示例#1
0
        //[Test]
        public void GetStsEndpoint()
        {
            var stsUri = _lsClient.GetStsEndpointUri();

            Assert.NotNull(stsUri);
            Assert.IsTrue(stsUri.ToString().Contains("STSService"));
        }
        public SsoAdminClient(string hostname, string user, SecureString password, X509CertificateValidator serverCertificateValidator)
        {
            if (hostname == null)
            {
                throw new ArgumentNullException(nameof(hostname));
            }
            if (user == null)
            {
                throw new ArgumentNullException(nameof(user));
            }
            if (password == null)
            {
                throw new ArgumentNullException(nameof(password));
            }

            var lsClient = new LookupServiceClient(hostname, serverCertificateValidator);

            // Create STS Client
            var stsUri = lsClient.GetStsEndpointUri();

            _securityContext = new UserPassSecurityContext(user, password, stsUri, serverCertificateValidator);
            // Initialize security context with Saml token by username and password
            _securityContext.GetToken();

            // Create SSO Admin Binding Client
            var ssoAdminUri = lsClient.GetSsoAdminEndpointUri();

            ServiceUri             = ssoAdminUri;
            User                   = user;
            _ssoAdminBindingClient = new SsoPortTypeClient(GetBinding(), new EndpointAddress(ssoAdminUri));
            _ssoAdminBindingClient.ChannelFactory.Endpoint.EndpointBehaviors.Add(new WsTrustBehavior());

            var serverAuthentication = GetServerAuthentication(serverCertificateValidator);

            if (serverAuthentication != null)
            {
                _ssoAdminBindingClient
                .ChannelFactory
                .Credentials
                .ServiceCertificate
                .SslCertificateAuthentication = serverAuthentication;
            }
        }
示例#3
0
        public int Run(UserInput userInput)
        {
            try {
                var certificatesCommonName = userInput.ServiceHostname;

                _logger.LogDebug($"User Input VC: {userInput.Psc}");
                _logger.LogDebug($"User Input VC User: {userInput.User}");
                _logger.LogDebug($"User Input VC Thumbprint: {userInput.VcThumbprint}");
                _logger.LogDebug($"User Input Force Specified: {userInput.ForceSpecified}");

                userInput.EnsureIsValid(SetupFlowType.RegisterWithVC);

                // --- InMemory Certificates ---
                X509Certificate2 signCertificate = null;
                X509Certificate2 tlsCertificate  = null;
                // --- InMemory Certificates ---


                K8sSettings k8sSettings = null;
                if (userInput.K8sSettings != null && File.Exists(userInput.K8sSettings))
                {
                    k8sSettings = JsonConvert.DeserializeObject <K8sSettings>(File.ReadAllText(userInput.K8sSettings));
                }

                var configWriter = new K8sConfigWriter(_loggerFactory, k8sSettings);

                // --- Signing Certificate ---
                if (!string.IsNullOrEmpty(userInput.SigningCertificatePath) &&
                    File.Exists(userInput.SigningCertificatePath))
                {
                    _logger.LogInformation($"Load signing certificate from path {userInput.SigningCertificatePath}");
                    signCertificate = new X509Certificate2(userInput.SigningCertificatePath);
                }
                else
                {
                    _logger.LogInformation("Generate signing self-signed certificate");
                    var signingCertGen = new SigningCertificateGenerator(
                        _loggerFactory,
                        certificatesCommonName,
                        configWriter);

                    signCertificate = signingCertGen.Generate(Constants.SignCertificateSecretName);
                    if (signCertificate == null)
                    {
                        _logger.LogError("Generate signing self-signed certificate failed.");
                        return(3);
                    }
                }
                // --- Signing Certificate ---

                // --- TLS Certificate ---
                if (!string.IsNullOrEmpty(userInput.TlsCertificatePath) &&
                    File.Exists(userInput.TlsCertificatePath))
                {
                    _logger.LogInformation($"Load tls certificate from path {userInput.TlsCertificatePath}");
                    tlsCertificate = new X509Certificate2(userInput.TlsCertificatePath);
                }
                else
                {
                    _logger.LogInformation("Generate tls self-signed certificate");
                    var tlsCertGen = new TlsCertificateGenerator(
                        _loggerFactory,
                        certificatesCommonName,
                        configWriter);

                    tlsCertificate = tlsCertGen.Generate(Constants.TlsCertificateSecretName);
                    if (tlsCertificate == null)
                    {
                        _logger.LogError("Generate tls self-signed certificate failed.");
                        return(4);
                    }
                }
                // --- TLS Certificate ---

