Azure Recovery Services Vault.
        /// <summary>
        /// Method to generate the credential file content
        /// </summary>
        /// <param name="managementCert">management cert</param>
        /// <param name="acsDetails">ACS details</param>
        /// <param name="channelIntegrityKey">Integrity key</param>
        /// <param name="vault">vault object</param>
        /// <param name="site">site object</param>
        /// <returns>vault credential object</returns>
        private ASRVaultCreds GenerateCredentialObject(
            X509Certificate2 managementCert,
            VaultCertificateResponse acsDetails,
            string channelIntegrityKey,
            ARSVault vault,
            ASRSite site)
        {
            string serializedCertificate = Convert.ToBase64String(managementCert.Export(X509ContentType.Pfx));

            AcsNamespace acsNamespace = new AcsNamespace(acsDetails.Properties as ResourceCertificateAndAcsDetails);

            string resourceProviderNamespace = string.Empty;
            string resourceType = string.Empty;

            Utilities.GetResourceProviderNamespaceAndType(vault.ID, out resourceProviderNamespace, out resourceType);
            ASRVaultCreds vaultCreds = new ASRVaultCreds(
                vault.SubscriptionId,
                vault.Name,
                serializedCertificate,
                acsNamespace,
                channelIntegrityKey,
                vault.ResourceGroupName,
                site.ID,
                site.Name,
                resourceProviderNamespace,
                resourceType,
                vault.Location);

            return(vaultCreds);
        }
        /// <summary>
        /// Set Azure Recovery Services Vault context.
        /// </summary>
        private void SetARSVaultContext(ARSVault arsVault)
        {
            try
            {
                using (System.Management.Automation.PowerShell powerShell = System.Management.Automation.PowerShell.Create())
                {
                    Collection<PSObject> result =
                        powerShell
                        .AddCommand("Get-AzureRmRecoveryServicesVaultSettingsFile")
                        .AddParameter("Vault", arsVault)
                        .Invoke();

                    string vaultSettingspath = (string)result[0].Members["FilePath"].Value;
                    powerShell.Commands.Clear();

                    result =
                        powerShell
                        .AddCommand("Import-AzureRmSiteRecoveryVaultSettingsFile")
                        .AddParameter("Path", vaultSettingspath)
                        .Invoke();
                    WriteObject(result);
                    powerShell.Commands.Clear();
                }
            }
            catch (InvalidOperationException e)
            {
                WriteDebug(e.Message);
            }
        }
        /// <summary>
        /// Changes the Vault context
        /// </summary>
        /// <param name="vault">vault object</param>
        /// <returns>credential object</returns>
        public ASRVaultCreds ChangeVaultContext(ARSVault vault)
        {
            string resourceProviderNamespace = string.Empty;
            string resourceType = string.Empty;

            Utilities.GetResourceProviderNamespaceAndType(vault.ID, out resourceProviderNamespace, out resourceType);
            Utilities.UpdateCurrentVaultContext(new ASRVaultCreds()
            {
                ResourceGroupName = vault.ResourceGroupName,
                ResourceName      = vault.Name,
                ResourceNamespace = resourceProviderNamespace,
                ARMResourceType   = resourceType
            });

            // Get Channel Integrity key
            string getChannelIntegrityKey = this.GetCurrentVaultChannelIntegrityKey();

            // Update vault settings along with Channel integrity key
            Utilities.UpdateCurrentVaultContext(new ASRVaultCreds()
            {
                ResourceGroupName   = vault.ResourceGroupName,
                ResourceName        = vault.Name,
                ChannelIntegrityKey = getChannelIntegrityKey,
                ResourceNamespace   = resourceProviderNamespace,
                ARMResourceType     = resourceType
            });

            return(arsVaultCreds);
        }
        /// <summary>
        /// Gets the vault credential object
        /// </summary>
        /// <param name="managementCert">certificate to be uploaded</param>
        /// <param name="vault">vault object</param>
        /// <param name="site">site object</param>
        /// <param name="authType">authentication type</param>
        /// <returns>credential object</returns>
        public ASRVaultCreds GenerateVaultCredential(
            X509Certificate2 managementCert,
            ARSVault vault,
            ASRSite site,
            string authType)
        {
            ASRVaultCreds currentVaultContext = PSRecoveryServicesClient.arsVaultCreds;

            string resourceProviderNamespace = string.Empty;
            string resourceType = string.Empty;

