private bool ProcessPartnerApplication(PartnerApplication partnerApplication) { bool result = false; AuthMetadata authMetadata = this.FetchMetadata(partnerApplication.Name, partnerApplication.AuthMetadataUrl, false); if (authMetadata == null) { return(false); } if (!OAuthCommon.IsIdMatch(partnerApplication.ApplicationIdentifier, authMetadata.ServiceName) || !OAuthCommon.IsRealmMatchIncludingEmpty(partnerApplication.Realm, authMetadata.Realm) || !string.Equals(partnerApplication.IssuerIdentifier, authMetadata.Issuer)) { this.Context.Logger.LogTerseEvent(MigrationEventType.Error, MSExchangeAuthAdminEventLogConstants.Tuple_InvalidTrustedIssuerChanges, new string[] { partnerApplication.Name, partnerApplication.AuthMetadataUrl }); return(false); } MultiValuedProperty <byte[]> multiValuedProperty = null; if (this.ProcessCertificates(partnerApplication.Name, partnerApplication.CertificateBytes, authMetadata.CertificateStrings, out multiValuedProperty) && multiValuedProperty != null) { result = true; partnerApplication.CertificateBytes = multiValuedProperty; } return(result); }
private static AuthMetadata FetchAuthMetadata(string authMetadataUrl, bool trustSslCert, bool requireIssuingEndpoint, Task.TaskWarningLoggingDelegate writeWarning, Task.TaskErrorLoggingDelegate writeError) { try { Uri uri = new Uri(authMetadataUrl); if (uri.Scheme != Uri.UriSchemeHttps) { writeWarning(Strings.WarningMetadataNotOverHttps(authMetadataUrl)); } } catch (ArgumentNullException) { writeError(new TaskException(Strings.ErrorInvalidMetadataUrl(authMetadataUrl)), ErrorCategory.InvalidArgument, null); } catch (UriFormatException) { writeError(new TaskException(Strings.ErrorInvalidMetadataUrl(authMetadataUrl)), ErrorCategory.InvalidArgument, null); } AuthMetadata result = null; try { result = AuthMetadataClient.AcquireMetadata(authMetadataUrl, requireIssuingEndpoint, trustSslCert, true); } catch (AuthMetadataClientException exception) { writeError(exception, ErrorCategory.ResourceUnavailable, null); } catch (AuthMetadataParserException exception2) { writeError(exception2, ErrorCategory.ParserError, null); } return(result); }
public static void FetchAuthMetadata(AuthServer authServer, bool trustSslCert, bool updateIdRealm, Task.TaskWarningLoggingDelegate writeWarning, Task.TaskErrorLoggingDelegate writeError) { if (authServer == null) { throw new ArgumentNullException("authServer"); } if (writeWarning == null) { throw new ArgumentNullException("writeWarning"); } if (writeError == null) { throw new ArgumentNullException("writeError"); } AuthMetadata authMetadata = OAuthTaskHelper.FetchAuthMetadata(authServer.AuthMetadataUrl, trustSslCert, true, writeWarning, writeError); AuthMetadataParser.SetEndpointsIfWSFed(authMetadata, authServer.Type, authServer.AuthMetadataUrl); if (updateIdRealm) { authServer.IssuerIdentifier = authMetadata.ServiceName; authServer.Realm = authMetadata.Realm; } else if (!OAuthCommon.IsIdMatch(authServer.IssuerIdentifier, authMetadata.ServiceName) || !OAuthCommon.IsRealmMatchIncludingEmpty(authServer.Realm, authMetadata.Realm)) { writeError(new TaskException(Strings.ErrorPidRealmDifferentFromMetadata(authMetadata.ServiceName, authMetadata.Realm, authServer.IssuerIdentifier, authServer.Realm)), ErrorCategory.InvalidData, null); } authServer.CertificateBytes = OAuthTaskHelper.InternalCertificateFromBase64String(authMetadata.CertificateStrings, writeError); authServer.TokenIssuingEndpoint = authMetadata.IssuingEndpoint; authServer.AuthorizationEndpoint = authMetadata.AuthorizationEndpoint; }
