public static void ThrowIfTpdDoesNotIncludeTemplates(TrustedDocDomain tpd, Guid externalDirectoryOrgId)
{
if (tpd.m_astrRightsTemplates == null)
{
throw new ImportTpdException(string.Format("RMS Online returned a TPD containing no templates for tenant with external directory organization ID {0}", externalDirectoryOrgId), null);
}
}
private static int CryptoModeFromTpd(TrustedDocDomain tpd)
{
string compressedCerts = RMUtil.CompressSLCCertificateChain(tpd.m_strLicensorCertChain);
XrmlCertificateChain xrmlCertificateChain = RMUtil.DecompressSLCCertificate(compressedCerts);
return(xrmlCertificateChain.GetCryptoMode());
}
public static void ThrowIfTpdDoesNotIncludeSLC(TrustedDocDomain tpd, Guid externalDirectoryOrgId)
{
if (tpd.m_strLicensorCertChain == null)
{
throw new ImportTpdException(string.Format("RMS Online returned a TPD containing no SLC for tenant with external directory organization ID {0}", externalDirectoryOrgId), null);
}
}
public static TrustedDocDomain ConvertFromRmsOnlineTrustedDocDomain(TrustedDocDomain rmsoTPD)
{
RmsUtil.ThrowIfParameterNull(rmsoTPD, "rmsoTPD");
return(new TrustedDocDomain
{
m_ttdki = RmsUtil.ConvertFromRmsOnlineKeyInformation(rmsoTPD.m_ttdki),
m_strLicensorCertChain = rmsoTPD.m_strLicensorCertChain,
m_astrRightsTemplates = rmsoTPD.m_astrRightsTemplates
});
}
public static void ThrowIfSlcCertificateChainInvalid(TrustedDocDomain tpd, string tpdName, out object failureTarget)
{
RmsUtil.ThrowIfParameterNull(tpd, "tpd");
RmsUtil.ThrowIfStringParameterNullOrEmpty(tpdName, "tpdName");
failureTarget = null;
if (tpd.m_strLicensorCertChain == null || tpd.m_strLicensorCertChain.Length == 0 || string.IsNullOrEmpty(tpd.m_strLicensorCertChain[0]))
{
failureTarget = tpdName;
throw new NoSLCCertChainInImportedTrustedPublishingDomainException();
}
}
public static void ThrowIfTpdDoesNotHavePrivateKeyIfInternalLicensingEnabled(TrustedDocDomain tpd, string tpdName, bool internalLicensingEnabled, out object failureTarget)
{
RmsUtil.ThrowIfParameterNull(tpd, "tpd");
RmsUtil.ThrowIfStringParameterNullOrEmpty(tpdName, "tpdName");
RmsUtil.ThrowIfParameterNull(tpd.m_ttdki, "tpd.m_ttdki");
failureTarget = null;
if (internalLicensingEnabled && string.IsNullOrEmpty(tpd.m_ttdki.strEncryptedPrivateKey))
{
failureTarget = tpdName;
throw new NoPrivateKeyInImportedTrustedPublishingDomainException();
}
}
public static void ThrowIfKeyInformationInvalid(TrustedDocDomain tpd, string tpdName, out object failureTarget)
{
RmsUtil.ThrowIfParameterNull(tpd, "tpd");
RmsUtil.ThrowIfStringParameterNullOrEmpty(tpdName, "tpdName");
if (tpd.m_ttdki == null)
{
failureTarget = tpdName;
throw new NoKeyInformationInImportedTrustedPublishingDomainException();
}
RmsUtil.ThrowIfKeyIdInvalid(tpd.m_ttdki, tpdName, out failureTarget);
RmsUtil.ThrowIfKeyTypeInvalid(tpd.m_ttdki, tpdName, out failureTarget);
}
private bool ValidateTpdSuitableForImport(IRMConfiguration irmConfiguration, TrustedDocDomain tpd, RmsOnlineTpdImporter tpdImporter)
{
this.result.SetTask(Strings.InfoCheckingTpdFromRmsOnline);
TpdValidator tpdValidator = new TpdValidator(irmConfiguration.InternalLicensingEnabled, tpdImporter.IntranetLicensingUrl, tpdImporter.ExtranetLicensingUrl, tpdImporter.IntranetCertificationUrl, tpdImporter.ExtranetCertificationUrl, true, true, false);
try
{
object obj;
tpdValidator.ValidateTpdSuitableForImport(tpd, Strings.RmsOnline, out obj, null, null, null, null, null, null);
}
catch (LocalizedException ex)
{
return(this.result.SetFailureResult(Strings.ErrorTpdCheckingFailed, ex, true));
}
return(this.result.SetSuccessResult(Strings.InfoTpdFromRmsOnlineChecked));
}
private static TrustedDocDomain DecryptTrustedDocDomainData(EncryptedTrustedDocDomain encryptedData, SecureString password)
{
IPrivateKeyDecryptor privateKeyDecryptor = new OnPremisePrivateKeyDecryptor(password);
