internal static void ValidateCertificate(ExchangeCertificate certificate, bool skipAutomatedDeploymentChecks)
{
ExchangeCertificateValidity exchangeCertificateValidity = ManageExchangeCertificate.ValidateExchangeCertificate(certificate, true);
if (exchangeCertificateValidity != ExchangeCertificateValidity.Valid)
{
throw new FederationCertificateInvalidException(Strings.CertificateNotValidForExchange(certificate.Thumbprint, exchangeCertificateValidity.ToString()));
}
if (string.IsNullOrEmpty(certificate.SubjectKeyIdentifier))
{
throw new FederationCertificateInvalidException(Strings.ErrorCertificateNoSKI(certificate.Thumbprint));
}
if (!skipAutomatedDeploymentChecks && !certificate.PrivateKeyExportable)
{
throw new FederationCertificateInvalidException(Strings.ErrorCertificateNotExportable(certificate.Thumbprint));
}
if (!string.Equals(certificate.GetKeyAlgorithm(), WellKnownOid.RsaRsa.Value, StringComparison.OrdinalIgnoreCase))
{
throw new FederationCertificateInvalidException(Strings.ErrorCertificateNotRSA(certificate.Thumbprint));
}
if (TlsCertificateInfo.IsCNGProvider(certificate))
{
throw new FederationCertificateInvalidException(Strings.ErrorCertificateNotCAPI(certificate.Thumbprint));
}
if ((ExDateTime)certificate.NotAfter < ExDateTime.UtcNow && (ExDateTime)certificate.NotBefore > ExDateTime.UtcNow)
{
throw new FederationCertificateInvalidException(Strings.ErrorCertificateHasExpired(certificate.Thumbprint));
}
}
internal static string ExportCertificate(string source, SecureString securePassword, string thumbprint)
{
if (string.IsNullOrEmpty(source))
{
throw new ArgumentNullException("source");
}
if (securePassword == null)
{
throw new ArgumentNullException("securePassword");
}
if (string.IsNullOrEmpty(thumbprint))
{
throw new ArgumentNullException("thumbprint");
}
ExchangeCertificateRpc exchangeCertificateRpc = new ExchangeCertificateRpc();
exchangeCertificateRpc.ExportByThumbprint = thumbprint;
exchangeCertificateRpc.ExportBinary = true;
ExchangeCertificateRpcVersion exchangeCertificateRpcVersion = ExchangeCertificateRpcVersion.Version1;
byte[] outputBlob = null;
try
{
byte[] inBlob = exchangeCertificateRpc.SerializeInputParameters(ExchangeCertificateRpcVersion.Version2);
ExchangeCertificateRpcClient2 exchangeCertificateRpcClient = new ExchangeCertificateRpcClient2(source);
outputBlob = exchangeCertificateRpcClient.ExportCertificate2(0, inBlob, securePassword);
exchangeCertificateRpcVersion = ExchangeCertificateRpcVersion.Version2;
}
catch (RpcException)
{
exchangeCertificateRpcVersion = ExchangeCertificateRpcVersion.Version1;
}
if (exchangeCertificateRpcVersion == ExchangeCertificateRpcVersion.Version1)
{
try
{
byte[] inBlob2 = exchangeCertificateRpc.SerializeInputParameters(exchangeCertificateRpcVersion);
ExchangeCertificateRpcClient exchangeCertificateRpcClient2 = new ExchangeCertificateRpcClient(source);
outputBlob = exchangeCertificateRpcClient2.ExportCertificate(0, inBlob2, securePassword);
}
catch (RpcException e)
{
ManageExchangeCertificate.ThrowLocalizedException(e, source);
}
}
ExchangeCertificateRpc exchangeCertificateRpc2 = new ExchangeCertificateRpc(exchangeCertificateRpcVersion, null, outputBlob);
if (!string.IsNullOrEmpty(exchangeCertificateRpc2.ReturnTaskErrorString))
{
throw new InvalidOperationException(exchangeCertificateRpc2.ReturnTaskErrorString);
}
return(Convert.ToBase64String(exchangeCertificateRpc2.ReturnExportFileData));
}
internal static void ImportCertificate(string destination, SecureString securePassword, string base64cert)
{
if (string.IsNullOrEmpty(destination))
{
throw new ArgumentNullException("destination");
}
if (securePassword == null)
{
throw new ArgumentNullException("securePassword");
}
if (string.IsNullOrEmpty(base64cert))
{
throw new ArgumentNullException("base64cert");
}
ExchangeCertificateRpc exchangeCertificateRpc = new ExchangeCertificateRpc();
exchangeCertificateRpc.ImportCert = base64cert;
exchangeCertificateRpc.ImportExportable = true;
ExchangeCertificateRpcVersion exchangeCertificateRpcVersion = ExchangeCertificateRpcVersion.Version1;
