private X509Certificate2 GetFederatedExchangeCertificates()
{
if (!string.IsNullOrEmpty(this.Thumbprint))
{
this.Thumbprint = FederationCertificate.UnifyThumbprintFormat(this.Thumbprint);
try
{
X509Certificate2 exchangeFederationCertByThumbprint = FederationCertificate.GetExchangeFederationCertByThumbprint(this.Thumbprint, new WriteVerboseDelegate(base.WriteVerbose));
if (exchangeFederationCertByThumbprint == null)
{
throw new FederationCertificateInvalidException(Strings.ErrorCertificateNotFound(this.Thumbprint));
}
FederationCertificate.ValidateCertificate(new ExchangeCertificate(exchangeFederationCertByThumbprint), NewFederationTrust.IsExchangeDataCenter());
return(exchangeFederationCertByThumbprint);
}
catch (LocalizedException exception)
{
base.WriteError(exception, ErrorCategory.InvalidArgument, null);
goto IL_7C;
}
}
base.WriteError(new FederationCertificateInvalidException(Strings.ErrorFederationCertificateNotSpecified), ErrorCategory.InvalidOperation, null);
IL_7C:
return(null);
}
private void TryPushCertificateInSameSite(string thumbprint)
{
if (this.SkipImmediateCertificateDeployment)
{
return;
}
if (!OAuthTaskHelper.IsDatacenter())
{
try
{
if (this.serverObject != null)
{
FederationCertificate.PushCertificate(this.serverObject, new Task.TaskProgressLoggingDelegate(base.WriteProgress), new Task.TaskWarningLoggingDelegate(this.WriteWarning), thumbprint);
}
else
{
FederationCertificate.PushCertificate(new Task.TaskProgressLoggingDelegate(base.WriteProgress), new Task.TaskWarningLoggingDelegate(this.WriteWarning), thumbprint);
}
}
catch (InvalidOperationException exception)
{
base.WriteError(exception, ErrorCategory.InvalidArgument, null);
}
catch (LocalizedException exception2)
{
base.WriteError(exception2, ErrorCategory.InvalidArgument, null);
}
}
}
protected override void InternalProcessRecord()
{
base.InternalProcessRecord();
if (base.HasErrors)
{
return;
}
Dictionary <TopologySite, List <TopologyServer> > dictionary = null;
TopologySite topologySite = null;
FederationCertificate.DiscoverServers(base.RootOrgGlobalConfigSession, false, out dictionary, out topologySite);
if (topologySite == null)
{
base.WriteError(new CannotGetLocalSiteException(), ErrorCategory.ReadError, null);
}
foreach (KeyValuePair <TopologySite, List <TopologyServer> > keyValuePair in dictionary)
{
foreach (TopologyServer topologyServer in keyValuePair.Value)
{
foreach (CertificateRecord certificateRecord in FederationCertificate.FederationCertificates(base.RootOrgGlobalConfigSession))
{
FederationTrustCertificateState state = FederationCertificate.TestForCertificate(topologyServer.Name, certificateRecord.Thumbprint);
FederationTrustCertificateStatus sendToPipeline = new FederationTrustCertificateStatus(keyValuePair.Key, topologyServer, state, certificateRecord.Thumbprint);
base.WriteObject(sendToPipeline);
}
}
}
}
private void ValidateNewCertificateParameters()
{
if (string.IsNullOrEmpty(this.NewCertificateThumbprint))
{
if (this.NewCertificateEffectiveDate != null && this.NewCertificateEffectiveDate != null)
{
if (base.Fields.IsModified(AuthConfigSchema.NextCertificateThumbprint) || string.IsNullOrEmpty(this.DataObject.NextCertificateThumbprint))
{
base.WriteError(new TaskException(Strings.ErrorAuthNewCertificateNeeded), ErrorCategory.InvalidArgument, null);
}
this.ValidateNewEffectiveDate();
return;
}
}
else
{
this.ValidateNewEffectiveDate();
this.NewCertificateThumbprint = FederationCertificate.UnifyThumbprintFormat(this.NewCertificateThumbprint);
this.ValidateCertificate(this.NewCertificateThumbprint, this.NewCertificateEffectiveDate);
