private static void RemoveRuleGroup(ManagementService managementService, string ruleGroupName)
{
Guard.NotNullOrEmpty(() => ruleGroupName, ruleGroupName);
var rgToRemove = managementService.RuleGroups.Where(
rg => rg.Name.Equals(ruleGroupName)).Single();
managementService.DeleteObject(rgToRemove);
}
private static void LinkRuleGroupToRelyingParty(ManagementService client, RuleGroup ruleGroup, RelyingParty relyingParty)
{
Guard.NotNull(() => ruleGroup, ruleGroup);
Guard.NotNull(() => relyingParty, relyingParty);
var relyingPartyRuleGroup = new RelyingPartyRuleGroup
{
RuleGroupId = ruleGroup.Id,
RelyingParty = relyingParty
};
client.AddRelatedObject(relyingParty, "RelyingPartyRuleGroups", relyingPartyRuleGroup);
client.SaveChanges(SaveChangesOptions.Batch);
}
private void RemoveRelatedKeys(RelyingParty rpToRemove, ManagementService client, Action<LogInfo> logAction)
{
var pendingChanges = false;
foreach (var key in rpToRemove.RelyingPartyKeys)
{
RelyingPartyKey keyLocal = key;
var keyToRemove = client.RelyingPartyKeys.Where(
k => k.DisplayName.Equals(keyLocal.DisplayName)).Single();
this.LogMessage(logAction, string.Format("Removing Key '{0}'", keyLocal.DisplayName));
client.DeleteObject(keyToRemove);
pendingChanges = true;
}
if (pendingChanges)
{
client.SaveChanges(SaveChangesOptions.Batch);
this.LogSavingChangesMessage(logAction);
}
}
private void LinkExistingRuleGroups(ManagementService client, Action<LogInfo> logAction)
{
foreach (var linkedRuleGroup in this.relyingPartySpec.LinkedRuleGroups())
{
var @group = linkedRuleGroup;
DataServiceCollection<RuleGroup> ruleGroups = new DataServiceCollection<RuleGroup>(client.RuleGroups);
while (ruleGroups.Continuation != null)
{
ruleGroups.Load(client.Execute<RuleGroup>(ruleGroups.Continuation));
}
foreach (var ruleGroup in ruleGroups.Where(rg => System.Text.RegularExpressions.Regex.IsMatch(rg.Name, group)))
{
var relyingParty = client.RelyingParties.Where(rp => rp.Name.Equals(this.relyingPartySpec.Name())).Single();
var relyingPartyRuleGroup = new RelyingPartyRuleGroup
{
RuleGroupId = ruleGroup.Id,
RelyingParty = relyingParty
};
this.LogMessage(logAction, string.Format("Linking Relying Party '{0}' to Rule Group '{1}'", this.relyingPartySpec.Name(), ruleGroup.Name));
client.AddRelatedObject(relyingParty, "RelyingPartyRuleGroups", relyingPartyRuleGroup);
}
}
if (this.relyingPartySpec.LinkedRuleGroups().Any())
{
client.SaveChanges(SaveChangesOptions.Batch);
this.LogSavingChangesMessage(logAction);
}
}
private static void CreateRelyingParty(ManagementService client, string relyingPartyName, string ruleGroupName, string realmAddress, string replyAddress, TokenType tokenType, int tokenLifetime, bool asymmetricTokenEncryptionRequired, out RelyingParty relyingParty)
{
// Create Relying Party
relyingParty = new RelyingParty
{
Name = relyingPartyName,
DisplayName = relyingPartyName,
Description = relyingPartyName,
TokenType = tokenType.ToString(),
TokenLifetime = tokenLifetime,
AsymmetricTokenEncryptionRequired = asymmetricTokenEncryptionRequired
};
client.AddObject("RelyingParties", relyingParty);
client.SaveChanges();
if (!string.IsNullOrWhiteSpace(ruleGroupName))
{
RuleGroup ruleGroup = client.RuleGroups.Where(rg => rg.Name.Equals(ruleGroupName, StringComparison.OrdinalIgnoreCase)).FirstOrDefault();
if (ruleGroup == null)
{
ruleGroup = new RuleGroup
{
Name = ruleGroupName
};
client.AddToRuleGroups(ruleGroup);
client.SaveChanges();
}
var relyingPartyRuleGroup = new RelyingPartyRuleGroup
{
RuleGroupId = ruleGroup.Id,
RelyingParty = relyingParty
};
client.AddRelatedObject(relyingParty, "RelyingPartyRuleGroups", relyingPartyRuleGroup);
}
// Create the Realm for Relying Party
var realm = new RelyingPartyAddress
