private bool ProcessPartnerApplication(PartnerApplication partnerApplication) { bool result = false; AuthMetadata authMetadata = this.FetchMetadata(partnerApplication.Name, partnerApplication.AuthMetadataUrl, false); if (authMetadata == null) { return(false); } if (!OAuthCommon.IsIdMatch(partnerApplication.ApplicationIdentifier, authMetadata.ServiceName) || !OAuthCommon.IsRealmMatchIncludingEmpty(partnerApplication.Realm, authMetadata.Realm) || !string.Equals(partnerApplication.IssuerIdentifier, authMetadata.Issuer)) { this.Context.Logger.LogTerseEvent(MigrationEventType.Error, MSExchangeAuthAdminEventLogConstants.Tuple_InvalidTrustedIssuerChanges, new string[] { partnerApplication.Name, partnerApplication.AuthMetadataUrl }); return(false); } MultiValuedProperty <byte[]> multiValuedProperty = null; if (this.ProcessCertificates(partnerApplication.Name, partnerApplication.CertificateBytes, authMetadata.CertificateStrings, out multiValuedProperty) && multiValuedProperty != null) { result = true; partnerApplication.CertificateBytes = multiValuedProperty; } return(result); }
public static void FetchAuthMetadata(AuthServer authServer, bool trustSslCert, bool updateIdRealm, Task.TaskWarningLoggingDelegate writeWarning, Task.TaskErrorLoggingDelegate writeError) { if (authServer == null) { throw new ArgumentNullException("authServer"); } if (writeWarning == null) { throw new ArgumentNullException("writeWarning"); } if (writeError == null) { throw new ArgumentNullException("writeError"); } AuthMetadata authMetadata = OAuthTaskHelper.FetchAuthMetadata(authServer.AuthMetadataUrl, trustSslCert, true, writeWarning, writeError); AuthMetadataParser.SetEndpointsIfWSFed(authMetadata, authServer.Type, authServer.AuthMetadataUrl); if (updateIdRealm) { authServer.IssuerIdentifier = authMetadata.ServiceName; authServer.Realm = authMetadata.Realm; } else if (!OAuthCommon.IsIdMatch(authServer.IssuerIdentifier, authMetadata.ServiceName) || !OAuthCommon.IsRealmMatchIncludingEmpty(authServer.Realm, authMetadata.Realm)) { writeError(new TaskException(Strings.ErrorPidRealmDifferentFromMetadata(authMetadata.ServiceName, authMetadata.Realm, authServer.IssuerIdentifier, authServer.Realm)), ErrorCategory.InvalidData, null); } authServer.CertificateBytes = OAuthTaskHelper.InternalCertificateFromBase64String(authMetadata.CertificateStrings, writeError); authServer.TokenIssuingEndpoint = authMetadata.IssuingEndpoint; authServer.AuthorizationEndpoint = authMetadata.AuthorizationEndpoint; }
public static void FetchAuthMetadata(PartnerApplication partnerApplication, bool trustSslCert, bool updatePidOrRealmOrIssuer, Task.TaskWarningLoggingDelegate writeWarning, Task.TaskErrorLoggingDelegate writeError) { if (partnerApplication == null) { throw new ArgumentNullException("partnerApplication"); } if (writeWarning == null) { throw new ArgumentNullException("writeWarning"); } if (writeError == null) { throw new ArgumentNullException("writeError"); } AuthMetadata authMetadata = OAuthTaskHelper.FetchAuthMetadata(partnerApplication.AuthMetadataUrl, trustSslCert, false, writeWarning, writeError); if (updatePidOrRealmOrIssuer) { partnerApplication.ApplicationIdentifier = authMetadata.ServiceName; partnerApplication.IssuerIdentifier = authMetadata.Issuer; partnerApplication.Realm = authMetadata.Realm; } else if (!OAuthCommon.IsIdMatch(partnerApplication.ApplicationIdentifier, authMetadata.ServiceName) || !OAuthCommon.IsRealmMatchIncludingEmpty(partnerApplication.Realm, authMetadata.Realm) || !string.Equals(partnerApplication.IssuerIdentifier, authMetadata.Issuer)) { writeError(new TaskException(Strings.ErrorPidRealmIssuerDifferentFromMetadata(authMetadata.ServiceName, authMetadata.Realm, authMetadata.Issuer, partnerApplication.ApplicationIdentifier, partnerApplication.Realm, partnerApplication.IssuerIdentifier)), ErrorCategory.InvalidData, null); } partnerApplication.CertificateBytes = OAuthTaskHelper.InternalCertificateFromBase64String(authMetadata.CertificateStrings, writeError); }
