public override void OnSetFederatedOrganizationIdentifier(FederationTrust federationTrust, SmtpDomain accountNamespace)
{
string text = accountNamespace.ToString();
string wkgDomain = FederatedOrganizationId.AddHybridConfigurationWellKnownSubDomain(text);
AppIdInfo appIdInfo = null;
ManageDelegation2Client client = this.GetManageDelegation(wkgDomain);
try
{
appIdInfo = client.CreateAppId(wkgDomain);
}
catch (LiveDomainServicesException ex)
{
if (ex.DomainError != null && ex.DomainError.Value == DomainError.ProofOfOwnershipNotValid)
{
throw new DomainProofOwnershipException(Strings.ErrorManageDelegation2ProofDomainOwnership, ex);
}
throw new ProvisioningFederatedExchangeException(ex.LocalizedString, ex);
}
if (string.IsNullOrEmpty(federationTrust.ApplicationIdentifier))
{
if (appIdInfo == null || string.IsNullOrEmpty(appIdInfo.AppId))
{
throw new LiveDomainServicesException(Strings.ErrorLiveDomainServicesUnexpectedResult(Strings.ErrorInvalidApplicationId));
}
base.WriteVerbose(Strings.NewFederationTrustSuccessAppId(FederationTrust.PartnerSTSType.LiveId.ToString(), appIdInfo.AppId));
federationTrust.ApplicationIdentifier = appIdInfo.AppId.Trim();
}
base.ReserveDomain(wkgDomain, federationTrust.ApplicationIdentifier, client, Strings.ErrorManageDelegation2ProofDomainOwnership, () => LiveFederationProvision2.GetDomainStateFromDomainInfo(client.GetDomainInfo(federationTrust.ApplicationIdentifier, wkgDomain)));
using (ManageDelegation2Client manageDelegation = this.GetManageDelegation(text))
{
manageDelegation.AddUri(appIdInfo.AppId, text);
}
}
private void ValidateDelegationFederationTrustParameter()
{
if (this.DelegationFederationTrust != null)
{
ADObjectId descendantId = base.RootOrgContainerId.GetDescendantId(FederationTrust.FederationTrustsContainer);
IConfigDataProvider configDataProvider = ((IConfigurationSession)base.DataSession).SessionSettings.PartitionId.ForestFQDN.Equals(TopologyProvider.LocalForestFqdn, StringComparison.OrdinalIgnoreCase) ? base.DataSession : base.RootOrgGlobalConfigSession;
IEnumerable <FederationTrust> objects = this.DelegationFederationTrust.GetObjects <FederationTrust>(descendantId, configDataProvider);
ADObjectId identity = null;
using (IEnumerator <FederationTrust> enumerator = objects.GetEnumerator())
{
if (!enumerator.MoveNext())
{
base.WriteError(new ManagementObjectNotFoundException(Strings.ErrorFederationTrustNotFound(this.DelegationFederationTrust.ToString())), ErrorCategory.ObjectNotFound, null);
}
identity = (ADObjectId)enumerator.Current.Identity;
if (enumerator.MoveNext())
{
base.WriteError(new ManagementObjectAmbiguousException(Strings.ErrorFederationTrustNotUnique(this.DelegationFederationTrust.ToString())), ErrorCategory.InvalidData, null);
}
}
FederationTrust federationTrust = (FederationTrust)configDataProvider.Read <FederationTrust>(identity);
if (federationTrust == null)
{
base.WriteError(new ManagementObjectNotFoundException(Strings.ErrorFederationTrustNotFound(this.delegationTrustId.ToDNString())), ErrorCategory.ObjectNotFound, null);
}
this.delegationTrustId = identity;
this.federationTrust = federationTrust;
}
}
public override void OnPublishFederationCertificate(FederationTrust federationTrust)
{
X509Certificate2 x509Certificate = FederationCertificate.LoadCertificateWithPrivateKey(federationTrust.OrgNextPrivCertificate, base.WriteVerbose);
string rawBase64Certificate = Convert.ToBase64String(x509Certificate.GetRawCertData());
using (ManageDelegation2Client manageDelegation = this.GetManageDelegation(federationTrust.ApplicationUri.OriginalString))
