public override void OnSetFederatedOrganizationIdentifier(FederationTrust federationTrust, SmtpDomain accountNamespace)
{
string text = accountNamespace.ToString();
string wkgDomain = FederatedOrganizationId.AddHybridConfigurationWellKnownSubDomain(text);
AppIdInfo appIdInfo = null;
ManageDelegation2Client client = this.GetManageDelegation(wkgDomain);
try
{
appIdInfo = client.CreateAppId(wkgDomain);
}
catch (LiveDomainServicesException ex)
{
if (ex.DomainError != null && ex.DomainError.Value == DomainError.ProofOfOwnershipNotValid)
{
throw new DomainProofOwnershipException(Strings.ErrorManageDelegation2ProofDomainOwnership, ex);
}
throw new ProvisioningFederatedExchangeException(ex.LocalizedString, ex);
}
if (string.IsNullOrEmpty(federationTrust.ApplicationIdentifier))
{
if (appIdInfo == null || string.IsNullOrEmpty(appIdInfo.AppId))
{
throw new LiveDomainServicesException(Strings.ErrorLiveDomainServicesUnexpectedResult(Strings.ErrorInvalidApplicationId));
}
base.WriteVerbose(Strings.NewFederationTrustSuccessAppId(FederationTrust.PartnerSTSType.LiveId.ToString(), appIdInfo.AppId));
federationTrust.ApplicationIdentifier = appIdInfo.AppId.Trim();
}
base.ReserveDomain(wkgDomain, federationTrust.ApplicationIdentifier, client, Strings.ErrorManageDelegation2ProofDomainOwnership, () => LiveFederationProvision2.GetDomainStateFromDomainInfo(client.GetDomainInfo(federationTrust.ApplicationIdentifier, wkgDomain)));
using (ManageDelegation2Client manageDelegation = this.GetManageDelegation(text))
{
manageDelegation.AddUri(appIdInfo.AppId, text);
}
}
protected override void InternalValidate()
{
SharedConfigurationTaskHelper.VerifyIsNotTinyTenant(base.CurrentOrgState, new Task.ErrorLoggerDelegate(base.WriteError));
base.InternalValidate();
this.ConfigurationSession.SessionSettings.IsSharedConfigChecked = true;
FederatedOrganizationId federatedOrganizationId = this.ConfigurationSession.GetFederatedOrganizationId(base.DataObject.OrganizationId);
if (base.DataObject.Id.Equals(federatedOrganizationId.DefaultSharingPolicyLink))
{
base.WriteError(new CannotRemoveDefaultSharingPolicy(), ErrorCategory.InvalidOperation, this.Identity);
}
IRecipientSession tenantOrRootOrgRecipientSession;
if (this.ConfigurationSession.ConfigScope == ConfigScopes.TenantSubTree)
{
tenantOrRootOrgRecipientSession = DirectorySessionFactory.Default.GetTenantOrRootOrgRecipientSession(this.ConfigurationSession.DomainController, null, this.ConfigurationSession.Lcid, true, ConsistencyMode.PartiallyConsistent, this.ConfigurationSession.NetworkCredential, this.ConfigurationSession.SessionSettings, this.ConfigurationSession.ConfigScope, 68, "InternalValidate", "f:\\15.00.1497\\sources\\dev\\Management\\src\\Management\\SystemConfigurationTasks\\Federation\\RemoveSharingPolicy.cs");
}
else
{
tenantOrRootOrgRecipientSession = DirectorySessionFactory.Default.GetTenantOrRootOrgRecipientSession(this.ConfigurationSession.DomainController, null, this.ConfigurationSession.Lcid, true, ConsistencyMode.PartiallyConsistent, this.ConfigurationSession.NetworkCredential, this.ConfigurationSession.SessionSettings, 80, "InternalValidate", "f:\\15.00.1497\\sources\\dev\\Management\\src\\Management\\SystemConfigurationTasks\\Federation\\RemoveSharingPolicy.cs");
}
QueryFilter filter = new ComparisonFilter(ComparisonOperator.Equal, IADMailStorageSchema.SharingPolicy, base.DataObject.Id);
ADRecipient[] array = tenantOrRootOrgRecipientSession.Find(null, QueryScope.SubTree, filter, null, 1);
if (array.Length > 0)
{
base.WriteError(new CannotRemoveSharingPolicyWithUsersAssignedException(), ErrorCategory.InvalidOperation, this.Identity);
}
}
public SecurityTokenService GetSecurityTokenService(OrganizationId organizationId)
{
this.ThrowIfNotEnabled();
OrganizationIdCacheValue organizationIdCacheValue = OrganizationIdCache.Singleton.Get(organizationId);
FederatedOrganizationId federatedOrganizationId = organizationIdCacheValue.FederatedOrganizationId;
if (federatedOrganizationId == null)
{
