs @@ -28,7 +28,7 @@ internal class ActiveDirectoryObject private const StringComparison COMPARISON = StringComparison.InvariantCultureIgnoreCase; public ActiveDirectoryObject(string forestRootDomain, string dsAttribute, string identity, - string objectCategory, string searchRoot, bool loadExtendedAttributes = false) + string objectCategory, string searchRoot) { if (!DsMappingAttributes.Any(s => s.Equals(dsAttribute, COMPARISON))) { @@ -55,10 +55,7 @@ public ActiveDirectoryObject(string forestRootDomain, string dsAttribute, string "memberOf", "userAccountControl", "objectSid", "distinguishedName", "servicePrincipalName" }; - // Only load extended attributes if we have a use for them (e.g. modifying Subject DN from AD attributes) - attributesToRetrieve.AddRange(loadExtendedAttributes - ? DsRetrievalAttributes - : new List {"sAMAccountName"}); // "sAMAccountName" attribute is mandatory + attributesToRetrieve.AddRange(DsRetrievalAttributes); var dsObject = GetDirectoryEntry($"LDAP://{searchRoot}", dsAttribute, identity, objectCategory, attributesToRetrieve); diff --git a/Models/CertificateRequestPolicy.cs b/Models/CertificateRequestPolicy.cs index 42f6655..9e30486 100644 --- a/Models/CertificateRequestPolicy.cs +++ b/Models/CertificateRequestPolicy.cs @@ -37,8 +37,8 @@ public class CertificateRequestPolicy public int MaximumKeyLength { get; set; } public List Subject { get; set; } = new List(); public List SubjectAlternativeName { get; set; } = new List(); - public List StaticSubject { get; set; } = new List(); - public List StaticSubjectAlternativeName { get; set; } = new List(); + public List OutboundSubject { get; set; } = new List(); + public List OutboundSubjectAlternativeName { get; set; } = new List(); public string SecurityIdentifierExtension { get; set; } = "Deny"; public DirectoryServicesMapping DirectoryServicesMapping { get; set; } public bool SupplementDnsNames { get; set; } diff --git a/Models/CertificateRequestValidationResult.cs b/Models/CertificateRequestValidationResult.cs index 3902010..22ac77c 100644 --- a/Models/CertificateRequestValidationResult.cs +++ b/Models/CertificateRequestValidationResult.cs @@ -15,6 +15,7 @@ using System; using System.Collections.Generic; using System.Globalization; +using System.Linq; using TameMyCerts.Enums; using TameMyCerts.X509; @@ -99,8 +100,7 @@ public Dictionary CertificateExtensions /// /// A list of certificate properties that shall be set after TameMyCerts has processed the certificate request /// - public List> CertificateProperties { get; } = - new List>(); + public Dictionary CertificateProperties { get; } = new Dictionary(); // TODO: Implement setter method /// @@ -108,6 +108,22 @@ public Dictionary CertificateExtensions /// public X509CertificateExtensionSubjectAlternativeName SubjectAlternativeNameExtension { get; } + public void SetSubjectDistinguishedName(string key, string value) + { + if (!RdnTypes.ToList().Contains(key)) + { + throw new NotSupportedException(string.Format(LocalizedStrings.Rdn_Invalid_Field, key)); + } + + if (value.Length > RdnTypes.LengthConstraint[key]) + { + throw new NotSupportedException(string.Format(LocalizedStrings.Rdn_Value_Too_Long, value, + key, RdnTypes.LengthConstraint[key], value.Length)); + } + + CertificateProperties[RdnTypes.NameProperty[key]] = value; + } + public void AddCertificateExtension(string key, byte[] value) { _certificateExtensions[key] = value; diff --git a/Models/CertificateTemplateCache.cs b/Models/CertificateTemplateCache.cs index 956af36..91482d9 100644 --- a/Models/CertificateTemplateCache.cs +++ b/Models/CertificateTemplateCache.cs @@ -88,7 +88,7 @@ private static KeyAlgorithmType GetKeyAlgorithm(string keyAlgorithmString) { foreach (var algorithmName in Enum.GetNames(typeof(KeyAlgorithmType))) { - if (keyAlgorithmString.Contains(algorithmName)) + if (keyAlgorithmString.Contains($"msPKI-Asymmetric-Algorithm`PZPWSTR`{algorithmName}`")) { return (KeyAlgorithmType)Enum.Parse(typeof(KeyAlgorithmType), algorithmName); } diff --git a/Models/DirectoryServicesMapping.cs b/Models/DirectoryServicesMapping.cs index 86df6a6..e94380c 100644 --- a/Models/DirectoryServicesMapping.cs +++ b/Models/DirectoryServicesMapping.cs @@ -31,7 +31,5 @@ public class DirectoryServicesMapping public bool PermitDisabledAccounts { get; set; } = false; public bool SupplementServicePrincipalNames { get; set; } = false; public bool AddSidUniformResourceIdentifier { get; set; } = false; - public List DsBoundSubject { get; set; } = new List(); - public List DsBoundSubjectAlternativeName { get; set; } = new List(); } } \ No newline at end of file diff --git a/Models/StaticSubjectRule.cs b/Models/OutboundSubjectRule.cs similarity index 91% rename from Models/StaticSubjectRule.cs rename to Models/OutboundSubjectRule.cs index 653ab5d..fa15ea5 100644 --- a/Models/StaticSubjectRule.cs +++ b/Models/OutboundSubjectRule.cs @@ -15,10 +15,11 @@ namespace TameMyCerts.Models { // Must be public due to XML serialization, otherwise 0x80131509 / System.InvalidOperationException - public class StaticSubjectRule + public class OutboundSubjectRule { public string Field { get; set; } = string.Empty; public string Value { get; set; } = string.Empty; + public bool Mandatory { get; set; } public bool Force { get; set; } } } \ No newline at end of file diff --git a/Policy.cs b/Policy.cs index 3e1be25..9dc7554 100644 --- a/Policy.cs +++ b/Policy.cs @@ -36,7 +36,7 @@ public class Policy : ICertPolicy2 private readonly CertificateRequestValidator _crValidator = new CertificateRequestValidator(); private readonly DirectoryServiceValidator _dsValidator = new DirectoryServiceValidator(); private readonly RequestAttributeValidator _raValidator = new RequestAttributeValidator(); - private readonly StaticContentValidator _scValidator = new StaticContentValidator(); + private readonly CertificateContentValidator _ccValidator = new CertificateContentValidator(); private readonly FinalResultValidator _frValidator = new FinalResultValidator(); private readonly CertificateTemplateCache _templateCache = new CertificateTemplateCache(); private CertificateAuthorityConfiguration _caConfig; @@ -160,8 +160,11 @@ public int VerifyRequest(string strConfig, int context, int isNewRequest, int fl #region Process policy-dependent validators result = _crValidator.VerifyRequest(result, policy, dbRow, template); - result = _dsValidator.VerifyRequest(result, policy, dbRow, template); - result = _scValidator.VerifyRequest(result, policy, dbRow, _caConfig); + + result = _dsValidator.GetMappedActiveDirectoryObject(result, policy, dbRow, template, out var dsObject); + + result = _dsValidator.VerifyRequest(result, policy, dsObject); + result = _ccValidator.VerifyRequest(result, policy, dbRow, dsObject, _caConfig); result = _frValidator.VerifyRequest(result, policy, dbRow); #endregion @@ -193,7 +196,7 @@ public int VerifyRequest(string strConfig, int context, int isNewRequest, int fl result.DisabledCertificateProperties.ForEach(name => serverPolicy.DisableCertificateProperty(name)); - result.CertificateProperties.ForEach(keyValuePair => + result.CertificateProperties.ToList().ForEach(keyValuePair => serverPolicy.SetCertificateProperty(keyValuePair.Key, keyValuePair.Value)); #endregion @@ -215,7 +218,7 @@ public int VerifyRequest(string strConfig, int context, int isNewRequest, int fl #region Deny request in any other case _logger.Log(Events.REQUEST_DENIED, requestId, template.Name, - string.Join("\n", result.Description)); + string.Join("\n", result.Description.Distinct().ToList())); // Seems that lower error codes must be thrown as exception if (result.StatusCode > CertSrv.VR_INSTANT_BAD && diff --git a/README.md b/README.md index e3f3045..ffedb74 100644 --- a/README.md +++ b/README.md @@ -13,7 +13,7 @@ The module therefore helps you to tame your certs! It has proven itself in count Find the most recent version of TameMyCerts as a ready-to-use, digitally signed binary package on the [releases page](https://github.com/Sleepw4lker/TameMyCerts/releases). -Consult the [user guide](https://github.com/Sleepw4lker/TameMyCerts.Docs/blob/main/README.md) to learn how to install, configure and use the module. +Consult the [user guide](https://docs.tamemycerts.com/) to learn how to install, configure and use the module. Consult the [changelog](CHANGELOG.md) if upgrading from a previous version. @@ -28,7 +28,7 @@ The TameMyCerts policy module addresses, amongst others, the following use cases - Certificate issuance must be delegated to a 3rd party service, for example, Mobile Device Management (MDM) systems like [Microsoft Endpoint Manager (aka InTune)](https://www.microsoft.com/en-us/security/business/microsoft-endpoint-manager) or [VMware AirWatch/Workspace One](https://www.vmware.com/content/vmware/vmware-published-sites/de/products/workspace-one.html.html), [Network Device Enrollment Service (NDES)](https://social.technet.microsoft.com/wiki/contents/articles/9063.active-directory-certificate-services-ad-cs-network-device-enrollment-service-ndes.aspx) deployments or similar use cases that require the certificate template to be configured to have the enrollee supply the subject information with the certificate signing request in combination with direct certificate issuance. Without the module, there is absolutely no control over the issued certificate content. - The module can also mitigate the problem that certificates may be inconsistent among platforms (e.g. having differing subject information on a mobile phone managed by MDM than on a PC that uses Autoenrollment because of inconsistent configuration settings on the MDM) by enforcing certificate content. - It is also capable of ensuring that a user or computer account exists in Active