byte[] buffer = null;
try
{
buffer = privateKeyDecryptor.Decrypt(encryptedData.m_strTrustedDocDomainInfo);
}
catch (PrivateKeyDecryptionFailedException innerException)
{
throw new TrustedPublishingDomainParser.ParseFailedException("OnPremisePrivateKeyDecryptor.Decrypt() failed", innerException);
}
TrustedDocDomain result;
using (MemoryStream memoryStream = new MemoryStream(buffer))
{
try
{
SafeXmlSerializer safeXmlSerializer = new SafeXmlSerializer(typeof(ArrayList), new Type[]
{
typeof(TrustedDocDomain[])
});
ArrayList arrayList = safeXmlSerializer.Deserialize(memoryStream) as ArrayList;
if (arrayList == null || arrayList.Count != 1)
{
throw new TrustedPublishingDomainParser.ParseFailedException("DecryptedTPD_NoORMoreThanOneElements");
}
TrustedDocDomain trustedDocDomain = arrayList[0] as TrustedDocDomain;
if (trustedDocDomain == null)
{
throw new TrustedPublishingDomainParser.ParseFailedException("DecryptedTPD_NotOfType_TrustedDocDomain");
}
trustedDocDomain.m_ttdki.strEncryptedPrivateKey = encryptedData.m_strKeyData;
result = trustedDocDomain;
}
catch (InvalidOperationException innerException2)
{
throw new TrustedPublishingDomainParser.ParseFailedException("DecryptedTPD_XmlDeserializationFailed", innerException2);
}
catch (XmlException innerException3)
{
throw new TrustedPublishingDomainParser.ParseFailedException("DecryptedTPD_XmlDeserializationFailed", innerException3);
}
}
return(result);
}
public static void ThrowIfTpdUsesUnauthorizedCryptoModeOnFips(TrustedDocDomain tpd, string tpdName, out object failureTarget)
{
RmsUtil.ThrowIfParameterNull(tpd, "tpd");
RmsUtil.ThrowIfStringParameterNullOrEmpty(tpdName, "tpdName");
failureTarget = null;
using (RegistryKey registryKey = Registry.LocalMachine.OpenSubKey("System\\CurrentControlSet\\Control\\Lsa\\FIPSAlgorithmPolicy\\", false))
{
object value;
if (registryKey != null && (value = registryKey.GetValue("Enabled")) != null && (int)value == 1)
{
int num = RmsUtil.CryptoModeFromTpd(tpd);
if (num == 1)
{
failureTarget = tpdName;
throw new InvalidFipsCryptoModeInImportedTrustedPublishingDomainException(num);
}
}
}
}
public string ValidateTpdSuitableForImport(TrustedDocDomain tpd, string tpdName, out object failureTarget, IConfigurationSession configurationSession = null, string existingTpdKeyId = null, string existingTpdKeyType = null, Uri existingTpdIntranetLicensingUrl = null, Uri existingTpdExtranetLicensingUrl = null, SecureString tpdFilePassword = null)
{
RmsUtil.ThrowIfParameterNull(tpd, "tpd");
RmsUtil.ThrowIfStringParameterNullOrEmpty(tpdName, "tpdName");
RmsUtil.ThrowIfKeyInformationInvalid(tpd, tpdName, out failureTarget);
RmsUtil.ThrowIfSlcCertificateChainInvalid(tpd, tpdName, out failureTarget);
RmsUtil.ThrowIfTpdCspDoesNotMatchCryptoMode(tpd, tpdName, out failureTarget);
RmsUtil.ThrowIfTpdUsesUnauthorizedCryptoModeOnFips(tpd, tpdName, out failureTarget);
string result;
using (TrustedPublishingDomainPrivateKeyProvider trustedPublishingDomainPrivateKeyProvider = this.CreatePrivateKeyProvider(tpdName, tpd.m_ttdki, tpdFilePassword, out result, out failureTarget))
{
TrustedPublishingDomainImportUtilities tpdImportUtilities = this.CreateTpdImportUtilities(tpd, trustedPublishingDomainPrivateKeyProvider);
RmsUtil.ThrowIfSlcCertificateDoesNotChainToProductionHeirarchyCertificate(tpdImportUtilities, tpdName, out failureTarget);
if (this.refreshTemplatesSwitch)
{
RmsUtil.ThrowIfUrlWasSpecified(this.intranetLicensingUrl, this.refreshTemplatesSwitch, out failureTarget);
RmsUtil.ThrowIfUrlWasSpecified(this.extranetLicensingUrl, this.refreshTemplatesSwitch, out failureTarget);
RmsUtil.ThrowIfUrlWasSpecified(this.intranetCertificationUrl, this.refreshTemplatesSwitch, out failureTarget);
RmsUtil.ThrowIfUrlWasSpecified(this.extranetCertificationUrl, this.refreshTemplatesSwitch, out failureTarget);
