/// <summary> /// Method to generate the credential file content /// </summary> /// <param name="managementCert">management cert</param> /// <param name="acsDetails">ACS details</param> /// <param name="channelIntegrityKey">Integrity key</param> /// <param name="vault">vault object</param> /// <param name="site">site object</param> /// <returns>vault credential object</returns> private ASRVaultCreds GenerateCredentialObject( X509Certificate2 managementCert, VaultCertificateResponse acsDetails, string channelIntegrityKey, ARSVault vault, ASRSite site) { string serializedCertificate = Convert.ToBase64String(managementCert.Export(X509ContentType.Pfx)); AcsNamespace acsNamespace = new AcsNamespace(acsDetails.Properties as ResourceCertificateAndAcsDetails); string resourceProviderNamespace = string.Empty; string resourceType = string.Empty; Utilities.GetResourceProviderNamespaceAndType(vault.ID, out resourceProviderNamespace, out resourceType); ASRVaultCreds vaultCreds = new ASRVaultCreds( vault.SubscriptionId, vault.Name, serializedCertificate, acsNamespace, channelIntegrityKey, vault.ResourceGroupName, site.ID, site.Name, resourceProviderNamespace, resourceType, vault.Location); return(vaultCreds); }
/// <summary> /// Set Azure Recovery Services Vault context. /// </summary> private void SetARSVaultContext(ARSVault arsVault) { try { using (System.Management.Automation.PowerShell powerShell = System.Management.Automation.PowerShell.Create()) { Collection<PSObject> result = powerShell .AddCommand("Get-AzureRmRecoveryServicesVaultSettingsFile") .AddParameter("Vault", arsVault) .Invoke(); string vaultSettingspath = (string)result[0].Members["FilePath"].Value; powerShell.Commands.Clear(); result = powerShell .AddCommand("Import-AzureRmSiteRecoveryVaultSettingsFile") .AddParameter("Path", vaultSettingspath) .Invoke(); WriteObject(result); powerShell.Commands.Clear(); } } catch (InvalidOperationException e) { WriteDebug(e.Message); } }
/// <summary> /// Changes the Vault context /// </summary> /// <param name="vault">vault object</param> /// <returns>credential object</returns> public ASRVaultCreds ChangeVaultContext(ARSVault vault) { string resourceProviderNamespace = string.Empty; string resourceType = string.Empty; Utilities.GetResourceProviderNamespaceAndType(vault.ID, out resourceProviderNamespace, out resourceType); Utilities.UpdateCurrentVaultContext(new ASRVaultCreds() { ResourceGroupName = vault.ResourceGroupName, ResourceName = vault.Name, ResourceNamespace = resourceProviderNamespace, ARMResourceType = resourceType }); // Get Channel Integrity key string getChannelIntegrityKey = this.GetCurrentVaultChannelIntegrityKey(); // Update vault settings along with Channel integrity key Utilities.UpdateCurrentVaultContext(new ASRVaultCreds() { ResourceGroupName = vault.ResourceGroupName, ResourceName = vault.Name, ChannelIntegrityKey = getChannelIntegrityKey, ResourceNamespace = resourceProviderNamespace, ARMResourceType = resourceType }); return(arsVaultCreds); }
/// <summary> /// Gets the vault credential object /// </summary> /// <param name="managementCert">certificate to be uploaded</param> /// <param name="vault">vault object</param> /// <param name="site">site object</param> /// <param name="authType">authentication type</param> /// <returns>credential object</returns> public ASRVaultCreds GenerateVaultCredential( X509Certificate2 managementCert, ARSVault vault, ASRSite site, string authType) { ASRVaultCreds currentVaultContext = PSRecoveryServicesClient.arsVaultCreds; string resourceProviderNamespace = string.Empty; string resourceType = string.Empty; Utilities.GetResourceProviderNamespaceAndType(vault.ID, out resourceProviderNamespace, out resourceType); Logger.Instance.WriteDebug(string.Format( "GenerateVaultCredential resourceProviderNamespace = {0}, resourceType = {1}", resourceProviderNamespace, resourceType)); // Update vault settings with the working vault to generate file Utilities.UpdateCurrentVaultContext(new ASRVaultCreds() { ResourceGroupName = vault.ResourceGroupName, ResourceName = vault.Name, ResourceNamespace = resourceProviderNamespace, ARMResourceType = resourceType }); // Get Channel Integrity key string channelIntegrityKey; string getChannelIntegrityKey = this.GetCurrentVaultChannelIntegrityKey(); // Making sure we can generate the file, once the SDK and portal are inter-operable // upload certificate and fetch of ACIK can be made parallel to improvve the performace. // Upload certificate VaultCertificateResponse uploadCertificate = this.UpdateVaultCertificate( managementCert, authType); channelIntegrityKey = getChannelIntegrityKey; ASRVaultCreds arsVaultCreds = this.GenerateCredentialObject( managementCert, uploadCertificate, channelIntegrityKey, vault, site); // Update back the original vault settings Utilities.UpdateCurrentVaultContext(currentVaultContext); return(arsVaultCreds); }