ExternalAuthentication.ConfigurationTracer.TraceError <string>(0L, "Unable to find Federated Organization Identifier for organization {0}.", organizationId.ToString());
return(null);
}
if (federatedOrganizationId.DelegationTrustLink == null)
{
ExternalAuthentication.ConfigurationTracer.TraceError <string>(0L, "Unable to find configured delegation trust link for organization {0}.", organizationId.ToString());
return(null);
}
SecurityTokenService result;
if (this.securityTokenServices.TryGetValue(federatedOrganizationId.DelegationTrustLink, out result))
{
return(result);
}
ExternalAuthentication.ConfigurationTracer.TraceError <string, string>(0L, "Unable to find configured Security Token Service client for delegation trust link {0} for organization {1}.", federatedOrganizationId.DelegationTrustLink.DistinguishedName, organizationId.ToString());
ExternalAuthentication.ConfigurationTracer.TraceError <string>(0L, "Current Security Token Service client list is {0}.", this.SecurityTokenServicesIdentifiers);
return(null);
}
protected override IConfigurable PrepareDataObject()
{
TaskLogger.LogEnter();
this.ConfigurationSession.SessionSettings.IsSharedConfigChecked = true;
FederatedOrganizationId federatedOrganizationId = this.ConfigurationSession.GetFederatedOrganizationId();
string organization = (federatedOrganizationId.OrganizationId == null) ? "<No Org>" : federatedOrganizationId.OrganizationId.ToString();
string cn;
if (federatedOrganizationId.DefaultSharingPolicyLink != null)
{
this.skipProcessRecord = true;
base.WriteVerbose(Strings.FoundDefaultSharingPolicy(federatedOrganizationId.DefaultSharingPolicyLink.DistinguishedName, organization));
cn = Guid.NewGuid().ToString();
}
else
{
cn = this.GetDefaultSharingPolicyName();
base.WriteVerbose(Strings.InstallDefaultSharingPolicy(organization));
}
SharingPolicy sharingPolicy = (SharingPolicy)base.PrepareDataObject();
sharingPolicy.SetId(this.ConfigurationSession, cn);
sharingPolicy.Enabled = true;
sharingPolicy.Domains = new MultiValuedProperty <SharingPolicyDomain>(new SharingPolicyDomain[]
{
new SharingPolicyDomain("*", SharingPolicyAction.CalendarSharingFreeBusySimple)
});
sharingPolicy.Domains.Add(new SharingPolicyDomain("Anonymous", SharingPolicyAction.CalendarSharingFreeBusyReviewer));
TaskLogger.LogExit();
return(sharingPolicy);
}
// Token: 0x06000E62 RID: 3682 RVA: 0x00056A70 File Offset: 0x00054C70
private static ADObjectId GetDefaultSharingPolicyId(IConfigurationSession configurationSession)
{
FederatedOrganizationId federatedOrganizationId = configurationSession.GetFederatedOrganizationId(configurationSession.SessionSettings.CurrentOrganizationId);
if (federatedOrganizationId == null || federatedOrganizationId.DefaultSharingPolicyLink == null)
{
SharingPolicyCache.Tracer.TraceError <OrganizationId>(0L, "Could not find FederatedOrganizationId or DefaultSharingPolicyLink for Org {0}", configurationSession.SessionSettings.CurrentOrganizationId);
return(null);
}
SharingPolicyCache.Tracer.TraceDebug <OrganizationId, ADObjectId>(0L, "Found Default Policy Id {0} for Org {1} ", configurationSession.SessionSettings.CurrentOrganizationId, federatedOrganizationId.DefaultSharingPolicyLink);
return(federatedOrganizationId.DefaultSharingPolicyLink);
}
public static SharingPolicy ReadSharingPolicy(Guid mailboxGuid, bool isArchive, IRecipientSession recipientSession)
{
ADRecipient adrecipient = DirectoryHelper.ReadADRecipient(mailboxGuid, isArchive, recipientSession);
if (adrecipient == null)
{
throw new ObjectNotFoundException(ServerStrings.ADUserNotFound);
}
ADUser aduser = adrecipient as ADUser;
if (aduser == null)
{
ExTraceGlobals.StorageTracer.TraceError <ADRecipient>((long)mailboxGuid.GetHashCode(), "ExchangePrincipal::ReadSharingPolicy. This is not an ADUser so policy doesn't apply. Recipient = {0}.", adrecipient);
return(null);
}
ADObjectId adobjectId = aduser.SharingPolicy;
ADSessionSettings adsessionSettings;
if (SharedConfiguration.IsDehydratedConfiguration(aduser.OrganizationId))
{
