Download Vault Creds (testing pending)

src/ResourceManager/AzureBackup/Commands.AzureBackup/AzureBackupCmdletHelpMessage.cs

@@ -14,12 +14,16 @@
 
 namespace Microsoft.Azure.Commands.AzureBackup.Cmdlets
 {
-
     internal static class AzureBackupCmdletHelpMessage
     {
         public const string Vault = "The vault details";
         public const string PolicyName = "The protection policy name.";
         public const string ResourceGroupName = "The ResourceGroup name.";
         public const string ResourceName = "The Resource name.";
+        public const string TargetLocation = "The directory where the credentials file will be saved.";
+        public const string ContainerName = "The container name.";
+        public const string ContainerId = "The container ID.";
+        public const string ContainerRegistrationStatus = "The container registration status.";
+        public const string ContainerType = "The container type.";
     }
 }

src/ResourceManager/AzureBackup/Commands.AzureBackup/Cmdlets/Container/GetAzureBackupContainer.cs

@@ -0,0 +1,60 @@
+// ----------------------------------------------------------------------------------
+//
+// Copyright Microsoft Corporation
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+// http://www.apache.org/licenses/LICENSE-2.0
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+// ----------------------------------------------------------------------------------
+
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Management.Automation;
+using System.Text;
+using System.Threading.Tasks;
+
+namespace Microsoft.Azure.Commands.AzureBackup.Cmdlets
+{
+    /// <summary>
+    /// Get list of containers
+    /// </summary>
+    [Cmdlet(VerbsCommon.Get, "AzureBackupContainer"), OutputType(typeof(AzureBackupContainer), typeof(List<AzureBackupContainer>))]
+    public class GetAzureBackupContainer : AzureBackupVaultCmdletBase
+    {
+        [Parameter(Position = 2, Mandatory = false, HelpMessage = AzureBackupCmdletHelpMessage.ContainerName)]
+        [ValidateNotNullOrEmpty]
+        public string Name { get; set; }
+
+        [Parameter(Position = 2, Mandatory = false, HelpMessage = AzureBackupCmdletHelpMessage.ContainerId)]
+        [ValidateNotNullOrEmpty]
+        public string Id { get; set; }
+
+        [Parameter(Position = 2, Mandatory = false, HelpMessage = AzureBackupCmdletHelpMessage.ContainerRegistrationStatus)]
+        [ValidateNotNullOrEmpty]
+        public AzureBackupContainerStatus Status { get; set; }
+
+        [Parameter(Position = 2, Mandatory = false, HelpMessage = AzureBackupCmdletHelpMessage.ContainerType)]
+        [ValidateNotNullOrEmpty]
+        public AzureBackupContainerType Type { get; set; }
+
+        public override void ExecuteCmdlet()
+        {
+            base.ExecuteCmdlet();
+
+            ExecutionBlock(() =>
+            {
+                IEnumerable<AzureBackupContainer> containers = new List<AzureBackupContainer>();
+
+                // TODO: Call Hydra
+
+                WriteObject(containers);
+            });
+        }
+    }
+}

src/ResourceManager/AzureBackup/Commands.AzureBackup/Cmdlets/ProtectionPolicy/GetAzureBackupProtectionPolicy.cs

@@ -22,7 +22,7 @@
 namespace Microsoft.Azure.Commands.AzureBackup.Cmdlets
 {
     /// <summary>
-    /// Get list of containers
+    /// Get list of protection policies
     /// </summary>
     [Cmdlet(VerbsCommon.Get, "AzureBackupProtectionPolicy"), OutputType(typeof(AzureBackupProtectionPolicy), typeof(List<AzureBackupProtectionPolicy>))]
     public class GetAzureBackupProtectionPolicy : AzureBackupVaultCmdletBase

src/ResourceManager/AzureBackup/Commands.AzureBackup/Cmdlets/VaultCredentials/AcsNamespace.cs

