private static HashSet <string> GetCertificatesThumbprint()
{
IEnumerable <FederationTrust> federationTrusts = FederationTrustCache.GetFederationTrusts();
HashSet <string> hashSet = new HashSet <string>();
foreach (FederationTrust federationTrust in federationTrusts)
{
if (federationTrust.OrgPrivCertificate != null)
{
hashSet.Add(federationTrust.OrgPrivCertificate);
}
if (federationTrust.OrgPrevPrivCertificate != null)
{
hashSet.Add(federationTrust.OrgPrevPrivCertificate);
}
if (federationTrust.TokenIssuerCertificate != null)
{
hashSet.Add(federationTrust.TokenIssuerCertificate.Thumbprint);
}
if (federationTrust.TokenIssuerPrevCertificate != null)
{
hashSet.Add(federationTrust.TokenIssuerPrevCertificate.Thumbprint);
}
}
return(hashSet);
}
internal static void AddEndpointEnabledHeaders(HttpResponse response)
{
if (AutodiscoverEwsWebConfiguration.SoapEndpointEnabled)
{
response.AddHeader("X-SOAP-Enabled", bool.TrueString);
}
response.AddHeader("X-WSSecurity-Enabled", AutodiscoverEwsWebConfiguration.WsSecurityEndpointEnabled ? bool.TrueString : bool.FalseString);
string value;
if ((HttpProxyGlobals.IsPartnerHostedOnly || VariantConfiguration.InvariantNoFlightingSnapshot.Autodiscover.WsSecurityEndpoint.Enabled) && AutodiscoverEwsWebConfiguration.WsSecurityEndpointEnabled)
{
value = "Logon";
}
else
{
value = "None";
}
response.AddHeader("X-WSSecurity-For", value);
FederationTrust federationTrust = FederationTrustCache.GetFederationTrust("MicrosoftOnline");
if (federationTrust != null)
{
response.AddHeader("X-FederationTrustTokenIssuerUri", federationTrust.TokenIssuerUri.ToString());
}
if (AutodiscoverEwsWebConfiguration.WsSecuritySymmetricKeyEndpointEnabled)
{
response.AddHeader("X-WSSecurity-SymmetricKey-Enabled", bool.TrueString);
}
if (AutodiscoverEwsWebConfiguration.WsSecurityX509CertEndpointEnabled)
{
response.AddHeader("X-WSSecurity-X509Cert-Enabled", bool.TrueString);
}
HttpApplication applicationInstance = HttpContext.Current.ApplicationInstance;
IHttpModule httpModule = applicationInstance.Modules["OAuthAuthModule"];
response.AddHeader("X-OAuth-Enabled", (httpModule != null) ? bool.TrueString : bool.FalseString);
}
protected void AddEndpointEnabledHeaders(HttpResponse response)
{
if (AutodiscoverDiscoveryHttpHandler.webConfiguration.Member.SoapEndpointEnabled)
{
response.AddHeader("X-SOAP-Enabled", bool.TrueString);
}
response.AddHeader("X-WSSecurity-Enabled", AutodiscoverDiscoveryHttpHandler.webConfiguration.Member.WsSecurityEndpointEnabled ? bool.TrueString : bool.FalseString);
response.AddHeader("X-WSSecurity-For", (VariantConfiguration.InvariantNoFlightingSnapshot.Autodiscover.WsSecurityEndpoint.Enabled && AutodiscoverDiscoveryHttpHandler.webConfiguration.Member.WsSecurityEndpointEnabled) ? "Logon" : "None");
FederationTrust federationTrust = FederationTrustCache.GetFederationTrust("MicrosoftOnline");
if (federationTrust != null)
{
response.AddHeader("X-FederationTrustTokenIssuerUri", federationTrust.TokenIssuerUri.ToString());
}
if (AutodiscoverDiscoveryHttpHandler.webConfiguration.Member.WsSecuritySymmetricKeyEndpointEnabled)
{
response.AddHeader("X-WSSecurity-SymmetricKey-Enabled", bool.TrueString);
}
if (AutodiscoverDiscoveryHttpHandler.webConfiguration.Member.WsSecurityX509CertEndpointEnabled)
{
response.AddHeader("X-WSSecurity-X509Cert-Enabled", bool.TrueString);
}
response.AddHeader("X-OAuth-Enabled", AutodiscoverDiscoveryHttpHandler.webConfiguration.Member.OAuthEndpointEnabled ? bool.TrueString : bool.FalseString);
}
private static ExternalAuthentication CreateExternalAuthentication()
{
ExternalAuthentication.InitializeNotificationsIfNeeded();
ExternalAuthentication.ConfigurationTracer.TraceDebug(0L, "Searching for federation trust configuration in AD");
WebProxy webProxy = null;
