public override void Execute()
{
base.Execute();
PSVpnServerConfiguration vpnServerConfigurationToUpdate = null;
if (ParameterSetName.Contains(CortexParameterSetNames.ByVpnServerConfigurationObject))
{
vpnServerConfigurationToUpdate = this.InputObject;
this.ResourceGroupName = this.InputObject.ResourceGroupName;
this.Name = this.InputObject.Name;
}
else
{
if (ParameterSetName.Contains(CortexParameterSetNames.ByVpnServerConfigurationResourceId))
{
var parsedResourceId = new ResourceIdentifier(this.ResourceId);
this.Name = parsedResourceId.ResourceName;
this.ResourceGroupName = parsedResourceId.ResourceGroupName;
}
vpnServerConfigurationToUpdate = this.GetVpnServerConfiguration(this.ResourceGroupName, this.Name);
}
if (vpnServerConfigurationToUpdate == null)
{
throw new PSArgumentException(Properties.Resources.VpnServerConfigurationNotFound);
}
if (this.VpnProtocol != null)
{
vpnServerConfigurationToUpdate.VpnProtocols = new List <string>(this.VpnProtocol);
}
if (this.VpnAuthenticationType != null)
{
vpnServerConfigurationToUpdate.VpnAuthenticationTypes = new List <string>(this.VpnAuthenticationType);
}
if (this.VpnClientIpsecPolicy != null && VpnClientIpsecPolicy.Length != 0)
{
vpnServerConfigurationToUpdate.VpnClientIpsecPolicies = new List <PSIpsecPolicy>(this.VpnClientIpsecPolicy);
}
// Modify the vpnServerConfigurationPolicyGroups
if (this.ConfigurationPolicyGroup != null)
{
vpnServerConfigurationToUpdate.ConfigurationPolicyGroups = new List <PSVpnServerConfigurationPolicyGroup>();
vpnServerConfigurationToUpdate.ConfigurationPolicyGroups.AddRange(this.ConfigurationPolicyGroup);
}
// VpnAuthenticationType = Certificate related validations.
if (vpnServerConfigurationToUpdate.VpnAuthenticationTypes == null ||
(vpnServerConfigurationToUpdate.VpnAuthenticationTypes != null && vpnServerConfigurationToUpdate.VpnAuthenticationTypes.Contains(MNM.VpnAuthenticationType.Certificate)))
{
// Read the VpnClientRootCertificates if present
if (this.VpnClientRootCertificateFilesList != null)
{
vpnServerConfigurationToUpdate.VpnClientRootCertificates = new List <PSClientRootCertificate>();
foreach (string vpnClientRootCertPath in this.VpnClientRootCertificateFilesList)
{
X509Certificate2 VpnClientRootCertificate = new X509Certificate2(vpnClientRootCertPath);
PSClientRootCertificate vpnClientRootCert = new PSClientRootCertificate()
{
Name = Path.GetFileNameWithoutExtension(vpnClientRootCertPath),
PublicCertData = Convert.ToBase64String(VpnClientRootCertificate.Export(X509ContentType.Cert))
};
vpnServerConfigurationToUpdate.VpnClientRootCertificates.Add(vpnClientRootCert);
}
}
// Read the VpnClientRevokedCertificates if present
if (this.VpnClientRevokedCertificateFilesList != null)
{
vpnServerConfigurationToUpdate.VpnClientRevokedCertificates = new List <PSClientCertificate>();
foreach (string vpnClientRevokedCertPath in this.VpnClientRevokedCertificateFilesList)
{
X509Certificate2 vpnClientRevokedCertificate = new X509Certificate2(vpnClientRevokedCertPath);
PSClientCertificate vpnClientRevokedCert = new PSClientCertificate()
{
Name = Path.GetFileNameWithoutExtension(vpnClientRevokedCertPath),
Thumbprint = vpnClientRevokedCertificate.Thumbprint
};
vpnServerConfigurationToUpdate.VpnClientRevokedCertificates.Add(vpnClientRevokedCert);
}
}
}
else
{
vpnServerConfigurationToUpdate.VpnClientRevokedCertificates = null;
vpnServerConfigurationToUpdate.VpnClientRootCertificates = null;
}
if (vpnServerConfigurationToUpdate.VpnAuthenticationTypes != null)
{
if (vpnServerConfigurationToUpdate.VpnAuthenticationTypes.Contains(MNM.VpnAuthenticationType.Radius))
{
if ((this.RadiusServerList != null && this.RadiusServerList.Count() > 0) && (this.RadiusServerAddress != null || this.RadiusServerSecret != null))
{
throw new ArgumentException("Cannot configure both singular radius server and multiple radius servers at the same time.");
}
if (this.RadiusServerList != null && this.RadiusServerList.Count() > 0)
{
vpnServerConfigurationToUpdate.RadiusServers = this.RadiusServerList.ToList();
vpnServerConfigurationToUpdate.RadiusServerAddress = null;
vpnServerConfigurationToUpdate.RadiusServerSecret = null;
}
else
{
if (this.RadiusServerAddress != null)
{
vpnServerConfigurationToUpdate.RadiusServerAddress = this.RadiusServerAddress;
}
if (this.RadiusServerSecret != null)
{