byte[] outputBlob = null;
try
{
byte[] inBlob = exchangeCertificateRpc.SerializeInputParameters(ExchangeCertificateRpcVersion.Version2);
ExchangeCertificateRpcClient2 exchangeCertificateRpcClient = new ExchangeCertificateRpcClient2(destination);
outputBlob = exchangeCertificateRpcClient.ImportCertificate2(0, inBlob, securePassword);
exchangeCertificateRpcVersion = ExchangeCertificateRpcVersion.Version2;
}
catch (RpcException)
{
exchangeCertificateRpcVersion = ExchangeCertificateRpcVersion.Version1;
}
if (exchangeCertificateRpcVersion == ExchangeCertificateRpcVersion.Version1)
{
try
{
byte[] inBlob2 = exchangeCertificateRpc.SerializeInputParameters(exchangeCertificateRpcVersion);
ExchangeCertificateRpcClient exchangeCertificateRpcClient2 = new ExchangeCertificateRpcClient(destination);
outputBlob = exchangeCertificateRpcClient2.ImportCertificate(0, inBlob2, securePassword);
}
catch (RpcException e)
{
ManageExchangeCertificate.ThrowLocalizedException(e, destination);
}
}
ExchangeCertificateRpc exchangeCertificateRpc2 = new ExchangeCertificateRpc(exchangeCertificateRpcVersion, null, outputBlob);
if (!string.IsNullOrEmpty(exchangeCertificateRpc2.ReturnTaskErrorString))
{
throw new InvalidOperationException(exchangeCertificateRpc2.ReturnTaskErrorString);
}
}
internal static void EnableCertificateForNetworkService(string destination, string thumbprint)
{
if (string.IsNullOrEmpty(destination))
{
throw new ArgumentNullException("destination");
}
if (string.IsNullOrEmpty(thumbprint))
{
throw new ArgumentNullException("thumbprint");
}
ExchangeCertificateRpc exchangeCertificateRpc = new ExchangeCertificateRpc();
exchangeCertificateRpc.EnableByThumbprint = thumbprint;
exchangeCertificateRpc.EnableNetworkService = true;
exchangeCertificateRpc.EnableServices = AllowedServices.None;
ExchangeCertificateRpcVersion exchangeCertificateRpcVersion = ExchangeCertificateRpcVersion.Version1;
byte[] outputBlob = null;
try
{
byte[] inBlob = exchangeCertificateRpc.SerializeInputParameters(ExchangeCertificateRpcVersion.Version2);
ExchangeCertificateRpcClient2 exchangeCertificateRpcClient = new ExchangeCertificateRpcClient2(destination);
outputBlob = exchangeCertificateRpcClient.EnableCertificate2(0, inBlob);
exchangeCertificateRpcVersion = ExchangeCertificateRpcVersion.Version2;
}
catch (RpcException)
{
exchangeCertificateRpcVersion = ExchangeCertificateRpcVersion.Version1;
}
if (exchangeCertificateRpcVersion == ExchangeCertificateRpcVersion.Version1)
{
try
{
byte[] inBlob2 = exchangeCertificateRpc.SerializeInputParameters(exchangeCertificateRpcVersion);
ExchangeCertificateRpcClient exchangeCertificateRpcClient2 = new ExchangeCertificateRpcClient(destination);
outputBlob = exchangeCertificateRpcClient2.EnableCertificate(0, inBlob2);
}
catch (RpcException e)
{
ManageExchangeCertificate.ThrowLocalizedException(e, destination);
}
}
ExchangeCertificateRpc exchangeCertificateRpc2 = new ExchangeCertificateRpc(exchangeCertificateRpcVersion, null, outputBlob);
if (!string.IsNullOrEmpty(exchangeCertificateRpc2.ReturnTaskErrorString))
{
throw new InvalidOperationException(exchangeCertificateRpc2.ReturnTaskErrorString);
}
}
private static X509Certificate2 GetCert(string certificateThumbprint)
{
BaseUMconnectivityTester.SipPlatformConnectionManager.DebugTrace("Inside ConnectionManager GetCert() ", new object[0]);
if (!string.IsNullOrEmpty(certificateThumbprint))
{
certificateThumbprint = ManageExchangeCertificate.UnifyThumbprintFormat(certificateThumbprint);
}
X509Certificate2 certificateByThumbprintOrServerCertificate = CertificateUtils.GetCertificateByThumbprintOrServerCertificate(certificateThumbprint);
if (certificateByThumbprintOrServerCertificate == null)
{
throw new TUC_CertNotFound();
}
return(certificateByThumbprintOrServerCertificate);
}
// Token: 0x06000006 RID: 6 RVA: 0x000024D0 File Offset: 0x000006D0
private void PerformDistribution(List <CertificateRecord> certsRequired)
{
Servicelet.Tracer.TraceDebug((long)this.GetHashCode(), "PerformDistribution(): Entering");
List <CertificateRecord> list = new List <CertificateRecord>();
