C# (CSharp) Microsoft.Exchange.Management.SystemConfigurationTasks ExchangeCertificate Exemples

Exemple #1

        public static void ValidateLocalCertificate(string thumbprint, DateTime?futurePublishDate, bool skipAutomatedDeploymentChecks, Task.TaskErrorLoggingDelegate writeError)
        {
            if (writeError == null)
            {
                throw new ArgumentNullException("writeError");
            }
            if (string.IsNullOrEmpty(thumbprint))
            {
                return;
            }
            X509Store x509Store = null;

            try
            {
                x509Store = new X509Store(StoreLocation.LocalMachine);
                x509Store.Open(OpenFlags.ReadOnly);
                X509Certificate2Collection x509Certificate2Collection = x509Store.Certificates.Find(X509FindType.FindByThumbprint, thumbprint, false);
                if (x509Certificate2Collection.Count == 0)
                {
                    writeError(new TaskException(Strings.ErrorThumbprintNotFound(thumbprint)), ErrorCategory.InvalidArgument, null);
                }
                ExchangeCertificate certificate = new ExchangeCertificate(x509Certificate2Collection[0]);
                OAuthTaskHelper.ValidateCertificate(certificate, futurePublishDate, skipAutomatedDeploymentChecks, writeError);
            }
            finally
            {
                if (x509Store != null)
                {
                    x509Store.Close();
                }
            }
        }

Exemple #2

        internal static LocalizedString UpdateActiveDirectory(X509Certificate2 certificate, IConfigurationSession systemConfiguration, Server server, List <LocalizedString> warningList, bool allowConfirmation)
        {
            X509Certificate2 internalTransportCertificate = ExchangeCertificate.GetInternalTransportCertificate(server);

            if (internalTransportCertificate != null)
            {
                if (string.Equals(internalTransportCertificate.Thumbprint, certificate.Thumbprint, StringComparison.OrdinalIgnoreCase))
                {
                    return(LocalizedString.Empty);
                }
                if (allowConfirmation)
                {
                    return(Strings.ConfirmOverwriteInternalTransportCertificate(internalTransportCertificate.Thumbprint, internalTransportCertificate.NotAfter, certificate.Thumbprint, certificate.NotAfter));
                }
            }
            server.InternalTransportCertificate = certificate.Export(X509ContentType.SerializedCert);
            systemConfiguration.Save(server);
            if (server.IsHubTransportServer)
            {
                ManageExchangeCertificate.ReEncryptEdgeSyncCredentials(server, internalTransportCertificate, certificate);
                systemConfiguration.Save(server);
            }
            else if (server.IsEdgeServer && warningList != null)
            {
                warningList.Add(Strings.InternalTransportCertificateUpdatedOnEdge);
            }
            return(LocalizedString.Empty);
        }

Exemple #3

        private static ExchangeCertificate GetCertificateFromStore(X509Store store, string thumbprint)
        {
            if (thumbprint == null)
            {
                throw new ArgumentNullException("thumbprint");
            }
            try
            {
                store.Open(OpenFlags.OpenExistingOnly);
            }
            catch (CryptographicException)
            {
                return(null);
            }
            ExchangeCertificate result;

            try
            {
                X509Certificate2Collection x509Certificate2Collection = store.Certificates.Find(X509FindType.FindByThumbprint, thumbprint, false);
                if (x509Certificate2Collection.Count == 0)
                {
                    result = null;
                }
                else
                {
                    result = new ExchangeCertificate(x509Certificate2Collection[0]);
                }
            }
            finally
            {
                store.Close();
            }
            return(result);
        }

Exemple #4

        private void ValidateNextCertificate()
        {
            this.Thumbprint      = FederationCertificate.UnifyThumbprintFormat(this.Thumbprint);
            this.nextCertificate = FederationCertificate.GetExchangeFederationCertByThumbprint(this.Thumbprint, new WriteVerboseDelegate(base.WriteVerbose));
            ExchangeCertificate exchangeCertificate = new ExchangeCertificate(this.nextCertificate);

            FederationCertificate.ValidateCertificate(exchangeCertificate, this.IsDatacenter);
            this.ValidateUniqueSki(exchangeCertificate, this.DataObject.OrgPrevCertificate);
            this.ValidateUniqueSki(exchangeCertificate, this.DataObject.OrgCertificate);
        }

