public ServiceData(string domain, AllowedServices flags)
{
this.domain = domain;
this.thumbprint = null;
this.flag = flags;
this.iisServices = new List <IisService>();
}
protected void EnableForServices(X509Certificate2 cert, AllowedServices services)
{
try
{
ManageExchangeCertificate.EnableForServices(cert, services, this.webSiteName, !this.DoNotRequireSsl, (ITopologyConfigurationSession)base.DataSession, this.localServer, null, false, this.NetworkServiceAllowed);
}
catch (IISNotInstalledException)
{
base.WriteError(new ArgumentException(Strings.IISNotInstalled, "Services"), ErrorCategory.InvalidArgument, null);
}
catch (InvalidOperationException exception)
{
base.WriteError(exception, ErrorCategory.ObjectNotFound, null);
}
catch (LocalizedException exception2)
{
base.WriteError(exception2, ErrorCategory.NotSpecified, null);
}
}
protected override void InternalProcessRecord()
{
X509Certificate2 x509Certificate = null;
if (!string.IsNullOrEmpty(this.thumbprint))
{
this.thumbprint = ManageExchangeCertificate.UnifyThumbprintFormat(this.thumbprint);
x509Certificate = this.FindCertificate(this.thumbprint);
if (x509Certificate == null)
{
base.WriteError(new ArgumentException(Strings.CertificateNotFound(this.thumbprint), "Thumbprint"), ErrorCategory.InvalidArgument, this.thumbprint);
}
}
else
{
AllowedServices allowedServices = this.Services;
if (allowedServices != AllowedServices.IIS && allowedServices != (AllowedServices.IMAP | AllowedServices.POP | AllowedServices.IIS))
{
if (allowedServices != AllowedServices.SMTP)
{
return;
}
}
else
{
x509Certificate = this.FindIisCertificate();
}
if (x509Certificate == null && this.Services != AllowedServices.SMTP)
{
try
{
x509Certificate = InstallExchangeCertificate.GetDefaultCertificate();
}
catch (ArgumentException exception)
{
base.WriteError(exception, ErrorCategory.InvalidData, null);
return;
}
}
if (x509Certificate == null)
{
if (!this.rawDomains.Any <string>())
{
base.WriteError(new UnableToResolveValidDomainExchangeCertificateTasksException(ComputerInformation.DnsHostName, ComputerInformation.DnsPhysicalHostName, ComputerInformation.DnsFullyQualifiedDomainName, ComputerInformation.DnsPhysicalFullyQualifiedDomainName), ErrorCategory.InvalidOperation, null);
}
try
{
x509Certificate = this.GenerateSelfSignedCertificate();
}
catch (CryptographicException exception2)
{
base.WriteError(exception2, ErrorCategory.InvalidOperation, null);
}
}
if (x509Certificate != null && this.InstallInTrustedRootCAIfSelfSigned && TlsCertificateInfo.IsSelfSignedCertificate(x509Certificate))
{
TlsCertificateInfo.TryInstallCertificateInTrustedRootCA(x509Certificate);
}
}
base.WriteVerbose(Strings.CertificateInformation(x509Certificate.Issuer, x509Certificate.NotBefore, x509Certificate.NotAfter, x509Certificate.Subject));
if ((DateTime)ExDateTime.Now < x509Certificate.NotBefore || (DateTime)ExDateTime.Now > x509Certificate.NotAfter)
{
base.WriteError(new CryptographicException(Strings.CertificateStatusDateInvalid), ErrorCategory.InvalidData, null);
}
try
{
this.EnableForServices(x509Certificate, this.Services);
}
catch (IISNotInstalledException)
{
base.WriteError(new ArgumentException(Strings.IISNotInstalled, "Services"), ErrorCategory.InvalidArgument, null);
}
catch (InvalidOperationException exception3)
{
base.WriteError(exception3, ErrorCategory.ObjectNotFound, null);
}
}
protected override void InternalProcessRecord()
{
base.InternalProcessRecord();
if (base.HasErrors)
{
return;
}
ExchangeCertificateRpcVersion exchangeCertificateRpcVersion = ExchangeCertificateRpcVersion.Version1;
byte[] outputBlob = null;
try
{
byte[] inBlob = this.inputParams.SerializeInputParameters(ExchangeCertificateRpcVersion.Version2);
ExchangeCertificateRpcClient2 exchangeCertificateRpcClient = new ExchangeCertificateRpcClient2(this.serverObject.Name);
outputBlob = exchangeCertificateRpcClient.CreateCertificate2(0, inBlob);
exchangeCertificateRpcVersion = ExchangeCertificateRpcVersion.Version2;
