Skip to content

Releases: PKISolutions/ADCS-CertMod

v3.0.0 with Demo

24 May 11:19
@Crypt32 Crypt32
v3.0.0-demo
147ef84

Choose a tag to compare

View all tags
v3.0.0 with Demo Latest
Latest

What's Changed

  • Added demo project by @Crypt32 in #18
  • No changes in ADCS.CertMod.Managed package.

Full Changelog: v3.0.0...v3.0.0-demo

Contributors

Crypt32
Assets 3
Loading

v3.0.0

01 May 12:40
@Crypt32 Crypt32
v3.0.0
fb13cc5

Choose a tag to compare

View all tags
v3.0.0

This release brings a brand new feature -- NDES Policy module framework. See #10 for more details.

Breaking changes

  • RegistryService::ctor(String, Boolean) constructor is deprecated. You still can use it, but you should move to new overload for new projects
  • RegistryService.Config property is deprecated. Its description was misleading and the property itself is redundant. This property returns null. Consider to store this value in local variable/field if needed.
  • RegistryService.Initialize(String) method is deprecated. It is no longer called by server engine. Consider to move registry setting initialization logic into derived constructor.
  • LogWriter.ctor(String, LogLevel, String?) constructor adds a new optional String? baseDir parameter to specify custom log file folder location. You SHALL use custom path when implementing NDES module. If baseDir parameter is not specified, log files are written in %WinDir% folder. While it is ok for AD CS CertSrv Exit/Policy modules, NDES service account often don't have write permissions to system folder.
  • This release no longer ships with Interop.CERTCLILib.dll COM interop type library. Necessary COM types are now embedded in main assembly. If you still need this library (in case if you want to implement raw COM interfaces yourself), add a CertCli 1.0 Type Library COM reference to your VS project.
  • Clarified nullability across entire package.

What's Changed

  • Embedded COM interop types by @Crypt32 in #12
  • Added base framework to create NDES Policy module by @Crypt32 in #10
  • Migrates solution and project to modern VS template by @Crypt32 in #16
  • Added log level severity identifier to log entries by @Crypt32 in #17

Full Changelog: v2.0.0...v3.0.0

Contributors

Crypt32
Loading

v2.0.0

19 Mar 12:11
@Crypt32 Crypt32
v2.0.0
7ab4cf1

Choose a tag to compare

View all tags
v2.0.0

This release addresses a race-condition issue in both, policy and exit modules which may occur under a high activity rate on a CA. See The idea of CertPolicyBase::CertServer is vulnerable to race conditions issue for more details.

What's new

  • A thread-safe object pool is created to support concurrent request/event processing. Object pool is maintained automatically by this module and the only configurable option is pool size, which can have the size between 1-63 elements. Default is 32. This number indicates how many parallel processings are allowed. If pool is exhausted, then subsequent CA server calls are put in queue until any existing processing is finished and the object is returned to the pool.
  • A new Int32 poolSize optional parameter is added to all CertExitBase and CertPolicyBase constructors. Default value is 32. Pool size cannot be changed afterwards.

Breaking changes

I've tried to minimize the number of breaking changes in favor to backward compatibility, however it rendered to be impossible due to the nature of the problem. Sections below provide breaking changes and existing exit/policy module migration process.

Exit module

  • CertServer (of type of CertServerModule) protected property is deprecated, because it is not thread-safe.
  • Virtual method CertExitBase.Notify(ExitEvents, Int32) is no longer virtual.
  • A new abstract method is introduced: CertExitBase.Notify(CertServerModule, ExitEvents, Int32). This method has the same parameters as previous virtual method and includes a new parameter which accepts a thread-safe instance of CertServerModule class.

Caution

Don't call CertExitBase.Notify(ExitEvents, Int32) yourself as it will fail with StackOverflowException, because it will trigger unstoppable recursive call. It is meant to be called by CA server only.

Migration from previous CertMod version to new version is as follows:

  • Move existing CertExitBase.Notify(ExitEvents, Int32) oveeride into new abstract CertExitBase.Notify(CertServerModule, ExitEvents, Int32) method implementation
  • Replace all CertServer protected property usage with certServer parameter in CertExitBase.Notify(CertServerModule, ExitEvents, Int32)

Policy module

  • CertServer (of type of CertServerModule) protected property is deprecated, because it is not thread-safe.
  • Virtual method CertPolicyBase.VerifyRequest(String, Int32, Int32, Int32) is no longer virtual.
  • A new abstract method is introduced: CertPolicyBaseVerifyRequest(CertServerModule, PolicyModuleAction, Boolean). This method has slightly different parameters than previous virtual method and includes a new parameter which accepts a thread-safe instance of CertServerModule class. First parameter of type of CertServerModule is already associated with the current request and request data. Second parameter of type of PolicyModuleAction includes policy module action from underlying policy module, so you don't have to call base.VerifyRequest method. Third parameter indicates whether the request is new (true) or renewal (false) request.

Caution

Don't call CertPolicyBase.VerifyRequest(String, Int32, Int32, Int32) yourself as it will fail with StackOverflowException, because it will trigger unstoppable recursive call. It is meant to be called by CA server only.

Migration from previous CertMod version to new version is as follows:

  • Move existing CertExitBase.Notify(ExitEvents, Int32) oveeride into new abstract CertPolicyBaseVerifyRequest(CertServerModule, PolicyModuleAction, Boolean) method implementation
  • Remove any calls to base.VerifyRequest(strConfig, Context, bNewRequest, Flags);. Return value of this call is already passed in nativeResult parameter.
  • Replace all CertServer protected property usage with certServer parameter in CertPolicyBaseVerifyRequest(CertServerModule, PolicyModuleAction, Boolean)

What's Changed (autogenerated)

  • Make CertSrvH property types at ADCS.CertMod.Managed.Extensions public by @phonexicum in #5
  • Multi-threading support with object pool by @Crypt32 in #7
  • added SourceRoot property by @Crypt32 in #8

New Contributors

Full Changelog: v1.3.2...v2.0.0

Contributors

Crypt32 and phonexicum
Loading

v1.3.2

22 Jun 10:35
@Crypt32 Crypt32
v1.3.2
184ab04

Choose a tag to compare

View all tags
v1.3.2

Full Changelog: v1.3.1...v1.3.2

  • made unmanaged memory management safer
  • fixed issue when request ID is not populated for CertImported, CertUnrevoked and CertRetrievePending exit events occur
  • Minor error logging improvements
Loading

Initial public release

11 Mar 18:52
@Crypt32 Crypt32
v1.3.1
1673cb9
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Initial public release

Initial public release.

Loading