foreach (CertificateRecord certificateRecord in certsRequired)
{
string thumbprint = certificateRecord.Thumbprint;
Servicelet.Tracer.TraceDebug <string>((long)this.GetHashCode(), "Certificate Required: {0}", thumbprint);
ExchangeCertificate exchangeCertificate;
FederationTrustCertificateState federationTrustCertificateState = FederationCertificate.TestForCertificate(this.localServer.Name, thumbprint, out exchangeCertificate);
Servicelet.Tracer.TraceDebug <FederationTrustCertificateState>((long)this.GetHashCode(), "Certificate State: {0}", federationTrustCertificateState);
if (federationTrustCertificateState == FederationTrustCertificateState.NotInstalled)
{
list.Add(certificateRecord);
if (this.IsCurrentOrNextCertificate(certificateRecord))
{
this.eventLogger.LogEvent(MSExchangeCertificateDeploymentEventLogConstants.Tuple_NeedCertificate, null, new object[]
{
thumbprint
});
}
}
else if (federationTrustCertificateState == FederationTrustCertificateState.Installed)
{
if (this.IsCurrentOrNextCertificate(certificateRecord))
{
this.VerifyCertificateExpiration(exchangeCertificate);
}
if (!ManageExchangeCertificate.IsCertEnabledForNetworkService(exchangeCertificate))
{
Servicelet.Tracer.TraceDebug <string>((long)this.GetHashCode(), "Enabling for Network Service: {0}", thumbprint);
try
{
FederationCertificate.EnableCertificateForNetworkService(this.localServer.Name, thumbprint);
}
catch (LocalizedException ex)
{
Servicelet.Tracer.TraceError <LocalizedException>((long)this.GetHashCode(), "Failed to Enable for Network Service: {0}", ex);
this.eventLogger.LogEvent(MSExchangeCertificateDeploymentEventLogConstants.Tuple_EnableNetworkServiceException, null, new object[]
{
thumbprint,
ex
});
}
catch (InvalidOperationException ex2)
{
Servicelet.Tracer.TraceError <InvalidOperationException>((long)this.GetHashCode(), "Failed to Enable for Network Service: {0}", ex2);
this.eventLogger.LogEvent(MSExchangeCertificateDeploymentEventLogConstants.Tuple_EnableNetworkServiceException, null, new object[]
{
thumbprint,
ex2
});
}
}
}
}
if (list.Count != 0)
{
Dictionary <TopologySite, List <TopologyServer> > dictionary;
TopologySite topologySite;
FederationCertificate.DiscoverServers(this.session, true, out dictionary, out topologySite);
if (topologySite == null)
{
Servicelet.Tracer.TraceError((long)this.GetHashCode(), "Server is not associated with a site");
this.eventLogger.LogEvent(MSExchangeCertificateDeploymentEventLogConstants.Tuple_CannotFindLocalSite, null, null);
return;
}
List <TopologyServer> sourceServers;
if (dictionary.TryGetValue(topologySite, out sourceServers))
{
this.PullCertificate(sourceServers, list, this.localServer);
}
if (list.Count != 0)
{
foreach (KeyValuePair <TopologySite, List <TopologyServer> > keyValuePair in dictionary)
{
if (!keyValuePair.Key.Equals(topologySite))
{
this.PullCertificate(keyValuePair.Value, list, this.localServer);
if (list.Count == 0)
{
break;
}
}
}
}
}
foreach (CertificateRecord certificateRecord2 in list)
{
Servicelet.Tracer.TraceDebug <string>((long)this.GetHashCode(), "Certificate not found: {0}", certificateRecord2.Thumbprint);
if (this.IsCurrentOrNextCertificate(certificateRecord2))
{
this.eventLogger.LogEvent(MSExchangeCertificateDeploymentEventLogConstants.Tuple_CertificateNotFound, null, new object[]
{
certificateRecord2.Thumbprint
});
}
}
Servicelet.Tracer.TraceDebug((long)this.GetHashCode(), "PerformDistribution(): Exiting");
}
// Token: 0x06000A17 RID: 2583 RVA: 0x00045A78 File Offset: 0x00043C78
internal static void GetIMCertInfo(string thumbprint, out string certificateIssuer, out byte[] certificateSerial)
{
certificateIssuer = null;
certificateSerial = null;
X509Certificate2 x509Certificate = InstantMessageCertUtils.FindCertByThumbprint(ManageExchangeCertificate.UnifyThumbprintFormat(thumbprint));
if (x509Certificate != null && InstantMessageCertUtils.IsValid(x509Certificate))
{
InstantMessageCertUtils.DoesCertificateExpireSoon(x509Certificate);
certificateIssuer = x509Certificate.Issuer;
certificateSerial = x509Certificate.GetSerialNumber();
}
}
