internal static void ValidateCertificate(ExchangeCertificate certificate, bool skipAutomatedDeploymentChecks) { ExchangeCertificateValidity exchangeCertificateValidity = ManageExchangeCertificate.ValidateExchangeCertificate(certificate, true); if (exchangeCertificateValidity != ExchangeCertificateValidity.Valid) { throw new FederationCertificateInvalidException(Strings.CertificateNotValidForExchange(certificate.Thumbprint, exchangeCertificateValidity.ToString())); } if (string.IsNullOrEmpty(certificate.SubjectKeyIdentifier)) { throw new FederationCertificateInvalidException(Strings.ErrorCertificateNoSKI(certificate.Thumbprint)); } if (!skipAutomatedDeploymentChecks && !certificate.PrivateKeyExportable) { throw new FederationCertificateInvalidException(Strings.ErrorCertificateNotExportable(certificate.Thumbprint)); } if (!string.Equals(certificate.GetKeyAlgorithm(), WellKnownOid.RsaRsa.Value, StringComparison.OrdinalIgnoreCase)) { throw new FederationCertificateInvalidException(Strings.ErrorCertificateNotRSA(certificate.Thumbprint)); } if (TlsCertificateInfo.IsCNGProvider(certificate)) { throw new FederationCertificateInvalidException(Strings.ErrorCertificateNotCAPI(certificate.Thumbprint)); } if ((ExDateTime)certificate.NotAfter < ExDateTime.UtcNow && (ExDateTime)certificate.NotBefore > ExDateTime.UtcNow) { throw new FederationCertificateInvalidException(Strings.ErrorCertificateHasExpired(certificate.Thumbprint)); } }
public static void GetObjectPostAction(DataRow inputRow, DataTable table, DataObjectStore store) { DataRow dataRow = table.Rows[0]; dataRow["ExDTNotAfter"] = ((ExDateTime)((DateTime)dataRow["NotAfter"])).ToShortDateString(); ExchangeCertificate exchangeCertificate = (ExchangeCertificate)store.GetDataObject("ExchangeCertificate"); if (exchangeCertificate != null) { dataRow["SubjectName"] = exchangeCertificate.SubjectName.Name; } }
public static void FindValidCertExistingOnEveryServer(DataRow inputRow, DataTable dataTable, DataObjectStore store) { DataRow dataRow = dataTable.Rows[0]; List <MailCertificate> list = dataRow["MailCertificateOptions"] as List <MailCertificate>; IEnumerable <object> enumerable = store.GetDataObject("ExchangeCertificates") as IEnumerable <object>; if (list == null) { list = (dataRow["MailCertificateOptions"] = new List <MailCertificate>()); using (IEnumerator <object> enumerator = enumerable.GetEnumerator()) { while (enumerator.MoveNext()) { object obj = enumerator.Current; ExchangeCertificate exchangeCertificate = (ExchangeCertificate)obj; if (HybridConfigurationWizardServiceCodeBehind.IsValidCertificate(exchangeCertificate)) { list.Add(new MailCertificate { FriendlyName = exchangeCertificate.FriendlyName, Thumbprint = exchangeCertificate.Thumbprint, Issuer = exchangeCertificate.Issuer, Subject = exchangeCertificate.Subject }); } } return; } } IEnumerable <string> source = from cert in enumerable where HybridConfigurationWizardServiceCodeBehind.IsValidCertificate((ExchangeCertificate)cert) select((ExchangeCertificate)cert).Thumbprint; for (int i = list.Count - 1; i >= 0; i--) { if (!source.Contains(list[i].Thumbprint)) { list.RemoveAt(i); } } }