            Utilities.GetResourceProviderNamespaceAndType(vault.ID, out resourceProviderNamespace, out resourceType);

            Logger.Instance.WriteDebug(string.Format(
                                           "GenerateVaultCredential resourceProviderNamespace = {0}, resourceType = {1}",
                                           resourceProviderNamespace,
                                           resourceType));

            // Update vault settings with the working vault to generate file
            Utilities.UpdateCurrentVaultContext(new ASRVaultCreds()
            {
                ResourceGroupName = vault.ResourceGroupName,
                ResourceName      = vault.Name,
                ResourceNamespace = resourceProviderNamespace,
                ARMResourceType   = resourceType
            });

            // Get Channel Integrity key
            string channelIntegrityKey;
            string getChannelIntegrityKey = this.GetCurrentVaultChannelIntegrityKey();

            // Making sure we can generate the file, once the SDK and portal are inter-operable
            // upload certificate and fetch of ACIK can be made parallel to improvve the performace.

            // Upload certificate
            VaultCertificateResponse uploadCertificate = this.UpdateVaultCertificate(
                managementCert,
                authType);

            channelIntegrityKey = getChannelIntegrityKey;

            ASRVaultCreds arsVaultCreds = this.GenerateCredentialObject(
                managementCert,
                uploadCertificate,
                channelIntegrityKey,
                vault,
                site);

            // Update back the original vault settings
            Utilities.UpdateCurrentVaultContext(currentVaultContext);

            return(arsVaultCreds);
        }
        /// <summary>
        /// Gets the vault credential object
        /// </summary>
        /// <param name="managementCert">certificate to be uploaded</param>
        /// <param name="vault">vault object</param>
        /// <returns>credential object</returns>
        public ASRVaultCreds GenerateVaultCredential(X509Certificate2 managementCert, ARSVault vault, ASRSite site)
        {
            ASRVaultCreds currentVaultContext = PSRecoveryServicesClient.arsVaultCreds;

            string resourceProviderNamespace = string.Empty;
            string resourceType = string.Empty;
            Utilities.GetResourceProviderNamespaceAndType(vault.ID, out resourceProviderNamespace, out resourceType);
            // Update vault settings with the working vault to generate file
            Utilities.UpdateCurrentVaultContext(new ASRVaultCreds()
            {
                ResourceGroupName = vault.ResourceGroupName,
                ResourceName = vault.Name,
                ResourceNamespace = resourceProviderNamespace,
                ARMResourceType = resourceType
            });

            // Get Channel Integrity key
            string channelIntegrityKey;
            Task<string> getChannelIntegrityKey = this.GetChannelIntegrityKey();

            // Making sure we can generate the file, once the SDK and portal are inter-operable
            // upload certificate and fetch of ACIK can be made parallel to improvve the performace.
            getChannelIntegrityKey.Wait();

            // Upload certificate
            UploadCertificateResponse acsDetails;
            Task<UploadCertificateResponse> uploadCertificate = this.UpdateVaultCertificate(managementCert);
            uploadCertificate.Wait();

            acsDetails = uploadCertificate.Result;
            channelIntegrityKey = getChannelIntegrityKey.Result;

            ASRVaultCreds arsVaultCreds = this.GenerateCredentialObject(
                                                managementCert,
                                                acsDetails,
                                                channelIntegrityKey,
                                                vault,
                                                site);

