public List <string> Execute()
{
IExtensibleLogger logger = MailboxAssociationDiagnosticsFrameFactory.Default.CreateLogger(this.groupSession.MailboxGuid, this.groupSession.OrganizationId);
IMailboxAssociationPerformanceTracker performanceTracker = MailboxAssociationDiagnosticsFrameFactory.Default.CreatePerformanceTracker(null);
List <string> result;
using (MailboxAssociationDiagnosticsFrameFactory.Default.CreateDiagnosticsFrame("XSO", "PinnersGetter", logger, performanceTracker))
{
StoreBuilder storeBuilder = new StoreBuilder(this.groupSession, XSOFactory.Default, logger, this.groupSession.ClientInfoString);
using (IAssociationStore associationStore = storeBuilder.Create(this.group, performanceTracker))
{
IEnumerable <IPropertyBag> associationsByType = associationStore.GetAssociationsByType("IPM.MailboxAssociation.User", MailboxAssociationBaseSchema.IsPin, PinnersGetter.PinnerProperties);
List <string> list = new List <string>();
foreach (IPropertyBag propertyBag in associationsByType)
{
string text = propertyBag[MailboxAssociationBaseSchema.LegacyDN] as string;
if (text != null)
{
list.Add(text);
}
else
{
PinnersGetter.Tracer.TraceError <string>((long)this.GetHashCode(), "PinnersGetter.Execute: Missing LegacyDn for item with Id {0}.", propertyBag[ItemSchema.Id].ToString());
}
}
result = list;
}
}
return(result);
}
private bool IsGroupMemberInMailboxAssociation()
{
IExtensibleLogger logger = MailboxAssociationDiagnosticsFrameFactory.Default.CreateLogger(this.groupMailboxToLogon.MailboxInfo.MailboxGuid, this.organizationId);
IMailboxAssociationPerformanceTracker performanceTracker = MailboxAssociationDiagnosticsFrameFactory.Default.CreatePerformanceTracker(null);
bool result;
using (MailboxAssociationDiagnosticsFrameFactory.Default.CreateDiagnosticsFrame("XSO", "CheckMembership", logger, performanceTracker))
{
try
{
using (MailboxSession mailboxSession = MailboxSession.OpenAsAdmin(this.groupMailboxToLogon, CultureInfo.InvariantCulture, this.clientInfoString))
{
using (IAssociationStore associationStore = this.GetAssociationStore(mailboxSession, performanceTracker))
{
using (IMailboxAssociationUser memberAssociationInformation = this.GetMemberAssociationInformation(associationStore))
{
result = (memberAssociationInformation != null && (bool)memberAssociationInformation[MailboxAssociationBaseSchema.IsMember]);
}
}
}
}
catch (AssociationNotFoundException)
{
GroupMailboxAuthorizationHandler.Tracer.TraceDebug <string, string>((long)this.GetHashCode(), "MemberRetrieval: Unable to make IsMember() check for the user {0} on the mailbox {1}", this.accessingUserInfo.Identity, this.groupMailboxToLogon.MailboxInfo.DisplayName);
result = false;
}
catch (LocalizedException)
{
GroupMailboxAuthorizationHandler.Tracer.TraceDebug <string, string>((long)this.GetHashCode(), "MemberRetrieval: Unable to make IsMember() check for the user {0} on the mailbox {1}", this.accessingUserInfo.Identity, this.groupMailboxToLogon.MailboxInfo.DisplayName);
result = false;
}
}
return(result);
}
public List <string> Execute()
{
IExtensibleLogger logger = GroupEscalationGetterDiagnosticsFrameFactory.Default.CreateLogger(this.groupSession.MailboxGuid, this.groupSession.OrganizationId);
IMailboxAssociationPerformanceTracker mailboxAssociationPerformanceTracker = GroupEscalationGetterDiagnosticsFrameFactory.Default.CreatePerformanceTracker(null);
List <string> result;
using (GroupEscalationGetterDiagnosticsFrameFactory.Default.CreateDiagnosticsFrame("XSO", "EscalationGetter", logger, mailboxAssociationPerformanceTracker))
{
StoreBuilder storeBuilder = new StoreBuilder(this.groupSession, XSOFactory.Default, logger, this.groupSession.ClientInfoString);
using (IAssociationStore associationStore = storeBuilder.Create(this.group, mailboxAssociationPerformanceTracker))
{
IEnumerable <IPropertyBag> associationsByType = associationStore.GetAssociationsByType("IPM.MailboxAssociation.User", MailboxAssociationBaseSchema.ShouldEscalate, EscalationGetter.EscalateProperties);
List <string> list = new List <string>();
foreach (IPropertyBag propertyBag in associationsByType)
{
string text = propertyBag[MailboxAssociationBaseSchema.LegacyDN] as string;
if (text != null)
{
list.Add(text);
}
else
{
EscalationGetter.Tracer.TraceError <string>((long)this.GetHashCode(), "EscalationGetter.Execute: Missing LegacyDn for item with Id {0}.", propertyBag[ItemSchema.Id].ToString());
}
bool valueOrDefault = associationStore.GetValueOrDefault <bool>(propertyBag, MailboxAssociationBaseSchema.IsAutoSubscribed, false);
if (valueOrDefault)
{
mailboxAssociationPerformanceTracker.IncrementAutoSubscribedMembers();
}
}
result = list;
}
}
return(result);
}
internal GroupMailbox GetGroupMailbox(GroupMailboxLocator group, UserMailboxLocator user, bool loadAllDetails = false)
{
GroupMailbox mailbox;
using (IAssociationStore associationStore = this.storeProviderBuilder.Create(group, this.PerformanceTracker))
{
UserAssociationAdaptor userAssociationAdaptor = new UserAssociationAdaptor(associationStore, this.adSession, group);
MailboxAssociation association = userAssociationAdaptor.GetAssociation(user);
GroupMailboxBuilder groupMailboxBuilder = new GroupMailboxBuilder(group);
groupMailboxBuilder.BuildFromAssociation(association);
if (loadAllDetails)
{
ADUser aduser = group.FindAdUser();
if (aduser == null)
{
GroupMailboxAccessLayer.Tracer.TraceWarning <string>((long)this.GetHashCode(), "GroupMailboxAccessLayer::GetGroupMailbox. Unable to find group. LegacyDN={0}", group.LegacyDn);
throw new MailboxNotFoundException(ServerStrings.ADUserNotFoundId(group.LegacyDn));
}
