/// <summary>
/// Download security domain data for restore.
/// Data is encrypted with the certificates (public keys) user passes in.
/// </summary>
/// <param name="hsmName">Name of the HSM</param>
/// <param name="certificates">Certificates used to encrypt the security domain data</param>
/// <param name="quorum">Specify how many keys are required to decrypt the data</param>
/// <returns>Encrypted HSM security domain data in string</returns>
public string DownloadSecurityDomain(string hsmName, IEnumerable <X509Certificate2> certificates, int quorum, CancellationToken cancellationToken)
{
var downloadRequest = new DownloadRequest
{
Required = quorum
};
certificates.ForEach(cert => downloadRequest.Certificates.Add(new JWK(cert)));
string requestBody = JsonConvert.SerializeObject(
downloadRequest,
Formatting.None,
_serializationSettings);
var httpRequest = CreateRequest(HttpMethod.Post, hsmName, $"/{_securityDomain}/download", new StringContent(requestBody));
try
{
var securityDomain = JsonConvert.DeserializeObject <SecurityDomainWrapper>(PollAsyncOperation(httpRequest, cancellationToken));
ValidateDownloadSecurityDomainResponse(securityDomain);
return(securityDomain.value);
} catch (Exception ex) {
_writeDebug($"Invalid security domain response: {ex.Message}");
throw new AzPSException(Resources.DownloadSecurityDomainFail, ErrorKind.ServiceError, ex);
}
}
/// <summary>
/// Download security domain data for restore.
/// Data is encrypted with the certificates (public keys) user passes in.
/// </summary>
/// <param name="hsmName">Name of the HSM</param>
/// <param name="certificates">Certificates used to encrypt the security domain data</param>
/// <param name="quorum">Specify how many keys are required to decrypt the data</param>
/// <returns>Encrypted HSM security domain data in string</returns>
public string DownloadSecurityDomain(string hsmName, IEnumerable <X509Certificate2> certificates, int quorum)
{
var downloadRequest = new DownloadRequest
{
Required = quorum
};
certificates.ForEach(cert => downloadRequest.Certificates.Add(new JWK(cert)));
string requestBody = JsonConvert.SerializeObject(
downloadRequest,
Formatting.None,
_serializationSettings);
var httpRequest = new HttpRequestMessage
{
Method = HttpMethod.Post,
RequestUri = new UriBuilder(_uriHelper.CreateManagedHsmUri(hsmName))
{
Path = $"/{_securityDomainPathFragment}/download"
}.Uri,
Content = new StringContent(requestBody)
};
PrepareRequest(httpRequest);
var httpResponseMessage = HttpClient.SendAsync(httpRequest).ConfigureAwait(false).GetAwaiter().GetResult();
if (httpResponseMessage.IsSuccessStatusCode)
{
string response = httpResponseMessage.Content.ReadAsStringAsync().ConfigureAwait(false).GetAwaiter().GetResult();
var securityDomainWrapper = JsonConvert.DeserializeObject <SecurityDomainWrapper>(response);
ValidateDownloadSecurityDomainResponse(securityDomainWrapper);
return(securityDomainWrapper.value);
}
else
{
string response = httpResponseMessage.Content.ReadAsStringAsync().ConfigureAwait(false).GetAwaiter().GetResult();
_writeDebug($"Invalid security domain response: {response}");
throw new Exception(Resources.DownloadSecurityDomainFail);
}
}
