internal static List <ChainValidityStatus> ValidateCertificates(List <string> trustedCertificateList, List <string> certificateChainList, List <string> certificateList, bool checkCRL, int hashCodeForTracing, MailboxLogger mailboxLogger, bool againstADConfiguration, string organizationId)
{
X509Store trustedStore = CertificateManager.AddChainCertsToStore(trustedCertificateList, hashCodeForTracing);
X509Store chainBuildStore = CertificateManager.AddChainCertsToStore(certificateChainList, hashCodeForTracing);
List <ChainValidityStatus> list = new List <ChainValidityStatus>(certificateList.Count);
foreach (string text in certificateList)
{
ChainContext chainContext = null;
try
{
X509Certificate2 certificate = new X509Certificate2(Convert.FromBase64String(text));
ChainValidityStatus item = X509CertificateCollection.ValidateCertificate(certificate, null, X509KeyUsageFlags.NonRepudiation | X509KeyUsageFlags.DigitalSignature, checkCRL, trustedStore, chainBuildStore, ref chainContext, againstADConfiguration, organizationId);
list.Add(item);
}
catch (CryptographicException ex)
{
if (mailboxLogger != null)
{
mailboxLogger.SetData(MailboxLogDataName.ValidateCertCommand_ProcessCommand_Per_Cert_Exception, ex.ToString());
}
AirSyncDiagnostics.TraceError <string, CryptographicException>(ExTraceGlobals.RequestTracer, null, "Failed to validate certificate: '{0}', Error: '{1}'", text, ex);
list.Add((ChainValidityStatus)2148098052U);
}
finally
{
if (chainContext != null)
{
chainContext.Dispose();
}
}
}
return(list);
}
// Token: 0x06001C2A RID: 7210 RVA: 0x0006F4BC File Offset: 0x0006D6BC
public ChainValidityStatus ValidateCertificate(X509Certificate2 certificate, bool isSend)
{
this.response.PolicyFlag = 0U;
this.response.ChainData = null;
ChainContext chainContext = null;
ChainValidityStatus chainValidityStatus;
try
{
X509KeyUsageFlags expectedUsage = X509KeyUsageFlags.NonRepudiation | X509KeyUsageFlags.DigitalSignature;
bool checkCRLOnSend = this.smimeAdminOptions.CheckCRLOnSend;
bool disableCRLCheck = this.smimeAdminOptions.DisableCRLCheck;
uint crlconnectionTimeout = this.smimeAdminOptions.CRLConnectionTimeout;
uint crlretrievalTimeout = this.smimeAdminOptions.CRLRetrievalTimeout;
bool flag = disableCRLCheck || (isSend && !checkCRLOnSend);
if (string.IsNullOrEmpty(this.smimeAdminOptions.SMIMECertificateIssuingCAFull))
{
bool enabled = VariantConfiguration.GetSnapshot(MachineSettingsContext.Local, null, null).Global.MultiTenancy.Enabled;
if (enabled)
{
chainValidityStatus = (ChainValidityStatus)2148204809U;
this.response.PolicyFlag = 65536U;
}
else
{
chainValidityStatus = X509CertificateCollection.ValidateCertificate(certificate, null, expectedUsage, !flag, null, null, TimeSpan.FromMilliseconds(crlconnectionTimeout), TimeSpan.FromMilliseconds(crlretrievalTimeout), ref chainContext, false, null);
this.response.PolicyFlag = (uint)this.MapChainStatusToChainFlag(chainValidityStatus);
}
}
else
{
X509Store x509Store = CertificateStore.Open(StoreType.Memory, null, OpenFlags.ReadWrite);
X509Certificate2Collection x509Certificate2Collection = new X509Certificate2Collection();
x509Certificate2Collection.Import(Convert.FromBase64String(this.smimeAdminOptions.SMIMECertificateIssuingCAFull));
x509Store.AddRange(x509Certificate2Collection);
chainValidityStatus = X509CertificateCollection.ValidateCertificate(certificate, null, expectedUsage, !flag, x509Store, null, TimeSpan.FromMilliseconds(crlconnectionTimeout), TimeSpan.FromMilliseconds(crlretrievalTimeout), ref chainContext, true, base.CallContext.AccessingPrincipal.MailboxInfo.OrganizationId.ToString());
this.response.PolicyFlag = (uint)this.MapChainStatusToChainFlag(chainValidityStatus);
}
if (!isSend)
{
this.response.DisplayedId = this.GetIdFromCertificate(certificate);
if (this.response.DisplayedId == null)
{
chainValidityStatus = ChainValidityStatus.SubjectMismatch;
}
this.response.DisplayName = X509PartialCertificate.GetDisplayName(certificate);
this.response.Issuer = this.GetIssuerDisplayNameFromCertificate(certificate);
}
}
finally
{
if (chainContext != null)
{
chainContext.Dispose();
}
}
this.response.ChainValidityStatus = (uint)chainValidityStatus;
return(chainValidityStatus);
}