{
manageDelegation.UpdateAppIdCertificate(federationTrust.ApplicationIdentifier, rawBase64Certificate);
}
}
public override void OnSetFederatedOrganizationIdentifier(FederationTrust federationTrust, SmtpDomain accountNamespace)
{
LiveFederationProvision1.< > c__DisplayClass1 CS$ < > 8__locals1 = new LiveFederationProvision1.< > c__DisplayClass1();
CS$ < > 8__locals1.< > 4__this = this;
CS$ < > 8__locals1.domain = accountNamespace.ToString();
using (ManageDelegation1Client client = this.GetManageDelegation())
{
base.ReserveDomain(CS$ < > 8__locals1.domain, base.ApplicationIdentifier, client, Strings.ErrorManageDelegation1ProofDomainOwnership, () => LiveFederationProvision1.GetDomainStateFromDomainInfo(client.GetDomainInfo(CS$ < > 8__locals1.< > 4__this.ApplicationIdentifier, CS$ < > 8__locals1.domain)));
base.AddUri(CS$ < > 8__locals1.domain, federationTrust.ApplicationIdentifier, client, Strings.ErrorManageDelegation1ProofDomainOwnership);
}
}
public static FederationProvision Create(FederationTrust federationTrust, Task task)
{
switch (federationTrust.NamespaceProvisioner)
{
case FederationTrust.NamespaceProvisionerType.LiveDomainServices:
return(new LiveFederationProvision1(federationTrust.OrgPrivCertificate, federationTrust.ApplicationIdentifier, task));
case FederationTrust.NamespaceProvisionerType.LiveDomainServices2:
return(new LiveFederationProvision2(federationTrust.OrgPrivCertificate, federationTrust.ApplicationIdentifier, task));
default:
return(new CustomFederationProvision());
}
}
public override void OnPublishFederationCertificate(FederationTrust federationTrust)
{
if (string.IsNullOrEmpty(federationTrust.AdministratorProvisioningId))
{
throw new NoAdministratorKeyFoundException(federationTrust.Name);
}
X509Certificate2 x509Certificate = FederationCertificate.LoadCertificateWithPrivateKey(federationTrust.OrgNextPrivCertificate, base.WriteVerbose);
string rawBase64Certificate = Convert.ToBase64String(x509Certificate.GetRawCertData());
using (ManageDelegation1Client manageDelegation = this.GetManageDelegation())
{
manageDelegation.UpdateAppIdCertificate(federationTrust.ApplicationIdentifier, federationTrust.AdministratorProvisioningId, rawBase64Certificate);
}
}
public override void OnNewFederationTrust(FederationTrust federationTrust)
{
X509Certificate x509Certificate = FederationCertificate.LoadCertificateWithPrivateKey(federationTrust.OrgPrivCertificate, base.WriteVerbose);
string rawBase64Certificate = Convert.ToBase64String(x509Certificate.GetRawCertData());
AppIdInfo appIdInfo = null;
using (ManageDelegation1Client manageDelegation = this.GetManageDelegation())
{
appIdInfo = manageDelegation.CreateAppId(rawBase64Certificate);
}
if (appIdInfo == null || string.IsNullOrEmpty(appIdInfo.AppId))
{
throw new LiveDomainServicesException(Strings.ErrorLiveDomainServicesUnexpectedResult(Strings.ErrorInvalidApplicationId));
}
federationTrust.ApplicationIdentifier = appIdInfo.AppId.Trim();
federationTrust.AdministratorProvisioningId = appIdInfo.AdminKey.Trim();
base.WriteVerbose(Strings.NewFederationTrustSuccessAppId(FederationTrust.PartnerSTSType.LiveId.ToString(), federationTrust.ApplicationIdentifier));
}
protected override void InternalProcessRecord()
{
TaskLogger.LogEnter();
base.InternalProcessRecord();
if (!string.IsNullOrEmpty(this.Thumbprint))
{
this.ProcessForCertificate(this.Thumbprint, null);
}
else
{
FederationTrust federationTrust = this.GetFederationTrust();
var array = new < > f__AnonymousType25 <string, string>[]
