Fixed Key Vault Certificate Merge issue (#25333)

* align with cli

* remove unused namespace

* refine

Author: BethanyZhou

src/KeyVault/KeyVault/ChangeLog.md

@@ -18,6 +18,7 @@
         - Additional information about change #1
 -->
 ## Upcoming Release
+* Fixed an issue during merging certificate process. [#24323]
 
 ## Version 6.0.0
 * [Breaking change] Removed the offline fallback policy if specify parameter `UseDefaultCVMPolicy` in `Add-AzKeyVaultKey`. Key creation will fail if unable to get regional default CVM SKR policy from MAA Service Discovery API.

src/KeyVault/KeyVault/Commands/Certificate/ImportAzureKeyVaultCertificate.cs

@@ -25,6 +25,7 @@
 using System.Management.Automation;
 using System.Security;
 using System.Security.Cryptography.X509Certificates;
+using System.Text.RegularExpressions;
 
 using KeyVaultProperties = Microsoft.Azure.Commands.KeyVault.Properties;
 
@@ -202,7 +203,7 @@ public override void ExecuteCmdlet()
                 switch (ParameterSetName)
                 {
                     case ImportCertificateFromFileParameterSet:
-                        byte[] base64Bytes = File.ReadAllBytes(FilePath);
+                        byte[] bytes = File.ReadAllBytes(FilePath);
                         bool doImport = false;
 
                         if (IsPemFile(FilePath))
@@ -227,15 +228,15 @@ public override void ExecuteCmdlet()
                                 this.Track2DataClient.ImportCertificate(
                                     VaultName,
                                     Name,
-                                    base64Bytes,
+                                    bytes,
                                     Password,
                                     Tag?.ConvertToDictionary(),
                                     IsPemFile(FilePath) ? Constants.PemContentType : Constants.Pkcs12ContentType,
                                     PolicyObject) :
                                 this.Track2DataClient.MergeCertificate(
                                 VaultName,
                                 Name,
-                                new List<byte[]> { base64Bytes },
+                                GetEnumerableBytes(FilePath),
                                 Tag == null ? null : Tag.ConvertToDictionary());
 
                         break;
@@ -254,6 +255,34 @@ public override void ExecuteCmdlet()
             }
         }
 
+        /// <summary>
+        /// Read cert data between cert header and footer and convert it to bytes list
+        /// </summary>
+        /// <param name="filePath"> The full path to cert</param>
+        /// <returns>Bytes list for cert data</returns>
+        /// <exception cref="AzPSException"></exception>
+        private IEnumerable<byte[]> GetEnumerableBytes(string filePath)
+        {
+            var bytesList = new List<byte[]>();
+            try
+            {
+                string texts = File.ReadAllText(filePath);
+                // Match cert data between cert header and footer and convert it to bytes
+                var pattern = @"-----BEGIN CERTIFICATE-----([^-]+)-----END CERTIFICATE-----";
+                Match m = Regex.Match(texts, pattern, RegexOptions.IgnoreCase);
+                while (m.Success)
+                {
+                    bytesList.Add(Convert.FromBase64String(m.Groups[1].Value.Replace(Environment.NewLine, "")));
+                    m = m.NextMatch();
+                }
+            }
+            catch (Exception ex)
+            {
+                throw new AzPSException(string.Format(Resources.ProcessingCertError, filePath, ex.Message), Common.ErrorKind.UserError);
+            }
+            return bytesList;
+        }
+
         private bool IsPemFile(string filePath)
         {
             return ".pem".Equals(Path.GetExtension(filePath), StringComparison.OrdinalIgnoreCase);

src/KeyVault/KeyVault/Properties/Resources.Designer.cs

@@ -627,4 +627,7 @@ You can find the object ID using Azure Active Directory Module for Windows Power
   <data name="NoVaultWithGivenNameFound" xml:space="preserve">
     <value>Vault '{0}' does not exist in current subscription.  If this vault exists in your tenant, please switch to the correct subscription.</value>
   </data>
+  <data name="ProcessingCertError" xml:space="preserve">
+    <value>Error happens when processing certificate '{0}'. See detailed error: {1}</value>
+  </data>
 </root>