internal static LocalizedString UpdateActiveDirectory(X509Certificate2 certificate, IConfigurationSession systemConfiguration, Server server, List <LocalizedString> warningList, bool allowConfirmation)
{
X509Certificate2 internalTransportCertificate = ExchangeCertificate.GetInternalTransportCertificate(server);
if (internalTransportCertificate != null)
{
if (string.Equals(internalTransportCertificate.Thumbprint, certificate.Thumbprint, StringComparison.OrdinalIgnoreCase))
{
return(LocalizedString.Empty);
}
if (allowConfirmation)
{
return(Strings.ConfirmOverwriteInternalTransportCertificate(internalTransportCertificate.Thumbprint, internalTransportCertificate.NotAfter, certificate.Thumbprint, certificate.NotAfter));
}
}
server.InternalTransportCertificate = certificate.Export(X509ContentType.SerializedCert);
systemConfiguration.Save(server);
if (server.IsHubTransportServer)
{
ManageExchangeCertificate.ReEncryptEdgeSyncCredentials(server, internalTransportCertificate, certificate);
systemConfiguration.Save(server);
}
else if (server.IsEdgeServer && warningList != null)
{
warningList.Add(Strings.InternalTransportCertificateUpdatedOnEdge);
}
return(LocalizedString.Empty);
}
internal static void AddUniqueDomainIfValid(IList <string> domains, string name)
{
if (ManageExchangeCertificate.IsDomainValidForCertificate(name) && !domains.Contains(name))
{
domains.Add(name);
}
}
private LocalizedString GetWhatIfMessage()
{
this.inputParams.CreateWhatIf = true;
ExchangeCertificateRpcVersion exchangeCertificateRpcVersion = ExchangeCertificateRpcVersion.Version1;
byte[] outputBlob = null;
try
{
byte[] inBlob = this.inputParams.SerializeInputParameters(ExchangeCertificateRpcVersion.Version2);
ExchangeCertificateRpcClient2 exchangeCertificateRpcClient = new ExchangeCertificateRpcClient2(this.serverObject.Name);
outputBlob = exchangeCertificateRpcClient.CreateCertificate2(0, inBlob);
exchangeCertificateRpcVersion = ExchangeCertificateRpcVersion.Version2;
}
catch (RpcException)
{
exchangeCertificateRpcVersion = ExchangeCertificateRpcVersion.Version1;
}
if (exchangeCertificateRpcVersion == ExchangeCertificateRpcVersion.Version1)
{
try
{
byte[] inBlob2 = this.inputParams.SerializeInputParameters(exchangeCertificateRpcVersion);
ExchangeCertificateRpcClient exchangeCertificateRpcClient2 = new ExchangeCertificateRpcClient(this.serverObject.Name);
outputBlob = exchangeCertificateRpcClient2.CreateCertificate(0, inBlob2);
}
catch (RpcException e)
{
ManageExchangeCertificate.WriteRpcError(e, this.serverObject.Name, new Task.TaskErrorLoggingDelegate(base.WriteError));
}
}
ExchangeCertificateRpc exchangeCertificateRpc = new ExchangeCertificateRpc(exchangeCertificateRpcVersion, null, outputBlob);
this.inputParams.CreateWhatIf = false;
return(exchangeCertificateRpc.ReturnConfirmation);
}
private static void SetUMCertificate(X509Certificate2 cert, Server server, IConfigurationSession dataSession, bool allowConfirmation, Dictionary <AllowedServices, LocalizedString> confirmationStrings, List <LocalizedString> warningList)
{
UMServer umserver = new UMServer(server);
if (!server.IsUnifiedMessagingServer)
{
throw new UMRoleNotInstalledException(cert.Thumbprint, server.Name);
}
if (umserver.UMStartupMode == UMStartupMode.TCP)
{
throw new CannotAssignCertificateToUMException(cert.Thumbprint);
}
if (CertificateUtils.IsExpired(cert))
{
throw new CertificateExpiredException(cert.Thumbprint);
}
if (allowConfirmation)
{
confirmationStrings[AllowedServices.UM] = Strings.ConfirmEnableCertForUM(cert.Thumbprint);
return;
}
bool flag = false;
if (string.IsNullOrEmpty(umserver.UMCertificateThumbprint))
{
flag = true;
}
ManageExchangeCertificate.CopyCertToRootStoreIfNeeded(cert, server);
umserver.UMCertificateThumbprint = cert.Thumbprint;
dataSession.Save(server);
if (warningList != null && flag)
{
warningList.Add(Strings.ExchangeCertificateUpdatedForUM(server.Name));
}
}
internal static void WriteRpcError(RpcException e, string server, Task.TaskErrorLoggingDelegate errorHandler)
{
LocalizedException exception;
ErrorCategory category;
ManageExchangeCertificate.ProcessRpcError(e, server, out exception, out category);
errorHandler(exception, category, null);
}
internal static void ThrowLocalizedException(RpcException e, string server)
{
LocalizedException ex;
ErrorCategory errorCategory;
ManageExchangeCertificate.ProcessRpcError(e, server, out ex, out errorCategory);
throw ex;
}
protected override void InternalProcessRecord()
{
base.InternalProcessRecord();
if (base.HasErrors)
{
return;
}
ExchangeCertificateRpc exchangeCertificateRpc = new ExchangeCertificateRpc();
exchangeCertificateRpc.ExportByThumbprint = this.Thumbprint;
exchangeCertificateRpc.ExportBinary = this.BinaryEncoded;