{
new
{
PropertyName = "OrgNextPrivCertificate",
Thumbprint = federationTrust.OrgNextPrivCertificate
},
new
{
PropertyName = "OrgPrivCertificate",
Thumbprint = federationTrust.OrgPrivCertificate
},
new
{
PropertyName = "OrgPrevPrivCertificate",
Thumbprint = federationTrust.OrgPrevPrivCertificate
}
};
var array2 = array;
for (int i = 0; i < array2.Length; i++)
{
var <> f__AnonymousType = array2[i];
if (!string.IsNullOrEmpty(< > f__AnonymousType.Thumbprint))
{
this.ProcessForCertificate(< > f__AnonymousType.Thumbprint, <> f__AnonymousType.PropertyName);
}
}
}
TaskLogger.LogExit();
}
internal static void AddEndpointEnabledHeaders(HttpResponse response)
{
if (AutodiscoverEwsWebConfiguration.SoapEndpointEnabled)
{
response.AddHeader("X-SOAP-Enabled", bool.TrueString);
}
response.AddHeader("X-WSSecurity-Enabled", AutodiscoverEwsWebConfiguration.WsSecurityEndpointEnabled ? bool.TrueString : bool.FalseString);
string value;
if ((HttpProxyGlobals.IsPartnerHostedOnly || VariantConfiguration.InvariantNoFlightingSnapshot.Autodiscover.WsSecurityEndpoint.Enabled) && AutodiscoverEwsWebConfiguration.WsSecurityEndpointEnabled)
{
value = "Logon";
}
else
{
value = "None";
}
response.AddHeader("X-WSSecurity-For", value);
FederationTrust federationTrust = FederationTrustCache.GetFederationTrust("MicrosoftOnline");
if (federationTrust != null)
{
response.AddHeader("X-FederationTrustTokenIssuerUri", federationTrust.TokenIssuerUri.ToString());
}
if (AutodiscoverEwsWebConfiguration.WsSecuritySymmetricKeyEndpointEnabled)
{
response.AddHeader("X-WSSecurity-SymmetricKey-Enabled", bool.TrueString);
}
if (AutodiscoverEwsWebConfiguration.WsSecurityX509CertEndpointEnabled)
{
response.AddHeader("X-WSSecurity-X509Cert-Enabled", bool.TrueString);
}
HttpApplication applicationInstance = HttpContext.Current.ApplicationInstance;
IHttpModule httpModule = applicationInstance.Modules["OAuthAuthModule"];
response.AddHeader("X-OAuth-Enabled", (httpModule != null) ? bool.TrueString : bool.FalseString);
}
protected void AddEndpointEnabledHeaders(HttpResponse response)
{
if (AutodiscoverDiscoveryHttpHandler.webConfiguration.Member.SoapEndpointEnabled)
{
response.AddHeader("X-SOAP-Enabled", bool.TrueString);
}
response.AddHeader("X-WSSecurity-Enabled", AutodiscoverDiscoveryHttpHandler.webConfiguration.Member.WsSecurityEndpointEnabled ? bool.TrueString : bool.FalseString);
response.AddHeader("X-WSSecurity-For", (VariantConfiguration.InvariantNoFlightingSnapshot.Autodiscover.WsSecurityEndpoint.Enabled && AutodiscoverDiscoveryHttpHandler.webConfiguration.Member.WsSecurityEndpointEnabled) ? "Logon" : "None");
FederationTrust federationTrust = FederationTrustCache.GetFederationTrust("MicrosoftOnline");
if (federationTrust != null)
{
response.AddHeader("X-FederationTrustTokenIssuerUri", federationTrust.TokenIssuerUri.ToString());
}
if (AutodiscoverDiscoveryHttpHandler.webConfiguration.Member.WsSecuritySymmetricKeyEndpointEnabled)
{
response.AddHeader("X-WSSecurity-SymmetricKey-Enabled", bool.TrueString);
}
if (AutodiscoverDiscoveryHttpHandler.webConfiguration.Member.WsSecurityX509CertEndpointEnabled)
{
response.AddHeader("X-WSSecurity-X509Cert-Enabled", bool.TrueString);
}
response.AddHeader("X-OAuth-Enabled", AutodiscoverDiscoveryHttpHandler.webConfiguration.Member.OAuthEndpointEnabled ? bool.TrueString : bool.FalseString);
}
private bool ProcessFederationTrust(FederationTrust federationTrust)
{
PartnerFederationMetadata partnerFederationMetadata = null;
try
{