{
Address = realmAddress,
EndpointType = RelyingPartyAddressEndpointType.Realm.ToString(),
RelyingParty = relyingParty
};
client.AddRelatedObject(relyingParty, "RelyingPartyAddresses", realm);
if (!string.IsNullOrEmpty(replyAddress))
{
var reply = new RelyingPartyAddress
{
Address = replyAddress,
EndpointType = RelyingPartyAddressEndpointType.Reply.ToString(),
RelyingParty = relyingParty
};
client.AddRelatedObject(relyingParty, "RelyingPartyAddresses", reply);
}
client.SaveChanges(SaveChangesOptions.Batch);
}
private static void AddSigningKeyToRelyingParty(ManagementService client, string relyingPartyName, byte[] symmetricKey, DateTime defaultStartDate, DateTime defaultEndDate, RelyingParty relyingParty)
{
var relyingPartyKey = new RelyingPartyKey
{
DisplayName = "Signing Key for " + relyingPartyName,
Type = KeyType.Symmetric.ToString(),
Usage = KeyUsage.Signing.ToString(),
Value = symmetricKey,
RelyingParty = relyingParty,
StartDate = defaultStartDate,
EndDate = defaultEndDate,
IsPrimary = true
};
client.AddRelatedObject(relyingParty, "RelyingPartyKeys", relyingPartyKey);
client.SaveChanges();
}
private static void AddSigningKeyToRelyingParty(ManagementService client, string relyingPartyName, byte[] signingCert, string signingCertPassword, DateTime defaultStartDate, DateTime defaultEndDate, RelyingParty relyingParty)
{
var relyingPartyKey = new RelyingPartyKey
{
DisplayName = "Signing Certificate for " + relyingPartyName,
Type = KeyType.X509Certificate.ToString(),
Usage = KeyUsage.Signing.ToString(),
Value = signingCert,
Password = string.IsNullOrEmpty(signingCertPassword) ? null : new UTF8Encoding().GetBytes(signingCertPassword),
RelyingParty = relyingParty,
StartDate = defaultStartDate,
EndDate = defaultEndDate,
IsPrimary = true
};
client.AddRelatedObject(relyingParty, "RelyingPartyKeys", relyingPartyKey);
client.SaveChanges();
}
private static void AddIdentityProviderToRelyingParty(ManagementService client, string[] allowedIdentityProviders, RelyingParty relyingParty)
{
// if no allowed identity providers were set, allow all
if (allowedIdentityProviders == null)
{
allowedIdentityProviders = client.IdentityProviders.ToList().Select(idp => idp.DisplayName).ToArray();
}
foreach (var allowedIdp in allowedIdentityProviders)
{
var idp = client.IdentityProviders
.Where(i => i.DisplayName.Equals(allowedIdp, StringComparison.OrdinalIgnoreCase))
.FirstOrDefault();
if (idp != null)
{
var rpidp = new RelyingPartyIdentityProvider
{
IdentityProviderId = idp.Id,
RelyingPartyId = relyingParty.Id
};
client.AddToRelyingPartyIdentityProviders(rpidp);
client.SaveChanges();
}
}
}
private static void AddEncryptionKeyToRelyingParty(ManagementService client, string relyingPartyName, byte[] encryptionCert, DateTime defaultStartDate, DateTime defaultEndDate, RelyingParty relyingParty)
{
var relyingPartyKey = new RelyingPartyKey
{
DisplayName = "Encryption Certificate for " + relyingPartyName,
Type = KeyType.X509Certificate.ToString(),
Usage = KeyUsage.Encrypting.ToString(),
Value = encryptionCert,
RelyingParty = relyingParty,
StartDate = defaultStartDate,
EndDate = defaultEndDate
};
client.AddRelatedObject(relyingParty, "RelyingPartyKeys", relyingPartyKey);
client.SaveChanges();
}
public ManagementService CreateManagementServiceClient()
{
var managementServiceEndpoint = string.Format(CultureInfo.InvariantCulture, "https://{0}.{1}/{2}", this.serviceNamespace, Constants.AcsHostName, Constants.ManagementServiceHead);
var managementService = new ManagementService(new Uri(managementServiceEndpoint))
{
IgnoreMissingProperties = true
};
managementService.SendingRequest += this.AttachTokenWithWritePermissions;
return managementService;
}