internal static List <ChainValidityStatus> ValidateCertificates(List <string> trustedCertificateList, List <string> certificateChainList, List <string> certificateList, bool checkCRL, int hashCodeForTracing, MailboxLogger mailboxLogger, bool againstADConfiguration, string organizationId)
{
X509Store trustedStore = CertificateManager.AddChainCertsToStore(trustedCertificateList, hashCodeForTracing);
X509Store chainBuildStore = CertificateManager.AddChainCertsToStore(certificateChainList, hashCodeForTracing);
List <ChainValidityStatus> list = new List <ChainValidityStatus>(certificateList.Count);
foreach (string text in certificateList)
{
ChainContext chainContext = null;
try
{
X509Certificate2 certificate = new X509Certificate2(Convert.FromBase64String(text));
ChainValidityStatus item = X509CertificateCollection.ValidateCertificate(certificate, null, X509KeyUsageFlags.NonRepudiation | X509KeyUsageFlags.DigitalSignature, checkCRL, trustedStore, chainBuildStore, ref chainContext, againstADConfiguration, organizationId);
list.Add(item);
}
catch (CryptographicException ex)
{
if (mailboxLogger != null)
{
mailboxLogger.SetData(MailboxLogDataName.ValidateCertCommand_ProcessCommand_Per_Cert_Exception, ex.ToString());
}
AirSyncDiagnostics.TraceError <string, CryptographicException>(ExTraceGlobals.RequestTracer, null, "Failed to validate certificate: '{0}', Error: '{1}'", text, ex);
list.Add((ChainValidityStatus)2148098052U);
}
finally
{
if (chainContext != null)
{
chainContext.Dispose();
}
}
}
return(list);
}
// Token: 0x06001C2B RID: 7211 RVA: 0x0006F6C0 File Offset: 0x0006D8C0
private X509ChainStatusFlags MapChainStatusToChainFlag(ChainValidityStatus status)
{
if (status <= (ChainValidityStatus)2148081683U)
{
switch (status)
{
case ChainValidityStatus.Valid:
return(X509ChainStatusFlags.NoError);
case ChainValidityStatus.ValidSelfSigned:
return(X509ChainStatusFlags.NoError);
case ChainValidityStatus.EmptyCertificate:
return(X509ChainStatusFlags.PartialChain);
case ChainValidityStatus.SubjectMismatch:
return(X509ChainStatusFlags.InvalidNameConstraints);
default:
switch (status)
{
case (ChainValidityStatus)2148081680U:
return(X509ChainStatusFlags.Revoked);
case (ChainValidityStatus)2148081682U:
return(X509ChainStatusFlags.RevocationStatusUnknown);
case (ChainValidityStatus)2148081683U:
return(X509ChainStatusFlags.OfflineRevocation);
}
break;
}
}
else
{
if (status == (ChainValidityStatus)2148098052U)
{
return(X509ChainStatusFlags.NotSignatureValid);
}
if (status == (ChainValidityStatus)2148098073U)
{
return(X509ChainStatusFlags.InvalidBasicConstraints);
}
switch (status)
{
case (ChainValidityStatus)2148204801U:
return(X509ChainStatusFlags.NotTimeValid);
case (ChainValidityStatus)2148204802U:
return(X509ChainStatusFlags.NotTimeNested);
case (ChainValidityStatus)2148204803U:
return(X509ChainStatusFlags.InvalidBasicConstraints);
case (ChainValidityStatus)2148204806U:
return(X509ChainStatusFlags.NotValidForUsage);
case (ChainValidityStatus)2148204809U:
return(X509ChainStatusFlags.UntrustedRoot);
case (ChainValidityStatus)2148204810U:
return(X509ChainStatusFlags.InvalidBasicConstraints);
case (ChainValidityStatus)2148204812U:
return(X509ChainStatusFlags.Revoked);
case (ChainValidityStatus)2148204813U:
return(X509ChainStatusFlags.UntrustedRoot);
case (ChainValidityStatus)2148204814U:
return(X509ChainStatusFlags.RevocationStatusUnknown);
case (ChainValidityStatus)2148204815U:
return(X509ChainStatusFlags.InvalidNameConstraints);
case (ChainValidityStatus)2148204816U:
return(X509ChainStatusFlags.NotValidForUsage);
}
}
return(X509ChainStatusFlags.RevocationStatusUnknown);
}
private void CheckCertificateChainAndCacheProps()
{
if (this.status != CertificateStatus.Unknown)
{
return;
}
if (!string.IsNullOrEmpty(this.CertificateRequest))
{
this.status = CertificateStatus.PendingRequest;
this.selfSigned = false;
this.rootCAType = CertificateAuthorityType.Unknown;
return;
}
this.privateKeyExportable = TlsCertificateInfo.IsCertificateExportable(this);