}
catch (RpcException)
{
exchangeCertificateRpcVersion = ExchangeCertificateRpcVersion.Version1;
}
if (exchangeCertificateRpcVersion == ExchangeCertificateRpcVersion.Version1)
{
try
{
byte[] inBlob2 = this.inputParams.SerializeInputParameters(ExchangeCertificateRpcVersion.Version1);
ExchangeCertificateRpcClient exchangeCertificateRpcClient2 = new ExchangeCertificateRpcClient(this.serverObject.Name);
outputBlob = exchangeCertificateRpcClient2.CreateCertificate(0, inBlob2);
}
catch (RpcException e)
{
ManageExchangeCertificate.WriteRpcError(e, this.serverObject.Name, new Task.TaskErrorLoggingDelegate(base.WriteError));
}
}
ExchangeCertificateRpc exchangeCertificateRpc = new ExchangeCertificateRpc(exchangeCertificateRpcVersion, null, outputBlob);
ExchangeCertificateRpc.OutputTaskMessages(this.serverObject, exchangeCertificateRpc, new Task.TaskWarningLoggingDelegate(this.WriteWarning), new Task.TaskErrorLoggingDelegate(base.WriteError));
if (this.GenerateRequest)
{
this.ProcessRequestResults(exchangeCertificateRpc.ReturnCert, exchangeCertificateRpc.ReturnCertRequest);
return;
}
if (exchangeCertificateRpc.ReturnConfirmationList != null)
{
foreach (KeyValuePair <AllowedServices, LocalizedString> keyValuePair in exchangeCertificateRpc.ReturnConfirmationList)
{
if (base.ShouldContinue(keyValuePair.Value))
{
ExchangeCertificateRpc exchangeCertificateRpc2 = new ExchangeCertificateRpc();
exchangeCertificateRpc2.EnableAllowConfirmation = false;
exchangeCertificateRpc2.EnableServices = keyValuePair.Key;
AllowedServices key = keyValuePair.Key;
if (key == AllowedServices.SMTP)
{
exchangeCertificateRpc2.EnableUpdateAD = true;
}
exchangeCertificateRpc2.EnableByThumbprint = exchangeCertificateRpc.ReturnCert.Thumbprint;
try
{
byte[] inBlob3 = exchangeCertificateRpc2.SerializeInputParameters(exchangeCertificateRpcVersion);
if (exchangeCertificateRpcVersion == ExchangeCertificateRpcVersion.Version1)
{
ExchangeCertificateRpcClient exchangeCertificateRpcClient3 = new ExchangeCertificateRpcClient(this.serverObject.Name);
outputBlob = exchangeCertificateRpcClient3.EnableCertificate(0, inBlob3);
}
else
{
ExchangeCertificateRpcClient2 exchangeCertificateRpcClient4 = new ExchangeCertificateRpcClient2(this.serverObject.Name);
outputBlob = exchangeCertificateRpcClient4.EnableCertificate2(0, inBlob3);
}
exchangeCertificateRpc.ReturnCert.Services |= keyValuePair.Key;
}
catch (RpcException e2)
{
ManageExchangeCertificate.WriteRpcError(e2, this.serverObject.Name, new Task.TaskErrorLoggingDelegate(base.WriteError));
}
ExchangeCertificateRpc outputValues = new ExchangeCertificateRpc(exchangeCertificateRpcVersion, null, outputBlob);
ExchangeCertificateRpc.OutputTaskMessages(this.serverObject, outputValues, new Task.TaskWarningLoggingDelegate(this.WriteWarning), new Task.TaskErrorLoggingDelegate(base.WriteError));
}
}
}
exchangeCertificateRpc.ReturnCert.Identity = this.serverObject.Fqdn + "\\" + exchangeCertificateRpc.ReturnCert.Thumbprint;
base.WriteObject(exchangeCertificateRpc.ReturnCert);
}
protected override void InternalProcessRecord()
{
base.InternalProcessRecord();
if (base.HasErrors)
{
return;
}
ExchangeCertificateRpc exchangeCertificateRpc = new ExchangeCertificateRpc();
exchangeCertificateRpc.EnableByThumbprint = this.Thumbprint;
exchangeCertificateRpc.EnableServices = this.Services;
exchangeCertificateRpc.RequireSsl = !this.DoNotRequireSsl;
exchangeCertificateRpc.EnableAllowConfirmation = !this.Force;
exchangeCertificateRpc.EnableNetworkService = this.NetworkServiceAllowed;
ExchangeCertificateRpcVersion exchangeCertificateRpcVersion = ExchangeCertificateRpcVersion.Version1;
byte[] outputBlob = null;
try
{
byte[] inBlob = exchangeCertificateRpc.SerializeInputParameters(ExchangeCertificateRpcVersion.Version2);
ExchangeCertificateRpcClient2 exchangeCertificateRpcClient = new ExchangeCertificateRpcClient2(this.serverObject.Name);
outputBlob = exchangeCertificateRpcClient.EnableCertificate2(0, inBlob);