SharedConfiguration sharedConfiguration = SharedConfiguration.GetSharedConfiguration(aduser.OrganizationId);
adsessionSettings = sharedConfiguration.GetSharedConfigurationSessionSettings();
}
else
{
adsessionSettings = aduser.OrganizationId.ToADSessionSettings();
adsessionSettings.IsSharedConfigChecked = true;
}
IConfigurationSession tenantOrTopologyConfigurationSession = DirectorySessionFactory.Default.GetTenantOrTopologyConfigurationSession(ConsistencyMode.IgnoreInvalid, adsessionSettings, 248, "ReadSharingPolicy", "f:\\15.00.1497\\sources\\dev\\data\\src\\storage\\DirectoryHelper.cs");
if (adobjectId == null)
{
FederatedOrganizationId federatedOrganizationId = tenantOrTopologyConfigurationSession.GetFederatedOrganizationId(tenantOrTopologyConfigurationSession.SessionSettings.CurrentOrganizationId);
if (federatedOrganizationId != null)
{
adobjectId = federatedOrganizationId.DefaultSharingPolicyLink;
}
}
SharingPolicy sharingPolicy = null;
if (adobjectId != null)
{
sharingPolicy = tenantOrTopologyConfigurationSession.Read <SharingPolicy>(adobjectId);
if (sharingPolicy == null)
{
throw new ObjectNotFoundException(ServerStrings.SharingPolicyNotFound(adobjectId.Name));
}
}
return(sharingPolicy);
}
protected override void InternalValidate()
{
TaskLogger.LogEnter();
SharedConfigurationTaskHelper.VerifyIsNotTinyTenant(base.CurrentOrgState, new Task.ErrorLoggerDelegate(base.WriteError));
base.InternalValidate();
if (this.isDefault)
{
this.ConfigurationSession.SessionSettings.IsSharedConfigChecked = true;
FederatedOrganizationId federatedOrganizationId = this.ConfigurationSession.GetFederatedOrganizationId(this.DataObject.OrganizationId);
if (federatedOrganizationId != null)
{
this.defaultChanged = !this.DataObject.Id.Equals(federatedOrganizationId.DefaultSharingPolicyLink);
}
}
TaskLogger.LogExit();
}
public static LicenseIdentity GetFederatedLicenseIdentity(OrganizationId organizationId)
{
ArgumentValidator.ThrowIfNull("organizationId", organizationId);
OrganizationIdCacheValue organizationIdCacheValue = OrganizationIdCache.Singleton.Get(organizationId);
FederatedOrganizationId federatedOrganizationId = (organizationIdCacheValue != null) ? organizationIdCacheValue.FederatedOrganizationId : null;
if (organizationIdCacheValue == null || organizationIdCacheValue.FederatedDomains == null || federatedOrganizationId == null || !federatedOrganizationId.Enabled || federatedOrganizationId.AccountNamespace == null || federatedOrganizationId.AccountNamespace.Domain == null)
{
Microsoft.Exchange.Diagnostics.Components.Data.Storage.ExTraceGlobals.RightsManagementTracer.TraceError <OrganizationId>(0L, "GetFederatedLicenseIdentity: Organization {0} does not have any federated domains.", organizationId);
throw new RightsManagementException(RightsManagementFailureCode.FederationNotEnabled, ServerStrings.FederationNotEnabled);
}
string tenantFederatedMailbox = RmsClientManager.IRMConfig.GetTenantFederatedMailbox(organizationId);
if (string.IsNullOrEmpty(tenantFederatedMailbox))
{
Microsoft.Exchange.Diagnostics.Components.Data.Storage.ExTraceGlobals.RightsManagementTracer.TraceError <OrganizationId>(0L, "GetFederatedLicenseIdentity: Organization {0} doesn't have federated identity set.", organizationId);
throw new RightsManagementException(RightsManagementFailureCode.FederatedMailboxNotSet, ServerStrings.FederatedMailboxNotSet(organizationId.ToString()));
}
string[] array = organizationIdCacheValue.FederatedDomains.ToArray <string>();
int num = 0;
while (num < array.Length && num < 50)
{
array[num] = string.Format(CultureInfo.InvariantCulture, "{0}{1}", new object[]
{
"@",
array[num]
});
num++;
}
if (organizationId == OrganizationId.ForestWideOrgId)
{
return(new LicenseIdentity(string.Format(CultureInfo.InvariantCulture, "{0}{1}{2}", new object[]
{
new SmtpAddress(tenantFederatedMailbox).Local,
"@",
federatedOrganizationId.AccountNamespace.Domain
}), array));
}
return(new LicenseIdentity(tenantFederatedMailbox, array));
}
