internal static void ValidateCertificate(ExchangeCertificate certificate, bool skipAutomatedDeploymentChecks) { ExchangeCertificateValidity exchangeCertificateValidity = ManageExchangeCertificate.ValidateExchangeCertificate(certificate, true); if (exchangeCertificateValidity != ExchangeCertificateValidity.Valid) { throw new FederationCertificateInvalidException(Strings.CertificateNotValidForExchange(certificate.Thumbprint, exchangeCertificateValidity.ToString())); } if (string.IsNullOrEmpty(certificate.SubjectKeyIdentifier)) { throw new FederationCertificateInvalidException(Strings.ErrorCertificateNoSKI(certificate.Thumbprint)); } if (!skipAutomatedDeploymentChecks && !certificate.PrivateKeyExportable) { throw new FederationCertificateInvalidException(Strings.ErrorCertificateNotExportable(certificate.Thumbprint)); } if (!string.Equals(certificate.GetKeyAlgorithm(), WellKnownOid.RsaRsa.Value, StringComparison.OrdinalIgnoreCase)) { throw new FederationCertificateInvalidException(Strings.ErrorCertificateNotRSA(certificate.Thumbprint)); } if (TlsCertificateInfo.IsCNGProvider(certificate)) { throw new FederationCertificateInvalidException(Strings.ErrorCertificateNotCAPI(certificate.Thumbprint)); } if ((ExDateTime)certificate.NotAfter < ExDateTime.UtcNow && (ExDateTime)certificate.NotBefore > ExDateTime.UtcNow) { throw new FederationCertificateInvalidException(Strings.ErrorCertificateHasExpired(certificate.Thumbprint)); } }
internal static string ExportCertificate(string source, SecureString securePassword, string thumbprint) { if (string.IsNullOrEmpty(source)) { throw new ArgumentNullException("source"); } if (securePassword == null) { throw new ArgumentNullException("securePassword"); } if (string.IsNullOrEmpty(thumbprint)) { throw new ArgumentNullException("thumbprint"); } ExchangeCertificateRpc exchangeCertificateRpc = new ExchangeCertificateRpc(); exchangeCertificateRpc.ExportByThumbprint = thumbprint; exchangeCertificateRpc.ExportBinary = true; ExchangeCertificateRpcVersion exchangeCertificateRpcVersion = ExchangeCertificateRpcVersion.Version1; byte[] outputBlob = null; try { byte[] inBlob = exchangeCertificateRpc.SerializeInputParameters(ExchangeCertificateRpcVersion.Version2); ExchangeCertificateRpcClient2 exchangeCertificateRpcClient = new ExchangeCertificateRpcClient2(source); outputBlob = exchangeCertificateRpcClient.ExportCertificate2(0, inBlob, securePassword); exchangeCertificateRpcVersion = ExchangeCertificateRpcVersion.Version2; } catch (RpcException) { exchangeCertificateRpcVersion = ExchangeCertificateRpcVersion.Version1; } if (exchangeCertificateRpcVersion == ExchangeCertificateRpcVersion.Version1) { try { byte[] inBlob2 = exchangeCertificateRpc.SerializeInputParameters(exchangeCertificateRpcVersion); ExchangeCertificateRpcClient exchangeCertificateRpcClient2 = new ExchangeCertificateRpcClient(source); outputBlob = exchangeCertificateRpcClient2.ExportCertificate(0, inBlob2, securePassword); } catch (RpcException e) { ManageExchangeCertificate.ThrowLocalizedException(e, source); } } ExchangeCertificateRpc exchangeCertificateRpc2 = new ExchangeCertificateRpc(exchangeCertificateRpcVersion, null, outputBlob); if (!string.IsNullOrEmpty(exchangeCertificateRpc2.ReturnTaskErrorString)) { throw new InvalidOperationException(exchangeCertificateRpc2.ReturnTaskErrorString); } return(Convert.ToBase64String(exchangeCertificateRpc2.ReturnExportFileData)); }
internal static void ImportCertificate(string destination, SecureString securePassword, string base64cert) { if (string.IsNullOrEmpty(destination)) { throw new ArgumentNullException("destination"); } if (securePassword == null) { throw new ArgumentNullException("securePassword"); } if (string.IsNullOrEmpty(base64cert)) { throw new ArgumentNullException("base64cert"); } ExchangeCertificateRpc exchangeCertificateRpc = new ExchangeCertificateRpc(); exchangeCertificateRpc.ImportCert = base64cert; exchangeCertificateRpc.ImportExportable = true; ExchangeCertificateRpcVersion exchangeCertificateRpcVersion = ExchangeCertificateRpcVersion.Version1; byte[] outputBlob = null; try { byte[] inBlob = exchangeCertificateRpc.SerializeInputParameters(ExchangeCertificateRpcVersion.Version2); ExchangeCertificateRpcClient2 exchangeCertificateRpcClient = new ExchangeCertificateRpcClient2(destination); outputBlob = exchangeCertificateRpcClient.ImportCertificate2(0, inBlob, securePassword); exchangeCertificateRpcVersion = ExchangeCertificateRpcVersion.Version2; } catch (RpcException) { exchangeCertificateRpcVersion = ExchangeCertificateRpcVersion.Version1; } if (exchangeCertificateRpcVersion == ExchangeCertificateRpcVersion.Version1) { try { byte[] inBlob2 = exchangeCertificateRpc.SerializeInputParameters(exchangeCertificateRpcVersion); ExchangeCertificateRpcClient exchangeCertificateRpcClient2 = new ExchangeCertificateRpcClient(destination); outputBlob = exchangeCertificateRpcClient2.ImportCertificate(0, inBlob2, securePassword); } catch (RpcException e) { ManageExchangeCertificate.ThrowLocalizedException(e, destination); } } ExchangeCertificateRpc exchangeCertificateRpc2 = new ExchangeCertificateRpc(exchangeCertificateRpcVersion, null, outputBlob); if (!string.IsNullOrEmpty(exchangeCertificateRpc2.ReturnTaskErrorString)) { throw new InvalidOperationException(exchangeCertificateRpc2.ReturnTaskErrorString); } }
internal static void EnableCertificateForNetworkService(string destination, string thumbprint) { if (string.IsNullOrEmpty(destination)) { throw new ArgumentNullException("destination"); } if (string.IsNullOrEmpty(thumbprint)) { throw new ArgumentNullException("thumbprint"); } ExchangeCertificateRpc exchangeCertificateRpc = new ExchangeCertificateRpc(); exchangeCertificateRpc.EnableByThumbprint = thumbprint; exchangeCertificateRpc.EnableNetworkService = true; exchangeCertificateRpc.EnableServices = AllowedServices.None; ExchangeCertificateRpcVersion exchangeCertificateRpcVersion = ExchangeCertificateRpcVersion.Version1; byte[] outputBlob = null; try { byte[] inBlob = exchangeCertificateRpc.SerializeInputParameters(ExchangeCertificateRpcVersion.Version2); ExchangeCertificateRpcClient2 exchangeCertificateRpcClient = new ExchangeCertificateRpcClient2(destination); outputBlob = exchangeCertificateRpcClient.EnableCertificate2(0, inBlob); exchangeCertificateRpcVersion = ExchangeCertificateRpcVersion.Version2; } catch (RpcException) { exchangeCertificateRpcVersion = ExchangeCertificateRpcVersion.Version1; } if (exchangeCertificateRpcVersion == ExchangeCertificateRpcVersion.Version1) { try { byte[] inBlob2 = exchangeCertificateRpc.SerializeInputParameters(exchangeCertificateRpcVersion); ExchangeCertificateRpcClient exchangeCertificateRpcClient2 = new ExchangeCertificateRpcClient(destination); outputBlob = exchangeCertificateRpcClient2.EnableCertificate(0, inBlob2); } catch (RpcException e) { ManageExchangeCertificate.ThrowLocalizedException(e, destination); } } ExchangeCertificateRpc exchangeCertificateRpc2 = new ExchangeCertificateRpc(exchangeCertificateRpcVersion, null, outputBlob); if (!string.IsNullOrEmpty(exchangeCertificateRpc2.ReturnTaskErrorString)) { throw new InvalidOperationException(exchangeCertificateRpc2.ReturnTaskErrorString); } }
private static X509Certificate2 GetCert(string certificateThumbprint) { BaseUMconnectivityTester.SipPlatformConnectionManager.DebugTrace("Inside ConnectionManager GetCert() ", new object[0]); if (!string.IsNullOrEmpty(certificateThumbprint)) { certificateThumbprint = ManageExchangeCertificate.UnifyThumbprintFormat(certificateThumbprint); } X509Certificate2 certificateByThumbprintOrServerCertificate = CertificateUtils.GetCertificateByThumbprintOrServerCertificate(certificateThumbprint); if (certificateByThumbprintOrServerCertificate == null) { throw new TUC_CertNotFound(); } return(certificateByThumbprintOrServerCertificate); }