Exemple #5

 private void ValidateUniqueSki(ExchangeCertificate nextExchangeCertificate, X509Certificate2 otherCertificate)
 {
     if (otherCertificate != null)
     {
         ExchangeCertificate exchangeCertificate = new ExchangeCertificate(otherCertificate);
         if (StringComparer.InvariantCultureIgnoreCase.Equals(nextExchangeCertificate.SubjectKeyIdentifier, exchangeCertificate.SubjectKeyIdentifier))
         {
             throw new FederationCertificateInvalidException(Strings.ErrorCertificateSKINotUnique(nextExchangeCertificate.Thumbprint, exchangeCertificate.Thumbprint, nextExchangeCertificate.SubjectKeyIdentifier));
         }
     }
 }

Exemple #6

 private static void ReEncryptEdgeSyncCredentials(Server server, X509Certificate2 oldCertificate, X509Certificate2 newCertificate)
 {
     if (server.EdgeSyncCredentials == null || server.EdgeSyncCredentials.Count == 0)
     {
         return;
     }
     if (oldCertificate == null)
     {
         throw new InvalidOperationException(Strings.InternalTransportCertificateCorruptedInADOnHub);
     }
     if (TlsCertificateInfo.IsCNGProvider(newCertificate))
     {
         throw new InvalidOperationException(Strings.InternalTransportCertificateMustBeCAPICertificate(newCertificate.Thumbprint));
     }
     oldCertificate = ExchangeCertificate.GetCertificateFromStore(StoreName.My, oldCertificate.Thumbprint);
     if (oldCertificate == null)
     {
         throw new InvalidOperationException(Strings.InternalTransportCertificateCorruptedInADOnHub);
     }
     EdgeSyncCredential[] array = new EdgeSyncCredential[server.EdgeSyncCredentials.Count];
     using (RSACryptoServiceProvider rsacryptoServiceProvider = (RSACryptoServiceProvider)oldCertificate.PrivateKey)
     {
         for (int i = 0; i < server.EdgeSyncCredentials.Count; i++)
         {
             array[i] = EdgeSyncCredential.DeserializeEdgeSyncCredential(server.EdgeSyncCredentials[i]);
             try
             {
                 array[i].EncryptedESRAPassword = rsacryptoServiceProvider.Decrypt(array[i].EncryptedESRAPassword, false);
             }
             catch (CryptographicException)
             {
                 throw new InvalidOperationException(Strings.InternalTransportCertificateCorruptedInADOnHub);
             }
         }
     }
     using (RSACryptoServiceProvider rsacryptoServiceProvider2 = newCertificate.PublicKey.Key as RSACryptoServiceProvider)
     {
         if (rsacryptoServiceProvider2 != null)
         {
             for (int j = 0; j < array.Length; j++)
             {
                 if (array[j].EncryptedESRAPassword != null)
                 {
                     array[j].EncryptedESRAPassword = rsacryptoServiceProvider2.Encrypt(array[j].EncryptedESRAPassword, false);
                     server.EdgeSyncCredentials[j]  = EdgeSyncCredential.SerializeEdgeSyncCredential(array[j]);
                 }
             }
         }
     }
 }

Exemple #7

 internal static bool IsCertEnabledForNetworkService(ExchangeCertificate cert)
 {
     if (cert.AccessRules != null)
     {
         foreach (AccessRule accessRule in cert.AccessRules)
         {
             CryptoKeyAccessRule cryptoKeyAccessRule = (CryptoKeyAccessRule)accessRule;
             if (cryptoKeyAccessRule.IdentityReference == ManageExchangeCertificate.NetworkServiceIdentityReference && cryptoKeyAccessRule.AccessControlType == AccessControlType.Allow && (cryptoKeyAccessRule.CryptoKeyRights & CryptoKeyRights.GenericRead) != (CryptoKeyRights)0)
             {
                 return(true);
             }
         }
         return(false);
     }
     return(false);
 }

Exemple #8

 internal static int CompareByNotBefore(ExchangeCertificate x, ExchangeCertificate y)
 {
     if (x == null)
     {
         if (y == null)
         {
             return(0);
         }
         return(-1);
     }
     else
     {
         if (y == null)
         {
             return(1);
         }
         return(y.NotBefore.CompareTo(x.NotBefore));
     }
 }