internal static void SetDefaultSharingPolicy(IConfigurationSession session, OrganizationId organizationId, ADObjectId sharingPolicyId)
{
IConfigurationSession tenantOrTopologyConfigurationSession;
if (session.ConfigScope == ConfigScopes.TenantSubTree)
{
tenantOrTopologyConfigurationSession = DirectorySessionFactory.Default.GetTenantOrTopologyConfigurationSession(session.DomainController, false, ConsistencyMode.FullyConsistent, session.NetworkCredential, session.SessionSettings, session.ConfigScope, 199, "SetDefaultSharingPolicy", "f:\\15.00.1497\\sources\\dev\\Management\\src\\Management\\SystemConfigurationTasks\\Federation\\SetSharingPolicy.cs");
}
else
{
tenantOrTopologyConfigurationSession = DirectorySessionFactory.Default.GetTenantOrTopologyConfigurationSession(session.DomainController, false, ConsistencyMode.FullyConsistent, session.NetworkCredential, session.SessionSettings, 210, "SetDefaultSharingPolicy", "f:\\15.00.1497\\sources\\dev\\Management\\src\\Management\\SystemConfigurationTasks\\Federation\\SetSharingPolicy.cs");
}
tenantOrTopologyConfigurationSession.SessionSettings.IsSharedConfigChecked = true;
FederatedOrganizationId federatedOrganizationId = tenantOrTopologyConfigurationSession.GetFederatedOrganizationId(organizationId);
if (federatedOrganizationId != null)
{
federatedOrganizationId.DefaultSharingPolicyLink = sharingPolicyId;
tenantOrTopologyConfigurationSession.Save(federatedOrganizationId);
}
}
internal ADObjectId GetDefaultSharingPolicyId(ADObject user, SharedConfiguration sharedConfig)
{
ADObjectId result;
try
{
if (!this.defaultSharingPolicyIds.ContainsKey(user.OrganizationId))
{
IConfigurationSession configurationSession = this.GenerateIConfigurationSessionForShareableObjects(user.OrganizationId, sharedConfig);
FederatedOrganizationId federatedOrganizationId = configurationSession.GetFederatedOrganizationId(configurationSession.SessionSettings.CurrentOrganizationId);
this.defaultSharingPolicyIds[user.OrganizationId] = ((federatedOrganizationId != null) ? federatedOrganizationId.DefaultSharingPolicyLink : null);
}
result = this.defaultSharingPolicyIds[user.OrganizationId];
}
catch (DataSourceTransientException exception)
{
base.WriteError(exception, ErrorCategory.ReadError, null);
result = null;
}
return(result);
}
private void ProcessRemoveFederatedDomainRequest()
{
this.RemoveFederatedDomainFromSTS();
if (this.DomainName.Equals(this.DataObject.AccountNamespace) && !this.IsDatacenter)
{
string domain = this.DataObject.AccountNamespace.Domain;
base.ZapDanglingDomainTrusts();
this.DataObject.AccountNamespace = null;
this.DataObject.DelegationTrustLink = null;
this.DataObject.Enabled = false;
if (this.federationTrust != null && null != this.federationTrust.ApplicationUri)
{
string text = FederatedOrganizationId.RemoveHybridConfigurationWellKnownSubDomain(this.federationTrust.ApplicationUri.ToString());
if (text.Equals(domain, StringComparison.InvariantCultureIgnoreCase))
{
this.federationTrust.ApplicationUri = null;
this.federationTrust.ApplicationIdentifier = null;
base.DataSession.Save(this.federationTrust);
}
}
base.InternalProcessRecord();
return;
}
if (this.matchedAcceptedDomain != null && this.matchedAcceptedDomain.Id != null)
{
AcceptedDomain acceptedDomain = (AcceptedDomain)base.DataSession.Read <AcceptedDomain>(this.matchedAcceptedDomain.Id);
if (acceptedDomain == null)
{
this.WriteWarning(Strings.ErrorDomainNameNotAcceptedDomain(this.DomainName.Domain));
return;
}
if (acceptedDomain.FederatedOrganizationLink == null)
{
this.WriteWarning(Strings.ErrorDomainIsNotFederated(this.DomainName.Domain));
return;
}
acceptedDomain.FederatedOrganizationLink = null;
base.DataSession.Save(acceptedDomain);
}
}
AcceptedDomain[] IConfigurationSession.FindAcceptedDomainsByFederatedOrgId(FederatedOrganizationId federatedOrganizationId)
{
FfoDirectorySession.LogNotSupportedInFFO(null);
return(new AcceptedDomain[0]);
}
private void PrintConfiguration(ADUser user, FederationTrust fedTrust)
{
bool enabled = VariantConfiguration.InvariantNoFlightingSnapshot.Global.MultiTenancy.Enabled;