            // Update back the original vault settings
            Utilities.UpdateCurrentVaultContext(currentVaultContext);

            return arsVaultCreds;
        }
Esempio n. 6
0
 /// <summary>
 /// Updates current Vault context.
 /// </summary>
 /// <param name="arsVault">ARS Vault</param>
 public static void UpdateCurrentVaultContext(ARSVault arsVault)
 {
     PSRecoveryServicesClient.arsVault = arsVault;
 }
        /// <summary>
        /// Upload cert to idmgmt
        /// </summary>
        /// <param name="managementCert">certificate to be uploaded</param>
        /// <param name="vault">vault object</param>
        /// <returns>Upload Certificate Response</returns>
        public VaultCertificateResponse UploadCertificate(X509Certificate2 managementCert, ARSVault vault)
        {
            var certificateArgs = new CertificateRequest();

            certificateArgs.Properties             = new RawCertificateData();
            certificateArgs.Properties.Certificate = managementCert.GetRawCertData();
            certificateArgs.Properties.AuthType    = AuthType.AAD;

            return(GetRecoveryServicesClient.VaultCertificates.CreateWithHttpMessagesAsync(
                       vault.ResourceGroupName,
                       vault.Name,
                       managementCert.FriendlyName,
                       certificateArgs.Properties,
                       GetRequestHeaders()).Result.Body);
        }
        /// <summary>
        /// Method to generate the credential file content
        /// </summary>
        /// <param name="managementCert">management cert</param>
        /// <param name="acsDetails">ACS details</param>
        /// <param name="channelIntegrityKey">Integrity key</param>
        /// <param name="vault">vault object</param>
        /// <param name="site">site object</param>
        /// <returns>vault credential object</returns>
        private ASRVaultCreds GenerateCredentialObject(X509Certificate2 managementCert, UploadCertificateResponse acsDetails, string channelIntegrityKey, ARSVault vault, ASRSite site)
        {
            string serializedCertifivate = Convert.ToBase64String(managementCert.Export(X509ContentType.Pfx));

            AcsNamespace acsNamespace = new AcsNamespace(acsDetails);

            string resourceProviderNamespace = string.Empty;
            string resourceType = string.Empty;
            Utilities.GetResourceProviderNamespaceAndType(vault.ID, out resourceProviderNamespace, out resourceType);
            ASRVaultCreds vaultCreds = new ASRVaultCreds(
                                            vault.SubscriptionId,
                                            vault.Name,
                                            serializedCertifivate,
                                            acsNamespace,
                                            channelIntegrityKey,
                                            vault.ResourceGroupName,
                                            site.ID,
                                            site.Name,
                                            resourceProviderNamespace,
                                            resourceType,
                                            vault.Location);

            return vaultCreds;
        }
        /// <summary>
        /// Changes the Vault context
        /// </summary>
        /// <param name="vault">vault object</param>
        /// <returns>credential object</returns>
        public ASRVaultCreds ChangeVaultContext(ARSVault vault)
        {
            string resourceProviderNamespace = string.Empty;
            string resourceType = string.Empty;
            Utilities.GetResourceProviderNamespaceAndType(vault.ID, out resourceProviderNamespace, out resourceType);
            Utilities.UpdateCurrentVaultContext(new ASRVaultCreds()
            {
                ResourceGroupName = vault.ResourceGroupName,
                ResourceName = vault.Name,
                ResourceNamespace = resourceProviderNamespace,
                ARMResourceType= resourceType
            });

            // Get Channel Integrity key
            Task<string> getChannelIntegrityKey = this.GetChannelIntegrityKey();
            getChannelIntegrityKey.Wait();