exchangeCertificateRpcVersion = ExchangeCertificateRpcVersion.Version2;
}
catch (RpcException)
{
exchangeCertificateRpcVersion = ExchangeCertificateRpcVersion.Version1;
}
if (exchangeCertificateRpcVersion == ExchangeCertificateRpcVersion.Version1)
{
try
{
byte[] inBlob2 = exchangeCertificateRpc.SerializeInputParameters(exchangeCertificateRpcVersion);
ExchangeCertificateRpcClient exchangeCertificateRpcClient2 = new ExchangeCertificateRpcClient(this.serverObject.Name);
outputBlob = exchangeCertificateRpcClient2.EnableCertificate(0, inBlob2);
}
catch (RpcException e)
{
ManageExchangeCertificate.WriteRpcError(e, this.serverObject.Name, new Task.TaskErrorLoggingDelegate(base.WriteError));
}
}
ExchangeCertificateRpc exchangeCertificateRpc2 = new ExchangeCertificateRpc(exchangeCertificateRpcVersion, null, outputBlob);
ExchangeCertificateRpc.OutputTaskMessages(this.serverObject, exchangeCertificateRpc2, new Task.TaskWarningLoggingDelegate(this.WriteWarning), new Task.TaskErrorLoggingDelegate(base.WriteError));
if (exchangeCertificateRpc2.ReturnConfirmationList != null)
{
foreach (KeyValuePair <AllowedServices, LocalizedString> keyValuePair in exchangeCertificateRpc2.ReturnConfirmationList)
{
if (base.ShouldContinue(keyValuePair.Value))
{
ExchangeCertificateRpc exchangeCertificateRpc3 = new ExchangeCertificateRpc();
exchangeCertificateRpc3.EnableAllowConfirmation = false;
exchangeCertificateRpc3.EnableByThumbprint = this.Thumbprint;
exchangeCertificateRpc3.RequireSsl = !this.DoNotRequireSsl;
exchangeCertificateRpc3.EnableNetworkService = this.NetworkServiceAllowed;
exchangeCertificateRpc3.EnableServices = keyValuePair.Key;
AllowedServices key = keyValuePair.Key;
if (key == AllowedServices.SMTP)
{
exchangeCertificateRpc3.EnableUpdateAD = true;
}
try
{
byte[] inBlob3 = exchangeCertificateRpc3.SerializeInputParameters(exchangeCertificateRpcVersion);
if (exchangeCertificateRpcVersion == ExchangeCertificateRpcVersion.Version1)
{
ExchangeCertificateRpcClient exchangeCertificateRpcClient3 = new ExchangeCertificateRpcClient(this.serverObject.Name);
outputBlob = exchangeCertificateRpcClient3.EnableCertificate(0, inBlob3);
}
else
{
ExchangeCertificateRpcClient2 exchangeCertificateRpcClient4 = new ExchangeCertificateRpcClient2(this.serverObject.Name);
outputBlob = exchangeCertificateRpcClient4.EnableCertificate2(0, inBlob3);
}
}
catch (RpcException e2)
{
ManageExchangeCertificate.WriteRpcError(e2, this.serverObject.Name, new Task.TaskErrorLoggingDelegate(base.WriteError));
}
exchangeCertificateRpc2 = new ExchangeCertificateRpc(exchangeCertificateRpcVersion, null, outputBlob);
ExchangeCertificateRpc.OutputTaskMessages(this.serverObject, exchangeCertificateRpc2, new Task.TaskWarningLoggingDelegate(this.WriteWarning), new Task.TaskErrorLoggingDelegate(base.WriteError));
}
}
}
}
internal Dictionary <RpcOutput, object> BuildOutputParameters(byte[] blob)
{
Dictionary <RpcOutput, object> dictionary = new Dictionary <RpcOutput, object>();
object[] array = (object[])this.DeserializeObject(blob, false);
for (int i = 0; i < array.Length; i += 2)
{
RpcOutput rpcOutput = (RpcOutput)this.DeserializeObject((byte[])array[i], true);
object obj = this.DeserializeObject((byte[])array[i + 1], true);
if (obj != null)
{
RpcOutput rpcOutput2 = rpcOutput;
switch (rpcOutput2)
{
case RpcOutput.ExchangeCertList:
{
List <ExchangeCertificate> list = new List <ExchangeCertificate>();
foreach (object obj2 in (object[])obj)
{
list.Add(new ExchangeCertificate((object[])this.DeserializeObject((byte[])obj2, true)));
}
obj = list;
break;
}
case RpcOutput.ExchangeCert:
obj = new ExchangeCertificate((object[])obj);
break;
default:
switch (rpcOutput2)
{
case RpcOutput.TaskWarningList:
{
List <LocalizedString> list2 = new List <LocalizedString>();
foreach (object obj3 in (object[])obj)
{
list2.Add((LocalizedString)this.DeserializeObject((byte[])obj3, true));
}
obj = list2;
break;
}