Server localServer = LocalServerCache.LocalServer;
Uri uri = null;
if (localServer != null && localServer.InternetWebProxy != null)
{
ExternalAuthentication.ConfigurationTracer.TraceDebug <Uri>(0L, "Using custom InternetWebProxy {0}.", localServer.InternetWebProxy);
uri = localServer.InternetWebProxy;
webProxy = new WebProxy(localServer.InternetWebProxy);
}
ExternalAuthentication.currentWebProxy = uri;
IEnumerable <FederationTrust> enumerable = null;
try
{
enumerable = FederationTrustCache.GetFederationTrusts();
}
catch (LocalizedException arg)
{
ExternalAuthentication.ConfigurationTracer.TraceError <LocalizedException>(0L, "Unable to get federation trust. Exception: {0}", arg);
return(new ExternalAuthentication(ExternalAuthentication.ExternalAuthenticationFailureType.ErrorReadingFederationTrust, ExternalAuthentication.ExternalAuthenticationSubFailureType.DirectoryReadError));
}
Uri uri2 = null;
List <X509Certificate2> list = new List <X509Certificate2>(4);
List <X509Certificate2> list2 = new List <X509Certificate2>(4);
Dictionary <ADObjectId, SecurityTokenService> dictionary = new Dictionary <ADObjectId, SecurityTokenService>(2);
ExternalAuthentication.ExternalAuthenticationFailureType externalAuthenticationFailureType = ExternalAuthentication.ExternalAuthenticationFailureType.NoFederationTrust;
ExternalAuthentication.ExternalAuthenticationSubFailureType externalAuthenticationSubFailureType = ExternalAuthentication.ExternalAuthenticationSubFailureType.NoFailure;
int num = 0;
bool flag = false;
if (enumerable != null)
{
foreach (FederationTrust federationTrust in enumerable)
{
num++;
ExternalAuthentication.FederationTrustResults federationTrustResults = ExternalAuthentication.TryCreateSecurityTokenService(federationTrust, webProxy);
if (federationTrustResults.FailureType == ExternalAuthentication.ExternalAuthenticationFailureType.NoFailure)
{
dictionary.Add(federationTrust.Id, federationTrustResults.SecurityTokenService);
list.AddRange(federationTrustResults.TokenSignatureCertificates);
list2.AddRange(federationTrustResults.TokenDecryptionCertificates);
if (uri2 == null)
{
uri2 = federationTrust.ApplicationUri;
ExternalAuthentication.ConfigurationTracer.TraceDebug <Uri>(0L, "Using {0} as applicationUri", uri2);
}
else if (!federationTrust.ApplicationUri.Equals(uri2))
{
ExternalAuthentication.ConfigurationTracer.TraceError <Uri>(0L, "Cannot have multiple FederationTrust with different ApplicationUri values: {0}. Uri will be ignored", federationTrust.ApplicationUri);
flag = true;
}
}
else
{
externalAuthenticationFailureType = federationTrustResults.FailureType;
externalAuthenticationSubFailureType = federationTrustResults.SubFailureType;
}
}
}
if (dictionary.Count == 0)
{
return(new ExternalAuthentication(externalAuthenticationFailureType, externalAuthenticationSubFailureType));
}
if (dictionary.Count != num)
{
ExternalAuthentication.ConfigurationTracer.TraceError <string, string>(0L, "Number of Security Token Service clients {0} does not match number of federation trusts {1}", dictionary.Count.ToString(), num.ToString());
}
TokenValidator tokenValidator = new TokenValidator(uri2, list, list2);
List <X509Certificate2> list3 = new List <X509Certificate2>(list.Count + list2.Count);
list3.AddRange(list);
list3.AddRange(list2);
if (flag)
{
return(new ExternalAuthentication(dictionary, tokenValidator, list3, uri2, ExternalAuthentication.ExternalAuthenticationFailureType.NoFailure, ExternalAuthentication.ExternalAuthenticationSubFailureType.WarningApplicationUriSkipped));
}
return(new ExternalAuthentication(dictionary, tokenValidator, list3, uri2));
}
internal static void Initialize()
{
LocalServerCache.Initialize();
FederationTrustCache.Initialize();
ExternalAuthentication.instance = null;
}
