You need to get a token for authentication before you may do much else.
string user = "God";
string pass = "letmein";
string apiUrl = "https://certificateservices.example.com/vedsdk/";
using (WebClient webClient = new WebClient())
{
string credString = "{\"Username\": \"" + user + "\", \"Password\": \"" + pass + "\"}";
byte[] credBytes = Encoding.Default.GetBytes(credentialsString);
byte[] back = webClient.UploadData(apiUrl + "authorize", "POST", credBytes);
JObject j = (JObject)JsonConvert.DeserializeObject(Encoding.UTF8.GetString(back));
string token = j["APIKey"].ToString();
return token;
}
The JSON object coming back has two properties on it, one advertised above (APIKey, a Guid) and ValidUntil which is a time to die. You may affirm a token, so to speak, like so:
string apiUrl = "https://certificateservices.example.com/vedsdk/";
using (WebClient webClient = new WebClient())
{
webClient.Headers.Add("X-Venafi-Api-Key", token);
byte[] back = webClient.DownloadData(apiUrl + "authorize/checkvalid");
JObject j = (JObject)JsonConvert.DeserializeObject(Encoding.UTF8.GetString(back));
return j;
}
Download a certificate by its "distinguished name" like so.
string apiUrl = "https://certificateservices.example.com/vedsdk/";
string name = "\\\\VED\\\\Policy\\\\@MyPolicy\\\\Certificates\\\\MyFolder\\\\MyCert";
using (WebClient webClient = new WebClient())
{
webClient.Headers.Add("X-Venafi-Api-Key", token);
string url = apiUrl + "certificates/Retrieve?CertificateDN=" + name;
url = url + "&Format=Base64";
byte[] response = webClient.DownloadData(url.Replace("\\\\","\\"));
return response;
}
Try to renew a certificate returning true upon success and false upon failure.
string apiUrl = "https://certificateservices.example.com/vedsdk/";
string name = "\\\\VED\\\\Policy\\\\@MyPolicy\\\\Certificates\\\\MyFolder\\\\MyCert";
using (WebClient webClient = new WebClient())
{
webClient.Headers.Add("Content-Type", "application/json");
webClient.Headers.Add("X-Venafi-Api-Key", token);
byte[] go = Encoding.Default.GetBytes("{\"CertificateDN\": \"" + name + "\"}");
byte[] back = webClient.UploadData(apiUrl + "certificates/renew", "POST", go);
JObject j = (JObject) JsonConvert.DeserializeObject(Encoding.UTF8.GetString(back));
bool isSuccess = Convert.ToBoolean(j["Success"].ToString());
if (!isSuccess) return false;
}
while(true)
{
JObject workToDoJson;
JObject inErrorJson;
JObject certificateVaultIdJson;
using (WebClient webClient = new WebClient())
{
webClient.Headers.Add("Content-Type", "application/json");
webClient.Headers.Add("X-Venafi-Api-Key", token);
string requestString = "{\"ObjectDN\": \"" + name + "\",";
requestString = requestString + ""\"AttributeName\": \"Work To Do\"}";
byte[] go = Encoding.Default.GetBytes(requestString);
byte[] response = webClient.UploadData(apiUrl + "config/read", "POST", go);
string workToDo = Encoding.UTF8.GetString(response);
workToDoJson = (JObject)JsonConvert.DeserializeObject(workToDo);
}
using (WebClient webClient = new WebClient())
{
webClient.Headers.Add("Content-Type", "application/json");
webClient.Headers.Add("X-Venafi-Api-Key", token);
string requestString = "{\"ObjectDN\": \"" + name + "\",";
requestString = requestString + ""\"AttributeName\": \"In Error\"}";
byte[] go = Encoding.Default.GetBytes(requestString);
byte[] response = webClient.UploadData(apiUrl + "config/read", "POST", go);
string inError = Encoding.UTF8.GetString(response);
inErrorJson = (JObject)JsonConvert.DeserializeObject(inError);
}
using (WebClient webClient = new WebClient())
{
webClient.Headers.Add("Content-Type", "application/json");
webClient.Headers.Add("X-Venafi-Api-Key", token);
string requestString = "{\"ObjectDN\": \"" + name + "\",";
requestString = requestString + ""\"AttributeName\": \"Certificate Vault Id\"}";
byte[] go = Encoding.Default.GetBytes(requestString);
byte[] response = webClient.UploadData(apiUrl + "config/read", "POST", go);
string certificateVaultId = Encoding.UTF8.GetString(response);
certificateVaultIdJson = (JObject)JsonConvert.DeserializeObject(certificateVaultId);
}
if (inErrorJson != null)
{
string inErrorsResult = inErrorJson["Result"].ToString();
string inErrorValues = inErrorJson["Values"].ToString();
if (inErrorsResult != null && inErrorValues != null)
{
int inErrorResultValue = Convert.ToInt32(inErrorsResult);
if (inErrorResultValue == 102 && inErrorValues == "[]")
{
string workToDoJsonResult = workToDoJson["Result"].ToString();
string certificateVaultIdResult = certificateVaultIdJson["Result"].ToString();
if (workToDoJsonResult != null && certificateVaultIdResult != null)
{
int workToDoJsonResultValue = Convert.ToInt32(workToDoJsonResult);
int certificateVaultIdResultValue = Convert.ToInt32(certificateVaultIdResult);
if (workToDoJsonResultValue == 1 && certificateVaultIdResultValue == 1)
{
return true;
}
if (workToDoJsonResultValue == 0 || certificateVaultIdResultValue == 0)
{
return false;
}
}
}
else
{
return false;
}
}
}
}
Create a certificate.