Directory matching the requested certificate, and that it is enabled and member (or not) of specific security groups (e.g. this can prevent issuing certificates for administrative accounts via MDM). -- Building the Subject Distinguished Name (DN) from Active Directory object attribues (e.g. supplementing Organizational Units, or issuing certificates containing the DisplayName or UPN as identity) via offline and online certificate requests. +- Modifying the Subject Distinguished Name (DN) or Subject Alternative Name (SAN) of issued certificates based on individual rules containing values from the opriginating certificate request or from Active Directory object attribues (e.g. supplementing Organizational Units, or issuing certificates containing the DisplayName or UPN as identity) via offline and online certificate requests. - Adding the the newly introduced Security Identifier (szOID_NTDS_CA_SECURITY_EXT with object id 1.3.6.1.4.1.311.25.2 that was introduced with [KB5014754](https://support.microsoft.com/en-us/topic/kb5014754-certificate-based-authentication-changes-on-windows-domain-controllers-ad2c23b0-15d8-4340-a468-4d4f3b188f16)) extension into offline certificate requests, which e.g. allows you to use Microsoft Network Policy Server (NPS) with certificates issued to mobile devices and the like and avoid breaking authentication when "strong" certificate mapping [will be enforced by Microsoft on February 11, 2025](https://support.microsoft.com/en-us/topic/kb5014754-certificate-based-authentication-changes-on-windows-domain-controllers-ad2c23b0-15d8-4340-a468-4d4f3b188f16#bkmk_fullenforcemode). - Technical or legal requirements to allow any kind of Subject RDN to be enabled for issuance on the certification authority (enabling [CRLF_REBUILD_MODIFIED_SUBJECT_ONLY](https://www.gradenegger.eu/?lang=en&p=952) flag on the certification authority). Without the module, there is no control over which exact Subject RDNs are allowed to be issued. - Certificate templates configured to allow Elliptic Curve Cryptography (ECC) keys. Without the module, it would be possible that certificates get issued that use small RSA keys (e.g. 512 bit or even smaller) even though these would be not allowed in the certificate template configuration, as the Windows Default policy module [only validates the key length but not the key algorithm](https://www.gradenegger.eu/?lang=en&p=14138). diff --git a/TameMyCerts.csproj b/TameMyCerts.csproj index aa3d982..590cb6c 100644 --- a/TameMyCerts.csproj +++ b/TameMyCerts.csproj @@ -58,6 +58,7 @@ + @@ -83,7 +84,7 @@ - + @@ -104,7 +105,7 @@ - + diff --git a/Validators/StaticContentValidator.cs b/Validators/CertificateContentValidator.cs similarity index 51% rename from Validators/StaticContentValidator.cs rename to Validators/CertificateContentValidator.cs index 9e9c14a..dcd5d3c 100644 --- a/Validators/StaticContentValidator.cs +++ b/Validators/CertificateContentValidator.cs @@ -15,6 +15,8 @@ using System; using System.Collections.Generic; using System.Linq; +using System.Text.RegularExpressions; +using TameMyCerts.ClassExtensions; using TameMyCerts.Enums; using TameMyCerts.Models; using TameMyCerts.X509; @@ -24,12 +26,33 @@ namespace TameMyCerts.Validators /// /// This validator is for static entries that shall be put into issued certificates. /// - internal class StaticContentValidator + internal class CertificateContentValidator { private const StringComparison Comparison = StringComparison.InvariantCultureIgnoreCase; + private static string ReplaceTokenValues(string input, string identifier, + IReadOnlyCollection> list) + { + // This extracts all tokens and verifies if the given list contains (=knows) the token + foreach (Match match in new Regex(@"{" + identifier + ":([\\-a-zA-Z0-9]*?)}").Matches(input)) + { + var token = match.Groups[1].Value; + + if (!list.Any(x => x.Key.Equals(token, StringComparison.InvariantCultureIgnoreCase))) + { + throw new Exception(string.Format(LocalizedStrings.Token_invalid, token)); + } + } + + var output = list.Aggregate(input, (current, identity) => + current.ReplaceCaseInsensitive($"{{{identifier}:{identity.Key}}}", identity.Value)); + + return output; + } + public CertificateRequestValidationResult VerifyRequest(CertificateRequestValidationResult result, - CertificateRequestPolicy policy, CertificateDatabaseRow dbRow, CertificateAuthorityConfiguration caConfig) + CertificateRequestPolicy policy, CertificateDatabaseRow dbRow, ActiveDirectoryObject dsObject, + CertificateAuthorityConfiguration caConfig) { if (result.DeniedForIssuance) { @@ -79,27 +102,12 @@ public CertificateRequestValidationResult VerifyRequest(CertificateRequestValida #endregion - #region Process static entries for Subject DN + #region Process modification of Subject DN - foreach (var rule in policy.StaticSubject) + foreach (var rule in policy.OutboundSubject) { - if (!RdnTypes.ToList().Where(x => x != RdnTypes.DomainComponent).Contains(rule.Field)) - { - result.SetFailureStatus(WinError.CERTSRV_E_TEMPLATE_DENIED, - string.Format(LocalizedStrings.StatVal_Rdn_Invalid_Field, rule.Field)); - continue; - } - - if (rule.Value.Length > RdnTypes.LengthConstraint[rule.Field]) - { - result.SetFailureStatus(WinError.CERTSRV_E_TEMPLATE_DENIED, - string.Format(LocalizedStrings.StatVal_Rdn_Value_Too_Long, rule.Value, - rule.Field, RdnTypes.LengthConstraint[rule.Field], - rule.Value.Length)); - continue; - } - - if (!rule.Force && ( + if (!rule.Force && RdnTypes.ToList().Contains(rule.Field) && + ( dbRow.SubjectRelativeDistinguishedNames.Any(x => x.Key.Equals(rule.Field, Comparison)) || result.CertificateProperties.Any(x => @@ -109,33 +117,63 @@ public CertificateRequestValidationResult VerifyRequest(CertificateRequestValida continue; } - result.CertificateProperties.Add( - new KeyValuePair(RdnTypes.NameProperty[rule.Field], - rule.Value)); + try + { + var value = rule.Value; + + value = ReplaceTokenValues(value, "ad", + null != dsObject ? dsObject.Attributes.ToList() : new List>()); + value = ReplaceTokenValues(value, "sdn", + policy.ReadSubjectFromRequest + ? dbRow.InlineSubjectRelativeDistinguishedNames + : dbRow.SubjectRelativeDistinguishedNames); + value = ReplaceTokenValues(value, "san", dbRow.SubjectAlternativeNames); + + result.SetSubjectDistinguishedName(rule.Field, value); + } + catch (Exception ex) + { + if (rule.Mandatory) + { + result.SetFailureStatus(WinError.CERTSRV_E_TEMPLATE_DENIED, ex.Message); + } + } } #endregion - #region Process static entries for Subject Alternative Name + #region Process modification of Subject Alternative Name - foreach (var rule in policy.StaticSubjectAlternativeName) + foreach (var rule in policy.OutboundSubjectAlternativeName) { - if (!SanTypes.ToList().Contains(rule.Field)) + if (!rule.Force && SanTypes.ToList().Contains(rule.Field) && + result.SubjectAlternativeNameExtension.AlternativeNames.Any(x => + x.Key.Equals(rule.Field, Comparison))) { - result.SetFailureStatus(WinError.CERTSRV_E_TEMPLATE_DENIED, - string.Format(LocalizedStrings.StatVal_Rdn_Invalid_Field, rule.Field)); continue; } - if (!rule.Force && result.SubjectAlternativeNameExtension.AlternativeNames.Any(x => - x.Key.Equals(rule.Field, Comparison))) + try { - continue; - } + var value = rule.Value; - // TODO: Cause the request to fail if adding the SAN is not possible (TryAdd). Dont forget to update docs as well. - result.SubjectAlternativeNameExtension.AddAlternativeName(rule.Field, - rule.Value); + value = ReplaceTokenValues(value, "ad", + null != dsObject ? dsObject.Attributes.ToList() : new List>()); + value = ReplaceTokenValues(value, "sdn", + policy.ReadSubjectFromRequest + ? dbRow.InlineSubjectRelativeDistinguishedNames + : dbRow.SubjectRelativeDistinguishedNames); + value = ReplaceTokenValues(value, "san", dbRow.SubjectAlternativeNames); + + result.SubjectAlternativeNameExtension.AddAlternativeName(rule.Field, value, true); + } + catch (Exception ex) + { + if (rule.Mandatory) + { + result.SetFailureStatus(WinError.CERTSRV_E_TEMPLATE_DENIED, ex.Message); + } + } } #endregion diff --git a/Validators/DirectoryServiceValidator.cs b/Validators/DirectoryServiceValidator.cs index b1c932f..88aad5c 100644 --- a/Validators/DirectoryServiceValidator.cs +++ b/Validators/DirectoryServiceValidator.cs @@ -39,10 +39,11 @@ public DirectoryServiceValidator(bool forTesting = false) } } - // This method is intended to be called by the policy module. It will retrieve the mapped AD object by the defined criteria. - public CertificateRequestValidationResult VerifyRequest(CertificateRequestValidationResult result, - CertificateRequestPolicy policy, CertificateDatabaseRow dbRow, CertificateTemplate template) + public CertificateRequestValidationResult GetMappedActiveDirectoryObject(CertificateRequestValidationResult result, + CertificateRequestPolicy policy, CertificateDatabaseRow dbRow, CertificateTemplate template, out ActiveDirectoryObject dsObject) { + dsObject = null; + if (result.DeniedForIssuance || null == policy.DirectoryServicesMapping) { return result; @@ -53,10 +54,6 @@ public CertificateRequestValidationResult VerifyRequest(CertificateRequestValida var certificateAttribute = dsMapping.CertificateAttribute; var dsAttribute = dsMapping.DirectoryServicesAttribute; var objectCategory = dsMapping.ObjectCategory; - var loadExtendedAttributes = - dsMapping.DsBoundSubject.Count > 0 || - dsMapping.DsBoundSubjectAlternativeName.Count > 0 || - dsMapping.DirectoryObjectRules.Count > 0; if (!template.EnrolleeSuppliesSubject) { @@ -79,22 +76,26 @@ public CertificateRequestValidationResult VerifyRequest(CertificateRequestValida try { - var dsObject = new ActiveDirectoryObject(_forestRootDomain, dsAttribute, identity, objectCategory, - dsMapping.SearchRoot, loadExtendedAttributes); - - return