@@ -0,0 +1,61 @@
+// ----------------------------------------------------------------------------------
+//
+// Copyright Microsoft Corporation
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+// http://www.apache.org/licenses/LICENSE-2.0
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+// ----------------------------------------------------------------------------------
+
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+
+namespace Microsoft.Azure.Commands.AzureBackup.Cmdlets
+{
+    /// <summary>
+    /// AcsNamespace is where the certificate is uploaded into
+    /// </summary>
+    public class AcsNamespace
+    {
+        /// <summary>
+        /// Gets or sets the key name for HostName entry
+        /// </summary>
+        public string HostName { get; set; }
+
+        /// <summary>
+        /// Gets or sets the key name for Namespace entry
+        /// </summary>
+        public string Namespace { get; set; }
+
+        /// <summary>
+        /// Gets or sets the value for ResourceProviderRealm entry
+        /// </summary>
+        public string ResourceProviderRealm { get; set; }
+
+        /// <summary>
+        /// Initializes a new instance of the AcsNamespace class
+        /// </summary>
+        public AcsNamespace() { }
+
+        /// <summary>
+        /// Initializes a new instance of the AcsNamespace class.
+        /// </summary>
+        /// <param name="hostName">host name</param>
+        /// <param name="acsNmespace">acs namespace</param>
+        /// <param name="resourceProviderRealm">rp realm</param>
+        public AcsNamespace(string hostName, string acsNmespace, string resourceProviderRealm)
+        {
+            this.HostName = hostName;
+            this.Namespace = acsNmespace;
+            this.ResourceProviderRealm = resourceProviderRealm;
+        }
+    }
+}

src/ResourceManager/AzureBackup/Commands.AzureBackup/Cmdlets/VaultCredentials/CertUtils.cs