ChainPolicyParameters options = new BaseChainPolicyParameters(ChainPolicyOptions.None);
ChainMatchIssuer pkixKpServerAuth = AndChainMatchIssuer.PkixKpServerAuth;
ChainBuildParameter parameter = new ChainBuildParameter(pkixKpServerAuth, TimeSpan.FromSeconds(30.0), false, TimeSpan.Zero);
using (ChainEngine chainEngine = new ChainEngine())
{
using (ChainContext chainContext = chainEngine.Build(this, ChainBuildOptions.CacheEndCert | ChainBuildOptions.RevocationCheckChainExcludeRoot | ChainBuildOptions.RevocationAccumulativeTimeout, parameter))
{
if (chainContext == null)
{
this.status = CertificateStatus.Unknown;
this.selfSigned = false;
this.rootCAType = CertificateAuthorityType.Unknown;
}
else
{
this.selfSigned = chainContext.IsSelfSigned;
if (chainContext.Status == TrustStatus.IsUntrustedRoot)
{
if (chainContext.IsSelfSigned)
{
this.status = CertificateStatus.Valid;
this.rootCAType = CertificateAuthorityType.None;
}
else
{
this.status = CertificateStatus.Untrusted;
this.rootCAType = CertificateAuthorityType.Unknown;
}
}
else
{
ChainSummary chainSummary = chainContext.Validate(options);
ChainValidityStatus chainValidityStatus = chainSummary.Status;
if (chainValidityStatus <= (ChainValidityStatus)2148081683U)
{
if (chainValidityStatus == ChainValidityStatus.Valid)
{
this.status = CertificateStatus.Valid;
goto IL_168;
}
switch (chainValidityStatus)
{
case (ChainValidityStatus)2148081682U:
case (ChainValidityStatus)2148081683U:
break;
default:
goto IL_15A;
}
}
else
{
if (chainValidityStatus == (ChainValidityStatus)2148204801U)
{
this.status = CertificateStatus.DateInvalid;
goto IL_168;
}
switch (chainValidityStatus)
{
case (ChainValidityStatus)2148204812U:
this.status = CertificateStatus.Revoked;
goto IL_168;
case (ChainValidityStatus)2148204813U:
goto IL_15A;
case (ChainValidityStatus)2148204814U:
break;
default:
goto IL_15A;
}
}
this.status = CertificateStatus.RevocationCheckFailure;
goto IL_168;
IL_15A:
this.status = CertificateStatus.Invalid;
this.rootCAType = CertificateAuthorityType.Unknown;
IL_168:
if (this.status != CertificateStatus.Invalid)
{
X509Certificate2 rootCertificate = chainContext.RootCertificate;
if (rootCertificate == null)
{
throw new InvalidOperationException("Root certificate was null!");
}
this.rootCAType = ExchangeCertificate.RootSource(rootCertificate.Thumbprint);
}
}
}
}
}
}
// Token: 0x0600185E RID: 6238 RVA: 0x0008F0B8 File Offset: 0x0008D2B8
private string CheckStatus(ChainValidityStatus status)
{
if (status <= (ChainValidityStatus)2148081683U)
{
switch (status)
{
case ChainValidityStatus.Valid:
case ChainValidityStatus.ValidSelfSigned:
return("1");
case ChainValidityStatus.EmptyCertificate:
return("10");
default:
switch (status)
{
case (ChainValidityStatus)2148081680U:
return("13");
case (ChainValidityStatus)2148081681U:
goto IL_ED;
case (ChainValidityStatus)2148081682U:
break;
case (ChainValidityStatus)2148081683U:
return("14");
default:
goto IL_ED;
}
break;
}
}
else
{
if (status == (ChainValidityStatus)2148098052U)
{
return("3");
}
switch (status)
{
case (ChainValidityStatus)2148204801U:
return("7");
case (ChainValidityStatus)2148204802U:
return("8");
case (ChainValidityStatus)2148204803U:
return("11");
case (ChainValidityStatus)2148204804U:
case (ChainValidityStatus)2148204805U:
case (ChainValidityStatus)2148204807U:
case (ChainValidityStatus)2148204808U:
case (ChainValidityStatus)2148204811U:
goto IL_ED;
case (ChainValidityStatus)2148204806U:
return("9");
case (ChainValidityStatus)2148204809U:
case (ChainValidityStatus)2148204813U:
return("4");
case (ChainValidityStatus)2148204810U:
return("5");
case (ChainValidityStatus)2148204812U:
return("15");
case (ChainValidityStatus)2148204814U:
break;
case (ChainValidityStatus)2148204815U:
return("12");
case (ChainValidityStatus)2148204816U:
return("6");
default:
goto IL_ED;
}
}
return("16");
IL_ED:
AirSyncDiagnostics.TraceDebug <ChainValidityStatus>(ExTraceGlobals.RequestsTracer, this, "Unknown status: '{0}'", status);
return("17");
}
