private bool ProcessPartnerApplication(PartnerApplication partnerApplication)
{
bool result = false;
AuthMetadata authMetadata = this.FetchMetadata(partnerApplication.Name, partnerApplication.AuthMetadataUrl, false);
if (authMetadata == null)
{
return(false);
}
if (!OAuthCommon.IsIdMatch(partnerApplication.ApplicationIdentifier, authMetadata.ServiceName) || !OAuthCommon.IsRealmMatchIncludingEmpty(partnerApplication.Realm, authMetadata.Realm) || !string.Equals(partnerApplication.IssuerIdentifier, authMetadata.Issuer))
{
this.Context.Logger.LogTerseEvent(MigrationEventType.Error, MSExchangeAuthAdminEventLogConstants.Tuple_InvalidTrustedIssuerChanges, new string[]
{
partnerApplication.Name,
partnerApplication.AuthMetadataUrl
});
return(false);
}
MultiValuedProperty <byte[]> multiValuedProperty = null;
if (this.ProcessCertificates(partnerApplication.Name, partnerApplication.CertificateBytes, authMetadata.CertificateStrings, out multiValuedProperty) && multiValuedProperty != null)
{
result = true;
partnerApplication.CertificateBytes = multiValuedProperty;
}
return(result);
}
private static AuthMetadata FetchAuthMetadata(string authMetadataUrl, bool trustSslCert, bool requireIssuingEndpoint, Task.TaskWarningLoggingDelegate writeWarning, Task.TaskErrorLoggingDelegate writeError)
{
try
{
Uri uri = new Uri(authMetadataUrl);
if (uri.Scheme != Uri.UriSchemeHttps)
{
writeWarning(Strings.WarningMetadataNotOverHttps(authMetadataUrl));
}
}
catch (ArgumentNullException)
{
writeError(new TaskException(Strings.ErrorInvalidMetadataUrl(authMetadataUrl)), ErrorCategory.InvalidArgument, null);
}
catch (UriFormatException)
{
writeError(new TaskException(Strings.ErrorInvalidMetadataUrl(authMetadataUrl)), ErrorCategory.InvalidArgument, null);
}
AuthMetadata result = null;
try
{
result = AuthMetadataClient.AcquireMetadata(authMetadataUrl, requireIssuingEndpoint, trustSslCert, true);
}
catch (AuthMetadataClientException exception)
{
writeError(exception, ErrorCategory.ResourceUnavailable, null);
}
catch (AuthMetadataParserException exception2)
{
writeError(exception2, ErrorCategory.ParserError, null);
}
return(result);
}
public static void FetchAuthMetadata(AuthServer authServer, bool trustSslCert, bool updateIdRealm, Task.TaskWarningLoggingDelegate writeWarning, Task.TaskErrorLoggingDelegate writeError)
{
if (authServer == null)
{
throw new ArgumentNullException("authServer");
}
if (writeWarning == null)
{
throw new ArgumentNullException("writeWarning");
}
if (writeError == null)
{
throw new ArgumentNullException("writeError");
}
AuthMetadata authMetadata = OAuthTaskHelper.FetchAuthMetadata(authServer.AuthMetadataUrl, trustSslCert, true, writeWarning, writeError);
AuthMetadataParser.SetEndpointsIfWSFed(authMetadata, authServer.Type, authServer.AuthMetadataUrl);
if (updateIdRealm)
{
authServer.IssuerIdentifier = authMetadata.ServiceName;
authServer.Realm = authMetadata.Realm;
}
else if (!OAuthCommon.IsIdMatch(authServer.IssuerIdentifier, authMetadata.ServiceName) || !OAuthCommon.IsRealmMatchIncludingEmpty(authServer.Realm, authMetadata.Realm))
{
writeError(new TaskException(Strings.ErrorPidRealmDifferentFromMetadata(authMetadata.ServiceName, authMetadata.Realm, authServer.IssuerIdentifier, authServer.Realm)), ErrorCategory.InvalidData, null);
}
authServer.CertificateBytes = OAuthTaskHelper.InternalCertificateFromBase64String(authMetadata.CertificateStrings, writeError);
authServer.TokenIssuingEndpoint = authMetadata.IssuingEndpoint;
authServer.AuthorizationEndpoint = authMetadata.AuthorizationEndpoint;
}
public static void FetchAuthMetadata(PartnerApplication partnerApplication, bool trustSslCert, bool updatePidOrRealmOrIssuer, Task.TaskWarningLoggingDelegate writeWarning, Task.TaskErrorLoggingDelegate writeError)
{
if (partnerApplication == null)
{
throw new ArgumentNullException("partnerApplication");
}
if (writeWarning == null)
{
throw new ArgumentNullException("writeWarning");
}
if (writeError == null)
{
throw new ArgumentNullException("writeError");
}