vpnServerConfigurationToUpdate.RadiusServerSecret = SecureStringExtensions.ConvertToString(this.RadiusServerSecret);
}
vpnServerConfigurationToUpdate.RadiusServers = null;
}
// Read the RadiusServerRootCertificates if present
if (this.RadiusServerRootCertificateFilesList != null)
{
vpnServerConfigurationToUpdate.RadiusServerRootCertificates = new List <PSClientRootCertificate>();
foreach (string radiusServerRootCertPath in this.RadiusServerRootCertificateFilesList)
{
X509Certificate2 RadiusServerRootCertificate = new X509Certificate2(radiusServerRootCertPath);
PSClientRootCertificate radiusServerRootCert = new PSClientRootCertificate()
{
Name = Path.GetFileNameWithoutExtension(radiusServerRootCertPath),
PublicCertData = Convert.ToBase64String(RadiusServerRootCertificate.Export(X509ContentType.Cert))
};
vpnServerConfigurationToUpdate.RadiusServerRootCertificates.Add(radiusServerRootCert);
}
}
// Read the RadiusClientRootCertificates if present
if (this.RadiusClientRootCertificateFilesList != null)
{
vpnServerConfigurationToUpdate.RadiusClientRootCertificates = new List <PSClientCertificate>();
foreach (string radiusClientRootCertPath in this.RadiusClientRootCertificateFilesList)
{
X509Certificate2 radiusClientRootCertificate = new X509Certificate2(radiusClientRootCertPath);
PSClientCertificate radiusClientRootCert = new PSClientCertificate()
{
Name = Path.GetFileNameWithoutExtension(radiusClientRootCertPath),
Thumbprint = radiusClientRootCertificate.Thumbprint
};
vpnServerConfigurationToUpdate.RadiusClientRootCertificates.Add(radiusClientRootCert);
}
}
}
else
{
vpnServerConfigurationToUpdate.RadiusServerAddress = null;
vpnServerConfigurationToUpdate.RadiusServerSecret = null;
vpnServerConfigurationToUpdate.RadiusClientRootCertificates = null;
vpnServerConfigurationToUpdate.RadiusServerRootCertificates = null;
vpnServerConfigurationToUpdate.RadiusServers = null;
}
if (vpnServerConfigurationToUpdate.VpnAuthenticationTypes.Contains(MNM.VpnAuthenticationType.AAD))
{
if (vpnServerConfigurationToUpdate.AadAuthenticationParameters == null)
{
vpnServerConfigurationToUpdate.AadAuthenticationParameters = new PSAadAuthenticationParameters();
}
if ((this.AadTenant == null && vpnServerConfigurationToUpdate.AadAuthenticationParameters.AadTenant == null) ||
(this.AadAudience == null && vpnServerConfigurationToUpdate.AadAuthenticationParameters.AadAudience == null) ||
(this.AadIssuer == null && vpnServerConfigurationToUpdate.AadAuthenticationParameters.AadIssuer == null))
{
throw new ArgumentException("All Aad tenant, Aad audience and Aad issuer must be specified if VpnAuthenticationType is being configured as AAD.");
}
if (this.AadTenant != null)
{
vpnServerConfigurationToUpdate.AadAuthenticationParameters.AadTenant = this.AadTenant;
}
if (this.AadAudience != null)
{
vpnServerConfigurationToUpdate.AadAuthenticationParameters.AadAudience = this.AadAudience;
}
if (this.AadIssuer != null)
{
vpnServerConfigurationToUpdate.AadAuthenticationParameters.AadIssuer = this.AadIssuer;
}
}
else
{
vpnServerConfigurationToUpdate.AadAuthenticationParameters = null;
}
}
ConfirmAction(
Properties.Resources.SettingResourceMessage,
this.Name,
() =>
{
WriteVerbose(String.Format(Properties.Resources.UpdatingLongRunningOperationMessage, this.ResourceGroupName, this.Name));
WriteObject(this.CreateOrUpdateVpnServerConfiguration(this.ResourceGroupName, this.Name, vpnServerConfigurationToUpdate, this.Tag));
});
}
public PSVpnServerConfiguration CreateVpnServerConfigurationObject(
PSVpnServerConfiguration vpnServerConfiguration,
string[] vpnProtocol,
string[] vpnAuthenticationType,
string[] vpnClientRootCertificateFilesList,
string[] vpnClientRevokedCertificateFilesList,
string radiusServerAddress,
SecureString radiusServerSecret,
string[] radiusServerRootCertificateFilesList,
string[] radiusClientRootCertificateFilesList,
string aadTenant,
string aadAudience,
string aadIssuer,
PSIpsecPolicy[] vpnClientIpsecPolicy)
{
if (vpnProtocol != null)
{
vpnServerConfiguration.VpnProtocols = new List <string>(vpnProtocol);
}
if (vpnAuthenticationType != null)
{
vpnServerConfiguration.VpnAuthenticationTypes = new List <string>(vpnAuthenticationType);
}
if (vpnClientIpsecPolicy != null && vpnClientIpsecPolicy.Length != 0)
{
vpnServerConfiguration.VpnClientIpsecPolicies = new List <PSIpsecPolicy>(vpnClientIpsecPolicy);
}
// VpnAuthenticationType = Certificate related validations.