GroupMailboxAccessLayer.Tracer.TraceDebug <string, bool, string>((long)this.GetHashCode(), "GroupMailboxAccessLayer::GetGroupMailbox. Found ADUser for group. LegacyDN={0}, IsCached={1}, OriginatingServer={2}", group.LegacyDn, aduser.IsCached, aduser.OriginatingServer);
groupMailboxBuilder.BuildFromDirectory(aduser);
}
mailbox = groupMailboxBuilder.Mailbox;
}
return(mailbox);
}
public void ReplicateQueuedAssociations()
{
QueuedInProcessAssociationReplicator.Tracer.TraceDebug((long)this.GetHashCode(), "MailboxTaskProcessor.ReplicateQueuedAssociations: Processing associations.");
ADUser mailboxAdUser = this.mailbox.FindAdUser();
IDiagnosticsFrameFactory <IExtensibleLogger, IMailboxAssociationPerformanceTracker> diagnosticsFrameFactory = this.diagnosticsFrameFactoryCreator();
IMailboxAssociationPerformanceTracker performanceTracker = diagnosticsFrameFactory.CreatePerformanceTracker(null);
IExtensibleLogger logger = diagnosticsFrameFactory.CreateLogger(mailboxAdUser.ExchangeGuid, mailboxAdUser.OrganizationId);
IAssociationReplicator replicator = this.immediateReplicatorCreator(logger, performanceTracker);
using (MailboxAssociationDiagnosticsFrameFactory.Default.CreateDiagnosticsFrame("QueuedInProcessAssociationReplicator", "ReplicateAssociations", logger, performanceTracker))
{
bool inProcessReplicationSucceeded = true;
GroupMailboxAccessLayerHelper.ExecuteOperationWithRetry(logger, "QueuedInProcessAssociationReplicator.ReplicateAssociations", delegate
{
IStoreBuilder storeBuilder = this.storeBuilderCreator(logger, this.clientInfoString);
using (IAssociationStore associationStore = storeBuilder.Create(this.mailbox, performanceTracker))
{
QueuedInProcessAssociationReplicator.Tracer.TraceDebug <string>((long)this.GetHashCode(), "QueuedInProcessAssociationReplicator.ReplicateAssociationsImplementation: Created store provider. Mailbox={0}.", mailboxAdUser.ExternalDirectoryObjectId);
UserAssociationAdaptor masterAdaptor = new UserAssociationAdaptor(associationStore, this.adSession, this.mailbox);
while (this.pendingAssociations.Count > 0)
{
MailboxAssociation association = this.pendingAssociations.Dequeue();
inProcessReplicationSucceeded &= this.ReplicateSingleAssociation(replicator, masterAdaptor, association);
}
if (!inProcessReplicationSucceeded)
{
IReplicationAssistantInvoker replicationAssistantInvoker = this.replicationAssistantInvokerCreator(logger, this.replicationServerFqdn);
replicationAssistantInvoker.Invoke("QueuedInProcessAssociationReplicatorRpcReplication", masterAdaptor, new MailboxAssociation[0]);
}
}
}, new Predicate <Exception>(GrayException.IsGrayException));
}
QueuedInProcessAssociationReplicator.Tracer.TraceDebug((long)this.GetHashCode(), "MailboxTaskProcessor.SendNotificationImplementation: Task completed.");
}
/// <summary>
/// Initializes a new instance of the SigningBindingElement class for use by a Provider.
/// </summary>
/// <param name="associationStore">The association store used to look up the secrets needed for signing.</param>
/// <param name="securitySettings">The security settings.</param>
internal SigningBindingElement(IAssociationStore<AssociationRelyingPartyType> associationStore, ProviderSecuritySettings securitySettings) {
Contract.Requires<ArgumentNullException>(associationStore != null);
Contract.Requires<ArgumentNullException>(securitySettings != null);
this.opAssociations = associationStore;
this.opSecuritySettings = securitySettings;
}
/// <summary>
/// Initializes a new instance of the <see cref="OpenIdChannel"/> class
/// for use by a Relying Party.
/// </summary>
/// <param name="associationStore">The association store to use.</param>
/// <param name="nonceStore">The nonce store to use.</param>
/// <param name="messageTypeProvider">An object that knows how to distinguish the various OpenID message types for deserialization purposes.</param>
/// <param name="securitySettings">The security settings to apply.</param>
/// <param name="nonVerifying">A value indicating whether the channel is set up with no functional security binding elements.</param>
private OpenIdChannel(IAssociationStore <Uri> associationStore, INonceStore nonceStore, IMessageFactory messageTypeProvider, RelyingPartySecuritySettings securitySettings, bool nonVerifying) :
this(messageTypeProvider, InitializeBindingElements(associationStore, nonceStore, securitySettings, nonVerifying))
{
Contract.Requires <ArgumentNullException>(messageTypeProvider != null);
Contract.Requires <ArgumentNullException>(securitySettings != null);
Contract.Requires <ArgumentException>(!nonVerifying || securitySettings is RelyingPartySecuritySettings);
}
/// <summary>
/// Initializes a new instance of the <see cref="PrivateSecretManager"/> class.
/// </summary>
/// <param name="securitySettings">The security settings.</param>
/// <param name="store">The association store.</param>
internal PrivateSecretManager(RelyingPartySecuritySettings securitySettings, IAssociationStore<Uri> store) {
Contract.Requires<ArgumentNullException>(securitySettings != null);
Contract.Requires<ArgumentNullException>(store != null);
this.securitySettings = securitySettings;
this.store = store;
}
/// <summary>
/// Creates a Provider's response to an incoming association request.
/// </summary>
/// <param name="associationStore">The association store where a new association (if created) will be stored. Must not be null.</param>
/// <param name="securitySettings">The security settings on the Provider.</param>
/// <returns>
/// The appropriate association response that is ready to be sent back to the Relying Party.
/// </returns>
/// <remarks>
/// <para>If an association is created, it will be automatically be added to the provided
/// association store.</para>
/// <para>Successful association response messages will derive from <see cref="AssociateSuccessfulResponse"/>.
