private bool ProcessPartnerApplication(PartnerApplication partnerApplication)
{
bool result = false;
AuthMetadata authMetadata = this.FetchMetadata(partnerApplication.Name, partnerApplication.AuthMetadataUrl, false);
if (authMetadata == null)
{
return(false);
}
if (!OAuthCommon.IsIdMatch(partnerApplication.ApplicationIdentifier, authMetadata.ServiceName) || !OAuthCommon.IsRealmMatchIncludingEmpty(partnerApplication.Realm, authMetadata.Realm) || !string.Equals(partnerApplication.IssuerIdentifier, authMetadata.Issuer))
{
this.Context.Logger.LogTerseEvent(MigrationEventType.Error, MSExchangeAuthAdminEventLogConstants.Tuple_InvalidTrustedIssuerChanges, new string[]
{
partnerApplication.Name,
partnerApplication.AuthMetadataUrl
});
return(false);
}
MultiValuedProperty <byte[]> multiValuedProperty = null;
if (this.ProcessCertificates(partnerApplication.Name, partnerApplication.CertificateBytes, authMetadata.CertificateStrings, out multiValuedProperty) && multiValuedProperty != null)
{
result = true;
partnerApplication.CertificateBytes = multiValuedProperty;
}
return(result);
}
public static void FetchAuthMetadata(AuthServer authServer, bool trustSslCert, bool updateIdRealm, Task.TaskWarningLoggingDelegate writeWarning, Task.TaskErrorLoggingDelegate writeError)
{
if (authServer == null)
{
throw new ArgumentNullException("authServer");
}
if (writeWarning == null)
{
throw new ArgumentNullException("writeWarning");
}
if (writeError == null)
{
throw new ArgumentNullException("writeError");
}
AuthMetadata authMetadata = OAuthTaskHelper.FetchAuthMetadata(authServer.AuthMetadataUrl, trustSslCert, true, writeWarning, writeError);
AuthMetadataParser.SetEndpointsIfWSFed(authMetadata, authServer.Type, authServer.AuthMetadataUrl);
if (updateIdRealm)
{
authServer.IssuerIdentifier = authMetadata.ServiceName;
authServer.Realm = authMetadata.Realm;
}
else if (!OAuthCommon.IsIdMatch(authServer.IssuerIdentifier, authMetadata.ServiceName) || !OAuthCommon.IsRealmMatchIncludingEmpty(authServer.Realm, authMetadata.Realm))
{
writeError(new TaskException(Strings.ErrorPidRealmDifferentFromMetadata(authMetadata.ServiceName, authMetadata.Realm, authServer.IssuerIdentifier, authServer.Realm)), ErrorCategory.InvalidData, null);
}
authServer.CertificateBytes = OAuthTaskHelper.InternalCertificateFromBase64String(authMetadata.CertificateStrings, writeError);
authServer.TokenIssuingEndpoint = authMetadata.IssuingEndpoint;
authServer.AuthorizationEndpoint = authMetadata.AuthorizationEndpoint;
}
public static void FetchAuthMetadata(PartnerApplication partnerApplication, bool trustSslCert, bool updatePidOrRealmOrIssuer, Task.TaskWarningLoggingDelegate writeWarning, Task.TaskErrorLoggingDelegate writeError)
{
if (partnerApplication == null)
{
throw new ArgumentNullException("partnerApplication");
}
if (writeWarning == null)
{
throw new ArgumentNullException("writeWarning");
}
if (writeError == null)
{
throw new ArgumentNullException("writeError");
}
AuthMetadata authMetadata = OAuthTaskHelper.FetchAuthMetadata(partnerApplication.AuthMetadataUrl, trustSslCert, false, writeWarning, writeError);
if (updatePidOrRealmOrIssuer)
{
partnerApplication.ApplicationIdentifier = authMetadata.ServiceName;
partnerApplication.IssuerIdentifier = authMetadata.Issuer;
partnerApplication.Realm = authMetadata.Realm;
}
else if (!OAuthCommon.IsIdMatch(partnerApplication.ApplicationIdentifier, authMetadata.ServiceName) || !OAuthCommon.IsRealmMatchIncludingEmpty(partnerApplication.Realm, authMetadata.Realm) || !string.Equals(partnerApplication.IssuerIdentifier, authMetadata.Issuer))
{