ExchangeCertificateRpcVersion exchangeCertificateRpcVersion = ExchangeCertificateRpcVersion.Version1;
byte[] outputBlob = null;
try
{
byte[] inBlob = exchangeCertificateRpc.SerializeInputParameters(ExchangeCertificateRpcVersion.Version2);
ExchangeCertificateRpcClient2 exchangeCertificateRpcClient = new ExchangeCertificateRpcClient2(this.serverObject.Name);
outputBlob = exchangeCertificateRpcClient.ExportCertificate2(0, inBlob, this.Password);
exchangeCertificateRpcVersion = ExchangeCertificateRpcVersion.Version2;
}
catch (RpcException)
{
exchangeCertificateRpcVersion = ExchangeCertificateRpcVersion.Version1;
}
if (exchangeCertificateRpcVersion == ExchangeCertificateRpcVersion.Version1)
{
try
{
byte[] inBlob2 = exchangeCertificateRpc.SerializeInputParameters(exchangeCertificateRpcVersion);
ExchangeCertificateRpcClient exchangeCertificateRpcClient2 = new ExchangeCertificateRpcClient(this.serverObject.Name);
outputBlob = exchangeCertificateRpcClient2.ExportCertificate(0, inBlob2, this.Password);
}
catch (RpcException e)
{
ManageExchangeCertificate.WriteRpcError(e, this.serverObject.Name, new Task.TaskErrorLoggingDelegate(base.WriteError));
}
}
ExchangeCertificateRpc exchangeCertificateRpc2 = new ExchangeCertificateRpc(exchangeCertificateRpcVersion, null, outputBlob);
ExchangeCertificateRpc.OutputTaskMessages(this.serverObject, exchangeCertificateRpc2, new Task.TaskWarningLoggingDelegate(this.WriteWarning), new Task.TaskErrorLoggingDelegate(base.WriteError));
if (this.BinaryEncoded)
{
base.WriteObject(new BinaryFileDataObject
{
FileData = exchangeCertificateRpc2.ReturnExportFileData
});
}
else
{
base.WriteObject(exchangeCertificateRpc2.ReturnExportBase64);
}
if (!string.IsNullOrEmpty(this.FileName))
{
this.WriteCertiricate(exchangeCertificateRpc2);
}
}
internal static void EnsureValidExchangeCertificate(X509Certificate2 cert, bool ignoreAccessible)
{
ExchangeCertificateValidity exchangeCertificateValidity = ManageExchangeCertificate.ValidateExchangeCertificate(cert, ignoreAccessible);
if (exchangeCertificateValidity != ExchangeCertificateValidity.Valid)
{
throw new CertificateNotValidForExchangeException(cert.Thumbprint, exchangeCertificateValidity.ToString());
}
}
protected override void InternalProcessRecord()
{
base.InternalProcessRecord();
if (base.HasErrors)
{
return;
}
ExchangeCertificateRpc exchangeCertificateRpc = new ExchangeCertificateRpc();
exchangeCertificateRpc.RemoveByThumbprint = this.Thumbprint;
ExchangeCertificateRpcVersion exchangeCertificateRpcVersion = ExchangeCertificateRpcVersion.Version1;
byte[] outputBlob = null;
try
{
byte[] inBlob = exchangeCertificateRpc.SerializeInputParameters(ExchangeCertificateRpcVersion.Version2);
ExchangeCertificateRpcClient2 exchangeCertificateRpcClient = new ExchangeCertificateRpcClient2(this.serverObject.Name);
outputBlob = exchangeCertificateRpcClient.RemoveCertificate2(0, inBlob);
exchangeCertificateRpcVersion = ExchangeCertificateRpcVersion.Version2;
}
catch (RpcException)
{
exchangeCertificateRpcVersion = ExchangeCertificateRpcVersion.Version1;
}
if (exchangeCertificateRpcVersion == ExchangeCertificateRpcVersion.Version1)
{
try
{
byte[] inBlob2 = exchangeCertificateRpc.SerializeInputParameters(exchangeCertificateRpcVersion);
ExchangeCertificateRpcClient exchangeCertificateRpcClient2 = new ExchangeCertificateRpcClient(this.serverObject.Name);
outputBlob = exchangeCertificateRpcClient2.RemoveCertificate(0, inBlob2);
}
catch (RpcException e)
{
ManageExchangeCertificate.WriteRpcError(e, this.serverObject.Name, new Task.TaskErrorLoggingDelegate(base.WriteError));
}
}
ExchangeCertificateRpc exchangeCertificateRpc2 = new ExchangeCertificateRpc(exchangeCertificateRpcVersion, null, outputBlob);
ExchangeCertificateRpc.OutputTaskMessages(this.serverObject, exchangeCertificateRpc2, new Task.TaskWarningLoggingDelegate(this.WriteWarning), new Task.TaskErrorLoggingDelegate(base.WriteError));
if (string.IsNullOrEmpty(exchangeCertificateRpc2.ReturnTaskErrorString))
{
AsyncOperationNotificationDataProvider.RemoveNotification(base.CurrentOrganizationId, this.serverObject.Fqdn + "\\" + this.Thumbprint, false);
}
}
protected override void InternalValidate()
{
base.InternalValidate();
if (base.HasErrors)
{
return;
}
GetExchangeCertificate.PrepareParameters(this);
this.serverObject = (Server)base.GetDataObject <Server>(this.Server, base.DataSession, null, new LocalizedString?(Strings.ErrorServerNotFound((string)this.Server)), new LocalizedString?(Strings.ErrorServerNotUnique((string)this.Server)));
if (!this.serverObject.IsE14OrLater)
{
base.WriteError(new ArgumentException(Strings.RemoteCertificateExchangeVersionNotSupported(this.serverObject.Name)), ErrorCategory.InvalidArgument, null);
}