/// <summary> /// Gets the vault credential object /// </summary> /// <param name="managementCert">certificate to be uploaded</param> /// <param name="vault">vault object</param> /// <returns>credential object</returns> public ASRVaultCreds GenerateVaultCredential(X509Certificate2 managementCert, ARSVault vault, ASRSite site) { ASRVaultCreds currentVaultContext = PSRecoveryServicesClient.arsVaultCreds; string resourceProviderNamespace = string.Empty; string resourceType = string.Empty; Utilities.GetResourceProviderNamespaceAndType(vault.ID, out resourceProviderNamespace, out resourceType); // Update vault settings with the working vault to generate file Utilities.UpdateCurrentVaultContext(new ASRVaultCreds() { ResourceGroupName = vault.ResourceGroupName, ResourceName = vault.Name, ResourceNamespace = resourceProviderNamespace, ARMResourceType = resourceType }); // Get Channel Integrity key string channelIntegrityKey; Task<string> getChannelIntegrityKey = this.GetChannelIntegrityKey(); // Making sure we can generate the file, once the SDK and portal are inter-operable // upload certificate and fetch of ACIK can be made parallel to improvve the performace. getChannelIntegrityKey.Wait(); // Upload certificate UploadCertificateResponse acsDetails; Task<UploadCertificateResponse> uploadCertificate = this.UpdateVaultCertificate(managementCert); uploadCertificate.Wait(); acsDetails = uploadCertificate.Result; channelIntegrityKey = getChannelIntegrityKey.Result; ASRVaultCreds arsVaultCreds = this.GenerateCredentialObject( managementCert, acsDetails, channelIntegrityKey, vault, site); // Update back the original vault settings Utilities.UpdateCurrentVaultContext(currentVaultContext); return arsVaultCreds; }
/// <summary> /// Updates current Vault context. /// </summary> /// <param name="arsVault">ARS Vault</param> public static void UpdateCurrentVaultContext(ARSVault arsVault) { PSRecoveryServicesClient.arsVault = arsVault; }
/// <summary> /// Upload cert to idmgmt /// </summary> /// <param name="managementCert">certificate to be uploaded</param> /// <param name="vault">vault object</param> /// <returns>Upload Certificate Response</returns> public VaultCertificateResponse UploadCertificate(X509Certificate2 managementCert, ARSVault vault) { var certificateArgs = new CertificateRequest(); certificateArgs.Properties = new RawCertificateData(); certificateArgs.Properties.Certificate = managementCert.GetRawCertData(); certificateArgs.Properties.AuthType = AuthType.AAD; return(GetRecoveryServicesClient.VaultCertificates.CreateWithHttpMessagesAsync( vault.ResourceGroupName, vault.Name, managementCert.FriendlyName, certificateArgs.Properties, GetRequestHeaders()).Result.Body); }
/// <summary> /// Method to generate the credential file content /// </summary> /// <param name="managementCert">management cert</param> /// <param name="acsDetails">ACS details</param> /// <param name="channelIntegrityKey">Integrity key</param> /// <param name="vault">vault object</param> /// <param name="site">site object</param> /// <returns>vault credential object</returns> private ASRVaultCreds GenerateCredentialObject(X509Certificate2 managementCert, UploadCertificateResponse acsDetails, string channelIntegrityKey, ARSVault vault, ASRSite site) { string serializedCertifivate = Convert.ToBase64String(managementCert.Export(X509ContentType.Pfx)); AcsNamespace acsNamespace = new AcsNamespace(acsDetails); string resourceProviderNamespace = string.Empty; string resourceType = string.Empty; Utilities.GetResourceProviderNamespaceAndType(vault.ID, out resourceProviderNamespace, out resourceType); ASRVaultCreds vaultCreds = new ASRVaultCreds( vault.SubscriptionId, vault.Name, serializedCertifivate, acsNamespace, channelIntegrityKey, vault.ResourceGroupName, site.ID, site.Name, resourceProviderNamespace, resourceType, vault.Location); return vaultCreds; }