string apiUrl = "https://certificateservices.example.com/vedsdk/";
string name = "\\\\VED\\\\Policy\\\\@MyPolicy\\\\Certificates\\\\MyFolder\\\\MyCert";
using (WebClient webClient = new WebClient())
{
webClient.Headers.Add("Content-Type", "application/json");
webClient.Headers.Add("X-Venafi-Api-Key", token);
string gunk = "{\"ObjectDN\": \"" + name + "\", \"Class\": \"X509 Certificate\",";
gunk = gunk + ""\"NameAttributeList\": [";
gunk = gunk + "{\"Value\": \"Yin\",\"Name\": \"Organizational Unit\"},";
gunk = gunk + "{ \"Value\": \"Yang\", \"Name\": \"Description\"}";
gunk = gunk + "]}";
byte[] request = Encoding.Default.GetBytes(gunk);
byte[] back = webClient.UploadData(apiUrl + "Config/Create", "POST", request);
JObject j = (JObject)JsonConvert.DeserializeObject(Encoding.UTF8.GetString(back));
return j;
}
Create a server specification at the VEDAdmin GUI. An IdentityType of 1 is for a user and an IdentityType of 2 is for a security group. 8 is for a distribution group for email updates I suppose and you may add these three numbers together in a Unix manner to search across more than one IdentityType. I add one contact to the server below, but you may add more. It is alright to have more than one "Value" of "Contact" to do so.
string contact = "";
string apiUrl = "https://certificateservices.example.com/vedsdk/";
string serverName = "\\\\VED\\\\Policy\\\\@MyPolicy\\\\Devices and Apps\\\\MyServer";
string creds = "\\\\VED\\\\Policy\\\\@MyPolicy\\\\Access Credentials\\\\MyCredential";
using (WebClient webClient = new WebClient())
{
webClient.Headers.Add("Content-Type", "application/json");
webClient.Headers.Add("X-Venafi-Api-Key", token);
string requestString = "{\"Filter\": \"MyGroup\", \"Limit\": \"1\", \"IdentityType\": \"2\"}";
byte[] requestBytes = Encoding.Default.GetBytes(requestString);
byte[] dirtyResponse = apiUrl + "Identity/Browse", "POST", requestBytes);
string cleanResponse = Encoding.UTF8.GetString(dirtyResponse);
JObject json = (JObject)JsonConvert.DeserializeObject(cleanResponse);
contact = (string)json["Identities"][0]["Universal"];
}
using (WebClient webClient = new WebClient())
{
webClient.Headers.Add("Content-Type", "application/json");
webClient.Headers.Add("X-Venafi-Api-Key", token);
string gunk = "{\"ObjectDN\": \"" + serverName + "\", \"Class\": \"Device\",";
gunk = gunk + ""\"NameAttributeList\": [";
gunk = gunk + "{\"Value\": \"" + Guid.NewGuid() + "\", \"Name\": \"Client ID\"},";
gunk = gunk + "{\"Value\": \"AD+MS:" + contact + "\",\"Name\": \"Contact\"},";
gunk = gunk + "{\"Value\": \"my.server.example.com\",\"Name\": \"Host\"},";
gunk = gunk + "{\"Value\": \"" + creds + "\",\"Name\": \"Credential\"}";
gunk = gunk + "]}";
byte[] go = Encoding.Default.GetBytes(gunk);
byte[] dirtyResponse = webClient.UploadData(apiUrl + "Config/Create", "POST", go);
string cleanResponse = Encoding.UTF8.GetString(dirtyResponse);
JObject json = (JObject) JsonConvert.DeserializeObject(cleanResponse);
return json;
}