if (!string.IsNullOrEmpty(this.Thumbprint))
{
this.Thumbprint = ManageExchangeCertificate.UnifyThumbprintFormat(this.Thumbprint);
}
}
protected void EnableForServices(X509Certificate2 cert, AllowedServices services)
{
try
{
ManageExchangeCertificate.EnableForServices(cert, services, this.webSiteName, !this.DoNotRequireSsl, (ITopologyConfigurationSession)base.DataSession, this.localServer, null, false, this.NetworkServiceAllowed);
}
catch (IISNotInstalledException)
{
base.WriteError(new ArgumentException(Strings.IISNotInstalled, "Services"), ErrorCategory.InvalidArgument, null);
}
catch (InvalidOperationException exception)
{
base.WriteError(exception, ErrorCategory.ObjectNotFound, null);
}
catch (LocalizedException exception2)
{
base.WriteError(exception2, ErrorCategory.NotSpecified, null);
}
}
protected override void InternalValidate()
{
base.InternalValidate();
if (base.HasErrors)
{
return;
}
GetExchangeCertificate.PrepareParameters(this);
this.serverObject = (Server)base.GetDataObject <Server>(this.Server, base.DataSession, null, new LocalizedString?(Strings.ErrorServerNotFound((string)this.Server)), new LocalizedString?(Strings.ErrorServerNotUnique((string)this.Server)));
if (!this.serverObject.IsE14OrLater)
{
base.WriteError(new ArgumentException(Strings.RemoteCertificateExchangeVersionNotSupported(this.serverObject.Name)), ErrorCategory.InvalidArgument, null);
}
base.VerifyIsWithinScopes(DirectorySessionFactory.Default.GetTenantOrTopologyConfigurationSession(ConsistencyMode.PartiallyConsistent, ADSessionSettings.FromCustomScopeSet(base.ScopeSet, ADSystemConfigurationSession.GetRootOrgContainerId(this.DomainController, null), base.CurrentOrganizationId, base.ExecutingUserOrganizationId, true), 186, "InternalValidate", "f:\\15.00.1497\\sources\\dev\\Management\\src\\Management\\SystemConfigurationTasks\\MessageSecurity\\ExchangeCertificate\\EnableExchangeCertificate.cs"), this.serverObject, true, new DataAccessTask <Server> .ADObjectOutOfScopeString(Strings.ErrorServerOutOfScope));
if (!string.IsNullOrEmpty(this.Thumbprint))
{
this.Thumbprint = ManageExchangeCertificate.UnifyThumbprintFormat(this.Thumbprint);
}
}
public static void ValidateCertificate(ExchangeCertificate certificate, DateTime?futurePublishDate, bool skipAutomatedDeploymentChecks, Task.TaskErrorLoggingDelegate writeError)
{
if (writeError == null)
{
throw new ArgumentNullException("writeError");
}
if (certificate == null)
{
return;
}
try
{
ExchangeCertificateValidity exchangeCertificateValidity = ManageExchangeCertificate.ValidateExchangeCertificate(certificate, true);
if (exchangeCertificateValidity != ExchangeCertificateValidity.Valid)
{
writeError(new TaskException(Strings.CertificateNotValidForExchange(certificate.Thumbprint, exchangeCertificateValidity.ToString())), ErrorCategory.InvalidArgument, null);
}
if (!skipAutomatedDeploymentChecks && !certificate.PrivateKeyExportable)
{
writeError(new TaskException(Strings.ErrorCertificateNotExportable(certificate.Thumbprint)), ErrorCategory.InvalidArgument, null);
}
if ((ExDateTime)certificate.NotAfter < ExDateTime.UtcNow)
{
writeError(new TaskException(Strings.ErrorCertificateHasExpired(certificate.Thumbprint)), ErrorCategory.InvalidArgument, null);
}
if ((ExDateTime)certificate.NotBefore > ExDateTime.UtcNow)
{
writeError(new TaskException(Strings.ErrorCertificateNotYetValid(certificate.Thumbprint)), ErrorCategory.InvalidArgument, null);
}
if (futurePublishDate != null && futurePublishDate != null && (ExDateTime)certificate.NotAfter <= (ExDateTime)futurePublishDate.Value.ToUniversalTime())
{
writeError(new TaskException(Strings.ErrorAuthNewCertificateExpire(certificate.Thumbprint)), ErrorCategory.InvalidArgument, null);
}
}
catch (CryptographicException innerException)
{
writeError(new TaskException(Strings.ErrorFailedToValidateCertificate(certificate.Thumbprint), innerException), ErrorCategory.InvalidArgument, null);
}
}
protected override void InternalValidate()
{
bool flag = false;
try
{
this.localServer = ManageExchangeCertificate.FindLocalServer((ITopologyConfigurationSession)this.ConfigurationSession);
}
catch (LocalServerNotFoundException)
{
flag = true;
}
if (flag || !ManageExchangeCertificate.IsServerRoleSupported(this.localServer))
{
base.WriteError(new RoleDoesNotSupportExchangeCertificateTasksException(), ErrorCategory.InvalidOperation, null);
}
ManageExchangeCertificate.AddUniqueDomainIfValid(this.rawDomains, ComputerInformation.DnsHostName);
ManageExchangeCertificate.AddUniqueDomainIfValid(this.rawDomains, ComputerInformation.DnsPhysicalHostName);
ManageExchangeCertificate.AddUniqueDomainIfValid(this.rawDomains, ComputerInformation.DnsFullyQualifiedDomainName);
