Ejemplo n.º 1
0
        internal static List <ChainValidityStatus> ValidateCertificates(List <string> trustedCertificateList, List <string> certificateChainList, List <string> certificateList, bool checkCRL, int hashCodeForTracing, MailboxLogger mailboxLogger, bool againstADConfiguration, string organizationId)
        {
            X509Store trustedStore          = CertificateManager.AddChainCertsToStore(trustedCertificateList, hashCodeForTracing);
            X509Store chainBuildStore       = CertificateManager.AddChainCertsToStore(certificateChainList, hashCodeForTracing);
            List <ChainValidityStatus> list = new List <ChainValidityStatus>(certificateList.Count);

            foreach (string text in certificateList)
            {
                ChainContext chainContext = null;
                try
                {
                    X509Certificate2    certificate = new X509Certificate2(Convert.FromBase64String(text));
                    ChainValidityStatus item        = X509CertificateCollection.ValidateCertificate(certificate, null, X509KeyUsageFlags.NonRepudiation | X509KeyUsageFlags.DigitalSignature, checkCRL, trustedStore, chainBuildStore, ref chainContext, againstADConfiguration, organizationId);
                    list.Add(item);
                }
                catch (CryptographicException ex)
                {
                    if (mailboxLogger != null)
                    {
                        mailboxLogger.SetData(MailboxLogDataName.ValidateCertCommand_ProcessCommand_Per_Cert_Exception, ex.ToString());
                    }
                    AirSyncDiagnostics.TraceError <string, CryptographicException>(ExTraceGlobals.RequestTracer, null, "Failed to validate certificate: '{0}', Error: '{1}'", text, ex);
                    list.Add((ChainValidityStatus)2148098052U);
                }
                finally
                {
                    if (chainContext != null)
                    {
                        chainContext.Dispose();
                    }
                }
            }
            return(list);
        }
Ejemplo n.º 2
0
        // Token: 0x06001C2A RID: 7210 RVA: 0x0006F4BC File Offset: 0x0006D6BC
        public ChainValidityStatus ValidateCertificate(X509Certificate2 certificate, bool isSend)
        {
            this.response.PolicyFlag = 0U;
            this.response.ChainData  = null;
            ChainContext        chainContext = null;
            ChainValidityStatus chainValidityStatus;

            try
            {
                X509KeyUsageFlags expectedUsage = X509KeyUsageFlags.NonRepudiation | X509KeyUsageFlags.DigitalSignature;
                bool checkCRLOnSend             = this.smimeAdminOptions.CheckCRLOnSend;
                bool disableCRLCheck            = this.smimeAdminOptions.DisableCRLCheck;
                uint crlconnectionTimeout       = this.smimeAdminOptions.CRLConnectionTimeout;
                uint crlretrievalTimeout        = this.smimeAdminOptions.CRLRetrievalTimeout;
                bool flag = disableCRLCheck || (isSend && !checkCRLOnSend);
                if (string.IsNullOrEmpty(this.smimeAdminOptions.SMIMECertificateIssuingCAFull))
                {
                    bool enabled = VariantConfiguration.GetSnapshot(MachineSettingsContext.Local, null, null).Global.MultiTenancy.Enabled;
                    if (enabled)
                    {
                        chainValidityStatus      = (ChainValidityStatus)2148204809U;
                        this.response.PolicyFlag = 65536U;
                    }
                    else
                    {
                        chainValidityStatus      = X509CertificateCollection.ValidateCertificate(certificate, null, expectedUsage, !flag, null, null, TimeSpan.FromMilliseconds(crlconnectionTimeout), TimeSpan.FromMilliseconds(crlretrievalTimeout), ref chainContext, false, null);
                        this.response.PolicyFlag = (uint)this.MapChainStatusToChainFlag(chainValidityStatus);
                    }
                }
                else
                {
                    X509Store x509Store = CertificateStore.Open(StoreType.Memory, null, OpenFlags.ReadWrite);
                    X509Certificate2Collection x509Certificate2Collection = new X509Certificate2Collection();
                    x509Certificate2Collection.Import(Convert.FromBase64String(this.smimeAdminOptions.SMIMECertificateIssuingCAFull));
                    x509Store.AddRange(x509Certificate2Collection);
                    chainValidityStatus      = X509CertificateCollection.ValidateCertificate(certificate, null, expectedUsage, !flag, x509Store, null, TimeSpan.FromMilliseconds(crlconnectionTimeout), TimeSpan.FromMilliseconds(crlretrievalTimeout), ref chainContext, true, base.CallContext.AccessingPrincipal.MailboxInfo.OrganizationId.ToString());
                    this.response.PolicyFlag = (uint)this.MapChainStatusToChainFlag(chainValidityStatus);
                }
                if (!isSend)
                {
                    this.response.DisplayedId = this.GetIdFromCertificate(certificate);
                    if (this.response.DisplayedId == null)
                    {
                        chainValidityStatus = ChainValidityStatus.SubjectMismatch;
                    }
                    this.response.DisplayName = X509PartialCertificate.GetDisplayName(certificate);
                    this.response.Issuer      = this.GetIssuerDisplayNameFromCertificate(certificate);
                }
            }
            finally
            {
                if (chainContext != null)
                {
                    chainContext.Dispose();
                }
            }
            this.response.ChainValidityStatus = (uint)chainValidityStatus;
            return(chainValidityStatus);
        }