Vault Credentials Client changes except the first time flow

Author: devsriMS

src/ServiceManagement/RecoveryServices/Commands.RecoveryServices/Commands.RecoveryServices.csproj

@@ -47,6 +47,9 @@
     <Prefer32Bit>false</Prefer32Bit>
   </PropertyGroup>
   <ItemGroup>
+    <Reference Include="Microsoft.Azure.RecoveryServices">
+      <HintPath>..\..\..\..\..\hydra-specs-pr\SiteRecovery\SiteRecovery.Tests\bin\Debug\Microsoft.Azure.RecoveryServices.dll</HintPath>
+    </Reference>
     <Reference Include="Microsoft.Threading.Tasks, Version=1.0.12.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=MSIL">
       <SpecificVersion>False</SpecificVersion>
       <HintPath>..\..\..\packages\Microsoft.Bcl.Async.1.0.168\lib\net40\Microsoft.Threading.Tasks.dll</HintPath>
@@ -75,6 +78,10 @@
       <SpecificVersion>False</SpecificVersion>
       <HintPath>..\..\..\packages\Newtonsoft.Json.6.0.4\lib\net45\Newtonsoft.Json.dll</HintPath>
     </Reference>
+    <Reference Include="Security.Cryptography, Version=1.6.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <SpecificVersion>False</SpecificVersion>
+      <HintPath>lib\Security.Cryptography.dll</HintPath>
+    </Reference>
     <Reference Include="System" />
     <Reference Include="System.Core" />
     <Reference Include="System.Management.Automation, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
@@ -103,10 +110,12 @@
   <ItemGroup>
     <Compile Include="lib\PSStorageObjects.cs" />
     <Compile Include="lib\PSNetworkObjects.cs" />
+    <Compile Include="lib\CertUtils.cs" />
     <Compile Include="lib\PSContracts.cs" />
     <Compile Include="lib\PSObjects.cs" />
     <Compile Include="lib\PSParameterSets.cs" />
     <Compile Include="lib\PSRecoveryPlanObjects.cs" />
+    <Compile Include="lib\Utilities.cs" />
     <Compile Include="Properties\Resources.Designer.cs">
       <AutoGen>True</AutoGen>
       <DesignTime>True</DesignTime>
@@ -116,6 +125,7 @@
     <Compile Include="PSRecoveryServicesClient\PSRecoveryServicesStorageMappingClient.cs" />
     <Compile Include="PSRecoveryServicesClient\PSRecoveryServicesNetworkMappingClient.cs" />
     <Compile Include="PSRecoveryServicesClient\PSRecoveryServicesNetworkClient.cs" />
+    <Compile Include="PSRecoveryServicesClient\PSRecoveryServicesVaultClient.cs" />
     <Compile Include="PSRecoveryServicesClient\PSRecoveryServicesVMGroupClient.cs" />
     <Compile Include="PSRecoveryServicesClient\PSRecoveryServicesPEClient.cs" />
     <Compile Include="PSRecoveryServicesClient\PSRecoveryServicesClient.cs">
@@ -138,6 +148,7 @@
     <Compile Include="Service\GetAzureSiteRecoveryNetwork.cs" />
     <Compile Include="Service\CreateAzureSiteRecoveryRecoveryPlan.cs" />
     <Compile Include="Service\GetAzureSiteRecoveryRecoveryPlanFile.cs" />
+    <Compile Include="Service\GetVaultCredentialsFile.cs" />
     <Compile Include="Service\RemoveAzureSiteRecoveryRecoveryPlan.cs" />
     <Compile Include="Service\GetAzureSiteRecoveryProtectionEntity.cs" />
     <Compile Include="Service\RestartAzureSiteRecoveryJob.cs" />
@@ -166,6 +177,7 @@
     </ProjectReference>
   </ItemGroup>
   <ItemGroup>
+    <Content Include="lib\Security.Cryptography.dll" />
     <Content Include="Microsoft.Azure.Commands.RecoveryServices.dll-help.xml">
       <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
     </Content>
@@ -181,6 +193,9 @@
     <None Include="MSSharedLibKey.snk" />
     <None Include="packages.config" />
   </ItemGroup>
+  <ItemGroup>
+    <WCFMetadata Include="Service References\" />
+  </ItemGroup>
   <Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
   <Import Project="$(SolutionDir)\.nuget\NuGet.targets" Condition="Exists('$(SolutionDir)\.nuget\NuGet.targets')" />
   <Target Name="EnsureNuGetPackageBuildImports" BeforeTargets="PrepareForBuild">

