internal static LocalizedString UpdateActiveDirectory(X509Certificate2 certificate, IConfigurationSession systemConfiguration, Server server, List <LocalizedString> warningList, bool allowConfirmation) { X509Certificate2 internalTransportCertificate = ExchangeCertificate.GetInternalTransportCertificate(server); if (internalTransportCertificate != null) { if (string.Equals(internalTransportCertificate.Thumbprint, certificate.Thumbprint, StringComparison.OrdinalIgnoreCase)) { return(LocalizedString.Empty); } if (allowConfirmation) { return(Strings.ConfirmOverwriteInternalTransportCertificate(internalTransportCertificate.Thumbprint, internalTransportCertificate.NotAfter, certificate.Thumbprint, certificate.NotAfter)); } } server.InternalTransportCertificate = certificate.Export(X509ContentType.SerializedCert); systemConfiguration.Save(server); if (server.IsHubTransportServer) { ManageExchangeCertificate.ReEncryptEdgeSyncCredentials(server, internalTransportCertificate, certificate); systemConfiguration.Save(server); } else if (server.IsEdgeServer && warningList != null) { warningList.Add(Strings.InternalTransportCertificateUpdatedOnEdge); } return(LocalizedString.Empty); }
internal static void AddUniqueDomainIfValid(IList <string> domains, string name) { if (ManageExchangeCertificate.IsDomainValidForCertificate(name) && !domains.Contains(name)) { domains.Add(name); } }
private LocalizedString GetWhatIfMessage() { this.inputParams.CreateWhatIf = true; ExchangeCertificateRpcVersion exchangeCertificateRpcVersion = ExchangeCertificateRpcVersion.Version1; byte[] outputBlob = null; try { byte[] inBlob = this.inputParams.SerializeInputParameters(ExchangeCertificateRpcVersion.Version2); ExchangeCertificateRpcClient2 exchangeCertificateRpcClient = new ExchangeCertificateRpcClient2(this.serverObject.Name); outputBlob = exchangeCertificateRpcClient.CreateCertificate2(0, inBlob); exchangeCertificateRpcVersion = ExchangeCertificateRpcVersion.Version2; } catch (RpcException) { exchangeCertificateRpcVersion = ExchangeCertificateRpcVersion.Version1; } if (exchangeCertificateRpcVersion == ExchangeCertificateRpcVersion.Version1) { try { byte[] inBlob2 = this.inputParams.SerializeInputParameters(exchangeCertificateRpcVersion); ExchangeCertificateRpcClient exchangeCertificateRpcClient2 = new ExchangeCertificateRpcClient(this.serverObject.Name); outputBlob = exchangeCertificateRpcClient2.CreateCertificate(0, inBlob2); } catch (RpcException e) { ManageExchangeCertificate.WriteRpcError(e, this.serverObject.Name, new Task.TaskErrorLoggingDelegate(base.WriteError)); } } ExchangeCertificateRpc exchangeCertificateRpc = new ExchangeCertificateRpc(exchangeCertificateRpcVersion, null, outputBlob); this.inputParams.CreateWhatIf = false; return(exchangeCertificateRpc.ReturnConfirmation); }
private static void SetUMCertificate(X509Certificate2 cert, Server server, IConfigurationSession dataSession, bool allowConfirmation, Dictionary <AllowedServices, LocalizedString> confirmationStrings, List <LocalizedString> warningList) { UMServer umserver = new UMServer(server); if (!server.IsUnifiedMessagingServer) { throw new UMRoleNotInstalledException(cert.Thumbprint, server.Name); } if (umserver.UMStartupMode == UMStartupMode.TCP) { throw new CannotAssignCertificateToUMException(cert.Thumbprint); } if (CertificateUtils.IsExpired(cert)) { throw new CertificateExpiredException(cert.Thumbprint); } if (allowConfirmation) { confirmationStrings[AllowedServices.UM] = Strings.ConfirmEnableCertForUM(cert.Thumbprint); return; } bool flag = false; if (string.IsNullOrEmpty(umserver.UMCertificateThumbprint)) { flag = true; } ManageExchangeCertificate.CopyCertToRootStoreIfNeeded(cert, server); umserver.UMCertificateThumbprint = cert.Thumbprint; dataSession.Save(server); if (warningList != null && flag) { warningList.Add(Strings.ExchangeCertificateUpdatedForUM(server.Name)); } }
internal static void WriteRpcError(RpcException e, string server, Task.TaskErrorLoggingDelegate errorHandler) { LocalizedException exception; ErrorCategory category; ManageExchangeCertificate.ProcessRpcError(e, server, out exception, out category); errorHandler(exception, category, null); }
internal static void ThrowLocalizedException(RpcException e, string server) { LocalizedException ex; ErrorCategory errorCategory; ManageExchangeCertificate.ProcessRpcError(e, server, out ex, out errorCategory); throw ex; }
