private void UpdateDelegationTokenRequest(TokenTarget tokenTarget, Uri autodiscoveryEndpoint, IGenericADUser user) { IGenericADUser organizationFederatedMailbox = this.GetOrganizationFederatedMailbox(); this.xropUserFederatedIdentity = user.GetFederatedIdentity(); this.xropUserEmailAddress = user.GetFederatedSmtpAddress().ToString(); if (organizationFederatedMailbox != null) { this.xropTokenRequest = new DelegationTokenRequest { FederatedIdentity = organizationFederatedMailbox.GetFederatedIdentity(), EmailAddress = organizationFederatedMailbox.GetFederatedSmtpAddress().ToString(), Target = tokenTarget, Offer = Offer.XropLogon }; this.autoDiscoveryTokenRequest = new DelegationTokenRequest { FederatedIdentity = organizationFederatedMailbox.GetFederatedIdentity(), EmailAddress = organizationFederatedMailbox.GetFederatedSmtpAddress().ToString(), Target = tokenTarget, Offer = Offer.Autodiscover }; } this.autoDiscoveryEndpoint = autodiscoveryEndpoint; }
private static TokenTarget FromOrganizationRelationship(string domain, OrganizationId organizationId) { OrganizationIdCacheValue organizationIdCacheValue = OrganizationIdCache.Singleton.Get(organizationId); TargetUriResolver.Tracer.TraceDebug <string, OrganizationId>(0L, "Searching for OrganizationRelationship that matches domain {0} in organization {1}", domain, organizationId); OrganizationRelationship organizationRelationship = organizationIdCacheValue.GetOrganizationRelationship(domain); if (organizationRelationship == null) { TargetUriResolver.Tracer.TraceError <string, OrganizationId>(0L, "Found no OrganizationRelationship that matches domain {0} in organization {1}", domain, organizationId); return(null); } if (organizationRelationship.TargetApplicationUri == null) { TargetUriResolver.Tracer.TraceError <string, OrganizationId, ADObjectId>(0L, "Found OrganizationRelationship that matches domain {0} in organization {1}, but it has not TargetApplicationUri. OrganizationRelationship is {2}", domain, organizationId, organizationRelationship.Id); return(null); } TokenTarget tokenTarget = organizationRelationship.GetTokenTarget(); TargetUriResolver.Tracer.TraceDebug(0L, "Found OrganizationRelationship that matches domain {0} in organization {1}. Target is '{2}'. OrganizationRelationship is {3}", new object[] { domain, organizationId, tokenTarget, organizationRelationship.Id }); return(tokenTarget); }
internal TokenTarget GetTokenTarget() { Uri targetApplicationUri = this.TargetApplicationUri; if (targetApplicationUri == null) { throw new OrganizationRelationshipMissingTargetApplicationUriException(); } return(new TokenTarget(TokenTarget.Fix(targetApplicationUri))); }
public static TokenTarget Resolve(string domain, OrganizationId organizationId) { TokenTarget tokenTarget = TargetUriResolver.FromOrganizationRelationship(domain, organizationId); if (tokenTarget != null) { return(tokenTarget); } tokenTarget = TargetUriViaGetFederationInformation.Singleton.Get(domain); if (tokenTarget != null) { return(tokenTarget); } tokenTarget = TargetUriViaSCP.Singleton.Get(domain); if (tokenTarget != null) { return(tokenTarget); } return(null); }
private static void AcquireServerLicensingMexCallback(ICancelableAsyncResult asyncResult) { RmsServerInfoManager.Tracer.TraceDebug(0L, "AcquireServerLicensingMexCallback invoked"); ArgumentValidator.ThrowIfNull("asyncResult", asyncResult); ArgumentValidator.ThrowIfNull("asyncResult.AsyncState", asyncResult.AsyncState); AcquireServerInfoAsyncResult acquireServerInfoAsyncResult = asyncResult.AsyncState as AcquireServerInfoAsyncResult; if (acquireServerInfoAsyncResult == null) { throw new InvalidOperationException("asyncResult.AsyncState has to be type of AcquireServerInfoAsyncResult."); } acquireServerInfoAsyncResult.AddBreadCrumb(Constants.State.AcquireServerLicensingMexCallback); Exception