Пример #1
0
        public static SmtpX509Identifier FopeCertificateName(int instance)
        {
            string[] defaultTable = new string[]
            {
                "CN=MSIT Machine Auth CA 2, DC=redmond, DC=corp, DC=microsoft, DC=com",
                "CN=CNNIC SSL, O=CNNIC SSL, C=CN",
                "CN=MS Passport Test Sub CA, DC=redmond, DC=corp, DC=microsoft, DC=com"
            };
            string[] defaultTable2 = new string[]
            {
                "CN=mail.protection.outlook.com, OU=Forefront Online Protection for Exchange, O=Microsoft, L=Redmond, S=WA, C=US",
                "CN=*.mail.protection.partner.outlook.cn, OU=Office365, O=Shanghai Blue Cloud Technology Co. Ltd, L=Shanghai, S=Shanghai, C=CN",
                "CN=*.mail.o365filtering-int.com, OU=Forefront Online Protection for Exchange, O=Microsoft, L=Redmond, S=Washington, C=US"
            };
            string[] defaultTable3 = new string[]
            {
                "AcceptCloudServicesMail",
                "AcceptCloudServicesMail",
                "AcceptCloudServicesMail"
            };
            string value  = Configuration.GetValue <string>("FopeCertificateIssuer", defaultTable, instance);
            string value2 = Configuration.GetValue <string>("FopeCertificateSubject", defaultTable2, instance);
            string value3 = Configuration.GetValue <string>("FopeCertificatePermissions", defaultTable3, instance);

            return(SmtpX509Identifier.Parse(string.Format("<I>{0}<S>{1}:{2}", value, value2, value3)));
        }
Пример #2
0
 public IReceiveConnector BuildExpectedReceiveConnector(ADObjectId server, SmtpX509Identifier tlsCertificateName, SmtpReceiveDomainCapabilities tlsDomainCapabilities)
 {
     return(new Microsoft.Exchange.Management.Hybrid.Entity.ReceiveConnector
     {
         Server = server,
         TlsCertificateName = tlsCertificateName,
         TlsDomainCapabilities = tlsDomainCapabilities
     });
 }
Пример #3
0
        public static string GetSubject(object tlsCertificateName)
        {
            SmtpX509Identifier smtpX509Identifier = tlsCertificateName as SmtpX509Identifier;

            if (smtpX509Identifier == null)
            {
                return(string.Empty);
            }
            return(smtpX509Identifier.CertificateSubject);
        }
Пример #4
0
 public IExchangeCertificate GetExchangeCertificate(string server, SmtpX509Identifier certificateName)
 {
     foreach (IExchangeCertificate exchangeCertificate in this.GetExchangeCertificate(server))
     {
         if (TaskCommon.AreEqual(exchangeCertificate.Identifier, certificateName))
         {
             return(exchangeCertificate);
         }
     }
     return(null);
 }
Пример #5
0
        private static HashSet <string> GetSearchableCertificates(IEnumerable <string> certificateFqdns)
        {
            HashSet <string> hashSet = new HashSet <string>();

            if (certificateFqdns != null && certificateFqdns.Any <string>())
            {
                foreach (string text in certificateFqdns)
                {
                    if (!string.IsNullOrWhiteSpace(text))
                    {
                        if (!hashSet.Contains(text))
                        {
                            hashSet.Add(text);
                        }
                        string             text2 = string.Empty;
                        string             text3 = string.Empty;
                        SmtpX509Identifier smtpX509Identifier;
                        SmtpDomain         smtpDomain;
                        if (SmtpX509Identifier.TryParse(text, out smtpX509Identifier))
                        {
                            if (smtpX509Identifier != null && smtpX509Identifier.SubjectCommonName != null && smtpX509Identifier.SubjectCommonName.SmtpDomain != null)
                            {
                                text2 = smtpX509Identifier.SubjectCommonName.SmtpDomain.Domain;
                            }
                        }