/// <summary> /// Changes the Vault context /// </summary> /// <param name="vault">vault object</param> /// <returns>credential object</returns> public ASRVaultCreds ChangeVaultContext(ARSVault vault) { string resourceProviderNamespace = string.Empty; string resourceType = string.Empty; Utilities.GetResourceProviderNamespaceAndType(vault.ID, out resourceProviderNamespace, out resourceType); Utilities.UpdateCurrentVaultContext(new ASRVaultCreds() { ResourceGroupName = vault.ResourceGroupName, ResourceName = vault.Name, ResourceNamespace = resourceProviderNamespace, ARMResourceType= resourceType }); // Get Channel Integrity key Task<string> getChannelIntegrityKey = this.GetChannelIntegrityKey(); getChannelIntegrityKey.Wait(); // Update vault settings along with Channel integrity key Utilities.UpdateCurrentVaultContext(new ASRVaultCreds() { ResourceGroupName = vault.ResourceGroupName, ResourceName = vault.Name, ChannelIntegrityKey = getChannelIntegrityKey.Result, ResourceNamespace = resourceProviderNamespace, ARMResourceType = resourceType }); return arsVaultCreds; }
/// <summary> /// Upload cert to idmgmt /// </summary> /// <param name="managementCert">certificate to be uploaded</param> /// <param name="vault">vault object</param> /// <returns>Upload Certificate Response</returns> public UploadCertificateResponse UploadCertificate(X509Certificate2 managementCert, ARSVault vault) { var certificateArgs = new CertificateArgs(); certificateArgs.Properties = new Dictionary<string, string>(); certificateArgs.Properties.Add("certificate", Convert.ToBase64String(managementCert.GetRawCertData())); var response = this.recoveryServicesClient.VaultExtendedInfo.UploadCertificateAsync( vault.ResourceGroupName, vault.Name, certificateArgs, managementCert.FriendlyName, this.GetRequestHeaders()); response.Wait(); return response.Result; }
/// <summary> /// Gets the vault credential object /// </summary> /// <param name="managementCert">certificate to be uploaded</param> /// <param name="vault">vault object</param> /// <returns>credential object</returns> public ASRVaultCreds GenerateVaultCredential(X509Certificate2 managementCert, ARSVault vault, ASRSite site) { ASRVaultCreds currentVaultContext = PSRecoveryServicesClient.asrVaultCreds; string resourceProviderNamespace = string.Empty; string resourceType = string.Empty; Utilities.GetResourceProviderNamespaceAndType(vault.ID, out resourceProviderNamespace, out resourceType); // Update vault settings with the working vault to generate file Utilities.UpdateCurrentVaultContext(new ASRVaultCreds() { ResourceGroupName = vault.ResouceGroupName, ResourceName = vault.Name, ResourceNamespace = resourceProviderNamespace, ARMResourceType = resourceType }); // Get Channel Integrity key string channelIntegrityKey; Task <string> getChannelIntegrityKey = this.GetChannelIntegrityKey(); // Making sure we can generate the file, once the SDK and portal are inter-operable // upload certificate and fetch of ACIK can be made parallel to improvve the performace. getChannelIntegrityKey.Wait(); // Upload certificate UploadCertificateResponse acsDetails; Task <UploadCertificateResponse> uploadCertificate = this.UpdateVaultCertificate(managementCert); uploadCertificate.Wait(); acsDetails = uploadCertificate.Result; channelIntegrityKey = getChannelIntegrityKey.Result; ASRVaultCreds asrVaultCreds = this.GenerateCredentialObject( managementCert, acsDetails, channelIntegrityKey, vault, site); // Update back the original vault settings Utilities.UpdateCurrentVaultContext(currentVaultContext); return(asrVaultCreds); }
/// <summary> /// Upload cert to idmgmt /// </summary> /// <param name="managementCert">certificate to be uploaded</param> /// <param name="vault">vault object</param> /// <returns>Upload Certificate Response</returns> public UploadCertificateResponse UploadCertificate(X509Certificate2 managementCert, ARSVault vault) { var certificateArgs = new CertificateArgs(); certificateArgs.Properties = new Dictionary <string, string>(); certificateArgs.Properties.Add("certificate", Convert.ToBase64String(managementCert.GetRawCertData())); var response = this.recoveryServicesClient.VaultExtendedInfo.UploadCertificateAsync( vault.ResouceGroupName, vault.Name, certificateArgs, managementCert.FriendlyName, this.GetRequestHeaders()); response.Wait(); return(response.Result); }