RmsUtil.ThrowIfDefaultWasSpecified(this.defaultSwitch, out failureTarget);
RmsUtil.ThrowIfImportedKeyIdAndTypeDoNotMatchExistingTPD(tpdName, tpd.m_ttdki.strID, existingTpdKeyId, out failureTarget);
RmsUtil.ThrowIfImportedKeyIdAndTypeDoNotMatchExistingTPD(tpdName, tpd.m_ttdki.strIDType, existingTpdKeyType, out failureTarget);
}
else
{
RmsUtil.ThrowIfTpdDoesNotHavePrivateKeyIfInternalLicensingEnabled(tpd, tpdName, this.internalLicensingEnabled, out failureTarget);
if (!this.rmsOnlineSwitch)
{
RmsUtil.ThrowIfImportedTPDsKeyIdIsNotUnique(configurationSession, tpd.m_ttdki.strID, tpd.m_ttdki.strIDType, out failureTarget);
}
RmsUtil.ThrowIfIsNotWellFormedRmServiceUrl(this.intranetLicensingUrl, out failureTarget);
RmsUtil.ThrowIfIsNotWellFormedRmServiceUrl(this.extranetLicensingUrl, out failureTarget);
RmsUtil.ThrowIfIsNotWellFormedRmServiceUrl(this.intranetCertificationUrl, out failureTarget);
RmsUtil.ThrowIfIsNotWellFormedRmServiceUrl(this.extranetCertificationUrl, out failureTarget);
}
RmsUtil.ThrowIfRightsTemplatesInvalid(tpd.m_astrRightsTemplates, tpdName, tpdImportUtilities, this.refreshTemplatesSwitch ? existingTpdIntranetLicensingUrl : this.intranetLicensingUrl, this.refreshTemplatesSwitch ? existingTpdExtranetLicensingUrl : this.extranetLicensingUrl, out failureTarget);
}
return(result);
}
public static void ThrowIfTpdCspDoesNotMatchCryptoMode(TrustedDocDomain tpd, string tpdName, out object failureTarget)
{
RmsUtil.ThrowIfParameterNull(tpd, "tpd");
RmsUtil.ThrowIfStringParameterNullOrEmpty(tpdName, "tpdName");
failureTarget = null;
int cryptoMode = RmsUtil.CryptoModeFromTpd(tpd);
RmsUtil.CSP_TYPE csp_TYPE;
if (!RmsUtil.TryCspEnumFromInteger(tpd.m_ttdki.nCSPType, out csp_TYPE))
{
failureTarget = tpdName;
throw new InvalidCspForCryptoModeInImportedTrustedPublishingDomainException(csp_TYPE.ToString(), cryptoMode);
}
switch (cryptoMode)
{
case 1:
if (csp_TYPE != RmsUtil.CSP_TYPE.PROV_RSA_FULL && csp_TYPE != RmsUtil.CSP_TYPE.PROV_RSA_AES)
{
failureTarget = tpdName;
throw new InvalidCspForCryptoModeInImportedTrustedPublishingDomainException(csp_TYPE.ToString(), cryptoMode);
}
break;
case 2:
if (csp_TYPE != RmsUtil.CSP_TYPE.PROV_RSA_AES)
{
failureTarget = tpdName;
throw new InvalidCspForCryptoModeInImportedTrustedPublishingDomainException(csp_TYPE.ToString(), cryptoMode);
}
break;
default:
failureTarget = tpdName;
throw new InvalidCspForCryptoModeInImportedTrustedPublishingDomainException(csp_TYPE.ToString(), cryptoMode);
}
}
private bool ValidateTPDCanBeObtainedFromRMSOnline(RmsOnlineTpdImporter tpdImporter, out TrustedDocDomain tpd)
{
tpd = null;
this.result.SetTask(Strings.InfoImportingTpdFromRmsOnline);
bool flag;
try
{
Guid externalDirectoryOrgIdThrowOnFailure = this.rmsOnlineGuidOverride;
if (Guid.Empty == externalDirectoryOrgIdThrowOnFailure)
{
externalDirectoryOrgIdThrowOnFailure = RmsUtil.GetExternalDirectoryOrgIdThrowOnFailure(this.configurationSession, this.organizationId);
}
tpd = tpdImporter.Import(externalDirectoryOrgIdThrowOnFailure);
if (tpd.m_astrRightsTemplates.Length == 0)
{
flag = this.result.SetSuccessResult(Strings.InfoImportingTpdFromRmsOnlineCheckedNoTemplates);
}
else
{
flag = this.result.SetSuccessResult(Strings.InfoImportingTpdFromRmsOnlineCheckedWithTemplates(RmsUtil.TemplateNamesFromTemplateArray(tpd.m_astrRightsTemplates)));
}
}
catch (ImportTpdException ex)
{
flag = this.result.SetFailureResult(Strings.ErrorImportingTpdFromRmsOnline, ex, true);
}
return(flag);
}
protected virtual TrustedPublishingDomainImportUtilities CreateTpdImportUtilities(TrustedDocDomain tpd, TrustedPublishingDomainPrivateKeyProvider privateKeyProvider)
{
return(RmsUtil.CreateTpdImportUtilities(new XrmlCertificateChain(tpd.m_strLicensorCertChain), privateKeyProvider));
}