case RpcOutput.TaskConfirmationList:
{
object[] array4 = (object[])obj;
Dictionary <AllowedServices, LocalizedString> dictionary2 = new Dictionary <AllowedServices, LocalizedString>();
for (int l = 0; l < array4.Length; l += 2)
{
AllowedServices key = (AllowedServices)this.DeserializeObject((byte[])array4[l], true);
LocalizedString value = (LocalizedString)this.DeserializeObject((byte[])array4[l + 1], true);
dictionary2[key] = value;
}
obj = dictionary2;
break;
}
}
break;
}
}
dictionary[rpcOutput] = obj;
}
return(dictionary);
}
internal static Dictionary <AllowedServices, LocalizedString> EnableForServices(X509Certificate2 cert, AllowedServices services, string websiteName, bool requireSsl, ITopologyConfigurationSession dataSession, Server server, List <LocalizedString> warningList, bool allowConfirmation, bool forceNetworkService)
{
Dictionary <AllowedServices, LocalizedString> dictionary = new Dictionary <AllowedServices, LocalizedString>(3);
if (dataSession == null)
{
throw new ArgumentNullException("dataSession");
}
if (server == null)
{
throw new ArgumentNullException("server");
}
if ((services & AllowedServices.IIS) != AllowedServices.None)
{
if (allowConfirmation && !IisUtility.SslRequiredOnTheRoot(null) && requireSsl)
{
dictionary[AllowedServices.IIS] = Strings.ConfirmEnforceRequireSslOnRoot;
}
else
{
IisUtility.SetSslCertificateByName(websiteName, cert, requireSsl);
}
}
if ((services & AllowedServices.POP) != AllowedServices.None || (services & AllowedServices.IMAP) != AllowedServices.None || (services & AllowedServices.SMTP) != AllowedServices.None || forceNetworkService)
{
AccessRule rule = new CryptoKeyAccessRule(new SecurityIdentifier(WellKnownSidType.NetworkServiceSid, null), CryptoKeyRights.GenericRead, AccessControlType.Allow);
try
{
TlsCertificateInfo.AddAccessRule(cert, rule);
}
catch (CryptographicException innerException)
{
throw new AddAccessRuleCryptographicException(cert.Thumbprint, innerException);
}
catch (ArgumentException innerException2)
{
throw new AddAccessRuleArgumentException(cert.Thumbprint, innerException2);
}
catch (UnauthorizedAccessException innerException3)
{
throw new AddAccessRuleUnauthorizedAccessException(cert.Thumbprint, innerException3);
}
catch (COMException innerException4)
{
throw new AddAccessRuleCOMException(cert.Thumbprint, innerException4);
}
}
if ((services & AllowedServices.SMTP) != AllowedServices.None)
{
ManageExchangeCertificate.WarnIfNotBestMatch(new ExchangeCertificate(cert), dataSession, server, warningList);
LocalizedString localizedString = ManageExchangeCertificate.UpdateActiveDirectory(cert, dataSession, server, warningList, allowConfirmation);
if (localizedString != LocalizedString.Empty)
{
dictionary[AllowedServices.SMTP] = localizedString;
}
}
if ((services & AllowedServices.POP) != AllowedServices.None)
{
ManageExchangeCertificate.SetPop3Certificate(cert, dataSession, warningList);
}
if ((services & AllowedServices.IMAP) != AllowedServices.None)
{
ManageExchangeCertificate.SetImap4Certificate(cert, dataSession, warningList);
}
if ((services & AllowedServices.UM) != AllowedServices.None)
{
ManageExchangeCertificate.SetUMCertificate(cert, server, dataSession, allowConfirmation, dictionary, warningList);
}
if ((services & AllowedServices.UMCallRouter) != AllowedServices.None)
{
ManageExchangeCertificate.SetUMCallRouterCertificate(cert, server, dataSession, allowConfirmation, dictionary, warningList);
}
if (dictionary.Count <= 0)
{
return(null);
}
return(dictionary);
}
internal static Dictionary <AllowedServices, LocalizedString> EnableForServices(X509Certificate2 cert, AllowedServices services, bool requireSsl, ITopologyConfigurationSession dataSession, Server server, List <LocalizedString> warningList, bool allowConfirmation, bool forceNetworkService)
{
return(ManageExchangeCertificate.EnableForServices(cert, services, null, requireSsl, dataSession, server, warningList, allowConfirmation, forceNetworkService));
}
