private void AddRelyingParty(ServiceManagementWrapper acsWrapper, Action<LogInfo> logAction) { var tokenLifetime = this.relyingPartySpec.TokenLifetime(); byte[] signingCertBytes = null; string signingCertPassword = null; DateTime? signingCertStartDate = null; DateTime? signingCertEndDate = null; var signingCert = this.relyingPartySpec.SigningCertificate(); if (signingCert != null) { signingCertBytes = signingCert.Bytes(); signingCertPassword = signingCert.Password(); signingCertStartDate = signingCert.StartDate(); signingCertEndDate = signingCert.EndDate(); } this.LogMessage(logAction, string.Format("Adding Relying Party '{0}'", this.relyingPartySpec.Name())); acsWrapper.AddRelyingPartyWithKey( this.relyingPartySpec.Name(), this.relyingPartySpec.RealmAddress(), this.relyingPartySpec.ReplyAddress(), this.relyingPartySpec.SymmetricKey(), this.relyingPartySpec.GetTokenType(), (tokenLifetime == 0 ? Constants.RelyingPartyTokenLifetime : tokenLifetime), signingCertBytes, signingCertPassword, signingCertStartDate, signingCertEndDate, this.relyingPartySpec.EncryptionCertificate(), string.Empty, this.relyingPartySpec.AllowedIdentityProviders().ToArray()); this.LogSavingChangesMessage(logAction); }
public static bool CheckRuleGroupHasRules(AcsNamespaceDescription namespaceDesc, string relyingParty, string ruleGroup, int ruleCount) { var acs = new ServiceManagementWrapper(namespaceDesc.Namespace, namespaceDesc.UserName, namespaceDesc.Password); var rules = acs.RetrieveRules(ruleGroup); return (rules != null) && (rules.Count() == ruleCount); }
public static bool CheckServiceIdentityExists(AcsNamespaceDescription namespaceDesc, string serviceIdentityName) { var acs = new ServiceManagementWrapper(namespaceDesc.Namespace, namespaceDesc.UserName, namespaceDesc.Password); var serviceIdentities = acs.RetrieveServiceIdentities(); return serviceIdentities.Any(serviceIdentity => serviceIdentity.Name == serviceIdentityName); }
public static bool CheckRuleGroupHasRule(AcsNamespaceDescription namespaceDesc, string relyingParty, string ruleGroup, string ruleDescription) { var acs = new ServiceManagementWrapper(namespaceDesc.Namespace, namespaceDesc.UserName, namespaceDesc.Password); var rules = acs.RetrieveRules(ruleGroup); return rules.Any(rule => rule.Description.Equals(ruleDescription)); }
public static bool CheckRelyingPartyExists(AcsNamespaceDescription namespaceDesc, string relyingPartyName) { var acs = new ServiceManagementWrapper(namespaceDesc.Namespace, namespaceDesc.UserName, namespaceDesc.Password); var relyingParties = acs.RetrieveRelyingParties(); return relyingParties.Any(relyingParty => relyingParty.Name == relyingPartyName); }
public static bool CheckIdentityProviderExists(AcsNamespaceDescription namespaceDesc, string idpDisplayName) { var acs = new ServiceManagementWrapper(namespaceDesc.Namespace, namespaceDesc.UserName, namespaceDesc.Password); var identityProviders = acs.RetrieveIdentityProviders(); return identityProviders.Any(provider => provider.DisplayName == idpDisplayName); }
public static bool CheckRuleGroupExists(AcsNamespaceDescription namespaceDesc, string relyingParty, string ruleGroup) { var acs = new ServiceManagementWrapper(namespaceDesc.Namespace, namespaceDesc.UserName, namespaceDesc.Password); var relyingParties = acs.RetrieveRelyingParties(); return relyingParties.Where(rp => rp.Name == relyingParty).Select( rp => rp.RelyingPartyRuleGroups.Any(rg => rg.RuleGroup.Name == ruleGroup)).FirstOrDefault(); }
public static bool CheckRelyingPartyHasKeys(AcsNamespaceDescription namespaceDesc, string relyingParty, int keyCount) { var acs = new ServiceManagementWrapper(namespaceDesc.Namespace, namespaceDesc.UserName, namespaceDesc.Password); var client = acs.CreateManagementServiceClient(); var count = client.RelyingPartyKeys.Where(k => k.RelyingParty.Name.Equals(relyingParty)).Count(); return count == keyCount; }
