private void ValidateFederationTrustCertificatesWithFederationMetadata(FederationTrust federationTrust)
{
if (federationTrust.TokenIssuerMetadataEpr == null)
{
this.Log(EventTypeEnumeration.Information, TestFederationTrust.TestFederationTrustEventId.FederationMetadata, Strings.NoFederationMetadataEpr);
return;
}
PartnerFederationMetadata partnerFederationMetadata = null;
try
{
partnerFederationMetadata = LivePartnerFederationMetadata.LoadFrom(federationTrust.TokenIssuerMetadataEpr, new WriteVerboseDelegate(base.WriteVerbose));
}
catch (FederationMetadataException ex)
{
this.Log(EventTypeEnumeration.Error, TestFederationTrust.TestFederationTrustEventId.FederationMetadata, Strings.RetrieveFederationMetadataFailed);
base.WriteVerbose(Strings.FailureAndReason(Strings.RetrieveFederationMetadataFailed.ToString(), ex.ToString()));
return;
}
HashSet <string> nonExpiredCertificateThumbprint = this.GetNonExpiredCertificateThumbprint(federationTrust.TokenIssuerMetadataEpr.ToString(), new X509Certificate2[]
{
partnerFederationMetadata.TokenIssuerCertificate,
partnerFederationMetadata.TokenIssuerPrevCertificate
});
HashSet <string> nonExpiredCertificateThumbprint2 = this.GetNonExpiredCertificateThumbprint("FederationTrust", new X509Certificate2[]
{
federationTrust.TokenIssuerCertificate,
federationTrust.TokenIssuerPrevCertificate
});
base.WriteVerbose(new LocalizedString(string.Concat(new string[]
{
Environment.NewLine,
Environment.NewLine,
"Federation Trust Certificates: ",
Environment.NewLine,
"TokenIssuerCertificate: ",
federationTrust.TokenIssuerCertificate.Thumbprint,
Environment.NewLine,
"TokenIssuerPrevCertificate: ",
federationTrust.TokenIssuerPrevCertificate.Thumbprint,
Environment.NewLine,
Environment.NewLine,
"Federation Metadata Certificates: ",
Environment.NewLine,
"TokenIssuerCertificate: ",
partnerFederationMetadata.TokenIssuerCertificate.Thumbprint,
Environment.NewLine,
"TokenIssuerPrevCertificate: ",
partnerFederationMetadata.TokenIssuerPrevCertificate.Thumbprint
})));
if (nonExpiredCertificateThumbprint.SetEquals(nonExpiredCertificateThumbprint2))
{
this.Log(EventTypeEnumeration.Success, TestFederationTrust.TestFederationTrustEventId.FederationMetadata, Strings.FederationTrustHasAllStsCertificates);
return;
}
this.Log(EventTypeEnumeration.Error, TestFederationTrust.TestFederationTrustEventId.FederationMetadata, Strings.FederationTrustHasOutdatedCertificates);
}
private void ProvisionSTS()
{
int num = 0;
num += 30;
base.WriteProgress(Strings.ProgressActivityNewFederationTrust, Strings.ProgressActivityGetFederationMetadata, num);
Uri uri = this.MetadataUrl;
if (uri == null)
{
uri = LiveConfiguration.GetLiveIdFederationMetadataEpr(this.NamespaceProvisionerType);
}
try
{
PartnerFederationMetadata partnerFederationMetadata = LivePartnerFederationMetadata.LoadFrom(uri, new WriteVerboseDelegate(base.WriteVerbose));
LivePartnerFederationMetadata.InitializeDataObjectFromMetadata(this.DataObject, partnerFederationMetadata, new WriteWarningDelegate(this.WriteWarning));
}
catch (FederationMetadataException exception)
{
base.WriteError(exception, ErrorCategory.MetadataError, null);
}
this.DataObject.TokenIssuerType = FederationTrust.PartnerSTSType.LiveId;
this.DataObject.MetadataEpr = null;
this.DataObject.MetadataPutEpr = null;
this.DataObject.MetadataPollInterval = LiveConfiguration.DefaultFederatedMetadataTimeout;