src/ServiceManagement/RecoveryServices/Commands.RecoveryServices/PSRecoveryServicesClient/PSRecoveryServicesClient.cs

@@ -184,8 +184,9 @@ public string GenerateAgentAuthenticationHeader(string clientRequestId)
         /// <summary>
         /// Gets request headers.
         /// </summary>
+        /// <param name="shouldSignRequest">specifies whether to sign the request or not</param>
         /// <returns>Custom request headers</returns>
-        public CustomRequestHeaders GetRequestHeaders()
+        public CustomRequestHeaders GetRequestHeaders(bool shouldSignRequest = true)
         {
             this.ClientRequestId = Guid.NewGuid().ToString() + "-" + DateTime.Now.ToUniversalTime().ToString("yyyy-MM-dd HH:mm:ssZ") + "-P";
 
@@ -194,7 +195,7 @@ public CustomRequestHeaders GetRequestHeaders()
                 // ClientRequestId is a unique ID for every request to Azure Site Recovery.
                 // It is useful when diagnosing failures in API calls.
                 ClientRequestId = this.ClientRequestId,
-                AgentAuthenticationHeader = this.GenerateAgentAuthenticationHeader(this.ClientRequestId)
+                AgentAuthenticationHeader = shouldSignRequest ? this.GenerateAgentAuthenticationHeader(this.ClientRequestId) : ""
             };
         }
 

src/ServiceManagement/RecoveryServices/Commands.RecoveryServices/PSRecoveryServicesClient/PSRecoveryServicesVaultClient.cs

@@ -0,0 +1,61 @@
+// ----------------------------------------------------------------------------------
+//
+// Copyright Microsoft Corporation
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+// http://www.apache.org/licenses/LICENSE-2.0
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+// ----------------------------------------------------------------------------------
+
+using System;
+using System.Threading.Tasks;
+using Microsoft.WindowsAzure;
+using Microsoft.WindowsAzure.Management.SiteRecovery;
+using Microsoft.WindowsAzure.Management.SiteRecovery.Models;
+
+namespace Microsoft.Azure.Commands.RecoveryServices
+{
+    /// <summary>
+    /// Recovery services convenience client.
+    /// </summary>
+    public partial class PSRecoveryServicesClient
+    {
+        /// <summary>
+        /// Gets Vault Extended Information
+        /// </summary>
+        /// <returns>ResourceExtendedInformationResponse</returns>
+        public async Task<ResourceExtendedInformation> GetExtendedInfo()
+        {
+            ResourceExtendedInformationResponse response = await this.GetSiteRecoveryClient().Vaults.GetExtendedInfoAsync(this.GetRequestHeaders(false));
+
+            return response.ResourceExtendedInformation;
+        }
+
+        /// <summary>
+        /// Creates the extended information for the vault
+        /// </summary>
+        /// <param name="extendedInfoArgs">extneded info to be created</param>
+        /// <returns>ResourceExtendedInformation</returns>
+        public async Task<ResourceExtendedInformation> CreateExtendedInfo(ResourceExtendedInformationArgs extendedInfoArgs)
+        {
+            ResourceExtendedInformationResponse response = await this.GetSiteRecoveryClient().Vaults.CreateExtendedInfoAsync(extendedInfoArgs, this.GetRequestHeaders(false));
+
+            return response.ResourceExtendedInformation;
+        }
+
+        /// <summary>
+        /// Updates the vault certificate
+        /// </summary>
+        /// <param name="args">the certificate update arguments</param>
+        /// <returns>UploadCertificateResponse</returns>
+        public async Task<UploadCertificateResponse> UpdateVaultCertificate(CertificateArgs args)
+        {
+            return await this.GetSiteRecoveryClient().Vaults.UploadCertificateAsync(args, this.GetRequestHeaders(false));
+        }
+    }
+}

src/ServiceManagement/RecoveryServices/Commands.RecoveryServices/Service/GetVaultCredentialsFile.cs

