/// <summary>
/// Method to generate the credential file content
/// </summary>
/// <param name="managementCert">management cert</param>
/// <param name="acsDetails">ACS details</param>
/// <param name="channelIntegrityKey">Integrity key</param>
/// <param name="vault">vault object</param>
/// <param name="site">site object</param>
/// <returns>vault credential object</returns>
private ASRVaultCreds GenerateCredentialObject(
X509Certificate2 managementCert,
VaultCertificateResponse acsDetails,
string channelIntegrityKey,
ARSVault vault,
ASRSite site)
{
string serializedCertificate = Convert.ToBase64String(managementCert.Export(X509ContentType.Pfx));
AcsNamespace acsNamespace = new AcsNamespace(acsDetails.Properties as ResourceCertificateAndAcsDetails);
string resourceProviderNamespace = string.Empty;
string resourceType = string.Empty;
Utilities.GetResourceProviderNamespaceAndType(vault.ID, out resourceProviderNamespace, out resourceType);
ASRVaultCreds vaultCreds = new ASRVaultCreds(
vault.SubscriptionId,
vault.Name,
serializedCertificate,
acsNamespace,
channelIntegrityKey,
vault.ResourceGroupName,
site.ID,
site.Name,
resourceProviderNamespace,
resourceType,
vault.Location);
return(vaultCreds);
}
/// <summary>
/// Set Azure Recovery Services Vault context.
/// </summary>
private void SetARSVaultContext(ARSVault arsVault)
{
try
{
using (System.Management.Automation.PowerShell powerShell = System.Management.Automation.PowerShell.Create())
{
Collection<PSObject> result =
powerShell
.AddCommand("Get-AzureRmRecoveryServicesVaultSettingsFile")
.AddParameter("Vault", arsVault)
.Invoke();
string vaultSettingspath = (string)result[0].Members["FilePath"].Value;
powerShell.Commands.Clear();
result =
powerShell
.AddCommand("Import-AzureRmSiteRecoveryVaultSettingsFile")
.AddParameter("Path", vaultSettingspath)
.Invoke();
WriteObject(result);
powerShell.Commands.Clear();
}
}
catch (InvalidOperationException e)
{
WriteDebug(e.Message);
}
}
/// <summary>
/// Changes the Vault context
/// </summary>
/// <param name="vault">vault object</param>
/// <returns>credential object</returns>
public ASRVaultCreds ChangeVaultContext(ARSVault vault)
{
string resourceProviderNamespace = string.Empty;
string resourceType = string.Empty;
Utilities.GetResourceProviderNamespaceAndType(vault.ID, out resourceProviderNamespace, out resourceType);
Utilities.UpdateCurrentVaultContext(new ASRVaultCreds()
{
ResourceGroupName = vault.ResourceGroupName,
ResourceName = vault.Name,
ResourceNamespace = resourceProviderNamespace,
ARMResourceType = resourceType
});
// Get Channel Integrity key
string getChannelIntegrityKey = this.GetCurrentVaultChannelIntegrityKey();
// Update vault settings along with Channel integrity key
Utilities.UpdateCurrentVaultContext(new ASRVaultCreds()
{
ResourceGroupName = vault.ResourceGroupName,
ResourceName = vault.Name,
ChannelIntegrityKey = getChannelIntegrityKey,
ResourceNamespace = resourceProviderNamespace,
ARMResourceType = resourceType
});
return(arsVaultCreds);
}
/// <summary>
/// Gets the vault credential object
/// </summary>
/// <param name="managementCert">certificate to be uploaded</param>
/// <param name="vault">vault object</param>
/// <param name="site">site object</param>
/// <param name="authType">authentication type</param>
/// <returns>credential object</returns>
public ASRVaultCreds GenerateVaultCredential(
X509Certificate2 managementCert,
ARSVault vault,
ASRSite site,
string authType)
{
ASRVaultCreds currentVaultContext = PSRecoveryServicesClient.arsVaultCreds;
string resourceProviderNamespace = string.Empty;
string resourceType = string.Empty;
Utilities.GetResourceProviderNamespaceAndType(vault.ID, out resourceProviderNamespace, out resourceType);
Logger.Instance.WriteDebug(string.Format(
"GenerateVaultCredential resourceProviderNamespace = {0}, resourceType = {1}",
resourceProviderNamespace,
resourceType));
// Update vault settings with the working vault to generate file
Utilities.UpdateCurrentVaultContext(new ASRVaultCreds()
{
ResourceGroupName = vault.ResourceGroupName,
ResourceName = vault.Name,
ResourceNamespace = resourceProviderNamespace,
ARMResourceType = resourceType
});
// Get Channel Integrity key
string channelIntegrityKey;
string getChannelIntegrityKey = this.GetCurrentVaultChannelIntegrityKey();
// Making sure we can generate the file, once the SDK and portal are inter-operable
// upload certificate and fetch of ACIK can be made parallel to improvve the performace.
