//[Test] public void GetStsEndpoint() { var stsUri = _lsClient.GetStsEndpointUri(); Assert.NotNull(stsUri); Assert.IsTrue(stsUri.ToString().Contains("STSService")); }
public SsoAdminClient(string hostname, string user, SecureString password, X509CertificateValidator serverCertificateValidator) { if (hostname == null) { throw new ArgumentNullException(nameof(hostname)); } if (user == null) { throw new ArgumentNullException(nameof(user)); } if (password == null) { throw new ArgumentNullException(nameof(password)); } var lsClient = new LookupServiceClient(hostname, serverCertificateValidator); // Create STS Client var stsUri = lsClient.GetStsEndpointUri(); _securityContext = new UserPassSecurityContext(user, password, stsUri, serverCertificateValidator); // Initialize security context with Saml token by username and password _securityContext.GetToken(); // Create SSO Admin Binding Client var ssoAdminUri = lsClient.GetSsoAdminEndpointUri(); ServiceUri = ssoAdminUri; User = user; _ssoAdminBindingClient = new SsoPortTypeClient(GetBinding(), new EndpointAddress(ssoAdminUri)); _ssoAdminBindingClient.ChannelFactory.Endpoint.EndpointBehaviors.Add(new WsTrustBehavior()); var serverAuthentication = GetServerAuthentication(serverCertificateValidator); if (serverAuthentication != null) { _ssoAdminBindingClient .ChannelFactory .Credentials .ServiceCertificate .SslCertificateAuthentication = serverAuthentication; } }
public int Run(UserInput userInput) { try { var certificatesCommonName = userInput.ServiceHostname; _logger.LogDebug($"User Input VC: {userInput.Psc}"); _logger.LogDebug($"User Input VC User: {userInput.User}"); _logger.LogDebug($"User Input VC Thumbprint: {userInput.VcThumbprint}"); _logger.LogDebug($"User Input Force Specified: {userInput.ForceSpecified}"); userInput.EnsureIsValid(SetupFlowType.RegisterWithVC); // --- InMemory Certificates --- X509Certificate2 signCertificate = null; X509Certificate2 tlsCertificate = null; // --- InMemory Certificates --- K8sSettings k8sSettings = null; if (userInput.K8sSettings != null && File.Exists(userInput.K8sSettings)) { k8sSettings = JsonConvert.DeserializeObject <K8sSettings>(File.ReadAllText(userInput.K8sSettings)); } var configWriter = new K8sConfigWriter(_loggerFactory, k8sSettings); // --- Signing Certificate --- if (!string.IsNullOrEmpty(userInput.SigningCertificatePath) && File.Exists(userInput.SigningCertificatePath)) { _logger.LogInformation($"Load signing certificate from path {userInput.SigningCertificatePath}"); signCertificate = new X509Certificate2(userInput.SigningCertificatePath); } else { _logger.LogInformation("Generate signing self-signed certificate"); var signingCertGen = new SigningCertificateGenerator( _loggerFactory, certificatesCommonName, configWriter); signCertificate = signingCertGen.Generate(Constants.SignCertificateSecretName); if (signCertificate == null) { _logger.LogError("Generate signing self-signed certificate failed."); return(3); } } // --- Signing Certificate --- // --- TLS Certificate --- if (!string.IsNullOrEmpty(userInput.TlsCertificatePath) && File.Exists(userInput.TlsCertificatePath)) { _logger.LogInformation($"Load tls certificate from path {userInput.TlsCertificatePath}"); tlsCertificate = new X509Certificate2(userInput.TlsCertificatePath); } else { _logger.LogInformation("Generate tls self-signed certificate"); var tlsCertGen = new TlsCertificateGenerator( _loggerFactory, certificatesCommonName, configWriter); tlsCertificate = tlsCertGen.Generate(Constants.TlsCertificateSecretName); if (tlsCertificate == null) { _logger.LogError("Generate tls self-signed