protected override void BeginProcessing()
{
base.BeginProcessing();
r = new Regex(Name, RegexOptions.IgnoreCase);
overrides = _mg.Overrides.GetOverrides();
sdHash = new Hashtable();
foreach (SecureDataHealthServiceReference sr in _mg.Security.GetSecureDataHealthServiceReferences())
{
aasd = _mg.Security.GetSecureData(sr.SecureDataId) as ActionAccountSecureData;
if (aasd != null)
{
break;
}
}
foreach (ManagementPackOverride mpOverride in overrides)
{
ManagementPackSecureReferenceOverride secRefOverride = mpOverride as ManagementPackSecureReferenceOverride;
if (secRefOverride != null)
{
Guid secrefid = secRefOverride.SecureReference.Id;
int i = 0, x = 0;
byte[] bytes = new byte[(secRefOverride.Value.Length) / 2];
while (secRefOverride.Value.Length > i + 1)
{
long lngDecimal = Convert.ToInt32(secRefOverride.Value.Substring(i, 2), 16);
bytes[x] = Convert.ToByte(lngDecimal);
i = i + 2;
++x;
}
SecureData secureData = _mg.Security.GetSecureData(bytes);
WindowsCredentialSecureData credential = secureData as WindowsCredentialSecureData;
if (credential != null)
{
if (!sdHash.ContainsKey(secrefid))
{
sdHash.Add(secrefid, String.Format(CultureInfo.InvariantCulture, "{0}\\{1}", credential.Domain, credential.UserName));
}
}
else
{
ActionAccountSecureData actionAccount = secureData as ActionAccountSecureData;
if (actionAccount != null)
{
if (!sdHash.ContainsKey(secrefid))
{
sdHash.Add(secrefid, String.Format(CultureInfo.InvariantCulture, "{0}\\{1}", actionAccount.Domain, actionAccount.UserName));
}
}
}
}
}
}
private async Task RenewServiceCredential(GraphClient cl, ManagementPack configMp, AdApplication app, TimeSpan credValidity)
{
if (app == null)
throw new ArgumentNullException(nameof(app));
if (app.PasswordCredentials != null)
{
var passCred = app.PasswordCredentials.FirstOrDefault(x => x.CustomKeyIdentifier == Convert.ToBase64String(_emg.Id.ToByteArray()));
if (passCred != null)
app.PasswordCredentials.Remove(passCred);
await cl.UpdateApplicationAsync(app);
}
var pass = RandomString();
var securePass = new System.Security.SecureString();
foreach (char c in pass)
securePass.AppendChar(c);
var endDate = DateTime.UtcNow + credValidity;
app.PasswordCredentials.Add(new PasswordCredential()
{
EndDate = endDate,
StartDate = DateTime.UtcNow,
KeyId = Guid.NewGuid(),
Value = pass,
CustomKeyIdentifier = Convert.ToBase64String(_emg.Id.ToByteArray())
});
await cl.UpdateApplicationAsync(app);
bool isNew = false;
var secData = (BasicCredentialSecureData)_emg.Security.GetSecureData(new SecureDataCriteria($"Name = '{Parameters.SECURE_REFERENCE_NAME}'")).FirstOrDefault();
if (secData == null)
{
secData = new BasicCredentialSecureData();
isNew = true;
}
secData.UserName = app.AppId.ToString();
secData.Data = securePass;
secData.Name = Parameters.SECURE_REFERENCE_NAME;
if (isNew)
_emg.Security.InsertSecureData(secData);
secData.Update();
var secRefOverride = (ManagementPackSecureReferenceOverride)_emg.Overrides.GetOverrides(new ManagementPackOverrideCriteria($"Name = '{Parameters.SECURE_REFERENCE_OVERRIDE_NAME}'")).FirstOrDefault();
if (secRefOverride == null)
secRefOverride = new ManagementPackSecureReferenceOverride(configMp, Parameters.SECURE_REFERENCE_OVERRIDE_NAME);
secRefOverride.DisplayName = Parameters.SECURE_REFERENCE_OVERRIDE_NAME;
secRefOverride.Context = EntityClass;
secRefOverride.SecureReference = ConnectorSecureReference;
secRefOverride.Value = BitConverter.ToString(secData.SecureStorageId, 0, secData.SecureStorageId.Length).Replace("-", "");
secRefOverride.GetManagementPack().AcceptChanges();
Settings.CredentialExpirationDate = endDate;
}
protected override void ProcessRecord()
{
foreach (ManagementPackSecureReference secureReference in _secureReferences)
{
//First get the MP that the Secure Reference that was passed in is stored in so that we can create some SecureReferenceOverrides in it.