// Token: 0x0600000B RID: 11 RVA: 0x00002C20 File Offset: 0x00000E20 private void VerifyCertificateExpiration(ExchangeCertificate certificate) { if (certificate.NotAfter.CompareTo(DateTime.UtcNow) <= 0) { string message = string.Format("Certificate {0} has expired.", certificate.Thumbprint); Servicelet.Tracer.TraceError((long)this.GetHashCode(), message); this.eventLogger.LogEvent(MSExchangeCertificateDeploymentEventLogConstants.Tuple_CertificateExpired, certificate.Thumbprint, new object[] { certificate.Thumbprint }); return; } if (certificate.NotAfter.Subtract(DateTime.UtcNow).CompareTo(Servicelet.CertificateExpirationThreshold) <= 0) { string message2 = string.Format("Certificate {0} will expire in less than 15 days.", certificate.Thumbprint); Servicelet.Tracer.TraceWarning((long)this.GetHashCode(), message2); this.eventLogger.LogEvent(MSExchangeCertificateDeploymentEventLogConstants.Tuple_CertificateNearingExpiry, certificate.Thumbprint, new object[] { certificate.Thumbprint }); } }
public static void AddCertificates(DataRow inputRow, DataTable dataTable, DataObjectStore store) { List <MailCertificate> list = new List <MailCertificate>(); IEnumerable <object> enumerable = store.GetDataObject("ExchangeCertificates") as IEnumerable <object>; foreach (object obj in enumerable) { ExchangeCertificate exchangeCertificate = (ExchangeCertificate)obj; if (HybridConfigurationWizardServiceCodeBehind.IsValidCertificate(exchangeCertificate)) { list.Add(new MailCertificate { FriendlyName = exchangeCertificate.FriendlyName, Thumbprint = exchangeCertificate.Thumbprint, Subject = exchangeCertificate.Subject, Issuer = exchangeCertificate.Issuer }); } } DataRow dataRow = dataTable.NewRow(); dataTable.Rows.Add(dataRow); dataRow["MailCertificateOptions"] = list; }
internal static FederationTrustCertificateState TestForCertificate(string serverName, string thumbprint, out ExchangeCertificate cert) { if (string.IsNullOrEmpty(serverName)) { throw new ArgumentNullException("serverName"); } if (string.IsNullOrEmpty(thumbprint)) { throw new ArgumentNullException("thumbprint"); } cert = null; ExchangeCertificateRpc exchangeCertificateRpc = new ExchangeCertificateRpc(); exchangeCertificateRpc.GetByThumbprint = thumbprint; ExchangeCertificateRpcVersion exchangeCertificateRpcVersion = ExchangeCertificateRpcVersion.Version1; FederationTrustCertificateState federationTrustCertificateState = FederationTrustCertificateState.NotInstalled; byte[] outputBlob = null; try { byte[] inBlob = exchangeCertificateRpc.SerializeInputParameters(ExchangeCertificateRpcVersion.Version2); ExchangeCertificateRpcClient2 exchangeCertificateRpcClient = new ExchangeCertificateRpcClient2(serverName); outputBlob = exchangeCertificateRpcClient.GetCertificate2(0, inBlob); exchangeCertificateRpcVersion = ExchangeCertificateRpcVersion.Version2; } catch (RpcException) { exchangeCertificateRpcVersion = ExchangeCertificateRpcVersion.Version1; } if (exchangeCertificateRpcVersion == ExchangeCertificateRpcVersion.Version1) { try { byte[] inBlob2 = exchangeCertificateRpc.SerializeInputParameters(exchangeCertificateRpcVersion); ExchangeCertificateRpcClient exchangeCertificateRpcClient2 = new ExchangeCertificateRpcClient(serverName); outputBlob = exchangeCertificateRpcClient2.GetCertificate(0, inBlob2); } catch (RpcException) { federationTrustCertificateState = FederationTrustCertificateState.ServerUnreachable; } } if (federationTrustCertificateState != FederationTrustCertificateState.ServerUnreachable) { ExchangeCertificateRpc exchangeCertificateRpc2 = new ExchangeCertificateRpc(exchangeCertificateRpcVersion, null, outputBlob); if (exchangeCertificateRpc2.ReturnCertList != null && exchangeCertificateRpc2.ReturnCertList.Count == 1) { federationTrustCertificateState = FederationTrustCertificateState.Installed; cert = exchangeCertificateRpc2.ReturnCertList[0]; } } return(federationTrustCertificateState); }
public Certificate(ExchangeCertificate certificate) { this.certificate = certificate; }
private static bool IsValidCertificate(ExchangeCertificate cert) { return(!cert.IsSelfSigned && cert.Status == CertificateStatus.Valid); }