string text = enabled ? "Online" : "On-Prem";
bool flag = false;
HashSet <string> localFederatedDomains = this.GetLocalFederatedDomains(user);
int startIndex = user.GetFederatedIdentity().Identity.IndexOf('@') + 1;
string text2 = user.GetFederatedIdentity().Identity.Substring(startIndex);
if (localFederatedDomains.Contains(text2))
{
flag = true;
}
OrganizationId organizationId = user.OrganizationId;
OrganizationIdCacheValue organizationIdCacheValue = OrganizationIdCache.Singleton.Get(organizationId);
FederatedOrganizationId federatedOrganizationId = organizationIdCacheValue.FederatedOrganizationId;
string text3 = string.Concat(new string[]
{
Environment.NewLine,
Environment.NewLine,
"Printing current configuration...",
Environment.NewLine,
Environment.NewLine,
"---------------------------------------------------------------------",
Environment.NewLine,
"Online or On-Prem: ",
text,
Environment.NewLine,
Environment.NewLine,
"Printing configuration information (from FederationTrust): ",
Environment.NewLine,
"Name: ",
fedTrust.Name,
Environment.NewLine,
"TokenIssuerUri: ",
fedTrust.TokenIssuerUri.ToString(),
Environment.NewLine,
"TokenIssuerType: ",
fedTrust.TokenIssuerType.ToString(),
Environment.NewLine,
"TokenIssuerEpr: ",
fedTrust.TokenIssuerEpr.ToString(),
Environment.NewLine,
"TokenIssuerMetadataEpr: ",
fedTrust.TokenIssuerMetadataEpr.ToString(),
Environment.NewLine,
"TokenIssuerCertificateThumbprint: ",
fedTrust.TokenIssuerCertificate.Thumbprint.ToString(),
Environment.NewLine,
"TokenIssuerCertReference: ",
fedTrust.TokenIssuerCertReference,
Environment.NewLine,
"ApplicationIdentifier: ",
fedTrust.ApplicationIdentifier,
Environment.NewLine,
"ApplicationUri: ",
fedTrust.ApplicationUri.ToString(),
Environment.NewLine,
"OrgPublicCertificateThumbprint: ",
fedTrust.OrgCertificate.Thumbprint.ToString(),
Environment.NewLine,
"PolicyReferenceUri: ",
fedTrust.PolicyReferenceUri,
Environment.NewLine,
Environment.NewLine,
"Printing configuration information (from ADUser): ",
Environment.NewLine
});
if (flag)
{
text3 = text3 + "Domain Type: Federated" + Environment.NewLine;
}
else
{
text3 = text3 + "Domain Type: Managed" + Environment.NewLine;
}
text3 = string.Concat(new object[]
{
text3,
"Domain Name: ",
text2,
Environment.NewLine,
"Email: ",
user.GetFederatedSmtpAddress().ToString(),
Environment.NewLine,
"RST Identity Type = FederatedIdentity Type: ",
user.GetFederatedIdentity().Type,
Environment.NewLine,
"RST Idenitty Value = FederatedIdentity Value: ",
user.GetFederatedIdentity().Identity,
Environment.NewLine,
"ImmutableId: ",
user.ImmutableId.ToString(),
Environment.NewLine,
"msExchOnPremiseObjectGuid: ",
user.OnPremisesObjectId.ToString(),
Environment.NewLine,
"ObjectGuid: ",
user.Guid.ToString(),
Environment.NewLine
});
if (enabled)
{
text3 = text3 + "WindowsLiveID: " + user.WindowsLiveID.ToString() + Environment.NewLine;
}
else
{
text3 = text3 + "AccountNamespace: " + federatedOrganizationId.AccountNamespace.ToString() + Environment.NewLine;
}
text3 = string.Concat(new string[]
{
text3,
"SID: ",
user.Sid.ToString(),
Environment.NewLine,
"Organization ID: ",
user.OrganizationId.ToString(),
Environment.NewLine,
Environment.NewLine,
"Offer: ",
TestFederationTrust.TokenOffer.ToString(),
Environment.NewLine,
"---------------------------------------------------------------------",
Environment.NewLine
});
base.WriteVerbose(new LocalizedString(text3));
this.ValidateConfiguration(enabled, flag, user, text2);
}
private void ValidateSetParameters()
{
ADObjectId adobjectId = ADObjectIdResolutionHelper.ResolveDN(this.DataObject.DelegationTrustLink);
if (adobjectId != null && (string.IsNullOrEmpty(adobjectId.DistinguishedName) || adobjectId.Parent.Equals(this.ConfigurationSession.DeletedObjectsContainer)))
{
adobjectId = null;
}
if (this.DelegationFederationTrust == null && this.AccountNamespace == null)
{
if (adobjectId == null)
{
base.WriteError(new NoTrustConfiguredException(), ErrorCategory.InvalidOperation, this.DataObject.Identity);
}
