private void ValidateFederationTrustCertificatesWithFederationMetadata(FederationTrust federationTrust)
{
if (federationTrust.TokenIssuerMetadataEpr == null)
{
this.Log(EventTypeEnumeration.Information, TestFederationTrust.TestFederationTrustEventId.FederationMetadata, Strings.NoFederationMetadataEpr);
return;
}
PartnerFederationMetadata partnerFederationMetadata = null;
try
{
partnerFederationMetadata = LivePartnerFederationMetadata.LoadFrom(federationTrust.TokenIssuerMetadataEpr, new WriteVerboseDelegate(base.WriteVerbose));
}
catch (FederationMetadataException ex)
{
this.Log(EventTypeEnumeration.Error, TestFederationTrust.TestFederationTrustEventId.FederationMetadata, Strings.RetrieveFederationMetadataFailed);
base.WriteVerbose(Strings.FailureAndReason(Strings.RetrieveFederationMetadataFailed.ToString(), ex.ToString()));
return;
}
HashSet <string> nonExpiredCertificateThumbprint = this.GetNonExpiredCertificateThumbprint(federationTrust.TokenIssuerMetadataEpr.ToString(), new X509Certificate2[]
{
partnerFederationMetadata.TokenIssuerCertificate,
partnerFederationMetadata.TokenIssuerPrevCertificate
});
HashSet <string> nonExpiredCertificateThumbprint2 = this.GetNonExpiredCertificateThumbprint("FederationTrust", new X509Certificate2[]
{
federationTrust.TokenIssuerCertificate,
federationTrust.TokenIssuerPrevCertificate
});
base.WriteVerbose(new LocalizedString(string.Concat(new string[]
{
Environment.NewLine,
Environment.NewLine,
"Federation Trust Certificates: ",
Environment.NewLine,
"TokenIssuerCertificate: ",
federationTrust.TokenIssuerCertificate.Thumbprint,
Environment.NewLine,
"TokenIssuerPrevCertificate: ",
federationTrust.TokenIssuerPrevCertificate.Thumbprint,
Environment.NewLine,
Environment.NewLine,
"Federation Metadata Certificates: ",
Environment.NewLine,
"TokenIssuerCertificate: ",
partnerFederationMetadata.TokenIssuerCertificate.Thumbprint,
Environment.NewLine,
"TokenIssuerPrevCertificate: ",
partnerFederationMetadata.TokenIssuerPrevCertificate.Thumbprint
})));
if (nonExpiredCertificateThumbprint.SetEquals(nonExpiredCertificateThumbprint2))
{
this.Log(EventTypeEnumeration.Success, TestFederationTrust.TestFederationTrustEventId.FederationMetadata, Strings.FederationTrustHasAllStsCertificates);
return;
}
this.Log(EventTypeEnumeration.Error, TestFederationTrust.TestFederationTrustEventId.FederationMetadata, Strings.FederationTrustHasOutdatedCertificates);
}
private void ProvisionSTS()
{
int num = 0;
num += 30;
base.WriteProgress(Strings.ProgressActivityNewFederationTrust, Strings.ProgressActivityGetFederationMetadata, num);
Uri uri = this.MetadataUrl;
if (uri == null)
{
uri = LiveConfiguration.GetLiveIdFederationMetadataEpr(this.NamespaceProvisionerType);
}
try
{
PartnerFederationMetadata partnerFederationMetadata = LivePartnerFederationMetadata.LoadFrom(uri, new WriteVerboseDelegate(base.WriteVerbose));
LivePartnerFederationMetadata.InitializeDataObjectFromMetadata(this.DataObject, partnerFederationMetadata, new WriteWarningDelegate(this.WriteWarning));
}
catch (FederationMetadataException exception)
{
base.WriteError(exception, ErrorCategory.MetadataError, null);
}
this.DataObject.TokenIssuerType = FederationTrust.PartnerSTSType.LiveId;
this.DataObject.MetadataEpr = null;
this.DataObject.MetadataPutEpr = null;
this.DataObject.MetadataPollInterval = LiveConfiguration.DefaultFederatedMetadataTimeout;
num += 30;
base.WriteProgress(Strings.ProgressActivityNewFederationTrust, Strings.NewFederationTrustProvisioningService(FederationTrust.PartnerSTSType.LiveId.ToString()), num);
base.WriteVerbose(Strings.NewFederationTrustProvisioningService(FederationTrust.PartnerSTSType.LiveId.ToString()));
num += 30;
base.WriteProgress(Strings.ProgressActivityNewFederationTrust, Strings.ProgressActivityCreateAppId, num);
FederationProvision federationProvision = FederationProvision.Create(this.DataObject, this);
try
{
federationProvision.OnNewFederationTrust(this.DataObject);
}
catch (LocalizedException ex)
{
base.WriteError(new ProvisioningFederatedExchangeException(ex.Message, ex), ErrorCategory.NotSpecified, null);
}
base.WriteProgress(Strings.ProgressActivityNewFederationTrust, Strings.ProgressStatusFinished, 100);
switch (this.NamespaceProvisionerType)
{
case FederationTrust.NamespaceProvisionerType.LiveDomainServices:
this.WriteWarning(Strings.ManageDelegationProvisioningInDNS(this.DataObject.ApplicationIdentifier));
return;
case FederationTrust.NamespaceProvisionerType.LiveDomainServices2:
this.WriteWarning(Strings.ManageDelegation2ProvisioningInDNS);
return;
default:
return;
}
}
private void UpdateFederationMetadata()
{
try
{
this.partnerFederationMetadata = LivePartnerFederationMetadata.LoadFrom(this.MetadataUrlToUse, new WriteVerboseDelegate(base.WriteVerbose));
