DataBoxEdge SDK Rel- 2021 (Azure#23746)

* SDK Release 2021

* Updated TestConstants with the new resource details

* Activation Key Generation Code

* GenerateActivationKey and Tests

* Save CIK in KeyVault

* KeyVault Update Extended Info

* Session Records with new resource

* Running Order Tests

* Updated Comments

* Fixed ResourceName

* Minor changes

* Minor change

* Fixed the buld error

* Addressed Comments

Author: arjoojain2812

eng/mgmt/mgmtmetadata/databoxedge_resource-manager.txt

@@ -1,14 +1,15 @@
-Installing AutoRest version: latest
+Installing AutoRest version: v2
 AutoRest installed successfully.
 Commencing code generation
 Generating CSharp code
 Executing AutoRest command
-cmd.exe /c autorest.cmd https://github.com/Azure/azure-rest-api-specs/blob/master/specification/databoxedge/resource-manager/readme.md --csharp --version=latest --reflect-api-versions --csharp-sdks-folder=D:\Code\azure-sdk-for-net\azure-sdk-for-net\sdk
-2019-12-09 08:27:42 UTC
+cmd.exe /c autorest.cmd https://github.com/Azure/azure-rest-api-specs/blob/master/specification/databoxedge/resource-manager/readme.md --csharp --version=v2 --reflect-api-versions --csharp-sdks-folder=D:\SDKRepos\azure-sdk-for-net\sdk
+Autorest CSharp Version: 2.3.82
+2021-08-30 14:10:19 UTC
 Azure-rest-api-specs repository information
 GitHub fork: Azure
 Branch:      master
-Commit:      ef354ec8d6580227707ed935684e533b898beabe
+Commit:      b020247789ba2ab0065ebbcfa69050ce729493b8
 AutoRest information
-Requested version: latest
-Bootstrapper version:    autorest@2.0.4407
+Requested version: v2
+Bootstrapper version:    autorest@2.0.4413

sdk/databoxedge/Microsoft.Azure.Management.DataBoxEdge/AzSdk.RP.props

@@ -1,7 +1,7 @@
 <Project ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
   <!--This file and it's contents are updated at build time moving or editing might result in build failure. Take due deligence while editing this file-->
   <PropertyGroup>
-    <AzureApiTag>DataBox_2019-08-01;</AzureApiTag>
+    <AzureApiTag>DataBoxEdge_2021-02-01;</AzureApiTag>
     <PackageTags>$(PackageTags);$(CommonTags);$(AzureApiTag);</PackageTags>
   </PropertyGroup>
 </Project>

sdk/databoxedge/Microsoft.Azure.Management.DataBoxEdge/src/Customizations/ActivationKeyHelper.cs