this.noTrustToUpdate = true;
return;
}
if (this.DelegationFederationTrust != null)
{
if (this.AccountNamespace == null)
{
if (adobjectId != null)
{
return;
}
base.WriteError(new NoAccountNamespaceException(), ErrorCategory.InvalidOperation, this.DataObject.Identity);
}
}
else
{
base.WriteError(new CannotSpecifyAccountNamespaceWithoutTrustException(), ErrorCategory.InvalidOperation, this.DataObject.Identity);
}
if (this.DataObject.AccountNamespace != null)
{
string x = FederatedOrganizationId.ContainsHybridConfigurationWellKnownSubDomain(this.DataObject.AccountNamespace.Domain) ? FederatedOrganizationId.AddHybridConfigurationWellKnownSubDomain(this.AccountNamespace.Domain) : this.AccountNamespace.Domain;
if (!StringComparer.OrdinalIgnoreCase.Equals(x, this.DataObject.AccountNamespace.Domain) && adobjectId != null)
{
base.WriteError(new TrustAlreadyDefinedException(), ErrorCategory.InvalidOperation, this.DataObject.Identity);
}
if (adobjectId != null && !adobjectId.Equals(this.delegationTrustId))
{
base.WriteError(new TrustAlreadyDefinedException(), ErrorCategory.InvalidOperation, this.DataObject.Identity);
}
}
ADObjectId adobjectId2 = this.matchedAcceptedDomain.FederatedOrganizationLink;
if (adobjectId2 != null && adobjectId2.Parent.Equals(this.ConfigurationSession.DeletedObjectsContainer))
{
adobjectId2 = null;
}
if (adobjectId2 != null)
{
if (adobjectId2.ObjectGuid != this.DataObject.Id.ObjectGuid)
{
base.WriteError(new DomainAlreadyFederatedException(this.AccountNamespace.Domain), ErrorCategory.InvalidOperation, this.DataObject.Identity);
}
else
{
this.noTrustToUpdate = true;
}
}
TaskLogger.LogExit();
}
protected override void InternalProcessRecord()
{
if (base.Fields.IsModified("DefaultDomain"))
{
IEnumerable <AcceptedDomain> enumerable = base.DataSession.FindPaged <AcceptedDomain>(null, base.CurrentOrgContainerId, true, null, 1000);
foreach (AcceptedDomain acceptedDomain in enumerable)
{
if (acceptedDomain.IsDefaultFederatedDomain && (this.matchedDefaultAcceptedDomain == null || !this.matchedDefaultAcceptedDomain.Id.Equals(acceptedDomain.Id)))
{
acceptedDomain.IsDefaultFederatedDomain = false;
base.DataSession.Save(acceptedDomain);
}
}
if (this.matchedDefaultAcceptedDomain != null && !this.matchedDefaultAcceptedDomain.IsDefaultFederatedDomain)
{
this.matchedDefaultAcceptedDomain.IsDefaultFederatedDomain = true;
base.DataSession.Save(this.matchedDefaultAcceptedDomain);
this.defaultDomainChanged = true;
}
}
if (this.noTrustToUpdate)
{
if (this.IsObjectStateChanged())
{
base.InternalProcessRecord();
return;
}
}
else
{
base.ZapDanglingDomainTrusts();
this.ProvisionSTS();
SmtpDomain smtpDomain = this.AccountNamespace;
if (this.federationTrust.NamespaceProvisioner == FederationTrust.NamespaceProvisionerType.LiveDomainServices2)
{
smtpDomain = new SmtpDomain(FederatedOrganizationId.AddHybridConfigurationWellKnownSubDomain(this.AccountNamespace.Domain));
}
this.DataObject.AccountNamespace = smtpDomain;
this.DataObject.DelegationTrustLink = this.delegationTrustId;
if (!this.DataObject.IsModified(FederatedOrganizationIdSchema.Enabled))
{
this.DataObject.Enabled = true;
}
bool flag = false;
Uri applicationUri = null;
if (null == this.federationTrust.ApplicationUri)
{
if (!Uri.TryCreate(smtpDomain.Domain, UriKind.RelativeOrAbsolute, out applicationUri))
{
base.WriteError(new InvalidApplicationUriException(Strings.ErrorInvalidApplicationUri(this.AccountNamespace.Domain)), ErrorCategory.InvalidArgument, this.DataObject.Identity);
}
flag = true;
}
base.InternalProcessRecord();
if (flag)
{
this.federationTrust.ApplicationUri = applicationUri;
base.DataSession.Save(this.federationTrust);
}
AcceptedDomain acceptedDomain2 = (AcceptedDomain)base.DataSession.Read <AcceptedDomain>(this.matchedAcceptedDomain.Id);
acceptedDomain2.FederatedOrganizationLink = this.DataObject.Id;
acceptedDomain2.PendingFederatedAccountNamespace = false;
acceptedDomain2.PendingFederatedDomain = false;
base.DataSession.Save(acceptedDomain2);
}
}
