public void AddServiceIdentityWithCertificate(string name, IEnumerable <X509Certificate2> certificates)
{
try
{
var client = CreateManagementServiceClient();
var serviceIdentity = new ServiceIdentity
{
Name = name
};
client.AddToServiceIdentities(serviceIdentity);
foreach (var certificate in certificates)
{
var serviceIdentityKey = new ServiceIdentityKey
{
DisplayName = "Credentials for " + name,
Type = IdentityKeyTypes.X509Certificate.ToString(),
Usage = IdentityKeyUsages.Signing.ToString(),
Value = certificate.GetRawCertData(),
StartDate = certificate.NotBefore,
EndDate = certificate.NotAfter
};
client.AddRelatedObject(serviceIdentity, "ServiceIdentityKeys", serviceIdentityKey);
}
client.SaveChanges(SaveChangesOptions.Batch);
}
catch (Exception ex)
{
throw TryGetExceptionDetails(ex);
}
}
public void AddServiceIdentity(string name, string secret)
{
try
{
var client = this.CreateManagementServiceClient();
var defaultStartDate = DateTime.UtcNow;
var defaultEndDate = defaultStartDate.AddYears(1);
var serviceIdentity = new ServiceIdentity
{
Name = name
};
client.AddToServiceIdentities(serviceIdentity);
var serviceIdentityKey = new ServiceIdentityKey
{
DisplayName = "Credentials for " + name,
Value = Encoding.UTF8.GetBytes(secret),
Type = IdentityKeyTypes.Password.ToString(),
Usage = IdentityKeyUsages.Password.ToString(),
StartDate = defaultStartDate,
EndDate = defaultEndDate
};
client.AddRelatedObject(serviceIdentity, "ServiceIdentityKeys", serviceIdentityKey);
client.SaveChanges(SaveChangesOptions.Batch);
}
catch (Exception ex)
{
throw TryGetExceptionDetails(ex);
}
}
public static void AddIdentity(this ManagementService svc,
Credentials serviceIdentity, DateTime startDate, DateTime endDate)
{
Contract.Requires(svc != null);
Contract.Requires(serviceIdentity != null);
Contract.Requires(startDate != default(DateTime));
Contract.Requires(endDate > startDate);
var sid = new ServiceIdentity()
{
Name = serviceIdentity.UserName
};
var key = new ServiceIdentityKey()
{
StartDate = startDate,
EndDate = endDate,
Type = "Password",
Usage = "Password",
Value = Encoding.UTF8.GetBytes(serviceIdentity.Password),
DisplayName = string.Format(CultureInfo.InvariantCulture,
"{0} key for {1}", "Password", serviceIdentity.UserName)
};
svc.AddToServiceIdentities(sid);
svc.AddRelatedObject(sid, "ServiceIdentityKeys", key);
svc.SaveChanges(SaveChangesOptions.Batch);
}
public void Save()
{
ManagementService serviceClient = ManagementServiceHelper.CreateManagementServiceClient(this.settings);
ServiceIdentity serviceId = serviceClient.GetServiceIdentityByName(this.Name);
if (serviceId == null)
{
serviceId = serviceClient.CreateServiceIdentity(this.Name, Encoding.UTF8.GetBytes(this.Password), ServiceIdentityKeyType.Password,
ServiceIdentityKeyUsage.Password);
ServiceIdentityKey key = new ServiceIdentityKey
{
EndDate = DateTime.MaxValue.AddDays(-1).ToUniversalTime(),
StartDate = DateTime.UtcNow.ToUniversalTime(),
Type = ServiceIdentityKeyType.Symmetric.ToString(),
Usage = ServiceIdentityKeyUsage.Signing.ToString(),
Value = this.Key,
DisplayName = String.Format(CultureInfo.InvariantCulture, "Symmetric key for {0}", this.Name)
};
serviceClient.AddRelatedObject(serviceId, "ServiceIdentityKeys", key);
}
else
{
if (serviceId.Description != this.Description)
{
serviceId.Description = this.Description;
serviceClient.UpdateObject(serviceId);
}
serviceClient.UpdateServiceIdentityKey(this.Name, Encoding.UTF8.GetBytes(this.Password), ServiceIdentityKeyType.Password);
serviceClient.UpdateServiceIdentityKey(this.Name, this.Key, ServiceIdentityKeyType.Symmetric);
}
serviceClient.SaveChanges(SaveChangesOptions.Batch);
}
/// <summary>
/// Registers an application.