                        else if (SmtpDomain.TryParse(text, out smtpDomain) && smtpDomain != null)
                        {
                            text2 = smtpDomain.Domain;
                        }
                        if (!string.IsNullOrWhiteSpace(text2))
                        {
                            int num = -1;
                            do
                            {
                                num = text2.IndexOf('.', num + 1);
                                if (num != -1)
                                {
                                    if (!string.IsNullOrWhiteSpace(text3))
                                    {
                                        string item = "*." + text3;
                                        if (!hashSet.Contains(item))
                                        {
                                            hashSet.Add(item);
                                        }
                                    }
                                    text3 = text2.Substring(num + 1);
                                }
                            }while (num != -1);
                        }
                    }
                }
            }
            return(hashSet);
        }
Пример #6
0
        public InboundConnector(string name, SmtpX509Identifier tlsSenderCertificateName)
        {
            MultiValuedProperty <AddressSpace> multiValuedProperty = new MultiValuedProperty <AddressSpace>();

            multiValuedProperty.Add(new AddressSpace("*"));
            this.Name = name;
            this.TLSSenderCertificateName = TaskCommon.ToStringOrNull(tlsSenderCertificateName);
            this.ConnectorType            = TenantConnectorType.OnPremises;
            this.SenderDomains            = multiValuedProperty;
            this.RequireTls = true;
            this.CloudServicesMailEnabled = true;
        }
Пример #7
0
        private Exception ValidateCertificateForSmtp(SmtpSendConnectorConfig sendConnector)
        {
            SmtpX509Identifier tlsCertificateName = sendConnector.TlsCertificateName;

            if (sendConnector.SourceTransportServers.Count > 0)
            {
                ADObjectId                    adobjectId                    = sendConnector.SourceTransportServers[0];
                ExchangeCertificateRpc        exchangeCertificateRpc        = new ExchangeCertificateRpc();
                ExchangeCertificateRpcVersion exchangeCertificateRpcVersion = ExchangeCertificateRpcVersion.Version1;
                byte[] outputBlob = null;
                try
                {
                    byte[] inBlob = exchangeCertificateRpc.SerializeInputParameters(ExchangeCertificateRpcVersion.Version2);
                    ExchangeCertificateRpcClient2 exchangeCertificateRpcClient = new ExchangeCertificateRpcClient2(adobjectId.Name);
                    outputBlob = exchangeCertificateRpcClient.GetCertificate2(0, inBlob);
                    exchangeCertificateRpcVersion = ExchangeCertificateRpcVersion.Version2;
                }
                catch (RpcException)
                {
                    exchangeCertificateRpcVersion = ExchangeCertificateRpcVersion.Version1;
                }
                if (exchangeCertificateRpcVersion == ExchangeCertificateRpcVersion.Version1 && adobjectId.Name != null && adobjectId.DomainId != null && !string.IsNullOrEmpty(adobjectId.DistinguishedName))
                {
                    try
                    {
                        byte[] inBlob2 = exchangeCertificateRpc.SerializeInputParameters(exchangeCertificateRpcVersion);
                        ExchangeCertificateRpcClient exchangeCertificateRpcClient2 = new ExchangeCertificateRpcClient(adobjectId.Name);
                        outputBlob = exchangeCertificateRpcClient2.GetCertificate(0, inBlob2);
                    }
                    catch (RpcException)
                    {
                        return(null);
                    }
                }