@@ -0,0 +1,194 @@
+// ----------------------------------------------------------------------------------
+//
+// Copyright Microsoft Corporation
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+// http://www.apache.org/licenses/LICENSE-2.0
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+// ----------------------------------------------------------------------------------
+
+using System;
+using System.Management.Automation;
+using System.Security.Cryptography.X509Certificates;
+using System.Threading.Tasks;
+using Microsoft.Azure.Commands.RecoveryServices.lib;
+using Microsoft.Azure.Commands.RecoveryServices.SiteRecovery;
+using Microsoft.Azure.Portal.HybridServicesCore;
+using Microsoft.Azure.Portal.RecoveryServices.Models.Common;
+using Microsoft.WindowsAzure.Management.SiteRecovery.Models;
+using Microsoft.WindowsAzure.Commands.Common;
+using Microsoft.WindowsAzure.Commands.Common.Models;
+
+namespace Microsoft.Azure.Commands.RecoveryServices
+{
+    /// <summary>
+    /// Retrieves Azure Site Recovery Server.
+    /// </summary>
+    [Cmdlet(VerbsCommon.Get, "AzureSiteRecoveryVaultCredential", DefaultParameterSetName = ASRParameterSets.Default)]
+    [OutputType(typeof(string))]
+    public class GetVaultCredentialsFile : RecoveryServicesCmdletBase
+    {
+        private const int VaultCertificateExpiryInHoursForHRM = 120;
+
+        #region Parameters
+
+        /// <summary>
+        /// Gets or sets the vault name
+        /// </summary>
+        [Parameter(ParameterSetName = ASRParameterSets.ByParam, HelpMessage = "Vault Name for which the cred file to be generated")]
+        [ValidateNotNullOrEmpty]
+        public string Name { get; set; }
+
+        /// <summary>
+        /// Gets or sets the vault name
+        /// </summary>
+        [Parameter(ParameterSetName = ASRParameterSets.ByParam, HelpMessage = "Vault Name for which the cred file to be generated")]
+        [ValidateNotNullOrEmpty]
+        // TODO: devsri - Remove this.
+        public string CloudServiceName { get; set; }
+
+        /// <summary>
+        /// Gets or sets the location of the vault
+        /// </summary>
+        [Parameter(ParameterSetName = ASRParameterSets.ByParam, HelpMessage = "Geo Name to which the vault belongs")]
+        [ValidateNotNullOrEmpty]
+        public string Geo { get; set; }
+
+        /// <summary>
+        /// Gets or sets the path where the credential file is to be generated
+        /// </summary>
+        [Parameter(ParameterSetName = ASRParameterSets.ByParam, Mandatory = false, HelpMessage = "The site name if the vault credentials to be downloaded for a Hyper-V sites.")]
+        public string SiteName { get; set; }
+
+        /// <summary>
+        /// Gets or sets the path where the credential file is to be generated
+        /// </summary>
+        [Parameter(ParameterSetName = ASRParameterSets.ByParam, Mandatory =false, HelpMessage = "The path where the vault credential file is to be created.")]
+        // TODO:devsri - add file path validator over here.
+        public string Path { get; set; }
+
+        #endregion Parameters
+
+        /// <summary>
+        /// ProcessRecord of the command.
+        /// </summary>
+        public override async void ExecuteCmdlet()
+        {
+            try
+            {
+                AzureSubscription subscription = AzureSession.CurrentContext.Subscription;
+
+                // Generate certificate
+                X509Certificate2 cert = CertUtils.CreateSelfSignedCertificate(VaultCertificateExpiryInHoursForHRM, subscription.Id.ToString(), this.Name);
+
+                Utilities.UpdateVaultSettings(new ASRVaultCreds()
+                {
+                    CloudServiceName = this.CloudServiceName,
+                    ResourceName = this.Name
+                });
+
+                // Upload certificate
+                UploadCertificateResponse acsDetails = await this.UpdateVaultCertificate(cert);
