Beispiel #1
0
        public int Run(UserInput userInput)
        {
            try {
                var certificatesCommonName = userInput.ServiceHostname;

                _logger.LogDebug($"User Input VC: {userInput.Psc}");
                _logger.LogDebug($"User Input VC User: {userInput.User}");
                _logger.LogDebug($"User Input VC Thumbprint: {userInput.VcThumbprint}");
                _logger.LogDebug($"User Input Force Specified: {userInput.ForceSpecified}");

                userInput.EnsureIsValid(SetupFlowType.RegisterWithVC);

                // --- InMemory Certificates ---
                X509Certificate2 signCertificate = null;
                X509Certificate2 tlsCertificate  = null;
                // --- InMemory Certificates ---


                K8sSettings k8sSettings = null;
                if (userInput.K8sSettings != null && File.Exists(userInput.K8sSettings))
                {
                    k8sSettings = JsonConvert.DeserializeObject <K8sSettings>(File.ReadAllText(userInput.K8sSettings));
                }

                var configWriter = new K8sConfigWriter(_loggerFactory, k8sSettings);

                // --- Signing Certificate ---
                if (!string.IsNullOrEmpty(userInput.SigningCertificatePath) &&
                    File.Exists(userInput.SigningCertificatePath))
                {
                    _logger.LogInformation($"Load signing certificate from path {userInput.SigningCertificatePath}");
                    signCertificate = new X509Certificate2(userInput.SigningCertificatePath);
                }
                else
                {
                    _logger.LogInformation("Generate signing self-signed certificate");
                    var signingCertGen = new SigningCertificateGenerator(
                        _loggerFactory,
                        certificatesCommonName,
                        configWriter);

                    signCertificate = signingCertGen.Generate(Constants.SignCertificateSecretName);
                    if (signCertificate == null)
                    {
                        _logger.LogError("Generate signing self-signed certificate failed.");
                        return(3);
                    }
                }
                // --- Signing Certificate ---

                // --- TLS Certificate ---
                if (!string.IsNullOrEmpty(userInput.TlsCertificatePath) &&
                    File.Exists(userInput.TlsCertificatePath))
                {
                    _logger.LogInformation($"Load tls certificate from path {userInput.TlsCertificatePath}");
                    tlsCertificate = new X509Certificate2(userInput.TlsCertificatePath);
                }
                else
                {
                    _logger.LogInformation("Generate tls self-signed certificate");
                    var tlsCertGen = new TlsCertificateGenerator(
                        _loggerFactory,
                        certificatesCommonName,
                        configWriter);

                    tlsCertificate = tlsCertGen.Generate(Constants.TlsCertificateSecretName);
                    if (tlsCertificate == null)
                    {
                        _logger.LogError("Generate tls self-signed certificate failed.");
                        return(4);
                    }
                }
                // --- TLS Certificate ---

                // === VC Registration Actions ===
                X509CertificateValidator certificateValidator = null;
                if (userInput.ForceSpecified)
                {
                    certificateValidator = new AcceptAllX509CertificateValidator();
                }
                else if (!string.IsNullOrEmpty(userInput.VcThumbprint))
                {
                    certificateValidator = new SpecifiedCertificateThumbprintValidator(userInput.VcThumbprint);
                }

                var lookupServiceClient = new LookupServiceClient(
                    userInput.Psc,
                    certificateValidator);

                var serviceSettings = SetupServiceSettings.NewService(
                    tlsCertificate,
                    signCertificate,
                    userInput.ServiceHostname,
                    443);

                _logger.LogDebug($"Service NodeId: {serviceSettings.NodeId}");
                _logger.LogDebug($"Service OwnerId: {serviceSettings.OwnerId}");
                _logger.LogDebug($"Service ServiceId: {serviceSettings.ServiceId}");
                _logger.LogDebug($"Service Endpoint Url: {serviceSettings.EndpointUrl}");

                var ssoSdkUri = lookupServiceClient.GetSsoAdminEndpointUri();
                var stsUri    = lookupServiceClient.GetStsEndpointUri();
                _logger.LogDebug($"Resolved SSO SDK Endpoint: {ssoSdkUri}");
                _logger.LogDebug($"Resolved Sts Endpoint: {stsUri}");

                var ssoAdminClient = new SsoAdminClient(ssoSdkUri, stsUri, certificateValidator);