/// Failed association response messages will derive from <see cref="AssociateUnsuccessfulResponse"/>.</para>
/// </remarks>
internal IProtocolMessage CreateResponse(IAssociationStore <AssociationRelyingPartyType> associationStore, ProviderSecuritySettings securitySettings)
{
Contract.Requires <ArgumentNullException>(associationStore != null);
Contract.Requires <ArgumentNullException>(securitySettings != null);
IProtocolMessage response;
if (securitySettings.IsAssociationInPermittedRange(Protocol, this.AssociationType) &&
HmacShaAssociation.IsDHSessionCompatible(Protocol, this.AssociationType, this.SessionType))
{
response = this.CreateResponseCore();
// Create and store the association if this is a successful response.
var successResponse = response as AssociateSuccessfulResponse;
if (successResponse != null)
{
Association association = successResponse.CreateAssociation(this, securitySettings);
associationStore.StoreAssociation(AssociationRelyingPartyType.Smart, association);
}
}
else
{
response = this.CreateUnsuccessfulResponse(securitySettings);
}
return(response);
}
/// <summary>
/// Initializes a new instance of the <see cref="PrivateSecretManager"/> class.
/// </summary>
/// <param name="securitySettings">The security settings.</param>
/// <param name="store">The association store.</param>
internal PrivateSecretManager(RelyingPartySecuritySettings securitySettings, IAssociationStore <Uri> store)
{
ErrorUtilities.VerifyArgumentNotNull(securitySettings, "securitySettings");
ErrorUtilities.VerifyArgumentNotNull(store, "store");
this.securitySettings = securitySettings;
this.store = store;
}
/// <summary>
/// Initializes a new instance of the <see cref="AssociationManager"/> class.
/// </summary>
/// <param name="channel">The channel the relying party is using.</param>
/// <param name="associationStore">The association store. May be null for dumb mode relying parties.</param>
/// <param name="securitySettings">The security settings.</param>
internal AssociationManager(Channel channel, IAssociationStore<Uri> associationStore, RelyingPartySecuritySettings securitySettings) {
Contract.Requires<ArgumentNullException>(channel != null);
Contract.Requires<ArgumentNullException>(securitySettings != null);
this.channel = channel;
this.associationStore = associationStore;
this.securitySettings = securitySettings;
}
/// <summary>
/// Initializes a new instance of the SigningBindingElement class for use by a Provider.
/// </summary>
/// <param name="associationStore">The association store used to look up the secrets needed for signing.</param>
/// <param name="securitySettings">The security settings.</param>
internal SigningBindingElement(IAssociationStore<AssociationRelyingPartyType> associationStore, ProviderSecuritySettings securitySettings)
{
ErrorUtilities.VerifyArgumentNotNull(associationStore, "associationStore");
ErrorUtilities.VerifyArgumentNotNull(securitySettings, "securitySettings");
this.opAssociations = associationStore;
this.opSecuritySettings = securitySettings;
}
private IEnumerable <UserMailbox> GetEscalatedMembersInternal(IAssociationStore storeProvider, GroupMailboxLocator group, bool loadAllDetails = false)
{
UserAssociationAdaptor adaptor = new UserAssociationAdaptor(storeProvider, this.adSession, group);
GetEscalatedAssociations getEscalatedAssociations = new GetEscalatedAssociations(adaptor);
IEnumerable <MailboxAssociation> associations = getEscalatedAssociations.Execute(null);
return(this.mailboxCollectionBuilder.BuildUserMailboxes(group, associations, loadAllDetails));
}
/// <summary>
/// Initializes a new instance of the <see cref="PrivateSecretManager"/> class.
/// </summary>
/// <param name="securitySettings">The security settings.</param>
/// <param name="store">The association store.</param>
internal PrivateSecretManager(RelyingPartySecuritySettings securitySettings, IAssociationStore <Uri> store)
{
Contract.Requires <ArgumentNullException>(securitySettings != null);
Contract.Requires <ArgumentNullException>(store != null);
this.securitySettings = securitySettings;
this.store = store;
}
/// <summary>
/// Initializes a new instance of the SigningBindingElement class for use by a Provider.
/// </summary>
/// <param name="associationStore">The association store used to look up the secrets needed for signing.</param>
/// <param name="securitySettings">The security settings.</param>
internal SigningBindingElement(IAssociationStore <AssociationRelyingPartyType> associationStore, ProviderSecuritySettings securitySettings)
{
Contract.Requires <ArgumentNullException>(associationStore != null);
Contract.Requires <ArgumentNullException>(securitySettings != null);
this.opAssociations = associationStore;
this.opSecuritySettings = securitySettings;
}
/// <summary>
/// Initializes a new instance of the <see cref="PrivateSecretManager"/> class.
/// </summary>
/// <param name="securitySettings">The security settings.</param>
/// <param name="store">The association store.</param>
internal PrivateSecretManager(RelyingPartySecuritySettings securitySettings, IAssociationStore<Uri> store)
{
ErrorUtilities.VerifyArgumentNotNull(securitySettings, "securitySettings");
ErrorUtilities.VerifyArgumentNotNull(store, "store");
this.securitySettings = securitySettings;
this.store = store;
}
/// <summary>
/// Initializes a new instance of the SigningBindingElement class for use by a Provider.
/// </summary>
/// <param name="associationStore">The association store used to look up the secrets needed for signing.</param>
/// <param name="securitySettings">The security settings.</param>
internal SigningBindingElement(IAssociationStore <AssociationRelyingPartyType> associationStore, ProviderSecuritySettings securitySettings)
{
ErrorUtilities.VerifyArgumentNotNull(associationStore, "associationStore");
ErrorUtilities.VerifyArgumentNotNull(securitySettings, "securitySettings");
this.opAssociations = associationStore;
this.opSecuritySettings = securitySettings;
}
/// <summary>
/// Initializes a new instance of the <see cref="AssociationManager"/> class.
/// </summary>
/// <param name="channel">The channel the relying party is using.</param>
/// <param name="associationStore">The association store. May be null for dumb mode relying parties.</param>
/// <param name="securitySettings">The security settings.</param>
internal AssociationManager(Channel channel, IAssociationStore <Uri> associationStore, RelyingPartySecuritySettings securitySettings)
{
ErrorUtilities.VerifyArgumentNotNull(channel, "channel");
ErrorUtilities.VerifyArgumentNotNull(securitySettings, "securitySettings");
this.channel = channel;
this.associationStore = associationStore;
this.securitySettings = securitySettings;
}
/// <summary>
/// Initializes a new instance of the <see cref="AssociationManager"/> class.