if (!string.IsNullOrEmpty(this.DataObject.CurrentCertificateThumbprint) && string.Compare(this.NewCertificateThumbprint, this.DataObject.CurrentCertificateThumbprint, StringComparison.OrdinalIgnoreCase) == 0)
{
base.WriteError(new TaskException(Strings.ErrorAuthSameAsCurrent), ErrorCategory.InvalidArgument, null);
}
if (!string.IsNullOrEmpty(this.DataObject.PreviousCertificateThumbprint) && string.Compare(this.NewCertificateThumbprint, this.DataObject.PreviousCertificateThumbprint, StringComparison.OrdinalIgnoreCase) == 0)
{
this.WriteWarning(Strings.WarningCertificateSameAsPrevious(this.NewCertificateThumbprint));
}
}
}
public override void OnPublishFederationCertificate(FederationTrust federationTrust)
{
X509Certificate2 x509Certificate = FederationCertificate.LoadCertificateWithPrivateKey(federationTrust.OrgNextPrivCertificate, base.WriteVerbose);
string rawBase64Certificate = Convert.ToBase64String(x509Certificate.GetRawCertData());
using (ManageDelegation2Client manageDelegation = this.GetManageDelegation(federationTrust.ApplicationUri.OriginalString))
{
manageDelegation.UpdateAppIdCertificate(federationTrust.ApplicationIdentifier, rawBase64Certificate);
}
}
private void ValidateNextCertificate()
{
this.Thumbprint = FederationCertificate.UnifyThumbprintFormat(this.Thumbprint);
this.nextCertificate = FederationCertificate.GetExchangeFederationCertByThumbprint(this.Thumbprint, new WriteVerboseDelegate(base.WriteVerbose));
ExchangeCertificate exchangeCertificate = new ExchangeCertificate(this.nextCertificate);
FederationCertificate.ValidateCertificate(exchangeCertificate, this.IsDatacenter);
this.ValidateUniqueSki(exchangeCertificate, this.DataObject.OrgPrevCertificate);
this.ValidateUniqueSki(exchangeCertificate, this.DataObject.OrgCertificate);
}
public override void OnPublishFederationCertificate(FederationTrust federationTrust)
{
if (string.IsNullOrEmpty(federationTrust.AdministratorProvisioningId))
{
throw new NoAdministratorKeyFoundException(federationTrust.Name);
}
X509Certificate2 x509Certificate = FederationCertificate.LoadCertificateWithPrivateKey(federationTrust.OrgNextPrivCertificate, base.WriteVerbose);
string rawBase64Certificate = Convert.ToBase64String(x509Certificate.GetRawCertData());
using (ManageDelegation1Client manageDelegation = this.GetManageDelegation())
{
manageDelegation.UpdateAppIdCertificate(federationTrust.ApplicationIdentifier, federationTrust.AdministratorProvisioningId, rawBase64Certificate);
}
}
private void ValidateCurrentCertificateParameters()
{
if (!string.IsNullOrEmpty(this.CertificateThumbprint))
{
this.CertificateThumbprint = FederationCertificate.UnifyThumbprintFormat(this.CertificateThumbprint);
this.ValidateCertificate(this.CertificateThumbprint, null);
if (!string.IsNullOrEmpty(this.DataObject.PreviousCertificateThumbprint) && string.Compare(this.CertificateThumbprint, this.DataObject.PreviousCertificateThumbprint, StringComparison.OrdinalIgnoreCase) == 0)
{
this.WriteWarning(Strings.WarningCertificateSameAsPrevious(this.CertificateThumbprint));
return;
}
}
else
{
base.WriteError(new TaskException(Strings.ErrorAuthCannotDeleteCurrent), ErrorCategory.InvalidArgument, null);
}
}
// Token: 0x0600000A RID: 10 RVA: 0x000029E4 File Offset: 0x00000BE4
private void PullCertificate(List <TopologyServer> sourceServers, List <CertificateRecord> certsNeeded, Server destinationServer)
{
foreach (TopologyServer topologyServer in sourceServers)
{
Servicelet.Tracer.TraceDebug <TopologyServer>((long)this.GetHashCode(), "Testing Server: {0}", topologyServer);
if (!destinationServer.Id.Equals(topologyServer.Id))
{
List <CertificateRecord> list = new List <CertificateRecord>();