writeError(new TaskException(Strings.ErrorPidRealmIssuerDifferentFromMetadata(authMetadata.ServiceName, authMetadata.Realm, authMetadata.Issuer, partnerApplication.ApplicationIdentifier, partnerApplication.Realm, partnerApplication.IssuerIdentifier)), ErrorCategory.InvalidData, null);
}
partnerApplication.CertificateBytes = OAuthTaskHelper.InternalCertificateFromBase64String(authMetadata.CertificateStrings, writeError);
}
public static void ValidateApplicationRealmAndUniqueness(PartnerApplication partnerApplication, IConfigurationSession configSession, Task.TaskErrorLoggingDelegate writeError)
{
if (partnerApplication == null)
{
throw new ArgumentNullException("partnerApplication");
}
if (configSession == null)
{
throw new ArgumentNullException("configSession");
}
if (writeError == null)
{
throw new ArgumentNullException("writeError");
}
if (!partnerApplication.IsModified(PartnerApplicationSchema.ApplicationIdentifier) && !partnerApplication.IsModified(PartnerApplicationSchema.Realm) && !partnerApplication.IsModified(PartnerApplicationSchema.IssuerIdentifier))
{
return;
}
if (OAuthCommon.IsRealmEmpty(partnerApplication.Realm) && !partnerApplication.UseAuthServer)
{
writeError(new TaskException(Strings.ErrorPartnerApplicationEmptyRealmWhenNotUseAuthServer), ErrorCategory.InvalidArgument, null);
}
ADObjectId containerId = PartnerApplication.GetContainerId(configSession);
PartnerApplication[] source = configSession.Find <PartnerApplication>(containerId, QueryScope.OneLevel, new ComparisonFilter(ComparisonOperator.Equal, PartnerApplicationSchema.ApplicationIdentifier, partnerApplication.ApplicationIdentifier), null, ADGenericPagedReader <PartnerApplication> .DefaultPageSize);
PartnerApplication partnerApplication2 = source.FirstOrDefault((PartnerApplication existingApp) => (OAuthCommon.IsRealmEmpty(partnerApplication.Realm) ? OAuthCommon.IsRealmEmpty(existingApp.Realm) : OAuthCommon.IsRealmMatch(existingApp.Realm, partnerApplication.Realm)) && !existingApp.Id.Equals(partnerApplication.Id));
if (partnerApplication2 != null)
{
writeError(new TaskException(Strings.ErrorDuplicatePartnerApplication(partnerApplication2.Id.ToString())), ErrorCategory.InvalidArgument, null);
}
if (!string.IsNullOrEmpty(partnerApplication.IssuerIdentifier))
{
PartnerApplication partnerApplication3 = null;
foreach (PartnerApplication partnerApplication4 in configSession.FindPaged <PartnerApplication>(containerId, QueryScope.OneLevel, null, null, ADGenericPagedReader <PartnerApplication> .DefaultPageSize))
{
if (partnerApplication4.IssuerIdentifier == partnerApplication.IssuerIdentifier && !partnerApplication4.Id.Equals(partnerApplication.Id))
{
partnerApplication3 = partnerApplication4;
break;
}
}
if (partnerApplication3 != null)
{
writeError(new TaskException(Strings.ErrorDuplicatePartnerApplication(partnerApplication3.Id.ToString())), ErrorCategory.InvalidArgument, null);
}
}
}
private bool ProcessAuthServer(AuthServer authServer)
{
bool result = false;
AuthMetadata authMetadata = this.FetchMetadata(authServer.Name, authServer.AuthMetadataUrl, true);
if (authMetadata == null)
{
return(false);
}
AuthMetadataParser.SetEndpointsIfWSFed(authMetadata, authServer.Type, authServer.AuthMetadataUrl);
if (!OAuthCommon.IsIdMatch(authServer.IssuerIdentifier, authMetadata.ServiceName) || !OAuthCommon.IsRealmMatchIncludingEmpty(authServer.Realm, authMetadata.Realm) || string.IsNullOrEmpty(authMetadata.IssuingEndpoint) || ((authServer.Type == AuthServerType.AzureAD || authServer.Type == AuthServerType.ADFS) && string.IsNullOrEmpty(authMetadata.AuthorizationEndpoint)))
{