ex = null; try { DownloadResult downloadResult = acquireServerInfoAsyncResult.HttpClient.EndDownload(asyncResult); acquireServerInfoAsyncResult.LatencyTracker.EndTrackRmsLatency(RmsOperationType.AcquireServerLicensingMexData); if (downloadResult.IsSucceeded) { Uri targetUriFromResponse = RmsClientManagerUtils.GetTargetUriFromResponse(downloadResult.ResponseStream); if (targetUriFromResponse == null) { ex = new RightsManagementException(RightsManagementFailureCode.FailedToExtractTargetUriFromMex, ServerStrings.FailedToFindTargetUriFromMExData(acquireServerInfoAsyncResult.ServerLicensingMExUri), acquireServerInfoAsyncResult.LicenseUri.ToString()); } else { acquireServerInfoAsyncResult.ServerInfo.ServerLicensingWSTargetUri = TokenTarget.Fix(targetUriFromResponse); RmsServerInfoManager.serverInfoMap.Add(acquireServerInfoAsyncResult.ServerInfo); } } else { RmsClientManager.TraceFail(null, acquireServerInfoAsyncResult.Context.SystemProbeId, "Failed to download data from server licensing MEx {0}. Exception is {1}", new object[] { acquireServerInfoAsyncResult.ServerLicensingMExUri, downloadResult.Exception }); ex = new RightsManagementException(RightsManagementFailureCode.FailedToDownloadMexData, ServerStrings.FailedToDownloadServerLicensingMExData(downloadResult.ResponseUri), downloadResult.Exception, acquireServerInfoAsyncResult.LicenseUri.ToString()); ((RightsManagementException)ex).IsPermanent = !downloadResult.IsRetryable; } } finally { acquireServerInfoAsyncResult.Release(); } RmsServerInfoManager.Tracer.TraceDebug(0L, "AcquireServiceLocationCallback: Invoking find service location callbacks"); RmsServerInfoManager.outstandingFindServiceLocationCalls.InvokeCallbacks(acquireServerInfoAsyncResult.LicenseUri, ex); }
private static void AcquireCertificationMexCallback(ICancelableAsyncResult asyncResult) { RmsServerInfoManager.Tracer.TraceDebug(0L, "AcquireCertificationMexCallback invoked"); ArgumentValidator.ThrowIfNull("asyncResult", asyncResult); ArgumentValidator.ThrowIfNull("asyncResult.AsyncState", asyncResult.AsyncState); AcquireServerInfoAsyncResult acquireServerInfoAsyncResult = asyncResult.AsyncState as AcquireServerInfoAsyncResult; if (acquireServerInfoAsyncResult == null) { throw new InvalidOperationException("asyncResult.AsyncState has to be type of AcquireServerInfoAsyncResult."); } acquireServerInfoAsyncResult.AddBreadCrumb(Constants.State.AcquireCertificationMexCallback); Exception ex = null; try { DownloadResult downloadResult = acquireServerInfoAsyncResult.HttpClient.EndDownload(asyncResult); acquireServerInfoAsyncResult.LatencyTracker.EndTrackRmsLatency(RmsOperationType.AcquireCertificationMexData); if (downloadResult.IsSucceeded) { Uri targetUriFromResponse = RmsClientManagerUtils.GetTargetUriFromResponse(downloadResult.ResponseStream); if (targetUriFromResponse == null) { ex = new RightsManagementException(RightsManagementFailureCode.FailedToExtractTargetUriFromMex, ServerStrings.FailedToFindTargetUriFromMExData(acquireServerInfoAsyncResult.CertificationMExUri), acquireServerInfoAsyncResult.LicenseUri.ToString()); } else { acquireServerInfoAsyncResult.ServerInfo.CertificationWSTargetUri = TokenTarget.Fix(targetUriFromResponse); acquireServerInfoAsyncResult.AddBreadCrumb(Constants.State.BeginDownloadServerLicensingMexData); WebProxy localServerProxy; try { localServerProxy = RmsClientManagerUtils.GetLocalServerProxy(true); } catch (ExchangeConfigurationException ex2) { ex = ex2; return; } HttpSessionConfig httpSessionConfig = new HttpSessionConfig(); if (localServerProxy != null) { httpSessionConfig.Proxy = localServerProxy; } acquireServerInfoAsyncResult.LatencyTracker.BeginTrackRmsLatency(RmsOperationType.AcquireServerLicensingMexData); acquireServerInfoAsyncResult.HttpClient.BeginDownload(acquireServerInfoAsyncResult.ServerLicensingMExUri, httpSessionConfig, RmsClientManagerUtils.WrapCancellableCallbackWithUnhandledExceptionHandlerAndUpdatePoisonContext(new