// Upload certificate
VaultCertificateResponse uploadCertificate = this.UpdateVaultCertificate(
managementCert,
authType);
channelIntegrityKey = getChannelIntegrityKey;
ASRVaultCreds arsVaultCreds = this.GenerateCredentialObject(
managementCert,
uploadCertificate,
channelIntegrityKey,
vault,
site);
// Update back the original vault settings
Utilities.UpdateCurrentVaultContext(currentVaultContext);
return(arsVaultCreds);
}
/// <summary>
/// Gets the vault credential object
/// </summary>
/// <param name="managementCert">certificate to be uploaded</param>
/// <param name="vault">vault object</param>
/// <returns>credential object</returns>
public ASRVaultCreds GenerateVaultCredential(X509Certificate2 managementCert, ARSVault vault, ASRSite site)
{
ASRVaultCreds currentVaultContext = PSRecoveryServicesClient.arsVaultCreds;
string resourceProviderNamespace = string.Empty;
string resourceType = string.Empty;
Utilities.GetResourceProviderNamespaceAndType(vault.ID, out resourceProviderNamespace, out resourceType);
// Update vault settings with the working vault to generate file
Utilities.UpdateCurrentVaultContext(new ASRVaultCreds()
{
ResourceGroupName = vault.ResourceGroupName,
ResourceName = vault.Name,
ResourceNamespace = resourceProviderNamespace,
ARMResourceType = resourceType
});
// Get Channel Integrity key
string channelIntegrityKey;
Task<string> getChannelIntegrityKey = this.GetChannelIntegrityKey();
// Making sure we can generate the file, once the SDK and portal are inter-operable
// upload certificate and fetch of ACIK can be made parallel to improvve the performace.
getChannelIntegrityKey.Wait();
// Upload certificate
UploadCertificateResponse acsDetails;
Task<UploadCertificateResponse> uploadCertificate = this.UpdateVaultCertificate(managementCert);
uploadCertificate.Wait();
acsDetails = uploadCertificate.Result;
channelIntegrityKey = getChannelIntegrityKey.Result;
ASRVaultCreds arsVaultCreds = this.GenerateCredentialObject(
managementCert,
acsDetails,
channelIntegrityKey,
vault,
site);
// Update back the original vault settings
Utilities.UpdateCurrentVaultContext(currentVaultContext);
return arsVaultCreds;
}
/// <summary>
/// Updates current Vault context.
/// </summary>
/// <param name="arsVault">ARS Vault</param>
public static void UpdateCurrentVaultContext(ARSVault arsVault)
{
PSRecoveryServicesClient.arsVault = arsVault;
}
/// <summary>
/// Upload cert to idmgmt
/// </summary>
/// <param name="managementCert">certificate to be uploaded</param>
/// <param name="vault">vault object</param>
/// <returns>Upload Certificate Response</returns>
public VaultCertificateResponse UploadCertificate(X509Certificate2 managementCert, ARSVault vault)
{
var certificateArgs = new CertificateRequest();
certificateArgs.Properties = new RawCertificateData();
certificateArgs.Properties.Certificate = managementCert.GetRawCertData();
certificateArgs.Properties.AuthType = AuthType.AAD;
return(GetRecoveryServicesClient.VaultCertificates.CreateWithHttpMessagesAsync(
vault.ResourceGroupName,
vault.Name,
managementCert.FriendlyName,
certificateArgs.Properties,
GetRequestHeaders()).Result.Body);
}
/// <summary>
/// Method to generate the credential file content
/// </summary>
/// <param name="managementCert">management cert</param>
/// <param name="acsDetails">ACS details</param>
/// <param name="channelIntegrityKey">Integrity key</param>
/// <param name="vault">vault object</param>
/// <param name="site">site object</param>
/// <returns>vault credential object</returns>
private ASRVaultCreds GenerateCredentialObject(X509Certificate2 managementCert, UploadCertificateResponse acsDetails, string channelIntegrityKey, ARSVault vault, ASRSite site)
{
string serializedCertifivate = Convert.ToBase64String(managementCert.Export(X509ContentType.Pfx));
AcsNamespace acsNamespace = new AcsNamespace(acsDetails);
string resourceProviderNamespace = string.Empty;
string resourceType = string.Empty;
Utilities.GetResourceProviderNamespaceAndType(vault.ID, out resourceProviderNamespace, out resourceType);
ASRVaultCreds vaultCreds = new ASRVaultCreds(
vault.SubscriptionId,
vault.Name,
serializedCertifivate,
acsNamespace,
channelIntegrityKey,
vault.ResourceGroupName,
site.ID,
site.Name,
resourceProviderNamespace,
resourceType,
vault.Location);
return vaultCreds;
}
/// <summary>