protected override void InternalProcessRecord() { base.InternalProcessRecord(); if (base.HasErrors) { return; } ExchangeCertificateRpc exchangeCertificateRpc = new ExchangeCertificateRpc(); exchangeCertificateRpc.ExportByThumbprint = this.Thumbprint; exchangeCertificateRpc.ExportBinary = this.BinaryEncoded; ExchangeCertificateRpcVersion exchangeCertificateRpcVersion = ExchangeCertificateRpcVersion.Version1; byte[] outputBlob = null; try { byte[] inBlob = exchangeCertificateRpc.SerializeInputParameters(ExchangeCertificateRpcVersion.Version2); ExchangeCertificateRpcClient2 exchangeCertificateRpcClient = new ExchangeCertificateRpcClient2(this.serverObject.Name); outputBlob = exchangeCertificateRpcClient.ExportCertificate2(0, inBlob, this.Password); exchangeCertificateRpcVersion = ExchangeCertificateRpcVersion.Version2; } catch (RpcException) { exchangeCertificateRpcVersion = ExchangeCertificateRpcVersion.Version1; } if (exchangeCertificateRpcVersion == ExchangeCertificateRpcVersion.Version1) { try { byte[] inBlob2 = exchangeCertificateRpc.SerializeInputParameters(exchangeCertificateRpcVersion); ExchangeCertificateRpcClient exchangeCertificateRpcClient2 = new ExchangeCertificateRpcClient(this.serverObject.Name); outputBlob = exchangeCertificateRpcClient2.ExportCertificate(0, inBlob2, this.Password); } catch (RpcException e) { ManageExchangeCertificate.WriteRpcError(e, this.serverObject.Name, new Task.TaskErrorLoggingDelegate(base.WriteError)); } } ExchangeCertificateRpc exchangeCertificateRpc2 = new ExchangeCertificateRpc(exchangeCertificateRpcVersion, null, outputBlob); ExchangeCertificateRpc.OutputTaskMessages(this.serverObject, exchangeCertificateRpc2, new Task.TaskWarningLoggingDelegate(this.WriteWarning), new Task.TaskErrorLoggingDelegate(base.WriteError)); if (this.BinaryEncoded) { base.WriteObject(new BinaryFileDataObject { FileData = exchangeCertificateRpc2.ReturnExportFileData }); } else { base.WriteObject(exchangeCertificateRpc2.ReturnExportBase64); } if (!string.IsNullOrEmpty(this.FileName)) { this.WriteCertiricate(exchangeCertificateRpc2); } }
internal static void EnsureValidExchangeCertificate(X509Certificate2 cert, bool ignoreAccessible) { ExchangeCertificateValidity exchangeCertificateValidity = ManageExchangeCertificate.ValidateExchangeCertificate(cert, ignoreAccessible); if (exchangeCertificateValidity != ExchangeCertificateValidity.Valid) { throw new CertificateNotValidForExchangeException(cert.Thumbprint, exchangeCertificateValidity.ToString()); } }
protected override void InternalProcessRecord() { base.InternalProcessRecord(); if (base.HasErrors) { return; } ExchangeCertificateRpc exchangeCertificateRpc = new ExchangeCertificateRpc(); exchangeCertificateRpc.RemoveByThumbprint = this.Thumbprint; ExchangeCertificateRpcVersion exchangeCertificateRpcVersion = ExchangeCertificateRpcVersion.Version1; byte[] outputBlob = null; try { byte[] inBlob = exchangeCertificateRpc.SerializeInputParameters(ExchangeCertificateRpcVersion.Version2); ExchangeCertificateRpcClient2 exchangeCertificateRpcClient = new ExchangeCertificateRpcClient2(this.serverObject.Name); outputBlob = exchangeCertificateRpcClient.RemoveCertificate2(0, inBlob); exchangeCertificateRpcVersion = ExchangeCertificateRpcVersion.Version2; } catch (RpcException) { exchangeCertificateRpcVersion = ExchangeCertificateRpcVersion.Version1; } if (exchangeCertificateRpcVersion == ExchangeCertificateRpcVersion.Version1) { try { byte[] inBlob2 = exchangeCertificateRpc.SerializeInputParameters(exchangeCertificateRpcVersion); ExchangeCertificateRpcClient exchangeCertificateRpcClient2 = new ExchangeCertificateRpcClient(this.serverObject.Name); outputBlob = exchangeCertificateRpcClient2.RemoveCertificate(0, inBlob2); } catch (RpcException e) { ManageExchangeCertificate.WriteRpcError(e, this.serverObject.Name, new Task.TaskErrorLoggingDelegate(base.WriteError)); } } ExchangeCertificateRpc exchangeCertificateRpc2 = new ExchangeCertificateRpc(exchangeCertificateRpcVersion, null, outputBlob); ExchangeCertificateRpc.OutputTaskMessages(this.serverObject, exchangeCertificateRpc2, new Task.TaskWarningLoggingDelegate(this.WriteWarning), new Task.TaskErrorLoggingDelegate(base.WriteError)); if (string.IsNullOrEmpty(exchangeCertificateRpc2.ReturnTaskErrorString)) { AsyncOperationNotificationDataProvider.RemoveNotification(base.CurrentOrganizationId, this.serverObject.Fqdn + "\\" + this.Thumbprint, false); } }
protected override void InternalValidate() { base.InternalValidate(); if (base.HasErrors) { return; } GetExchangeCertificate.PrepareParameters(this); this.serverObject = (Server)base.GetDataObject <Server>(this.Server, base.DataSession, null, new LocalizedString?(Strings.ErrorServerNotFound((string)this.Server)), new LocalizedString?(Strings.ErrorServerNotUnique((string)this.Server))); if (!this.serverObject.IsE14OrLater) { base.WriteError(new ArgumentException(Strings.RemoteCertificateExchangeVersionNotSupported(this.serverObject.Name)), ErrorCategory.InvalidArgument, null); } if (!string.IsNullOrEmpty(this.Thumbprint)) { this.Thumbprint = ManageExchangeCertificate.UnifyThumbprintFormat(this.Thumbprint); } }