Exemple #9

 public static void ValidateCertificate(ExchangeCertificate certificate, DateTime?futurePublishDate, bool skipAutomatedDeploymentChecks, Task.TaskErrorLoggingDelegate writeError)
 {
     if (writeError == null)
     {
         throw new ArgumentNullException("writeError");
     }
     if (certificate == null)
     {
         return;
     }
     try
     {
         ExchangeCertificateValidity exchangeCertificateValidity = ManageExchangeCertificate.ValidateExchangeCertificate(certificate, true);
         if (exchangeCertificateValidity != ExchangeCertificateValidity.Valid)
         {
             writeError(new TaskException(Strings.CertificateNotValidForExchange(certificate.Thumbprint, exchangeCertificateValidity.ToString())), ErrorCategory.InvalidArgument, null);
         }
         if (!skipAutomatedDeploymentChecks && !certificate.PrivateKeyExportable)
         {
             writeError(new TaskException(Strings.ErrorCertificateNotExportable(certificate.Thumbprint)), ErrorCategory.InvalidArgument, null);
         }
         if ((ExDateTime)certificate.NotAfter < ExDateTime.UtcNow)
         {
             writeError(new TaskException(Strings.ErrorCertificateHasExpired(certificate.Thumbprint)), ErrorCategory.InvalidArgument, null);
         }
         if ((ExDateTime)certificate.NotBefore > ExDateTime.UtcNow)
         {
             writeError(new TaskException(Strings.ErrorCertificateNotYetValid(certificate.Thumbprint)), ErrorCategory.InvalidArgument, null);
         }
         if (futurePublishDate != null && futurePublishDate != null && (ExDateTime)certificate.NotAfter <= (ExDateTime)futurePublishDate.Value.ToUniversalTime())
         {
             writeError(new TaskException(Strings.ErrorAuthNewCertificateExpire(certificate.Thumbprint)), ErrorCategory.InvalidArgument, null);
         }
     }
     catch (CryptographicException innerException)
     {
         writeError(new TaskException(Strings.ErrorFailedToValidateCertificate(certificate.Thumbprint), innerException), ErrorCategory.InvalidArgument, null);
     }
 }

Exemple #10

        private static void WarnIfNotBestMatch(ExchangeCertificate certificate, IConfigurationSession session, Server server, List <LocalizedString> warningList)
        {
            if (warningList == null)
            {
                return;
            }
            X509Store x509Store = new X509Store(StoreName.My, StoreLocation.LocalMachine);

            try
            {
                x509Store.Open(OpenFlags.ReadOnly);
                using (ChainEngine chainEngine = new ChainEngine())
                {
                    IEnumerable <ManageExchangeCertificate.FqdnConnectors> connectorFQDNs = ManageExchangeCertificate.GetConnectorFQDNs(session, server);
                    foreach (ManageExchangeCertificate.FqdnConnectors fqdnConnectors in connectorFQDNs)
                    {
                        X509Certificate2 x509Certificate;
                        if (ManageExchangeCertificate.CertificateHasLowerPrecedence(x509Store, chainEngine, fqdnConnectors.Fqdn, certificate, out x509Certificate))
                        {
                            if (!new ExchangeCertificate(x509Certificate).IsSelfSigned)
                            {
                                warningList.Add(Strings.WarnCertificateWillNotBeUsedBestIsPKI(x509Certificate.Thumbprint, fqdnConnectors.Fqdn, fqdnConnectors.Connectors));
                            }
                            else
                            {
                                warningList.Add(Strings.WarnCertificateWillNotBeUsed(x509Certificate.Thumbprint, fqdnConnectors.Fqdn, fqdnConnectors.Connectors));
                            }
                        }
                    }
                }
            }
            finally
            {
                if (x509Store != null)
                {
                    x509Store.Close();
                }
            }
        }

Exemple #11

        private byte[] SerializeListAsArray <TItem>(List <TItem> list)
        {
            int num = 0;

            if (list != null)
            {
                object[] array = new object[list.Count];
                foreach (TItem titem in list)
                {
                    if (typeof(TItem) == typeof(ExchangeCertificate))
                    {
                        ExchangeCertificate exchangeCertificate = titem as ExchangeCertificate;
                        array[num++] = ExchangeCertificateRpc.SerializeObject(exchangeCertificate.ExchangeCertificateAsArray());
                    }
                    else
                    {
                        array[num++] = ExchangeCertificateRpc.SerializeObject(titem);
                    }
                }
                return(ExchangeCertificateRpc.SerializeObject(array));
            }
            return(null);
        }