ManageExchangeCertificate.AddUniqueDomainIfValid(this.rawDomains, ComputerInformation.DnsPhysicalFullyQualifiedDomainName);
this.subjectName = TlsCertificateInfo.GetDefaultSubjectName(this.rawDomains);
}
private static void WarnIfNotBestMatch(ExchangeCertificate certificate, IConfigurationSession session, Server server, List <LocalizedString> warningList)
{
if (warningList == null)
{
return;
}
X509Store x509Store = new X509Store(StoreName.My, StoreLocation.LocalMachine);
try
{
x509Store.Open(OpenFlags.ReadOnly);
using (ChainEngine chainEngine = new ChainEngine())
{
IEnumerable <ManageExchangeCertificate.FqdnConnectors> connectorFQDNs = ManageExchangeCertificate.GetConnectorFQDNs(session, server);
foreach (ManageExchangeCertificate.FqdnConnectors fqdnConnectors in connectorFQDNs)
{
X509Certificate2 x509Certificate;
if (ManageExchangeCertificate.CertificateHasLowerPrecedence(x509Store, chainEngine, fqdnConnectors.Fqdn, certificate, out x509Certificate))
{
if (!new ExchangeCertificate(x509Certificate).IsSelfSigned)
{
warningList.Add(Strings.WarnCertificateWillNotBeUsedBestIsPKI(x509Certificate.Thumbprint, fqdnConnectors.Fqdn, fqdnConnectors.Connectors));
}
else
{
warningList.Add(Strings.WarnCertificateWillNotBeUsed(x509Certificate.Thumbprint, fqdnConnectors.Fqdn, fqdnConnectors.Connectors));
}
}
}
}
}
finally
{
if (x509Store != null)
{
x509Store.Close();
}
}
}
private void ProcessRequestResults(ExchangeCertificate certificate, string request)
{
if (this.BinaryEncoded)
{
BinaryFileDataObject binaryFileDataObject = new BinaryFileDataObject();
binaryFileDataObject.FileData = Convert.FromBase64String(request);
base.WriteObject(binaryFileDataObject);
if (this.GenerateRequest && !string.IsNullOrEmpty(this.RequestFile))
{
this.WriteRequest(binaryFileDataObject.FileData, string.Empty);
return;
}
}
else
{
string text = ManageExchangeCertificate.WrapCertificateRequestWithPemTags(request);
base.WriteObject(text);
if (this.GenerateRequest && !string.IsNullOrEmpty(this.RequestFile))
{
this.WriteRequest(null, text);
}
}
}
protected override void InternalProcessRecord()
{
X509Certificate2 x509Certificate = null;
if (!string.IsNullOrEmpty(this.thumbprint))
{
this.thumbprint = ManageExchangeCertificate.UnifyThumbprintFormat(this.thumbprint);
x509Certificate = this.FindCertificate(this.thumbprint);
if (x509Certificate == null)
{
base.WriteError(new ArgumentException(Strings.CertificateNotFound(this.thumbprint), "Thumbprint"), ErrorCategory.InvalidArgument, this.thumbprint);
}
}
else
{
AllowedServices allowedServices = this.Services;
if (allowedServices != AllowedServices.IIS && allowedServices != (AllowedServices.IMAP | AllowedServices.POP | AllowedServices.IIS))
{
if (allowedServices != AllowedServices.SMTP)
{
return;
}
}
else
{
x509Certificate = this.FindIisCertificate();
}
if (x509Certificate == null && this.Services != AllowedServices.SMTP)
{
try
{
x509Certificate = InstallExchangeCertificate.GetDefaultCertificate();
}
catch (ArgumentException exception)
{
base.WriteError(exception, ErrorCategory.InvalidData, null);
return;
}
}
if (x509Certificate == null)
{
if (!this.rawDomains.Any <string>())
{
base.WriteError(new UnableToResolveValidDomainExchangeCertificateTasksException(ComputerInformation.DnsHostName, ComputerInformation.DnsPhysicalHostName, ComputerInformation.DnsFullyQualifiedDomainName, ComputerInformation.DnsPhysicalFullyQualifiedDomainName), ErrorCategory.InvalidOperation, null);
}
try
{
x509Certificate = this.GenerateSelfSignedCertificate();
}
catch (CryptographicException exception2)
{
base.WriteError(exception2, ErrorCategory.InvalidOperation, null);
}
}
if (x509Certificate != null && this.InstallInTrustedRootCAIfSelfSigned && TlsCertificateInfo.IsSelfSignedCertificate(x509Certificate))
{
TlsCertificateInfo.TryInstallCertificateInTrustedRootCA(x509Certificate);
}
}
base.WriteVerbose(Strings.CertificateInformation(x509Certificate.Issuer, x509Certificate.NotBefore, x509Certificate.NotAfter, x509Certificate.Subject));
if ((DateTime)ExDateTime.Now < x509Certificate.NotBefore || (DateTime)ExDateTime.Now > x509Certificate.NotAfter)
{
base.WriteError(new CryptographicException(Strings.CertificateStatusDateInvalid), ErrorCategory.InvalidData, null);
}
try
{
this.EnableForServices(x509Certificate, this.Services);
}
catch (IISNotInstalledException)
{
base.WriteError(new ArgumentException(Strings.IISNotInstalled, "Services"), ErrorCategory.InvalidArgument, null);
}
catch (InvalidOperationException exception3)
{
base.WriteError(exception3, ErrorCategory.ObjectNotFound, null);
}
}
internal static Dictionary <AllowedServices, LocalizedString> EnableForServices(X509Certificate2 cert, AllowedServices services, bool requireSsl, ITopologyConfigurationSession dataSession, Server server, List <LocalizedString> warningList, bool allowConfirmation, bool forceNetworkService)