protected void EnableForServices(X509Certificate2 cert, AllowedServices services) { try { ManageExchangeCertificate.EnableForServices(cert, services, this.webSiteName, !this.DoNotRequireSsl, (ITopologyConfigurationSession)base.DataSession, this.localServer, null, false, this.NetworkServiceAllowed); } catch (IISNotInstalledException) { base.WriteError(new ArgumentException(Strings.IISNotInstalled, "Services"), ErrorCategory.InvalidArgument, null); } catch (InvalidOperationException exception) { base.WriteError(exception, ErrorCategory.ObjectNotFound, null); } catch (LocalizedException exception2) { base.WriteError(exception2, ErrorCategory.NotSpecified, null); } }
protected override void InternalValidate() { base.InternalValidate(); if (base.HasErrors) { return; } GetExchangeCertificate.PrepareParameters(this); this.serverObject = (Server)base.GetDataObject <Server>(this.Server, base.DataSession, null, new LocalizedString?(Strings.ErrorServerNotFound((string)this.Server)), new LocalizedString?(Strings.ErrorServerNotUnique((string)this.Server))); if (!this.serverObject.IsE14OrLater) { base.WriteError(new ArgumentException(Strings.RemoteCertificateExchangeVersionNotSupported(this.serverObject.Name)), ErrorCategory.InvalidArgument, null); } base.VerifyIsWithinScopes(DirectorySessionFactory.Default.GetTenantOrTopologyConfigurationSession(ConsistencyMode.PartiallyConsistent, ADSessionSettings.FromCustomScopeSet(base.ScopeSet, ADSystemConfigurationSession.GetRootOrgContainerId(this.DomainController, null), base.CurrentOrganizationId, base.ExecutingUserOrganizationId, true), 186, "InternalValidate", "f:\\15.00.1497\\sources\\dev\\Management\\src\\Management\\SystemConfigurationTasks\\MessageSecurity\\ExchangeCertificate\\EnableExchangeCertificate.cs"), this.serverObject, true, new DataAccessTask <Server> .ADObjectOutOfScopeString(Strings.ErrorServerOutOfScope)); if (!string.IsNullOrEmpty(this.Thumbprint)) { this.Thumbprint = ManageExchangeCertificate.UnifyThumbprintFormat(this.Thumbprint); } }
public static void ValidateCertificate(ExchangeCertificate certificate, DateTime?futurePublishDate, bool skipAutomatedDeploymentChecks, Task.TaskErrorLoggingDelegate writeError) { if (writeError == null) { throw new ArgumentNullException("writeError"); } if (certificate == null) { return; } try { ExchangeCertificateValidity exchangeCertificateValidity = ManageExchangeCertificate.ValidateExchangeCertificate(certificate, true); if (exchangeCertificateValidity != ExchangeCertificateValidity.Valid) { writeError(new TaskException(Strings.CertificateNotValidForExchange(certificate.Thumbprint, exchangeCertificateValidity.ToString())), ErrorCategory.InvalidArgument, null); } if (!skipAutomatedDeploymentChecks && !certificate.PrivateKeyExportable) { writeError(new TaskException(Strings.ErrorCertificateNotExportable(certificate.Thumbprint)), ErrorCategory.InvalidArgument, null); } if ((ExDateTime)certificate.NotAfter < ExDateTime.UtcNow) { writeError(new TaskException(Strings.ErrorCertificateHasExpired(certificate.Thumbprint)), ErrorCategory.InvalidArgument, null); } if ((ExDateTime)certificate.NotBefore > ExDateTime.UtcNow) { writeError(new TaskException(Strings.ErrorCertificateNotYetValid(certificate.Thumbprint)), ErrorCategory.InvalidArgument, null); } if (futurePublishDate != null && futurePublishDate != null && (ExDateTime)certificate.NotAfter <= (ExDateTime)futurePublishDate.Value.ToUniversalTime()) { writeError(new TaskException(Strings.ErrorAuthNewCertificateExpire(certificate.Thumbprint)), ErrorCategory.InvalidArgument, null); } } catch (CryptographicException innerException) { writeError(new TaskException(Strings.ErrorFailedToValidateCertificate(certificate.Thumbprint), innerException), ErrorCategory.InvalidArgument, null); } }
protected override void InternalValidate() { bool flag = false; try { this.localServer = ManageExchangeCertificate.FindLocalServer((ITopologyConfigurationSession)this.ConfigurationSession); } catch (LocalServerNotFoundException) { flag = true; } if (flag || !ManageExchangeCertificate.IsServerRoleSupported(this.localServer)) { base.WriteError(new RoleDoesNotSupportExchangeCertificateTasksException(), ErrorCategory.InvalidOperation, null); } ManageExchangeCertificate.AddUniqueDomainIfValid(this.rawDomains, ComputerInformation.DnsHostName); ManageExchangeCertificate.AddUniqueDomainIfValid(this.rawDomains, ComputerInformation.DnsPhysicalHostName); ManageExchangeCertificate.AddUniqueDomainIfValid(this.rawDomains, ComputerInformation.DnsFullyQualifiedDomainName); ManageExchangeCertificate.AddUniqueDomainIfValid(this.rawDomains, ComputerInformation.DnsPhysicalFullyQualifiedDomainName); this.subjectName = TlsCertificateInfo.GetDefaultSubjectName(this.rawDomains); }
