Enabling the first time scenario for vault credentials

Author: devsriMS

src/ServiceManagement/RecoveryServices/Commands.RecoveryServices/PSRecoveryServicesClient/PSRecoveryServicesVaultExtendedInfoClient.cs

@@ -39,11 +39,9 @@ public async Task<ResourceExtendedInformation> GetExtendedInfo()
         /// </summary>
         /// <param name="extendedInfoArgs">extended info to be created</param>
         /// <returns>Vault Extended Information</returns>
-        public async Task<ResourceExtendedInformation> CreateExtendedInfo(ResourceExtendedInformationArgs extendedInfoArgs)
+        public OperationResponse CreateExtendedInfo(ResourceExtendedInformationArgs extendedInfoArgs)
         {
-            ResourceExtendedInformationResponse response = await this.GetSiteRecoveryClient().VaultExtendedInfo.CreateExtendedInfoAsync(extendedInfoArgs, this.GetRequestHeaders(false));
-
-            return response.ResourceExtendedInformation;
+            return this.GetSiteRecoveryClient().VaultExtendedInfo.CreateExtendedInfo(extendedInfoArgs, this.GetRequestHeaders(false));
         }
     }
 }

src/ServiceManagement/RecoveryServices/Commands.RecoveryServices/Service/GetVaultCredentialsFile.cs

@@ -14,15 +14,18 @@
 
 using System;
 using System.Management.Automation;
+using System.Net;
 using System.Security.Cryptography.X509Certificates;
 using System.Threading.Tasks;
 using Microsoft.Azure.Commands.RecoveryServices.SiteRecovery;
 using Microsoft.Azure.Portal.HybridServicesCore;
 using Microsoft.Azure.Portal.RecoveryServices.Models.Common;
+using Microsoft.WindowsAzure;
 using Microsoft.WindowsAzure.Commands.Common;
 using Microsoft.WindowsAzure.Commands.Common.Models;
 using Microsoft.WindowsAzure.Management.RecoveryServices.Models;
 using Microsoft.WindowsAzure.Management.SiteRecovery.Models;
+using rpError = Microsoft.Azure.Commands.RecoveryServices.RestApiInfra;
 
 namespace Microsoft.Azure.Commands.RecoveryServices
 {
@@ -166,30 +169,64 @@ private async Task<UploadCertificateResponse> UpdateVaultCertificate(X509Certifi
         /// <returns>key as string.</returns>
         private async Task<string> GetChannelIntegrityKey()
         {
-            ResourceExtendedInformation extendedInformation;
+            ResourceExtendedInformation extendedInformation = null;
             try
             {
                 extendedInformation = await RecoveryServicesClient.GetExtendedInfo();
             }
-            catch (Exception)
+            catch (Exception exception)
             {
-                // TODO:devsri - Handle specific error rather than generic once
-                extendedInformation = new ResourceExtendedInformation();
+                try
+                {
+                    CloudException cloudException = exception as CloudException;
+
+                    if (cloudException != null && cloudException.Response != null && !string.IsNullOrEmpty(cloudException.Response.Content))
+                    {
+                        rpError.Error error = (rpError.Error)Utilities.Deserialize<rpError.Error>(cloudException.Response.Content);
+                        if (error.ErrorCode.Equals(RpErrorCode.ResourceExtendedInfoNotFound.ToString(), StringComparison.InvariantCultureIgnoreCase))
+                        {
+                            extendedInformation = new ResourceExtendedInformation();
+                        }
+                    }
+                }
+                catch (Exception ex)
+                {
+                    this.HandleException(ex);
+                }
             }
 
             ResourceExtendedInfo extendedInfo = Utilities.Deserialize<ResourceExtendedInfo>(extendedInformation.ExtendedInfo);
 
             if (extendedInfo == null)
             {
-                ResourceExtendedInformationArgs extendedInfoArgs = extendedInfo.Translate();
-                extendedInformation = await RecoveryServicesClient.CreateExtendedInfo(extendedInfoArgs);
-
-                extendedInfo = Utilities.Deserialize<ResourceExtendedInfo>(extendedInformation.ExtendedInfo);
+                extendedInfo = this.CreateVaultExtendedInformatino();
             }
 
             return extendedInfo.ChannelIntegrityKey;
         }
 
+        /// <summary>
+        /// Method to create the extended info for the vault.
+        /// </summary>
+        /// <returns>returns the object as task</returns>
+        private ResourceExtendedInfo CreateVaultExtendedInformatino()
+        {
+            ResourceExtendedInfo extendedInfo = null;
+            try
+            {
+                extendedInfo = new ResourceExtendedInfo();
+                extendedInfo.GenerateSecurityInfo();
+                ResourceExtendedInformationArgs extendedInfoArgs = extendedInfo.Translate();
+                RecoveryServicesClient.CreateExtendedInfo(extendedInfoArgs);
+            }
+            catch (Exception exception)
+            {
+                this.HandleException(exception);
+            }
+
+            return extendedInfo;
+        }
+
         /// <summary>
         /// Method to generate the credential file content
         /// </summary>

src/ServiceManagement/RecoveryServices/Commands.RecoveryServices/lib/Microsoft.Azure.RecoveryServices.dll