partnerFederationMetadata = LivePartnerFederationMetadata.LoadFrom(federationTrust.TokenIssuerMetadataEpr, null);
}
catch (FederationMetadataException ex)
{
this.Context.Logger.LogTerseEvent(MigrationEventType.Error, MSExchangeAuthAdminEventLogConstants.Tuple_UnableToAccessMetadata, new string[]
{
ex.Message,
federationTrust.TokenIssuerMetadataEpr.OriginalString,
federationTrust.Name
});
}
catch (Exception ex2)
{
this.Context.Logger.LogTerseEvent(MigrationEventType.Error, MSExchangeAuthAdminEventLogConstants.Tuple_UnableToAccessMetadata, new string[]
{
AnchorLogger.GetDiagnosticInfo(ex2, null),
federationTrust.TokenIssuerMetadataEpr.OriginalString,
federationTrust.Name
});
}
if (partnerFederationMetadata == null)
{
return(false);
}
List <LocalizedString> warningMessages = new List <LocalizedString>();
try
{
LivePartnerFederationMetadata.InitializeDataObjectFromMetadata(federationTrust, partnerFederationMetadata, delegate(LocalizedString localizedString)
{
warningMessages.Add(localizedString);
});
}
catch (FederationMetadataException ex3)
{
this.Context.Logger.LogTerseEvent(MigrationEventType.Error, MSExchangeAuthAdminEventLogConstants.Tuple_CorruptMetadata, new string[]
{
ex3.Message,
federationTrust.TokenIssuerMetadataEpr.OriginalString,
federationTrust.Name
});
}
catch (Exception ex4)
{
this.Context.Logger.LogTerseEvent(MigrationEventType.Error, MSExchangeAuthAdminEventLogConstants.Tuple_UnableToAccessMetadata, new string[]
{
AnchorLogger.GetDiagnosticInfo(ex4, null),
federationTrust.TokenIssuerMetadataEpr.OriginalString,
federationTrust.Name
});
}
if (warningMessages.Count > 0)
{
StringBuilder stringBuilder = new StringBuilder();
foreach (LocalizedString localizedString2 in warningMessages)
{
stringBuilder.AppendFormat("{0};", localizedString2.ToString());
}
this.Context.Logger.LogTerseEvent(MigrationEventType.Warning, MSExchangeAuthAdminEventLogConstants.Tuple_Warning, new string[]
{
federationTrust.Name,
stringBuilder.ToString()
});
}
return(federationTrust.ObjectState == ObjectState.Changed);
}
public override void OnNewFederationTrust(FederationTrust federationTrust)
{
}
public override void OnPublishFederationCertificate(FederationTrust federationTrust)
{
}
public override void OnSetFederatedOrganizationIdentifier(FederationTrust federationTrust, SmtpDomain accountNamespace)
{
}
private FederatedOrganizationIdWithDomainStatus CreatePresentationObject(FederatedOrganizationId fedOrgId, bool includeExtendedDomainInfo)
{
FederatedOrganizationIdWithDomainStatus federatedOrganizationIdWithDomainStatus = new FederatedOrganizationIdWithDomainStatus(fedOrgId);
if (fedOrgId.DelegationTrustLink == null)
{
return(federatedOrganizationIdWithDomainStatus);
}
FederationTrust federationTrust = this.ConfigurationSession.Read <FederationTrust>(fedOrgId.DelegationTrustLink);
if (federationTrust == null)
{
fedOrgId.DelegationTrustLink = ADObjectIdResolutionHelper.ResolveDN(fedOrgId.DelegationTrustLink);
ADSessionSettings sessionSettings = ADSessionSettings.FromOrganizationIdWithoutRbacScopes(ADSystemConfigurationSession.GetRootOrgContainerIdForLocalForest(), OrganizationId.ForestWideOrgId, null, false);
ITopologyConfigurationSession topologyConfigurationSession = DirectorySessionFactory.Default.CreateTopologyConfigurationSession(ConsistencyMode.IgnoreInvalid, sessionSettings, 147, "CreatePresentationObject", "f:\\15.00.1497\\sources\\dev\\Management\\src\\Management\\SystemConfigurationTasks\\Federation\\GetFederatedOrganizationIdentifier.cs");
federationTrust = topologyConfigurationSession.Read <FederationTrust>(fedOrgId.DelegationTrustLink);