private static void WarnIfNotBestMatch(ExchangeCertificate certificate, IConfigurationSession session, Server server, List <LocalizedString> warningList) { if (warningList == null) { return; } X509Store x509Store = new X509Store(StoreName.My, StoreLocation.LocalMachine); try { x509Store.Open(OpenFlags.ReadOnly); using (ChainEngine chainEngine = new ChainEngine()) { IEnumerable <ManageExchangeCertificate.FqdnConnectors> connectorFQDNs = ManageExchangeCertificate.GetConnectorFQDNs(session, server); foreach (ManageExchangeCertificate.FqdnConnectors fqdnConnectors in connectorFQDNs) { X509Certificate2 x509Certificate; if (ManageExchangeCertificate.CertificateHasLowerPrecedence(x509Store, chainEngine, fqdnConnectors.Fqdn, certificate, out x509Certificate)) { if (!new ExchangeCertificate(x509Certificate).IsSelfSigned) { warningList.Add(Strings.WarnCertificateWillNotBeUsedBestIsPKI(x509Certificate.Thumbprint, fqdnConnectors.Fqdn, fqdnConnectors.Connectors)); } else { warningList.Add(Strings.WarnCertificateWillNotBeUsed(x509Certificate.Thumbprint, fqdnConnectors.Fqdn, fqdnConnectors.Connectors)); } } } } } finally { if (x509Store != null) { x509Store.Close(); } } }
private void ProcessRequestResults(ExchangeCertificate certificate, string request) { if (this.BinaryEncoded) { BinaryFileDataObject binaryFileDataObject = new BinaryFileDataObject(); binaryFileDataObject.FileData = Convert.FromBase64String(request); base.WriteObject(binaryFileDataObject); if (this.GenerateRequest && !string.IsNullOrEmpty(this.RequestFile)) { this.WriteRequest(binaryFileDataObject.FileData, string.Empty); return; } } else { string text = ManageExchangeCertificate.WrapCertificateRequestWithPemTags(request); base.WriteObject(text); if (this.GenerateRequest && !string.IsNullOrEmpty(this.RequestFile)) { this.WriteRequest(null, text); } } }
protected override void InternalProcessRecord() { X509Certificate2 x509Certificate = null; if (!string.IsNullOrEmpty(this.thumbprint)) { this.thumbprint = ManageExchangeCertificate.UnifyThumbprintFormat(this.thumbprint); x509Certificate = this.FindCertificate(this.thumbprint); if (x509Certificate == null) { base.WriteError(new ArgumentException(Strings.CertificateNotFound(this.thumbprint), "Thumbprint"), ErrorCategory.InvalidArgument, this.thumbprint); } } else { AllowedServices allowedServices = this.Services; if (allowedServices != AllowedServices.IIS && allowedServices != (AllowedServices.IMAP | AllowedServices.POP | AllowedServices.IIS)) { if (allowedServices != AllowedServices.SMTP) { return; } } else { x509Certificate = this.FindIisCertificate(); } if (x509Certificate == null && this.Services != AllowedServices.SMTP) { try { x509Certificate = InstallExchangeCertificate.GetDefaultCertificate(); } catch (ArgumentException exception) { base.WriteError(exception, ErrorCategory.InvalidData, null); return; } } if (x509Certificate == null) { if (!this.rawDomains.Any <string>()) { base.WriteError(new UnableToResolveValidDomainExchangeCertificateTasksException(ComputerInformation.DnsHostName, ComputerInformation.DnsPhysicalHostName, ComputerInformation.DnsFullyQualifiedDomainName, ComputerInformation.DnsPhysicalFullyQualifiedDomainName), ErrorCategory.InvalidOperation, null); } try { x509Certificate = this.GenerateSelfSignedCertificate(); } catch (CryptographicException exception2) { base.WriteError(exception2, ErrorCategory.InvalidOperation, null); } } if (x509Certificate != null && this.InstallInTrustedRootCAIfSelfSigned && TlsCertificateInfo.IsSelfSignedCertificate(x509Certificate)) { TlsCertificateInfo.TryInstallCertificateInTrustedRootCA(x509Certificate); } } base.WriteVerbose(Strings.CertificateInformation(x509Certificate.Issuer, x509Certificate.NotBefore, x509Certificate.NotAfter, x509Certificate.Subject)); if ((DateTime)ExDateTime.Now < x509Certificate.NotBefore || (DateTime)ExDateTime.Now > x509Certificate.NotAfter) { base.WriteError(new CryptographicException(Strings.CertificateStatusDateInvalid), ErrorCategory.InvalidData, null); } try { this.EnableForServices(x509Certificate, this.Services); } catch (IISNotInstalledException) { base.WriteError(new ArgumentException(Strings.IISNotInstalled, "Services"), ErrorCategory.InvalidArgument, null); } catch (InvalidOperationException exception3) { base.WriteError(exception3, ErrorCategory.ObjectNotFound, null); } }