/// </summary>
/// <param name="clientId">The client id.</param>
/// <param name="clientSecret">The client secret.</param>
/// <param name="redirectUri">The redirect URI.</param>
/// <param name="name">The name.</param>
public void RegisterApplication(string clientId, string clientSecret, string redirectUri, string name)
{
var client = CreateManagementServiceClient();
var serviceIdentity = client.ServiceIdentities.Where(si => si.Name == clientId).ToList().FirstOrDefault();
if (serviceIdentity != null)
{
throw new InvalidOperationException(string.Format(
"An application with client_id '{0}' already exists.", clientId));
}
// Create a service identity
serviceIdentity = new ServiceIdentity
{
Name = clientId,
Description = name,
RedirectAddress = redirectUri
};
var serviceIdentityKey = new ServiceIdentityKey
{
DisplayName = string.Format("Credentials for {0}", clientId),
Value = Encoding.UTF8.GetBytes(clientSecret),
Type = IdentityKeyTypes.Password.ToString(),
Usage = IdentityKeyUsages.Password.ToString(),
StartDate = DateTime.UtcNow,
EndDate = DateTime.UtcNow.AddYears(100) // Validity 100 years. After that?
};
// Process modifications to the namespace
client.AddToServiceIdentities(serviceIdentity);
client.AddRelatedObject(serviceIdentity, "ServiceIdentityKeys", serviceIdentityKey);
client.SaveChanges(SaveChangesOptions.Batch);
}
static void GetServiceIdentity(string name)
{
AccessControlSettings settings = new AccessControlSettings(@namespace, managementKey);
ManagementService serviceClient = ManagementServiceHelper.CreateManagementServiceClient(settings);
ServiceIdentity si = serviceClient.GetServiceIdentityByName(name);
if (si != null)
{
ServiceIdentityKey symmKey =
(from sk in si.ServiceIdentityKeys where sk.Type == ServiceIdentityKeyType.Symmetric.ToString() select sk).FirstOrDefault();
if (symmKey != null)
{
Console.WriteLine("Name: {0}\nKey: {1}", si.Name, Convert.ToBase64String(symmKey.Value));
return;
}
}
Console.Error.WriteLine("Service identity '{0}' not found or key not found", name);
}
/// <summary>
/// Creates a new ServiceIdentity and an associated key of the value, type, and usage specified.
/// </summary>
public static ServiceIdentity CreateServiceIdentity(this ManagementService svc, string name, byte[] keyValue, ServiceIdentityKeyType keyType, ServiceIdentityKeyUsage keyUsage)
{
ServiceIdentity sid = new ServiceIdentity()
{
Name = name
};
DateTime startDate, endDate;
if (keyType == ServiceIdentityKeyType.X509Certificate)
{
//
// ACS requires that the key start and end dates be within the certificate's validity period.
//
X509Certificate2 cert = new X509Certificate2(keyValue);
startDate = cert.NotBefore.ToUniversalTime();
endDate = cert.NotAfter.ToUniversalTime();
}
else
{
startDate = DateTime.UtcNow;
endDate = DateTime.MaxValue;
}
ServiceIdentityKey key = new ServiceIdentityKey()
{
EndDate = endDate.ToUniversalTime(),
StartDate = startDate.ToUniversalTime(),
Type = keyType.ToString(),
Usage = keyUsage.ToString(),
Value = keyValue,
DisplayName = String.Format(CultureInfo.InvariantCulture, "{0} key for {1}", keyType.ToString(), name)
};
svc.AddToServiceIdentities(sid);
svc.AddRelatedObject(
sid,
"ServiceIdentityKeys",
key);
return(sid);
}
/// <summary>
/// Updates an application client secret.
/// </summary>
/// <param name="clientId">The client id.</param>
/// <param name="clientSecret">The client secret.</param>
public void UpdateApplicationClientSecret(string clientId, string clientSecret)
{
var client = CreateManagementServiceClient();
var serviceIdentity = client.ServiceIdentities.Where(si => si.Name == clientId).ToList().FirstOrDefault();
if (serviceIdentity == null)
{
throw new InvalidOperationException(string.Format(
"An application with client_id '{0}' could not be found.", clientId));
}
var serviceIdentityKeys = client.ServiceIdentityKeys.Where(k => k.ServiceIdentityId == serviceIdentity.Id);
var serviceIdentityKey = serviceIdentityKeys.FirstOrDefault(k => k.Type == IdentityKeyTypes.Password.ToString());
if (serviceIdentityKey == null)
{
serviceIdentityKey = new ServiceIdentityKey
{
DisplayName = string.Format("Credentials for {0}", clientId),
Value = Encoding.UTF8.GetBytes(clientSecret),
Type = IdentityKeyTypes.Password.ToString(),
Usage = IdentityKeyUsages.Password.ToString(),
StartDate = DateTime.UtcNow,
EndDate = DateTime.UtcNow.AddYears(100) // Validity 100 years. After that?