+
+                // Get Channel Integrity key
+                string channelIntegrityKey = await this.GetChannelIntegrityKey();
+
+                // Generate file.
+                ASRVaultCreds vaultCreds = this.GenerateCredential(
+                    subscription.Id.ToString(),
+                    this.Name,
+                    cert,
+                    acsDetails,
+                    channelIntegrityKey,
+                    this.CloudServiceName);
+
+                string filePath = string.IsNullOrEmpty(this.Path) ? Utilities.GetDefaultPath() : this.Path;
+                string fileName = this.GenerateFileName();
+
+                // write the content to a file.
+                Utilities.WriteToFile<ASRVaultCreds>(vaultCreds, filePath, fileName);
+            }
+            catch (Exception exception)
+            {
+                this.HandleException(exception);
+            }
+        }
+
+        private async Task<UploadCertificateResponse> UpdateVaultCertificate(X509Certificate2 cert)
+        {
+            var certificateArgs = new CertificateArgs()
+            {
+                Certificate = Convert.ToBase64String(cert.GetRawCertData()),
+                ContractVersion = "V2012_12"
+            };
+
+            UploadCertificateResponse response = await RecoveryServicesClient.UpdateVaultCertificate(certificateArgs);
+
+            return response;
+        }
+
+        private async Task<string> GetChannelIntegrityKey()
+        {
+            ResourceExtendedInformation extendedInformation;
+            try
+            {
+                extendedInformation = await RecoveryServicesClient.GetExtendedInfo();
+            }
+            catch (Exception)
+            {
+                //TODO:devsri - Handle specific error rather than generic once
+                extendedInformation = new ResourceExtendedInformation();
+            }
+
+            ResourceExtendedInfo extendedInfo = Utilities.Deserialize<ResourceExtendedInfo>(extendedInformation.ExtendedInfo);
+
+            if (extendedInfo == null)
+            {
+                ResourceExtendedInformationArgs extendedInfoArgs = extendedInfo.Translate();
+                extendedInformation = await RecoveryServicesClient.CreateExtendedInfo(extendedInfoArgs);
+
+                extendedInfo = Utilities.Deserialize<ResourceExtendedInfo>(extendedInformation.ExtendedInfo);
+            }
+
+            return extendedInfo.ChannelIntegrityKey;
+        }
+
+        private ASRVaultCreds GenerateCredential(string subscriptionId, string resourceName, X509Certificate2 managementCert, UploadCertificateResponse acsDetails, string channelIntegrityKey, string cloudServiceName)
+        {
+            string serializedCertifivate = Convert.ToBase64String(managementCert.Export(X509ContentType.Pfx));
+
+            AcsNamespace acsNamespace = new AcsNamespace(acsDetails);
+
+            ASRVaultCreds vaultCreds = new ASRVaultCreds(
+                                            subscriptionId,
+                                            resourceName,
+                                            serializedCertifivate,
+                                            acsNamespace,
+                                            channelIntegrityKey,
+                                            cloudServiceName);
+
+            return vaultCreds;
+        }
+
+        private string GenerateFileName()
+        {
+            string fileName;
+
+            if (string.IsNullOrEmpty(this.SiteName))
+            {
+                fileName = string.Format("{0}_{1}.VaultCredentials", this.Name, DateTime.UtcNow.ToLongDateString());
+            }
+            else
+            {
+                fileName = string.Format("{0}_{1}_{2}.VaultCredentials", this.SiteName, this.Name, DateTime.UtcNow.ToLongDateString());
+            }
+
+            return fileName;
+        }
+    }
+}