public static void GenerateAddAndRemoveCollection(DataRow row, DataTable dataTable, DataObjectStore store)
{
if (store.GetDataObject("FederatedOrganizationIdentifier") == null)
{
return;
}
List <object> list = new List <object>();
if (dataTable.Rows[0]["SharingEnabledDomains"] != DBNull.Value)
{
foreach (object obj in ((IEnumerable)dataTable.Rows[0]["SharingEnabledDomains"]))
{
SharingDomain sharingDomain = (SharingDomain)obj;
list.Add((SmtpDomain)sharingDomain);
}
}
FederatedOrganizationIdWithDomainStatus federatedOrganizationIdWithDomainStatus = (FederatedOrganizationIdWithDomainStatus)store.GetDataObject("FederatedOrganizationIdentifier");
SmtpDomain smtpDomain = (federatedOrganizationIdWithDomainStatus.AccountNamespace == null) ? null : new SmtpDomain(FederatedOrganizationId.RemoveHybridConfigurationWellKnownSubDomain(federatedOrganizationIdWithDomainStatus.AccountNamespace.Domain));
if (smtpDomain == null && dataTable.Rows[0]["AccountNamespace"] != DBNull.Value)
{
smtpDomain = (SmtpDomain)((SharingDomain)dataTable.Rows[0]["AccountNamespace"]);
}
if (smtpDomain != null)
{
list.Remove(smtpDomain);
}
MultiValuedProperty <FederatedDomain> multiValuedProperty = (MultiValuedProperty <FederatedDomain>)store.GetValue("FederatedOrganizationIdentifier", "Domains");
List <object> list2 = new List <object>();
if (multiValuedProperty != null)
{
foreach (FederatedDomain federatedDomain in multiValuedProperty)
{
if (!federatedDomain.Domain.Domain.Equals(smtpDomain.Domain, StringComparison.InvariantCultureIgnoreCase))
{
SmtpDomain item = new SmtpDomain(federatedDomain.Domain.Domain);
if (list.Contains(item))
{
list.Remove(item);
}
else
{
list2.Add(item);
}
}
}
}
dataTable.Rows[0]["AddedSharingEnabledDomains"] = list;
dataTable.Rows[0]["RemovedSharingEnabledDomains"] = list2;
}
public FederatedOrganizationIdWithDomainStatus(FederatedOrganizationId dataObject) : base(dataObject)
{
}
public static void ExtractAccountNamespaceAndSharingDomains(DataRow row, DataTable dataTable, DataObjectStore store)
{
if (store.GetDataObject("FederatedOrganizationIdentifier") == null)
{
return;
}
FederatedOrganizationIdWithDomainStatus federatedOrganizationIdWithDomainStatus = (FederatedOrganizationIdWithDomainStatus)store.GetDataObject("FederatedOrganizationIdentifier");
SmtpDomain smtpDomain = (federatedOrganizationIdWithDomainStatus.AccountNamespace == null) ? null : new SmtpDomain(FederatedOrganizationId.RemoveHybridConfigurationWellKnownSubDomain(federatedOrganizationIdWithDomainStatus.AccountNamespace.Domain));
MultiValuedProperty <FederatedDomain> domains = federatedOrganizationIdWithDomainStatus.Domains;
dataTable.Rows[0]["HasAccountNamespace"] = false;
dataTable.Rows[0]["HasFederatedDomains"] = false;
if (smtpDomain != null)
{
List <object> list = new List <object>();
dataTable.Rows[0]["HasAccountNamespace"] = true;
dataTable.Rows[0]["Name"] = federatedOrganizationIdWithDomainStatus.AccountNamespace.Domain;
foreach (FederatedDomain federatedDomain in domains)
{
if (federatedDomain.Domain.Domain.Equals(smtpDomain.Domain, StringComparison.InvariantCultureIgnoreCase))
{
dataTable.Rows[0]["AccountNamespace"] = (SharingDomain)federatedDomain;
}
else
{
list.Add((SharingDomain)federatedDomain);
}
}
if (list.Count > 0)
{
dataTable.Rows[0]["SharingEnabledDomains"] = list;
dataTable.Rows[0]["HasFederatedDomains"] = true;
}
}
}
private ManageDelegation2Client GetManageDelegation(string domain)
{
string signingDomain = FederatedOrganizationId.RemoveHybridConfigurationWellKnownSubDomain(domain);
return(new ManageDelegation2Client(domain, signingDomain, base.CertificateThumbprint, base.WriteVerbose));
}
private FederationTrust GetFederationTrust(ADUser user)
{
base.WriteVerbose(new LocalizedString(string.Concat(new object[]
{
Environment.NewLine,
"using ADUser OrganizationId: ",
user.OrganizationId,
" "
})));
ADSessionSettings adsessionSettings = ADSessionSettings.FromOrganizationIdWithoutRbacScopes(ADSystemConfigurationSession.GetRootOrgContainerIdForLocalForest(), user.OrganizationId, null, false);
