private bool TryGetExchangeGroupKeyForRemoteTenant(Guid externalDirectoryOrgId, out ExchangeGroupKey exchangeGroupKey, out Exception exception)
{
exchangeGroupKey = null;
exception = null;
string resourceForestFqdnByExternalDirectoryOrganizationId;
try
{
resourceForestFqdnByExternalDirectoryOrganizationId = ADAccountPartitionLocator.GetResourceForestFqdnByExternalDirectoryOrganizationId(externalDirectoryOrgId);
}
catch (CannotResolveExternalDirectoryOrganizationIdException ex)
{
exception = ex;
return(false);
}
if (this.remoteForestExchangeGroupKeys.TryGetValue(resourceForestFqdnByExternalDirectoryOrganizationId, out exchangeGroupKey))
{
return(true);
}
string parentContainerDN = string.Format("{0},{1}", "CN=Microsoft,CN=Program Data", NativeHelpers.DistinguishedNameFromCanonicalName(resourceForestFqdnByExternalDirectoryOrganizationId));
exchangeGroupKey = new ExchangeGroupKey(null, "Microsoft Exchange DKM")
{
ParentContainerDN = parentContainerDN
};
this.remoteForestExchangeGroupKeys.TryAdd(resourceForestFqdnByExternalDirectoryOrganizationId, exchangeGroupKey);
return(true);
}
public static string EncryptSecretWithDKM(string secretInClearText, Task.TaskErrorLoggingDelegate writeError)
{
if (string.IsNullOrEmpty(secretInClearText))
{
throw new ArgumentNullException("secretInClearText");
}
if (writeError == null)
{
throw new ArgumentNullException("writeError");
}
ExchangeGroupKey exchangeGroupKey = new ExchangeGroupKey(null, "Microsoft Exchange DKM");
string result;
try
{
result = exchangeGroupKey.ClearStringToEncryptedString(secretInClearText);
}
catch (Exception ex)
{
if (ex is CryptographicException || ex is InvalidDataException || exchangeGroupKey.IsDkmException(ex))
{
writeError(ex, ErrorCategory.InvalidData, null);
}
throw;
}
return(result);
}
public static bool TryGetDkmKey(Guid externalDirectoryOrgId, out ExchangeGroupKey exchangeGroupKey, out Exception exception)
{
ServerManager.InitializeIfNeeded();
exception = null;
if (externalDirectoryOrgId == Guid.Empty)
{
exchangeGroupKey = ServerManager.instance.localForestExchangeGroupKey;
return(true);
}
return(ServerManager.instance.TryGetExchangeGroupKeyForRemoteTenant(externalDirectoryOrgId, out exchangeGroupKey, out exception));
}
private TrustedPublishingDomainPrivateKeyProvider CreateKeyProviderAndDkmProtectKey(string tpdName, KeyInformation keyInfo, SecureString tpdFilePassword, out string dkmEncryptedPrivateKey, out object failureTarget)
{
failureTarget = null;
byte[] bytes = this.DecryptPrivateKey(keyInfo, tpdFilePassword);
ExchangeGroupKey exchangeGroupKey = new ExchangeGroupKey(null, "Microsoft Exchange DKM");
Exception ex;
if (!exchangeGroupKey.TryByteArrayToEncryptedString(bytes, out dkmEncryptedPrivateKey, out ex))
{
failureTarget = tpdName;
throw new FailedToDkmProtectPrivateKeyException(ex);
}
Dictionary <string, PrivateKeyInformation> dictionary = new Dictionary <string, PrivateKeyInformation>(1, StringComparer.OrdinalIgnoreCase);
PrivateKeyInformation privateKeyInformation = new PrivateKeyInformation(keyInfo.strID, keyInfo.strIDType, keyInfo.strKeyContainerName, keyInfo.nKeyNumber, keyInfo.strCSPName, keyInfo.nCSPType, dkmEncryptedPrivateKey, true);
dictionary.Add(privateKeyInformation.Identity, privateKeyInformation);
return(new TrustedPublishingDomainPrivateKeyProvider(null, dictionary));
}
public bool DecryptString(string encryptedPassword, out SecureString decryptedString)
{
bool result = false;
try
{
ExchangeGroupKey exchangeGroupKey = new ExchangeGroupKey(this.edsPath, "Microsoft Exchange Diagnostics DKM");
decryptedString = exchangeGroupKey.EncryptedStringToSecureString(encryptedPassword);
result = true;
}
catch (Exception ex)
{
decryptedString = null;
Logger.LogErrorMessage("DKM query failed to decrypt due to: {0}", new object[]
{
ex
});
}
return(result);
}
public bool EncryptString(string password, out string encryptedPassword)
{
bool result = false;
try
{
ExchangeGroupKey exchangeGroupKey = new ExchangeGroupKey(this.edsPath, "Microsoft Exchange Diagnostics DKM");
encryptedPassword = exchangeGroupKey.ClearStringToEncryptedString(password);
result = true;
}
catch (Exception ex)
{
Logger.LogErrorMessage("DKM query failed to encrypt due to: {0}", new object[]
{
ex
});
encryptedPassword = null;
}
return(result);
}