@@ -0,0 +1,232 @@
+using Microsoft.Azure.Management.DataBoxEdge.Models;
+using Newtonsoft.Json;
+using System;
+using System.Security.Cryptography;
+using System.Security.Cryptography.X509Certificates;
+using System.Text;
+
+namespace Microsoft.Azure.Management.DataBoxEdge
+{
+    internal static class ActivationKeyHelper
+    {
+        #region GenerateActivationKey
+
+        /// <summary>
+        /// Generates the vault certificate.
+        /// </summary>
+        /// <param name="resourceGroupName"></param>
+        /// <param name="resourceName"></param>
+        /// <returns></returns>
+        internal static GenerateCertResponse GenerateVaultCertificate(IDevicesOperations operations, string resourceGroupName,
+            string resourceName)
+        {
+            return operations.GenerateCertificate(resourceName,
+                   resourceGroupName);
+        }
+
+        /// <summary>
+        /// Imports the raw data of a certificate into a X509Certificate2 object
+        /// </summary>
+        /// <returns>Returns the X509Certificate2 format of public part of the certificate</returns>
+        internal static X509Certificate2 ImportCertificate(string rawData)
+        {
+            var rawDataByteArray = Encoding.UTF8.GetBytes(rawData);
+            var cert = new X509Certificate2(rawDataByteArray);
+            return cert;
+        }
+
+        /// <summary>
+        /// Uploads the vault certificate.
+        /// </summary>
+        /// <param name="resourceGroupName"></param>
+        /// <param name="resourceName"></param>
+        /// <param name="cert"></param>
+        /// <returns></returns>
+        internal static UploadCertificateResponse UploadVaultCertificate(IDevicesOperations operations, string resourceGroupName,
+            string resourceName, X509Certificate2 cert)
+        {
+            var request = new UploadCertificateRequest
+            {
+                Certificate = Convert.ToBase64String(cert.RawData)
+            };
+             
+            return operations.UploadCertificate(resourceName, request,
+               resourceGroupName);
+        }
+
+        /// <summary>
+        /// Uploads the vault certificate.
+        /// </summary>
+        /// <param name="resourceGroupName"></param>
+        /// <param name="resourceName"></param>
+        /// <param name="resourceLocation"></param>
+        /// <param name="certWithPrivateKey"></param>
+        /// <param name="uploadCertificate"></param>
+        /// <returns></returns>
+        internal static string GetAadActivationKey(string resourceGroupName, string resourceName,
+            string resourceLocation, string certWithPrivateKey,
+            UploadCertificateResponse uploadCertificate, string subscriptionId, string cik)
+        {
+            var RegistrationKeyHashSize = 16;
+            var vault = GetVaultCredentials(resourceGroupName, resourceName, resourceLocation, certWithPrivateKey, uploadCertificate, subscriptionId, cik);
+
+            var st = JsonConvert.SerializeObject(vault);
+            var plainTextBytes = Encoding.UTF8.GetBytes(st);
+            var activation = Convert.ToBase64String(plainTextBytes);
+            var hash = GenerateSha512Hash(activation);
+            return $"{activation}#{hash.Substring(0, RegistrationKeyHashSize)}";
+        }
+
+        /// <summary>
+        /// Gets the vault credentials.
+        /// </summary>
+        /// <param name="resourceGroupName"></param>
+        /// <param name="resourceName"></param>
+        /// <param name="resourceLocation"></param>
+        /// <param name="serializedCertificate"></param>
+        /// <param name="uploadCertificate"></param>
+        /// <returns></returns>
+        public static ActivationKeyComponents GetVaultCredentials(string resourceGroupName,
+            string resourceName, string resourceLocation, string serializedCertificate, UploadCertificateResponse uploadCertificate, string subscriptionId, string cik)
+        {
+            const string AudienceFormat = @"https://azuredataboxedge/{0}/{1}/{2}";
+
+            var aadAudience = string.IsNullOrWhiteSpace(uploadCertificate.AadAudience) ?
+                string.Format(AudienceFormat, resourceLocation, uploadCertificate.ResourceId, uploadCertificate.ResourceId) :
+                uploadCertificate.AadAudience;
+
+            var vault = new ActivationKeyComponents
+            {
+                SubscriptionId = subscriptionId,
+                ResourceType = "dataBoxEdgeDevices",
+                ResourceName = resourceName,
+                ManagementCert = serializedCertificate,
+                ResourceId = uploadCertificate.ResourceId,
+                AadAuthority = uploadCertificate.AadAuthority,
+                AadAudience = aadAudience,
+                AadTenantId = uploadCertificate.AadTenantId,
+                ServicePrincipalClientId = uploadCertificate.ServicePrincipalClientId,
+                AzureManagementEndpointAudience = uploadCertificate.AzureManagementEndpointAudience,
+                ProviderNamespace = "Microsoft.DataBoxEdge",
+                ResourceGroup = resourceGroupName,
+                ServiceDataIntegrityKey = cik,
+                IdentityProvider = "AAD"
+            };
+
+            return vault;
+        }
+
+        /// <summary>
+        /// Generates the sha512 hash.
+        /// </summary>
+        /// <param name="text">The text.</param>
+        /// <returns></returns>
+        internal static string GenerateSha512Hash(string text)
+        {
+            var alg = SHA512.Create();
+            byte[] result = alg.ComputeHash(Encoding.UTF8.GetBytes(text));
+
+            return ConvertByteArrayToString(result);
+        }
+
+        /// <summary>
+        /// Converts the byte array to string.
+        /// </summary>
+        /// <param name="data">The data.</param>
+        /// <returns></returns>
+        private static string ConvertByteArrayToString(byte[] data)
+        {
+            StringBuilder sBuilder = new StringBuilder();
+
+            for (int i = 0; i < data.Length; i++)
+            {
+                sBuilder.Append(data[i].ToString("x2"));
+            }
+
+            return sBuilder.ToString();
+        }
+    }
+
+    #region ActivationKeyComponents
+    /// <summary>
+    /// Components of Activation Key
+    /// </summary>
+    public class ActivationKeyComponents
+    {
+        #region Properties
+
+        /// <summary>
+        /// Gets or Sets the SubscriptionId
+        /// </summary>
+        public string SubscriptionId { get; set; }
+
+        /// <summary>
+        /// Gets or sets the key name for ResourceType entry.
+        /// </summary>
+        public string ResourceType { get; set; }
+
+        /// <summary>
+        /// Gets or sets the key name for ResourceName entry.
+        /// </summary>
+        public string ResourceName { get; set; }
+
+        /// <summary>
+        /// Gets or sets the key name for ManagementCert entry.
+        /// </summary>
+        public string ManagementCert { get; set; }
+
+        /// <summary>
+        /// Gets or sets the resource id of the vault.
+        /// </summary>
+        public string ResourceId { get; set; }
+
+        /// <summary>
+        /// Gets or sets the AAD Authority.
+        /// </summary>
+        public string AadAuthority { get; set; }
+
+        /// <summary>
+        /// Gets or sets AadAudience
+        /// </summary>
+        public string AadAudience { get; set; }
+
+        /// <summary>
+        /// Gets or sets the AAD Tenant Id.
+        /// </summary>
+        public string AadTenantId { get; set; }
+
+        /// <summary>
+        /// Gets or sets the Service Principal Client Id.
+        /// </summary>
+        public string ServicePrincipalClientId { get; set; }
+
+        /// <summary>
+        /// Gets or sets the Azure Management Endpoint Audience.
+        /// </summary>
+        public string AzureManagementEndpointAudience { get; set; }
+
+        /// <summary>
+        /// Gets or sets the ProviderNamespace.
+        /// </summary>
+        public string ProviderNamespace { get; set; }
+
+        /// <summary>
+        /// Gets or sets the Resource Group.
+        /// </summary>
+        public string ResourceGroup { get; set; }
+
+        /// <summary>
+        /// Gets or sets the Location.
+        /// </summary>
+        public string ServiceDataIntegrityKey { get; set; }
+
+        /// <summary>
+        /// Gets or sets the IdentityProvider.
+        /// </summary>
+        public string IdentityProvider { get; set; }
+        #endregion
+    }
+    #endregion
+    #endregion
+}
+