ManagementPack mpSecureReferenceMP = secureReference.GetManagementPack();
//Before we create a new SecureReferenceOverride we need to check to see if one already exists.
bool boolSecureRefOverrideAlreadyExists = false;
//Loop through each Override in the MP...
ManagementPackElementCollection <ManagementPackOverride> listOverrides = mpSecureReferenceMP.GetOverrides();
foreach (ManagementPackOverride mpOverride in listOverrides)
{
//...if it is a ManagementPackSecureReferenceOverride...
if (mpOverride is ManagementPackSecureReferenceOverride)
{
//...then cast it to a ManagementPackSecureReferenceOverride...
ManagementPackSecureReferenceOverride mpSecRefOverride = mpOverride as ManagementPackSecureReferenceOverride;
//...and then compare it to the SecureReference that was passed in...
if (mpSecRefOverride.SecureReference.Id == secureReference.Id)
{
//...if it is the same one then get a list of all the SecureData objects so we can compare with those...
IList <SecureData> secureDataList = _mg.Security.GetSecureData();
foreach (SecureData secureData in secureDataList)
{
//...by comparing the SecureStorageID of each of the existing and the .Value of the SecureData we just created...
if (String.Compare
(BitConverter.ToString(secureData.SecureStorageId, 0, secureData.SecureStorageId.Length).Replace("-", ""),
mpSecRefOverride.Value,
StringComparison.Ordinal
) == 0
)
{
//...and if you find a match...
WindowsCredentialSecureData windowsCred = secureData as WindowsCredentialSecureData;
if (windowsCred != null)
{
//...then set the bool to true so we know that there is already a SecureReferenceOverride with this same exact SecureData
// so we dont need to create a new SecureReferenceOverride in this case.
boolSecureRefOverrideAlreadyExists = true;
}
}
}
}
}
}
//Do we need to create a new SecureReferenceOverride?
if (!boolSecureRefOverrideAlreadyExists)
{
//Yes, we need to create a new SecureReferenceOverride...
//First create the SecureReferenceOverride object by setting its ID
ManagementPackSecureReferenceOverride secureOverride = new ManagementPackSecureReferenceOverride(mpSecureReferenceMP, String.Format("SecureReferenceOverride.{0}", Guid.NewGuid().ToString("N")));
//Then tell it that it's scope is for all objects by setting the class context to System.Entity
secureOverride.Context = _mg.EntityTypes.GetClass(SystemClass.Entity);
//Set the SecureReference equal to the SecureReference that was passed in.
secureOverride.SecureReference = secureReference;
//Give it a display name - doesnt need to be anything fancy since it doesnt show anywhere in the UI.
secureOverride.DisplayName = "SecureReferenceOverride_" + Guid.NewGuid().ToString();
//Convert to a byte array
secureOverride.Value = BitConverter.ToString(_credentialSecureData.SecureStorageId, 0, _credentialSecureData.SecureStorageId.Length).Replace("-", "");
//Now allow this SecureData to be downloaded to all the management servers
ApprovedHealthServicesForDistribution <EnterpriseManagementObject> approved = new ApprovedHealthServicesForDistribution <EnterpriseManagementObject>();
approved.Result = ApprovedHealthServicesResults.All;
//Tell SCSM that we are going to update (or submit new) this SecureReferenceOverride
secureReference.Status = ManagementPackElementStatus.PendingUpdate;
//Post it to the database. This will show up on the SecureReferenceOverride table in the database and in the <Overrides> section of the MP XML
string secureReferenceInfo = secureReference.Name;
if (secureReference.DisplayName != null)
{
secureReferenceInfo = secureReference.DisplayName;
}
if (ShouldProcess(secureReferenceInfo))
{
_mg.Security.SetApprovedHealthServicesForDistribution <EnterpriseManagementObject>(_credentialSecureData, approved);
mpSecureReferenceMP.AcceptChanges();
}
}
}
}