public static void FetchAuthMetadata(PartnerApplication partnerApplication, bool trustSslCert, bool updatePidOrRealmOrIssuer, Task.TaskWarningLoggingDelegate writeWarning, Task.TaskErrorLoggingDelegate writeError) { if (partnerApplication == null) { throw new ArgumentNullException("partnerApplication"); } if (writeWarning == null) { throw new ArgumentNullException("writeWarning"); } if (writeError == null) { throw new ArgumentNullException("writeError"); } AuthMetadata authMetadata = OAuthTaskHelper.FetchAuthMetadata(partnerApplication.AuthMetadataUrl, trustSslCert, false, writeWarning, writeError); if (updatePidOrRealmOrIssuer) { partnerApplication.ApplicationIdentifier = authMetadata.ServiceName; partnerApplication.IssuerIdentifier = authMetadata.Issuer; partnerApplication.Realm = authMetadata.Realm; } else if (!OAuthCommon.IsIdMatch(partnerApplication.ApplicationIdentifier, authMetadata.ServiceName) || !OAuthCommon.IsRealmMatchIncludingEmpty(partnerApplication.Realm, authMetadata.Realm) || !string.Equals(partnerApplication.IssuerIdentifier, authMetadata.Issuer)) { writeError(new TaskException(Strings.ErrorPidRealmIssuerDifferentFromMetadata(authMetadata.ServiceName, authMetadata.Realm, authMetadata.Issuer, partnerApplication.ApplicationIdentifier, partnerApplication.Realm, partnerApplication.IssuerIdentifier)), ErrorCategory.InvalidData, null); } partnerApplication.CertificateBytes = OAuthTaskHelper.InternalCertificateFromBase64String(authMetadata.CertificateStrings, writeError); }
private AuthMetadata FetchMetadata(string name, string metadataUrl, bool requireIssuingEndpoint) { AuthMetadata result = null; Uri uri = null; if (!Uri.TryCreate(metadataUrl, UriKind.Absolute, out uri)) { this.Context.Logger.LogTerseEvent(MigrationEventType.Error, MSExchangeAuthAdminEventLogConstants.Tuple_InvalidMetadataUrl, new string[] { metadataUrl, name }); return(null); } try { result = AuthMetadataClient.AcquireMetadata(metadataUrl, requireIssuingEndpoint, this.TrustAnySSLCertificate, true); } catch (AuthMetadataClientException ex) { this.Context.Logger.LogTerseEvent(MigrationEventType.Error, MSExchangeAuthAdminEventLogConstants.Tuple_TransientException, new string[] { AnchorLogger.GetDiagnosticInfo(ex, null) }); } catch (AuthMetadataParserException ex2) { this.Context.Logger.LogTerseEvent(MigrationEventType.Error, MSExchangeAuthAdminEventLogConstants.Tuple_CorruptMetadata, new string[] { AnchorLogger.GetDiagnosticInfo(ex2, null), metadataUrl, name }); } catch (Exception ex3) { this.Context.Logger.LogTerseEvent(MigrationEventType.Error, MSExchangeAuthAdminEventLogConstants.Tuple_UnableToAccessMetadata, new string[] { AnchorLogger.GetDiagnosticInfo(ex3, null), metadataUrl, name }); } return(result); }
private bool ProcessAuthServer(AuthServer authServer) { bool result = false; AuthMetadata authMetadata = this.FetchMetadata(authServer.Name, authServer.AuthMetadataUrl, true); if (authMetadata == null) { return(false); } AuthMetadataParser.SetEndpointsIfWSFed(authMetadata, authServer.Type, authServer.AuthMetadataUrl); if (!OAuthCommon.IsIdMatch(authServer.IssuerIdentifier, authMetadata.ServiceName) || !OAuthCommon.IsRealmMatchIncludingEmpty(authServer.Realm, authMetadata.Realm) || string.IsNullOrEmpty(authMetadata.IssuingEndpoint) || ((authServer.Type == AuthServerType.AzureAD || authServer.Type == AuthServerType.ADFS) && string.IsNullOrEmpty(authMetadata.AuthorizationEndpoint))) { this.Context.Logger.LogTerseEvent(MigrationEventType.Error, MSExchangeAuthAdminEventLogConstants.Tuple_InvalidTrustedIssuerChanges, new string[] { authServer.Name, authServer.AuthMetadataUrl }); return(false); } if (string.Compare(authServer.TokenIssuingEndpoint, authMetadata.IssuingEndpoint, StringComparison.OrdinalIgnoreCase) != 0) { result = true; authServer.TokenIssuingEndpoint = authMetadata.IssuingEndpoint; } if ((authServer.Type == AuthServerType.AzureAD || authServer.Type == AuthServerType.ADFS) && string.Compare(authServer.AuthorizationEndpoint, authMetadata.AuthorizationEndpoint, StringComparison.OrdinalIgnoreCase) != 0) { result = true; authServer.AuthorizationEndpoint = authMetadata.AuthorizationEndpoint; } MultiValuedProperty <byte[]> multiValuedProperty = null; if (this.ProcessCertificates(authServer.Name, authServer.CertificateBytes, authMetadata.CertificateStrings, out multiValuedProperty) && multiValuedProperty != null) { result = true; authServer.CertificateBytes = multiValuedProperty; } return(result); }