src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.LsClient/LookupServiceClient.cs
|
/*
Copyright 2021 VMware, Inc. SPDX-License-Identifier: BSD-2-Clause */ using System; using System.Collections; using System.Collections.Generic; using System.IdentityModel.Selectors; using System.Linq; using System.Security; using System.Security.Cryptography.X509Certificates; using System.ServiceModel; using System.ServiceModel.Channels; using System.ServiceModel.Security; using System.Text; using LookupServiceReference; namespace VMware.vSphere.LsClient { public class LookupServiceClient { private const int WEB_OPERATION_TIMEOUT_SECONDS = 30; private LsPortTypeClient _lsClient; private static readonly ManagedObjectReference RootMoRef = new ManagedObjectReference { type = "LookupServiceInstance", Value = "ServiceInstance" }; public LookupServiceClient(string hostname, X509CertificateValidator serverCertificateValidator) { var lsUri = $"https://{hostname}/lookupservice/sdk"; _lsClient = new LsPortTypeClient(GetBinding(), new EndpointAddress(new Uri(lsUri))); var serverAuthentication = GetServerAuthentication(serverCertificateValidator); if (serverAuthentication != null) { _lsClient .ChannelFactory .Credentials .ServiceCertificate .SslCertificateAuthentication = serverAuthentication; } } #region Private Helpers private X509ServiceCertificateAuthentication GetServerAuthentication(X509CertificateValidator serverCertificateValidator) { if (serverCertificateValidator != null) { return new X509ServiceCertificateAuthentication { CertificateValidationMode = X509CertificateValidationMode.Custom, CustomCertificateValidator = serverCertificateValidator }; } // Default .NET behavior for TLS certificate validation return null; } private static MessageEncodingBindingElement GetWcfEncoding() { return new TextMessageEncodingBindingElement(MessageVersion.Soap11, Encoding.UTF8); } private static HttpsTransportBindingElement GetWcfTransport(bool useSystemProxy) { HttpsTransportBindingElement transport = new HttpsTransportBindingElement { RequireClientCertificate = false }; transport.UseDefaultWebProxy = useSystemProxy; transport.MaxBufferSize = 2147483647; transport.MaxReceivedMessageSize = 2147483647; return transport; } private static Binding GetBinding() { var binding = new CustomBinding(GetWcfEncoding(), GetWcfTransport(true)); var timeout = TimeSpan.FromSeconds(WEB_OPERATION_TIMEOUT_SECONDS); binding.CloseTimeout = timeout; binding.OpenTimeout = timeout; binding.ReceiveTimeout = timeout; binding.SendTimeout = timeout; return binding; } #endregion public Uri GetSsoAdminEndpointUri() { var product = "com.vmware.cis"; var endpointType = "com.vmware.cis.cs.identity.admin"; var type = "sso:admin"; return FindServiceEndpoint(product, type, endpointType); } public Uri GetStsEndpointUri() { var product = "com.vmware.cis"; var type = "cs.identity"; var endpointType = "com.vmware.cis.cs.identity.sso"; return FindServiceEndpoint(product, type, endpointType); } private Uri FindServiceEndpoint(string product, string type, string endpointType) { Uri result = null; var svcContent = _lsClient.RetrieveServiceContentAsync(RootMoRef).Result; var filterCriteria = new LookupServiceRegistrationFilter() { serviceType = new LookupServiceRegistrationServiceType { product = product, type = type } }; var lsRegInfo = _lsClient. ListAsync(svcContent.serviceRegistration, filterCriteria) .Result? .returnval? .FirstOrDefault(); if (lsRegInfo != null) { var registrationEndpooint = lsRegInfo. serviceEndpoints?. Where(a => a.endpointType.type == endpointType)?. FirstOrDefault<LookupServiceRegistrationEndpoint>(); if (registrationEndpooint != null) { result = new Uri(registrationEndpooint.url); } } return result; } } } |