foreach (CertificateRecord certificateRecord in certsNeeded)
{
Servicelet.Tracer.TraceDebug <string>((long)this.GetHashCode(), "Testing Cert: {0}", certificateRecord.Thumbprint);
SecureString securePassword = FederationCertificate.GeneratePassword();
try
{
string base64cert = FederationCertificate.ExportCertificate(topologyServer.Name, securePassword, certificateRecord.Thumbprint);
FederationCertificate.ImportCertificate(destinationServer.Name, securePassword, base64cert);
FederationCertificate.EnableCertificateForNetworkService(destinationServer.Name, certificateRecord.Thumbprint);
list.Add(certificateRecord);
this.eventLogger.LogEvent(MSExchangeCertificateDeploymentEventLogConstants.Tuple_InstalledCertificate, null, new object[]
{
certificateRecord,
topologyServer.Name
});
}
catch (LocalizedException arg)
{
Servicelet.Tracer.TraceError <LocalizedException>((long)this.GetHashCode(), "Failed to Export/Import: {0}", arg);
}
catch (InvalidOperationException arg2)
{
Servicelet.Tracer.TraceError <InvalidOperationException>((long)this.GetHashCode(), "Failed to Export/Import: {0}", arg2);
}
}
foreach (CertificateRecord certificateRecord2 in list)
{
Servicelet.Tracer.TraceDebug <string>((long)this.GetHashCode(), "Succesfully Retrieved: {0}", certificateRecord2.Thumbprint);
certsNeeded.Remove(certificateRecord2);
}
if (certsNeeded.Count == 0)
{
break;
}
}
}
}
protected override void InternalProcessRecord()
{
this.DataObject.NamespaceProvisioner = this.NamespaceProvisionerType;
this.ProvisionSTS();
try
{
FederationCertificate.PushCertificate(new Task.TaskProgressLoggingDelegate(base.WriteProgress), new Task.TaskWarningLoggingDelegate(this.WriteWarning), this.Thumbprint);
}
catch (InvalidOperationException exception)
{
base.WriteError(exception, ErrorCategory.InvalidArgument, null);
}
catch (LocalizedException exception2)
{
base.WriteError(exception2, ErrorCategory.InvalidArgument, null);
}
base.InternalProcessRecord();
}
public override void OnNewFederationTrust(FederationTrust federationTrust)
{
X509Certificate x509Certificate = FederationCertificate.LoadCertificateWithPrivateKey(federationTrust.OrgPrivCertificate, base.WriteVerbose);
string rawBase64Certificate = Convert.ToBase64String(x509Certificate.GetRawCertData());
AppIdInfo appIdInfo = null;
using (ManageDelegation1Client manageDelegation = this.GetManageDelegation())
{
appIdInfo = manageDelegation.CreateAppId(rawBase64Certificate);
}
if (appIdInfo == null || string.IsNullOrEmpty(appIdInfo.AppId))
{
throw new LiveDomainServicesException(Strings.ErrorLiveDomainServicesUnexpectedResult(Strings.ErrorInvalidApplicationId));
}
federationTrust.ApplicationIdentifier = appIdInfo.AppId.Trim();
federationTrust.AdministratorProvisioningId = appIdInfo.AdminKey.Trim();
base.WriteVerbose(Strings.NewFederationTrustSuccessAppId(FederationTrust.PartnerSTSType.LiveId.ToString(), federationTrust.ApplicationIdentifier));
}
private void ProcessForCertificate(string thumbprint, string propertyName)
{
X509Certificate2 certificate = null;
try
{
certificate = FederationCertificate.LoadCertificateWithPrivateKey(thumbprint, new WriteVerboseDelegate(base.WriteVerbose));
}
catch (LocalizedException exception)
{
base.WriteError(exception, ErrorCategory.InvalidData, null);
}
byte[] signature = FederatedDomainProofAlgorithm.GetSignature(certificate, this.DomainName.Domain);
using (HashAlgorithm hashAlgorithm = new SHA512Cng())
{
byte[] inArray = hashAlgorithm.ComputeHash(signature);
base.WriteObject(new FederatedDomainProof(this.DomainName, propertyName, thumbprint, Convert.ToBase64String(inArray)));
}
}
