private void UpdateDelegationTokenRequest(TokenTarget tokenTarget, Uri autodiscoveryEndpoint, IGenericADUser user)
{
IGenericADUser organizationFederatedMailbox = this.GetOrganizationFederatedMailbox();
this.xropUserFederatedIdentity = user.GetFederatedIdentity();
this.xropUserEmailAddress = user.GetFederatedSmtpAddress().ToString();
if (organizationFederatedMailbox != null)
{
this.xropTokenRequest = new DelegationTokenRequest
{
FederatedIdentity = organizationFederatedMailbox.GetFederatedIdentity(),
EmailAddress = organizationFederatedMailbox.GetFederatedSmtpAddress().ToString(),
Target = tokenTarget,
Offer = Offer.XropLogon
};
this.autoDiscoveryTokenRequest = new DelegationTokenRequest
{
FederatedIdentity = organizationFederatedMailbox.GetFederatedIdentity(),
EmailAddress = organizationFederatedMailbox.GetFederatedSmtpAddress().ToString(),
Target = tokenTarget,
Offer = Offer.Autodiscover
};
}
this.autoDiscoveryEndpoint = autodiscoveryEndpoint;
}
private static TokenTarget FromOrganizationRelationship(string domain, OrganizationId organizationId)
{
OrganizationIdCacheValue organizationIdCacheValue = OrganizationIdCache.Singleton.Get(organizationId);
TargetUriResolver.Tracer.TraceDebug <string, OrganizationId>(0L, "Searching for OrganizationRelationship that matches domain {0} in organization {1}", domain, organizationId);
OrganizationRelationship organizationRelationship = organizationIdCacheValue.GetOrganizationRelationship(domain);
if (organizationRelationship == null)
{
TargetUriResolver.Tracer.TraceError <string, OrganizationId>(0L, "Found no OrganizationRelationship that matches domain {0} in organization {1}", domain, organizationId);
return(null);
}
if (organizationRelationship.TargetApplicationUri == null)
{
TargetUriResolver.Tracer.TraceError <string, OrganizationId, ADObjectId>(0L, "Found OrganizationRelationship that matches domain {0} in organization {1}, but it has not TargetApplicationUri. OrganizationRelationship is {2}", domain, organizationId, organizationRelationship.Id);
return(null);
}
TokenTarget tokenTarget = organizationRelationship.GetTokenTarget();
TargetUriResolver.Tracer.TraceDebug(0L, "Found OrganizationRelationship that matches domain {0} in organization {1}. Target is '{2}'. OrganizationRelationship is {3}", new object[]
{
domain,
organizationId,
tokenTarget,
organizationRelationship.Id
});
return(tokenTarget);
}
internal TokenTarget GetTokenTarget()
{
Uri targetApplicationUri = this.TargetApplicationUri;
if (targetApplicationUri == null)
{
throw new OrganizationRelationshipMissingTargetApplicationUriException();
}
return(new TokenTarget(TokenTarget.Fix(targetApplicationUri)));
}
public static TokenTarget Resolve(string domain, OrganizationId organizationId)
{
TokenTarget tokenTarget = TargetUriResolver.FromOrganizationRelationship(domain, organizationId);
if (tokenTarget != null)
{
return(tokenTarget);
}
tokenTarget = TargetUriViaGetFederationInformation.Singleton.Get(domain);
if (tokenTarget != null)
{
return(tokenTarget);
}
tokenTarget = TargetUriViaSCP.Singleton.Get(domain);
if (tokenTarget != null)
{
return(tokenTarget);
}
return(null);
}
private static void AcquireServerLicensingMexCallback(ICancelableAsyncResult asyncResult)
{
RmsServerInfoManager.Tracer.TraceDebug(0L, "AcquireServerLicensingMexCallback invoked");
ArgumentValidator.ThrowIfNull("asyncResult", asyncResult);
ArgumentValidator.ThrowIfNull("asyncResult.AsyncState", asyncResult.AsyncState);
AcquireServerInfoAsyncResult acquireServerInfoAsyncResult = asyncResult.AsyncState as AcquireServerInfoAsyncResult;
if (acquireServerInfoAsyncResult == null)
{
throw new InvalidOperationException("asyncResult.AsyncState has to be type of AcquireServerInfoAsyncResult.");
}
acquireServerInfoAsyncResult.AddBreadCrumb(Constants.State.AcquireServerLicensingMexCallback);