/// Changes the Vault context
/// </summary>
/// <param name="vault">vault object</param>
/// <returns>credential object</returns>
public ASRVaultCreds ChangeVaultContext(ARSVault vault)
{
string resourceProviderNamespace = string.Empty;
string resourceType = string.Empty;
Utilities.GetResourceProviderNamespaceAndType(vault.ID, out resourceProviderNamespace, out resourceType);
Utilities.UpdateCurrentVaultContext(new ASRVaultCreds()
{
ResourceGroupName = vault.ResourceGroupName,
ResourceName = vault.Name,
ResourceNamespace = resourceProviderNamespace,
ARMResourceType= resourceType
});
// Get Channel Integrity key
Task<string> getChannelIntegrityKey = this.GetChannelIntegrityKey();
getChannelIntegrityKey.Wait();
// Update vault settings along with Channel integrity key
Utilities.UpdateCurrentVaultContext(new ASRVaultCreds()
{
ResourceGroupName = vault.ResourceGroupName,
ResourceName = vault.Name,
ChannelIntegrityKey = getChannelIntegrityKey.Result,
ResourceNamespace = resourceProviderNamespace,
ARMResourceType = resourceType
});
return arsVaultCreds;
}
/// <summary>
/// Upload cert to idmgmt
/// </summary>
/// <param name="managementCert">certificate to be uploaded</param>
/// <param name="vault">vault object</param>
/// <returns>Upload Certificate Response</returns>
public UploadCertificateResponse UploadCertificate(X509Certificate2 managementCert, ARSVault vault)
{
var certificateArgs = new CertificateArgs();
certificateArgs.Properties = new Dictionary<string, string>();
certificateArgs.Properties.Add("certificate", Convert.ToBase64String(managementCert.GetRawCertData()));
var response = this.recoveryServicesClient.VaultExtendedInfo.UploadCertificateAsync(
vault.ResourceGroupName,
vault.Name,
certificateArgs, managementCert.FriendlyName,
this.GetRequestHeaders());
response.Wait();
return response.Result;
}
/// <summary>
/// Gets the vault credential object
/// </summary>
/// <param name="managementCert">certificate to be uploaded</param>
/// <param name="vault">vault object</param>
/// <returns>credential object</returns>
public ASRVaultCreds GenerateVaultCredential(X509Certificate2 managementCert, ARSVault vault, ASRSite site)
{
ASRVaultCreds currentVaultContext = PSRecoveryServicesClient.asrVaultCreds;
string resourceProviderNamespace = string.Empty;
string resourceType = string.Empty;
Utilities.GetResourceProviderNamespaceAndType(vault.ID, out resourceProviderNamespace, out resourceType);
// Update vault settings with the working vault to generate file
Utilities.UpdateCurrentVaultContext(new ASRVaultCreds()
{
ResourceGroupName = vault.ResouceGroupName,
ResourceName = vault.Name,
ResourceNamespace = resourceProviderNamespace,
ARMResourceType = resourceType
});
// Get Channel Integrity key
string channelIntegrityKey;
Task <string> getChannelIntegrityKey = this.GetChannelIntegrityKey();
// Making sure we can generate the file, once the SDK and portal are inter-operable
// upload certificate and fetch of ACIK can be made parallel to improvve the performace.
getChannelIntegrityKey.Wait();
// Upload certificate
UploadCertificateResponse acsDetails;
Task <UploadCertificateResponse> uploadCertificate = this.UpdateVaultCertificate(managementCert);
uploadCertificate.Wait();
acsDetails = uploadCertificate.Result;
channelIntegrityKey = getChannelIntegrityKey.Result;
ASRVaultCreds asrVaultCreds = this.GenerateCredentialObject(
managementCert,
acsDetails,
channelIntegrityKey,
vault,
site);
// Update back the original vault settings
Utilities.UpdateCurrentVaultContext(currentVaultContext);
return(asrVaultCreds);
}
/// <summary>
/// Upload cert to idmgmt
/// </summary>
/// <param name="managementCert">certificate to be uploaded</param>
/// <param name="vault">vault object</param>
/// <returns>Upload Certificate Response</returns>
public UploadCertificateResponse UploadCertificate(X509Certificate2 managementCert, ARSVault vault)
{
var certificateArgs = new CertificateArgs();
certificateArgs.Properties = new Dictionary <string, string>();
certificateArgs.Properties.Add("certificate", Convert.ToBase64String(managementCert.GetRawCertData()));
var response = this.recoveryServicesClient.VaultExtendedInfo.UploadCertificateAsync(
vault.ResouceGroupName,
vault.Name,
certificateArgs, managementCert.FriendlyName,
this.GetRequestHeaders());
response.Wait();
return(response.Result);
}