AuthMetadata authMetadata = OAuthTaskHelper.FetchAuthMetadata(partnerApplication.AuthMetadataUrl, trustSslCert, false, writeWarning, writeError);
if (updatePidOrRealmOrIssuer)
{
partnerApplication.ApplicationIdentifier = authMetadata.ServiceName;
partnerApplication.IssuerIdentifier = authMetadata.Issuer;
partnerApplication.Realm = authMetadata.Realm;
}
else if (!OAuthCommon.IsIdMatch(partnerApplication.ApplicationIdentifier, authMetadata.ServiceName) || !OAuthCommon.IsRealmMatchIncludingEmpty(partnerApplication.Realm, authMetadata.Realm) || !string.Equals(partnerApplication.IssuerIdentifier, authMetadata.Issuer))
{
writeError(new TaskException(Strings.ErrorPidRealmIssuerDifferentFromMetadata(authMetadata.ServiceName, authMetadata.Realm, authMetadata.Issuer, partnerApplication.ApplicationIdentifier, partnerApplication.Realm, partnerApplication.IssuerIdentifier)), ErrorCategory.InvalidData, null);
}
partnerApplication.CertificateBytes = OAuthTaskHelper.InternalCertificateFromBase64String(authMetadata.CertificateStrings, writeError);
}
private AuthMetadata FetchMetadata(string name, string metadataUrl, bool requireIssuingEndpoint)
{
AuthMetadata result = null;
Uri uri = null;
if (!Uri.TryCreate(metadataUrl, UriKind.Absolute, out uri))
{
this.Context.Logger.LogTerseEvent(MigrationEventType.Error, MSExchangeAuthAdminEventLogConstants.Tuple_InvalidMetadataUrl, new string[]
{
metadataUrl,
name
});
return(null);
}
try
{
result = AuthMetadataClient.AcquireMetadata(metadataUrl, requireIssuingEndpoint, this.TrustAnySSLCertificate, true);
}
catch (AuthMetadataClientException ex)
{
this.Context.Logger.LogTerseEvent(MigrationEventType.Error, MSExchangeAuthAdminEventLogConstants.Tuple_TransientException, new string[]
{
AnchorLogger.GetDiagnosticInfo(ex, null)
});
}
catch (AuthMetadataParserException ex2)
{
this.Context.Logger.LogTerseEvent(MigrationEventType.Error, MSExchangeAuthAdminEventLogConstants.Tuple_CorruptMetadata, new string[]
{
AnchorLogger.GetDiagnosticInfo(ex2, null),
metadataUrl,
name
});
}
catch (Exception ex3)
{
this.Context.Logger.LogTerseEvent(MigrationEventType.Error, MSExchangeAuthAdminEventLogConstants.Tuple_UnableToAccessMetadata, new string[]
{
AnchorLogger.GetDiagnosticInfo(ex3, null),
metadataUrl,
name
});
}
return(result);
}
private bool ProcessAuthServer(AuthServer authServer)
{
bool result = false;
AuthMetadata authMetadata = this.FetchMetadata(authServer.Name, authServer.AuthMetadataUrl, true);
if (authMetadata == null)
{
return(false);
}
AuthMetadataParser.SetEndpointsIfWSFed(authMetadata, authServer.Type, authServer.AuthMetadataUrl);
if (!OAuthCommon.IsIdMatch(authServer.IssuerIdentifier, authMetadata.ServiceName) || !OAuthCommon.IsRealmMatchIncludingEmpty(authServer.Realm, authMetadata.Realm) || string.IsNullOrEmpty(authMetadata.IssuingEndpoint) || ((authServer.Type == AuthServerType.AzureAD || authServer.Type == AuthServerType.ADFS) && string.IsNullOrEmpty(authMetadata.AuthorizationEndpoint)))
{
this.Context.Logger.LogTerseEvent(MigrationEventType.Error, MSExchangeAuthAdminEventLogConstants.Tuple_InvalidTrustedIssuerChanges, new string[]
{
authServer.Name,
authServer.AuthMetadataUrl
});
return(false);
}
if (string.Compare(authServer.TokenIssuingEndpoint, authMetadata.IssuingEndpoint, StringComparison.OrdinalIgnoreCase) != 0)
{
result = true;
authServer.TokenIssuingEndpoint = authMetadata.IssuingEndpoint;
}
if ((authServer.Type == AuthServerType.AzureAD || authServer.Type == AuthServerType.ADFS) && string.Compare(authServer.AuthorizationEndpoint, authMetadata.AuthorizationEndpoint, StringComparison.OrdinalIgnoreCase) != 0)
{
result = true;
authServer.AuthorizationEndpoint = authMetadata.AuthorizationEndpoint;
}
MultiValuedProperty <byte[]> multiValuedProperty = null;
if (this.ProcessCertificates(authServer.Name, authServer.CertificateBytes, authMetadata.CertificateStrings, out multiValuedProperty) && multiValuedProperty != null)
{
result = true;
authServer.CertificateBytes = multiValuedProperty;
}
return(result);
}