certificate failed."); return(4); } } // --- TLS Certificate --- // === VC Registration Actions === X509CertificateValidator certificateValidator = null; if (userInput.ForceSpecified) { certificateValidator = new AcceptAllX509CertificateValidator(); } else if (!string.IsNullOrEmpty(userInput.VcThumbprint)) { certificateValidator = new SpecifiedCertificateThumbprintValidator(userInput.VcThumbprint); } var lookupServiceClient = new LookupServiceClient( userInput.Psc, certificateValidator); var serviceSettings = SetupServiceSettings.NewService( tlsCertificate, signCertificate, userInput.ServiceHostname, 443); _logger.LogDebug($"Service NodeId: {serviceSettings.NodeId}"); _logger.LogDebug($"Service OwnerId: {serviceSettings.OwnerId}"); _logger.LogDebug($"Service ServiceId: {serviceSettings.ServiceId}"); _logger.LogDebug($"Service Endpoint Url: {serviceSettings.EndpointUrl}"); var ssoSdkUri = lookupServiceClient.GetSsoAdminEndpointUri(); var stsUri = lookupServiceClient.GetStsEndpointUri(); _logger.LogDebug($"Resolved SSO SDK Endpoint: {ssoSdkUri}"); _logger.LogDebug($"Resolved Sts Endpoint: {stsUri}"); var ssoAdminClient = new SsoAdminClient(ssoSdkUri, stsUri, certificateValidator); // --- SSO Solution User Registration --- var ssoSolutionRegitration = new SsoSolutionUserRegistration( _loggerFactory, serviceSettings, ssoAdminClient); ssoSolutionRegitration.CreateSolutionUser(userInput.User, userInput.Password); // --- SSO Solution User Registration --- // --- Lookup Service Registration --- var lsRegistration = new LookupServiceRegistration( _loggerFactory, serviceSettings, lookupServiceClient); lsRegistration.Register(userInput.User, userInput.Password); // --- Lookup Service Registration --- // --- Store VC CA certificates --- var trustedCertificatesStore = new TrustedCertificatesStore( _loggerFactory, ssoAdminClient, configWriter); trustedCertificatesStore.SaveVcenterCACertficates(); // --- Store VC CA certificates --- // === VC Registration Actions === // --- Save SRS API Gateway service settings --- var stsSettings = new StsSettings(); stsSettings.Realm = ssoSolutionRegitration.GetTrustedCertificate( userInput.User, userInput.Password)?.Thumbprint; stsSettings.SolutionUserSigningCertificatePath = Constants.StsSettings_SolutionUserSigningCertificatePath; stsSettings.StsServiceEndpoint = stsUri.ToString(); stsSettings.SolutionOwnerId = serviceSettings.OwnerId; stsSettings.SolutionServiceId = serviceSettings.ServiceId; configWriter.WriteServiceStsSettings(stsSettings); // --- Save SRS API Gateway service settings --- } catch (InvalidUserInputException exc) { _logger.LogError(exc, exc.Message); return(1); } catch (Exception exc) { _logger.LogError(exc, exc.Message); return(2); } _logger.LogInformation("Success"); return(0); }
public int Run(UserInput userInput) { try { var certificatesCommonName = userInput.ServiceHostname; _logger.LogDebug($"User Input VC: {userInput.Psc}"); _logger.LogDebug($"User Input VC User: {userInput.User}"); _logger.LogDebug($"User Input VC Thumbprint: {userInput.VcThumbprint}"); _logger.LogDebug($"User Input Force Specified: {userInput.ForceSpecified}"); userInput.EnsureIsValid(SetupFlowType.UpdateTrustedCACertificates); // Create Config File Writer K8sSettings k8sSettings = null; if (userInput.K8sSettings != null && File.Exists(userInput.K8sSettings)) { k8sSettings = JsonConvert.DeserializeObject <K8sSettings>(File.ReadAllText(userInput.K8sSettings)); } var configWriter = new K8sConfigWriter(_loggerFactory, k8sSettings); // Create Lookup Service Client X509CertificateValidator certificateValidator = null; if (userInput.ForceSpecified) { certificateValidator = new AcceptAllX509CertificateValidator(); } else if (!string.IsNullOrEmpty(userInput.VcThumbprint)) { certificateValidator = new SpecifiedCertificateThumbprintValidator(userInput.VcThumbprint); } var lookupServiceClient = new LookupServiceClient( userInput.Psc, certificateValidator); // Get SSO Admin And STS URIs from Lookup Service var ssoSdkUri = lookupServiceClient.GetSsoAdminEndpointUri(); var stsUri = lookupServiceClient.GetStsEndpointUri(); _logger.LogDebug($"Resolved SSO SDK Endpoint: {ssoSdkUri}"); _logger.LogDebug($"Resolved Sts Endpoint: {stsUri}"); // var ssoAdminClient = new SsoAdminClient(ssoSdkUri, stsUri, certificateValidator); // --- Store VC CA certificates --- var trustedCertificatesStore = new TrustedCertificatesStore( _loggerFactory, ssoAdminClient, configWriter); trustedCertificatesStore.SaveVcenterCACertficates(); // --- Store VC CA certificates --- } catch (InvalidUserInputException exc) { _logger.LogError(exc, exc.Message); return(1); } catch (Exception exc) { _logger.LogError(exc, exc.Message); return(2); } _logger.LogInformation("Success"); return(0); }
public int Run(UserInput userInput) { try { var certificatesCommonName = userInput.ServiceHostname; _logger.LogDebug($"User Input VC: {userInput.Psc}"); _logger.LogDebug($"User Input VC User: {userInput.User}"); _logger.LogDebug($"User Input VC Thumbprint: {userInput.VcThumbprint}"); _logger.LogDebug($"User Input Force Specified: {userInput.ForceSpecified}"); _logger.LogDebug($"User Input Sts Settings Path Specified: {userInput.StsSettingsPath}"); userInput.EnsureIsValid(SetupFlowType.UnregisterFromVC); var stsSettings = new SettingsEditor(File.ReadAllText(userInput.StsSettingsPath)). GetStsSettings(); _logger.LogDebug($"Sts Settings SolutionServiceId: {stsSettings.SolutionServiceId}"); _logger.LogDebug($"Sts Settings SolutionOwnerId: {stsSettings.SolutionOwnerId}"); K8sSettings k8sSettings = null; if (userInput.K8sSettings != null && File.Exists(userInput.K8sSettings)) { k8sSettings = JsonConvert.DeserializeObject <K8sSettings>(File.ReadAllText(userInput.K8sSettings)); } // === VC Unregister Actions === X509CertificateValidator certificateValidator = null; if (userInput.ForceSpecified) { certificateValidator = new AcceptAllX509CertificateValidator(); } else if (!string.IsNullOrEmpty(userInput.VcThumbprint)) { certificateValidator = new SpecifiedCertificateThumbprintValidator(userInput.VcThumbprint); } _logger.LogDebug($"Service Id: {stsSettings.SolutionServiceId}"); _logger.LogDebug($"Service OwnerId: {stsSettings.SolutionOwnerId}"); var setupServiceSettings = SetupServiceSettings.FromStsSettings(stsSettings); _logger.LogDebug($"SetupServiceSettings ServiceId: {setupServiceSettings.ServiceId}"); _logger.LogDebug($"SetupServiceSettings OwnerId: {setupServiceSettings.OwnerId}"); var lookupServiceClient = new LookupServiceClient( userInput.Psc, certificateValidator); var ssoSdkUri = lookupServiceClient.GetSsoAdminEndpointUri(); var stsUri = lookupServiceClient.GetStsEndpointUri(); _logger.LogDebug($"Resolved SSO SDK Endpoint: {ssoSdkUri}"); _logger.LogDebug($"Resolved Sts Endpoint: {stsUri}"); var ssoAdminClient = new SsoAdminClient(ssoSdkUri, stsUri, certificateValidator); // --- SSO Solution User Registration --- var ssoSolutionRegitration = new SsoSolutionUserRegistration( _loggerFactory, setupServiceSettings, ssoAdminClient); ssoSolutionRegitration.DeleteSolutionUser(userInput.User, userInput.Password); // --- SSO Solution User Registration --- // --- Lookup Service Registration --- var lsRegistration = new LookupServiceRegistration( _loggerFactory, setupServiceSettings, lookupServiceClient); lsRegistration.Deregister(userInput.User, userInput.Password); // --- Lookup Service Registration --- // === VC Unregister Actions === } catch (InvalidUserInputException exc) { _logger.LogError(exc, exc.Message); return(1); } catch (Exception exc) { _logger.LogError(exc, exc.Message); return(2); } _logger.LogInformation("Success"); return(0); }