if (federationTrust == null)
{
return(federatedOrganizationIdWithDomainStatus);
}
}
List <AcceptedDomain> allFederatedDomains = this.GetAllFederatedDomains(fedOrgId);
if (allFederatedDomains.Count == 0)
{
return(federatedOrganizationIdWithDomainStatus);
}
foreach (AcceptedDomain acceptedDomain in allFederatedDomains)
{
if (acceptedDomain.IsDefaultFederatedDomain)
{
federatedOrganizationIdWithDomainStatus.DefaultDomain = new SmtpDomain(acceptedDomain.DomainName.Domain);
break;
}
}
MultiValuedProperty <FederatedDomain> multiValuedProperty = new MultiValuedProperty <FederatedDomain>();
if (!includeExtendedDomainInfo)
{
foreach (AcceptedDomain acceptedDomain2 in allFederatedDomains)
{
multiValuedProperty.Add(new FederatedDomain(new SmtpDomain(acceptedDomain2.DomainName.Domain)));
}
federatedOrganizationIdWithDomainStatus.Domains = multiValuedProperty;
return(federatedOrganizationIdWithDomainStatus);
}
FederationProvision federationProvision = FederationProvision.Create(federationTrust, this);
base.WriteVerbose(Strings.GetFedDomainStatusInfo(FederatedOrganizationId.AddHybridConfigurationWellKnownSubDomain(fedOrgId.AccountNamespace.Domain)));
DomainState state = DomainState.Unknown;
try
{
state = federationProvision.GetDomainState(FederatedOrganizationId.AddHybridConfigurationWellKnownSubDomain(fedOrgId.AccountNamespace.Domain));
}
catch (LocalizedException ex)
{
this.WriteError(new CannotGetDomainStatusFromPartnerSTSException(fedOrgId.AccountNamespace.ToString(), federationTrust.ApplicationIdentifier, ex.Message), ErrorCategory.ResourceUnavailable, null, false);
}
multiValuedProperty.Add(new FederatedDomain(fedOrgId.AccountNamespace, state));
foreach (AcceptedDomain acceptedDomain3 in allFederatedDomains)
{
SmtpDomain smtpDomain = new SmtpDomain(acceptedDomain3.DomainName.Domain);
if (!smtpDomain.Equals(fedOrgId.AccountNamespace))
{
multiValuedProperty.Add(new FederatedDomain(smtpDomain));
}
}
federatedOrganizationIdWithDomainStatus.Domains = multiValuedProperty;
return(federatedOrganizationIdWithDomainStatus);
}
public static void InitializeDataObjectFromMetadata(FederationTrust federationTrust, PartnerFederationMetadata partnerFederationMetadata, WriteWarningDelegate writeWarning)
{
if (writeWarning == null)
{
writeWarning = new WriteWarningDelegate(LivePartnerFederationMetadata.NullWriteWarning);
}
federationTrust.PolicyReferenceUri = partnerFederationMetadata.PolicyReferenceUri;
federationTrust.TokenIssuerMetadataEpr = partnerFederationMetadata.TokenIssuerMetadataEpr;
federationTrust.TokenIssuerUri = partnerFederationMetadata.TokenIssuerUri;
federationTrust.TokenIssuerEpr = partnerFederationMetadata.TokenIssuerEpr;
federationTrust.WebRequestorRedirectEpr = partnerFederationMetadata.WebRequestorRedirectEpr;
federationTrust.TokenIssuerCertReference = partnerFederationMetadata.TokenIssuerCertReference;
federationTrust.TokenIssuerPrevCertReference = partnerFederationMetadata.TokenIssuerPrevCertReference;
if (partnerFederationMetadata.TokenIssuerCertificate != null && partnerFederationMetadata.TokenIssuerPrevCertificate != null && partnerFederationMetadata.TokenIssuerPrevCertificate.NotAfter > partnerFederationMetadata.TokenIssuerCertificate.NotAfter)
{
X509Certificate2 tokenIssuerCertificate = partnerFederationMetadata.TokenIssuerCertificate;
partnerFederationMetadata.TokenIssuerCertificate = partnerFederationMetadata.TokenIssuerPrevCertificate;
partnerFederationMetadata.TokenIssuerPrevCertificate = tokenIssuerCertificate;
}