CancelableAsyncCallback(RmsServerInfoManager.AcquireServerLicensingMexCallback)), acquireServerInfoAsyncResult); } } else { RmsClientManager.TraceFail(null, acquireServerInfoAsyncResult.Context.SystemProbeId, "Failed to download data from certification MEx {0}. Exception is {1}", new object[] { acquireServerInfoAsyncResult.CertificationMExUri, downloadResult.Exception }); ex = new RightsManagementException(RightsManagementFailureCode.FailedToDownloadMexData, ServerStrings.FailedToDownloadCertificationMExData(downloadResult.ResponseUri), downloadResult.Exception, acquireServerInfoAsyncResult.LicenseUri.ToString()); ((RightsManagementException)ex).IsPermanent = !downloadResult.IsRetryable; } } finally { if (ex != null) { acquireServerInfoAsyncResult.Release(); RmsServerInfoManager.Tracer.TraceDebug(0L, "AcquireServiceLocationCallback: Invoking find service location callbacks"); RmsServerInfoManager.outstandingFindServiceLocationCalls.InvokeCallbacks(acquireServerInfoAsyncResult.LicenseUri, ex); } } }
public EncryptionResults Encrypt(IExchangePrincipal mailboxOwner, IRecipientSession recipientSession, ExternalUserCollection externalUserCollection, ValidRecipient[] recipients, string sender, string containerClass, string folderId, IFrontEndLocator frontEndLocator) { SharingDataType sharingDataType = SharingDataType.FromContainerClass(containerClass); if (sharingDataType == null || !sharingDataType.IsExternallySharable) { throw new ArgumentOutOfRangeException("containerClass"); } ADUser aduser = DirectoryHelper.ReadADRecipient(mailboxOwner.MailboxInfo.MailboxGuid, mailboxOwner.MailboxInfo.IsArchive, recipientSession) as ADUser; if (aduser == null) { SharedFolderDataEncryption.Tracer.TraceError <SharedFolderDataEncryption, string>((long)this.GetHashCode(), "{0}: The Active Directory user was not found. Sender={1}.", this, sender); throw new ObjectNotFoundException(ServerStrings.ADUserNotFound); } ProxyAddress item = new SmtpProxyAddress(sender, false); if (!aduser.EmailAddresses.Contains(item)) { SharedFolderDataEncryption.Tracer.TraceError <SharedFolderDataEncryption, string>((long)this.GetHashCode(), "{0}: The SMTP address was not found in the user AD object for this mailbox. Sender={1}.", this, sender); throw new ObjectNotFoundException(ServerStrings.ADUserNotFound); } SharingPolicy sharingPolicy = DirectoryHelper.ReadSharingPolicy(mailboxOwner.MailboxInfo.MailboxGuid, mailboxOwner.MailboxInfo.IsArchive, recipientSession); SharedFolderDataEncryption.Tracer.TraceDebug <SharedFolderDataEncryption, object>((long)this.GetHashCode(), "{0}: Sharing policy to be applied to this user: {1}", this, (sharingPolicy == null) ? "<null>" : sharingPolicy.Id); SharingPolicyAction sharingPolicyActions = SharedFolderDataEncryption.GetSharingPolicyActions(sharingDataType.StoreObjectType); SharedFolderDataRecipient[] externalIdentities = SharedFolderDataEncryption.GetExternalIdentities(externalUserCollection, recipients); List <InvalidRecipient> list = new List <InvalidRecipient>(); Dictionary <TokenTarget, List <SharedFolderDataRecipient> > dictionary = new Dictionary <TokenTarget, List <SharedFolderDataRecipient> >(externalIdentities.Length, SharedFolderDataEncryption.TokenTargetComparer); for (int i = 0; i < recipients.Length; i++) { SharedFolderDataRecipient item2 = externalIdentities[i]; ValidRecipient validRecipient = recipients[i]; SmtpAddress smtpAddress = new SmtpAddress(validRecipient.SmtpAddress); string domain = smtpAddress.Domain; if (sharingPolicy == null || !sharingPolicy.IsAllowedForAnySharing(domain, sharingPolicyActions)) { SharedFolderDataEncryption.Tracer.TraceDebug <string>((long)this.GetHashCode(), "Sharing policy does not allow user to share with domain {0}", domain); list.Add(new InvalidRecipient(validRecipient.SmtpAddress, InvalidRecipientResponseCodeType.SystemPolicyBlocksSharingWithThisRecipient)); } else { SmtpAddress smtpAddress2 = new SmtpAddress(validRecipient.SmtpAddressForEncryption); TokenTarget tokenTarget = TargetUriResolver.Resolve(smtpAddress2.Domain, aduser.OrganizationId); if (tokenTarget == null) { list.Add(new InvalidRecipient(validRecipient.SmtpAddress, InvalidRecipientResponseCodeType.RecipientOrganizationNotFederated)); } else { List <SharedFolderDataRecipient> list2; if (!dictionary.TryGetValue(tokenTarget, out list2)) { list2 = new List <SharedFolderDataRecipient>(1); dictionary.Add(tokenTarget, list2); } list2.Add(item2); } } } List <EncryptedSharedFolderData> list3 = new List <EncryptedSharedFolderData>(dictionary.Count); SharedFolderData sharedFolderData = new SharedFolderData(); sharedFolderData.DataType = sharingDataType.ExternalName; sharedFolderData.FolderId = folderId; sharedFolderData.SharingUrl = this.GetSharingUrl(aduser, frontEndLocator); sharedFolderData.FederationUri = this.externalAuthentication.TokenValidator.TargetUri.ToString(); sharedFolderData.SenderSmtpAddress = sender; DelegationTokenRequest delegationTokenRequest = new DelegationTokenRequest { FederatedIdentity = aduser.GetFederatedIdentity(), EmailAddress = aduser.GetFederatedSmtpAddress(new SmtpAddress(sender)).ToString(), Offer = Offer.SharingInviteMessage }; SecurityTokenService securityTokenService = this.externalAuthentication.GetSecurityTokenService(aduser.OrganizationId); foreach (KeyValuePair <TokenTarget, List <SharedFolderDataRecipient> > keyValuePair in dictionary) { delegationTokenRequest.Target = keyValuePair.Key; sharedFolderData.Recipients = keyValuePair.Value.ToArray(); try { RequestedToken requestedToken = securityTokenService.IssueToken(delegationTokenRequest); list3.Add(this.Encrypt(requestedToken, sharedFolderData)); } catch (WSTrustException ex) { foreach (SharedFolderDataRecipient sharedFolderDataRecipient in sharedFolderData.Recipients) { list.Add(new InvalidRecipient(sharedFolderDataRecipient.SmtpAddress, SharedFolderDataEncryption.GetResponseCodeFromException(ex), ex.ToString())); } } } return(new EncryptionResults(list3.ToArray(), list.ToArray())); }
public SharingInformation(SmtpAddress requestorSmtpAddress, SmtpAddress sharingKey, TokenTarget tokenTarget, WebServiceUri targetSharingEpr, Uri targetAutodiscoverEpr) { this.RequestorSmtpAddress = requestorSmtpAddress; this.SharingKey = sharingKey; this.TokenTarget = tokenTarget; this.TargetSharingEpr = targetSharingEpr; this.TargetAutodiscoverEpr = targetAutodiscoverEpr; this.IsFromIntraOrgConnector = false; }
public ExternalAuthenticationRequest(RequestLogger requestLogger, ExternalAuthentication externalAuthentication, ADUser user, SmtpAddress emailAddress, TokenTarget target, Offer offer) { this.requestLogger = requestLogger; this.user = user; this.emailAddress = emailAddress; this.target = target; this.offer = offer; this.securityTokenService = externalAuthentication.GetSecurityTokenService(user.OrganizationId); }
protected virtual bool TryGetAutodiscoveryEndpoint(IGenericADUser user, string domain, out TokenTarget tokenTarget, out Uri autodiscoveryEndpoint) { tokenTarget = null; autodiscoveryEndpoint = null; OrganizationRelationship organizationRelationship = this.directoryAccessor.GetOrganizationRelationship(user.OrganizationId ?? OrganizationId.ForestWideOrgId, domain); if (this.CheckOrgRelationshipFromRemoteConnection(organizationRelationship, user, domain)) { tokenTarget = organizationRelationship.GetTokenTarget(); autodiscoveryEndpoint = organizationRelationship.TargetAutodiscoverEpr; return(true); } return(false); }