VerifyRequest(result, policy, dsObject); + dsObject = new ActiveDirectoryObject(_forestRootDomain, dsAttribute, identity, objectCategory, + dsMapping.SearchRoot); } catch (Exception ex) { result.SetFailureStatus(WinError.CERTSRV_E_TEMPLATE_DENIED, ex.Message); - return result; } + + return result; } // This method is intended to be called from unit tests and the other Initialize method. It takes a given AD object to work with. public CertificateRequestValidationResult VerifyRequest(CertificateRequestValidationResult result, CertificateRequestPolicy policy, ActiveDirectoryObject dsObject) { + if (result.DeniedForIssuance || null == policy.DirectoryServicesMapping || null == dsObject) + { + return result; + } + var dsMapping = policy.DirectoryServicesMapping; #region Process enablement status of the account @@ -205,98 +206,6 @@ public CertificateRequestValidationResult VerifyRequest(CertificateRequestValida #endregion - #region Process addition of Subject Relative Distinguished Names - - foreach (var rule in dsMapping.DsBoundSubject) - { - if (!RdnTypes.ToList().Where(x => x != RdnTypes.DomainComponent).Contains(rule.Field)) - { - if (rule.Mandatory) - { - result.SetFailureStatus(WinError.CERTSRV_E_TEMPLATE_DENIED, - string.Format(LocalizedStrings.DirVal_Rdn_Invalid_Field, rule.Field, - dsObject.DistinguishedName)); - } - - continue; - } - - if (!dsObject.Attributes.ContainsKey(rule.DirectoryServicesAttribute)) - { - if (rule.Mandatory) - { - result.SetFailureStatus(WinError.CERTSRV_E_TEMPLATE_DENIED, - string.Format(LocalizedStrings.DirVal_Rdn_Invalid_Directory_Attribute, - rule.DirectoryServicesAttribute, rule.Field, dsObject.DistinguishedName)); - } - - continue; - } - - var dsAttribute = dsObject.Attributes[rule.DirectoryServicesAttribute]; - - if (dsAttribute.Length > RdnTypes.LengthConstraint[rule.Field]) - { - if (rule.Mandatory) - { - result.SetFailureStatus(WinError.CERTSRV_E_TEMPLATE_DENIED, - string.Format(LocalizedStrings.DirVal_Rdn_Directory_Attribute_too_long, dsAttribute, - rule.DirectoryServicesAttribute, rule.Field, dsObject.DistinguishedName, - RdnTypes.LengthConstraint[rule.Field], - dsAttribute.Length)); - } - - continue; - } - - result.CertificateProperties.Add( - new KeyValuePair(RdnTypes.NameProperty[rule.Field], dsAttribute)); - } - - #endregion - - #region Process addition of Subject Alternative Names - - foreach (var rule in dsMapping.DsBoundSubjectAlternativeName) - { - if (!SanTypes.ToList().Contains(rule.Field)) - { - if (rule.Mandatory) - { - result.SetFailureStatus(WinError.CERTSRV_E_TEMPLATE_DENIED, - string.Format(LocalizedStrings.DirVal_San_Invalid_Field, rule.Field, - dsObject.DistinguishedName)); - } - - continue; - } - - if (!dsObject.Attributes.ContainsKey(rule.DirectoryServicesAttribute)) - { - if (rule.Mandatory) - { - result.SetFailureStatus(WinError.CERTSRV_E_TEMPLATE_DENIED, - string.Format(LocalizedStrings.DirVal_San_Invalid_Directory_Attribute, - rule.DirectoryServicesAttribute, rule.Field, dsObject.DistinguishedName)); - } - - continue; - } - - var dsAttribute = dsObject.Attributes[rule.DirectoryServicesAttribute]; - - if (!result.SubjectAlternativeNameExtension.TryAddAlternativeName(rule.Field, dsAttribute) && - rule.Mandatory) - { - // TODO: Implement better error message - result.SetFailureStatus(WinError.CERTSRV_E_TEMPLATE_DENIED, - string.Format(LocalizedStrings.DirVal_San_Failed_to_add, - rule.DirectoryServicesAttribute, rule.Field, dsObject.DistinguishedName)); - } - } - - #endregion - #region Supplement Service Principal Names (if any) if (dsMapping.SupplementServicePrincipalNames) diff --git a/X509/X509CertificateExtensionSubjectAlternativeName.cs b/X509/X509CertificateExtensionSubjectAlternativeName.cs index dd448e1..b56b087 100644 --- a/X509/X509CertificateExtensionSubjectAlternativeName.cs +++ b/X509/X509CertificateExtensionSubjectAlternativeName.cs @@ -254,9 +254,12 @@ public void RemoveUniformResourceIdentifier(Uri value) /// /// /// - public void AddAlternativeName(string type, string value) + public void AddAlternativeName(string type, string value, bool throwOnError = false) { - _ = TryAddAlternativeName(type, value); + if (!TryAddAlternativeName(type, value) && throwOnError) + { + throw new ArgumentException(string.Format(LocalizedStrings.San_unable_to_add, type, value)); + } } public bool TryAddAlternativeName(string type, string value) diff --git a/examples/Sample_Offline_Computer_SidExtension.xml b/examples/Sample_Offline_Computer_SidExtension.xml index cc8432c..a9e5801 100644 --- a/examples/Sample_Offline_Computer_SidExtension.xml +++ b/examples/Sample_Offline_Computer_SidExtension.xml @@ -1,13 +1,18 @@ - + @@ -17,7 +22,7 @@ 64 - ^[a-zA-Z0-9]*(\@intra\.tamemycerts\.com)$ + ^[a-zA-Z0-9]*\@intra\.tamemycerts\.com$ @@ -27,6 +32,7 @@ dNSHostName computer - + Add \ No newline