public static void ValidateRemoteCertificate(string server, string thumbprint, DateTime?futurePublishDate, bool skipAutomatedDeploymentChecks, Task.TaskErrorLoggingDelegate writeError)
{
if (writeError == null)
{
throw new ArgumentNullException("writeError");
}
if (string.IsNullOrEmpty(thumbprint))
{
return;
}
ExchangeCertificate certificate = null;
FederationTrustCertificateState federationTrustCertificateState = FederationCertificate.TestForCertificate(server, thumbprint, out certificate);
if (federationTrustCertificateState == FederationTrustCertificateState.ServerUnreachable)
{
writeError(new TaskException(Strings.ErrorCannotContactServerForCert(server, thumbprint)), ErrorCategory.InvalidArgument, null);
}
else if (federationTrustCertificateState != FederationTrustCertificateState.Installed)
{
writeError(new TaskException(Strings.ErrorThumbprintNotFound(thumbprint)), ErrorCategory.InvalidArgument, null);
}
OAuthTaskHelper.ValidateCertificate(certificate, futurePublishDate, skipAutomatedDeploymentChecks, writeError);
}
// Token: 0x06000008 RID: 8 RVA: 0x00002878 File Offset: 0x00000A78
private List <CertificateRecord> GetFederationTrustCertificates()
{
IEnumerable <CertificateRecord> source = FederationCertificate.FederationCertificates(this.session);
return(source.ToList <CertificateRecord>());
}
// Token: 0x06000006 RID: 6 RVA: 0x000024D0 File Offset: 0x000006D0
private void PerformDistribution(List <CertificateRecord> certsRequired)
{
Servicelet.Tracer.TraceDebug((long)this.GetHashCode(), "PerformDistribution(): Entering");
List <CertificateRecord> list = new List <CertificateRecord>();
foreach (CertificateRecord certificateRecord in certsRequired)
{
string thumbprint = certificateRecord.Thumbprint;
Servicelet.Tracer.TraceDebug <string>((long)this.GetHashCode(), "Certificate Required: {0}", thumbprint);
ExchangeCertificate exchangeCertificate;
FederationTrustCertificateState federationTrustCertificateState = FederationCertificate.TestForCertificate(this.localServer.Name, thumbprint, out exchangeCertificate);
Servicelet.Tracer.TraceDebug <FederationTrustCertificateState>((long)this.GetHashCode(), "Certificate State: {0}", federationTrustCertificateState);
if (federationTrustCertificateState == FederationTrustCertificateState.NotInstalled)
{
list.Add(certificateRecord);
if (this.IsCurrentOrNextCertificate(certificateRecord))
{
this.eventLogger.LogEvent(MSExchangeCertificateDeploymentEventLogConstants.Tuple_NeedCertificate, null, new object[]
{
thumbprint
});
}
}
else if (federationTrustCertificateState == FederationTrustCertificateState.Installed)
{
if (this.IsCurrentOrNextCertificate(certificateRecord))
{
this.VerifyCertificateExpiration(exchangeCertificate);
}
if (!ManageExchangeCertificate.IsCertEnabledForNetworkService(exchangeCertificate))
{
Servicelet.Tracer.TraceDebug <string>((long)this.GetHashCode(), "Enabling for Network Service: {0}", thumbprint);
try
{
FederationCertificate.EnableCertificateForNetworkService(this.localServer.Name, thumbprint);
}
catch (LocalizedException ex)
{
Servicelet.Tracer.TraceError <LocalizedException>((long)this.GetHashCode(), "Failed to Enable for Network Service: {0}", ex);
this.eventLogger.LogEvent(MSExchangeCertificateDeploymentEventLogConstants.Tuple_EnableNetworkServiceException, null, new object[]
{
thumbprint,
ex
});
}
catch (InvalidOperationException ex2)
{
Servicelet.Tracer.TraceError <InvalidOperationException>((long)this.GetHashCode(), "Failed to Enable for Network Service: {0}", ex2);
this.eventLogger.LogEvent(MSExchangeCertificateDeploymentEventLogConstants.Tuple_EnableNetworkServiceException, null, new object[]
{
thumbprint,
ex2
});
}
}
}
}
if (list.Count != 0)
{
Dictionary <TopologySite, List <TopologyServer> > dictionary;