                // === VC Registration Actions ===
                X509CertificateValidator certificateValidator = null;
                if (userInput.ForceSpecified)
                {
                    certificateValidator = new AcceptAllX509CertificateValidator();
                }
                else if (!string.IsNullOrEmpty(userInput.VcThumbprint))
                {
                    certificateValidator = new SpecifiedCertificateThumbprintValidator(userInput.VcThumbprint);
                }

                var lookupServiceClient = new LookupServiceClient(
                    userInput.Psc,
                    certificateValidator);

                var serviceSettings = SetupServiceSettings.NewService(
                    tlsCertificate,
                    signCertificate,
                    userInput.ServiceHostname,
                    443);

                _logger.LogDebug($"Service NodeId: {serviceSettings.NodeId}");
                _logger.LogDebug($"Service OwnerId: {serviceSettings.OwnerId}");
                _logger.LogDebug($"Service ServiceId: {serviceSettings.ServiceId}");
                _logger.LogDebug($"Service Endpoint Url: {serviceSettings.EndpointUrl}");

                var ssoSdkUri = lookupServiceClient.GetSsoAdminEndpointUri();
                var stsUri    = lookupServiceClient.GetStsEndpointUri();
                _logger.LogDebug($"Resolved SSO SDK Endpoint: {ssoSdkUri}");
                _logger.LogDebug($"Resolved Sts Endpoint: {stsUri}");

                var ssoAdminClient = new SsoAdminClient(ssoSdkUri, stsUri, certificateValidator);


                // --- SSO Solution User Registration ---
                var ssoSolutionRegitration = new SsoSolutionUserRegistration(
                    _loggerFactory,
                    serviceSettings,
                    ssoAdminClient);

                ssoSolutionRegitration.CreateSolutionUser(userInput.User, userInput.Password);
                // --- SSO Solution User Registration ---

                // --- Lookup Service Registration ---
                var lsRegistration = new LookupServiceRegistration(
                    _loggerFactory,
                    serviceSettings,
                    lookupServiceClient);
                lsRegistration.Register(userInput.User, userInput.Password);
                // --- Lookup Service Registration ---

                // --- Store VC CA certificates ---
                var trustedCertificatesStore = new TrustedCertificatesStore(
                    _loggerFactory,
                    ssoAdminClient,
                    configWriter);
                trustedCertificatesStore.SaveVcenterCACertficates();
                // --- Store VC CA certificates ---

                // === VC Registration Actions ===

                // --- Save SRS API Gateway service settings ---
                var stsSettings = new StsSettings();
                stsSettings.Realm = ssoSolutionRegitration.GetTrustedCertificate(
                    userInput.User,
                    userInput.Password)?.Thumbprint;
                stsSettings.SolutionUserSigningCertificatePath = Constants.StsSettings_SolutionUserSigningCertificatePath;
                stsSettings.StsServiceEndpoint = stsUri.ToString();
                stsSettings.SolutionOwnerId    = serviceSettings.OwnerId;
                stsSettings.SolutionServiceId  = serviceSettings.ServiceId;

                configWriter.WriteServiceStsSettings(stsSettings);
                // --- Save SRS API Gateway service settings ---
            } catch (InvalidUserInputException exc) {
                _logger.LogError(exc, exc.Message);
                return(1);
            } catch (Exception exc) {
                _logger.LogError(exc, exc.Message);
                return(2);
            }

            _logger.LogInformation("Success");
            return(0);
        }
示例#4
0
        public int Run(UserInput userInput)
        {
            try {
                var certificatesCommonName = userInput.ServiceHostname;

                _logger.LogDebug($"User Input VC: {userInput.Psc}");
                _logger.LogDebug($"User Input VC User: {userInput.User}");
                _logger.LogDebug($"User Input VC Thumbprint: {userInput.VcThumbprint}");
                _logger.LogDebug($"User Input Force Specified: {userInput.ForceSpecified}");

                userInput.EnsureIsValid(SetupFlowType.UpdateTrustedCACertificates);

                // Create Config File Writer
                K8sSettings k8sSettings = null;
                if (userInput.K8sSettings != null && File.Exists(userInput.K8sSettings))
                {
                    k8sSettings = JsonConvert.DeserializeObject <K8sSettings>(File.ReadAllText(userInput.K8sSettings));
                }

                var configWriter = new K8sConfigWriter(_loggerFactory, k8sSettings);