@@ -0,0 +1,131 @@
+// ----------------------------------------------------------------------------------
+//
+// Copyright Microsoft Corporation
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+// http://www.apache.org/licenses/LICENSE-2.0
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+// ----------------------------------------------------------------------------------
+
+using Microsoft.WindowsAzure.Management;
+using Microsoft.WindowsAzure.Management.EventSources;
+using Security.Cryptography;
+using Security.Cryptography.X509Certificates;
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Security.Cryptography;
+using System.Security.Cryptography.X509Certificates;
+using System.Text;
+using System.Threading.Tasks;
+
+namespace Microsoft.Azure.Commands.AzureBackup.Cmdlets
+{
+    /// <summary>
+    /// Certificate utility methods
+    /// </summary>
+    public class CertUtils
+    {
+        public const string MsEnhancedProv = "Microsoft Enhanced Cryptographic Provider v1.0";
+        public const string DefaultIssuer = "CN=Windows Azure Tools";
+
+        public const string DefaultPassword = "";
+        public const string OIDClientAuthValue = "1.3.6.1.5.5.7.3.2";
+        public const string OIDClientAuthFriendlyName = "Client Authentication";
+        public const int KeySize2048 = 2048;
+
+        /// <summary>
+        /// Windows Azure Service Management API requires 2048bit RSA keys.
+        /// The private key needs to be exportable so we can save it to .pfx for sharing with team members.
+        /// </summary>
+        /// <returns>A 2048 bit RSA key</returns>
+        private static CngKey Create2048RsaKey()
+        {
+            var keyCreationParameters = new CngKeyCreationParameters
+            {
+                ExportPolicy = CngExportPolicies.AllowExport,
+                KeyCreationOptions = CngKeyCreationOptions.None,
+                KeyUsage = CngKeyUsages.AllUsages,
+                Provider = new CngProvider(MsEnhancedProv)
+            };
+
+            keyCreationParameters.Parameters.Add(new CngProperty("Length", BitConverter.GetBytes(KeySize2048), CngPropertyOptions.None));
+
+            return CngKey.Create(CngAlgorithm2.Rsa, null, keyCreationParameters);
+        }
+
+        /// <summary>
+        /// Creates a new self-signed X509 certificate
+        /// </summary>
+        /// <param name="issuer">The certificate issuer</param>
+        /// <param name="friendlyName">Human readable name</param>
+        /// <param name="password">The certificate's password</param>
+        /// <param name="startTime">Certificate creation date & time</param>
+        /// <param name="endTime">Certificate expiry date & time</param>
+        /// <returns>An X509Certificate2</returns>
+        public static X509Certificate2 CreateSelfSignedCert(string issuer, string friendlyName, string password, DateTime startTime, DateTime endTime)
+        {
+            string distinguishedNameString = issuer;
+            var key = Create2048RsaKey();
+
+            var creationParams = new X509CertificateCreationParameters(new X500DistinguishedName(distinguishedNameString))
+            {
+                TakeOwnershipOfKey = true,
+                StartTime = startTime,
+                EndTime = endTime
+            };
+
+            // adding client authentication, -eku = 1.3.6.1.5.5.7.3.2, 
+            // This is mandatory for the upload to be successful
+            OidCollection oidCollection = new OidCollection();
+            oidCollection.Add(new Oid(OIDClientAuthValue, OIDClientAuthFriendlyName));
+            creationParams.Extensions.Add(new X509EnhancedKeyUsageExtension(oidCollection, false));
+
+            // Documentation of CreateSelfSignedCertificate states:
+            // If creationParameters have TakeOwnershipOfKey set to true, the certificate
+            // generated will own the key and the input CngKey will be disposed to ensure
+            // that the caller doesn't accidentally use it beyond its lifetime (which is
+            // now controlled by the certificate object).
+            // We don't dispose it ourselves in this case.
+            var cert = key.CreateSelfSignedCertificate(creationParams);
+            key = null;
+            cert.FriendlyName = friendlyName;
+
+            // X509 certificate needs PersistKeySet flag set.  
+            // Reload a new X509Certificate2 instance from exported bytes in order to set the PersistKeySet flag.
+            var bytes = cert.Export(X509ContentType.Pfx, password);
+
+            // NOTE: PfxValidation is not done here because these are newly created certs and assumed valid.
+
+            ICommonEventSource evtSource = null;
+            return X509Certificate2Helper.NewX509Certificate2(bytes, password, X509KeyStorageFlags.PersistKeySet | X509KeyStorageFlags.Exportable, evtSource, doPfxValidation: false);
+        }
+
+        /// <summary>
+        /// Returns serialized certificate - Base64 encoded based on the content type
+        /// </summary>
+        /// <param name="cert">The certificate provided</param>
+        /// <param name="contentType">Cert content type</param>
+        /// <returns>The serialized cert value in string</returns>
+        public static string SerializeCert(X509Certificate2 cert, X509ContentType contentType)
+        {
+            return Convert.ToBase64String(cert.Export(contentType));
+        }
+
+        /// <summary>
+        /// Generates friendly name
+        /// </summary>
+        /// <param name="subscriptionId">Subscription id</param>
+        /// <param name="prefix">Prefix, likely resource name</param>
+        /// <returns>Friendly name</returns>
+        public static string GenerateCertFriendlyName(string subscriptionId, string prefix = "")
+        {
+            return string.Format("{0}{1}-{2}-vaultcredentials", prefix, subscriptionId, DateTime.Now.ToString("M-d-yyyy"));
+        }
+    }
+}

src/ResourceManager/AzureBackup/Commands.AzureBackup/Cmdlets/VaultCredentials/Constants.cs

@@ -0,0 +1,27 @@
+// ----------------------------------------------------------------------------------
+//
+// Copyright Microsoft Corporation
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+// http://www.apache.org/licenses/LICENSE-2.0
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+// ----------------------------------------------------------------------------------
+
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+
+namespace Microsoft.Azure.Commands.AzureBackup.Cmdlets
+{
+    public class Constants
+    {
+        public const int VaultCertificateExpiryInHoursForBackup = 48;
+    }
+}