private SharingPolicyDomain GetEffectiveCalendarSharingPolicy(string recipientDomain, IFrontEndLocator frontEndLocator) { SharingPolicyDomain sharingPolicyDomain = null; SharingPolicyDomain sharingPolicyDomain2 = null; bool enabled = ExternalAuthentication.GetCurrent().Enabled; bool flag = false; this.TraceDebug("External authentication enabled:{0}", new object[] { enabled }); foreach (SharingPolicyDomain sharingPolicyDomain3 in this.SharingPolicy.Domains) { if (enabled) { if (StringComparer.OrdinalIgnoreCase.Equals(sharingPolicyDomain3.Domain, recipientDomain)) { this.TraceDebug("Found exact policy for domain {0}", new object[] { sharingPolicyDomain3.Domain }); sharingPolicyDomain = sharingPolicyDomain3; } else if (sharingPolicyDomain == null && StringComparer.OrdinalIgnoreCase.Equals(sharingPolicyDomain3.Domain, "*")) { this.TraceDebug("Found asterisk policy", new object[0]); sharingPolicyDomain = sharingPolicyDomain3; flag = true; } } if (StringComparer.OrdinalIgnoreCase.Equals(sharingPolicyDomain3.Domain, "Anonymous")) { if (OwaAnonymousVdirLocater.Instance.IsPublishingAvailable(this.mailboxOwner, frontEndLocator)) { this.TraceDebug("Found anonymous policy", new object[0]); sharingPolicyDomain2 = sharingPolicyDomain3; } else { this.TraceDebug("Found anonymous policy but publishing is not allowed", new object[0]); } } } if (flag && sharingPolicyDomain2 != null && PolicyAllowedDetailLevel.GetMaxAllowed(sharingPolicyDomain.Actions) <= PolicyAllowedDetailLevel.GetMaxAllowed(sharingPolicyDomain2.Actions)) { this.TraceDebug("Override AsteriskPolicy with anonymous policy", new object[0]); sharingPolicyDomain = null; } if (sharingPolicyDomain != null) { if (TargetUriResolver.Resolve(recipientDomain, this.mailboxOwner.MailboxInfo.OrganizationId) != null) { return(sharingPolicyDomain); } this.TraceDebug("Target domain '{0}' is not federated", new object[] { recipientDomain }); } return(sharingPolicyDomain2); }
public EncryptionResults Encrypt(IExchangePrincipal mailboxOwner, IRecipientSession recipientSession, ExternalUserCollection externalUserCollection, ValidRecipient[] recipients, string sender, string containerClass, string folderId, IFrontEndLocator frontEndLocator) { SharingDataType sharingDataType = SharingDataType.FromContainerClass(containerClass); if (sharingDataType == null || !sharingDataType.IsExternallySharable) { throw new ArgumentOutOfRangeException("containerClass"); } ADUser aduser = DirectoryHelper.ReadADRecipient(mailboxOwner.MailboxInfo.MailboxGuid, mailboxOwner.MailboxInfo.IsArchive, recipientSession) as ADUser; if (aduser == null) { SharedFolderDataEncryption.Tracer.TraceError <SharedFolderDataEncryption, string>((long)this.GetHashCode(), "{0}: The Active Directory user was not found. Sender={1}.", this, sender); throw new ObjectNotFoundException(ServerStrings.ADUserNotFound); } ProxyAddress item = new SmtpProxyAddress(sender, false); if (!aduser.EmailAddresses.Contains(item)) { SharedFolderDataEncryption.Tracer.TraceError <SharedFolderDataEncryption, string>((long)this.GetHashCode(), "{0}: The SMTP address was not found in the user AD object for this mailbox. Sender={1}.", this, sender); throw new ObjectNotFoundException(ServerStrings.ADUserNotFound); } SharingPolicy sharingPolicy = DirectoryHelper.ReadSharingPolicy(mailboxOwner.MailboxInfo.MailboxGuid, mailboxOwner.MailboxInfo.IsArchive, recipientSession); SharedFolderDataEncryption.Tracer.TraceDebug <SharedFolderDataEncryption, object>((long)this.GetHashCode(), "{0}: Sharing policy to be applied to this user: {1}", this, (sharingPolicy == null) ? "<null>" : sharingPolicy.Id); SharingPolicyAction sharingPolicyActions = SharedFolderDataEncryption.GetSharingPolicyActions(sharingDataType.StoreObjectType); SharedFolderDataRecipient[] externalIdentities = SharedFolderDataEncryption.GetExternalIdentities(externalUserCollection, recipients); List <InvalidRecipient> list = new List <InvalidRecipient>(); Dictionary <TokenTarget, List <SharedFolderDataRecipient> > dictionary = new Dictionary <TokenTarget, List <SharedFolderDataRecipient> >(externalIdentities.Length, SharedFolderDataEncryption.TokenTargetComparer); for (int i = 0; i < recipients.Length; i++) { SharedFolderDataRecipient item2 = externalIdentities[i]; ValidRecipient validRecipient = recipients[i]; SmtpAddress smtpAddress = new SmtpAddress(validRecipient.SmtpAddress); string domain = smtpAddress.Domain; if (sharingPolicy == null || !sharingPolicy.IsAllowedForAnySharing(domain, sharingPolicyActions)) { SharedFolderDataEncryption.Tracer.TraceDebug <string>((long)this.GetHashCode(), "Sharing policy does not allow user to share with domain {0}", domain); list.Add(new InvalidRecipient(validRecipient.SmtpAddress, InvalidRecipientResponseCodeType.SystemPolicyBlocksSharingWithThisRecipient)); } else { SmtpAddress smtpAddress2 = new SmtpAddress(validRecipient.SmtpAddressForEncryption); TokenTarget tokenTarget = TargetUriResolver.Resolve(smtpAddress2.Domain, aduser.OrganizationId); if (tokenTarget == null) { list.Add(new InvalidRecipient(validRecipient.SmtpAddress, InvalidRecipientResponseCodeType.RecipientOrganizationNotFederated)); } else { List <SharedFolderDataRecipient> list2; if (!dictionary.TryGetValue(tokenTarget, out list2)) { list2 = new List <SharedFolderDataRecipient>(1); dictionary.Add(tokenTarget, list2); } list2.Add(item2); } } } List <EncryptedSharedFolderData> list3 = new List <EncryptedSharedFolderData>(dictionary.Count); SharedFolderData sharedFolderData = new SharedFolderData(); sharedFolderData.DataType = sharingDataType.ExternalName; sharedFolderData.FolderId = folderId; sharedFolderData.SharingUrl = this.GetSharingUrl(aduser, frontEndLocator); sharedFolderData.FederationUri = this.externalAuthentication.TokenValidator.TargetUri.ToString(); sharedFolderData.SenderSmtpAddress = sender; DelegationTokenRequest delegationTokenRequest = new DelegationTokenRequest { FederatedIdentity = aduser.GetFederatedIdentity(), EmailAddress = aduser.GetFederatedSmtpAddress(new SmtpAddress(sender)).ToString(), Offer = Offer.SharingInviteMessage }; SecurityTokenService securityTokenService = this.externalAuthentication.GetSecurityTokenService(aduser.OrganizationId); foreach (KeyValuePair <TokenTarget, List <SharedFolderDataRecipient> > keyValuePair in dictionary) { delegationTokenRequest.Target = keyValuePair.Key; sharedFolderData.Recipients = keyValuePair.Value.ToArray(); try { RequestedToken requestedToken = securityTokenService.IssueToken(delegationTokenRequest); list3.Add(this.Encrypt(requestedToken, sharedFolderData)); } catch (WSTrustException ex) { foreach (SharedFolderDataRecipient sharedFolderDataRecipient in sharedFolderData.Recipients) { list.Add(new InvalidRecipient(sharedFolderDataRecipient.SmtpAddress, SharedFolderDataEncryption.GetResponseCodeFromException(ex), ex.ToString())); } } } return(new EncryptionResults(list3.ToArray(), list.ToArray())); }