private X509Certificate2 GetFederatedExchangeCertificates() { if (!string.IsNullOrEmpty(this.Thumbprint)) { this.Thumbprint = FederationCertificate.UnifyThumbprintFormat(this.Thumbprint); try { X509Certificate2 exchangeFederationCertByThumbprint = FederationCertificate.GetExchangeFederationCertByThumbprint(this.Thumbprint, new WriteVerboseDelegate(base.WriteVerbose)); if (exchangeFederationCertByThumbprint == null) { throw new FederationCertificateInvalidException(Strings.ErrorCertificateNotFound(this.Thumbprint)); } FederationCertificate.ValidateCertificate(new ExchangeCertificate(exchangeFederationCertByThumbprint), NewFederationTrust.IsExchangeDataCenter()); return(exchangeFederationCertByThumbprint); } catch (LocalizedException exception) { base.WriteError(exception, ErrorCategory.InvalidArgument, null); goto IL_7C; } } base.WriteError(new FederationCertificateInvalidException(Strings.ErrorFederationCertificateNotSpecified), ErrorCategory.InvalidOperation, null); IL_7C: return(null); }
private void TryPushCertificateInSameSite(string thumbprint) { if (this.SkipImmediateCertificateDeployment) { return; } if (!OAuthTaskHelper.IsDatacenter()) { try { if (this.serverObject != null) { FederationCertificate.PushCertificate(this.serverObject, new Task.TaskProgressLoggingDelegate(base.WriteProgress), new Task.TaskWarningLoggingDelegate(this.WriteWarning), thumbprint); } else { FederationCertificate.PushCertificate(new Task.TaskProgressLoggingDelegate(base.WriteProgress), new Task.TaskWarningLoggingDelegate(this.WriteWarning), thumbprint); } } catch (InvalidOperationException exception) { base.WriteError(exception, ErrorCategory.InvalidArgument, null); } catch (LocalizedException exception2) { base.WriteError(exception2, ErrorCategory.InvalidArgument, null); } } }
protected override void InternalProcessRecord() { base.InternalProcessRecord(); if (base.HasErrors) { return; } Dictionary <TopologySite, List <TopologyServer> > dictionary = null; TopologySite topologySite = null; FederationCertificate.DiscoverServers(base.RootOrgGlobalConfigSession, false, out dictionary, out topologySite); if (topologySite == null) { base.WriteError(new CannotGetLocalSiteException(), ErrorCategory.ReadError, null); } foreach (KeyValuePair <TopologySite, List <TopologyServer> > keyValuePair in dictionary) { foreach (TopologyServer topologyServer in keyValuePair.Value) { foreach (CertificateRecord certificateRecord in FederationCertificate.FederationCertificates(base.RootOrgGlobalConfigSession)) { FederationTrustCertificateState state = FederationCertificate.TestForCertificate(topologyServer.Name, certificateRecord.Thumbprint); FederationTrustCertificateStatus sendToPipeline = new FederationTrustCertificateStatus(keyValuePair.Key, topologyServer, state, certificateRecord.Thumbprint); base.WriteObject(sendToPipeline); } } } }
private void ValidateNewCertificateParameters() { if (string.IsNullOrEmpty(this.NewCertificateThumbprint)) { if (this.NewCertificateEffectiveDate != null && this.NewCertificateEffectiveDate != null) { if (base.Fields.IsModified(AuthConfigSchema.NextCertificateThumbprint) || string.IsNullOrEmpty(this.DataObject.NextCertificateThumbprint)) { base.WriteError(new TaskException(Strings.ErrorAuthNewCertificateNeeded), ErrorCategory.InvalidArgument, null); } this.ValidateNewEffectiveDate(); return; } } else { this.ValidateNewEffectiveDate(); this.NewCertificateThumbprint = FederationCertificate.UnifyThumbprintFormat(this.NewCertificateThumbprint); this.ValidateCertificate(this.NewCertificateThumbprint, this.NewCertificateEffectiveDate); if (!string.IsNullOrEmpty(this.DataObject.CurrentCertificateThumbprint) && string.Compare(this.NewCertificateThumbprint, this.DataObject.CurrentCertificateThumbprint, StringComparison.OrdinalIgnoreCase) == 0) { base.WriteError(new TaskException(Strings.ErrorAuthSameAsCurrent), ErrorCategory.InvalidArgument, null); } if (!string.IsNullOrEmpty(this.DataObject.PreviousCertificateThumbprint) && string.Compare(this.NewCertificateThumbprint, this.DataObject.PreviousCertificateThumbprint, StringComparison.OrdinalIgnoreCase) == 0) { this.WriteWarning(Strings.WarningCertificateSameAsPrevious(this.NewCertificateThumbprint)); } } }
public override void OnPublishFederationCertificate(FederationTrust federationTrust) { X509Certificate2 x509Certificate = FederationCertificate.LoadCertificateWithPrivateKey(federationTrust.OrgNextPrivCertificate, base.WriteVerbose); string rawBase64Certificate = Convert.ToBase64String(x509Certificate.GetRawCertData()); using (ManageDelegation2Client manageDelegation = this.GetManageDelegation(federationTrust.ApplicationUri.OriginalString)) { manageDelegation.UpdateAppIdCertificate(federationTrust.ApplicationIdentifier, rawBase64Certificate); } }
private void ValidateNextCertificate() { this.Thumbprint = FederationCertificate.UnifyThumbprintFormat(this.Thumbprint); this.nextCertificate = FederationCertificate.GetExchangeFederationCertByThumbprint(this.Thumbprint, new WriteVerboseDelegate(base.WriteVerbose)); ExchangeCertificate exchangeCertificate = new ExchangeCertificate(this.nextCertificate); FederationCertificate.ValidateCertificate(exchangeCertificate, this.IsDatacenter); this.ValidateUniqueSki(exchangeCertificate, this.DataObject.OrgPrevCertificate); this.ValidateUniqueSki(exchangeCertificate, this.DataObject.OrgCertificate); }
public override void OnPublishFederationCertificate(FederationTrust federationTrust) { if (string.IsNullOrEmpty(federationTrust.AdministratorProvisioningId)) { throw new NoAdministratorKeyFoundException(federationTrust.Name); } X509Certificate2 x509Certificate = FederationCertificate.LoadCertificateWithPrivateKey(federationTrust.OrgNextPrivCertificate, base.WriteVerbose); string rawBase64Certificate = Convert.ToBase64String(x509Certificate.GetRawCertData()); using (ManageDelegation1Client manageDelegation = this.GetManageDelegation()) { manageDelegation.UpdateAppIdCertificate(federationTrust.ApplicationIdentifier, federationTrust.AdministratorProvisioningId, rawBase64Certificate); } }
private void ValidateCurrentCertificateParameters() { if (!string.IsNullOrEmpty(this.CertificateThumbprint)) { this.CertificateThumbprint = FederationCertificate.UnifyThumbprintFormat(this.CertificateThumbprint); this.ValidateCertificate(this.CertificateThumbprint, null); if (!string.IsNullOrEmpty(this.DataObject.PreviousCertificateThumbprint) && string.Compare(this.CertificateThumbprint, this.DataObject.PreviousCertificateThumbprint, StringComparison.OrdinalIgnoreCase) == 0) { this.WriteWarning(Strings.WarningCertificateSameAsPrevious(this.CertificateThumbprint)); return; } } else { base.WriteError(new TaskException(Strings.ErrorAuthCannotDeleteCurrent), ErrorCategory.InvalidArgument, null); } }