Exception ex = null;
try
{
DownloadResult downloadResult = acquireServerInfoAsyncResult.HttpClient.EndDownload(asyncResult);
acquireServerInfoAsyncResult.LatencyTracker.EndTrackRmsLatency(RmsOperationType.AcquireServerLicensingMexData);
if (downloadResult.IsSucceeded)
{
Uri targetUriFromResponse = RmsClientManagerUtils.GetTargetUriFromResponse(downloadResult.ResponseStream);
if (targetUriFromResponse == null)
{
ex = new RightsManagementException(RightsManagementFailureCode.FailedToExtractTargetUriFromMex, ServerStrings.FailedToFindTargetUriFromMExData(acquireServerInfoAsyncResult.ServerLicensingMExUri), acquireServerInfoAsyncResult.LicenseUri.ToString());
}
else
{
acquireServerInfoAsyncResult.ServerInfo.ServerLicensingWSTargetUri = TokenTarget.Fix(targetUriFromResponse);
RmsServerInfoManager.serverInfoMap.Add(acquireServerInfoAsyncResult.ServerInfo);
}
}
else
{
RmsClientManager.TraceFail(null, acquireServerInfoAsyncResult.Context.SystemProbeId, "Failed to download data from server licensing MEx {0}. Exception is {1}", new object[]
{
acquireServerInfoAsyncResult.ServerLicensingMExUri,
downloadResult.Exception
});
ex = new RightsManagementException(RightsManagementFailureCode.FailedToDownloadMexData, ServerStrings.FailedToDownloadServerLicensingMExData(downloadResult.ResponseUri), downloadResult.Exception, acquireServerInfoAsyncResult.LicenseUri.ToString());
((RightsManagementException)ex).IsPermanent = !downloadResult.IsRetryable;
}
}
finally
{
acquireServerInfoAsyncResult.Release();
}
RmsServerInfoManager.Tracer.TraceDebug(0L, "AcquireServiceLocationCallback: Invoking find service location callbacks");
RmsServerInfoManager.outstandingFindServiceLocationCalls.InvokeCallbacks(acquireServerInfoAsyncResult.LicenseUri, ex);
}
private static void AcquireCertificationMexCallback(ICancelableAsyncResult asyncResult)
{
RmsServerInfoManager.Tracer.TraceDebug(0L, "AcquireCertificationMexCallback invoked");
ArgumentValidator.ThrowIfNull("asyncResult", asyncResult);
ArgumentValidator.ThrowIfNull("asyncResult.AsyncState", asyncResult.AsyncState);
AcquireServerInfoAsyncResult acquireServerInfoAsyncResult = asyncResult.AsyncState as AcquireServerInfoAsyncResult;
if (acquireServerInfoAsyncResult == null)
{
throw new InvalidOperationException("asyncResult.AsyncState has to be type of AcquireServerInfoAsyncResult.");
}
acquireServerInfoAsyncResult.AddBreadCrumb(Constants.State.AcquireCertificationMexCallback);
Exception ex = null;
try
{
DownloadResult downloadResult = acquireServerInfoAsyncResult.HttpClient.EndDownload(asyncResult);
acquireServerInfoAsyncResult.LatencyTracker.EndTrackRmsLatency(RmsOperationType.AcquireCertificationMexData);
if (downloadResult.IsSucceeded)
{
Uri targetUriFromResponse = RmsClientManagerUtils.GetTargetUriFromResponse(downloadResult.ResponseStream);
if (targetUriFromResponse == null)
{
ex = new RightsManagementException(RightsManagementFailureCode.FailedToExtractTargetUriFromMex, ServerStrings.FailedToFindTargetUriFromMExData(acquireServerInfoAsyncResult.CertificationMExUri), acquireServerInfoAsyncResult.LicenseUri.ToString());
}
else
{
acquireServerInfoAsyncResult.ServerInfo.CertificationWSTargetUri = TokenTarget.Fix(targetUriFromResponse);
acquireServerInfoAsyncResult.AddBreadCrumb(Constants.State.BeginDownloadServerLicensingMexData);
WebProxy localServerProxy;
try
{
localServerProxy = RmsClientManagerUtils.GetLocalServerProxy(true);
}
catch (ExchangeConfigurationException ex2)
{
ex = ex2;
return;
}
HttpSessionConfig httpSessionConfig = new HttpSessionConfig();
if (localServerProxy != null)
{
httpSessionConfig.Proxy = localServerProxy;
}
acquireServerInfoAsyncResult.LatencyTracker.BeginTrackRmsLatency(RmsOperationType.AcquireServerLicensingMexData);