}
catch (FederationMetadataException exception)
{
base.WriteError(exception, ErrorCategory.MetadataError, null);
}
}
private bool ProcessFederationTrust(FederationTrust federationTrust)
{
PartnerFederationMetadata partnerFederationMetadata = null;
try
{
partnerFederationMetadata = LivePartnerFederationMetadata.LoadFrom(federationTrust.TokenIssuerMetadataEpr, null);
}
catch (FederationMetadataException ex)
{
this.Context.Logger.LogTerseEvent(MigrationEventType.Error, MSExchangeAuthAdminEventLogConstants.Tuple_UnableToAccessMetadata, new string[]
{
ex.Message,
federationTrust.TokenIssuerMetadataEpr.OriginalString,
federationTrust.Name
});
}
catch (Exception ex2)
{
this.Context.Logger.LogTerseEvent(MigrationEventType.Error, MSExchangeAuthAdminEventLogConstants.Tuple_UnableToAccessMetadata, new string[]
{
AnchorLogger.GetDiagnosticInfo(ex2, null),
federationTrust.TokenIssuerMetadataEpr.OriginalString,
federationTrust.Name
});
}
if (partnerFederationMetadata == null)
{
return(false);
}
List <LocalizedString> warningMessages = new List <LocalizedString>();
try
{
LivePartnerFederationMetadata.InitializeDataObjectFromMetadata(federationTrust, partnerFederationMetadata, delegate(LocalizedString localizedString)
{
warningMessages.Add(localizedString);
});
}
catch (FederationMetadataException ex3)
{
this.Context.Logger.LogTerseEvent(MigrationEventType.Error, MSExchangeAuthAdminEventLogConstants.Tuple_CorruptMetadata, new string[]
{
ex3.Message,
federationTrust.TokenIssuerMetadataEpr.OriginalString,
federationTrust.Name
});
}
catch (Exception ex4)
{
this.Context.Logger.LogTerseEvent(MigrationEventType.Error, MSExchangeAuthAdminEventLogConstants.Tuple_UnableToAccessMetadata, new string[]
{
AnchorLogger.GetDiagnosticInfo(ex4, null),
federationTrust.TokenIssuerMetadataEpr.OriginalString,
federationTrust.Name
});
}
if (warningMessages.Count > 0)
{
StringBuilder stringBuilder = new StringBuilder();
foreach (LocalizedString localizedString2 in warningMessages)
{
stringBuilder.AppendFormat("{0};", localizedString2.ToString());
}
this.Context.Logger.LogTerseEvent(MigrationEventType.Warning, MSExchangeAuthAdminEventLogConstants.Tuple_Warning, new string[]
{
federationTrust.Name,
stringBuilder.ToString()
});
}
return(federationTrust.ObjectState == ObjectState.Changed);
}
private void InternalProcessRecordInternal()
{
if (this.PublishFederationCertificate)
{
FederationProvision federationProvision = FederationProvision.Create(this.DataObject, this);
try
{
federationProvision.OnPublishFederationCertificate(this.DataObject);
}
catch (LocalizedException exception)
{
base.WriteError(exception, ErrorCategory.InvalidResult, null);
}
}
if (null != this.applicationUri)
{
this.DataObject.ApplicationUri = this.applicationUri;
}
if (this.Thumbprint != null)
{
if (!StringComparer.InvariantCultureIgnoreCase.Equals(this.DataObject.OrgNextPrivCertificate, this.Thumbprint))
{
this.DataObject.OrgNextCertificate = this.nextCertificate;
this.DataObject.OrgNextPrivCertificate = this.Thumbprint;
try
{
FederationCertificate.PushCertificate(new Task.TaskProgressLoggingDelegate(base.WriteProgress), new Task.TaskWarningLoggingDelegate(this.WriteWarning), this.Thumbprint);
}
catch (InvalidOperationException exception2)
{
base.WriteError(exception2, ErrorCategory.InvalidArgument, null);
}
catch (LocalizedException exception3)
{
base.WriteError(exception3, ErrorCategory.InvalidArgument, null);
}
if (this.DataObject.NamespaceProvisioner == FederationTrust.NamespaceProvisionerType.LiveDomainServices2)
{
this.WriteWarning(Strings.UpdateManageDelegation2ProvisioningInDNS);
}
}
else
{
base.WriteVerbose(Strings.IgnoringSameNextCertificate);
}
}
if (this.PublishFederationCertificate)
{
this.DataObject.OrgPrevCertificate = this.DataObject.OrgCertificate;
this.DataObject.OrgPrevPrivCertificate = this.DataObject.OrgPrivCertificate;
this.DataObject.OrgCertificate = this.DataObject.OrgNextCertificate;
this.DataObject.OrgPrivCertificate = this.DataObject.OrgNextPrivCertificate;
this.DataObject.OrgNextCertificate = null;
this.DataObject.OrgNextPrivCertificate = null;
if (this.DataObject.NamespaceProvisioner == FederationTrust.NamespaceProvisionerType.LiveDomainServices2)
{
this.WriteWarning(Strings.PublishManageDelegation2ProvisioningInDNS);
}
}
if (this.partnerFederationMetadata != null)
{
try
{
LivePartnerFederationMetadata.InitializeDataObjectFromMetadata(this.DataObject, this.partnerFederationMetadata, new WriteWarningDelegate(this.WriteWarning));
}
catch (FederationMetadataException exception4)
{
base.WriteError(exception4, ErrorCategory.MetadataError, null);
}
}
base.InternalProcessRecord();
}