num += 30;
base.WriteProgress(Strings.ProgressActivityNewFederationTrust, Strings.NewFederationTrustProvisioningService(FederationTrust.PartnerSTSType.LiveId.ToString()), num);
base.WriteVerbose(Strings.NewFederationTrustProvisioningService(FederationTrust.PartnerSTSType.LiveId.ToString()));
num += 30;
base.WriteProgress(Strings.ProgressActivityNewFederationTrust, Strings.ProgressActivityCreateAppId, num);
FederationProvision federationProvision = FederationProvision.Create(this.DataObject, this);
try
{
federationProvision.OnNewFederationTrust(this.DataObject);
}
catch (LocalizedException ex)
{
base.WriteError(new ProvisioningFederatedExchangeException(ex.Message, ex), ErrorCategory.NotSpecified, null);
}
base.WriteProgress(Strings.ProgressActivityNewFederationTrust, Strings.ProgressStatusFinished, 100);
switch (this.NamespaceProvisionerType)
{
case FederationTrust.NamespaceProvisionerType.LiveDomainServices:
this.WriteWarning(Strings.ManageDelegationProvisioningInDNS(this.DataObject.ApplicationIdentifier));
return;
case FederationTrust.NamespaceProvisionerType.LiveDomainServices2:
this.WriteWarning(Strings.ManageDelegation2ProvisioningInDNS);
return;
default:
return;
}
}
private bool ProcessFederationTrust(FederationTrust federationTrust)
{
PartnerFederationMetadata partnerFederationMetadata = null;
try
{
partnerFederationMetadata = LivePartnerFederationMetadata.LoadFrom(federationTrust.TokenIssuerMetadataEpr, null);
}
catch (FederationMetadataException ex)
{
this.Context.Logger.LogTerseEvent(MigrationEventType.Error, MSExchangeAuthAdminEventLogConstants.Tuple_UnableToAccessMetadata, new string[]
{
ex.Message,
federationTrust.TokenIssuerMetadataEpr.OriginalString,
federationTrust.Name
});
}
catch (Exception ex2)
{
this.Context.Logger.LogTerseEvent(MigrationEventType.Error, MSExchangeAuthAdminEventLogConstants.Tuple_UnableToAccessMetadata, new string[]
{
AnchorLogger.GetDiagnosticInfo(ex2, null),
federationTrust.TokenIssuerMetadataEpr.OriginalString,
federationTrust.Name
});
}
if (partnerFederationMetadata == null)
{
return(false);
}
List <LocalizedString> warningMessages = new List <LocalizedString>();
try
{
LivePartnerFederationMetadata.InitializeDataObjectFromMetadata(federationTrust, partnerFederationMetadata, delegate(LocalizedString localizedString)
{
warningMessages.Add(localizedString);
});
}
catch (FederationMetadataException ex3)
{
this.Context.Logger.LogTerseEvent(MigrationEventType.Error, MSExchangeAuthAdminEventLogConstants.Tuple_CorruptMetadata, new string[]
{
ex3.Message,
federationTrust.TokenIssuerMetadataEpr.OriginalString,
federationTrust.Name
});
}
catch (Exception ex4)
{
this.Context.Logger.LogTerseEvent(MigrationEventType.Error, MSExchangeAuthAdminEventLogConstants.Tuple_UnableToAccessMetadata, new string[]
{
AnchorLogger.GetDiagnosticInfo(ex4, null),
federationTrust.TokenIssuerMetadataEpr.OriginalString,
federationTrust.Name
});
}
if (warningMessages.Count > 0)
{
StringBuilder stringBuilder = new StringBuilder();
foreach (LocalizedString localizedString2 in warningMessages)
{
stringBuilder.AppendFormat("{0};", localizedString2.ToString());
}
this.Context.Logger.LogTerseEvent(MigrationEventType.Warning, MSExchangeAuthAdminEventLogConstants.Tuple_Warning, new string[]
{
federationTrust.Name,
stringBuilder.ToString()
});
}
return(federationTrust.ObjectState == ObjectState.Changed);
}