/// </summary>
/// <param name="channel">The channel the relying party is using.</param>
/// <param name="associationStore">The association store. May be null for dumb mode relying parties.</param>
/// <param name="securitySettings">The security settings.</param>
internal AssociationManager(Channel channel, IAssociationStore<Uri> associationStore, RelyingPartySecuritySettings securitySettings)
{
ErrorUtilities.VerifyArgumentNotNull(channel, "channel");
ErrorUtilities.VerifyArgumentNotNull(securitySettings, "securitySettings");
this.channel = channel;
this.associationStore = associationStore;
this.securitySettings = securitySettings;
}
public BaseAssociationAdaptor(IAssociationStore associationStore, IRecipientSession adSession, MailboxLocator masterMailboxLocator)
{
ArgumentValidator.ThrowIfNull("associationStore", associationStore);
ArgumentValidator.ThrowIfNull("adSession", adSession);
ArgumentValidator.ThrowIfNull("masterMailboxLocator", masterMailboxLocator);
this.associationStore = associationStore;
this.adSession = adSession;
this.masterMailboxLocator = masterMailboxLocator;
}
/// <summary>
/// Initializes a new instance of the <see cref="AssociationManager"/> class.
/// </summary>
/// <param name="channel">The channel the relying party is using.</param>
/// <param name="associationStore">The association store. May be null for dumb mode relying parties.</param>
/// <param name="securitySettings">The security settings.</param>
internal AssociationManager(Channel channel, IAssociationStore <Uri> associationStore, RelyingPartySecuritySettings securitySettings)
{
Contract.Requires <ArgumentNullException>(channel != null);
Contract.Requires <ArgumentNullException>(securitySettings != null);
this.channel = channel;
this.associationStore = associationStore;
this.securitySettings = securitySettings;
}
/// <summary>
/// Initializes a new instance of the <see cref="OpenIdProvider"/> class.
/// </summary>
/// <param name="associationStore">The association store to use. Cannot be null.</param>
/// <param name="nonceStore">The nonce store to use. Cannot be null.</param>
private OpenIdProvider(IAssociationStore <AssociationRelyingPartyType> associationStore, INonceStore nonceStore)
{
ErrorUtilities.VerifyArgumentNotNull(associationStore, "associationStore");
ErrorUtilities.VerifyArgumentNotNull(nonceStore, "nonceStore");
this.AssociationStore = associationStore;
this.SecuritySettings = DotNetOpenAuthSection.Configuration.OpenId.Provider.SecuritySettings.CreateSecuritySettings();
this.Channel = new OpenIdChannel(this.AssociationStore, nonceStore, this.SecuritySettings);
}
public IEnumerable <UserMailbox> GetEscalatedMembers(GroupMailboxLocator group, bool loadAllDetails = false)
{
using (IAssociationStore storeProvider = this.storeProviderBuilder.Create(group, this.PerformanceTracker))
{
foreach (UserMailbox mailbox in this.GetEscalatedMembersInternal(storeProvider, group, loadAllDetails))
{
yield return(mailbox);
}
}
yield break;
}
public void SetGroupPinState(UserMailboxLocator user, GroupMailboxLocator group, bool isPinned, bool isModernGroupsNewArchitecture)
{
using (IAssociationStore associationStore = this.storeProviderBuilder.Create(user, this.PerformanceTracker))
{
this.LogCommandExecution(isPinned ? "PinGroup" : "UnpinGroup", group, new UserMailboxLocator[]
{
user
});
GroupAssociationAdaptor masterAdaptor = new GroupAssociationAdaptor(associationStore, this.adSession, user);
SetGroupPinState setGroupPinState = new SetGroupPinState(this.Logger, null, isPinned, masterAdaptor, group, this.PerformanceTracker, isModernGroupsNewArchitecture);
setGroupPinState.Execute();
}
}
public void SetLastVisitedDate(UserMailboxLocator user, GroupMailboxLocator group, ExDateTime lastVisitedDate)
{
using (IAssociationStore associationStore = this.storeProviderBuilder.Create(group, this.PerformanceTracker))
{
this.LogCommandExecution("SetLastVisitedDate", group, new UserMailboxLocator[]
{
user
});
UserAssociationAdaptor masterAdaptor = new UserAssociationAdaptor(associationStore, this.adSession, group);
SetLastVisitedDate setLastVisitedDate = new SetLastVisitedDate(this.Logger, lastVisitedDate, masterAdaptor, user);
setLastVisitedDate.Execute();
}
}
public void SetEscalate(UserMailboxLocator user, GroupMailboxLocator group, bool shouldEscalate, SmtpAddress userSmtpAddress, int maxNumberOfSubscribers = 400)
{
using (IAssociationStore associationStore = this.storeProviderBuilder.Create(group, this.PerformanceTracker))
{
this.LogCommandExecution("SetEscalate", group, new UserMailboxLocator[]
{
user
});
UserAssociationAdaptor masterAdaptor = new UserAssociationAdaptor(associationStore, this.adSession, group);
SetEscalate setEscalate = new SetEscalate(this.Logger, shouldEscalate, userSmtpAddress, masterAdaptor, user, maxNumberOfSubscribers);
setEscalate.Execute();
}
}
/// <summary>
/// Initializes a new instance of the <see cref="OpenIdProvider"/> class.