internal static Dictionary <AllowedServices, LocalizedString> EnableForServices(X509Certificate2 cert, AllowedServices services, bool requireSsl, ITopologyConfigurationSession dataSession, Server server, List <LocalizedString> warningList, bool allowConfirmation, bool forceNetworkService) { return(ManageExchangeCertificate.EnableForServices(cert, services, null, requireSsl, dataSession, server, warningList, allowConfirmation, forceNetworkService)); }
protected override void InternalProcessRecord() { base.InternalProcessRecord(); if (base.HasErrors) { return; } ExchangeCertificateRpcVersion exchangeCertificateRpcVersion = ExchangeCertificateRpcVersion.Version1; byte[] outputBlob = null; try { byte[] inBlob = this.inputParams.SerializeInputParameters(ExchangeCertificateRpcVersion.Version2); ExchangeCertificateRpcClient2 exchangeCertificateRpcClient = new ExchangeCertificateRpcClient2(this.serverObject.Name); outputBlob = exchangeCertificateRpcClient.CreateCertificate2(0, inBlob); exchangeCertificateRpcVersion = ExchangeCertificateRpcVersion.Version2; } catch (RpcException) { exchangeCertificateRpcVersion = ExchangeCertificateRpcVersion.Version1; } if (exchangeCertificateRpcVersion == ExchangeCertificateRpcVersion.Version1) { try { byte[] inBlob2 = this.inputParams.SerializeInputParameters(ExchangeCertificateRpcVersion.Version1); ExchangeCertificateRpcClient exchangeCertificateRpcClient2 = new ExchangeCertificateRpcClient(this.serverObject.Name); outputBlob = exchangeCertificateRpcClient2.CreateCertificate(0, inBlob2); } catch (RpcException e) { ManageExchangeCertificate.WriteRpcError(e, this.serverObject.Name, new Task.TaskErrorLoggingDelegate(base.WriteError)); } } ExchangeCertificateRpc exchangeCertificateRpc = new ExchangeCertificateRpc(exchangeCertificateRpcVersion, null, outputBlob); ExchangeCertificateRpc.OutputTaskMessages(this.serverObject, exchangeCertificateRpc, new Task.TaskWarningLoggingDelegate(this.WriteWarning), new Task.TaskErrorLoggingDelegate(base.WriteError)); if (this.GenerateRequest) { this.ProcessRequestResults(exchangeCertificateRpc.ReturnCert, exchangeCertificateRpc.ReturnCertRequest); return; } if (exchangeCertificateRpc.ReturnConfirmationList != null) { foreach (KeyValuePair <AllowedServices, LocalizedString> keyValuePair in exchangeCertificateRpc.ReturnConfirmationList) { if (base.ShouldContinue(keyValuePair.Value)) { ExchangeCertificateRpc exchangeCertificateRpc2 = new ExchangeCertificateRpc(); exchangeCertificateRpc2.EnableAllowConfirmation = false; exchangeCertificateRpc2.EnableServices = keyValuePair.Key; AllowedServices key = keyValuePair.Key; if (key == AllowedServices.SMTP) { exchangeCertificateRpc2.EnableUpdateAD = true; } exchangeCertificateRpc2.EnableByThumbprint = exchangeCertificateRpc.ReturnCert.Thumbprint; try { byte[] inBlob3 = exchangeCertificateRpc2.SerializeInputParameters(exchangeCertificateRpcVersion); if (exchangeCertificateRpcVersion == ExchangeCertificateRpcVersion.Version1) { ExchangeCertificateRpcClient exchangeCertificateRpcClient3 = new ExchangeCertificateRpcClient(this.serverObject.Name); outputBlob = exchangeCertificateRpcClient3.EnableCertificate(0, inBlob3); } else { ExchangeCertificateRpcClient2 exchangeCertificateRpcClient4 = new ExchangeCertificateRpcClient2(this.serverObject.Name); outputBlob = exchangeCertificateRpcClient4.EnableCertificate2(0, inBlob3); } exchangeCertificateRpc.ReturnCert.Services |= keyValuePair.Key; } catch (RpcException e2) { ManageExchangeCertificate.WriteRpcError(e2, this.serverObject.Name, new Task.TaskErrorLoggingDelegate(base.WriteError)); } ExchangeCertificateRpc outputValues = new ExchangeCertificateRpc(exchangeCertificateRpcVersion, null, outputBlob); ExchangeCertificateRpc.OutputTaskMessages(this.serverObject, outputValues, new Task.TaskWarningLoggingDelegate(this.WriteWarning), new Task.TaskErrorLoggingDelegate(base.WriteError)); } } } exchangeCertificateRpc.ReturnCert.Identity = this.serverObject.Fqdn + "\\" + exchangeCertificateRpc.ReturnCert.Thumbprint; base.WriteObject(exchangeCertificateRpc.ReturnCert); }
protected override void InternalProcessRecord() { base.InternalProcessRecord(); if (base.HasErrors) { return; } ExchangeCertificateRpc exchangeCertificateRpc = new ExchangeCertificateRpc(); string text; if (this.FileData != null) { text = ImportExchangeCertificate.RemoveBase64HeaderFooter(CertificateEnroller.ToBase64String(this.FileData)); } else if (this.Instance != null) { text = ImportExchangeCertificate.RemoveBase64HeaderFooter(string.Join(null, this.Instance)); } else { text = ImportExchangeCertificate.RemoveBase64HeaderFooter(CertificateEnroller.ToBase64String(this.GetFileData(this.FileName))); } if (text.Length == 0) { base.WriteError(new ImportCertificateDataInvalidException(), ErrorCategory.ReadError, 0); } exchangeCertificateRpc.ImportCert = text; exchangeCertificateRpc.ImportDescription = this.FriendlyName; exchangeCertificateRpc.ImportExportable = this.PrivateKeyExportable; ExchangeCertificateRpcVersion exchangeCertificateRpcVersion = ExchangeCertificateRpcVersion.Version1; byte[] outputBlob = null; try { byte[] inBlob = exchangeCertificateRpc.SerializeInputParameters(ExchangeCertificateRpcVersion.Version2); ExchangeCertificateRpcClient2 exchangeCertificateRpcClient = new ExchangeCertificateRpcClient2(this.serverObject.Name); outputBlob = exchangeCertificateRpcClient.ImportCertificate2(0, inBlob, this.Password); exchangeCertificateRpcVersion = ExchangeCertificateRpcVersion.Version2; } catch (RpcException) { exchangeCertificateRpcVersion = ExchangeCertificateRpcVersion.Version1; } if (exchangeCertificateRpcVersion == ExchangeCertificateRpcVersion.Version1) { try { byte[] inBlob2 = exchangeCertificateRpc.SerializeInputParameters(exchangeCertificateRpcVersion); ExchangeCertificateRpcClient exchangeCertificateRpcClient2 = new ExchangeCertificateRpcClient(this.serverObject.Name); outputBlob = exchangeCertificateRpcClient2.ImportCertificate(0, inBlob2, this.Password); } catch (RpcException e) { ManageExchangeCertificate.WriteRpcError(e, this.serverObject.Name, new Task.TaskErrorLoggingDelegate(base.WriteError)); } } ExchangeCertificateRpc exchangeCertificateRpc2 = new ExchangeCertificateRpc(exchangeCertificateRpcVersion, null, outputBlob); ExchangeCertificateRpc.OutputTaskMessages(this.serverObject, exchangeCertificateRpc2, new Task.TaskWarningLoggingDelegate(this.WriteWarning), new Task.TaskErrorLoggingDelegate(base.WriteError)); if (exchangeCertificateRpc2.ReturnCert != null) { exchangeCertificateRpc2.ReturnCert.Identity = this.serverObject.Fqdn + "\\" + exchangeCertificateRpc2.ReturnCert.Thumbprint; } base.WriteObject(exchangeCertificateRpc2.ReturnCert); }
internal static Dictionary <AllowedServices, LocalizedString> EnableForServices(X509Certificate2 cert, AllowedServices services, string websiteName, bool requireSsl, ITopologyConfigurationSession dataSession, Server server, List <LocalizedString> warningList, bool allowConfirmation, bool forceNetworkService) { Dictionary <AllowedServices, LocalizedString> dictionary = new Dictionary <AllowedServices, LocalizedString>(3); if (dataSession == null) { throw new ArgumentNullException("dataSession"); } if (server == null) { throw new ArgumentNullException("server"); } if ((services & AllowedServices.IIS) != AllowedServices.None) { if (allowConfirmation && !IisUtility.SslRequiredOnTheRoot(null) && requireSsl) { dictionary[AllowedServices.IIS] = Strings.ConfirmEnforceRequireSslOnRoot; } else { IisUtility.SetSslCertificateByName(websiteName, cert, requireSsl); } } if ((services & AllowedServices.POP) != AllowedServices.None || (services & AllowedServices.IMAP) != AllowedServices.None || (services & AllowedServices.SMTP) != AllowedServices.None || forceNetworkService) { AccessRule rule = new CryptoKeyAccessRule(new SecurityIdentifier(WellKnownSidType.NetworkServiceSid, null), CryptoKeyRights.GenericRead, AccessControlType.Allow); try { TlsCertificateInfo.AddAccessRule(cert, rule); } catch (CryptographicException innerException) { throw new AddAccessRuleCryptographicException(cert.Thumbprint, innerException); } catch (ArgumentException innerException2) { throw new AddAccessRuleArgumentException(cert.Thumbprint, innerException2); } catch (UnauthorizedAccessException innerException3) { throw new AddAccessRuleUnauthorizedAccessException(cert.Thumbprint, innerException3); } catch (COMException innerException4) { throw new AddAccessRuleCOMException(cert.Thumbprint, innerException4); } } if ((services & AllowedServices.SMTP) != AllowedServices.None) { ManageExchangeCertificate.WarnIfNotBestMatch(new ExchangeCertificate(cert), dataSession, server, warningList); LocalizedString localizedString = ManageExchangeCertificate.UpdateActiveDirectory(cert, dataSession, server, warningList, allowConfirmation); if (localizedString != LocalizedString.Empty) { dictionary[AllowedServices.SMTP] = localizedString; } } if ((services & AllowedServices.POP) != AllowedServices.None) { ManageExchangeCertificate.SetPop3Certificate(cert, dataSession, warningList); } if ((services & AllowedServices.IMAP) != AllowedServices.None) { ManageExchangeCertificate.SetImap4Certificate(cert, dataSession, warningList); } if ((services & AllowedServices.UM) != AllowedServices.None) { ManageExchangeCertificate.SetUMCertificate(cert, server, dataSession, allowConfirmation, dictionary, warningList); } if ((services & AllowedServices.UMCallRouter) != AllowedServices.None) { ManageExchangeCertificate.SetUMCallRouterCertificate(cert, server, dataSession, allowConfirmation, dictionary, warningList); } if (dictionary.Count <= 0) { return(null); } return(dictionary); }