// Token: 0x0600000A RID: 10 RVA: 0x000029E4 File Offset: 0x00000BE4 private void PullCertificate(List <TopologyServer> sourceServers, List <CertificateRecord> certsNeeded, Server destinationServer) { foreach (TopologyServer topologyServer in sourceServers) { Servicelet.Tracer.TraceDebug <TopologyServer>((long)this.GetHashCode(), "Testing Server: {0}", topologyServer); if (!destinationServer.Id.Equals(topologyServer.Id)) { List <CertificateRecord> list = new List <CertificateRecord>(); foreach (CertificateRecord certificateRecord in certsNeeded) { Servicelet.Tracer.TraceDebug <string>((long)this.GetHashCode(), "Testing Cert: {0}", certificateRecord.Thumbprint); SecureString securePassword = FederationCertificate.GeneratePassword(); try { string base64cert = FederationCertificate.ExportCertificate(topologyServer.Name, securePassword, certificateRecord.Thumbprint); FederationCertificate.ImportCertificate(destinationServer.Name, securePassword, base64cert); FederationCertificate.EnableCertificateForNetworkService(destinationServer.Name, certificateRecord.Thumbprint); list.Add(certificateRecord); this.eventLogger.LogEvent(MSExchangeCertificateDeploymentEventLogConstants.Tuple_InstalledCertificate, null, new object[] { certificateRecord, topologyServer.Name }); } catch (LocalizedException arg) { Servicelet.Tracer.TraceError <LocalizedException>((long)this.GetHashCode(), "Failed to Export/Import: {0}", arg); } catch (InvalidOperationException arg2) { Servicelet.Tracer.TraceError <InvalidOperationException>((long)this.GetHashCode(), "Failed to Export/Import: {0}", arg2); } } foreach (CertificateRecord certificateRecord2 in list) { Servicelet.Tracer.TraceDebug <string>((long)this.GetHashCode(), "Succesfully Retrieved: {0}", certificateRecord2.Thumbprint); certsNeeded.Remove(certificateRecord2); } if (certsNeeded.Count == 0) { break; } } } }
protected override void InternalProcessRecord() { this.DataObject.NamespaceProvisioner = this.NamespaceProvisionerType; this.ProvisionSTS(); try { FederationCertificate.PushCertificate(new Task.TaskProgressLoggingDelegate(base.WriteProgress), new Task.TaskWarningLoggingDelegate(this.WriteWarning), this.Thumbprint); } catch (InvalidOperationException exception) { base.WriteError(exception, ErrorCategory.InvalidArgument, null); } catch (LocalizedException exception2) { base.WriteError(exception2, ErrorCategory.InvalidArgument, null); } base.InternalProcessRecord(); }
public override void OnNewFederationTrust(FederationTrust federationTrust) { X509Certificate x509Certificate = FederationCertificate.LoadCertificateWithPrivateKey(federationTrust.OrgPrivCertificate, base.WriteVerbose); string rawBase64Certificate = Convert.ToBase64String(x509Certificate.GetRawCertData()); AppIdInfo appIdInfo = null; using (ManageDelegation1Client manageDelegation = this.GetManageDelegation()) { appIdInfo = manageDelegation.CreateAppId(rawBase64Certificate); } if (appIdInfo == null || string.IsNullOrEmpty(appIdInfo.AppId)) { throw new LiveDomainServicesException(Strings.ErrorLiveDomainServicesUnexpectedResult(Strings.ErrorInvalidApplicationId)); } federationTrust.ApplicationIdentifier = appIdInfo.AppId.Trim(); federationTrust.AdministratorProvisioningId = appIdInfo.AdminKey.Trim(); base.WriteVerbose(Strings.NewFederationTrustSuccessAppId(FederationTrust.PartnerSTSType.LiveId.ToString(), federationTrust.ApplicationIdentifier)); }
private void ProcessForCertificate(string thumbprint, string propertyName) { X509Certificate2 certificate = null; try { certificate = FederationCertificate.LoadCertificateWithPrivateKey(thumbprint, new WriteVerboseDelegate(base.WriteVerbose)); } catch (LocalizedException exception) { base.WriteError(exception, ErrorCategory.InvalidData, null); } byte[] signature = FederatedDomainProofAlgorithm.GetSignature(certificate, this.DomainName.Domain); using (HashAlgorithm hashAlgorithm = new SHA512Cng()) { byte[] inArray = hashAlgorithm.ComputeHash(signature); base.WriteObject(new FederatedDomainProof(this.DomainName, propertyName, thumbprint, Convert.ToBase64String(inArray))); } }