@@ -79,6 +79,48 @@ public enum VaultStatus
         Removing
     }
 
+    /// <summary>
+    /// The types of crypto algorithms
+    /// </summary>
+    public enum CryptoAlgorithm
+    {
+        /// <summary>
+        /// The asymmetric key based RSA 2048 algorithm.
+        /// </summary>
+        RSAPKCS1V17,
+
+        /// <summary>
+        /// The asymmetric key based RSA 2048 algorithm.
+        /// </summary>
+        RSAPKCS1V15,
+
+        /// <summary>
+        /// The symmetric key based AES algorithm with key size 256 bits.
+        /// </summary>
+        AES256,
+
+        /// <summary>
+        /// The symmetric key based SHA 256 Algorithm
+        /// </summary>
+        HMACSHA256,
+
+        /// <summary>
+        /// When no algorithm is used.
+        /// </summary>
+        None
+    }
+
+    /// <summary>
+    /// The RP service error code that needs to be handled by portal.
+    /// </summary>
+    public enum RpErrorCode
+    {
+        /// <summary>
+        /// The error code sent by RP if the Resource extended info doesn't exists.
+        /// </summary>
+        ResourceExtendedInfoNotFound
+    }
+
     /// <summary>
     /// Constant definition
     /// </summary>
@@ -94,10 +136,15 @@ public class Constants
         /// </summary>
         public const string VaultCredentialVersion = "1.0";
 
+        /// <summary>
+        /// The version of Extended resource info.
+        /// </summary>
+        public const string VaultSecurityInfoVersion = "1.0";
+
         /// <summary>
         /// extended information version.
         /// </summary>
-        public const string VaultExtendedInfVersion = "V2014_09";
+        public const string VaultExtendedInfoContractVersion = "V2014_09";
 
         /// <summary>
         /// A valid value for the string field Microsoft.WindowsAzure.CloudServiceManagement.resource.OperationStatus.Type
@@ -327,6 +374,27 @@ public class TaskStatus
     }
 }
 
+//// TODO: Remove this once we get nuget
+namespace Microsoft.Azure.Commands.RecoveryServices.RestApiInfra
+{
+    /// <summary>
+    /// Class to define the error for RP
+    /// </summary>
+        [SuppressMessage(
+        "Microsoft.StyleCop.CSharp.MaintainabilityRules",
+        "SA1402:FileMayOnlyContainASingleClass",
+        Justification = "Keeping all contracts together.")]
+    [DataContract(Namespace = "http://schemas.microsoft.com/wars")]
+    public class Error
+    {
+        /// <summary>
+        /// Gets or sets the value for the error as string.
+        /// </summary>
+        [DataMember]
+        public string ErrorCode { get; set; }
+    }
+}
+
 namespace Microsoft.Azure.Portal.RecoveryServices.Models.Common
 {
     /// <summary>
@@ -563,24 +631,33 @@ public class ResourceExtendedInfo
         /// <summary>
         /// Returns the Xml representation of this object.
         /// </summary>
-        /// <param name="etag">string to be used as unique identifier for the request</param>
         /// <returns>the xml as string</returns>
-        public ResourceExtendedInformationArgs Translate(string etag = null)
+        public ResourceExtendedInformationArgs Translate()
         {
-            string serializedInfo = Utilities.Serialize<ResourceExtendedInfo>(this);
-            if (string.IsNullOrEmpty(etag))
+            if (string.IsNullOrEmpty(this.Etag))
             {
-                etag = Guid.NewGuid().ToString();
+                this.Etag = Guid.NewGuid().ToString();
             }
 
+            string serializedInfo = Utilities.Serialize<ResourceExtendedInfo>(this);
             ResourceExtendedInformationArgs extendedInfoArgs = new ResourceExtendedInformationArgs(
-                Constants.VaultExtendedInfVersion,
+                Constants.VaultExtendedInfoContractVersion,
                 serializedInfo,
-                etag);
+                this.Etag);
 
             return extendedInfoArgs;
         }
 
+        /// <summary>
+        /// Method to generate security information
+        /// </summary>
+        public void GenerateSecurityInfo()
+        {
+            this.ChannelIntegrityKey = Utilities.GenerateRandomKey(128);
+            this.Version = Constants.VaultSecurityInfoVersion;
+            this.Algorithm = CryptoAlgorithm.None.ToString();
+        }
+
         #endregion
     }
 }

src/ServiceManagement/RecoveryServices/Commands.RecoveryServices/lib/PSContracts.cs

@@ -853,7 +853,7 @@ private string ParseStatus(ResourceOperationStatus operationStatus)
         /// <summary>
         /// Method to extract vault id
         /// </summary>
-        /// <param name="OutputItems">the output item from vault</param>
+        /// <param name="outputItems">the output item from vault</param>
         /// <returns>returns the vault id as string</returns>
         private string ParseVaultId(IList<OutputItem> outputItems)
         {

src/ServiceManagement/RecoveryServices/Commands.RecoveryServices/lib/PSObjects.cs

@@ -15,6 +15,7 @@
 using System;
 using System.IO;
 using System.Runtime.Serialization;
+using System.Security.Cryptography;
 using Microsoft.Azure.Portal.RecoveryServices.Models.Common;
 
 namespace Microsoft.Azure.Commands.RecoveryServices
@@ -121,5 +122,18 @@ public static string GetDefaultPath()
 
             return path;
         }
+
+        /// <summary>
+        /// Generate cryptographically random key of given bit size.
+        /// </summary>
+        /// <param name="size">size of the key to be generated</param>
+        /// <returns>the key</returns>
+        public static string GenerateRandomKey(int size)
+        {
+            byte[] key = new byte[(int)size / 8];
+            RNGCryptoServiceProvider crypto = new RNGCryptoServiceProvider();
+            crypto.GetBytes(key);
+            return Convert.ToBase64String(key);
+        }
     }
 }