            // Update vault settings along with Channel integrity key
            Utilities.UpdateCurrentVaultContext(new ASRVaultCreds()
            {
                ResourceGroupName = vault.ResourceGroupName,
                ResourceName = vault.Name,
                ChannelIntegrityKey = getChannelIntegrityKey.Result,
                ResourceNamespace = resourceProviderNamespace,
                ARMResourceType = resourceType
            });

            return arsVaultCreds;
        }
        /// <summary>
        /// Upload cert to idmgmt
        /// </summary>
        /// <param name="managementCert">certificate to be uploaded</param>
        /// <param name="vault">vault object</param>
        /// <returns>Upload Certificate Response</returns>
        public UploadCertificateResponse UploadCertificate(X509Certificate2 managementCert, ARSVault vault)
        {
            var certificateArgs = new CertificateArgs();
            certificateArgs.Properties = new Dictionary<string, string>();
            certificateArgs.Properties.Add("certificate", Convert.ToBase64String(managementCert.GetRawCertData()));

            var response = this.recoveryServicesClient.VaultExtendedInfo.UploadCertificateAsync(
                vault.ResourceGroupName,
                vault.Name,
                certificateArgs, managementCert.FriendlyName,
                this.GetRequestHeaders());
            response.Wait();
            return response.Result;
        }
        /// <summary>
        /// Gets the vault credential object
        /// </summary>
        /// <param name="managementCert">certificate to be uploaded</param>
        /// <param name="vault">vault object</param>
        /// <returns>credential object</returns>
        public ASRVaultCreds GenerateVaultCredential(X509Certificate2 managementCert, ARSVault vault, ASRSite site)
        {
            ASRVaultCreds currentVaultContext = PSRecoveryServicesClient.asrVaultCreds;

            string resourceProviderNamespace = string.Empty;
            string resourceType = string.Empty;

            Utilities.GetResourceProviderNamespaceAndType(vault.ID, out resourceProviderNamespace, out resourceType);
            // Update vault settings with the working vault to generate file
            Utilities.UpdateCurrentVaultContext(new ASRVaultCreds()
            {
                ResourceGroupName = vault.ResouceGroupName,
                ResourceName      = vault.Name,
                ResourceNamespace = resourceProviderNamespace,
                ARMResourceType   = resourceType
            });

            // Get Channel Integrity key
            string        channelIntegrityKey;
            Task <string> getChannelIntegrityKey = this.GetChannelIntegrityKey();

            // Making sure we can generate the file, once the SDK and portal are inter-operable
            // upload certificate and fetch of ACIK can be made parallel to improvve the performace.
            getChannelIntegrityKey.Wait();

            // Upload certificate
            UploadCertificateResponse        acsDetails;
            Task <UploadCertificateResponse> uploadCertificate = this.UpdateVaultCertificate(managementCert);

            uploadCertificate.Wait();

            acsDetails          = uploadCertificate.Result;
            channelIntegrityKey = getChannelIntegrityKey.Result;

            ASRVaultCreds asrVaultCreds = this.GenerateCredentialObject(
                managementCert,
                acsDetails,
                channelIntegrityKey,
                vault,
                site);

            // Update back the original vault settings
            Utilities.UpdateCurrentVaultContext(currentVaultContext);

            return(asrVaultCreds);
        }
Esempio n. 12
0
        /// <summary>
        /// Upload cert to idmgmt
        /// </summary>
        /// <param name="managementCert">certificate to be uploaded</param>
        /// <param name="vault">vault object</param>
        /// <returns>Upload Certificate Response</returns>
        public UploadCertificateResponse UploadCertificate(X509Certificate2 managementCert, ARSVault vault)
        {
            var certificateArgs = new CertificateArgs();

            certificateArgs.Properties = new Dictionary <string, string>();
            certificateArgs.Properties.Add("certificate", Convert.ToBase64String(managementCert.GetRawCertData()));

            var response = this.recoveryServicesClient.VaultExtendedInfo.UploadCertificateAsync(
                vault.ResouceGroupName,
                vault.Name,
                certificateArgs, managementCert.FriendlyName,
                this.GetRequestHeaders());

            response.Wait();
            return(response.Result);
        }