public static void ValidatePersistedCIK(StorSimpleCmdletBase cmdlet, string resourceId)
{
string cik = RetrieveCIK(cmdlet, resourceId);
StorSimpleCryptoManager cryptMgr = new StorSimpleCryptoManager(cmdlet.StorSimpleClient);
string rakPub = cryptMgr.GetPlainTextRAKPub(cik);
if (string.IsNullOrEmpty(rakPub))
{
throw new Exception(Resources.PersistedCIKValidationFailed);
}
}
public override void ExecuteCmdlet()
{
try
{
ValidateParams();
// Make sure we have a device for supplied name and get its device id.
var deviceId = StorSimpleClient.GetDeviceId(DeviceName);
if (deviceId == null)
{
throw new ArgumentException(string.Format(Resources.NoDeviceFoundWithGivenNameInResourceMessage, StorSimpleContext.ResourceName, DeviceName));
}
// Get the current device details. ( If we found id from the name, this call is bound to succeed)
var deviceDetails = StorSimpleClient.GetDeviceDetails(deviceId);
// The cik also needs to be sent to the service.
string cik = EncryptionCmdLetHelper.RetrieveCIK(this, StorSimpleContext.ResourceId);
// Update device details.
var cryptoManager = new StorSimpleCryptoManager(StorSimpleClient);
StorSimpleClient.UpdateVirtualDeviceDetails(deviceDetails, TimeZone, SecretKey, AdministratorPassword, SnapshotManagerPassword, cik, cryptoManager);
// Make request with updated data
WriteVerbose(string.Format(Resources.BeginningDeviceConfiguration, deviceDetails.DeviceProperties.FriendlyName));
var taskStatusInfo = StorSimpleClient.UpdateDeviceDetails(deviceDetails);
HandleSyncTaskResponse(taskStatusInfo, "Setup");
if (taskStatusInfo.AsyncTaskAggregatedResult == AsyncTaskAggregatedResult.Succeeded)
{
var updatedDetails = StorSimpleClient.GetDeviceDetails(deviceId);
WriteObject(updatedDetails);
WriteVerbose(string.Format(Resources.StorSimpleDeviceUpdatedSuccessfully, updatedDetails.DeviceProperties.FriendlyName, updatedDetails.DeviceProperties.DeviceId));
}
}
catch (Exception exception)
{
this.HandleException(exception);
}
}
public static void ValidatePersistedCIK(StorSimpleCmdletBase cmdlet, string resourceId)
{
string cik = RetrieveCIK(cmdlet, resourceId);
StorSimpleCryptoManager cryptMgr = new StorSimpleCryptoManager(cmdlet.StorSimpleClient);
string rakPub = null;
try
{
rakPub = cryptMgr.GetPlainTextRAKPub(cik);
}
catch (CryptographicException exception)
{
// This case is to handle the failures during decrypting the Rak Pub
cmdlet.WriteVerbose(string.Format(Resources.CIKInvalidWithException, exception.Message));
throw new Exception(Resources.CIKInvalidWhileDecrypting);
}
if (string.IsNullOrEmpty(rakPub))
{
throw new Exception(Resources.PersistedCIKValidationFailed);
}
}
internal bool ValidateAndEncryptStorageCred(string name, string key, string endpoint, out string encryptedKey, out string thumbprint)
{
StorSimpleCryptoManager storSimpleCryptoManager = new StorSimpleCryptoManager(StorSimpleClient);
thumbprint = storSimpleCryptoManager.GetSecretsEncryptionThumbprint();
encryptedKey = null;
if (!string.IsNullOrEmpty(key))
{
//validate storage account credentials
if (!ValidStorageAccountCred(name, key, endpoint))
{
throw new ArgumentException(Resources.StorageCredentialVerificationFailureMessage);
}
WriteVerbose(Resources.StorageCredentialVerificationSuccessMessage);
WriteVerbose(Resources.EncryptionInProgressMessage);
storSimpleCryptoManager.EncryptSecretWithRakPub(key, out encryptedKey);
}
return true;
}
/// <summary>
/// Constructs the encryptor to encrypt the secrets like password/key before sharing with service
/// </summary>
/// <param name="client"></param>
public ServiceSecretEncryptor(StorSimpleClient client)
{
this.storSimpleCryptoManager = new StorSimpleCryptoManager(client);
}
public override void ExecuteCmdlet()
{
try
{
string deviceid = StorSimpleClient.GetDeviceId(DeviceName);
if (deviceid == null)
{
throw new ArgumentException(string.Format(Resources.NoDeviceFoundWithGivenNameInResourceMessage, StorSimpleContext.ResourceName, DeviceName));
}
if(EncryptionEnabled == true && (string.IsNullOrEmpty(EncryptionKey) || !IsValidAsciiString(EncryptionKey)))
{
throw new ArgumentException(Resources.EncryptionKeyNotAcceptableMessage);
}
string encryptedKey = null;
StorSimpleCryptoManager storSimpleCryptoManager = new StorSimpleCryptoManager(StorSimpleClient);
if (EncryptionEnabled == true)
{
WriteVerbose(Resources.EncryptionInProgressMessage);
storSimpleCryptoManager.EncryptSecretWithRakPub(EncryptionKey, out encryptedKey);