public static void ValidateApplicationRealmAndUniqueness(PartnerApplication partnerApplication, IConfigurationSession configSession, Task.TaskErrorLoggingDelegate writeError) { if (partnerApplication == null) { throw new ArgumentNullException("partnerApplication"); } if (configSession == null) { throw new ArgumentNullException("configSession"); } if (writeError == null) { throw new ArgumentNullException("writeError"); } if (!partnerApplication.IsModified(PartnerApplicationSchema.ApplicationIdentifier) && !partnerApplication.IsModified(PartnerApplicationSchema.Realm) && !partnerApplication.IsModified(PartnerApplicationSchema.IssuerIdentifier)) { return; } if (OAuthCommon.IsRealmEmpty(partnerApplication.Realm) && !partnerApplication.UseAuthServer) { writeError(new TaskException(Strings.ErrorPartnerApplicationEmptyRealmWhenNotUseAuthServer), ErrorCategory.InvalidArgument, null); } ADObjectId containerId = PartnerApplication.GetContainerId(configSession); PartnerApplication[] source = configSession.Find <PartnerApplication>(containerId, QueryScope.OneLevel, new ComparisonFilter(ComparisonOperator.Equal, PartnerApplicationSchema.ApplicationIdentifier, partnerApplication.ApplicationIdentifier), null, ADGenericPagedReader <PartnerApplication> .DefaultPageSize); PartnerApplication partnerApplication2 = source.FirstOrDefault((PartnerApplication existingApp) => (OAuthCommon.IsRealmEmpty(partnerApplication.Realm) ? OAuthCommon.IsRealmEmpty(existingApp.Realm) : OAuthCommon.IsRealmMatch(existingApp.Realm, partnerApplication.Realm)) && !existingApp.Id.Equals(partnerApplication.Id)); if (partnerApplication2 != null) { writeError(new TaskException(Strings.ErrorDuplicatePartnerApplication(partnerApplication2.Id.ToString())), ErrorCategory.InvalidArgument, null); } if (!string.IsNullOrEmpty(partnerApplication.IssuerIdentifier)) { PartnerApplication partnerApplication3 = null; foreach (PartnerApplication partnerApplication4 in configSession.FindPaged <PartnerApplication>(containerId, QueryScope.OneLevel, null, null, ADGenericPagedReader <PartnerApplication> .DefaultPageSize)) { if (partnerApplication4.IssuerIdentifier == partnerApplication.IssuerIdentifier && !partnerApplication4.Id.Equals(partnerApplication.Id)) { partnerApplication3 = partnerApplication4; break; } } if (partnerApplication3 != null) { writeError(new TaskException(Strings.ErrorDuplicatePartnerApplication(partnerApplication3.Id.ToString())), ErrorCategory.InvalidArgument, null); } } }
private bool ProcessAuthServer(AuthServer authServer) { bool result = false; AuthMetadata authMetadata = this.FetchMetadata(authServer.Name, authServer.AuthMetadataUrl, true); if (authMetadata == null) { return(false); } AuthMetadataParser.SetEndpointsIfWSFed(authMetadata, authServer.Type, authServer.AuthMetadataUrl); if (!OAuthCommon.IsIdMatch(authServer.IssuerIdentifier, authMetadata.ServiceName) || !OAuthCommon.IsRealmMatchIncludingEmpty(authServer.Realm, authMetadata.Realm) || string.IsNullOrEmpty(authMetadata.IssuingEndpoint) || ((authServer.Type == AuthServerType.AzureAD || authServer.Type == AuthServerType.ADFS) && string.IsNullOrEmpty(authMetadata.AuthorizationEndpoint))) { this.Context.Logger.LogTerseEvent(MigrationEventType.Error, MSExchangeAuthAdminEventLogConstants.Tuple_InvalidTrustedIssuerChanges, new