at end of file diff --git a/examples/Sample_Offline_Computer_SidUri.xml b/examples/Sample_Offline_Computer_SidUri.xml index 24342d6..1b2c5d9 100644 --- a/examples/Sample_Offline_Computer_SidUri.xml +++ b/examples/Sample_Offline_Computer_SidUri.xml @@ -1,13 +1,18 @@ - + @@ -17,7 +22,7 @@ 64 - ^[a-zA-Z0-9]*(\@intra\.tamemycerts\.com)$ + ^[a-zA-Z0-9]*\@intra\.tamemycerts\.com$ diff --git a/examples/Sample_Offline_User.xml b/examples/Sample_Offline_User.xml index 3e0a01d..5154383 100644 --- a/examples/Sample_Offline_User.xml +++ b/examples/Sample_Offline_User.xml @@ -1,11 +1,16 @@ - + @@ -15,7 +20,7 @@ 64 - ^[a-zA-Z0-9]*(\@intra\.tamemycerts\.com)$ + ^[a-zA-Z0-9]*\@intra\.tamemycerts\.com$ @@ -35,6 +40,7 @@ CN=Administrative Accounts,OU=ADCS Labor Groups,DC=intra,DC=adcslabor,DC=de - + Allow \ No newline at end of file diff --git a/examples/Sample_Offline_User_DsBoundSubject.xml b/examples/Sample_Offline_User_DsBoundSubject.xml index 2d1d4f4..24a6f49 100644 --- a/examples/Sample_Offline_User_DsBoundSubject.xml +++ b/examples/Sample_Offline_User_DsBoundSubject.xml @@ -1,10 +1,13 @@ - + @@ -14,62 +17,62 @@ 64 - ^[a-zA-Z0-9]*(\@intra\.tamemycerts\.com)$ + ^[a-zA-Z0-9]*\@intra\.tamemycerts\.com$ - - - - emailAddress - mail - - - commonName - displayName - true - - - organizationName - company - - - organizationalUnitName - department - - - localityName - l - - - stateOrProvinceName - st - - - countryName - c - - - title - title - - - givenName - givenName - - - initials - initials - - - surname - sn - - - streetAddress - streetAddress - - - + + + + emailAddress + {ad:mail} + + + commonName + {ad:displayName} + true + true + + + organizationName + {ad:company} + + + organizationalUnitName + {ad:department} + + + localityName + {ad:l} + + + stateOrProvinceName + {ad:st} + + + countryName + {ad:c} + + + title + {ad:title} + + + givenName + {ad:givenName} + + + initials + {ad:initials} + + + surname + {ad:sn} + + + streetAddress + {ad:streetAddress} + + \ No newline at end of file diff --git a/examples/Sample_Offline_User_NotAfter.xml b/examples/Sample_Offline_User_NotAfter.xml index e7abbc4..919f9e3 100644 --- a/examples/Sample_Offline_User_NotAfter.xml +++ b/examples/Sample_Offline_User_NotAfter.xml @@ -1,9 +1,11 @@ - + 2022-12-31T23:59:59.0000000+01:00 @@ -13,7 +15,7 @@ 64 - ^[a-zA-Z0-9]*(\@intra\.tamemycerts\.com)$ + ^[a-zA-Z0-9]*\@intra\.tamemycerts\.com$ diff --git a/examples/Sample_Offline_User_SidExtension.xml b/examples/Sample_Offline_User_SidExtension.xml index 0ca665b..5fa8616 100644 --- a/examples/Sample_Offline_User_SidExtension.xml +++ b/examples/Sample_Offline_User_SidExtension.xml @@ -1,10 +1,14 @@ - + - + Add \ No newline at end of file diff --git a/examples/Sample_Offline_User_SidUri.xml b/examples/Sample_Offline_User_SidUri.xml index a29ff98..030ba6f 100644 --- a/examples/Sample_Offline_User_SidUri.xml +++ b/examples/Sample_Offline_User_SidUri.xml @@ -1,10 +1,14 @@ - + - + @@ -16,11 +18,12 @@ 64 - ^[a-zA-Z0-9]*(\@intra\.tamemycerts\.com)$ + ^[a-zA-Z0-9]*\@intra\.tamemycerts\.com$ - + organizationName false @@ -33,13 +36,14 @@ - - - + + + organizationName Contoso Corp. false - - + + \ No newline at end of file diff --git a/examples/Sample_Offline_Webserver.xml b/examples/Sample_Offline_Webserver.xml index 3bddcfc..072ec42 100644 --- a/examples/Sample_Offline_Webserver.xml +++ b/examples/Sample_Offline_Webserver.xml @@ -2,7 +2,8 @@ This is an example for a Web Server certificate template. It contains various examples for fine-granular contolling the certificate content. --> - + 2048 4096 diff --git a/examples/Sample_Offline_Webserver_SupplementDnsNames.xml b/examples/Sample_Offline_Webserver_SupplementDnsNames.xml index 9d151b4..d657ee1 100644 --- a/examples/Sample_Offline_Webserver_SupplementDnsNames.xml +++ b/examples/Sample_Offline_Webserver_SupplementDnsNames.xml @@ -1,9 +1,11 @@ - + 2048 4096 diff --git a/examples/Sample_Online_Computer_DsBoundSan.xml b/examples/Sample_Online_Computer_DsBoundSan.xml index dfbcc74..5c6554f 100644 --- a/examples/Sample_Online_Computer_DsBoundSan.xml +++ b/examples/Sample_Online_Computer_DsBoundSan.xml @@ -1,13 +1,16 @@ - + dNSName - dNSHostName + {ad:dNSHostName} computer - - - dNSName - extensionAttribute1 - - + + + dNSName + {ad:extensionAttribute1} + true + true + + \ No newline at end of file diff --git a/examples/Sample_Online_Computer_StaticSan.xml b/examples/Sample_Online_Computer_StaticSan.xml index b81dad2..5d4c85a 100644 --- a/examples/Sample_Online_Computer_StaticSan.xml +++ b/examples/Sample_Online_Computer_StaticSan.xml @@ -1,8 +1,9 @@ - - - + + + rfc822Name techsupport@tamemycerts.com - - + + \ No newline at end of file diff --git a/examples/Sample_Online_Computer_SupplementSpns.xml b/examples/Sample_Online_Computer_SupplementSpns.xml index d02cf00..60b24eb 100644 --- a/examples/Sample_Online_Computer_SupplementSpns.xml +++ b/examples/Sample_Online_Computer_SupplementSpns.xml @@ -1,4 +1,5 @@ - + dNSName dNSHostName diff --git a/examples/Sample_Online_User_CDP-AIA-OCSP.xml b/examples/Sample_Online_User_CDP-AIA-OCSP.xml index 62038c4..33a22b3 100644 --- a/examples/Sample_Online_User_CDP-AIA-OCSP.xml +++ b/examples/Sample_Online_User_CDP-AIA-OCSP.xml @@ -1,8 +1,10 @@ - + http://%1/CertData/%3%8%9.crl diff --git a/examples/Sample_Online_User_NotAfter.xml b/examples/Sample_Online_User_NotAfter.xml index 144512a..97a3bab 100644 --- a/examples/Sample_Online_User_NotAfter.xml +++ b/examples/Sample_Online_User_NotAfter.xml @@ -1,7 +1,9 @@ - + 2022-12-31T23:59:59.0000000+01:00 \ No newline at end of file diff --git a/examples/Sample_Online_User_StaticSubject.xml b/examples/Sample_Online_User_StaticSubject.xml index 5af2b2d..41aedb1 100644 --- a/examples/Sample_Online_User_StaticSubject.xml +++ b/examples/Sample_Online_User_StaticSubject.xml @@ -2,12 +2,14 @@ This is an example configuration file for user online certificate requests. The issued certificate will contain an organizationName RDN with the configured static value. --> - - - - + + + + organizationName Contoso Corp. - - + + \ No newline at end of file diff --git a/examples/Sample_Online_User_TPM.xml b/examples/Sample_Online_User_TPM.xml index b8c16c8..f6db5ed 100644 --- a/examples/Sample_Online_User_TPM.xml +++ b/examples/Sample_Online_User_TPM.xml @@ -1,10 +1,14 @@ - + taskhostw.exe diff --git a/install.ps1 b/install.ps1 index e98fb06..cfb1f02 100644 --- a/install.ps1 +++ b/install.ps1 @@ -1,7 +1,7 @@ #Requires -PSEdition Desktop -Version 5.1 <# .SYNOPSIS - Install script für the TameMyCerts rpolicy module. + Install script for the TameMyCerts policy module. Installs the module, configures the registry and activates the module. .PARAMETER PolicyDirectory diff --git a/user-guide/audit-only-mode.adoc b/user-guide/audit-only-mode.adoc index 201cece..3ccb2ee 100644 --- a/user-guide/audit-only-mode.adoc +++ b/user-guide/audit-only-mode.adoc @@ -1 +1 @@ -This file has moved link:https://github.com/Sleepw4lker/TameMyCerts.Docs/blob/main/user-guide/audit-only-mode.md[here]. +This file has moved link:https://docs.tamemycerts.com/#audit-only-mode[here]. diff --git a/user-guide/configuring.adoc b/user-guide/configuring.adoc index d515088..d8a2414 100644 --- a/user-guide/configuring.adoc +++ b/user-guide/configuring.adoc @@ -1 +1 @@ -This file has moved link:https://github.com/Sleepw4lker/TameMyCerts.Docs/blob/main/user-guide/configuring.md[here]. +This file has moved link:https://docs.tamemycerts.com/#configuring[here]. diff --git a/user-guide/csp-rules.adoc b/user-guide/csp-rules.adoc index 661c75d..8b00dac 100644 --- a/user-guide/csp-rules.adoc +++ b/user-guide/csp-rules.adoc @@ -1 +1 @@ -This file has moved link:https://github.com/Sleepw4lker/TameMyCerts.Docs/blob/main/user-guide/csp-rules.md[here]. +This file has moved link:https://docs.tamemycerts.com/#csp-rules[here]. diff --git a/user-guide/deny-insecure-flags.adoc b/user-guide/deny-insecure-flags.adoc index 035e4f3..17c42af 100644 --- a/user-guide/deny-insecure-flags.adoc +++ b/user-guide/deny-insecure-flags.adoc @@ -1 +1 @@ -This file has moved link:https://github.com/Sleepw4lker/TameMyCerts.Docs/blob/main/user-guide/deny-insecure-flags.md[here]. +This file has moved link:https://docs.tamemycerts.com/#deny-insecure-flags[here]. diff --git a/user-guide/ds-mapping.adoc b/user-guide/ds-mapping.adoc index ad0ae71..43e98f7 100644 --- a/user-guide/ds-mapping.adoc +++ b/user-guide/ds-mapping.adoc @@ -1 +1 @@ -This file has moved link:https://github.com/Sleepw4lker/TameMyCerts.Docs/blob/main/user-guide/ds-mapping.md[here]. +This file has moved link:https://docs.tamemycerts.com/#ds-mapping[here]. diff --git a/user-guide/enddate.adoc b/user-guide/enddate.adoc index eee0d2d..25a80dd 100644 --- a/user-guide/enddate.adoc +++ b/user-guide/enddate.adoc @@ -1 +1 @@ -This file has moved link:https://github.com/Sleepw4lker/TameMyCerts.Docs/blob/main/user-guide/enddate.md[here]. +This file has moved link:https://docs.tamemycerts.com/#enddate[here]. diff --git a/user-guide/how-it-works.adoc b/user-guide/how-it-works.adoc index cda6179..ec189ee 100644 --- a/user-guide/how-it-works.adoc +++ b/user-guide/how-it-works.adoc @@ -1 +1 @@ -This file has moved link:https://github.com/Sleepw4lker/TameMyCerts.Docs/blob/main/user-guide/how-it-works.md[here]. +This file has moved link:https://docs.tamemycerts.com/#how-it-works[here]. diff --git a/user-guide/index.adoc b/user-guide/index.adoc index 6c54f1c..95f6d59 100644 --- a/user-guide/index.adoc +++ b/user-guide/index.adoc @@ -1 +1 @@ -This file has moved link:https://github.com/Sleepw4lker/TameMyCerts.Docs/blob/main/user-guide/index.md[here]. +This file has moved link:https://docs.tamemycerts.com/[here]. diff --git a/user-guide/installing.adoc b/user-guide/installing.adoc