private bool ProcessPartnerApplication(PartnerApplication partnerApplication)
{
bool result = false;
AuthMetadata authMetadata = this.FetchMetadata(partnerApplication.Name, partnerApplication.AuthMetadataUrl, false);
if (authMetadata == null)
{
return(false);
}
if (!OAuthCommon.IsIdMatch(partnerApplication.ApplicationIdentifier, authMetadata.ServiceName) || !OAuthCommon.IsRealmMatchIncludingEmpty(partnerApplication.Realm, authMetadata.Realm) || !string.Equals(partnerApplication.IssuerIdentifier, authMetadata.Issuer))
{
this.Context.Logger.LogTerseEvent(MigrationEventType.Error, MSExchangeAuthAdminEventLogConstants.Tuple_InvalidTrustedIssuerChanges, new string[]
{
partnerApplication.Name,
partnerApplication.AuthMetadataUrl
});
return(false);
}
MultiValuedProperty <byte[]> multiValuedProperty = null;
if (this.ProcessCertificates(partnerApplication.Name, partnerApplication.CertificateBytes, authMetadata.CertificateStrings, out multiValuedProperty) && multiValuedProperty != null)
{
result = true;
partnerApplication.CertificateBytes = multiValuedProperty;
}
return(result);
}
public static void FetchAuthMetadata(AuthServer authServer, bool trustSslCert, bool updateIdRealm, Task.TaskWarningLoggingDelegate writeWarning, Task.TaskErrorLoggingDelegate writeError)
{
if (authServer == null)
{
throw new ArgumentNullException("authServer");
}
if (writeWarning == null)
{
throw new ArgumentNullException("writeWarning");
}
if (writeError == null)
{
throw new ArgumentNullException("writeError");
}
AuthMetadata authMetadata = OAuthTaskHelper.FetchAuthMetadata(authServer.AuthMetadataUrl, trustSslCert, true, writeWarning, writeError);
AuthMetadataParser.SetEndpointsIfWSFed(authMetadata, authServer.Type, authServer.AuthMetadataUrl);
if (updateIdRealm)
{
authServer.IssuerIdentifier = authMetadata.ServiceName;
authServer.Realm = authMetadata.Realm;
}
else if (!OAuthCommon.IsIdMatch(authServer.IssuerIdentifier, authMetadata.ServiceName) || !OAuthCommon.IsRealmMatchIncludingEmpty(authServer.Realm, authMetadata.Realm))
{
writeError(new TaskException(Strings.ErrorPidRealmDifferentFromMetadata(authMetadata.ServiceName, authMetadata.Realm, authServer.IssuerIdentifier, authServer.Realm)), ErrorCategory.InvalidData, null);
}
authServer.CertificateBytes = OAuthTaskHelper.InternalCertificateFromBase64String(authMetadata.CertificateStrings, writeError);
authServer.TokenIssuingEndpoint = authMetadata.IssuingEndpoint;
authServer.AuthorizationEndpoint = authMetadata.AuthorizationEndpoint;
}
public static void FetchAuthMetadata(PartnerApplication partnerApplication, bool trustSslCert, bool updatePidOrRealmOrIssuer, Task.TaskWarningLoggingDelegate writeWarning, Task.TaskErrorLoggingDelegate writeError)
{
if (partnerApplication == null)
{
throw new ArgumentNullException("partnerApplication");
}
if (writeWarning == null)
{
throw new ArgumentNullException("writeWarning");
}
if (writeError == null)
{
throw new ArgumentNullException("writeError");
}
AuthMetadata authMetadata = OAuthTaskHelper.FetchAuthMetadata(partnerApplication.AuthMetadataUrl, trustSslCert, false, writeWarning, writeError);
if (updatePidOrRealmOrIssuer)
{
partnerApplication.ApplicationIdentifier = authMetadata.ServiceName;
partnerApplication.IssuerIdentifier = authMetadata.Issuer;
partnerApplication.Realm = authMetadata.Realm;
}
else if (!OAuthCommon.IsIdMatch(partnerApplication.ApplicationIdentifier, authMetadata.ServiceName) || !OAuthCommon.IsRealmMatchIncludingEmpty(partnerApplication.Realm, authMetadata.Realm) || !string.Equals(partnerApplication.IssuerIdentifier, authMetadata.Issuer))
{
writeError(new TaskException(Strings.ErrorPidRealmIssuerDifferentFromMetadata(authMetadata.ServiceName, authMetadata.Realm, authMetadata.Issuer, partnerApplication.ApplicationIdentifier, partnerApplication.Realm, partnerApplication.IssuerIdentifier)), ErrorCategory.InvalidData, null);
}
partnerApplication.CertificateBytes = OAuthTaskHelper.InternalCertificateFromBase64String(authMetadata.CertificateStrings, writeError);
}
private bool ProcessAuthServer(AuthServer authServer)
{
bool result = false;
AuthMetadata authMetadata = this.FetchMetadata(authServer.Name, authServer.AuthMetadataUrl, true);
if (authMetadata == null)
{
return(false);
}
AuthMetadataParser.SetEndpointsIfWSFed(authMetadata, authServer.Type, authServer.AuthMetadataUrl);
if (!OAuthCommon.IsIdMatch(authServer.IssuerIdentifier, authMetadata.ServiceName) || !OAuthCommon.IsRealmMatchIncludingEmpty(authServer.Realm, authMetadata.Realm) || string.IsNullOrEmpty(authMetadata.IssuingEndpoint) || ((authServer.Type == AuthServerType.AzureAD || authServer.Type == AuthServerType.ADFS) && string.IsNullOrEmpty(authMetadata.AuthorizationEndpoint)))
{
this.Context.Logger.LogTerseEvent(MigrationEventType.Error, MSExchangeAuthAdminEventLogConstants.Tuple_InvalidTrustedIssuerChanges, new string[]
{
authServer.Name,
authServer.AuthMetadataUrl
});
return(false);
}
if (string.Compare(authServer.TokenIssuingEndpoint, authMetadata.IssuingEndpoint, StringComparison.OrdinalIgnoreCase) != 0)
{
result = true;
authServer.TokenIssuingEndpoint = authMetadata.IssuingEndpoint;
}
if ((authServer.Type == AuthServerType.AzureAD || authServer.Type == AuthServerType.ADFS) && string.Compare(authServer.AuthorizationEndpoint, authMetadata.AuthorizationEndpoint, StringComparison.OrdinalIgnoreCase) != 0)
{
result = true;
authServer.AuthorizationEndpoint = authMetadata.AuthorizationEndpoint;
}
MultiValuedProperty <byte[]> multiValuedProperty = null;
if (this.ProcessCertificates(authServer.Name, authServer.CertificateBytes, authMetadata.CertificateStrings, out multiValuedProperty) && multiValuedProperty != null)
{
result = true;
authServer.CertificateBytes = multiValuedProperty;
}
return(result);
}