{
return(ManageExchangeCertificate.EnableForServices(cert, services, null, requireSsl, dataSession, server, warningList, allowConfirmation, forceNetworkService));
}
protected override void InternalProcessRecord()
{
base.InternalProcessRecord();
if (base.HasErrors)
{
return;
}
ExchangeCertificateRpcVersion exchangeCertificateRpcVersion = ExchangeCertificateRpcVersion.Version1;
byte[] outputBlob = null;
try
{
byte[] inBlob = this.inputParams.SerializeInputParameters(ExchangeCertificateRpcVersion.Version2);
ExchangeCertificateRpcClient2 exchangeCertificateRpcClient = new ExchangeCertificateRpcClient2(this.serverObject.Name);
outputBlob = exchangeCertificateRpcClient.CreateCertificate2(0, inBlob);
exchangeCertificateRpcVersion = ExchangeCertificateRpcVersion.Version2;
}
catch (RpcException)
{
exchangeCertificateRpcVersion = ExchangeCertificateRpcVersion.Version1;
}
if (exchangeCertificateRpcVersion == ExchangeCertificateRpcVersion.Version1)
{
try
{
byte[] inBlob2 = this.inputParams.SerializeInputParameters(ExchangeCertificateRpcVersion.Version1);
ExchangeCertificateRpcClient exchangeCertificateRpcClient2 = new ExchangeCertificateRpcClient(this.serverObject.Name);
outputBlob = exchangeCertificateRpcClient2.CreateCertificate(0, inBlob2);
}
catch (RpcException e)
{
ManageExchangeCertificate.WriteRpcError(e, this.serverObject.Name, new Task.TaskErrorLoggingDelegate(base.WriteError));
}
}
ExchangeCertificateRpc exchangeCertificateRpc = new ExchangeCertificateRpc(exchangeCertificateRpcVersion, null, outputBlob);
ExchangeCertificateRpc.OutputTaskMessages(this.serverObject, exchangeCertificateRpc, new Task.TaskWarningLoggingDelegate(this.WriteWarning), new Task.TaskErrorLoggingDelegate(base.WriteError));
if (this.GenerateRequest)
{
this.ProcessRequestResults(exchangeCertificateRpc.ReturnCert, exchangeCertificateRpc.ReturnCertRequest);
return;
}
if (exchangeCertificateRpc.ReturnConfirmationList != null)
{
foreach (KeyValuePair <AllowedServices, LocalizedString> keyValuePair in exchangeCertificateRpc.ReturnConfirmationList)
{
if (base.ShouldContinue(keyValuePair.Value))
{
ExchangeCertificateRpc exchangeCertificateRpc2 = new ExchangeCertificateRpc();
exchangeCertificateRpc2.EnableAllowConfirmation = false;
exchangeCertificateRpc2.EnableServices = keyValuePair.Key;
AllowedServices key = keyValuePair.Key;
if (key == AllowedServices.SMTP)
{
exchangeCertificateRpc2.EnableUpdateAD = true;
}
exchangeCertificateRpc2.EnableByThumbprint = exchangeCertificateRpc.ReturnCert.Thumbprint;
try
{
byte[] inBlob3 = exchangeCertificateRpc2.SerializeInputParameters(exchangeCertificateRpcVersion);
if (exchangeCertificateRpcVersion == ExchangeCertificateRpcVersion.Version1)
{
ExchangeCertificateRpcClient exchangeCertificateRpcClient3 = new ExchangeCertificateRpcClient(this.serverObject.Name);
outputBlob = exchangeCertificateRpcClient3.EnableCertificate(0, inBlob3);
}
else
{
ExchangeCertificateRpcClient2 exchangeCertificateRpcClient4 = new ExchangeCertificateRpcClient2(this.serverObject.Name);
outputBlob = exchangeCertificateRpcClient4.EnableCertificate2(0, inBlob3);
}
exchangeCertificateRpc.ReturnCert.Services |= keyValuePair.Key;
}
catch (RpcException e2)
{
ManageExchangeCertificate.WriteRpcError(e2, this.serverObject.Name, new Task.TaskErrorLoggingDelegate(base.WriteError));
}
ExchangeCertificateRpc outputValues = new ExchangeCertificateRpc(exchangeCertificateRpcVersion, null, outputBlob);
ExchangeCertificateRpc.OutputTaskMessages(this.serverObject, outputValues, new Task.TaskWarningLoggingDelegate(this.WriteWarning), new Task.TaskErrorLoggingDelegate(base.WriteError));
}
}
}
exchangeCertificateRpc.ReturnCert.Identity = this.serverObject.Fqdn + "\\" + exchangeCertificateRpc.ReturnCert.Thumbprint;
base.WriteObject(exchangeCertificateRpc.ReturnCert);
}
protected override void InternalProcessRecord()
{
base.InternalProcessRecord();
if (base.HasErrors)
{
return;
}
ExchangeCertificateRpc exchangeCertificateRpc = new ExchangeCertificateRpc();
string text;
if (this.FileData != null)
{
text = ImportExchangeCertificate.RemoveBase64HeaderFooter(CertificateEnroller.ToBase64String(this.FileData));
}
else if (this.Instance != null)
{
text = ImportExchangeCertificate.RemoveBase64HeaderFooter(string.Join(null, this.Instance));
}
else
{
text = ImportExchangeCertificate.RemoveBase64HeaderFooter(CertificateEnroller.ToBase64String(this.GetFileData(this.FileName)));
}
if (text.Length == 0)
{
base.WriteError(new ImportCertificateDataInvalidException(), ErrorCategory.ReadError, 0);
}
exchangeCertificateRpc.ImportCert = text;
exchangeCertificateRpc.ImportDescription = this.FriendlyName;