Exemple #12

 private void ProcessRequestResults(ExchangeCertificate certificate, string request)
 {
     if (this.BinaryEncoded)
     {
         BinaryFileDataObject binaryFileDataObject = new BinaryFileDataObject();
         binaryFileDataObject.FileData = Convert.FromBase64String(request);
         base.WriteObject(binaryFileDataObject);
         if (this.GenerateRequest && !string.IsNullOrEmpty(this.RequestFile))
         {
             this.WriteRequest(binaryFileDataObject.FileData, string.Empty);
             return;
         }
     }
     else
     {
         string text = ManageExchangeCertificate.WrapCertificateRequestWithPemTags(request);
         base.WriteObject(text);
         if (this.GenerateRequest && !string.IsNullOrEmpty(this.RequestFile))
         {
             this.WriteRequest(null, text);
         }
     }
 }

Exemple #13

        public static void ValidateRemoteCertificate(string server, string thumbprint, DateTime?futurePublishDate, bool skipAutomatedDeploymentChecks, Task.TaskErrorLoggingDelegate writeError)
        {
            if (writeError == null)
            {
                throw new ArgumentNullException("writeError");
            }
            if (string.IsNullOrEmpty(thumbprint))
            {
                return;
            }
            ExchangeCertificate             certificate = null;
            FederationTrustCertificateState federationTrustCertificateState = FederationCertificate.TestForCertificate(server, thumbprint, out certificate);

            if (federationTrustCertificateState == FederationTrustCertificateState.ServerUnreachable)
            {
                writeError(new TaskException(Strings.ErrorCannotContactServerForCert(server, thumbprint)), ErrorCategory.InvalidArgument, null);
            }
            else if (federationTrustCertificateState != FederationTrustCertificateState.Installed)
            {
                writeError(new TaskException(Strings.ErrorThumbprintNotFound(thumbprint)), ErrorCategory.InvalidArgument, null);
            }
            OAuthTaskHelper.ValidateCertificate(certificate, futurePublishDate, skipAutomatedDeploymentChecks, writeError);
        }

Exemple #14

        internal static ExchangeCertificate GetInternalTransportCertificate(Server server)
        {
            if (server == null)
            {
                throw new ArgumentNullException("server");
            }
            if (server.InternalTransportCertificate == null)
            {
                return(null);
            }
            ExchangeCertificate result;

            try
            {
                X509Certificate2 cert = new X509Certificate2(server.InternalTransportCertificate);
                result = new ExchangeCertificate(cert);
            }
            catch
            {
                result = null;
            }
            return(result);
        }

Exemple #15

        internal static ExchangeCertificate GetCertificateFromStore(StoreName storeName, string thumbprint)
        {
            X509Store store = new X509Store(storeName, StoreLocation.LocalMachine);

            return(ExchangeCertificate.GetCertificateFromStore(store, thumbprint));
        }

Exemple #16

        private void CheckCertificateChainAndCacheProps()
        {
            if (this.status != CertificateStatus.Unknown)
            {
                return;
            }
            if (!string.IsNullOrEmpty(this.CertificateRequest))
            {
                this.status     = CertificateStatus.PendingRequest;
                this.selfSigned = false;
                this.rootCAType = CertificateAuthorityType.Unknown;
                return;
            }
            this.privateKeyExportable = TlsCertificateInfo.IsCertificateExportable(this);
            ChainPolicyParameters options          = new BaseChainPolicyParameters(ChainPolicyOptions.None);
            ChainMatchIssuer      pkixKpServerAuth = AndChainMatchIssuer.PkixKpServerAuth;
            ChainBuildParameter   parameter        = new ChainBuildParameter(pkixKpServerAuth, TimeSpan.FromSeconds(30.0), false, TimeSpan.Zero);