                // --- SSO Solution User Registration ---
                var ssoSolutionRegitration = new SsoSolutionUserRegistration(
                    _loggerFactory,
                    serviceSettings,
                    ssoAdminClient);

                ssoSolutionRegitration.CreateSolutionUser(userInput.User, userInput.Password);
                // --- SSO Solution User Registration ---

                // --- Lookup Service Registration ---
                var lsRegistration = new LookupServiceRegistration(
                    _loggerFactory,
                    serviceSettings,
                    lookupServiceClient);
                lsRegistration.Register(userInput.User, userInput.Password);
                // --- Lookup Service Registration ---

                // --- Store VC CA certificates ---
                var trustedCertificatesStore = new TrustedCertificatesStore(
                    _loggerFactory,
                    ssoAdminClient,
                    configWriter);
                trustedCertificatesStore.SaveVcenterCACertficates();
                // --- Store VC CA certificates ---

                // === VC Registration Actions ===

                // --- Save SRS API Gateway service settings ---
                var stsSettings = new StsSettings();
                stsSettings.Realm = ssoSolutionRegitration.GetTrustedCertificate(
                    userInput.User,
                    userInput.Password)?.Thumbprint;
                stsSettings.SolutionUserSigningCertificatePath = Constants.StsSettings_SolutionUserSigningCertificatePath;
                stsSettings.StsServiceEndpoint = stsUri.ToString();
                stsSettings.SolutionOwnerId    = serviceSettings.OwnerId;
                stsSettings.SolutionServiceId  = serviceSettings.ServiceId;

                configWriter.WriteServiceStsSettings(stsSettings);
                // --- Save SRS API Gateway service settings ---
            } catch (InvalidUserInputException exc) {
                _logger.LogError(exc, exc.Message);
                return(1);
            } catch (Exception exc) {
                _logger.LogError(exc, exc.Message);
                return(2);
            }

            _logger.LogInformation("Success");
            return(0);
        }
Beispiel #2
0
        public int Run(UserInput userInput)
        {
            try {
                var certificatesCommonName = userInput.ServiceHostname;

                _logger.LogDebug($"User Input VC: {userInput.Psc}");
                _logger.LogDebug($"User Input VC User: {userInput.User}");
                _logger.LogDebug($"User Input VC Thumbprint: {userInput.VcThumbprint}");
                _logger.LogDebug($"User Input Force Specified: {userInput.ForceSpecified}");

                userInput.EnsureIsValid(SetupFlowType.UpdateTrustedCACertificates);

                // Create Config File Writer
                K8sSettings k8sSettings = null;
                if (userInput.K8sSettings != null && File.Exists(userInput.K8sSettings))
                {
                    k8sSettings = JsonConvert.DeserializeObject <K8sSettings>(File.ReadAllText(userInput.K8sSettings));
                }

                var configWriter = new K8sConfigWriter(_loggerFactory, k8sSettings);

                // Create Lookup Service Client
                X509CertificateValidator certificateValidator = null;
                if (userInput.ForceSpecified)
                {
                    certificateValidator = new AcceptAllX509CertificateValidator();
                }
                else if (!string.IsNullOrEmpty(userInput.VcThumbprint))
                {
                    certificateValidator = new SpecifiedCertificateThumbprintValidator(userInput.VcThumbprint);
                }

                var lookupServiceClient = new LookupServiceClient(
                    userInput.Psc,
                    certificateValidator);

                // Get SSO Admin And STS URIs from Lookup Service
                var ssoSdkUri = lookupServiceClient.GetSsoAdminEndpointUri();
                var stsUri    = lookupServiceClient.GetStsEndpointUri();
                _logger.LogDebug($"Resolved SSO SDK Endpoint: {ssoSdkUri}");
                _logger.LogDebug($"Resolved Sts Endpoint: {stsUri}");

                //
                var ssoAdminClient = new SsoAdminClient(ssoSdkUri, stsUri, certificateValidator);

                // --- Store VC CA certificates ---
                var trustedCertificatesStore = new TrustedCertificatesStore(
                    _loggerFactory,
                    ssoAdminClient,
                    configWriter);
                trustedCertificatesStore.SaveVcenterCACertficates();
                // --- Store VC CA certificates ---
            } catch (InvalidUserInputException exc) {
                _logger.LogError(exc, exc.Message);
                return(1);
            } catch (Exception exc) {
                _logger.LogError(exc, exc.Message);
                return(2);
            }

            _logger.LogInformation("Success");
            return(0);
        }