Signed-off-by: Dimitar Milov <dmilov@vmware.com>
This commit is contained in:
dmilov
GitHub
@@ -0,0 +1,36 @@
|
||||
/*
|
||||
Copyright 2021 VMware, Inc.
|
||||
SPDX-License-Identifier: BSD-2-Clause
|
||||
*/
|
||||
|
||||
using System.Security.Cryptography.X509Certificates;
|
||||
|
||||
namespace VMware.vSphere.SsoAdminClient.DataTypes
|
||||
{
|
||||
public class AuthenticationPolicy
|
||||
{
|
||||
SsoAdminClient _client;
|
||||
public AuthenticationPolicy(SsoAdminClient client) {
|
||||
_client = client;
|
||||
}
|
||||
|
||||
public SsoAdminClient GetClient() {
|
||||
return _client;
|
||||
}
|
||||
|
||||
public bool PasswordAuthnEnabled { get; internal set; }
|
||||
public bool WindowsAuthnEnabled { get; internal set; }
|
||||
public bool SmartCardAuthnEnabled { get; internal set; }
|
||||
public bool OCSPEnabled { get; internal set; }
|
||||
public bool UseCRLAsFailOver { get; internal set; }
|
||||
public bool SendOCSPNonce { get; internal set; }
|
||||
public string OCSPUrl { get; internal set; }
|
||||
public X509Certificate2 OCSPResponderSigningCert { get; internal set; }
|
||||
public bool UseInCertCRL { get; internal set; }
|
||||
public string CRLUrl { get; internal set; }
|
||||
public int CRLCacheSize { get; internal set; }
|
||||
public string[] Oids { get; internal set; }
|
||||
public string[] TrustedCAs { get; internal set; }
|
||||
|
||||
}
|
||||
}
|
||||
@@ -1296,5 +1296,130 @@ namespace VMware.vSphere.SsoAdminClient
|
||||
}
|
||||
}
|
||||
#endregion
|
||||
|
||||
#region AuthenticationConfiguration
|
||||
public DataTypes.AuthenticationPolicy GetAuthenticationPolicy() {
|
||||
var authorizedInvocationContext =
|
||||
CreateAuthorizedInvocationContext();
|
||||
|
||||
var authnPolicy = authorizedInvocationContext.
|
||||
InvokeOperation(() =>
|
||||
_ssoAdminBindingClient.GetAuthnPolicyAsync(
|
||||
new ManagedObjectReference
|
||||
{
|
||||
type = "SsoAdminConfigurationManagementService",
|
||||
Value = "configurationManagementService"
|
||||
})).Result;
|
||||
|
||||
return new DataTypes.AuthenticationPolicy(this)
|
||||
{
|
||||
PasswordAuthnEnabled = authnPolicy.PasswordAuthnEnabled,
|
||||
WindowsAuthnEnabled = authnPolicy.WindowsAuthEnabled,
|
||||
SmartCardAuthnEnabled = authnPolicy.CertAuthEnabled,
|
||||
CRLCacheSize = authnPolicy.clientCertPolicy.crlCacheSize,
|
||||
CRLUrl = authnPolicy.clientCertPolicy.crlUrl,
|
||||
OCSPEnabled = authnPolicy.clientCertPolicy.ocspEnabled,
|
||||
OCSPResponderSigningCert = string.IsNullOrEmpty(authnPolicy.clientCertPolicy.ocspResponderSigningCert) ? null : new X509Certificate2(authnPolicy.clientCertPolicy.ocspResponderSigningCert),
|
||||
OCSPUrl = authnPolicy.clientCertPolicy.ocspUrl,
|
||||
Oids = authnPolicy.clientCertPolicy.oids,
|
||||
SendOCSPNonce = authnPolicy.clientCertPolicy.sendOCSPNonce,
|
||||
TrustedCAs = authnPolicy.clientCertPolicy.trustedCAs,
|
||||
UseCRLAsFailOver = authnPolicy.clientCertPolicy.useCRLAsFailOver,
|
||||
UseInCertCRL = authnPolicy.clientCertPolicy.useInCertCRL
|
||||
};
|
||||