/// </summary>
/// <param name="associationStore">The association store to use. Cannot be null.</param>
/// <param name="nonceStore">The nonce store to use. Cannot be null.</param>
private OpenIdProvider(IAssociationStore<AssociationRelyingPartyType> associationStore, INonceStore nonceStore)
{
Contract.Requires(associationStore != null);
Contract.Requires(nonceStore != null);
Contract.Ensures(this.AssociationStore == associationStore);
Contract.Ensures(this.SecuritySettings != null);
Contract.Ensures(this.Channel != null);
ErrorUtilities.VerifyArgumentNotNull(associationStore, "associationStore");
ErrorUtilities.VerifyArgumentNotNull(nonceStore, "nonceStore");
this.AssociationStore = associationStore;
this.SecuritySettings = DotNetOpenAuthSection.Configuration.OpenId.Provider.SecuritySettings.CreateSecuritySettings();
this.Channel = new OpenIdChannel(this.AssociationStore, nonceStore, this.SecuritySettings);
}
private void ReplicateOutOfSyncAssociation(Func <IAssociationStore, IAssociationAdaptor> associationAdaptorCreator, IMailboxLocator masterLocator, params IMailboxLocator[] slaveLocators)
{
ArgumentValidator.ThrowIfNull("masterLocator", masterLocator);
ArgumentValidator.ThrowIfNull("slaveLocators", slaveLocators);
ArgumentValidator.ThrowIfZeroOrNegative("slaveLocators.Length", slaveLocators.Length);
GroupMailboxAccessLayer.Tracer.TraceDebug <IMailboxLocator, int>((long)this.GetHashCode(), "GroupMailboxAccessLayer::ReplicateOutOfSyncAssociation. Replicating data from mailbox: {0}. Number of out of sync mailboxes: {1}", masterLocator, slaveLocators.Length);
using (IAssociationStore associationStore = this.storeProviderBuilder.Create(masterLocator, this.PerformanceTracker))
{
IAssociationAdaptor associationAdaptor = associationAdaptorCreator(associationStore);
InProcessAssociationReplicator replicator = new InProcessAssociationReplicator(this.Logger, this.PerformanceTracker, OpenAsAdminOrSystemServiceBudgetTypeType.RunAsBackgroundLoad);
ICollection <MailboxAssociation> associations = slaveLocators.Select(new Func <IMailboxLocator, MailboxAssociation>(associationAdaptor.GetAssociation));
this.ReplicateAssociations(replicator, associationAdaptor, associations);
}
}
public IEnumerable <UserMailbox> GetMembers(GroupMailboxLocator group, IEnumerable <UserMailboxLocator> users, bool loadAllDetails = false)
{
using (IAssociationStore storeProvider = this.storeProviderBuilder.Create(group, this.PerformanceTracker))
{
UserAssociationAdaptor adaptor = new UserAssociationAdaptor(storeProvider, this.adSession, group);
IEnumerable <UserMailbox> mailboxes = this.mailboxCollectionBuilder.BuildUserMailboxes(group, from u in users
select new GetMemberAssociation(adaptor, u).Execute(), loadAllDetails);
foreach (UserMailbox mailbox in mailboxes)
{
yield return(mailbox);
}
}
yield break;
}
public IEnumerable <GroupMailbox> GetPinnedGroups(UserMailboxLocator user, bool loadAllDetails = false)
{
using (IAssociationStore storeProvider = this.storeProviderBuilder.Create(user, this.PerformanceTracker))
{
GroupAssociationAdaptor adaptor = new GroupAssociationAdaptor(storeProvider, this.adSession, user);
GetPinAssociations command = new GetPinAssociations(adaptor);
IEnumerable <MailboxAssociation> pinAssociations = command.Execute(null);
IEnumerable <GroupMailbox> mailboxes = this.mailboxCollectionBuilder.BuildGroupMailboxes(pinAssociations, loadAllDetails);
foreach (GroupMailbox mailbox in mailboxes)
{
yield return(mailbox);
}
}
yield break;
}
public UserMailbox GetMember(GroupMailboxLocator group, UserMailboxLocator user, bool loadAllDetails = false)
{
UserMailbox result;
using (IAssociationStore associationStore = this.storeProviderBuilder.Create(group, this.PerformanceTracker))
{
UserAssociationAdaptor adaptor = new UserAssociationAdaptor(associationStore, this.adSession, group);
GetMemberAssociation getMemberAssociation = new GetMemberAssociation(adaptor, user);
MailboxAssociation item = getMemberAssociation.Execute();
result = this.mailboxCollectionBuilder.BuildUserMailboxes(group, new List <MailboxAssociation>(1)
{
item
}, loadAllDetails).FirstOrDefault <UserMailbox>();
}
return(result);
}
/// <summary>
/// Initializes a new instance of the <see cref="OpenIdProvider"/> class.
/// </summary>
/// <param name="associationStore">The association store to use. Cannot be null.</param>
/// <param name="nonceStore">The nonce store to use. Cannot be null.</param>
private OpenIdProvider(IAssociationStore<AssociationRelyingPartyType> associationStore, INonceStore nonceStore) {
Contract.Requires<ArgumentNullException>(associationStore != null);
Contract.Requires<ArgumentNullException>(nonceStore != null);
Contract.Ensures(this.AssociationStore == associationStore);
Contract.Ensures(this.SecuritySettings != null);
Contract.Ensures(this.Channel != null);
this.AssociationStore = associationStore;
this.SecuritySettings = DotNetOpenAuthSection.Configuration.OpenId.Provider.SecuritySettings.CreateSecuritySettings();
this.behaviors.CollectionChanged += this.OnBehaviorsChanged;
foreach (var behavior in DotNetOpenAuthSection.Configuration.OpenId.Provider.Behaviors.CreateInstances(false)) {
this.behaviors.Add(behavior);
}
this.Channel = new OpenIdChannel(this.AssociationStore, nonceStore, this.SecuritySettings);
Reporting.RecordFeatureAndDependencyUse(this, associationStore, nonceStore);
}
public void SetMembershipState(ADRecipient joinedBy, UserMailboxLocator[] joiningUsers, UserMailboxLocator[] departingUsers, GroupMailboxLocator group)
{
string joinedBy2 = string.Empty;
if (joinedBy != null)
{
joinedBy2 = ((SmtpAddress)joinedBy[ADRecipientSchema.PrimarySmtpAddress]).ToString();
}
using (IAssociationStore associationStore = this.storeProviderBuilder.Create(group, this.PerformanceTracker))
{
ADUser groupMailbox = group.FindAdUser();
WelcomeToGroupMessageTemplate messageComposerBuilder = new WelcomeToGroupMessageTemplate(groupMailbox, associationStore.MailboxOwner, joinedBy);
EmailNotificationHandler joinNotificationHandler = new EmailNotificationHandler(groupMailbox, associationStore.MailboxOwner, this.clientString, messageComposerBuilder);
QueuedInProcessAssociationReplicator associationReplicator = new QueuedInProcessAssociationReplicator(group, this.adSession, associationStore.ServerFullyQualifiedDomainName, this.clientString);
try
{
UserAssociationAdaptor userAssociationAdaptor = new UserAssociationAdaptor(associationStore, this.adSession, group);
if (departingUsers != null && departingUsers.Length > 0)
{
this.LogCommandExecution("LeaveGroup", group, departingUsers);
SetUserMembershipState setUserMembershipState = new SetUserMembershipState(this.Logger, associationReplicator, false, joinedBy2, userAssociationAdaptor, this.adSession, departingUsers);
setUserMembershipState.Execute();
}
if (joiningUsers != null && joiningUsers.Length > 0)
{
this.LogCommandExecution("JoinGroup", group, joiningUsers);
userAssociationAdaptor.OnAfterJoin += joinNotificationHandler.AddNotificationRecipient;
SetUserMembershipState setUserMembershipState2 = new SetUserMembershipState(this.Logger, associationReplicator, true, joinedBy2, userAssociationAdaptor, this.adSession, joiningUsers);
setUserMembershipState2.Execute();
userAssociationAdaptor.OnAfterJoin -= joinNotificationHandler.AddNotificationRecipient;
}
}
finally
{
Task.Run(delegate()
{
associationReplicator.ReplicateQueuedAssociations();
}).ContinueWith(delegate(Task t)
{
joinNotificationHandler.SendNotification();
});
}
}
}
/// <summary>
/// Initializes a new instance of the <see cref="OpenIdProvider"/> class.
