private HashSet <string> GetNonExpiredCertificateThumbprint(string source, params X509Certificate2[] certificatesToCheck) { HashSet <string> hashSet = new HashSet <string>(); foreach (X509Certificate2 x509Certificate in certificatesToCheck) { if (x509Certificate != null) { if (TestFederationTrust.IsExpiredCertificate(x509Certificate)) { base.WriteVerbose(Strings.IgnoringExpiredCertificate(x509Certificate.Thumbprint, source)); } else { hashSet.Add(x509Certificate.Thumbprint); } } } return(hashSet); }
private X509Certificate2 GetOrganizationCertificate(X509Store store, string thumbprint, TestFederationTrust.TestFederationTrustEventId eventId, string propertyName) { X509Certificate2Collection x509Certificate2Collection = store.Certificates.Find(X509FindType.FindByThumbprint, thumbprint, false); if (x509Certificate2Collection == null || x509Certificate2Collection.Count == 0 || x509Certificate2Collection[0] == null) { this.Log(EventTypeEnumeration.Error, eventId, Strings.FederationCertificateNotFound(propertyName)); return(null); } X509Certificate2 x509Certificate = x509Certificate2Collection[0]; if (TestFederationTrust.IsExpiredCertificate(x509Certificate)) { this.Log(EventTypeEnumeration.Error, eventId, Strings.FederationCertificateExpired(propertyName)); return(null); } if (!this.IsValidPrivateKey(x509Certificate, eventId, propertyName)) { this.Log(EventTypeEnumeration.Error, eventId, Strings.FederationCertificateHasNoPrivateKey(propertyName)); return(null); } this.Log(EventTypeEnumeration.Success, eventId, Strings.CertificateValid(propertyName)); return(x509Certificate); }
private X509Certificate2[] GetStsCertificates(FederationTrust federationTrust) { bool flag = federationTrust.TokenIssuerCertificate != null && TestFederationTrust.IsExpiredCertificate(federationTrust.TokenIssuerCertificate); bool flag2 = federationTrust.TokenIssuerPrevCertificate != null && TestFederationTrust.IsExpiredCertificate(federationTrust.TokenIssuerPrevCertificate); LocalizedString message = flag ? Strings.CertificateExpired("TokenIssuerCertificate") : Strings.CertificateValid("TokenIssuerCertificate"); LocalizedString message2 = flag2 ? Strings.CertificateExpired("TokenIssuerPrevCertificate") : Strings.CertificateValid("TokenIssuerPrevCertificate"); if (!flag && !flag2) { base.WriteVerbose(new LocalizedString(string.Concat(new string[] { Environment.NewLine, "Both STS trust certificates [current <", federationTrust.TokenIssuerCertificate.Thumbprint, "> and previous <", federationTrust.TokenIssuerPrevCertificate.Thumbprint, ">] are valid." }))); } else if (!flag && flag2) { base.WriteVerbose(new LocalizedString(string.Concat(new string[] { Environment.NewLine, "The current STS trust certificate <", federationTrust.TokenIssuerCertificate.Thumbprint, "> is valid, but the previous STS trust certificate <", federationTrust.TokenIssuerPrevCertificate.Thumbprint, "> has expired." }))); } else if (flag && !flag2) { base.WriteVerbose(new LocalizedString(string.Concat(new string[] { Environment.NewLine, "The current STS trust certificate <", federationTrust.TokenIssuerCertificate.Thumbprint, "> has expired. The previous STS trust certificate <", federationTrust.TokenIssuerPrevCertificate.Thumbprint, "> is still valid." }))); } if (flag && flag2) { base.WriteVerbose(new LocalizedString(string.Concat(new string[] { Environment.NewLine, "Both STS trust certificates [current <", federationTrust.TokenIssuerCertificate.Thumbprint, "> and previous <", federationTrust.TokenIssuerPrevCertificate.Thumbprint, ">] have expired." }))); if (federationTrust.TokenIssuerCertificate != null) { this.Log(EventTypeEnumeration.Error, TestFederationTrust.TestFederationTrustEventId.StsCertificate, message); } if (federationTrust.TokenIssuerPrevCertificate != null) { this.Log(EventTypeEnumeration.Error, TestFederationTrust.TestFederationTrustEventId.StsPreviousCertificate, message2); } return(null); } if (federationTrust.TokenIssuerCertificate != null) { this.Log(flag ? EventTypeEnumeration.Warning : EventTypeEnumeration.Success, TestFederationTrust.TestFederationTrustEventId.StsCertificate, message); } if (federationTrust.TokenIssuerPrevCertificate != null) { this.Log(flag2 ? EventTypeEnumeration.Warning : EventTypeEnumeration.Success, TestFederationTrust.TestFederationTrustEventId.StsPreviousCertificate, message2); } List <X509Certificate2> list = new List <X509Certificate2>(2); if (federationTrust.TokenIssuerCertificate != null && !flag) { list.Add(federationTrust.TokenIssuerCertificate); } if (federationTrust.TokenIssuerPrevCertificate != null && !flag2) { list.Add(federationTrust.TokenIssuerPrevCertificate); } return(list.ToArray()); }