public int Run(UserInput userInput) { try { var certificatesCommonName = userInput.ServiceHostname; _logger.LogDebug($"User Input VC: {userInput.Psc}"); _logger.LogDebug($"User Input VC User: {userInput.User}"); _logger.LogDebug($"User Input VC Thumbprint: {userInput.VcThumbprint}"); _logger.LogDebug($"User Input Force Specified: {userInput.ForceSpecified}"); userInput.EnsureIsValid(SetupFlowType.CleanupVCRegistration); K8sSettings k8sSettings = null; if (userInput.K8sSettings != null && File.Exists(userInput.K8sSettings)) { k8sSettings = JsonConvert.DeserializeObject <K8sSettings>(File.ReadAllText(userInput.K8sSettings)); } // === VC Unregister Actions === X509CertificateValidator certificateValidator = null; if (userInput.ForceSpecified) { certificateValidator = new AcceptAllX509CertificateValidator(); } else if (!string.IsNullOrEmpty(userInput.VcThumbprint)) { certificateValidator = new SpecifiedCertificateThumbprintValidator(userInput.VcThumbprint); } var lookupServiceClient = new LookupServiceClient( userInput.Psc, certificateValidator); var registeredServices = lookupServiceClient.ListRegisteredServices(); string srsServiceId = null; string srsOwnerId = null; foreach (var service in registeredServices) { if (service.ownerId?.StartsWith("srs-SolutionOwner-") ?? false) { // SRS Service registration found srsServiceId = service.serviceId; srsOwnerId = service.ownerId; break; } } if (!string.IsNullOrEmpty(srsServiceId) && !string.IsNullOrEmpty(srsOwnerId)) { _logger.LogInformation($"SRS Service registration found on VC {userInput.Psc}, service Id: {srsServiceId}, service owner Id: {srsOwnerId}"); _logger.LogInformation("Performing SRS Service regitration cleanup"); var setupServiceSettings = SetupServiceSettings.FromStsSettings(new StsSettings { SolutionServiceId = srsServiceId, SolutionOwnerId = srsOwnerId }); _logger.LogDebug($"SetupServiceSettings ServiceId: {setupServiceSettings.ServiceId}"); _logger.LogDebug($"SetupServiceSettings OwnerId: {setupServiceSettings.OwnerId}"); var ssoSdkUri = lookupServiceClient.GetSsoAdminEndpointUri(); var stsUri = lookupServiceClient.GetStsEndpointUri(); _logger.LogDebug($"Resolved SSO SDK Endpoint: {ssoSdkUri}"); _logger.LogDebug($"Resolved Sts Endpoint: {stsUri}"); var ssoAdminClient = new SsoAdminClient(ssoSdkUri, stsUri, certificateValidator); // --- SSO Solution User Registration --- var ssoSolutionRegitration = new SsoSolutionUserRegistration( _loggerFactory, setupServiceSettings, ssoAdminClient); ssoSolutionRegitration.DeleteSolutionUser(userInput.User, userInput.Password); // --- SSO Solution User Registration --- // --- Lookup Service Registration --- var lsRegistration = new LookupServiceRegistration( _loggerFactory, setupServiceSettings, lookupServiceClient); lsRegistration.Deregister(userInput.User, userInput.Password); } else { _logger.LogInformation($"SRS Service registration not found on VC {userInput.Psc}"); } // === VC Unregister Actions === } catch (InvalidUserInputException exc) { _logger.LogError(exc, exc.Message); return(1); } catch (Exception exc) { _logger.LogError(exc, exc.Message); return(2); } _logger.LogInformation("Success"); return(0); }