public override void Execute() { base.Execute(); PSVpnServerConfiguration vpnServerConfigurationToUpdate = null; if (ParameterSetName.Contains(CortexParameterSetNames.ByVpnServerConfigurationObject)) { vpnServerConfigurationToUpdate = this.InputObject; this.ResourceGroupName = this.InputObject.ResourceGroupName; this.Name = this.InputObject.Name; } else { if (ParameterSetName.Contains(CortexParameterSetNames.ByVpnServerConfigurationResourceId)) { var parsedResourceId = new ResourceIdentifier(this.ResourceId); this.Name = parsedResourceId.ResourceName; this.ResourceGroupName = parsedResourceId.ResourceGroupName; } vpnServerConfigurationToUpdate = this.GetVpnServerConfiguration(this.ResourceGroupName, this.Name); } if (vpnServerConfigurationToUpdate == null) { throw new PSArgumentException(Properties.Resources.VpnServerConfigurationNotFound); } if (this.VpnProtocol != null) { vpnServerConfigurationToUpdate.VpnProtocols = new List <string>(this.VpnProtocol); } if (this.VpnAuthenticationType != null) { vpnServerConfigurationToUpdate.VpnAuthenticationTypes = new List <string>(this.VpnAuthenticationType); } if (this.VpnClientIpsecPolicy != null && VpnClientIpsecPolicy.Length != 0) { vpnServerConfigurationToUpdate.VpnClientIpsecPolicies = new List <PSIpsecPolicy>(this.VpnClientIpsecPolicy); } // Modify the vpnServerConfigurationPolicyGroups if (this.ConfigurationPolicyGroup != null) { vpnServerConfigurationToUpdate.ConfigurationPolicyGroups = new List <PSVpnServerConfigurationPolicyGroup>(); vpnServerConfigurationToUpdate.ConfigurationPolicyGroups.AddRange(this.ConfigurationPolicyGroup); } // VpnAuthenticationType = Certificate related validations. if (vpnServerConfigurationToUpdate.VpnAuthenticationTypes == null || (vpnServerConfigurationToUpdate.VpnAuthenticationTypes != null && vpnServerConfigurationToUpdate.VpnAuthenticationTypes.Contains(MNM.VpnAuthenticationType.Certificate))) { // Read the VpnClientRootCertificates if present if (this.VpnClientRootCertificateFilesList != null) { vpnServerConfigurationToUpdate.VpnClientRootCertificates = new List <PSClientRootCertificate>(); foreach (string vpnClientRootCertPath in this.VpnClientRootCertificateFilesList) { X509Certificate2 VpnClientRootCertificate = new X509Certificate2(vpnClientRootCertPath); PSClientRootCertificate vpnClientRootCert = new PSClientRootCertificate() { Name = Path.GetFileNameWithoutExtension(vpnClientRootCertPath), PublicCertData = Convert.ToBase64String(VpnClientRootCertificate.Export(X509ContentType.Cert)) }; vpnServerConfigurationToUpdate.VpnClientRootCertificates.Add(vpnClientRootCert); } } // Read the VpnClientRevokedCertificates if present if (this.VpnClientRevokedCertificateFilesList != null) { vpnServerConfigurationToUpdate.VpnClientRevokedCertificates = new List <PSClientCertificate>(); foreach (string vpnClientRevokedCertPath in this.VpnClientRevokedCertificateFilesList) { X509Certificate2 vpnClientRevokedCertificate = new X509Certificate2(vpnClientRevokedCertPath); PSClientCertificate vpnClientRevokedCert = new PSClientCertificate() { Name = Path.GetFileNameWithoutExtension(vpnClientRevokedCertPath), Thumbprint = vpnClientRevokedCertificate.Thumbprint }; vpnServerConfigurationToUpdate.VpnClientRevokedCertificates.Add(vpnClientRevokedCert); } } } else { vpnServerConfigurationToUpdate.VpnClientRevokedCertificates = null; vpnServerConfigurationToUpdate.VpnClientRootCertificates = null; } if (vpnServerConfigurationToUpdate.VpnAuthenticationTypes != null) { if (vpnServerConfigurationToUpdate.VpnAuthenticationTypes.Contains(MNM.VpnAuthenticationType.Radius)) { if ((this.RadiusServerList != null && this.RadiusServerList.Count() > 0) && (this.RadiusServerAddress != null || this.RadiusServerSecret != null)) { throw new ArgumentException("Cannot configure both singular radius server and multiple radius servers at the same time."); } if (this.RadiusServerList != null && this.RadiusServerList.Count() > 0) { vpnServerConfigurationToUpdate.RadiusServers = this.RadiusServerList.ToList(); vpnServerConfigurationToUpdate.RadiusServerAddress = null; vpnServerConfigurationToUpdate.RadiusServerSecret = null; } else { if (this.RadiusServerAddress != null) { vpnServerConfigurationToUpdate.RadiusServerAddress = this.RadiusServerAddress; } if (this.RadiusServerSecret != null) { vpnServerConfigurationToUpdate.RadiusServerSecret = SecureStringExtensions.ConvertToString(this.RadiusServerSecret); } vpnServerConfigurationToUpdate.RadiusServers = null; } // Read the RadiusServerRootCertificates if present if (this.RadiusServerRootCertificateFilesList != null) { vpnServerConfigurationToUpdate.RadiusServerRootCertificates = new List <PSClientRootCertificate>(); foreach (string radiusServerRootCertPath in this.RadiusServerRootCertificateFilesList) { X509Certificate2 RadiusServerRootCertificate = new X509Certificate2(radiusServerRootCertPath); PSClientRootCertificate radiusServerRootCert = new PSClientRootCertificate() { Name = Path.GetFileNameWithoutExtension(radiusServerRootCertPath), PublicCertData = Convert.ToBase64String(RadiusServerRootCertificate.Export(X509ContentType.Cert)) }; vpnServerConfigurationToUpdate.RadiusServerRootCertificates.Add(radiusServerRootCert); } } // Read the RadiusClientRootCertificates if present if (this.RadiusClientRootCertificateFilesList != null) { vpnServerConfigurationToUpdate.RadiusClientRootCertificates = new List <PSClientCertificate>(); foreach (string radiusClientRootCertPath in this.RadiusClientRootCertificateFilesList) { X509Certificate2 radiusClientRootCertificate = new X509Certificate2(radiusClientRootCertPath); PSClientCertificate radiusClientRootCert = new PSClientCertificate() { Name = Path.GetFileNameWithoutExtension(radiusClientRootCertPath), Thumbprint = radiusClientRootCertificate.Thumbprint }; vpnServerConfigurationToUpdate.RadiusClientRootCertificates.Add(radiusClientRootCert); } } } else { vpnServerConfigurationToUpdate.RadiusServerAddress = null; vpnServerConfigurationToUpdate.RadiusServerSecret = null; vpnServerConfigurationToUpdate.RadiusClientRootCertificates = null; vpnServerConfigurationToUpdate.RadiusServerRootCertificates = null; vpnServerConfigurationToUpdate.RadiusServers = null; } if (vpnServerConfigurationToUpdate.VpnAuthenticationTypes.Contains(MNM.VpnAuthenticationType.AAD)) { if (vpnServerConfigurationToUpdate.AadAuthenticationParameters == null) { vpnServerConfigurationToUpdate.AadAuthenticationParameters = new PSAadAuthenticationParameters(); } if ((this.AadTenant == null && vpnServerConfigurationToUpdate.AadAuthenticationParameters.AadTenant == null) || (this.AadAudience == null && vpnServerConfigurationToUpdate.AadAuthenticationParameters.AadAudience == null) || (this.AadIssuer == null && vpnServerConfigurationToUpdate.AadAuthenticationParameters.AadIssuer == null)) { throw new ArgumentException("All Aad tenant, Aad audience and Aad issuer must be specified if VpnAuthenticationType is being configured as AAD."); } if (this.AadTenant != null) { vpnServerConfigurationToUpdate.AadAuthenticationParameters.AadTenant = this.AadTenant; } if (this.AadAudience != null) { vpnServerConfigurationToUpdate.AadAuthenticationParameters.AadAudience = this.AadAudience; } if (this.AadIssuer != null) { vpnServerConfigurationToUpdate.AadAuthenticationParameters.AadIssuer = this.AadIssuer; } } else { vpnServerConfigurationToUpdate.AadAuthenticationParameters = null; } } ConfirmAction( Properties.Resources.SettingResourceMessage, this.Name, () => { WriteVerbose(String.Format(Properties.Resources.UpdatingLongRunningOperationMessage, this.ResourceGroupName, this.Name)); WriteObject(this.CreateOrUpdateVpnServerConfiguration(this.ResourceGroupName, this.Name, vpnServerConfigurationToUpdate, this.Tag)); }); }
public PSVpnServerConfiguration CreateVpnServerConfigurationObject( PSVpnServerConfiguration vpnServerConfiguration, string[] vpnProtocol, string[] vpnAuthenticationType, string[] vpnClientRootCertificateFilesList, string[] vpnClientRevokedCertificateFilesList, string radiusServerAddress, SecureString radiusServerSecret, string[] radiusServerRootCertificateFilesList, string[] radiusClientRootCertificateFilesList, string aadTenant, string aadAudience, string aadIssuer, PSIpsecPolicy[] vpnClientIpsecPolicy) { if (vpnProtocol != null) { vpnServerConfiguration.VpnProtocols = new List <string>(vpnProtocol); } if (vpnAuthenticationType != null) { vpnServerConfiguration.VpnAuthenticationTypes = new List <string>(vpnAuthenticationType); } if (vpnClientIpsecPolicy != null && vpnClientIpsecPolicy.Length != 0) { vpnServerConfiguration.VpnClientIpsecPolicies = new List <PSIpsecPolicy>(vpnClientIpsecPolicy); } // VpnAuthenticationType = Certificate related validations. if (vpnAuthenticationType == null || (vpnAuthenticationType != null && vpnAuthenticationType.Contains(MNM.VpnAuthenticationType.Certificate))) { // Read the VpnClientRootCertificates if present if (vpnClientRootCertificateFilesList != null) { vpnServerConfiguration.VpnClientRootCertificates = new List <PSClientRootCertificate>(); foreach (string vpnClientRootCertPath in vpnClientRootCertificateFilesList) { X509Certificate2 VpnClientRootCertificate = new X509Certificate2(vpnClientRootCertPath); PSClientRootCertificate vpnClientRootCert = new PSClientRootCertificate() { Name = Path.GetFileNameWithoutExtension(vpnClientRootCertPath), PublicCertData = Convert.ToBase64String(VpnClientRootCertificate.Export(X509ContentType.Cert)) }; vpnServerConfiguration.VpnClientRootCertificates.Add(vpnClientRootCert); } } // Read the VpnClientRevokedCertificates if present if (vpnClientRevokedCertificateFilesList != null) { vpnServerConfiguration.VpnClientRevokedCertificates = new List <PSClientCertificate>(); foreach (string vpnClientRevokedCertPath in vpnClientRevokedCertificateFilesList) { X509Certificate2 vpnClientRevokedCertificate = new X509Certificate2(vpnClientRevokedCertPath); PSClientCertificate vpnClientRevokedCert = new PSClientCertificate() { Name = Path.GetFileNameWithoutExtension(vpnClientRevokedCertPath), Thumbprint = vpnClientRevokedCertificate.Thumbprint }; vpnServerConfiguration.VpnClientRevokedCertificates.Add(vpnClientRevokedCert); } } } // VpnAuthenticationType = Radius related validations. else if (vpnAuthenticationType.Contains(MNM.VpnAuthenticationType.Radius)) { if (radiusServerAddress == null || radiusServerSecret == null) { throw new ArgumentException("Both radius server address and secret must be specified if VpnAuthenticationType is being configured as Radius."); } vpnServerConfiguration.RadiusServerAddress = radiusServerAddress; vpnServerConfiguration.RadiusServerSecret = SecureStringExtensions.ConvertToString(radiusServerSecret); // Read the RadiusServerRootCertificates if present if (radiusServerRootCertificateFilesList != null) { vpnServerConfiguration.RadiusServerRootCertificates = new List <PSClientRootCertificate>(); foreach (string radiusServerRootCertPath in radiusServerRootCertificateFilesList) { X509Certificate2 RadiusServerRootCertificate = new X509Certificate2(radiusServerRootCertPath); PSClientRootCertificate radiusServerRootCert = new PSClientRootCertificate() { Name = Path.GetFileNameWithoutExtension(radiusServerRootCertPath), PublicCertData = Convert.ToBase64String(RadiusServerRootCertificate.Export(X509ContentType.Cert)) }; vpnServerConfiguration.RadiusServerRootCertificates.Add(radiusServerRootCert); } } // Read the RadiusClientRootCertificates if present if (radiusClientRootCertificateFilesList != null) { vpnServerConfiguration.RadiusClientRootCertificates = new List <PSClientCertificate>(); foreach (string radiusClientRootCertPath in radiusClientRootCertificateFilesList) { X509Certificate2 radiusClientRootCertificate = new X509Certificate2(radiusClientRootCertPath); PSClientCertificate radiusClientRootCert = new PSClientCertificate() { Name = Path.GetFileNameWithoutExtension(radiusClientRootCertPath), Thumbprint = radiusClientRootCertificate.Thumbprint }; vpnServerConfiguration.RadiusClientRootCertificates.Add(radiusClientRootCert); } } } // VpnAuthenticationType = AAD related validations. else if (vpnAuthenticationType.Contains(MNM.VpnAuthenticationType.AAD)) { if (aadTenant == null || aadAudience == null || aadIssuer == null) { throw new ArgumentException("All Aad tenant, Aad audience and Aad issuer must be specified if VpnAuthenticationType is being configured as AAD."); } vpnServerConfiguration.AadAuthenticationParameters = new PSAadAuthenticationParameters() { AadTenant = aadTenant, AadAudience = aadAudience, AadIssuer = aadIssuer }; } return(vpnServerConfiguration); }