exchangeCertificateRpc.ImportExportable = this.PrivateKeyExportable;
ExchangeCertificateRpcVersion exchangeCertificateRpcVersion = ExchangeCertificateRpcVersion.Version1;
byte[] outputBlob = null;
try
{
byte[] inBlob = exchangeCertificateRpc.SerializeInputParameters(ExchangeCertificateRpcVersion.Version2);
ExchangeCertificateRpcClient2 exchangeCertificateRpcClient = new ExchangeCertificateRpcClient2(this.serverObject.Name);
outputBlob = exchangeCertificateRpcClient.ImportCertificate2(0, inBlob, this.Password);
exchangeCertificateRpcVersion = ExchangeCertificateRpcVersion.Version2;
}
catch (RpcException)
{
exchangeCertificateRpcVersion = ExchangeCertificateRpcVersion.Version1;
}
if (exchangeCertificateRpcVersion == ExchangeCertificateRpcVersion.Version1)
{
try
{
byte[] inBlob2 = exchangeCertificateRpc.SerializeInputParameters(exchangeCertificateRpcVersion);
ExchangeCertificateRpcClient exchangeCertificateRpcClient2 = new ExchangeCertificateRpcClient(this.serverObject.Name);
outputBlob = exchangeCertificateRpcClient2.ImportCertificate(0, inBlob2, this.Password);
}
catch (RpcException e)
{
ManageExchangeCertificate.WriteRpcError(e, this.serverObject.Name, new Task.TaskErrorLoggingDelegate(base.WriteError));
}
}
ExchangeCertificateRpc exchangeCertificateRpc2 = new ExchangeCertificateRpc(exchangeCertificateRpcVersion, null, outputBlob);
ExchangeCertificateRpc.OutputTaskMessages(this.serverObject, exchangeCertificateRpc2, new Task.TaskWarningLoggingDelegate(this.WriteWarning), new Task.TaskErrorLoggingDelegate(base.WriteError));
if (exchangeCertificateRpc2.ReturnCert != null)
{
exchangeCertificateRpc2.ReturnCert.Identity = this.serverObject.Fqdn + "\\" + exchangeCertificateRpc2.ReturnCert.Thumbprint;
}
base.WriteObject(exchangeCertificateRpc2.ReturnCert);
}
internal static Dictionary <AllowedServices, LocalizedString> EnableForServices(X509Certificate2 cert, AllowedServices services, string websiteName, bool requireSsl, ITopologyConfigurationSession dataSession, Server server, List <LocalizedString> warningList, bool allowConfirmation, bool forceNetworkService)
{
Dictionary <AllowedServices, LocalizedString> dictionary = new Dictionary <AllowedServices, LocalizedString>(3);
if (dataSession == null)
{
throw new ArgumentNullException("dataSession");
}
if (server == null)
{
throw new ArgumentNullException("server");
}
if ((services & AllowedServices.IIS) != AllowedServices.None)
{
if (allowConfirmation && !IisUtility.SslRequiredOnTheRoot(null) && requireSsl)
{
dictionary[AllowedServices.IIS] = Strings.ConfirmEnforceRequireSslOnRoot;
}
else
{
IisUtility.SetSslCertificateByName(websiteName, cert, requireSsl);
}
}
if ((services & AllowedServices.POP) != AllowedServices.None || (services & AllowedServices.IMAP) != AllowedServices.None || (services & AllowedServices.SMTP) != AllowedServices.None || forceNetworkService)
{
AccessRule rule = new CryptoKeyAccessRule(new SecurityIdentifier(WellKnownSidType.NetworkServiceSid, null), CryptoKeyRights.GenericRead, AccessControlType.Allow);
try
{
TlsCertificateInfo.AddAccessRule(cert, rule);
}
catch (CryptographicException innerException)
{
throw new AddAccessRuleCryptographicException(cert.Thumbprint, innerException);
}
catch (ArgumentException innerException2)
{
throw new AddAccessRuleArgumentException(cert.Thumbprint, innerException2);
}
catch (UnauthorizedAccessException innerException3)
{
throw new AddAccessRuleUnauthorizedAccessException(cert.Thumbprint, innerException3);
}
catch (COMException innerException4)
{
throw new AddAccessRuleCOMException(cert.Thumbprint, innerException4);
}
}
if ((services & AllowedServices.SMTP) != AllowedServices.None)
{
ManageExchangeCertificate.WarnIfNotBestMatch(new ExchangeCertificate(cert), dataSession, server, warningList);
LocalizedString localizedString = ManageExchangeCertificate.UpdateActiveDirectory(cert, dataSession, server, warningList, allowConfirmation);
if (localizedString != LocalizedString.Empty)
{
dictionary[AllowedServices.SMTP] = localizedString;
}
}
if ((services & AllowedServices.POP) != AllowedServices.None)
{
ManageExchangeCertificate.SetPop3Certificate(cert, dataSession, warningList);
}
if ((services & AllowedServices.IMAP) != AllowedServices.None)
{
ManageExchangeCertificate.SetImap4Certificate(cert, dataSession, warningList);
}
if ((services & AllowedServices.UM) != AllowedServices.None)
{
ManageExchangeCertificate.SetUMCertificate(cert, server, dataSession, allowConfirmation, dictionary, warningList);
}
if ((services & AllowedServices.UMCallRouter) != AllowedServices.None)
{
ManageExchangeCertificate.SetUMCallRouterCertificate(cert, server, dataSession, allowConfirmation, dictionary, warningList);
}
if (dictionary.Count <= 0)
{
return(null);
