private HashSet <string> GetNonExpiredCertificateThumbprint(string source, params X509Certificate2[] certificatesToCheck)
{
HashSet <string> hashSet = new HashSet <string>();
foreach (X509Certificate2 x509Certificate in certificatesToCheck)
{
if (x509Certificate != null)
{
if (TestFederationTrust.IsExpiredCertificate(x509Certificate))
{
base.WriteVerbose(Strings.IgnoringExpiredCertificate(x509Certificate.Thumbprint, source));
}
else
{
hashSet.Add(x509Certificate.Thumbprint);
}
}
}
return(hashSet);
}
private X509Certificate2 GetOrganizationCertificate(X509Store store, string thumbprint, TestFederationTrust.TestFederationTrustEventId eventId, string propertyName)
{
X509Certificate2Collection x509Certificate2Collection = store.Certificates.Find(X509FindType.FindByThumbprint, thumbprint, false);
if (x509Certificate2Collection == null || x509Certificate2Collection.Count == 0 || x509Certificate2Collection[0] == null)
{
this.Log(EventTypeEnumeration.Error, eventId, Strings.FederationCertificateNotFound(propertyName));
return(null);
}
X509Certificate2 x509Certificate = x509Certificate2Collection[0];
if (TestFederationTrust.IsExpiredCertificate(x509Certificate))
{
this.Log(EventTypeEnumeration.Error, eventId, Strings.FederationCertificateExpired(propertyName));
return(null);
}
if (!this.IsValidPrivateKey(x509Certificate, eventId, propertyName))
{
this.Log(EventTypeEnumeration.Error, eventId, Strings.FederationCertificateHasNoPrivateKey(propertyName));
return(null);
}
this.Log(EventTypeEnumeration.Success, eventId, Strings.CertificateValid(propertyName));
return(x509Certificate);
}
private X509Certificate2[] GetStsCertificates(FederationTrust federationTrust)
{
bool flag = federationTrust.TokenIssuerCertificate != null && TestFederationTrust.IsExpiredCertificate(federationTrust.TokenIssuerCertificate);
bool flag2 = federationTrust.TokenIssuerPrevCertificate != null && TestFederationTrust.IsExpiredCertificate(federationTrust.TokenIssuerPrevCertificate);
LocalizedString message = flag ? Strings.CertificateExpired("TokenIssuerCertificate") : Strings.CertificateValid("TokenIssuerCertificate");
LocalizedString message2 = flag2 ? Strings.CertificateExpired("TokenIssuerPrevCertificate") : Strings.CertificateValid("TokenIssuerPrevCertificate");
if (!flag && !flag2)
{
base.WriteVerbose(new LocalizedString(string.Concat(new string[]
{
Environment.NewLine,
"Both STS trust certificates [current <",
federationTrust.TokenIssuerCertificate.Thumbprint,
"> and previous <",
federationTrust.TokenIssuerPrevCertificate.Thumbprint,
">] are valid."
})));
}
else if (!flag && flag2)
{
base.WriteVerbose(new LocalizedString(string.Concat(new string[]
{
Environment.NewLine,
"The current STS trust certificate <",
federationTrust.TokenIssuerCertificate.Thumbprint,
"> is valid, but the previous STS trust certificate <",
federationTrust.TokenIssuerPrevCertificate.Thumbprint,
"> has expired."
})));
}
else if (flag && !flag2)
{
base.WriteVerbose(new LocalizedString(string.Concat(new string[]
{
Environment.NewLine,
"The current STS trust certificate <",
federationTrust.TokenIssuerCertificate.Thumbprint,
"> has expired. The previous STS trust certificate <",
federationTrust.TokenIssuerPrevCertificate.Thumbprint,
"> is still valid."
})));
}
if (flag && flag2)
{
base.WriteVerbose(new LocalizedString(string.Concat(new string[]
{
Environment.NewLine,
"Both STS trust certificates [current <",
federationTrust.TokenIssuerCertificate.Thumbprint,
"> and previous <",
federationTrust.TokenIssuerPrevCertificate.Thumbprint,
">] have expired."
})));
if (federationTrust.TokenIssuerCertificate != null)
{
this.Log(EventTypeEnumeration.Error, TestFederationTrust.TestFederationTrustEventId.StsCertificate, message);
}
if (federationTrust.TokenIssuerPrevCertificate != null)
{
this.Log(EventTypeEnumeration.Error, TestFederationTrust.TestFederationTrustEventId.StsPreviousCertificate, message2);
}
return(null);
}
if (federationTrust.TokenIssuerCertificate != null)
{
this.Log(flag ? EventTypeEnumeration.Warning : EventTypeEnumeration.Success, TestFederationTrust.TestFederationTrustEventId.StsCertificate, message);
}
if (federationTrust.TokenIssuerPrevCertificate != null)
{
this.Log(flag2 ? EventTypeEnumeration.Warning : EventTypeEnumeration.Success, TestFederationTrust.TestFederationTrustEventId.StsPreviousCertificate, message2);
}
List <X509Certificate2> list = new List <X509Certificate2>(2);
if (federationTrust.TokenIssuerCertificate != null && !flag)
{
list.Add(federationTrust.TokenIssuerCertificate);
}
if (federationTrust.TokenIssuerPrevCertificate != null && !flag2)
{
list.Add(federationTrust.TokenIssuerPrevCertificate);
}
return(list.ToArray());
}
