Azure · isra-fel · Dec 9, 2019 · Dec 5, 2019 · Dec 9, 2019 · Dec 9, 2019
diff --git a/eng/mgmt/mgmtmetadata/databoxedge_resource-manager.txt b/eng/mgmt/mgmtmetadata/databoxedge_resource-manager.txt
@@ -0,0 +1,14 @@
+Installing AutoRest version: latest
+AutoRest installed successfully.
+Commencing code generation
+Generating CSharp code
+Executing AutoRest command
+cmd.exe /c autorest.cmd https://github.com/Azure/azure-rest-api-specs/blob/master/specification/databoxedge/resource-manager/readme.md --csharp --version=latest --reflect-api-versions --csharp-sdks-folder=D:\Code\azure-sdk-for-net\azure-sdk-for-net\sdk
+2019-12-09 08:27:42 UTC
+Azure-rest-api-specs repository information
+GitHub fork: Azure
+Branch:      master
+Commit:      ef354ec8d6580227707ed935684e533b898beabe
+AutoRest information
+Requested version: latest
+Bootstrapper version:    [email protected]
diff --git a/sdk/databoxedge/Microsoft.Azure.Management.DataBoxEdge/AzSdk.RP.props b/sdk/databoxedge/Microsoft.Azure.Management.DataBoxEdge/AzSdk.RP.props
@@ -1,7 +1,7 @@
 <Project ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
   <!--This file and it's contents are updated at build time moving or editing might result in build failure. Take due deligence while editing this file-->
   <PropertyGroup>
-    <AzureApiTag>DataBox_2018-01-01;</AzureApiTag>
+    <AzureApiTag>DataBox_2019-08-01;</AzureApiTag>
     <PackageTags>$(PackageTags);$(CommonTags);$(AzureApiTag);</PackageTags>
   </PropertyGroup>
 </Project>
diff --git a/sdk/databoxedge/Microsoft.Azure.Management.DataBoxEdge/src/Customizations/CryptoUtilities.cs b/sdk/databoxedge/Microsoft.Azure.Management.DataBoxEdge/src/Customizations/CryptoUtilities.cs
@@ -0,0 +1,157 @@
+namespace Microsoft.Azure.Management.DataBoxEdge
+{
+    using System;
+    using System.IO;
+    using System.Security.Cryptography;
+    using System.Security.Cryptography.X509Certificates;
+    using System.Text;
+
+    /// <summary>
+    /// The crypto helper.
+    /// </summary>
+    public class CryptoUtilities
+    {
+        /// <summary>
+        /// The salt for generating encryption keys.
+        /// </summary>
+        private static readonly byte[] Salt = Encoding.ASCII.GetBytes("o6806642kbM7c5");
+
+        /// <summary>
+        /// The AES algorithm is used to decrypt the given cipherText.
+        /// </summary>
+        /// <param name="cipherText">The cipher text.</param>
+        /// <param name="sharedSecret">The shared secret.</param>
+        /// <returns>The decrypted secret in pain text.</returns>
+        public static string DecryptCipherAES(string cipherText, string sharedSecret)
+        {
+            if (string.IsNullOrEmpty(cipherText))
+            {
+                return cipherText;
+            }
+
+            Aes aesAlg = null;
+
+            string plaintext = null;
+
+            // generate the key from the shared secret and the salt
+            Rfc2898DeriveBytes key = new Rfc2898DeriveBytes(sharedSecret, Salt);
+
+            // Create the streams used for decryption.
+            byte[] bytes = Convert.FromBase64String(cipherText);
+            using (MemoryStream memoryDecrypt = new MemoryStream(bytes))
+            {
+                aesAlg = Aes.Create();
+                aesAlg.Key = key.GetBytes(aesAlg.KeySize / 8);
+
+                // Get the initialization vector from the encrypted stream
+                aesAlg.IV = ReadByteArray(memoryDecrypt);
+
+                // Create a decrytor to perform the stream transform.
+                ICryptoTransform decryptor = aesAlg.CreateDecryptor(aesAlg.Key, aesAlg.IV);
+                using (CryptoStream cryptoDecrypt = new CryptoStream(memoryDecrypt, decryptor, CryptoStreamMode.Read))
+                {
+                    using (StreamReader streamDecrypt = new StreamReader(cryptoDecrypt))
+                    {
+                        // Read the decrypted bytes from the decrypting stream and place them in a string.