/// </summary>
/// <param name="associationStore">The association store to use. Cannot be null.</param>
/// <param name="nonceStore">The nonce store to use. Cannot be null.</param>
private OpenIdProvider(IAssociationStore<AssociationRelyingPartyType> associationStore, INonceStore nonceStore)
{
Contract.Requires(associationStore != null);
Contract.Requires(nonceStore != null);
Contract.Ensures(this.AssociationStore == associationStore);
Contract.Ensures(this.SecuritySettings != null);
Contract.Ensures(this.Channel != null);
ErrorUtilities.VerifyArgumentNotNull(associationStore, "associationStore");
ErrorUtilities.VerifyArgumentNotNull(nonceStore, "nonceStore");
this.AssociationStore = associationStore;
this.SecuritySettings = DotNetOpenAuthSection.Configuration.OpenId.Provider.SecuritySettings.CreateSecuritySettings();
this.behaviors.CollectionChanged += this.OnBehaviorsChanged;
foreach (var behavior in DotNetOpenAuthSection.Configuration.OpenId.Provider.Behaviors.CreateInstances(false)) {
this.behaviors.Add(behavior);
}
this.Channel = new OpenIdChannel(this.AssociationStore, nonceStore, this.SecuritySettings);
}
public void UpdateSlaveDataFromMailboxAssociation(MasterMailboxType masterMailboxData, MailboxAssociationType associationType)
{
GroupMailboxAccessLayer.Tracer.TraceDebug <MasterMailboxType, MailboxAssociationType>((long)this.GetHashCode(), "GroupMailboxAccessLayer::UpdateSlaveDataFromMailboxAssociation. Replicating data from mailbox: {0}. Association data: {1}", masterMailboxData, associationType);
if (masterMailboxData.MailboxType != UserMailboxLocator.MailboxLocatorType && masterMailboxData.MailboxType != GroupMailboxLocator.MailboxLocatorType)
{
throw new InvalidOperationException("UpdateSlaveDataFromMailboxAssociation: Invalid MasterMailboxType");
}
MailboxAssociation mailboxAssociation = EwsAssociationDataConverter.Convert(associationType, this.adSession);
IMailboxLocator mailboxLocator;
if (!(masterMailboxData.MailboxType == GroupMailboxLocator.MailboxLocatorType))
{
IMailboxLocator group = mailboxAssociation.Group;
mailboxLocator = group;
}
else
{
mailboxLocator = mailboxAssociation.User;
}
IMailboxLocator targetMailbox = mailboxLocator;
using (IAssociationStore associationStore = this.storeProviderBuilder.Create(targetMailbox, this.PerformanceTracker))
{
this.LogCommandExecution("UpdateSlaveDataFromMailboxAssociation", mailboxAssociation.Group, new UserMailboxLocator[]
{
mailboxAssociation.User
});
BaseAssociationAdaptor baseAssociationAdaptor = (masterMailboxData.MailboxType == GroupMailboxLocator.MailboxLocatorType) ? new GroupAssociationAdaptor(associationStore, this.adSession, mailboxAssociation.User) : new UserAssociationAdaptor(associationStore, this.adSession, mailboxAssociation.Group);
baseAssociationAdaptor.UseAlternateLocatorLookup = true;
baseAssociationAdaptor.MasterMailboxData = masterMailboxData;
baseAssociationAdaptor.ReplicateAssociation(mailboxAssociation);
if (masterMailboxData.MailboxType == GroupMailboxLocator.MailboxLocatorType && mailboxAssociation.IsMember)
{
TimeSpan latency = ExDateTime.UtcNow - mailboxAssociation.JoinDate;
this.LogPerformanceCounter(MailboxAssociationLogSchema.PerformanceCounterName.JoinGroupAssociationReplication, latency, "Group={0}, User={1}", new object[]
{
mailboxAssociation.Group.ExternalId,
mailboxAssociation.User.ExternalId
});
}
}
}
/// <summary>
/// Initializes a new instance of the <see cref="OpenIdRelyingParty"/> class.
/// </summary>
/// <param name="associationStore">The association store. If null, the relying party will always operate in "dumb mode".</param>
/// <param name="nonceStore">The nonce store to use. If null, the relying party will always operate in "dumb mode".</param>
private OpenIdRelyingParty(IAssociationStore <Uri> associationStore, INonceStore nonceStore)
{
// If we are a smart-mode RP (supporting associations), then we MUST also be
// capable of storing nonces to prevent replay attacks.
// If we're a dumb-mode RP, then 2.0 OPs are responsible for preventing replays.
ErrorUtilities.VerifyArgument(associationStore == null || nonceStore != null, OpenIdStrings.AssociationStoreRequiresNonceStore);
this.securitySettings = DotNetOpenAuthSection.Configuration.OpenId.RelyingParty.SecuritySettings.CreateSecuritySettings();
// Without a nonce store, we must rely on the Provider to protect against
// replay attacks. But only 2.0+ Providers can be expected to provide
// replay protection.
if (nonceStore == null)
{
this.SecuritySettings.MinimumRequiredOpenIdVersion = ProtocolVersion.V20;
}
this.channel = new OpenIdChannel(associationStore, nonceStore, this.SecuritySettings);
this.AssociationManager = new AssociationManager(this.Channel, associationStore, this.SecuritySettings);
}
/// <summary>
/// Initializes a new instance of the <see cref="OpenIdProvider"/> class.