if (partnerFederationMetadata.TokenIssuerCertificate != null)
{
if (partnerFederationMetadata.TokenIssuerCertificate.NotAfter > DateTime.UtcNow)
{
if (federationTrust.TokenIssuerCertificate == null || !federationTrust.TokenIssuerCertificate.Thumbprint.Equals(partnerFederationMetadata.TokenIssuerCertificate.Thumbprint, StringComparison.OrdinalIgnoreCase))
{
federationTrust.TokenIssuerCertificate = partnerFederationMetadata.TokenIssuerCertificate;
}
}
else
{
writeWarning(Strings.WarningIssuerCertificateExpired(partnerFederationMetadata.TokenIssuerCertificate.Thumbprint));
if (federationTrust.TokenIssuerCertificate != null)
{
federationTrust.TokenIssuerCertificate = null;
}
}
}
if (partnerFederationMetadata.TokenIssuerPrevCertificate != null)
{
if (partnerFederationMetadata.TokenIssuerPrevCertificate.NotAfter > DateTime.UtcNow)
{
if (federationTrust.TokenIssuerPrevCertificate == null || !federationTrust.TokenIssuerPrevCertificate.Thumbprint.Equals(partnerFederationMetadata.TokenIssuerPrevCertificate.Thumbprint, StringComparison.OrdinalIgnoreCase))
{
federationTrust.TokenIssuerPrevCertificate = partnerFederationMetadata.TokenIssuerPrevCertificate;
}
}
else
{
writeWarning(Strings.WarningIssuerCertificateExpired(partnerFederationMetadata.TokenIssuerPrevCertificate.Thumbprint));
if (federationTrust.TokenIssuerPrevCertificate != null)
{
federationTrust.TokenIssuerPrevCertificate = null;
}
}
}
if (federationTrust.TokenIssuerCertificate == null && federationTrust.TokenIssuerPrevCertificate != null)
{
federationTrust.TokenIssuerCertificate = federationTrust.TokenIssuerPrevCertificate;
federationTrust.TokenIssuerPrevCertificate = null;
}
if (federationTrust.TokenIssuerCertificate == null && federationTrust.TokenIssuerPrevCertificate == null)
{
throw new FederationMetadataException(Strings.NoValidIssuerCertificate);
}
}
public abstract void OnNewFederationTrust(FederationTrust federationTrust);
public abstract void OnSetFederatedOrganizationIdentifier(FederationTrust federationTrust, SmtpDomain accountNamespace);
private static ExternalAuthentication.FederationTrustResults TryCreateSecurityTokenService(FederationTrust federationTrust, WebProxy webProxy)
{
if (!ExternalAuthentication.IsRequiredPropertyAvailable(federationTrust.TokenIssuerUri, "TokenIssuerUri"))
{
return(new ExternalAuthentication.FederationTrustResults
{
FailureType = ExternalAuthentication.ExternalAuthenticationFailureType.MisconfiguredFederationTrust,
SubFailureType = ExternalAuthentication.ExternalAuthenticationSubFailureType.MissingTokenIssuerUri
});
}
if (!ExternalAuthentication.IsRequiredPropertyAvailable(federationTrust.TokenIssuerEpr, "TokenIssuerEpr"))
{
return(new ExternalAuthentication.FederationTrustResults
{
FailureType = ExternalAuthentication.ExternalAuthenticationFailureType.MisconfiguredFederationTrust,
SubFailureType = ExternalAuthentication.ExternalAuthenticationSubFailureType.MissingTokenIssuerEpr
});
}
if (!ExternalAuthentication.IsRequiredPropertyAvailable(federationTrust.ApplicationUri, "ApplicationUri"))
{
return(new ExternalAuthentication.FederationTrustResults
{
FailureType = ExternalAuthentication.ExternalAuthenticationFailureType.MisconfiguredFederationTrust,
SubFailureType = ExternalAuthentication.ExternalAuthenticationSubFailureType.MissingApplicationUri
});
}
if (!ExternalAuthentication.IsRequiredPropertyAvailable(federationTrust.TokenIssuerCertificate, "TokenIssuerCertificate"))
{
return(new ExternalAuthentication.FederationTrustResults
{
FailureType = ExternalAuthentication.ExternalAuthenticationFailureType.MisconfiguredFederationTrust,