+                        plaintext = streamDecrypt.ReadToEnd();
+                    }
+                }
+            }
+
+            return plaintext;
+        }
+
+        public static string DecryptStringAES(string cipherText, string sharedSecret)
+        {
+            if (string.IsNullOrEmpty(cipherText))
+                return cipherText;
+
+            Aes aesAlg = null;
+            string plaintext = null;
+
+            // generate the key from the shared secret and the salt
+            Rfc2898DeriveBytes key = new Rfc2898DeriveBytes(sharedSecret, Salt);
+
+            // Create the streams used for decryption.
+            byte[] bytes = Convert.FromBase64String(cipherText);
+            using (MemoryStream msDecrypt = new MemoryStream(bytes))
+            {
+                aesAlg = Aes.Create();
+                aesAlg.Key = key.GetBytes(aesAlg.KeySize / 8);
+                // Get the initialization vector from the encrypted stream
+                aesAlg.IV = ReadByteArray(msDecrypt);
+                // Create a decrytor to perform the stream transform.
+                ICryptoTransform decryptor = aesAlg.CreateDecryptor(aesAlg.Key, aesAlg.IV);
+                using (CryptoStream csDecrypt =
+                    new CryptoStream(msDecrypt, decryptor, CryptoStreamMode.Read))
+                {
+                    using (StreamReader srDecrypt = new StreamReader(csDecrypt))
+
+                        // Read the decrypted bytes from the decrypting stream
+                        // and place them in a string.
+                        plaintext = srDecrypt.ReadToEnd();
+                }
+            }
+
+            return plaintext;
+        }
+
+        /// <summary>
+        /// This method encrypts a given secret using the public certificate.
+        /// </summary>
+        /// <param name="plainText">The secret in plain text.</param>
+        /// <param name="publicCertificate">The public certificate to be used for encryption.</param>
+        /// <returns>The encrypted secret.</returns>
+        public static string EncryptSecretRSAPKCS(string plainText, string publicCertificate)
+        {
+            string encryptedSecret = null;
+            encryptedSecret = EncryptStringRsaPkcs1v15(plainText, publicCertificate);
+            return encryptedSecret;
+        }
+
+        public static string EncryptStringRsaPkcs1v15(string plaintext, string encodedCertificate)
+        {
+            X509Certificate2 cert = new X509Certificate2(Convert.FromBase64String(encodedCertificate));
+            if (string.IsNullOrEmpty(plaintext) || cert == null)
+            {
+                return null;
+            }
+
+            byte[] textBytes = Encoding.UTF8.GetBytes(plaintext);
+            byte[] encryptedTextBytes;
+
+            // Create a new instance of RSACryptoServiceProvider, and encrypt the passed byte array and specify OAEP padding false to use PKCS#1 V1.5 padding.
+#if FullNetFx
+            RSACryptoServiceProvider rsa = (RSACryptoServiceProvider)cert.PublicKey.Key;
+            encryptedTextBytes = rsa.Encrypt(textBytes, false);
+#else
+            RSA rsa = cert.GetRSAPublicKey();
+            encryptedTextBytes = rsa.Encrypt(textBytes, RSAEncryptionPadding.Pkcs1);
+#endif
+            var encryptedBase64 = Convert.ToBase64String(encryptedTextBytes);
+            return encryptedBase64;
+        }
+
+        /// <summary>
+        /// Helper method to read byte array from a stream.
+        /// </summary>
+        /// <param name="s">The stream.</param>
+        /// <returns>The byte array.</returns>
+        private static byte[] ReadByteArray(Stream s)
+        {
+            byte[] rawLength = new byte[sizeof(int)];
+            if (s.Read(rawLength, 0, rawLength.Length) != rawLength.Length)
+            {
+                throw new Exception("Stream did not contain properly formatted byte array");
+            }
+
+            byte[] buffer = new byte[BitConverter.ToInt32(rawLength, 0)];
+            if (s.Read(buffer, 0, buffer.Length) != buffer.Length)
+            {
+                throw new Exception("Did not read byte array properly");
+            }
+
+            return buffer;
+        }
+    }
+}
diff --git a/...oxedge/Microsoft.Azure.Management.DataBoxEdge/src/Customizations/ExtendedClientMethods.cs b/...oxedge/Microsoft.Azure.Management.DataBoxEdge/src/Customizations/ExtendedClientMethods.cs
@@ -0,0 +1,123 @@
+using Microsoft.Azure.Management.DataBoxEdge.Models;
+using Microsoft.Rest;
+using Newtonsoft.Json.Linq;
+using Newtonsoft.Json;
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+
+namespace Microsoft.Azure.Management.DataBoxEdge
+{
+    public static partial class ExtendedClientMethods
+    {
+
+        /// <summary>
+        /// Use this method to encrypt the user secrets (Storage Account Access Key, Volume Container Encryption Key etc.) using activation key
+        /// </summary>
+        /// <param name="deviceName">
+        /// The resource name.