}
return(dictionary);
}
protected override void InternalProcessRecord()
{
base.InternalProcessRecord();
if (base.HasErrors)
{
return;
}
ExchangeCertificateRpc exchangeCertificateRpc = new ExchangeCertificateRpc();
exchangeCertificateRpc.EnableByThumbprint = this.Thumbprint;
exchangeCertificateRpc.EnableServices = this.Services;
exchangeCertificateRpc.RequireSsl = !this.DoNotRequireSsl;
exchangeCertificateRpc.EnableAllowConfirmation = !this.Force;
exchangeCertificateRpc.EnableNetworkService = this.NetworkServiceAllowed;
ExchangeCertificateRpcVersion exchangeCertificateRpcVersion = ExchangeCertificateRpcVersion.Version1;
byte[] outputBlob = null;
try
{
byte[] inBlob = exchangeCertificateRpc.SerializeInputParameters(ExchangeCertificateRpcVersion.Version2);
ExchangeCertificateRpcClient2 exchangeCertificateRpcClient = new ExchangeCertificateRpcClient2(this.serverObject.Name);
outputBlob = exchangeCertificateRpcClient.EnableCertificate2(0, inBlob);
exchangeCertificateRpcVersion = ExchangeCertificateRpcVersion.Version2;
}
catch (RpcException)
{
exchangeCertificateRpcVersion = ExchangeCertificateRpcVersion.Version1;
}
if (exchangeCertificateRpcVersion == ExchangeCertificateRpcVersion.Version1)
{
try
{
byte[] inBlob2 = exchangeCertificateRpc.SerializeInputParameters(exchangeCertificateRpcVersion);
ExchangeCertificateRpcClient exchangeCertificateRpcClient2 = new ExchangeCertificateRpcClient(this.serverObject.Name);
outputBlob = exchangeCertificateRpcClient2.EnableCertificate(0, inBlob2);
}
catch (RpcException e)
{
ManageExchangeCertificate.WriteRpcError(e, this.serverObject.Name, new Task.TaskErrorLoggingDelegate(base.WriteError));
}
}
ExchangeCertificateRpc exchangeCertificateRpc2 = new ExchangeCertificateRpc(exchangeCertificateRpcVersion, null, outputBlob);
ExchangeCertificateRpc.OutputTaskMessages(this.serverObject, exchangeCertificateRpc2, new Task.TaskWarningLoggingDelegate(this.WriteWarning), new Task.TaskErrorLoggingDelegate(base.WriteError));
if (exchangeCertificateRpc2.ReturnConfirmationList != null)
{
foreach (KeyValuePair <AllowedServices, LocalizedString> keyValuePair in exchangeCertificateRpc2.ReturnConfirmationList)
{
if (base.ShouldContinue(keyValuePair.Value))
{
ExchangeCertificateRpc exchangeCertificateRpc3 = new ExchangeCertificateRpc();
exchangeCertificateRpc3.EnableAllowConfirmation = false;
exchangeCertificateRpc3.EnableByThumbprint = this.Thumbprint;
exchangeCertificateRpc3.RequireSsl = !this.DoNotRequireSsl;
exchangeCertificateRpc3.EnableNetworkService = this.NetworkServiceAllowed;
exchangeCertificateRpc3.EnableServices = keyValuePair.Key;
AllowedServices key = keyValuePair.Key;
if (key == AllowedServices.SMTP)
{
exchangeCertificateRpc3.EnableUpdateAD = true;
}
try
{
byte[] inBlob3 = exchangeCertificateRpc3.SerializeInputParameters(exchangeCertificateRpcVersion);
if (exchangeCertificateRpcVersion == ExchangeCertificateRpcVersion.Version1)
{
ExchangeCertificateRpcClient exchangeCertificateRpcClient3 = new ExchangeCertificateRpcClient(this.serverObject.Name);
outputBlob = exchangeCertificateRpcClient3.EnableCertificate(0, inBlob3);
}
else
{
ExchangeCertificateRpcClient2 exchangeCertificateRpcClient4 = new ExchangeCertificateRpcClient2(this.serverObject.Name);
outputBlob = exchangeCertificateRpcClient4.EnableCertificate2(0, inBlob3);
}
}
catch (RpcException e2)
{
ManageExchangeCertificate.WriteRpcError(e2, this.serverObject.Name, new Task.TaskErrorLoggingDelegate(base.WriteError));
}
exchangeCertificateRpc2 = new ExchangeCertificateRpc(exchangeCertificateRpcVersion, null, outputBlob);
ExchangeCertificateRpc.OutputTaskMessages(this.serverObject, exchangeCertificateRpc2, new Task.TaskWarningLoggingDelegate(this.WriteWarning), new Task.TaskErrorLoggingDelegate(base.WriteError));
}
}
}
}
protected override void InternalProcessRecord()
{
base.InternalProcessRecord();
if (base.HasErrors)
{
return;
}
ExchangeCertificateRpc exchangeCertificateRpc = new ExchangeCertificateRpc();
if (this.Instance != null)
{
exchangeCertificateRpc.GetByCertificate = this.Instance.Export(X509ContentType.SerializedCert);
}
if (this.DomainName != null && this.DomainName.Count > 0)
{
exchangeCertificateRpc.GetByDomains = this.DomainName;
}
if (this.Thumbprint != null)
{
exchangeCertificateRpc.GetByThumbprint = this.Thumbprint;
}
ExchangeCertificateRpcVersion exchangeCertificateRpcVersion = ExchangeCertificateRpcVersion.Version1;
byte[] outputBlob = null;
try
{
byte[] inBlob = exchangeCertificateRpc.SerializeInputParameters(ExchangeCertificateRpcVersion.Version2);
ExchangeCertificateRpcClient2 exchangeCertificateRpcClient = new ExchangeCertificateRpcClient2(this.serverObject.Name);
outputBlob = exchangeCertificateRpcClient.GetCertificate2(0, inBlob);