this.Context.Logger.LogTerseEvent(MigrationEventType.Error, MSExchangeAuthAdminEventLogConstants.Tuple_InvalidTrustedIssuerChanges, new string[]
{
authServer.Name,
authServer.AuthMetadataUrl
});
return(false);
}
if (string.Compare(authServer.TokenIssuingEndpoint, authMetadata.IssuingEndpoint, StringComparison.OrdinalIgnoreCase) != 0)
{
result = true;
authServer.TokenIssuingEndpoint = authMetadata.IssuingEndpoint;
}
if ((authServer.Type == AuthServerType.AzureAD || authServer.Type == AuthServerType.ADFS) && string.Compare(authServer.AuthorizationEndpoint, authMetadata.AuthorizationEndpoint, StringComparison.OrdinalIgnoreCase) != 0)
{
result = true;
authServer.AuthorizationEndpoint = authMetadata.AuthorizationEndpoint;
}
MultiValuedProperty <byte[]> multiValuedProperty = null;
if (this.ProcessCertificates(authServer.Name, authServer.CertificateBytes, authMetadata.CertificateStrings, out multiValuedProperty) && multiValuedProperty != null)
{
result = true;
authServer.CertificateBytes = multiValuedProperty;
}
return(result);
}
public static void ValidateAuthServerRealmAndUniqueness(AuthServer authServer, IConfigurationSession configSession, Task.TaskErrorLoggingDelegate writeError)
{
if (authServer == null)
{
throw new ArgumentNullException("authServer");
}
if (configSession == null)
{
throw new ArgumentNullException("configSession");
}
if (writeError == null)
{
throw new ArgumentNullException("writeError");
}
if (!authServer.IsModified(AuthServerSchema.IssuerIdentifier) && !authServer.IsModified(AuthServerSchema.Realm))
{
return;
}
bool flag = OAuthCommon.IsRealmEmpty(authServer.Realm);
bool flag2 = false;
if (authServer.Type == AuthServerType.MicrosoftACS || authServer.Type == AuthServerType.AzureAD)
{
Guid guid;
if (!OAuthTaskHelper.IsMultiTenancyEnabled)
{
if (flag || !Guid.TryParse(authServer.Realm, out guid))
{
flag2 = true;
}
}
else if (!flag && !Guid.TryParse(authServer.Realm, out guid))
{
flag2 = true;
}
}
if (flag2)
{
writeError(new TaskException(Strings.ErrorInvalidAuthServerRealm(authServer.Realm)), ErrorCategory.InvalidArgument, null);
}
ADObjectId containerId = AuthServer.GetContainerId(configSession);
AuthServer[] array = configSession.Find <AuthServer>(containerId, QueryScope.OneLevel, null, null, ADGenericPagedReader <AuthServer> .DefaultPageSize);
if (array == null || array.Length == 0)
{
return;
}
AuthServer authServer2 = array.FirstOrDefault((AuthServer existingAuthServer) => string.Equals(existingAuthServer.IssuerIdentifier, authServer.IssuerIdentifier, StringComparison.OrdinalIgnoreCase) && existingAuthServer.Type == authServer.Type && OAuthCommon.IsRealmMatchIncludingEmpty(existingAuthServer.Realm, authServer.Realm) && !existingAuthServer.Id.Equals(authServer.Id));
if (authServer2 != null)
{
writeError(new TaskException(Strings.ErrorDuplicateAuthServer(authServer2.Id.ToString())), ErrorCategory.InvalidArgument, null);
}
if (authServer.Type != AuthServerType.MicrosoftACS && authServer.Type != AuthServerType.AzureAD)
{
return;
}
authServer2 = array.FirstOrDefault((AuthServer existingAuthServer) => existingAuthServer.Type == authServer.Type && OAuthCommon.IsRealmMatchIncludingEmpty(existingAuthServer.Realm, authServer.Realm) && string.Equals(existingAuthServer.IssuerIdentifier, authServer.IssuerIdentifier, StringComparison.OrdinalIgnoreCase) && !existingAuthServer.Id.Equals(authServer.Id));
if (authServer2 != null)
{
writeError(new TaskException(flag ? Strings.ErrorExistingAuthServerWithEmptyRealm(authServer2.Id.ToString()) : Strings.ErrorExistingAuthServerWithSameRealm(authServer2.Id.ToString(), authServer.Realm)), ErrorCategory.InvalidArgument, null);
}
}
