public Saml2Configuration GetSaml2Configuration()
{
var saml2Configuration = new Saml2Configuration
{
Issuer = config.Issuer,
SignatureAlgorithm = config.SignatureAlgorithm,
CertificateValidationMode = config.CertificateValidationMode,
RevocationMode = config.RevocationMode
};
var certificateClient = new CertificateClient(new Uri(AzureKeyVaultBaseUrl), tokenCredential);
var certificateWithPolicy = certificateClient.GetCertificate(AzureKeyVaultCertificateName);
var publicCertificate = new X509Certificate2(certificateWithPolicy.Value.Cer);
var rsa = RSAFactory.Create(tokenCredential, certificateWithPolicy.Value.KeyId, new Azure.Security.KeyVault.Keys.JsonWebKey(publicCertificate.GetRSAPublicKey()));
saml2Configuration.SigningCertificate = new Saml2X509Certificate(publicCertificate, rsa);
//saml2Configuration.SignAuthnRequest = true;
saml2Configuration.AllowedAudienceUris.Add(saml2Configuration.Issuer);
var entityDescriptor = new EntityDescriptor();
entityDescriptor.ReadIdPSsoDescriptorFromUrl(new Uri(Saml2IdPMetadata));
if (entityDescriptor.IdPSsoDescriptor != null)
{
saml2Configuration.AllowedIssuer = entityDescriptor.EntityId;
saml2Configuration.SingleSignOnDestination = entityDescriptor.IdPSsoDescriptor.SingleSignOnServices.First().Location;
saml2Configuration.SingleLogoutDestination = entityDescriptor.IdPSsoDescriptor.SingleLogoutServices.First().Location;
saml2Configuration.SignatureValidationCertificates.AddRange(entityDescriptor.IdPSsoDescriptor.SigningCertificates);
}
else
{
throw new Exception("IdPSsoDescriptor not loaded from metadata.");
}
return(saml2Configuration);
}
static void Main(string[] args)
{
var serverHostName = "";
var serverPortNumber = 0;
RSA rsa = null;
Parser.Default.ParseArguments <Options>(args)
.WithParsed(opts =>
{
serverHostName = opts.ServerHostName;
serverPortNumber = opts.ServerPortNumber;
if (opts.Generate)
{
var(privateKey, publicKey) = GenerateKeys();
SaveKeys(privateKey, publicKey, opts.GenPathPrefix);
Environment.Exit(0);
}
rsa = RSAFactory.FromPrivateKey(opts.PrivateKeyPath);
})
.WithNotParsed(errs =>
{
foreach (var err in errs)
{
Console.WriteLine($"OPTIONS PARSE ERROR: {err}");
}
Environment.Exit(1);
});
var serverPort = new ServerPort(serverHostName, serverPortNumber, ServerCredentials.Insecure);
var queryServer = new QueryServer(serverPort, rsa);
Console.WriteLine($"Server started under [{serverPort.Host}:{serverPort.Port}]. Press Enter to stop it...");
Console.ReadLine();
queryServer.Dispose();
}
public static void Main(string[] args)
{
var zmiName = string.Empty;
ZMI fatherZmi = null;
RSA rsa = null;
var receiverHost = string.Empty;
var receiverPort = 0;
var rpcHost = string.Empty;
var rpcPort = 0;
IDictionary <string, string> configuration = new Dictionary <string, string>();
Parser.Default.ParseArguments <Options>(args)
.WithParsed(opts =>
{
zmiName = opts.ZmiName.Trim(' ');
if (string.IsNullOrEmpty(opts.ConfigFile) || !TryParseConfig(opts.ConfigFile, out fatherZmi))
{
fatherZmi = ZMI.FromPathName(zmiName);
}
receiverHost = opts.ReceiverHost;
receiverPort = opts.ReceiverPort;
rpcHost = opts.RpcHost;
rpcPort = opts.RpcPort;
rsa = RSAFactory.FromPublicKey(opts.PublicKeyPath);
if (string.IsNullOrEmpty(opts.IniFileName))
{
return;
}
using var file = File.OpenRead(opts.IniFileName);
using var stream = new StreamReader(file);
configuration = INIParser.ParseIni(stream);
})
.WithNotParsed(errs =>
{
foreach (var err in errs)
{
Console.WriteLine($"OPTIONS PARSE ERROR: {err}");
}
Environment.Exit(1);
});
var creationTimestamp = new ValueTime(DateTimeOffset.Now);
fatherZmi.ApplyForEach(zmi => zmi.Attributes.AddOrChange("update", creationTimestamp));
if (!fatherZmi.TrySearch(zmiName, out var myZmi))
{
Console.WriteLine($"Could not find node {zmiName} in ZMIs");
Environment.Exit(1);
}
myZmi.Attributes.AddOrChange("timestamp", creationTimestamp);
myZmi.Attributes.AddOrChange("contacts",
new ValueSet(
new HashSet <Value>(new[]
{ new ValueContact(myZmi.PathName, IPAddress.Parse(receiverHost), receiverPort) }),
AttributeTypePrimitive.Contact));
myZmi.Attributes.AddOrChange("isSingleton", new ValueBoolean(true));
var manager = ManagerFromIni(receiverHost, receiverPort, rpcHost, rpcPort, configuration, rsa, myZmi);
Console.WriteLine("Press ENTER to exit...");
Console.ReadLine();
Console.WriteLine("End");
manager.Dispose();
}
private RSA GetRSAKeyVault(RouteTrackKey trackKey)
{
return(RSAFactory.Create(tokenCredential, new Uri(UrlCombine.Combine(settings.KeyVault.EndpointUri, "keys", trackKey.ExternalName, trackKey.PrimaryKey.ExternalId)), new Azure.Security.KeyVault.Keys.JsonWebKey(trackKey.PrimaryKey.Key.ToRsa())));
}