public static void ValidateRemoteCertificate(string server, string thumbprint, DateTime?futurePublishDate, bool skipAutomatedDeploymentChecks, Task.TaskErrorLoggingDelegate writeError) { if (writeError == null) { throw new ArgumentNullException("writeError"); } if (string.IsNullOrEmpty(thumbprint)) { return; } ExchangeCertificate certificate = null; FederationTrustCertificateState federationTrustCertificateState = FederationCertificate.TestForCertificate(server, thumbprint, out certificate); if (federationTrustCertificateState == FederationTrustCertificateState.ServerUnreachable) { writeError(new TaskException(Strings.ErrorCannotContactServerForCert(server, thumbprint)), ErrorCategory.InvalidArgument, null); } else if (federationTrustCertificateState != FederationTrustCertificateState.Installed) { writeError(new TaskException(Strings.ErrorThumbprintNotFound(thumbprint)), ErrorCategory.InvalidArgument, null); } OAuthTaskHelper.ValidateCertificate(certificate, futurePublishDate, skipAutomatedDeploymentChecks, writeError); }
// Token: 0x06000008 RID: 8 RVA: 0x00002878 File Offset: 0x00000A78 private List <CertificateRecord> GetFederationTrustCertificates() { IEnumerable <CertificateRecord> source = FederationCertificate.FederationCertificates(this.session); return(source.ToList <CertificateRecord>()); }
// Token: 0x06000006 RID: 6 RVA: 0x000024D0 File Offset: 0x000006D0 private void PerformDistribution(List <CertificateRecord> certsRequired) { Servicelet.Tracer.TraceDebug((long)this.GetHashCode(), "PerformDistribution(): Entering"); List <CertificateRecord> list = new List <CertificateRecord>(); foreach (CertificateRecord certificateRecord in certsRequired) { string thumbprint = certificateRecord.Thumbprint; Servicelet.Tracer.TraceDebug <string>((long)this.GetHashCode(), "Certificate Required: {0}", thumbprint); ExchangeCertificate exchangeCertificate; FederationTrustCertificateState federationTrustCertificateState = FederationCertificate.TestForCertificate(this.localServer.Name, thumbprint, out exchangeCertificate); Servicelet.Tracer.TraceDebug <FederationTrustCertificateState>((long)this.GetHashCode(), "Certificate State: {0}", federationTrustCertificateState); if (federationTrustCertificateState == FederationTrustCertificateState.NotInstalled) { list.Add(certificateRecord); if (this.IsCurrentOrNextCertificate(certificateRecord)) { this.eventLogger.LogEvent(MSExchangeCertificateDeploymentEventLogConstants.Tuple_NeedCertificate, null, new object[] { thumbprint }); } } else if (federationTrustCertificateState == FederationTrustCertificateState.Installed) { if (this.IsCurrentOrNextCertificate(certificateRecord)) { this.VerifyCertificateExpiration(exchangeCertificate); } if (!ManageExchangeCertificate.IsCertEnabledForNetworkService(exchangeCertificate)) { Servicelet.Tracer.TraceDebug <string>((long)this.GetHashCode(), "Enabling for Network Service: {0}", thumbprint); try { FederationCertificate.EnableCertificateForNetworkService(this.localServer.Name, thumbprint); } catch (LocalizedException ex) { Servicelet.Tracer.TraceError <LocalizedException>((long)this.GetHashCode(), "Failed to Enable for Network Service: {0}", ex); this.eventLogger.LogEvent(MSExchangeCertificateDeploymentEventLogConstants.Tuple_EnableNetworkServiceException, null, new object[] { thumbprint, ex }); } catch (InvalidOperationException ex2) { Servicelet.Tracer.TraceError <InvalidOperationException>((long)this.GetHashCode(), "Failed to Enable for Network Service: {0}", ex2); this.eventLogger.LogEvent(MSExchangeCertificateDeploymentEventLogConstants.Tuple_EnableNetworkServiceException, null, new object[] { thumbprint, ex2 }); } } } } if (list.Count != 0) { Dictionary <TopologySite, List <TopologyServer> > dictionary; TopologySite topologySite; FederationCertificate.DiscoverServers(this.session, true, out dictionary, out topologySite); if (topologySite == null) { Servicelet.Tracer.TraceError((long)this.GetHashCode(), "Server is not associated with a site"); this.eventLogger.LogEvent(MSExchangeCertificateDeploymentEventLogConstants.Tuple_CannotFindLocalSite, null, null); return; } List <TopologyServer> sourceServers; if (dictionary.TryGetValue(topologySite, out sourceServers)) { this.PullCertificate(sourceServers, list, this.localServer); } if (list.Count != 0) { foreach (KeyValuePair <TopologySite, List <TopologyServer> > keyValuePair in dictionary) { if (!keyValuePair.Key.Equals(topologySite)) { this.PullCertificate(keyValuePair.Value, list, this.localServer); if (list.Count == 0) { break; } } } } } foreach (CertificateRecord certificateRecord2 in list) { Servicelet.Tracer.TraceDebug <string>((long)this.GetHashCode(), "Certificate not found: {0}", certificateRecord2.Thumbprint); if (this.IsCurrentOrNextCertificate(certificateRecord2)) { this.eventLogger.LogEvent(MSExchangeCertificateDeploymentEventLogConstants.Tuple_CertificateNotFound, null, new object[] { certificateRecord2.Thumbprint }); } } Servicelet.Tracer.TraceDebug((long)this.GetHashCode(), "PerformDistribution(): Exiting"); }
private void InternalProcessRecordInternal() { if (this.PublishFederationCertificate) { FederationProvision federationProvision = FederationProvision.Create(this.DataObject, this); try { federationProvision.OnPublishFederationCertificate(this.DataObject); } catch (LocalizedException exception) { base.WriteError(exception, ErrorCategory.InvalidResult, null); } } if (null != this.applicationUri) { this.DataObject.ApplicationUri = this.applicationUri; } if (this.Thumbprint != null) { if (!StringComparer.InvariantCultureIgnoreCase.Equals(this.DataObject.OrgNextPrivCertificate, this.Thumbprint)) { this.DataObject.OrgNextCertificate = this.nextCertificate; this.DataObject.OrgNextPrivCertificate = this.Thumbprint; try { FederationCertificate.PushCertificate(new Task.TaskProgressLoggingDelegate(base.WriteProgress), new Task.TaskWarningLoggingDelegate(this.WriteWarning), this.Thumbprint); } catch (InvalidOperationException exception2) { base.WriteError(exception2, ErrorCategory.InvalidArgument, null); } catch (LocalizedException exception3) { base.WriteError(exception3, ErrorCategory.InvalidArgument, null); } if (this.DataObject.NamespaceProvisioner == FederationTrust.NamespaceProvisionerType.LiveDomainServices2) { this.WriteWarning(Strings.UpdateManageDelegation2ProvisioningInDNS); } } else { base.WriteVerbose(Strings.IgnoringSameNextCertificate); } } if (this.PublishFederationCertificate) { this.DataObject.OrgPrevCertificate = this.DataObject.OrgCertificate; this.DataObject.OrgPrevPrivCertificate = this.DataObject.OrgPrivCertificate; this.DataObject.OrgCertificate = this.DataObject.OrgNextCertificate; this.DataObject.OrgPrivCertificate = this.DataObject.OrgNextPrivCertificate; this.DataObject.OrgNextCertificate = null; this.DataObject.OrgNextPrivCertificate = null; if (this.DataObject.NamespaceProvisioner == FederationTrust.NamespaceProvisionerType.LiveDomainServices2) { this.WriteWarning(Strings.PublishManageDelegation2ProvisioningInDNS); } } if (this.partnerFederationMetadata != null) { try { LivePartnerFederationMetadata.InitializeDataObjectFromMetadata(this.DataObject, this.partnerFederationMetadata, new WriteWarningDelegate(this.WriteWarning)); } catch (FederationMetadataException exception4) { base.WriteError(exception4, ErrorCategory.MetadataError, null); } } base.InternalProcessRecord(); }