// Token: 0x06000006 RID: 6 RVA: 0x000024D0 File Offset: 0x000006D0 private void PerformDistribution(List <CertificateRecord> certsRequired) { Servicelet.Tracer.TraceDebug((long)this.GetHashCode(), "PerformDistribution(): Entering"); List <CertificateRecord> list = new List <CertificateRecord>(); foreach (CertificateRecord certificateRecord in certsRequired) { string thumbprint = certificateRecord.Thumbprint; Servicelet.Tracer.TraceDebug <string>((long)this.GetHashCode(), "Certificate Required: {0}", thumbprint); ExchangeCertificate exchangeCertificate; FederationTrustCertificateState federationTrustCertificateState = FederationCertificate.TestForCertificate(this.localServer.Name, thumbprint, out exchangeCertificate); Servicelet.Tracer.TraceDebug <FederationTrustCertificateState>((long)this.GetHashCode(), "Certificate State: {0}", federationTrustCertificateState); if (federationTrustCertificateState == FederationTrustCertificateState.NotInstalled) { list.Add(certificateRecord); if (this.IsCurrentOrNextCertificate(certificateRecord)) { this.eventLogger.LogEvent(MSExchangeCertificateDeploymentEventLogConstants.Tuple_NeedCertificate, null, new object[] { thumbprint }); } } else if (federationTrustCertificateState == FederationTrustCertificateState.Installed) { if (this.IsCurrentOrNextCertificate(certificateRecord)) { this.VerifyCertificateExpiration(exchangeCertificate); } if (!ManageExchangeCertificate.IsCertEnabledForNetworkService(exchangeCertificate)) { Servicelet.Tracer.TraceDebug <string>((long)this.GetHashCode(), "Enabling for Network Service: {0}", thumbprint); try { FederationCertificate.EnableCertificateForNetworkService(this.localServer.Name, thumbprint); } catch (LocalizedException ex) { Servicelet.Tracer.TraceError <LocalizedException>((long)this.GetHashCode(), "Failed to Enable for Network Service: {0}", ex); this.eventLogger.LogEvent(MSExchangeCertificateDeploymentEventLogConstants.Tuple_EnableNetworkServiceException, null, new object[] { thumbprint, ex }); } catch (InvalidOperationException ex2) { Servicelet.Tracer.TraceError <InvalidOperationException>((long)this.GetHashCode(), "Failed to Enable for Network Service: {0}", ex2); this.eventLogger.LogEvent(MSExchangeCertificateDeploymentEventLogConstants.Tuple_EnableNetworkServiceException, null, new object[] { thumbprint, ex2 }); } } } } if (list.Count != 0) { Dictionary <TopologySite, List <TopologyServer> > dictionary; TopologySite topologySite; FederationCertificate.DiscoverServers(this.session, true, out dictionary, out topologySite); if (topologySite == null) { Servicelet.Tracer.TraceError((long)this.GetHashCode(), "Server is not associated with a site"); this.eventLogger.LogEvent(MSExchangeCertificateDeploymentEventLogConstants.Tuple_CannotFindLocalSite, null, null); return; } List <TopologyServer> sourceServers; if (dictionary.TryGetValue(topologySite, out sourceServers)) { this.PullCertificate(sourceServers, list, this.localServer); } if (list.Count != 0) { foreach (KeyValuePair <TopologySite, List <TopologyServer> > keyValuePair in dictionary) { if (!keyValuePair.Key.Equals(topologySite)) { this.PullCertificate(keyValuePair.Value, list, this.localServer); if (list.Count == 0) { break; } } } } } foreach (CertificateRecord certificateRecord2 in list) { Servicelet.Tracer.TraceDebug <string>((long)this.GetHashCode(), "Certificate not found: {0}", certificateRecord2.Thumbprint); if (this.IsCurrentOrNextCertificate(certificateRecord2)) { this.eventLogger.LogEvent(MSExchangeCertificateDeploymentEventLogConstants.Tuple_CertificateNotFound, null, new object[] { certificateRecord2.Thumbprint }); } } Servicelet.Tracer.TraceDebug((long)this.GetHashCode(), "PerformDistribution(): Exiting"); }
// Token: 0x06000A17 RID: 2583 RVA: 0x00045A78 File Offset: 0x00043C78 internal static void GetIMCertInfo(string thumbprint, out string certificateIssuer, out byte[] certificateSerial) { certificateIssuer = null; certificateSerial = null; X509Certificate2 x509Certificate = InstantMessageCertUtils.FindCertByThumbprint(ManageExchangeCertificate.UnifyThumbprintFormat(thumbprint)); if (x509Certificate != null && InstantMessageCertUtils.IsValid(x509Certificate)) { InstantMessageCertUtils.DoesCertificateExpireSoon(x509Certificate); certificateIssuer = x509Certificate.Issuer; certificateSerial = x509Certificate.GetSerialNumber(); } }