if (vpnAuthenticationType == null ||
(vpnAuthenticationType != null && vpnAuthenticationType.Contains(MNM.VpnAuthenticationType.Certificate)))
{
// Read the VpnClientRootCertificates if present
if (vpnClientRootCertificateFilesList != null)
{
vpnServerConfiguration.VpnClientRootCertificates = new List <PSClientRootCertificate>();
foreach (string vpnClientRootCertPath in vpnClientRootCertificateFilesList)
{
X509Certificate2 VpnClientRootCertificate = new X509Certificate2(vpnClientRootCertPath);
PSClientRootCertificate vpnClientRootCert = new PSClientRootCertificate()
{
Name = Path.GetFileNameWithoutExtension(vpnClientRootCertPath),
PublicCertData = Convert.ToBase64String(VpnClientRootCertificate.Export(X509ContentType.Cert))
};
vpnServerConfiguration.VpnClientRootCertificates.Add(vpnClientRootCert);
}
}
// Read the VpnClientRevokedCertificates if present
if (vpnClientRevokedCertificateFilesList != null)
{
vpnServerConfiguration.VpnClientRevokedCertificates = new List <PSClientCertificate>();
foreach (string vpnClientRevokedCertPath in vpnClientRevokedCertificateFilesList)
{
X509Certificate2 vpnClientRevokedCertificate = new X509Certificate2(vpnClientRevokedCertPath);
PSClientCertificate vpnClientRevokedCert = new PSClientCertificate()
{
Name = Path.GetFileNameWithoutExtension(vpnClientRevokedCertPath),
Thumbprint = vpnClientRevokedCertificate.Thumbprint
};
vpnServerConfiguration.VpnClientRevokedCertificates.Add(vpnClientRevokedCert);
}
}
}
// VpnAuthenticationType = Radius related validations.
else if (vpnAuthenticationType.Contains(MNM.VpnAuthenticationType.Radius))
{
if (radiusServerAddress == null || radiusServerSecret == null)
{
throw new ArgumentException("Both radius server address and secret must be specified if VpnAuthenticationType is being configured as Radius.");
}
vpnServerConfiguration.RadiusServerAddress = radiusServerAddress;
vpnServerConfiguration.RadiusServerSecret = SecureStringExtensions.ConvertToString(radiusServerSecret);
// Read the RadiusServerRootCertificates if present
if (radiusServerRootCertificateFilesList != null)
{
vpnServerConfiguration.RadiusServerRootCertificates = new List <PSClientRootCertificate>();
foreach (string radiusServerRootCertPath in radiusServerRootCertificateFilesList)
{
X509Certificate2 RadiusServerRootCertificate = new X509Certificate2(radiusServerRootCertPath);
PSClientRootCertificate radiusServerRootCert = new PSClientRootCertificate()
{
Name = Path.GetFileNameWithoutExtension(radiusServerRootCertPath),
PublicCertData = Convert.ToBase64String(RadiusServerRootCertificate.Export(X509ContentType.Cert))
};
vpnServerConfiguration.RadiusServerRootCertificates.Add(radiusServerRootCert);
}
}
// Read the RadiusClientRootCertificates if present
if (radiusClientRootCertificateFilesList != null)
{
vpnServerConfiguration.RadiusClientRootCertificates = new List <PSClientCertificate>();
foreach (string radiusClientRootCertPath in radiusClientRootCertificateFilesList)
{
X509Certificate2 radiusClientRootCertificate = new X509Certificate2(radiusClientRootCertPath);
PSClientCertificate radiusClientRootCert = new PSClientCertificate()
{
Name = Path.GetFileNameWithoutExtension(radiusClientRootCertPath),
Thumbprint = radiusClientRootCertificate.Thumbprint
};
vpnServerConfiguration.RadiusClientRootCertificates.Add(radiusClientRootCert);
}
}
}
// VpnAuthenticationType = AAD related validations.
else if (vpnAuthenticationType.Contains(MNM.VpnAuthenticationType.AAD))
{
if (aadTenant == null || aadAudience == null || aadIssuer == null)
{
throw new ArgumentException("All Aad tenant, Aad audience and Aad issuer must be specified if VpnAuthenticationType is being configured as AAD.");
}
vpnServerConfiguration.AadAuthenticationParameters = new PSAadAuthenticationParameters()
{
AadTenant = aadTenant,
AadAudience = aadAudience,
AadIssuer = aadIssuer
};
}
return(vpnServerConfiguration);
}