/// </summary>
/// <param name="associationStore">The association store to use. Cannot be null.</param>
/// <param name="nonceStore">The nonce store to use. Cannot be null.</param>
private OpenIdProvider(IAssociationStore <AssociationRelyingPartyType> associationStore, INonceStore nonceStore)
{
Contract.Requires <ArgumentNullException>(associationStore != null);
Contract.Requires <ArgumentNullException>(nonceStore != null);
Contract.Ensures(this.AssociationStore == associationStore);
Contract.Ensures(this.SecuritySettings != null);
Contract.Ensures(this.Channel != null);
this.AssociationStore = associationStore;
this.SecuritySettings = DotNetOpenAuthSection.Configuration.OpenId.Provider.SecuritySettings.CreateSecuritySettings();
this.behaviors.CollectionChanged += this.OnBehaviorsChanged;
foreach (var behavior in DotNetOpenAuthSection.Configuration.OpenId.Provider.Behaviors.CreateInstances(false))
{
this.behaviors.Add(behavior);
}
this.Channel = new OpenIdChannel(this.AssociationStore, nonceStore, this.SecuritySettings);
Reporting.RecordFeatureAndDependencyUse(this, associationStore, nonceStore);
}
private IMailboxAssociationUser GetMemberAssociationInformation(IAssociationStore associationStore)
{
GroupMailboxAuthorizationHandler.Tracer.TraceDebug <string, string>((long)this.GetHashCode(), "MemberRetrieval: Retrieving member information {0} from the mailbox = {1}", this.accessingUserInfo.Identity, this.groupMailboxToLogon.MailboxInfo.DisplayName);
IMailboxAssociationUser userAssociationByIdProperty;
if (!string.IsNullOrEmpty(this.accessingUserInfo.ExternalDirectoryObjectId))
{
userAssociationByIdProperty = associationStore.GetUserAssociationByIdProperty(MailboxAssociationBaseSchema.ExternalId, new object[]
{
this.accessingUserInfo.ExternalDirectoryObjectId
});
}
else
{
userAssociationByIdProperty = associationStore.GetUserAssociationByIdProperty(MailboxAssociationBaseSchema.LegacyDN, new object[]
{
this.accessingUserInfo.LegacyExchangeDN
});
}
return(userAssociationByIdProperty);
}
public IEnumerable <UserMailbox> GetUnseenMembers(GroupMailboxLocator group, IEnumerable <UserMailboxLocator> users)
{
IEnumerable <UserMailbox> result;
using (IAssociationStore associationStore = this.storeProviderBuilder.Create(group, this.PerformanceTracker))
{
UnseenDataUserAssociationAdaptor adaptor = new UnseenDataUserAssociationAdaptor(associationStore, this.adSession, group);
GetMembershipAssociations getMembershipAssociations = new GetMembershipAssociations(adaptor);
IEnumerable <MailboxAssociation> enumerable = getMembershipAssociations.Execute(null);
Dictionary <string, MailboxAssociation> dictionary = new Dictionary <string, MailboxAssociation>(enumerable.Count <MailboxAssociation>());
foreach (MailboxAssociation mailboxAssociation in enumerable)
{
if (string.IsNullOrEmpty(mailboxAssociation.User.ExternalId))
{
GroupMailboxAccessLayer.LogWarning(this.Logger, "GetUnseenMembers", string.Format("External Id is null or empty. LegacyDn - {0}", mailboxAssociation.User.LegacyDn));
}
else if (dictionary.ContainsKey(mailboxAssociation.User.ExternalId))
{
GroupMailboxAccessLayer.LogWarning(this.Logger, "GetUnseenMembers", string.Format("Duplicate External Id. ExternalId - {0}. LegacyDn - {1}", mailboxAssociation.User.ExternalId, mailboxAssociation.User.LegacyDn));
}
else
{
dictionary.Add(mailboxAssociation.User.ExternalId, mailboxAssociation);
}
}
List <UserMailbox> list = new List <UserMailbox>();
foreach (UserMailboxLocator userMailboxLocator in users)
{
MailboxAssociation association = null;
if (!dictionary.TryGetValue(userMailboxLocator.ExternalId, out association))
{
association = this.CreateMailboxAssociationWithDefaultValues(userMailboxLocator, group);
}
UserMailboxBuilder userMailboxBuilder = new UserMailboxBuilder(userMailboxLocator, null);
list.Add(userMailboxBuilder.BuildFromAssociation(association).Mailbox);
}
result = list;
}
return(result);
}
/// <summary>
/// Initializes a new instance of the <see cref="StandardProviderApplicationStore"/> class.
/// </summary>
public StandardProviderApplicationStore()
{
this.nonceStore = new NonceMemoryStore(DotNetOpenAuthSection.Configuration.OpenId.MaxAuthenticationTime);
this.associationStore = new AssociationMemoryStore<AssociationRelyingPartyType>();
}
public TestConsumer(IAssociationStore store, Fetcher fetcher)
: base(store, fetcher)
{
}
public StoreTester( IAssociationStore store )
{
this.store = store;
}
/// <summary>
/// Initializes a new instance of the SigningBindingElement class for use by a Relying Party.
/// </summary>
/// <param name="associationStore">The association store used to look up the secrets needed for signing. May be null for dumb Relying Parties.</param>
internal SigningBindingElement(IAssociationStore<Uri> associationStore) {
this.rpAssociations = associationStore;
}
/// <summary>
/// Initializes a new instance of the <see cref="OpenIdRelyingParty"/> class.
/// </summary>
/// <param name="associationStore">The association store. If null, the relying party will always operate in "dumb mode".</param>
/// <param name="nonceStore">The nonce store to use. If null, the relying party will always operate in "dumb mode".</param>
private OpenIdRelyingParty(IAssociationStore<Uri> associationStore, INonceStore nonceStore)
{
// If we are a smart-mode RP (supporting associations), then we MUST also be
// capable of storing nonces to prevent replay attacks.
// If we're a dumb-mode RP, then 2.0 OPs are responsible for preventing replays.