SubFailureType = ExternalAuthentication.ExternalAuthenticationSubFailureType.MissingTokenIssuerCertificate
});
}
X509Certificate2[] tokenSignatureCertificates = (federationTrust.TokenIssuerPrevCertificate != null) ? new X509Certificate2[]
{
federationTrust.TokenIssuerCertificate,
federationTrust.TokenIssuerPrevCertificate
} : new X509Certificate2[]
{
federationTrust.TokenIssuerCertificate
};
if (!ExternalAuthentication.HasAtLeastOneValidCertificate(tokenSignatureCertificates, federationTrust.Id, "TokenIssuerCertificate and TokenIssuerPrevCertificate"))
{
return(new ExternalAuthentication.FederationTrustResults
{
FailureType = ExternalAuthentication.ExternalAuthenticationFailureType.InvalidTokenIssuerCertificate,
SubFailureType = ExternalAuthentication.ExternalAuthenticationSubFailureType.NoSubCode
});
}
if (!ExternalAuthentication.IsRequiredPropertyAvailable(federationTrust.OrgPrivCertificate, "OrgPrivCertificate"))
{
return(new ExternalAuthentication.FederationTrustResults
{
FailureType = ExternalAuthentication.ExternalAuthenticationFailureType.MisconfiguredFederationTrust,
SubFailureType = ExternalAuthentication.ExternalAuthenticationSubFailureType.MissingOrgPrivCertificate
});
}
X509Store x509Store = new X509Store(StoreName.My, StoreLocation.LocalMachine);
x509Store.Open(OpenFlags.ReadOnly);
X509Certificate2 certificate;
X509Certificate2[] tokenDecryptionCertificates;
try
{
ExternalAuthentication.ExternalAuthenticationSubFailureType externalAuthenticationSubFailureType;
certificate = ExternalAuthentication.GetCertificate(x509Store, federationTrust.OrgPrivCertificate, federationTrust.Id, "OrgPrivCertificate", true, out externalAuthenticationSubFailureType);
if (certificate == null)
{
ExternalAuthentication.ConfigurationTracer.TraceError <string>(0L, "Federation trust is misconfigured. Unable to find certificate corresponding to OrgPrivCertificate={0}", federationTrust.OrgPrivCertificate);
return(new ExternalAuthentication.FederationTrustResults
{
FailureType = ExternalAuthentication.ExternalAuthenticationFailureType.MisconfiguredFederationTrust,
SubFailureType = externalAuthenticationSubFailureType
});
}
X509Certificate2 x509Certificate = null;
if (!string.IsNullOrEmpty(federationTrust.OrgPrevPrivCertificate))
{
x509Certificate = ExternalAuthentication.GetCertificate(x509Store, federationTrust.OrgPrevPrivCertificate, federationTrust.Id, "OrgPrevPrivCertificate", false, out externalAuthenticationSubFailureType);
}
tokenDecryptionCertificates = ((x509Certificate != null) ? new X509Certificate2[]
{
certificate,
x509Certificate
} : new X509Certificate2[]
{
certificate
});
}
finally
{
x509Store.Close();
}
SecurityTokenService securityTokenService = new SecurityTokenService(federationTrust.TokenIssuerEpr, webProxy, certificate, federationTrust.TokenIssuerUri, federationTrust.PolicyReferenceUri, federationTrust.ApplicationUri.OriginalString);
ExternalAuthentication.ConfigurationTracer.TraceDebug(0L, "New instance of SecurityTokenService successfully built.");
return(new ExternalAuthentication.FederationTrustResults
{
FailureType = ExternalAuthentication.ExternalAuthenticationFailureType.NoFailure,
SubFailureType = ExternalAuthentication.ExternalAuthenticationSubFailureType.NoFailure,
SecurityTokenService = securityTokenService,
TokenSignatureCertificates = tokenSignatureCertificates,
TokenDecryptionCertificates = tokenDecryptionCertificates
});
}
public abstract void OnPublishFederationCertificate(FederationTrust federationTrust);