                // Create Lookup Service Client
                X509CertificateValidator certificateValidator = null;
                if (userInput.ForceSpecified)
                {
                    certificateValidator = new AcceptAllX509CertificateValidator();
                }
                else if (!string.IsNullOrEmpty(userInput.VcThumbprint))
                {
                    certificateValidator = new SpecifiedCertificateThumbprintValidator(userInput.VcThumbprint);
                }

                var lookupServiceClient = new LookupServiceClient(
                    userInput.Psc,
                    certificateValidator);

                // Get SSO Admin And STS URIs from Lookup Service
                var ssoSdkUri = lookupServiceClient.GetSsoAdminEndpointUri();
                var stsUri    = lookupServiceClient.GetStsEndpointUri();
                _logger.LogDebug($"Resolved SSO SDK Endpoint: {ssoSdkUri}");
                _logger.LogDebug($"Resolved Sts Endpoint: {stsUri}");

                //
                var ssoAdminClient = new SsoAdminClient(ssoSdkUri, stsUri, certificateValidator);

                // --- Store VC CA certificates ---
                var trustedCertificatesStore = new TrustedCertificatesStore(
                    _loggerFactory,
                    ssoAdminClient,
                    configWriter);
                trustedCertificatesStore.SaveVcenterCACertficates();
                // --- Store VC CA certificates ---
            } catch (InvalidUserInputException exc) {
                _logger.LogError(exc, exc.Message);
                return(1);
            } catch (Exception exc) {
                _logger.LogError(exc, exc.Message);
                return(2);
            }

            _logger.LogInformation("Success");
            return(0);
        }
示例#5
0
        public int Run(UserInput userInput)
        {
            try {
                var certificatesCommonName = userInput.ServiceHostname;

                _logger.LogDebug($"User Input VC: {userInput.Psc}");
                _logger.LogDebug($"User Input VC User: {userInput.User}");
                _logger.LogDebug($"User Input VC Thumbprint: {userInput.VcThumbprint}");
                _logger.LogDebug($"User Input Force Specified: {userInput.ForceSpecified}");
                _logger.LogDebug($"User Input Sts Settings Path Specified: {userInput.StsSettingsPath}");

                userInput.EnsureIsValid(SetupFlowType.UnregisterFromVC);

                var stsSettings = new SettingsEditor(File.ReadAllText(userInput.StsSettingsPath)).
                                  GetStsSettings();
                _logger.LogDebug($"Sts Settings SolutionServiceId: {stsSettings.SolutionServiceId}");
                _logger.LogDebug($"Sts Settings SolutionOwnerId: {stsSettings.SolutionOwnerId}");

                K8sSettings k8sSettings = null;
                if (userInput.K8sSettings != null && File.Exists(userInput.K8sSettings))
                {
                    k8sSettings = JsonConvert.DeserializeObject <K8sSettings>(File.ReadAllText(userInput.K8sSettings));
                }

                // === VC Unregister Actions ===
                X509CertificateValidator certificateValidator = null;
                if (userInput.ForceSpecified)
                {
                    certificateValidator = new AcceptAllX509CertificateValidator();
                }
                else if (!string.IsNullOrEmpty(userInput.VcThumbprint))
                {
                    certificateValidator = new SpecifiedCertificateThumbprintValidator(userInput.VcThumbprint);
                }

                _logger.LogDebug($"Service Id: {stsSettings.SolutionServiceId}");
                _logger.LogDebug($"Service OwnerId: {stsSettings.SolutionOwnerId}");

                var setupServiceSettings = SetupServiceSettings.FromStsSettings(stsSettings);

                _logger.LogDebug($"SetupServiceSettings ServiceId: {setupServiceSettings.ServiceId}");
                _logger.LogDebug($"SetupServiceSettings OwnerId: {setupServiceSettings.OwnerId}");

                var lookupServiceClient = new LookupServiceClient(
                    userInput.Psc,
                    certificateValidator);

                var ssoSdkUri = lookupServiceClient.GetSsoAdminEndpointUri();
                var stsUri    = lookupServiceClient.GetStsEndpointUri();
                _logger.LogDebug($"Resolved SSO SDK Endpoint: {ssoSdkUri}");
                _logger.LogDebug($"Resolved Sts Endpoint: {stsUri}");

                var ssoAdminClient = new SsoAdminClient(ssoSdkUri, stsUri, certificateValidator);

                // --- SSO Solution User Registration ---
                var ssoSolutionRegitration = new SsoSolutionUserRegistration(
                    _loggerFactory,
                    setupServiceSettings,
                    ssoAdminClient);

                ssoSolutionRegitration.DeleteSolutionUser(userInput.User, userInput.Password);
                // --- SSO Solution User Registration ---

