private void AddRelyingParty(ServiceManagementWrapper acsWrapper, Action<LogInfo> logAction)
{
var tokenLifetime = this.relyingPartySpec.TokenLifetime();
byte[] signingCertBytes = null;
string signingCertPassword = null;
DateTime? signingCertStartDate = null;
DateTime? signingCertEndDate = null;
var signingCert = this.relyingPartySpec.SigningCertificate();
if (signingCert != null)
{
signingCertBytes = signingCert.Bytes();
signingCertPassword = signingCert.Password();
signingCertStartDate = signingCert.StartDate();
signingCertEndDate = signingCert.EndDate();
}
this.LogMessage(logAction, string.Format("Adding Relying Party '{0}'", this.relyingPartySpec.Name()));
acsWrapper.AddRelyingPartyWithKey(
this.relyingPartySpec.Name(),
this.relyingPartySpec.RealmAddress(),
this.relyingPartySpec.ReplyAddress(),
this.relyingPartySpec.SymmetricKey(),
this.relyingPartySpec.GetTokenType(),
(tokenLifetime == 0 ? Constants.RelyingPartyTokenLifetime : tokenLifetime),
signingCertBytes,
signingCertPassword,
signingCertStartDate,
signingCertEndDate,
this.relyingPartySpec.EncryptionCertificate(),
string.Empty,
this.relyingPartySpec.AllowedIdentityProviders().ToArray());
this.LogSavingChangesMessage(logAction);
}
public static bool CheckRuleGroupHasRules(AcsNamespaceDescription namespaceDesc, string relyingParty, string ruleGroup, int ruleCount)
{
var acs = new ServiceManagementWrapper(namespaceDesc.Namespace, namespaceDesc.UserName, namespaceDesc.Password);
var rules = acs.RetrieveRules(ruleGroup);
return (rules != null) && (rules.Count() == ruleCount);
}
public static bool CheckServiceIdentityExists(AcsNamespaceDescription namespaceDesc, string serviceIdentityName)
{
var acs = new ServiceManagementWrapper(namespaceDesc.Namespace, namespaceDesc.UserName, namespaceDesc.Password);
var serviceIdentities = acs.RetrieveServiceIdentities();
return serviceIdentities.Any(serviceIdentity => serviceIdentity.Name == serviceIdentityName);
}
public static bool CheckRuleGroupHasRule(AcsNamespaceDescription namespaceDesc, string relyingParty, string ruleGroup, string ruleDescription)
{
var acs = new ServiceManagementWrapper(namespaceDesc.Namespace, namespaceDesc.UserName, namespaceDesc.Password);
var rules = acs.RetrieveRules(ruleGroup);
return rules.Any(rule => rule.Description.Equals(ruleDescription));
}
public static bool CheckRelyingPartyExists(AcsNamespaceDescription namespaceDesc, string relyingPartyName)
{
var acs = new ServiceManagementWrapper(namespaceDesc.Namespace, namespaceDesc.UserName, namespaceDesc.Password);
var relyingParties = acs.RetrieveRelyingParties();
return relyingParties.Any(relyingParty => relyingParty.Name == relyingPartyName);
}
public static bool CheckIdentityProviderExists(AcsNamespaceDescription namespaceDesc, string idpDisplayName)
{
var acs = new ServiceManagementWrapper(namespaceDesc.Namespace, namespaceDesc.UserName, namespaceDesc.Password);
var identityProviders = acs.RetrieveIdentityProviders();
return identityProviders.Any(provider => provider.DisplayName == idpDisplayName);
}
public static bool CheckRuleGroupExists(AcsNamespaceDescription namespaceDesc, string relyingParty, string ruleGroup)
{
var acs = new ServiceManagementWrapper(namespaceDesc.Namespace, namespaceDesc.UserName, namespaceDesc.Password);
var relyingParties = acs.RetrieveRelyingParties();
return relyingParties.Where(rp => rp.Name == relyingParty).Select(
rp => rp.RelyingPartyRuleGroups.Any(rg => rg.RuleGroup.Name == ruleGroup)).FirstOrDefault();
}
public static bool CheckRelyingPartyHasKeys(AcsNamespaceDescription namespaceDesc, string relyingParty, int keyCount)
{
var acs = new ServiceManagementWrapper(namespaceDesc.Namespace, namespaceDesc.UserName, namespaceDesc.Password);
var client = acs.CreateManagementServiceClient();
var count = client.RelyingPartyKeys.Where(k => k.RelyingParty.Name.Equals(relyingParty)).Count();
return count == keyCount;
}
public void LinkSensor(int id, string sensorId)
{
// Has a sensor already been linked?
var brewWithSensor = BrewRepository.GetAll().FirstOrDefault(b => b.SensorId == sensorId);
if (brewWithSensor != null && brewWithSensor.Id != id)
{
throw new ArgumentException(
string.Format("The sensor with id {0} can not be linked to the brew because the sensor has already been linked to another brew.", sensorId), "sensorId");
}
// Get the brew
var brew = GetBrew(id);
// First unlink the current sensor
if (!string.IsNullOrEmpty(brew.SensorId))
{
UnlinkSensor(id, brew.SensorId);
}
// Link sensor in our datastore
brew.SensorId = sensorId;
brew.LastModified = DateTime.UtcNow;
BrewRepository.CommitChanges();
// We want a custom identity for the sensor which only allows sending to the service bus.