Contract.Requires(associationStore == null || nonceStore != null);
ErrorUtilities.VerifyArgument(associationStore == null || nonceStore != null, OpenIdStrings.AssociationStoreRequiresNonceStore);
this.securitySettings = DotNetOpenAuthSection.Configuration.OpenId.RelyingParty.SecuritySettings.CreateSecuritySettings();
this.behaviors.CollectionChanged += this.OnBehaviorsChanged;
foreach (var behavior in DotNetOpenAuthSection.Configuration.OpenId.RelyingParty.Behaviors.CreateInstances(false)) {
this.behaviors.Add(behavior);
}
// Without a nonce store, we must rely on the Provider to protect against
// replay attacks. But only 2.0+ Providers can be expected to provide
// replay protection.
if (nonceStore == null) {
this.SecuritySettings.MinimumRequiredOpenIdVersion = ProtocolVersion.V20;
}
this.channel = new OpenIdChannel(associationStore, nonceStore, this.SecuritySettings);
this.AssociationManager = new AssociationManager(this.Channel, associationStore, this.SecuritySettings);
}
/// <summary>
/// Initializes a new instance of the <see cref="ReturnToSignatureBindingElement"/> class.
/// </summary>
/// <param name="secretStore">The secret store from which to retrieve the secret used for signing.</param>
/// <param name="securitySettings">The security settings.</param>
internal ReturnToSignatureBindingElement(IAssociationStore<Uri> secretStore, RelyingPartySecuritySettings securitySettings) {
Contract.Requires<ArgumentNullException>(secretStore != null);
this.secretManager = new PrivateSecretManager(securitySettings, secretStore);
}
/// <summary>
/// Initializes a new instance of the <see cref="StandardRelyingPartyApplicationStore"/> class.
/// </summary>
internal StandardRelyingPartyApplicationStore()
{
this.nonceStore = new NonceMemoryStore(DotNetOpenAuthSection.Configuration.OpenId.MaxAuthenticationTime);
this.associationStore = new AssociationMemoryStore<Uri>();
}
/// <summary>
/// Creates a Provider's response to an incoming association request.
/// </summary>
/// <param name="associationStore">The association store where a new association (if created) will be stored. Must not be null.</param>
/// <param name="securitySettings">The security settings on the Provider.</param>
/// <returns>
/// The appropriate association response that is ready to be sent back to the Relying Party.
/// </returns>
/// <remarks>
/// <para>If an association is created, it will be automatically be added to the provided
/// association store.</para>
/// <para>Successful association response messages will derive from <see cref="AssociateSuccessfulResponse"/>.
/// Failed association response messages will derive from <see cref="AssociateUnsuccessfulResponse"/>.</para>
/// </remarks>
internal IProtocolMessage CreateResponse(IAssociationStore<AssociationRelyingPartyType> associationStore, ProviderSecuritySettings securitySettings)
{
ErrorUtilities.VerifyArgumentNotNull(associationStore, "associationStore");
ErrorUtilities.VerifyArgumentNotNull(securitySettings, "securitySettings");
IProtocolMessage response;
if (securitySettings.IsAssociationInPermittedRange(Protocol, this.AssociationType) &&
HmacShaAssociation.IsDHSessionCompatible(Protocol, this.AssociationType, this.SessionType)) {
response = this.CreateResponseCore();
// Create and store the association if this is a successful response.
var successResponse = response as AssociateSuccessfulResponse;
if (successResponse != null) {
Association association = successResponse.CreateAssociation(this, securitySettings);
associationStore.StoreAssociation(AssociationRelyingPartyType.Smart, association);
}
} else {
response = this.CreateUnsuccessfulResponse(securitySettings);
}
return response;
}
/// <summary>
/// Initializes a new instance of the <see cref="ReturnToSignatureBindingElement"/> class.
/// </summary>
/// <param name="secretStore">The secret store from which to retrieve the secret used for signing.</param>
/// <param name="securitySettings">The security settings.</param>
internal ReturnToSignatureBindingElement(IAssociationStore<Uri> secretStore, RelyingPartySecuritySettings securitySettings)
{
ErrorUtilities.VerifyArgumentNotNull(secretStore, "secretStore");
this.secretManager = new PrivateSecretManager(securitySettings, secretStore);
}
/// <summary>
/// Initializes a new instance of the <see cref="OpenIdRelyingParty"/> class.
/// </summary>
/// <param name="associationStore">The association store. If null, the relying party will always operate in "dumb mode".</param>
/// <param name="nonceStore">The nonce store to use. If null, the relying party will always operate in "dumb mode".</param>
private OpenIdRelyingParty(IAssociationStore<Uri> associationStore, INonceStore nonceStore) {
// If we are a smart-mode RP (supporting associations), then we MUST also be
// capable of storing nonces to prevent replay attacks.
// If we're a dumb-mode RP, then 2.0 OPs are responsible for preventing replays.
Contract.Requires<ArgumentException>(associationStore == null || nonceStore != null, OpenIdStrings.AssociationStoreRequiresNonceStore);
this.securitySettings = DotNetOpenAuthSection.Configuration.OpenId.RelyingParty.SecuritySettings.CreateSecuritySettings();
foreach (var discoveryService in DotNetOpenAuthSection.Configuration.OpenId.RelyingParty.DiscoveryServices.CreateInstances(true)) {
this.discoveryServices.Add(discoveryService);
}
this.behaviors.CollectionChanged += this.OnBehaviorsChanged;
foreach (var behavior in DotNetOpenAuthSection.Configuration.OpenId.RelyingParty.Behaviors.CreateInstances(false)) {
this.behaviors.Add(behavior);
}
// Without a nonce store, we must rely on the Provider to protect against
// replay attacks. But only 2.0+ Providers can be expected to provide
// replay protection.
if (nonceStore == null) {
if (this.SecuritySettings.MinimumRequiredOpenIdVersion < ProtocolVersion.V20) {
Logger.OpenId.Warn("Raising minimum OpenID version requirement for Providers to 2.0 to protect this stateless RP from replay attacks.");
this.SecuritySettings.MinimumRequiredOpenIdVersion = ProtocolVersion.V20;
}
}
this.channel = new OpenIdChannel(associationStore, nonceStore, this.SecuritySettings);
this.AssociationManager = new AssociationManager(this.Channel, associationStore, this.SecuritySettings);
Reporting.RecordFeatureAndDependencyUse(this, associationStore, nonceStore);
}
/// <summary>
/// Initializes a new <see cref="Consumer"/> instance.
/// </summary>
public Consumer(IAssociationStore store, Fetcher fetcher)
{
this.store = store;
this.fetcher = fetcher;
}