            using (ChainEngine chainEngine = new ChainEngine())
            {
                using (ChainContext chainContext = chainEngine.Build(this, ChainBuildOptions.CacheEndCert | ChainBuildOptions.RevocationCheckChainExcludeRoot | ChainBuildOptions.RevocationAccumulativeTimeout, parameter))
                {
                    if (chainContext == null)
                    {
                        this.status     = CertificateStatus.Unknown;
                        this.selfSigned = false;
                        this.rootCAType = CertificateAuthorityType.Unknown;
                    }
                    else
                    {
                        this.selfSigned = chainContext.IsSelfSigned;
                        if (chainContext.Status == TrustStatus.IsUntrustedRoot)
                        {
                            if (chainContext.IsSelfSigned)
                            {
                                this.status     = CertificateStatus.Valid;
                                this.rootCAType = CertificateAuthorityType.None;
                            }
                            else
                            {
                                this.status     = CertificateStatus.Untrusted;
                                this.rootCAType = CertificateAuthorityType.Unknown;
                            }
                        }
                        else
                        {
                            ChainSummary        chainSummary        = chainContext.Validate(options);
                            ChainValidityStatus chainValidityStatus = chainSummary.Status;
                            if (chainValidityStatus <= (ChainValidityStatus)2148081683U)
                            {
                                if (chainValidityStatus == ChainValidityStatus.Valid)
                                {
                                    this.status = CertificateStatus.Valid;
                                    goto IL_168;
                                }
                                switch (chainValidityStatus)
                                {
                                case (ChainValidityStatus)2148081682U:
                                case (ChainValidityStatus)2148081683U:
                                    break;

                                default:
                                    goto IL_15A;
                                }
                            }
                            else
                            {
                                if (chainValidityStatus == (ChainValidityStatus)2148204801U)
                                {
                                    this.status = CertificateStatus.DateInvalid;
                                    goto IL_168;
                                }
                                switch (chainValidityStatus)
                                {
                                case (ChainValidityStatus)2148204812U:
                                    this.status = CertificateStatus.Revoked;
                                    goto IL_168;

                                case (ChainValidityStatus)2148204813U:
                                    goto IL_15A;

                                case (ChainValidityStatus)2148204814U:
                                    break;

                                default:
                                    goto IL_15A;
                                }
                            }
                            this.status = CertificateStatus.RevocationCheckFailure;
                            goto IL_168;
IL_15A:
                            this.status     = CertificateStatus.Invalid;
                            this.rootCAType = CertificateAuthorityType.Unknown;
IL_168:
                            if (this.status != CertificateStatus.Invalid)
                            {
                                X509Certificate2 rootCertificate = chainContext.RootCertificate;
                                if (rootCertificate == null)
                                {
                                    throw new InvalidOperationException("Root certificate was null!");
                                }
                                this.rootCAType = ExchangeCertificate.RootSource(rootCertificate.Thumbprint);
                            }
                        }
                    }
                }
            }
        }

Exemple #17

        internal Dictionary <RpcOutput, object> BuildOutputParameters(byte[] blob)
        {
            Dictionary <RpcOutput, object> dictionary = new Dictionary <RpcOutput, object>();

            object[] array = (object[])this.DeserializeObject(blob, false);
            for (int i = 0; i < array.Length; i += 2)
            {
                RpcOutput rpcOutput = (RpcOutput)this.DeserializeObject((byte[])array[i], true);
                object    obj       = this.DeserializeObject((byte[])array[i + 1], true);
                if (obj != null)
                {
                    RpcOutput rpcOutput2 = rpcOutput;
                    switch (rpcOutput2)
                    {
                    case RpcOutput.ExchangeCertList:
                    {
                        List <ExchangeCertificate> list = new List <ExchangeCertificate>();
                        foreach (object obj2 in (object[])obj)
                        {
                            list.Add(new ExchangeCertificate((object[])this.DeserializeObject((byte[])obj2, true)));
                        }
                        obj = list;
                        break;
                    }

                    case RpcOutput.ExchangeCert:
                        obj = new ExchangeCertificate((object[])obj);
                        break;

                    default:
                        switch (rpcOutput2)
                        {
                        case RpcOutput.TaskWarningList:
                        {
                            List <LocalizedString> list2 = new List <LocalizedString>();
                            foreach (object obj3 in (object[])obj)
                            {
                                list2.Add((LocalizedString)this.DeserializeObject((byte[])obj3, true));
                            }
                            obj = list2;
                            break;
                        }

                        case RpcOutput.TaskConfirmationList:
                        {
                            object[] array4 = (object[])obj;
                            Dictionary <AllowedServices, LocalizedString> dictionary2 = new Dictionary <AllowedServices, LocalizedString>();
                            for (int l = 0; l < array4.Length; l += 2)
                            {
                                AllowedServices key   = (AllowedServices)this.DeserializeObject((byte[])array4[l], true);
                                LocalizedString value = (LocalizedString)this.DeserializeObject((byte[])array4[l + 1], true);
                                dictionary2[key] = value;
                            }
                            obj = dictionary2;
                            break;
                        }
                        }
                        break;
                    }
                }
                dictionary[rpcOutput] = obj;
            }
            return(dictionary);
        }