+        /// </param>
+        /// <param name="resourceGroupName">
+        /// The resource group name.
+        /// </param>
+        /// <param name="plainTextSecret">
+        /// The plain text secret.
+        /// </param>
+        /// <returns>
+        /// The <see cref="AsymmetricEncryptedSecret"/>.
+        /// </returns>
+        /// <exception cref="ValidationException">
+        /// </exception>
+        /// <exception cref="InvalidOperationException">
+        /// </exception>
+        public static AsymmetricEncryptedSecret GetAsymmetricEncryptedSecretUsingActivationKey(
+            this IDevicesOperations operations,
+                string deviceName,
+            string resourceGroupName,
+
+            string plainTextSecret,
+            string activationKey)
+        {
+            if (string.IsNullOrWhiteSpace(activationKey))
+            {
+                throw new Microsoft.Rest.ValidationException(Microsoft.Rest.ValidationRules.CannotBeNull, "activationKey");
+            }
+
+
+
+            string channelIntegrationKey = GetChannelIntegrityKey(activationKey);
+            return operations.GetAsymmetricEncryptedSecret(deviceName, resourceGroupName, plainTextSecret, channelIntegrationKey);
+        }
+
+        /// <summary>
+        /// Use this method to encrypt the user secrets (Storage Account Access Key, Volume Container Encryption Key etc.) using CIK
+        /// </summary>
+        /// <param name="deviceName">
+        /// The resource name.
+        /// </param>
+        /// <param name="resourceGroupName">
+        /// The resource group name.
+        /// </param>
+        /// <param name="plainTextSecret">
+        /// The plain text secret.
+        /// </param>
+        /// <returns>
+        /// The <see cref="AsymmetricEncryptedSecret"/>.
+        /// </returns>
+        /// <exception cref="ValidationException">
+        /// </exception>
+        /// <exception cref="InvalidOperationException">
+        /// </exception>
+        public static AsymmetricEncryptedSecret GetAsymmetricEncryptedSecret(
+            this IDevicesOperations operations,
+                string deviceName,
+                string resourceGroupName,
+                string plainTextSecret,
+                string channelIntegrationKey)
+        {
+            if (string.IsNullOrWhiteSpace(plainTextSecret))
+            {
+                throw new Microsoft.Rest.ValidationException(Microsoft.Rest.ValidationRules.CannotBeNull, "plainTextSecret");
+            }
+
+            if (string.IsNullOrWhiteSpace(resourceGroupName))
+            {
+                throw new Microsoft.Rest.ValidationException(Microsoft.Rest.ValidationRules.CannotBeNull, "resourceGroupName");
+            }
+
+            if (string.IsNullOrWhiteSpace(deviceName))
+            {
+                throw new Microsoft.Rest.ValidationException(Microsoft.Rest.ValidationRules.CannotBeNull, "resourceName");
+            }
+
+            DataBoxEdgeDeviceExtendedInfo extendedInfo = operations.GetExtendedInformation(deviceName, resourceGroupName);
+            string encryptionKey = extendedInfo.EncryptionKey;
+            string encryptionKeyThumbprint = extendedInfo.EncryptionKeyThumbprint;
+
+            string ChannelEncryptionKey = CryptoUtilities.DecryptStringAES(encryptionKey, channelIntegrationKey);
+
+            var secret = new AsymmetricEncryptedSecret()
+            {
+                EncryptionAlgorithm = EncryptionAlgorithm.AES256,
+                EncryptionCertThumbprint = encryptionKeyThumbprint,
+                Value = CryptoUtilities.EncryptStringRsaPkcs1v15(plainTextSecret, ChannelEncryptionKey)
+            };
+
+            return secret;
+        }
+
+
+        private static string GetChannelIntegrityKey(string activationKey)
+        {
+            string[] keys = activationKey.Split('#');
+            string encodedString = keys[0];
+            byte[] data = Convert.FromBase64String(encodedString);
+            string decodedString = Encoding.UTF8.GetString(data);
+            var jsondata = (JObject)JsonConvert.DeserializeObject(decodedString);
+            string serviceDataIntegrityKey = jsondata["serviceDataIntegrityKey"].Value<string>();
+            return serviceDataIntegrityKey;
+        }
+    }
+}