TopologySite topologySite;
FederationCertificate.DiscoverServers(this.session, true, out dictionary, out topologySite);
if (topologySite == null)
{
Servicelet.Tracer.TraceError((long)this.GetHashCode(), "Server is not associated with a site");
this.eventLogger.LogEvent(MSExchangeCertificateDeploymentEventLogConstants.Tuple_CannotFindLocalSite, null, null);
return;
}
List <TopologyServer> sourceServers;
if (dictionary.TryGetValue(topologySite, out sourceServers))
{
this.PullCertificate(sourceServers, list, this.localServer);
}
if (list.Count != 0)
{
foreach (KeyValuePair <TopologySite, List <TopologyServer> > keyValuePair in dictionary)
{
if (!keyValuePair.Key.Equals(topologySite))
{
this.PullCertificate(keyValuePair.Value, list, this.localServer);
if (list.Count == 0)
{
break;
}
}
}
}
}
foreach (CertificateRecord certificateRecord2 in list)
{
Servicelet.Tracer.TraceDebug <string>((long)this.GetHashCode(), "Certificate not found: {0}", certificateRecord2.Thumbprint);
if (this.IsCurrentOrNextCertificate(certificateRecord2))
{
this.eventLogger.LogEvent(MSExchangeCertificateDeploymentEventLogConstants.Tuple_CertificateNotFound, null, new object[]
{
certificateRecord2.Thumbprint
});
}
}
Servicelet.Tracer.TraceDebug((long)this.GetHashCode(), "PerformDistribution(): Exiting");
}
private void InternalProcessRecordInternal()
{
if (this.PublishFederationCertificate)
{
FederationProvision federationProvision = FederationProvision.Create(this.DataObject, this);
try
{
federationProvision.OnPublishFederationCertificate(this.DataObject);
}
catch (LocalizedException exception)
{
base.WriteError(exception, ErrorCategory.InvalidResult, null);
}
}
if (null != this.applicationUri)
{
this.DataObject.ApplicationUri = this.applicationUri;
}
if (this.Thumbprint != null)
{
if (!StringComparer.InvariantCultureIgnoreCase.Equals(this.DataObject.OrgNextPrivCertificate, this.Thumbprint))
{
this.DataObject.OrgNextCertificate = this.nextCertificate;
this.DataObject.OrgNextPrivCertificate = this.Thumbprint;
try
{
FederationCertificate.PushCertificate(new Task.TaskProgressLoggingDelegate(base.WriteProgress), new Task.TaskWarningLoggingDelegate(this.WriteWarning), this.Thumbprint);
}
catch (InvalidOperationException exception2)
{
base.WriteError(exception2, ErrorCategory.InvalidArgument, null);
}
catch (LocalizedException exception3)
{
base.WriteError(exception3, ErrorCategory.InvalidArgument, null);
}
if (this.DataObject.NamespaceProvisioner == FederationTrust.NamespaceProvisionerType.LiveDomainServices2)
{
this.WriteWarning(Strings.UpdateManageDelegation2ProvisioningInDNS);
}
}
else
{
base.WriteVerbose(Strings.IgnoringSameNextCertificate);
}
}
if (this.PublishFederationCertificate)
{
this.DataObject.OrgPrevCertificate = this.DataObject.OrgCertificate;
this.DataObject.OrgPrevPrivCertificate = this.DataObject.OrgPrivCertificate;
this.DataObject.OrgCertificate = this.DataObject.OrgNextCertificate;
this.DataObject.OrgPrivCertificate = this.DataObject.OrgNextPrivCertificate;
this.DataObject.OrgNextCertificate = null;
this.DataObject.OrgNextPrivCertificate = null;
if (this.DataObject.NamespaceProvisioner == FederationTrust.NamespaceProvisionerType.LiveDomainServices2)
{
this.WriteWarning(Strings.PublishManageDelegation2ProvisioningInDNS);
}
}
if (this.partnerFederationMetadata != null)
{
try
{
LivePartnerFederationMetadata.InitializeDataObjectFromMetadata(this.DataObject, this.partnerFederationMetadata, new WriteWarningDelegate(this.WriteWarning));
}
catch (FederationMetadataException exception4)
{
base.WriteError(exception4, ErrorCategory.MetadataError, null);
}
}
base.InternalProcessRecord();
}