                ExchangeCertificateRpc exchangeCertificateRpc2 = new ExchangeCertificateRpc(exchangeCertificateRpcVersion, null, outputBlob);
                foreach (ExchangeCertificate exchangeCertificate in exchangeCertificateRpc2.ReturnCertList)
                {
                    if (exchangeCertificate.Issuer.Equals(tlsCertificateName.CertificateIssuer) && exchangeCertificate.Subject.Equals(tlsCertificateName.CertificateSubject) && (exchangeCertificate.Services & AllowedServices.SMTP) != AllowedServices.SMTP)
                    {
                        return(new InvalidOperationException(Strings.SMTPNotEnabledForTlsCertificate));
                    }
                }
            }
            return(null);
        }
Пример #8
0
 public SendConnector(string name, MultiValuedProperty <AddressSpace> addressSpaces, MultiValuedProperty <ADObjectId> transportServers, string tlsDomain, SmtpX509Identifier tlsCertificateName, bool requireTLS, string fqdn)
 {
     this.Name                     = name;
     this.AddressSpaces            = addressSpaces;
     this.SourceTransportServers   = transportServers;
     this.DNSRoutingEnabled        = true;
     this.SmartHosts               = null;
     this.RequireTLS               = requireTLS;
     this.TlsAuthLevel             = (requireTLS ? new TlsAuthLevel?(Microsoft.Exchange.Data.TlsAuthLevel.DomainValidation) : null);
     this.TlsDomain                = (requireTLS ? tlsDomain : null);
     this.ErrorPolicies            = ErrorPolicies.Default;
     this.TlsCertificateName       = tlsCertificateName;
     this.CloudServicesMailEnabled = true;
     this.Fqdn                     = fqdn;
 }
Пример #9
0
 public IInboundConnector BuildExpectedInboundConnector(ADObjectId identity, string name, SmtpX509Identifier tlsCertificateName)
 {
     return(new InboundConnector(name, tlsCertificateName)
     {
         Identity = identity
     });
 }
Пример #10
0
 public ISendConnector BuildExpectedSendConnector(string name, string tenantCoexistenceDomain, MultiValuedProperty <ADObjectId> servers, string fqdn, string fopeCertificateSubjectDomainName, SmtpX509Identifier tlsCertificateName, bool enableSecureMail)
 {
     return(new Microsoft.Exchange.Management.Hybrid.Entity.SendConnector(name, new MultiValuedProperty <AddressSpace>
     {
         new AddressSpace(tenantCoexistenceDomain)
     }, servers, fopeCertificateSubjectDomainName, tlsCertificateName, enableSecureMail, fqdn));
 }
Пример #11
0
        public static IConfigurable PrepareDataObject(PropertyBag fields, HybridConfiguration dataObject, IConfigDataProvider dataSession, HybridConfigurationTaskUtility.GetUniqueObject getDataObjectFunc, Task.TaskErrorLoggingDelegate writeErrorFunc)
        {
            MultiValuedProperty <ADObjectId> clientAccessServers = dataObject.ClientAccessServers;

            if (fields.IsModified("ClientAccessServers"))
            {
                ADPropertyDefinition clientAccessServers2 = HybridConfigurationSchema.ClientAccessServers;
                HybridConfigurationTaskUtility.ServerCriterion[] array = new HybridConfigurationTaskUtility.ServerCriterion[2];
                array[0] = new HybridConfigurationTaskUtility.ServerCriterion((Server s) => s.IsClientAccessServer, new Func <string, LocalizedString>(HybridStrings.HybridErrorServerNotCAS));
                array[1] = new HybridConfigurationTaskUtility.ServerCriterion((Server s) => s.IsE14OrLater, new Func <string, LocalizedString>(HybridStrings.HybridErrorServerNotE14CAS));
                dataObject.ClientAccessServers = HybridConfigurationTaskUtility.ValidateServers(clientAccessServers2, dataSession, fields, getDataObjectFunc, writeErrorFunc, array);
            }
            if (fields.IsModified("SendingTransportServers"))
            {
                ADPropertyDefinition sendingTransportServers            = HybridConfigurationSchema.SendingTransportServers;
                HybridConfigurationTaskUtility.ServerCriterion[] array2 = new HybridConfigurationTaskUtility.ServerCriterion[2];