acquireServerInfoAsyncResult.HttpClient.BeginDownload(acquireServerInfoAsyncResult.ServerLicensingMExUri, httpSessionConfig, RmsClientManagerUtils.WrapCancellableCallbackWithUnhandledExceptionHandlerAndUpdatePoisonContext(new CancelableAsyncCallback(RmsServerInfoManager.AcquireServerLicensingMexCallback)), acquireServerInfoAsyncResult);
}
}
else
{
RmsClientManager.TraceFail(null, acquireServerInfoAsyncResult.Context.SystemProbeId, "Failed to download data from certification MEx {0}. Exception is {1}", new object[]
{
acquireServerInfoAsyncResult.CertificationMExUri,
downloadResult.Exception
});
ex = new RightsManagementException(RightsManagementFailureCode.FailedToDownloadMexData, ServerStrings.FailedToDownloadCertificationMExData(downloadResult.ResponseUri), downloadResult.Exception, acquireServerInfoAsyncResult.LicenseUri.ToString());
((RightsManagementException)ex).IsPermanent = !downloadResult.IsRetryable;
}
}
finally
{
if (ex != null)
{
acquireServerInfoAsyncResult.Release();
RmsServerInfoManager.Tracer.TraceDebug(0L, "AcquireServiceLocationCallback: Invoking find service location callbacks");
RmsServerInfoManager.outstandingFindServiceLocationCalls.InvokeCallbacks(acquireServerInfoAsyncResult.LicenseUri, ex);
}
}
}
public EncryptionResults Encrypt(IExchangePrincipal mailboxOwner, IRecipientSession recipientSession, ExternalUserCollection externalUserCollection, ValidRecipient[] recipients, string sender, string containerClass, string folderId, IFrontEndLocator frontEndLocator)
{
SharingDataType sharingDataType = SharingDataType.FromContainerClass(containerClass);
if (sharingDataType == null || !sharingDataType.IsExternallySharable)
{
throw new ArgumentOutOfRangeException("containerClass");
}
ADUser aduser = DirectoryHelper.ReadADRecipient(mailboxOwner.MailboxInfo.MailboxGuid, mailboxOwner.MailboxInfo.IsArchive, recipientSession) as ADUser;
if (aduser == null)
{
SharedFolderDataEncryption.Tracer.TraceError <SharedFolderDataEncryption, string>((long)this.GetHashCode(), "{0}: The Active Directory user was not found. Sender={1}.", this, sender);
throw new ObjectNotFoundException(ServerStrings.ADUserNotFound);
}
ProxyAddress item = new SmtpProxyAddress(sender, false);
if (!aduser.EmailAddresses.Contains(item))
{
SharedFolderDataEncryption.Tracer.TraceError <SharedFolderDataEncryption, string>((long)this.GetHashCode(), "{0}: The SMTP address was not found in the user AD object for this mailbox. Sender={1}.", this, sender);
throw new ObjectNotFoundException(ServerStrings.ADUserNotFound);
}
SharingPolicy sharingPolicy = DirectoryHelper.ReadSharingPolicy(mailboxOwner.MailboxInfo.MailboxGuid, mailboxOwner.MailboxInfo.IsArchive, recipientSession);
SharedFolderDataEncryption.Tracer.TraceDebug <SharedFolderDataEncryption, object>((long)this.GetHashCode(), "{0}: Sharing policy to be applied to this user: {1}", this, (sharingPolicy == null) ? "<null>" : sharingPolicy.Id);
SharingPolicyAction sharingPolicyActions = SharedFolderDataEncryption.GetSharingPolicyActions(sharingDataType.StoreObjectType);
SharedFolderDataRecipient[] externalIdentities = SharedFolderDataEncryption.GetExternalIdentities(externalUserCollection, recipients);
List <InvalidRecipient> list = new List <InvalidRecipient>();
Dictionary <TokenTarget, List <SharedFolderDataRecipient> > dictionary = new Dictionary <TokenTarget, List <SharedFolderDataRecipient> >(externalIdentities.Length, SharedFolderDataEncryption.TokenTargetComparer);
for (int i = 0; i < recipients.Length; i++)
{
SharedFolderDataRecipient item2 = externalIdentities[i];
ValidRecipient validRecipient = recipients[i];
SmtpAddress smtpAddress = new SmtpAddress(validRecipient.SmtpAddress);
string domain = smtpAddress.Domain;
if (sharingPolicy == null || !sharingPolicy.IsAllowedForAnySharing(domain, sharingPolicyActions))
{