sdk/databoxedge/Microsoft.Azure.Management.DataBoxEdge/src/Customizations/ExtendedClientMethods.cs

@@ -1,55 +1,16 @@
 using Microsoft.Azure.Management.DataBoxEdge.Models;
 using Microsoft.Rest;
-using Newtonsoft.Json.Linq;
 using Newtonsoft.Json;
+using Newtonsoft.Json.Linq;
 using System;
-using System.Collections.Generic;
-using System.Linq;
+using System.Security.Cryptography;
 using System.Text;
-using System.Threading.Tasks;
 
 namespace Microsoft.Azure.Management.DataBoxEdge
 {
     public static partial class ExtendedClientMethods
     {
-
-        /// <summary>
-        /// Use this method to encrypt the user secrets (Storage Account Access Key, Volume Container Encryption Key etc.) using activation key
-        /// </summary>
-        /// <param name="deviceName">
-        /// The resource name.
-        /// </param>
-        /// <param name="resourceGroupName">
-        /// The resource group name.
-        /// </param>
-        /// <param name="plainTextSecret">
-        /// The plain text secret.
-        /// </param>
-        /// <returns>
-        /// The <see cref="AsymmetricEncryptedSecret"/>.
-        /// </returns>
-        /// <exception cref="ValidationException">
-        /// </exception>
-        /// <exception cref="InvalidOperationException">
-        /// </exception>
-        public static AsymmetricEncryptedSecret GetAsymmetricEncryptedSecretUsingActivationKey(
-            this IDevicesOperations operations,
-                string deviceName,
-            string resourceGroupName,
-
-            string plainTextSecret,
-            string activationKey)
-        {
-            if (string.IsNullOrWhiteSpace(activationKey))
-            {
-                throw new Microsoft.Rest.ValidationException(Microsoft.Rest.ValidationRules.CannotBeNull, "activationKey");
-            }
-
-
-
-            string channelIntegrationKey = GetChannelIntegrityKey(activationKey);
-            return operations.GetAsymmetricEncryptedSecret(deviceName, resourceGroupName, plainTextSecret, channelIntegrationKey);
-        }
+        private const int StandardSizeOfCIK = 128;
 
         /// <summary>
         /// Use this method to encrypt the user secrets (Storage Account Access Key, Volume Container Encryption Key etc.) using CIK
@@ -119,5 +80,43 @@ private static string GetChannelIntegrityKey(string activationKey)
             string serviceDataIntegrityKey = jsondata["serviceDataIntegrityKey"].Value<string>();
             return serviceDataIntegrityKey;
         }
+
+        /// <summary>
+        /// Use this method to generate the activation key for a device to register it with the ASE resource
+        /// </summary>
+        /// <param name="resourceGroupName">Name of the resource group</param>
+        /// <param name="resourceName">Name of the resource</param>
+        /// <param name="resourceLocation">Location of the resource</param>
+
+        /// <returns></returns>
+        public static string GenerateActivationKey(this IDevicesOperations operations,
+            string resourceGroupName,
+            string resourceName,
+            string cik)
+        {
+            var resourceLocation = operations.Get(resourceName, resourceGroupName).Location;
+            var subscriptionId = (operations as DevicesOperations).Client.SubscriptionId;
+            var generateCertResponse = ActivationKeyHelper.GenerateVaultCertificate(operations, resourceGroupName, resourceName);
+            var certPublicPart = ActivationKeyHelper.ImportCertificate(generateCertResponse.PublicKey);
+            var uploadCertificateResponse = ActivationKeyHelper.UploadVaultCertificate(operations, resourceGroupName, resourceName, certPublicPart);
+            var activationKeyToRegisterTheResource = ActivationKeyHelper.GetAadActivationKey(resourceGroupName, resourceName, resourceLocation,
+                generateCertResponse.PrivateKey, uploadCertificateResponse, subscriptionId, cik);
+
+            return activationKeyToRegisterTheResource;
+        }
+
+        /// <summary>
+        /// This method generates the CIK of length 128 chars
+        /// </summary>
+        /// <returns></returns>
+        public static string GenerateCIK(this IDevicesOperations operations)
+        {
+            var randomNumberGenerator = RandomNumberGenerator.Create();
+            var byteArr = new byte[128];
+            randomNumberGenerator.GetBytes(byteArr);
+            var cik = Convert.ToBase64String(byteArr).Substring(0, StandardSizeOfCIK);
+
+            return cik;
+        }
     }
 }