};
client.AddToServiceIdentities(serviceIdentity);
client.AddRelatedObject(serviceIdentity, "ServiceIdentityKeys", serviceIdentityKey);
}
else
{
serviceIdentityKey.Value = Encoding.UTF8.GetBytes(clientSecret);
serviceIdentityKey.EndDate = DateTime.UtcNow.AddYears(100); // Validity 100 years. After that?
}
// Process modifications to the namespace
client.SaveChanges(SaveChangesOptions.Batch);
}
public void LinkSensor(int id, string sensorId)
{
// Has a sensor already been linked?
var brewWithSensor = BrewRepository.GetAll().FirstOrDefault(b => b.SensorId == sensorId);
if (brewWithSensor != null && brewWithSensor.Id != id)
{
throw new ArgumentException(
string.Format("The sensor with id {0} can not be linked to the brew because the sensor has already been linked to another brew.", sensorId), "sensorId");
}
// Get the brew
var brew = GetBrew(id);
// First unlink the current sensor
if (!string.IsNullOrEmpty(brew.SensorId))
{
UnlinkSensor(id, brew.SensorId);
}
// Link sensor in our datastore
brew.SensorId = sensorId;
brew.LastModified = DateTime.UtcNow;
BrewRepository.CommitChanges();
// We want a custom identity for the sensor which only allows sending to the service bus.
var serviceManagementWrapper = new ServiceManagementWrapper(AcsNamespace, ManagementIssuer, ManagementKey);
var client = serviceManagementWrapper.CreateManagementServiceClient();
client.IgnoreResourceNotFoundException = true;
// Clean up if we already exist as a sensor
var existingRule = client.Rules.AddQueryOption("$filter", "Description eq '" + string.Format("Add Send claim value for sensor id {0}", sensorId) + "'").FirstOrDefault();
if (existingRule != null)
{
client.DeleteObject(existingRule);
client.SaveChanges(SaveChangesOptions.Batch);
}
serviceManagementWrapper.RemoveServiceIdentity(sensorId);
// Create a new identity
var serviceIdentity = new ServiceIdentity
{
Name = sensorId,
Description = string.Format("Sensor id: {0}", sensorId)
};
var serviceIdentityKey = new ServiceIdentityKey
{
DisplayName = string.Format("Credentials for {0}", sensorId),
Value = Encoding.UTF8.GetBytes(sensorId),
Type = IdentityKeyTypes.Symmetric.ToString(),
Usage = IdentityKeyUsages.Password.ToString(),
StartDate = DateTime.UtcNow,
EndDate = DateTime.UtcNow.AddMonths(2) // sensors can be linked for up to 2 months
};
// Process modifications to the namespace
client.AddToServiceIdentities(serviceIdentity);
client.AddRelatedObject(serviceIdentity, "ServiceIdentityKeys", serviceIdentityKey);
client.SaveChanges(SaveChangesOptions.Batch);
// Add a Send claim
var issuer = client.Issuers.AddQueryOption("$filter", "Name eq 'LOCAL AUTHORITY'").FirstOrDefault();
var ruleGroup = client.RuleGroups.AddQueryOption("$filter", "Name eq 'Default Rule Group for ServiceBus'").FirstOrDefault();
var rule = new Rule
{
Description = string.Format("Add Send claim value for sensor id {0}", sensorId),
InputClaimType = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier",
InputClaimValue = sensorId,
OutputClaimType = "net.windows.servicebus.action",
OutputClaimValue = "Send",
IssuerId = issuer.Id,
RuleGroupId = ruleGroup.Id,
RuleGroup = ruleGroup,
Issuer = issuer
};
client.AddToRules(rule);
client.SaveChanges(SaveChangesOptions.Batch);
}
public static ServiceIdentityKey CreateServiceIdentityKey(long ID, long serviceIdentityId, bool systemReserved, global::System.DateTime startDate, global::System.DateTime endDate)
{
ServiceIdentityKey serviceIdentityKey = new ServiceIdentityKey();
serviceIdentityKey.Id = ID;
serviceIdentityKey.ServiceIdentityId = serviceIdentityId;
serviceIdentityKey.SystemReserved = systemReserved;
serviceIdentityKey.StartDate = startDate;
serviceIdentityKey.EndDate = endDate;
return serviceIdentityKey;
}
public void AddToServiceIdentityKeys(ServiceIdentityKey serviceIdentityKey)
{
base.AddObject("ServiceIdentityKeys", serviceIdentityKey);
}