                // --- Lookup Service Registration ---
                var lsRegistration = new LookupServiceRegistration(
                    _loggerFactory,
                    setupServiceSettings,
                    lookupServiceClient);
                lsRegistration.Deregister(userInput.User, userInput.Password);
                // --- Lookup Service Registration ---
                // === VC Unregister Actions ===
            } catch (InvalidUserInputException exc) {
                _logger.LogError(exc, exc.Message);
                return(1);
            } catch (Exception exc) {
                _logger.LogError(exc, exc.Message);
                return(2);
            }

            _logger.LogInformation("Success");
            return(0);
        }
示例#6
0
        public int Run(UserInput userInput)
        {
            try {
                var certificatesCommonName = userInput.ServiceHostname;

                _logger.LogDebug($"User Input VC: {userInput.Psc}");
                _logger.LogDebug($"User Input VC User: {userInput.User}");
                _logger.LogDebug($"User Input VC Thumbprint: {userInput.VcThumbprint}");
                _logger.LogDebug($"User Input Force Specified: {userInput.ForceSpecified}");

                userInput.EnsureIsValid(SetupFlowType.CleanupVCRegistration);

                K8sSettings k8sSettings = null;
                if (userInput.K8sSettings != null && File.Exists(userInput.K8sSettings))
                {
                    k8sSettings = JsonConvert.DeserializeObject <K8sSettings>(File.ReadAllText(userInput.K8sSettings));
                }

                // === VC Unregister Actions ===
                X509CertificateValidator certificateValidator = null;
                if (userInput.ForceSpecified)
                {
                    certificateValidator = new AcceptAllX509CertificateValidator();
                }
                else if (!string.IsNullOrEmpty(userInput.VcThumbprint))
                {
                    certificateValidator = new SpecifiedCertificateThumbprintValidator(userInput.VcThumbprint);
                }

                var lookupServiceClient = new LookupServiceClient(
                    userInput.Psc,
                    certificateValidator);

                var    registeredServices = lookupServiceClient.ListRegisteredServices();
                string srsServiceId       = null;
                string srsOwnerId         = null;
                foreach (var service in registeredServices)
                {
                    if (service.ownerId?.StartsWith("srs-SolutionOwner-") ?? false)
                    {
                        // SRS Service registration found
                        srsServiceId = service.serviceId;
                        srsOwnerId   = service.ownerId;
                        break;
                    }
                }

                if (!string.IsNullOrEmpty(srsServiceId) && !string.IsNullOrEmpty(srsOwnerId))
                {
                    _logger.LogInformation($"SRS Service registration found on VC {userInput.Psc}, service Id: {srsServiceId}, service owner Id: {srsOwnerId}");
                    _logger.LogInformation("Performing SRS Service regitration cleanup");
                    var setupServiceSettings = SetupServiceSettings.FromStsSettings(new StsSettings {
                        SolutionServiceId = srsServiceId,
                        SolutionOwnerId   = srsOwnerId
                    });

                    _logger.LogDebug($"SetupServiceSettings ServiceId: {setupServiceSettings.ServiceId}");
                    _logger.LogDebug($"SetupServiceSettings OwnerId: {setupServiceSettings.OwnerId}");

                    var ssoSdkUri = lookupServiceClient.GetSsoAdminEndpointUri();
                    var stsUri    = lookupServiceClient.GetStsEndpointUri();
                    _logger.LogDebug($"Resolved SSO SDK Endpoint: {ssoSdkUri}");
                    _logger.LogDebug($"Resolved Sts Endpoint: {stsUri}");

                    var ssoAdminClient = new SsoAdminClient(ssoSdkUri, stsUri, certificateValidator);

                    // --- SSO Solution User Registration ---
                    var ssoSolutionRegitration = new SsoSolutionUserRegistration(
                        _loggerFactory,
                        setupServiceSettings,
                        ssoAdminClient);

                    ssoSolutionRegitration.DeleteSolutionUser(userInput.User, userInput.Password);
                    // --- SSO Solution User Registration ---

                    // --- Lookup Service Registration ---
                    var lsRegistration = new LookupServiceRegistration(
                        _loggerFactory,
                        setupServiceSettings,
                        lookupServiceClient);
                    lsRegistration.Deregister(userInput.User, userInput.Password);
                }
                else
                {
                    _logger.LogInformation($"SRS Service registration not found on VC {userInput.Psc}");
                }

                // === VC Unregister Actions ===
            } catch (InvalidUserInputException exc) {
                _logger.LogError(exc, exc.Message);
                return(1);
            } catch (Exception exc) {
                _logger.LogError(exc, exc.Message);
                return(2);
            }

            _logger.LogInformation("Success");
            return(0);
        }