adsessionSettings.IsSharedConfigChecked = true;
IConfigurationSession tenantOrTopologyConfigurationSession = DirectorySessionFactory.Default.GetTenantOrTopologyConfigurationSession(this.DomainController, true, ConsistencyMode.IgnoreInvalid, adsessionSettings, 463, "GetFederationTrust", "f:\\15.00.1497\\sources\\dev\\Management\\src\\Management\\SystemConfigurationTasks\\Federation\\TestFederationTrust.cs");
FederatedOrganizationId federatedOrganizationId = tenantOrTopologyConfigurationSession.GetFederatedOrganizationId(user.OrganizationId);
if (federatedOrganizationId == null || !federatedOrganizationId.Enabled)
{
this.Log(EventTypeEnumeration.Information, TestFederationTrust.TestFederationTrustEventId.NoFederationTrust, Strings.NoFederationTrust);
return(null);
}
ADSessionSettings adsessionSettings2 = ADSessionSettings.FromRootOrgScopeSet();
adsessionSettings2.IsSharedConfigChecked = true;
IConfigurationSession tenantOrTopologyConfigurationSession2 = DirectorySessionFactory.Default.GetTenantOrTopologyConfigurationSession(this.DomainController, true, ConsistencyMode.IgnoreInvalid, adsessionSettings2, 486, "GetFederationTrust", "f:\\15.00.1497\\sources\\dev\\Management\\src\\Management\\SystemConfigurationTasks\\Federation\\TestFederationTrust.cs");
FederationTrust federationTrust = tenantOrTopologyConfigurationSession2.Read <FederationTrust>(federatedOrganizationId.DelegationTrustLink);
if (federationTrust == null)
{
this.Log(EventTypeEnumeration.Information, TestFederationTrust.TestFederationTrustEventId.NoFederationTrust, Strings.NoFederationTrust);
return(null);
}
StringBuilder stringBuilder = new StringBuilder();
bool flag = false;
if (string.IsNullOrEmpty(federationTrust.OrgPrivCertificate))
{
stringBuilder.Append("OrgPrivCertificate");
flag = true;
}
var array = new < > f__AnonymousType26 <object, string>[]
{
new
{
Value = federationTrust.TokenIssuerUri,
Name = "TokenIssuerUri"
},
new
{
Value = federationTrust.TokenIssuerEpr,
Name = "TokenIssuerEpr"
},
new
{
Value = federationTrust.ApplicationUri,
Name = "ApplicationUri"
},
new
{
Value = federationTrust.TokenIssuerCertificate,
Name = "TokenIssuerCertificate"
}
};
var array2 = array;
for (int i = 0; i < array2.Length; i++)
{
var <> f__AnonymousType = array2[i];
if (< > f__AnonymousType.Value == null)
{
if (stringBuilder.Length != 0)
{
stringBuilder.Append(",");
}
stringBuilder.Append(< > f__AnonymousType.Name);
flag = true;
}
}
if (flag)
{
this.Log(EventTypeEnumeration.Error, TestFederationTrust.TestFederationTrustEventId.FederationTrustConfiguration, Strings.MissingPropertyInFederationTrust(stringBuilder.ToString()));
return(null);
}
base.WriteVerbose(new LocalizedString(string.Concat(new object[]
{
Environment.NewLine,
Environment.NewLine,
"Retrieved FederationTrust object with the following properties: ",
Environment.NewLine,
"TokenIssuerUri: ",
federationTrust.TokenIssuerUri,
Environment.NewLine,
"TokenIssuerEpr: ",
federationTrust.TokenIssuerEpr,
Environment.NewLine,
"ApplicationUri: ",
federationTrust.ApplicationUri,
Environment.NewLine,
"TokenIssuerCertificate Thumbprint: ",
federationTrust.TokenIssuerCertificate.Thumbprint
})));
try
{
user.GetFederatedIdentity();
}
catch (LocalizedException ex)
{
base.WriteVerbose(Strings.FailureAndReason(Strings.FederatedOrganizationIdNotSet.ToString(), ex.ToString()));
this.Log(EventTypeEnumeration.Error, TestFederationTrust.TestFederationTrustEventId.FederationTrustConfiguration, Strings.FederatedOrganizationIdNotSet);
return(null);
}
try
{
user.GetFederatedSmtpAddress();
}
catch (LocalizedException ex2)
{
base.WriteVerbose(Strings.FailureAndReason(Strings.UserWithoutFederatedDomain.ToString(), ex2.ToString()));
this.Log(EventTypeEnumeration.Error, TestFederationTrust.TestFederationTrustEventId.FederationTrustConfiguration, Strings.UserWithoutFederatedDomain);
return(null);
}
this.Log(EventTypeEnumeration.Success, TestFederationTrust.TestFederationTrustEventId.FederationTrustConfiguration, Strings.FederationTrustValid);
return(federationTrust);
}