SharedFolderDataEncryption.Tracer.TraceDebug <string>((long)this.GetHashCode(), "Sharing policy does not allow user to share with domain {0}", domain);
list.Add(new InvalidRecipient(validRecipient.SmtpAddress, InvalidRecipientResponseCodeType.SystemPolicyBlocksSharingWithThisRecipient));
}
else
{
SmtpAddress smtpAddress2 = new SmtpAddress(validRecipient.SmtpAddressForEncryption);
TokenTarget tokenTarget = TargetUriResolver.Resolve(smtpAddress2.Domain, aduser.OrganizationId);
if (tokenTarget == null)
{
list.Add(new InvalidRecipient(validRecipient.SmtpAddress, InvalidRecipientResponseCodeType.RecipientOrganizationNotFederated));
}
else
{
List <SharedFolderDataRecipient> list2;
if (!dictionary.TryGetValue(tokenTarget, out list2))
{
list2 = new List <SharedFolderDataRecipient>(1);
dictionary.Add(tokenTarget, list2);
}
list2.Add(item2);
}
}
}
List <EncryptedSharedFolderData> list3 = new List <EncryptedSharedFolderData>(dictionary.Count);
SharedFolderData sharedFolderData = new SharedFolderData();
sharedFolderData.DataType = sharingDataType.ExternalName;
sharedFolderData.FolderId = folderId;
sharedFolderData.SharingUrl = this.GetSharingUrl(aduser, frontEndLocator);
sharedFolderData.FederationUri = this.externalAuthentication.TokenValidator.TargetUri.ToString();
sharedFolderData.SenderSmtpAddress = sender;
DelegationTokenRequest delegationTokenRequest = new DelegationTokenRequest
{
FederatedIdentity = aduser.GetFederatedIdentity(),
EmailAddress = aduser.GetFederatedSmtpAddress(new SmtpAddress(sender)).ToString(),
Offer = Offer.SharingInviteMessage
};
SecurityTokenService securityTokenService = this.externalAuthentication.GetSecurityTokenService(aduser.OrganizationId);
foreach (KeyValuePair <TokenTarget, List <SharedFolderDataRecipient> > keyValuePair in dictionary)
{
delegationTokenRequest.Target = keyValuePair.Key;
sharedFolderData.Recipients = keyValuePair.Value.ToArray();
try
{
RequestedToken requestedToken = securityTokenService.IssueToken(delegationTokenRequest);
list3.Add(this.Encrypt(requestedToken, sharedFolderData));
}
catch (WSTrustException ex)
{
foreach (SharedFolderDataRecipient sharedFolderDataRecipient in sharedFolderData.Recipients)
{
list.Add(new InvalidRecipient(sharedFolderDataRecipient.SmtpAddress, SharedFolderDataEncryption.GetResponseCodeFromException(ex), ex.ToString()));
}
}
}
return(new EncryptionResults(list3.ToArray(), list.ToArray()));
}
public SharingInformation(SmtpAddress requestorSmtpAddress, SmtpAddress sharingKey, TokenTarget tokenTarget, WebServiceUri targetSharingEpr, Uri targetAutodiscoverEpr)
{
this.RequestorSmtpAddress = requestorSmtpAddress;
this.SharingKey = sharingKey;
this.TokenTarget = tokenTarget;
this.TargetSharingEpr = targetSharingEpr;
this.TargetAutodiscoverEpr = targetAutodiscoverEpr;
this.IsFromIntraOrgConnector = false;
}
public ExternalAuthenticationRequest(RequestLogger requestLogger, ExternalAuthentication externalAuthentication, ADUser user, SmtpAddress emailAddress, TokenTarget target, Offer offer)
{
this.requestLogger = requestLogger;
this.user = user;
this.emailAddress = emailAddress;
this.target = target;
this.offer = offer;
this.securityTokenService = externalAuthentication.GetSecurityTokenService(user.OrganizationId);
}
protected virtual bool TryGetAutodiscoveryEndpoint(IGenericADUser user, string domain, out TokenTarget tokenTarget, out Uri autodiscoveryEndpoint)
{
tokenTarget = null;
autodiscoveryEndpoint = null;
OrganizationRelationship organizationRelationship = this.directoryAccessor.GetOrganizationRelationship(user.OrganizationId ?? OrganizationId.ForestWideOrgId, domain);
if (this.CheckOrgRelationshipFromRemoteConnection(organizationRelationship, user, domain))
{
tokenTarget = organizationRelationship.GetTokenTarget();
autodiscoveryEndpoint = organizationRelationship.TargetAutodiscoverEpr;
return(true);
}
return(false);
}