}
if (string.IsNullOrEmpty(PrimaryStorageAccountCredential.InstanceId))
{
//The SAC needs to be created inline
WriteVerbose(Resources.InlineSacCreationMessage);
var sac = PrimaryStorageAccountCredential;
//validate storage account credentials
bool storageAccountPresent;
string encryptedPassword;
string thumbprint;
string endpoint = GetEndpointFromHostname(sac.Hostname);
string location = GetStorageAccountLocation(sac.Name, out storageAccountPresent);
if (!storageAccountPresent
|| !ValidateAndEncryptStorageCred(sac.Name, sac.Password, endpoint, out encryptedPassword, out thumbprint))
{
return;
}
sac.Password = encryptedPassword;
sac.PasswordEncryptionCertThumbprint = thumbprint;
sac.Location = location;
}
var dc = new DataContainerRequest
{
IsDefault = false,
Name = VolumeContainerName,
BandwidthRate = BandWidthRateInMbps,
IsEncryptionEnabled = EncryptionEnabled ?? false,
EncryptionKey = encryptedKey,
VolumeCount = 0,
PrimaryStorageAccountCredential = PrimaryStorageAccountCredential,
SecretsEncryptionThumbprint = storSimpleCryptoManager.GetSecretsEncryptionThumbprint()
};
if (WaitForComplete.IsPresent)
{
var taskStatus = StorSimpleClient.CreateDataContainer(deviceid, dc);
HandleSyncTaskResponse(taskStatus, "create");
if (taskStatus.AsyncTaskAggregatedResult == AsyncTaskAggregatedResult.Succeeded)
{
var createdDataContainer = StorSimpleClient.GetDataContainer(deviceid, VolumeContainerName);
WriteObject(createdDataContainer.DataContainerInfo);
}
}
else
{
var taskstatus = StorSimpleClient.CreateDataContainerAsync(deviceid, dc);
HandleAsyncTaskResponse(taskstatus, "create");
}
}
catch (Exception exception)
{
this.HandleException(exception);
}
}
public static void ValidatePersistedCIK(StorSimpleCmdletBase cmdlet, string resourceId)
{
string cik = RetrieveCIK(cmdlet, resourceId);
StorSimpleCryptoManager cryptMgr = new StorSimpleCryptoManager(cmdlet.StorSimpleClient);
string rakPub = null;
try
{
rakPub = cryptMgr.GetPlainTextRAKPub(cik);
}
catch (CryptographicException exception)
{
// This case is to handle the failures during decrypting the Rak Pub
cmdlet.WriteVerbose(string.Format(Resources.CIKInvalidWithException, exception.Message));
throw new Exception(Resources.CIKInvalidWhileDecrypting);
}
if (string.IsNullOrEmpty(rakPub))
{
throw new Exception(Resources.PersistedCIKValidationFailed);
}
}
public static void ValidatePersistedCIK(StorSimpleCmdletBase cmdlet, string resourceId)
{
string cik = RetrieveCIK(cmdlet, resourceId);
StorSimpleCryptoManager cryptMgr = new StorSimpleCryptoManager(cmdlet.StorSimpleClient);
string rakPub = cryptMgr.GetPlainTextRAKPub(cik);
if (string.IsNullOrEmpty(rakPub))
{
throw new Exception(Resources.PersistedCIKValidationFailed);
}
}
public void UpdateVirtualDeviceDetails(DeviceDetails details, TimeZoneInfo timeZone, string sek, string adminPasswd, string snapshotPasswd, string cik, StorSimpleCryptoManager cryptoManager)
{
if (timeZone != null)
{
details.TimeServer.TimeZone = timeZone.StandardName;
}
// encrypt supplied secret with the device public key
var encryptedSecretKey = this.EncryptWithDevicePublicKey(details.DeviceProperties.DeviceId, sek);
details.VirtualApplianceProperties.EncodedServiceEncryptionKey = encryptedSecretKey;
// Also set the CIK before making the request - service needs it.
var encryptedCik = this.EncryptWithDevicePublicKey(details.DeviceProperties.DeviceId, cik);
details.VirtualApplianceProperties.EncodedChannelIntegrityKey = encryptedCik;
// Set the admin password
string encryptedAdminPasswd = null;
cryptoManager.EncryptSecretWithRakPub(adminPasswd, out encryptedAdminPasswd);
details.RemoteMinishellSecretInfo.MinishellSecret = encryptedAdminPasswd;
// Set the snapshot manager password
string encryptedSnapshotManagerPasswd = null;
cryptoManager.EncryptSecretWithRakPub(snapshotPasswd, out encryptedSnapshotManagerPasswd);
details.Snapshot.SnapshotSecret = encryptedSnapshotManagerPasswd;
// Set the cert thumbprint for the key used.
details.SecretEncryptionCertThumbprint = cryptoManager.GetSecretsEncryptionThumbprint();
// mark everything that we dont intend to modify as null - indicating
// to the service that there has been no change
details.AlertNotification = null;
details.Chap = null;
details.DnsServer = null;
details.NetInterfaceList = null;
details.RemoteMgmtSettingsInfo = null;
details.WebProxy = null;
}