index 8661abc..e2b62ba 100644 --- a/user-guide/installing.adoc +++ b/user-guide/installing.adoc @@ -1 +1 @@ -This file has moved link:https://github.com/Sleepw4lker/TameMyCerts.Docs/blob/main/user-guide/installing.md[here]. +This file has moved link:https://docs.tamemycerts.com/#installing[here]. diff --git a/user-guide/key-rules.adoc b/user-guide/key-rules.adoc index b093edb..20f3b26 100644 --- a/user-guide/key-rules.adoc +++ b/user-guide/key-rules.adoc @@ -1 +1 @@ -This file has moved link:https://github.com/Sleepw4lker/TameMyCerts.Docs/blob/main/user-guide/key-rules.md[here]. +This file has moved link:https://docs.tamemycerts.com/#key-rules[here]. diff --git a/user-guide/logs.adoc b/user-guide/logs.adoc index 9a889b0..abddbfe 100644 --- a/user-guide/logs.adoc +++ b/user-guide/logs.adoc @@ -1 +1 @@ -This file has moved link:https://github.com/Sleepw4lker/TameMyCerts.Docs/blob/main/user-guide/logs.md[here]. +This file has moved link:https://docs.tamemycerts.com/#logs[here]. diff --git a/user-guide/modify-subject-dn.adoc b/user-guide/modify-subject-dn.adoc index 9aa26cd..e83d131 100644 --- a/user-guide/modify-subject-dn.adoc +++ b/user-guide/modify-subject-dn.adoc @@ -1 +1 @@ -This file has moved link:https://github.com/Sleepw4lker/TameMyCerts.Docs/blob/main/user-guide/modify-subject-dn.md[here]. +This file has moved link:https://docs.tamemycerts.com/#modify-subject-dn[here]. diff --git a/user-guide/prerequisites.adoc b/user-guide/prerequisites.adoc index e131fe4..6ccfdb5 100644 --- a/user-guide/prerequisites.adoc +++ b/user-guide/prerequisites.adoc @@ -1 +1 @@ -This file has moved link:https://github.com/Sleepw4lker/TameMyCerts.Docs/blob/main/user-guide/prerequisites.md[here]. +This file has moved link:https://docs.tamemycerts.com/#prerequisites[here]. diff --git a/user-guide/process-rules.adoc b/user-guide/process-rules.adoc index 9b62a50..b76b27f 100644 --- a/user-guide/process-rules.adoc +++ b/user-guide/process-rules.adoc @@ -1 +1 @@ -This file has moved link:https://github.com/Sleepw4lker/TameMyCerts.Docs/blob/main/user-guide/process-rules.md[here]. +This file has moved link:https://docs.tamemycerts.com/#process-rules[here]. diff --git a/user-guide/san-rules.adoc b/user-guide/san-rules.adoc index 9e035d8..17d28f1 100644 --- a/user-guide/san-rules.adoc +++ b/user-guide/san-rules.adoc @@ -1 +1 @@ -This file has moved link:https://github.com/Sleepw4lker/TameMyCerts.Docs/blob/main/user-guide/san-rules.md[here]. +This file has moved link:https://docs.tamemycerts.com/#san-rules[here]. diff --git a/user-guide/sid-extension.adoc b/user-guide/sid-extension.adoc index d87d01d..9dcc0b5 100644 --- a/user-guide/sid-extension.adoc +++ b/user-guide/sid-extension.adoc @@ -1 +1 @@ -This file has moved link:https://github.com/Sleepw4lker/TameMyCerts.Docs/blob/main/user-guide/sid-extension.md[here]. +This file has moved link:https://docs.tamemycerts.com/#sid-extension[here]. diff --git a/user-guide/startdate.adoc b/user-guide/startdate.adoc index e90ea13..2e9baef 100644 --- a/user-guide/startdate.adoc +++ b/user-guide/startdate.adoc @@ -1 +1 @@ -This file has moved link:https://github.com/Sleepw4lker/TameMyCerts.Docs/blob/main/user-guide/startdate.md[here]. +This file has moved link:https://docs.tamemycerts.com/#startdate[here]. diff --git a/user-guide/subject-rules.adoc b/user-guide/subject-rules.adoc index 572685e..af87957 100644 --- a/user-guide/subject-rules.adoc +++ b/user-guide/subject-rules.adoc @@ -1 +1 @@ -This file has moved link:https://github.com/Sleepw4lker/TameMyCerts.Docs/blob/main/user-guide/subject-rules.md[here]. +This file has moved link:https://docs.tamemycerts.com/#subject-rules[here]. diff --git a/user-guide/supplement-dns-names.adoc b/user-guide/supplement-dns-names.adoc index 9b5171f..7484eab 100644 --- a/user-guide/supplement-dns-names.adoc +++ b/user-guide/supplement-dns-names.adoc @@ -1 +1 @@ -This file has moved link:https://github.com/Sleepw4lker/TameMyCerts.Docs/blob/main/user-guide/supplement-dns-names.md[here]. +This file has moved link:https://docs.tamemycerts.com/#supplement-dns-names[here]. diff --git a/user-guide/troubleshooting.adoc b/user-guide/troubleshooting.adoc index 26ced01..a997540 100644 --- a/user-guide/troubleshooting.adoc +++ b/user-guide/troubleshooting.adoc @@ -1 +1 @@ -This file has moved link:https://github.com/Sleepw4lker/TameMyCerts.Docs/blob/main/user-guide/troubleshooting.md[here]. +This file has moved link:https://docs.tamemycerts.com/#troubleshooting[here]. diff --git a/user-guide/uninstalling.adoc b/user-guide/uninstalling.adoc index 8a754bd..a52e9e3 100644 --- a/user-guide/uninstalling.adoc +++ b/user-guide/uninstalling.adoc @@ -1 +1 @@ -This file has moved link:https://github.com/Sleepw4lker/TameMyCerts.Docs/blob/main/user-guide/uninstalling.md[here]. +This file has moved link:https://docs.tamemycerts.com/#uninstalling[here].