var serviceManagementWrapper = new ServiceManagementWrapper(AcsNamespace, ManagementIssuer, ManagementKey);
var client = serviceManagementWrapper.CreateManagementServiceClient();
client.IgnoreResourceNotFoundException = true;
// Clean up if we already exist as a sensor
var existingRule = client.Rules.AddQueryOption("$filter", "Description eq '" + string.Format("Add Send claim value for sensor id {0}", sensorId) + "'").FirstOrDefault();
if (existingRule != null)
{
client.DeleteObject(existingRule);
client.SaveChanges(SaveChangesOptions.Batch);
}
serviceManagementWrapper.RemoveServiceIdentity(sensorId);
// Create a new identity
var serviceIdentity = new ServiceIdentity
{
Name = sensorId,
Description = string.Format("Sensor id: {0}", sensorId)
};
var serviceIdentityKey = new ServiceIdentityKey
{
DisplayName = string.Format("Credentials for {0}", sensorId),
Value = Encoding.UTF8.GetBytes(sensorId),
Type = IdentityKeyTypes.Symmetric.ToString(),
Usage = IdentityKeyUsages.Password.ToString(),
StartDate = DateTime.UtcNow,
EndDate = DateTime.UtcNow.AddMonths(2) // sensors can be linked for up to 2 months
};
// Process modifications to the namespace
client.AddToServiceIdentities(serviceIdentity);
client.AddRelatedObject(serviceIdentity, "ServiceIdentityKeys", serviceIdentityKey);
client.SaveChanges(SaveChangesOptions.Batch);
// Add a Send claim
var issuer = client.Issuers.AddQueryOption("$filter", "Name eq 'LOCAL AUTHORITY'").FirstOrDefault();
var ruleGroup = client.RuleGroups.AddQueryOption("$filter", "Name eq 'Default Rule Group for ServiceBus'").FirstOrDefault();
var rule = new Rule
{
Description = string.Format("Add Send claim value for sensor id {0}", sensorId),
InputClaimType = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier",
InputClaimValue = sensorId,
OutputClaimType = "net.windows.servicebus.action",
OutputClaimValue = "Send",
IssuerId = issuer.Id,
RuleGroupId = ruleGroup.Id,
RuleGroup = ruleGroup,
Issuer = issuer
};
client.AddToRules(rule);
client.SaveChanges(SaveChangesOptions.Batch);
}
public void UnlinkSensor(int id, string sensorId)
{
// Disallow access to the service bus for this sensor
var serviceManagementWrapper = new ServiceManagementWrapper(AcsNamespace, ManagementIssuer, ManagementKey);
var client = serviceManagementWrapper.CreateManagementServiceClient();
client.IgnoreResourceNotFoundException = true;
// Clean up if we already exist as a sensor
var existingRule = client.Rules.AddQueryOption("$filter", "Description eq '" + string.Format("Add Send claim value for sensor id {0}", sensorId) + "'").FirstOrDefault();
if (existingRule != null)
{
client.DeleteObject(existingRule);
client.SaveChanges(SaveChangesOptions.Batch);
}
serviceManagementWrapper.RemoveServiceIdentity(sensorId);
// Unlink sensor in our datastore
var brew = GetBrew(id);
brew.SensorId = null;
brew.LastModified = DateTime.UtcNow;
BrewRepository.CommitChanges();
}
/// <summary>
/// Creates the management service client.
/// </summary>
/// <returns></returns>
protected ManagementService CreateManagementServiceClient()
{
var serviceManagementWrapper = new ServiceManagementWrapper(ServiceNamespace, ServiceNamespaceManagementUserName, ServiceNamespaceManagementUserKey);
var client = serviceManagementWrapper.CreateManagementServiceClient();
client.IgnoreResourceNotFoundException = true;
return client;
}
private static void CheckConnection(ServiceManagementWrapper managementWrapper)
{
try
{
managementWrapper.GetTokenFromACS();
}
catch (Exception ex)
{
throw new Exception("A token could not be retrieved from ACS, there might be connection problems or errors in the configuration." +
Environment.NewLine + "Please check the namespace, username and password provided.", ex);
}
}
public void SaveChanges(Action<LogInfo> logAction)
{
try
{
var managementWrapper = new ServiceManagementWrapper(this.namespaceDesc.Namespace, this.namespaceDesc.UserName, this.namespaceDesc.Password);
CheckConnection(managementWrapper);
foreach (var command in this.commands)
{
try
{
command.Execute(managementWrapper, logAction);
}
catch (Exception ex1)
{
if (!LogException(logAction, LogInfoTypeEnum.Error, ex1))
{
throw;
}
}
}
}
catch (Exception ex2)
{
if (!LogException(logAction, LogInfoTypeEnum.FatalError, ex2))
{
throw;
}
}
}