}
|
||||
|
||||
public void SetAuthenticationPolicy(
|
||||
bool passwordAuthnEnabled,
|
||||
bool windowsAuthnEnabled,
|
||||
bool smartCardAuthnEnabled,
|
||||
int crlCacheSize,
|
||||
string crlUrl,
|
||||
bool ocspEnabled,
|
||||
X509Certificate2 ocspResponderSigningCert,
|
||||
string ocspUrl,
|
||||
string[] oids,
|
||||
bool sendOCSPNonce,
|
||||
string[] trustedCAs,
|
||||
bool useCRLAsFailOver,
|
||||
bool useInCertCRL
|
||||
) {
|
||||
var authorizedInvocationContext =
|
||||
CreateAuthorizedInvocationContext();
|
||||
|
||||
var ssoAdminAuthnPolicy = new SsoAdminAuthnPolicy{
|
||||
PasswordAuthnEnabled = passwordAuthnEnabled,
|
||||
WindowsAuthEnabled = windowsAuthnEnabled,
|
||||
CertAuthEnabled = smartCardAuthnEnabled,
|
||||
clientCertPolicy = new SsoAdminClientCertPolicy {
|
||||
enabled = smartCardAuthnEnabled,
|
||||
crlCacheSize = crlCacheSize,
|
||||
crlUrl = crlUrl,
|
||||
ocspEnabled = ocspEnabled,
|
||||
ocspUrl = ocspUrl,
|
||||
oids = oids,
|
||||
sendOCSPNonce = sendOCSPNonce,
|
||||
trustedCAs = trustedCAs,
|
||||
useCRLAsFailOver = useCRLAsFailOver,
|
||||
useInCertCRL = useInCertCRL
|
||||
}
|
||||
};
|
||||
if (ocspResponderSigningCert != null) {
|
||||
ssoAdminAuthnPolicy.clientCertPolicy.ocspResponderSigningCert = Convert.ToBase64String(ocspResponderSigningCert.Export(X509ContentType.Cert), Base64FormattingOptions.InsertLineBreaks);
|
||||
}
|
||||
|
||||
|
||||
authorizedInvocationContext.
|
||||
InvokeOperation(() =>
|
||||
_ssoAdminBindingClient.SetAuthnPolicyAsync(
|
||||
new ManagedObjectReference
|
||||
{
|
||||
type = "SsoAdminConfigurationManagementService",
|
||||
Value = "configurationManagementService"
|
||||
},
|
||||
ssoAdminAuthnPolicy
|
||||
)).Wait();
|
||||
}
|
||||
#endregion
|
||||
|
||||
#region Global Permission
|
||||
public void SetRoleForUser(DataTypes.PersonUser user, string role) {
|
||||
var authorizedInvocationContext =
|
||||
CreateAuthorizedInvocationContext();
|
||||
|
||||
var authnPolicy = authorizedInvocationContext.
|
||||
InvokeOperation(() =>
|
||||
_ssoAdminBindingClient.SetRoleAsync(
|
||||
new ManagedObjectReference
|
||||
{
|
||||
type = "SsoAdminRoleManagementService",
|
||||
Value = "roleManagementService"
|
||||
},
|
||||
new SsoPrincipalId{
|
||||
domain = user.Domain,
|
||||
name = user.Name
|
||||
},
|
||||
role)).Result;
|
||||
}
|
||||
|
||||
public void SetRoleForGroup(DataTypes.Group group, string role) {
|
||||
var authorizedInvocationContext =
|
||||
CreateAuthorizedInvocationContext();
|
||||
|
||||
var authnPolicy = authorizedInvocationContext.
|
||||
InvokeOperation(() =>
|
||||
_ssoAdminBindingClient.SetRoleAsync(
|
||||
new ManagedObjectReference
|
||||
{
|
||||
type = "SsoAdminRoleManagementService",
|
||||
Value = "roleManagementService"
|
||||
},
|
||||
new SsoPrincipalId{
|
||||
domain = group.Domain,
|
||||
name = group.Name
|
||||
},
|
||||
role)).Result;
|
||||
}
|
||||
#endregion
|
||||
}
|
||||
}
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
Reference in New Issue
Block a user