public void LinkSensor(int id, string sensorId) { // Has a sensor already been linked? var brewWithSensor = BrewRepository.GetAll().FirstOrDefault(b => b.SensorId == sensorId); if (brewWithSensor != null && brewWithSensor.Id != id) { throw new ArgumentException( string.Format("The sensor with id {0} can not be linked to the brew because the sensor has already been linked to another brew.", sensorId), "sensorId"); } // Get the brew var brew = GetBrew(id); // First unlink the current sensor if (!string.IsNullOrEmpty(brew.SensorId)) { UnlinkSensor(id, brew.SensorId); } // Link sensor in our datastore brew.SensorId = sensorId; brew.LastModified = DateTime.UtcNow; BrewRepository.CommitChanges(); // We want a custom identity for the sensor which only allows sending to the service bus. var serviceManagementWrapper = new ServiceManagementWrapper(AcsNamespace, ManagementIssuer, ManagementKey); var client = serviceManagementWrapper.CreateManagementServiceClient(); client.IgnoreResourceNotFoundException = true; // Clean up if we already exist as a sensor var existingRule = client.Rules.AddQueryOption("$filter", "Description eq '" + string.Format("Add Send claim value for sensor id {0}", sensorId) + "'").FirstOrDefault(); if (existingRule != null) { client.DeleteObject(existingRule); client.SaveChanges(SaveChangesOptions.Batch); } serviceManagementWrapper.RemoveServiceIdentity(sensorId); // Create a new identity var serviceIdentity = new ServiceIdentity { Name = sensorId, Description = string.Format("Sensor id: {0}", sensorId) }; var serviceIdentityKey = new ServiceIdentityKey { DisplayName = string.Format("Credentials for {0}", sensorId), Value = Encoding.UTF8.GetBytes(sensorId), Type = IdentityKeyTypes.Symmetric.ToString(), Usage = IdentityKeyUsages.Password.ToString(), StartDate = DateTime.UtcNow, EndDate = DateTime.UtcNow.AddMonths(2) // sensors can be linked for up to 2 months }; // Process modifications to the namespace client.AddToServiceIdentities(serviceIdentity); client.AddRelatedObject(serviceIdentity, "ServiceIdentityKeys", serviceIdentityKey); client.SaveChanges(SaveChangesOptions.Batch); // Add a Send claim var issuer = client.Issuers.AddQueryOption("$filter", "Name eq 'LOCAL AUTHORITY'").FirstOrDefault(); var ruleGroup = client.RuleGroups.AddQueryOption("$filter", "Name eq 'Default Rule Group for ServiceBus'").FirstOrDefault(); var rule = new Rule { Description = string.Format("Add Send claim value for sensor id {0}", sensorId), InputClaimType = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier", InputClaimValue = sensorId, OutputClaimType = "net.windows.servicebus.action", OutputClaimValue = "Send", IssuerId = issuer.Id, RuleGroupId = ruleGroup.Id, RuleGroup = ruleGroup, Issuer = issuer }; client.AddToRules(rule); client.SaveChanges(SaveChangesOptions.Batch); }
public void UnlinkSensor(int id, string sensorId) { // Disallow access to the service bus for this sensor var serviceManagementWrapper = new ServiceManagementWrapper(AcsNamespace, ManagementIssuer, ManagementKey); var client = serviceManagementWrapper.CreateManagementServiceClient(); client.IgnoreResourceNotFoundException = true; // Clean up if we already exist as a sensor var existingRule = client.Rules.AddQueryOption("$filter", "Description eq '" + string.Format("Add Send claim value for sensor id {0}", sensorId) + "'").FirstOrDefault(); if (existingRule != null) { client.DeleteObject(existingRule); client.SaveChanges(SaveChangesOptions.Batch); } serviceManagementWrapper.RemoveServiceIdentity(sensorId); // Unlink sensor in our datastore var brew = GetBrew(id); brew.SensorId = null; brew.LastModified = DateTime.UtcNow; BrewRepository.CommitChanges(); }
/// <summary> /// Creates the management service client. /// </summary> /// <returns></returns> protected ManagementService CreateManagementServiceClient() { var serviceManagementWrapper = new ServiceManagementWrapper(ServiceNamespace, ServiceNamespaceManagementUserName, ServiceNamespaceManagementUserKey); var client = serviceManagementWrapper.CreateManagementServiceClient(); client.IgnoreResourceNotFoundException = true; return client; }
private static void CheckConnection(ServiceManagementWrapper managementWrapper) { try { managementWrapper.GetTokenFromACS(); } catch (Exception ex) { throw new Exception("A token could not be retrieved from ACS, there might be connection problems or errors in the configuration." + Environment.NewLine + "Please check the namespace, username and password provided.", ex); } }
public void SaveChanges(Action<LogInfo> logAction) { try { var managementWrapper = new ServiceManagementWrapper(this.namespaceDesc.Namespace, this.namespaceDesc.UserName, this.namespaceDesc.Password); CheckConnection(managementWrapper); foreach (var command in this.commands) { try { command.Execute(managementWrapper, logAction); } catch (Exception ex1) { if (!LogException(logAction, LogInfoTypeEnum.Error, ex1)) { throw; } } } } catch (Exception ex2) { if (!LogException(logAction, LogInfoTypeEnum.FatalError, ex2)) { throw; } } }