protected override void InternalProcessRecord() { base.InternalProcessRecord(); if (base.HasErrors) { return; } ExchangeCertificateRpc exchangeCertificateRpc = new ExchangeCertificateRpc(); exchangeCertificateRpc.EnableByThumbprint = this.Thumbprint; exchangeCertificateRpc.EnableServices = this.Services; exchangeCertificateRpc.RequireSsl = !this.DoNotRequireSsl; exchangeCertificateRpc.EnableAllowConfirmation = !this.Force; exchangeCertificateRpc.EnableNetworkService = this.NetworkServiceAllowed; ExchangeCertificateRpcVersion exchangeCertificateRpcVersion = ExchangeCertificateRpcVersion.Version1; byte[] outputBlob = null; try { byte[] inBlob = exchangeCertificateRpc.SerializeInputParameters(ExchangeCertificateRpcVersion.Version2); ExchangeCertificateRpcClient2 exchangeCertificateRpcClient = new ExchangeCertificateRpcClient2(this.serverObject.Name); outputBlob = exchangeCertificateRpcClient.EnableCertificate2(0, inBlob); exchangeCertificateRpcVersion = ExchangeCertificateRpcVersion.Version2; } catch (RpcException) { exchangeCertificateRpcVersion = ExchangeCertificateRpcVersion.Version1; } if (exchangeCertificateRpcVersion == ExchangeCertificateRpcVersion.Version1) { try { byte[] inBlob2 = exchangeCertificateRpc.SerializeInputParameters(exchangeCertificateRpcVersion); ExchangeCertificateRpcClient exchangeCertificateRpcClient2 = new ExchangeCertificateRpcClient(this.serverObject.Name); outputBlob = exchangeCertificateRpcClient2.EnableCertificate(0, inBlob2); } catch (RpcException e) { ManageExchangeCertificate.WriteRpcError(e, this.serverObject.Name, new Task.TaskErrorLoggingDelegate(base.WriteError)); } } ExchangeCertificateRpc exchangeCertificateRpc2 = new ExchangeCertificateRpc(exchangeCertificateRpcVersion, null, outputBlob); ExchangeCertificateRpc.OutputTaskMessages(this.serverObject, exchangeCertificateRpc2, new Task.TaskWarningLoggingDelegate(this.WriteWarning), new Task.TaskErrorLoggingDelegate(base.WriteError)); if (exchangeCertificateRpc2.ReturnConfirmationList != null) { foreach (KeyValuePair <AllowedServices, LocalizedString> keyValuePair in exchangeCertificateRpc2.ReturnConfirmationList) { if (base.ShouldContinue(keyValuePair.Value)) { ExchangeCertificateRpc exchangeCertificateRpc3 = new ExchangeCertificateRpc(); exchangeCertificateRpc3.EnableAllowConfirmation = false; exchangeCertificateRpc3.EnableByThumbprint = this.Thumbprint; exchangeCertificateRpc3.RequireSsl = !this.DoNotRequireSsl; exchangeCertificateRpc3.EnableNetworkService = this.NetworkServiceAllowed; exchangeCertificateRpc3.EnableServices = keyValuePair.Key; AllowedServices key = keyValuePair.Key; if (key == AllowedServices.SMTP) { exchangeCertificateRpc3.EnableUpdateAD = true; } try { byte[] inBlob3 = exchangeCertificateRpc3.SerializeInputParameters(exchangeCertificateRpcVersion); if (exchangeCertificateRpcVersion == ExchangeCertificateRpcVersion.Version1) { ExchangeCertificateRpcClient exchangeCertificateRpcClient3 = new ExchangeCertificateRpcClient(this.serverObject.Name); outputBlob = exchangeCertificateRpcClient3.EnableCertificate(0, inBlob3); } else { ExchangeCertificateRpcClient2 exchangeCertificateRpcClient4 = new ExchangeCertificateRpcClient2(this.serverObject.Name); outputBlob = exchangeCertificateRpcClient4.EnableCertificate2(0, inBlob3); } } catch (RpcException e2) { ManageExchangeCertificate.WriteRpcError(e2, this.serverObject.Name, new Task.TaskErrorLoggingDelegate(base.WriteError)); } exchangeCertificateRpc2 = new ExchangeCertificateRpc(exchangeCertificateRpcVersion, null, outputBlob); ExchangeCertificateRpc.OutputTaskMessages(this.serverObject, exchangeCertificateRpc2, new Task.TaskWarningLoggingDelegate(this.WriteWarning), new Task.TaskErrorLoggingDelegate(base.WriteError)); } } } }
protected override void InternalProcessRecord() { base.InternalProcessRecord(); if (base.HasErrors) { return; } ExchangeCertificateRpc exchangeCertificateRpc = new ExchangeCertificateRpc(); if (this.Instance != null) { exchangeCertificateRpc.GetByCertificate = this.Instance.Export(X509ContentType.SerializedCert); } if (this.DomainName != null && this.DomainName.Count > 0) { exchangeCertificateRpc.GetByDomains = this.DomainName; } if (this.Thumbprint != null) { exchangeCertificateRpc.GetByThumbprint = this.Thumbprint; } ExchangeCertificateRpcVersion exchangeCertificateRpcVersion = ExchangeCertificateRpcVersion.Version1; byte[] outputBlob = null; try { byte[] inBlob = exchangeCertificateRpc.SerializeInputParameters(ExchangeCertificateRpcVersion.Version2); ExchangeCertificateRpcClient2 exchangeCertificateRpcClient = new ExchangeCertificateRpcClient2(this.serverObject.Name); outputBlob = exchangeCertificateRpcClient.GetCertificate2(0, inBlob); exchangeCertificateRpcVersion = ExchangeCertificateRpcVersion.Version2; } catch (RpcException) { exchangeCertificateRpcVersion = ExchangeCertificateRpcVersion.Version1; } if (exchangeCertificateRpcVersion == ExchangeCertificateRpcVersion.Version1) { try { byte[] inBlob2 = exchangeCertificateRpc.SerializeInputParameters(exchangeCertificateRpcVersion); ExchangeCertificateRpcClient exchangeCertificateRpcClient2 = new ExchangeCertificateRpcClient(this.serverObject.Name); outputBlob = exchangeCertificateRpcClient2.GetCertificate(0, inBlob2); } catch (RpcException e) { ManageExchangeCertificate.WriteRpcError(e, this.serverObject.Name, new Task.TaskErrorLoggingDelegate(base.WriteError)); } } ExchangeCertificateRpc exchangeCertificateRpc2 = new ExchangeCertificateRpc(exchangeCertificateRpcVersion, null, outputBlob); ExchangeCertificateRpc.OutputTaskMessages(this.serverObject, exchangeCertificateRpc2, new Task.TaskWarningLoggingDelegate(this.WriteWarning), new Task.TaskErrorLoggingDelegate(base.WriteError)); foreach (ExchangeCertificate exchangeCertificate in exchangeCertificateRpc2.ReturnCertList) { exchangeCertificate.Identity = this.serverObject.Fqdn + "\\" + exchangeCertificate.Thumbprint; if (string.IsNullOrEmpty(exchangeCertificate.FriendlyName)) { exchangeCertificate.FriendlyName = exchangeCertificate.Issuer; } base.WriteObject(exchangeCertificate); } }
private static void SetImap4Certificate(X509Certificate2 cert, ITopologyConfigurationSession dataSession, List <LocalizedString> warningList) { ManageExchangeCertificate.SetPopImapCertificate(cert, PopImapAdConfiguration.FindOne <Imap4AdConfiguration>(dataSession), dataSession, warningList); }
internal static ExchangeCertificateValidity ValidateExchangeCertificate(X509Certificate2 cert, bool ignoreAccessible) { if (cert == null) { throw new ArgumentNullException("cert"); } if (!cert.HasPrivateKey) { return(ExchangeCertificateValidity.PrivateKeyMissing); } string keyAlgorithm = cert.GetKeyAlgorithm(); bool flag = string.Equals(keyAlgorithm, WellKnownOid.X957Sha1Dsa.Value, StringComparison.OrdinalIgnoreCase); if (!string.Equals(keyAlgorithm, WellKnownOid.RsaRsa.Value, StringComparison.OrdinalIgnoreCase) && !flag) { return(ExchangeCertificateValidity.KeyAlgorithmUnsupported); } foreach (X509Extension x509Extension in cert.Extensions) { try { X509KeyUsageExtension x509KeyUsageExtension = x509Extension as X509KeyUsageExtension; if (x509KeyUsageExtension != null) { X509KeyUsageFlags keyUsages = x509KeyUsageExtension.KeyUsages; bool flag2 = false; if (keyUsages == X509KeyUsageFlags.None) { flag2 = true; } else if ((keyUsages & (X509KeyUsageFlags.NonRepudiation | X509KeyUsageFlags.DigitalSignature)) != X509KeyUsageFlags.None) { flag2 = true; } if (!flag2) { return(ExchangeCertificateValidity.SigningNotSupported); } } } catch (CryptographicException) { return(ExchangeCertificateValidity.KeyUsageCorrupted); } try { X509EnhancedKeyUsageExtension x509EnhancedKeyUsageExtension = x509Extension as X509EnhancedKeyUsageExtension; if (x509EnhancedKeyUsageExtension != null && x509EnhancedKeyUsageExtension.EnhancedKeyUsages.Count > 0 && x509EnhancedKeyUsageExtension.EnhancedKeyUsages[WellKnownOid.PkixKpServerAuth.Value] == null) { return(ExchangeCertificateValidity.PkixKpServerAuthNotFoundInEnhancedKeyUsage); } } catch (CryptographicException) { return(ExchangeCertificateValidity.EnhancedKeyUsageCorrupted); } } if (TlsCertificateInfo.IsCNGProvider(cert)) { return(ManageExchangeCertificate.CheckCNGSettings(cert)); } AsymmetricAlgorithm privateKey; try { privateKey = cert.PrivateKey; } catch (CryptographicException) { return(ExchangeCertificateValidity.PrivateKeyNotAccessible); } ICspAsymmetricAlgorithm cspAsymmetricAlgorithm = privateKey as ICspAsymmetricAlgorithm; if (cspAsymmetricAlgorithm == null) { return(ExchangeCertificateValidity.PrivateKeyUnsupportedAlgorithm); } CspKeyContainerInfo cspKeyContainerInfo = cspAsymmetricAlgorithm.CspKeyContainerInfo; if (cspKeyContainerInfo.Protected) { return(ExchangeCertificateValidity.CspKeyContainerInfoProtected); } if (cspKeyContainerInfo.HardwareDevice && cspKeyContainerInfo.Removable) { return(ExchangeCertificateValidity.CspKeyContainerInfoRemovableDevice); } if (!ignoreAccessible && !cspKeyContainerInfo.Accessible) { return(ExchangeCertificateValidity.CspKeyContainerInfoNotAccessible); } switch (cspKeyContainerInfo.KeyNumber) { case KeyNumber.Exchange: case KeyNumber.Signature: { AsymmetricAlgorithm key = cert.PublicKey.Key; if (key.KeySize < 1024) { return(ExchangeCertificateValidity.PublicKeyUnsupportedSize); } return(ExchangeCertificateValidity.Valid); } default: return(ExchangeCertificateValidity.CspKeyContainerInfoUnknownKeyNumber); } }