                array2[0] = new HybridConfigurationTaskUtility.ServerCriterion((Server s) => s.IsHubTransportServer, new Func <string, LocalizedString>(HybridStrings.HybridErrorSendingTransportServerNotHub));
                array2[1] = new HybridConfigurationTaskUtility.ServerCriterion((Server s) => s.IsE15OrLater, new Func <string, LocalizedString>(HybridStrings.HybridErrorSendingTransportServerNotE15Hub));
                dataObject.SendingTransportServers = HybridConfigurationTaskUtility.ValidateServers(sendingTransportServers, dataSession, fields, getDataObjectFunc, writeErrorFunc, array2);
            }
            if (fields.IsModified("ReceivingTransportServers"))
            {
                ADPropertyDefinition receivingTransportServers          = HybridConfigurationSchema.ReceivingTransportServers;
                HybridConfigurationTaskUtility.ServerCriterion[] array3 = new HybridConfigurationTaskUtility.ServerCriterion[2];
                array3[0] = new HybridConfigurationTaskUtility.ServerCriterion((Server s) => s.IsFrontendTransportServer, new Func <string, LocalizedString>(HybridStrings.HybridErrorReceivingTransportServerNotFrontEnd));
                array3[1] = new HybridConfigurationTaskUtility.ServerCriterion((Server s) => s.IsE15OrLater, new Func <string, LocalizedString>(HybridStrings.HybridErrorReceivingTransportServerNotE15FrontEnd));
                dataObject.ReceivingTransportServers = HybridConfigurationTaskUtility.ValidateServers(receivingTransportServers, dataSession, fields, getDataObjectFunc, writeErrorFunc, array3);
            }
            if (fields.IsModified("EdgeTransportServers"))
            {
                ADPropertyDefinition edgeTransportServers = HybridConfigurationSchema.EdgeTransportServers;
                HybridConfigurationTaskUtility.ServerCriterion[] array4 = new HybridConfigurationTaskUtility.ServerCriterion[2];
                array4[0] = new HybridConfigurationTaskUtility.ServerCriterion((Server s) => s.IsEdgeServer, new Func <string, LocalizedString>(HybridStrings.HybridErrorServerNotEdge));
                array4[1] = new HybridConfigurationTaskUtility.ServerCriterion((Server s) => s.IsE14Sp1OrLater, new Func <string, LocalizedString>(HybridStrings.HybridErrorServerNotE14Edge));
                dataObject.EdgeTransportServers = HybridConfigurationTaskUtility.ValidateServers(edgeTransportServers, dataSession, fields, getDataObjectFunc, writeErrorFunc, array4);
            }
            if (fields.IsModified("TlsCertificateName"))
            {
                string text = fields["TlsCertificateName"] as string;
                dataObject.TlsCertificateName = ((text == null) ? null : SmtpX509Identifier.Parse(text));
            }
            if (fields.IsModified("OnPremisesSmartHost"))
            {
                dataObject.OnPremisesSmartHost = (SmtpDomain)fields["OnPremisesSmartHost"];
            }
            if (fields.IsModified("Domains"))
            {
                dataObject.Domains = (MultiValuedProperty <AutoDiscoverSmtpDomain>)fields["Domains"];
            }
            if (fields.IsModified("Features"))
            {
                dataObject.Features = (MultiValuedProperty <HybridFeature>)fields["Features"];
            }
            if (fields.IsModified("ExternalIPAddresses"))
            {
                dataObject.ExternalIPAddresses = HybridConfigurationTaskUtility.ValidateExternalIPAddresses((MultiValuedProperty <IPRange>)fields["ExternalIPAddresses"], writeErrorFunc);
            }
            if (fields.IsModified("ServiceInstance"))
            {
                dataObject.ServiceInstance = (int)fields["ServiceInstance"];
            }
            return(dataObject);
        }
Пример #12
0
 public static string GetDomainFromSubject(SmtpX509Identifier certificateIdentity)
 {
     return(TaskCommon.GetDomainFromSubject(certificateIdentity.CertificateSubject));
 }
Пример #13
0
 public static bool AreEqual(SmtpX509Identifier a, SmtpX509Identifier b)
 {
     return(a == b || (a != null && b != null && a.Equals(b)));
 }