string[] { authServer.Name, authServer.AuthMetadataUrl }); return(false); } if (string.Compare(authServer.TokenIssuingEndpoint, authMetadata.IssuingEndpoint, StringComparison.OrdinalIgnoreCase) != 0) { result = true; authServer.TokenIssuingEndpoint = authMetadata.IssuingEndpoint; } if ((authServer.Type == AuthServerType.AzureAD || authServer.Type == AuthServerType.ADFS) && string.Compare(authServer.AuthorizationEndpoint, authMetadata.AuthorizationEndpoint, StringComparison.OrdinalIgnoreCase) != 0) { result = true; authServer.AuthorizationEndpoint = authMetadata.AuthorizationEndpoint; } MultiValuedProperty <byte[]> multiValuedProperty = null; if (this.ProcessCertificates(authServer.Name, authServer.CertificateBytes, authMetadata.CertificateStrings, out multiValuedProperty) && multiValuedProperty != null) { result = true; authServer.CertificateBytes = multiValuedProperty; } return(result); }
public static void ValidateAuthServerRealmAndUniqueness(AuthServer authServer, IConfigurationSession configSession, Task.TaskErrorLoggingDelegate writeError) { if (authServer == null) { throw new ArgumentNullException("authServer"); } if (configSession == null) { throw new ArgumentNullException("configSession"); } if (writeError == null) { throw new ArgumentNullException("writeError"); } if (!authServer.IsModified(AuthServerSchema.IssuerIdentifier) && !authServer.IsModified(AuthServerSchema.Realm)) { return; } bool flag = OAuthCommon.IsRealmEmpty(authServer.Realm); bool flag2 = false; if (authServer.Type == AuthServerType.MicrosoftACS || authServer.Type == AuthServerType.AzureAD) { Guid guid; if (!OAuthTaskHelper.IsMultiTenancyEnabled) { if (flag || !Guid.TryParse(authServer.Realm, out guid)) { flag2 = true; } } else if (!flag && !Guid.TryParse(authServer.Realm, out guid)) { flag2 = true; } } if (flag2) { writeError(new TaskException(Strings.ErrorInvalidAuthServerRealm(authServer.Realm)), ErrorCategory.InvalidArgument, null); } ADObjectId containerId = AuthServer.GetContainerId(configSession); AuthServer[] array = configSession.Find <AuthServer>(containerId, QueryScope.OneLevel, null, null, ADGenericPagedReader <AuthServer> .DefaultPageSize); if (array == null || array.Length == 0) { return; } AuthServer authServer2 = array.FirstOrDefault((AuthServer existingAuthServer) => string.Equals(existingAuthServer.IssuerIdentifier, authServer.IssuerIdentifier, StringComparison.OrdinalIgnoreCase) && existingAuthServer.Type == authServer.Type && OAuthCommon.IsRealmMatchIncludingEmpty(existingAuthServer.Realm, authServer.Realm) && !existingAuthServer.Id.Equals(authServer.Id)); if (authServer2 != null) { writeError(new TaskException(Strings.ErrorDuplicateAuthServer(authServer2.Id.ToString())), ErrorCategory.InvalidArgument, null); } if (authServer.Type != AuthServerType.MicrosoftACS && authServer.Type != AuthServerType.AzureAD) { return; } authServer2 = array.FirstOrDefault((AuthServer existingAuthServer) => existingAuthServer.Type == authServer.Type && OAuthCommon.IsRealmMatchIncludingEmpty(existingAuthServer.Realm, authServer.Realm) && string.Equals(existingAuthServer.IssuerIdentifier, authServer.IssuerIdentifier, StringComparison.OrdinalIgnoreCase) && !existingAuthServer.Id.Equals(authServer.Id)); if (authServer2 != null) { writeError(new TaskException(flag ? Strings.ErrorExistingAuthServerWithEmptyRealm(authServer2.Id.ToString()) : Strings.ErrorExistingAuthServerWithSameRealm(authServer2.Id.ToString(), authServer.Realm)), ErrorCategory.InvalidArgument, null); } }