exchangeCertificateRpcVersion = ExchangeCertificateRpcVersion.Version2;
}
catch (RpcException)
{
exchangeCertificateRpcVersion = ExchangeCertificateRpcVersion.Version1;
}
if (exchangeCertificateRpcVersion == ExchangeCertificateRpcVersion.Version1)
{
try
{
byte[] inBlob2 = exchangeCertificateRpc.SerializeInputParameters(exchangeCertificateRpcVersion);
ExchangeCertificateRpcClient exchangeCertificateRpcClient2 = new ExchangeCertificateRpcClient(this.serverObject.Name);
outputBlob = exchangeCertificateRpcClient2.GetCertificate(0, inBlob2);
}
catch (RpcException e)
{
ManageExchangeCertificate.WriteRpcError(e, this.serverObject.Name, new Task.TaskErrorLoggingDelegate(base.WriteError));
}
}
ExchangeCertificateRpc exchangeCertificateRpc2 = new ExchangeCertificateRpc(exchangeCertificateRpcVersion, null, outputBlob);
ExchangeCertificateRpc.OutputTaskMessages(this.serverObject, exchangeCertificateRpc2, new Task.TaskWarningLoggingDelegate(this.WriteWarning), new Task.TaskErrorLoggingDelegate(base.WriteError));
foreach (ExchangeCertificate exchangeCertificate in exchangeCertificateRpc2.ReturnCertList)
{
exchangeCertificate.Identity = this.serverObject.Fqdn + "\\" + exchangeCertificate.Thumbprint;
if (string.IsNullOrEmpty(exchangeCertificate.FriendlyName))
{
exchangeCertificate.FriendlyName = exchangeCertificate.Issuer;
}
base.WriteObject(exchangeCertificate);
}
}
private static void SetImap4Certificate(X509Certificate2 cert, ITopologyConfigurationSession dataSession, List <LocalizedString> warningList)
{
ManageExchangeCertificate.SetPopImapCertificate(cert, PopImapAdConfiguration.FindOne <Imap4AdConfiguration>(dataSession), dataSession, warningList);
}
internal static ExchangeCertificateValidity ValidateExchangeCertificate(X509Certificate2 cert, bool ignoreAccessible)
{
if (cert == null)
{
throw new ArgumentNullException("cert");
}
if (!cert.HasPrivateKey)
{
return(ExchangeCertificateValidity.PrivateKeyMissing);
}
string keyAlgorithm = cert.GetKeyAlgorithm();
bool flag = string.Equals(keyAlgorithm, WellKnownOid.X957Sha1Dsa.Value, StringComparison.OrdinalIgnoreCase);
if (!string.Equals(keyAlgorithm, WellKnownOid.RsaRsa.Value, StringComparison.OrdinalIgnoreCase) && !flag)
{
return(ExchangeCertificateValidity.KeyAlgorithmUnsupported);
}
foreach (X509Extension x509Extension in cert.Extensions)
{
try
{
X509KeyUsageExtension x509KeyUsageExtension = x509Extension as X509KeyUsageExtension;
if (x509KeyUsageExtension != null)
{
X509KeyUsageFlags keyUsages = x509KeyUsageExtension.KeyUsages;
bool flag2 = false;
if (keyUsages == X509KeyUsageFlags.None)
{
flag2 = true;
}
else if ((keyUsages & (X509KeyUsageFlags.NonRepudiation | X509KeyUsageFlags.DigitalSignature)) != X509KeyUsageFlags.None)
{
flag2 = true;
}
if (!flag2)
{
return(ExchangeCertificateValidity.SigningNotSupported);
}
}
}
catch (CryptographicException)
{
return(ExchangeCertificateValidity.KeyUsageCorrupted);
}
try
{
X509EnhancedKeyUsageExtension x509EnhancedKeyUsageExtension = x509Extension as X509EnhancedKeyUsageExtension;
if (x509EnhancedKeyUsageExtension != null && x509EnhancedKeyUsageExtension.EnhancedKeyUsages.Count > 0 && x509EnhancedKeyUsageExtension.EnhancedKeyUsages[WellKnownOid.PkixKpServerAuth.Value] == null)
{
return(ExchangeCertificateValidity.PkixKpServerAuthNotFoundInEnhancedKeyUsage);
}
}
catch (CryptographicException)
{
return(ExchangeCertificateValidity.EnhancedKeyUsageCorrupted);
}
}
if (TlsCertificateInfo.IsCNGProvider(cert))
{
return(ManageExchangeCertificate.CheckCNGSettings(cert));
}
AsymmetricAlgorithm privateKey;
try
{
privateKey = cert.PrivateKey;
}
catch (CryptographicException)
{
return(ExchangeCertificateValidity.PrivateKeyNotAccessible);
}
ICspAsymmetricAlgorithm cspAsymmetricAlgorithm = privateKey as ICspAsymmetricAlgorithm;
if (cspAsymmetricAlgorithm == null)
{
return(ExchangeCertificateValidity.PrivateKeyUnsupportedAlgorithm);
}
CspKeyContainerInfo cspKeyContainerInfo = cspAsymmetricAlgorithm.CspKeyContainerInfo;
if (cspKeyContainerInfo.Protected)
{
return(ExchangeCertificateValidity.CspKeyContainerInfoProtected);
}
if (cspKeyContainerInfo.HardwareDevice && cspKeyContainerInfo.Removable)
{
return(ExchangeCertificateValidity.CspKeyContainerInfoRemovableDevice);
}
if (!ignoreAccessible && !cspKeyContainerInfo.Accessible)
{
return(ExchangeCertificateValidity.CspKeyContainerInfoNotAccessible);
}
switch (cspKeyContainerInfo.KeyNumber)
{
case KeyNumber.Exchange:
case KeyNumber.Signature:
{
AsymmetricAlgorithm key = cert.PublicKey.Key;
if (key.KeySize < 1024)
{
return(ExchangeCertificateValidity.PublicKeyUnsupportedSize);
}
return(ExchangeCertificateValidity.Valid);
}
default:
return(ExchangeCertificateValidity.CspKeyContainerInfoUnknownKeyNumber);
}
}
