[DataBoxEdge] data box edge sdk migrate (#27155)

* generate DataBoxEdge, add Microsoft.Azure.PowerShell.DataBoxEdge.Management.Sdk

* generate DataBoxEdge by autorest powershell

* Update ChangeLog.md

* fix payload-flattening-threshold

* Update ChangeLog.md

* test record and case change type

* Update TestCreateEdgeStorageContainer.json

* add license

Author: JoyerJin

src/DataBoxEdge/DataBoxEdge.Management.Sdk/Customizations/CryptoUtilities.cs

@@ -0,0 +1,171 @@
+// ----------------------------------------------------------------------------------
+//
+// Copyright Microsoft Corporation
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+// http://www.apache.org/licenses/LICENSE-2.0
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+// ----------------------------------------------------------------------------------
+
+namespace Microsoft.Azure.Management.DataBoxEdge
+{
+    using System;
+    using System.IO;
+    using System.Security.Cryptography;
+    using System.Security.Cryptography.X509Certificates;
+    using System.Text;
+
+    /// <summary>
+    /// The crypto helper.
+    /// </summary>
+    public class CryptoUtilities
+    {
+        /// <summary>
+        /// The salt for generating encryption keys.
+        /// </summary>
+        private static readonly byte[] Salt = Encoding.ASCII.GetBytes("o6806642kbM7c5");
+
+        /// <summary>
+        /// The AES algorithm is used to decrypt the given cipherText.
+        /// </summary>
+        /// <param name="cipherText">The cipher text.</param>
+        /// <param name="sharedSecret">The shared secret.</param>
+        /// <returns>The decrypted secret in pain text.</returns>
+        public static string DecryptCipherAES(string cipherText, string sharedSecret)
+        {
+            if (string.IsNullOrEmpty(cipherText))
+            {
+                return cipherText;
+            }
+
+            Aes aesAlg = null;
+
+            string plaintext = null;
+
+            // generate the key from the shared secret and the salt
+            Rfc2898DeriveBytes key = new Rfc2898DeriveBytes(sharedSecret, Salt);
+
+            // Create the streams used for decryption.
+            byte[] bytes = Convert.FromBase64String(cipherText);
+            using (MemoryStream memoryDecrypt = new MemoryStream(bytes))
+            {
+                aesAlg = Aes.Create();
+                aesAlg.Key = key.GetBytes(aesAlg.KeySize / 8);
+
+                // Get the initialization vector from the encrypted stream
+                aesAlg.IV = ReadByteArray(memoryDecrypt);
+
+                // Create a decrytor to perform the stream transform.
+                ICryptoTransform decryptor = aesAlg.CreateDecryptor(aesAlg.Key, aesAlg.IV);
+                using (CryptoStream cryptoDecrypt = new CryptoStream(memoryDecrypt, decryptor, CryptoStreamMode.Read))
+                {
+                    using (StreamReader streamDecrypt = new StreamReader(cryptoDecrypt))
+                    {
+                        // Read the decrypted bytes from the decrypting stream and place them in a string.
+                        plaintext = streamDecrypt.ReadToEnd();
+                    }
+                }
+            }
+
+            return plaintext;
+        }
+
+        public static string DecryptStringAES(string cipherText, string sharedSecret)
+        {
+            if (string.IsNullOrEmpty(cipherText))
+                return cipherText;
+
+            Aes aesAlg = null;
+            string plaintext = null;
+
+            // generate the key from the shared secret and the salt
+            Rfc2898DeriveBytes key = new Rfc2898DeriveBytes(sharedSecret, Salt);
+
+            // Create the streams used for decryption.
+            byte[] bytes = Convert.FromBase64String(cipherText);
+            using (MemoryStream msDecrypt = new MemoryStream(bytes))
+            {
+                aesAlg = Aes.Create();
+                aesAlg.Key = key.GetBytes(aesAlg.KeySize / 8);
+                // Get the initialization vector from the encrypted stream
+                aesAlg.IV = ReadByteArray(msDecrypt);
+                // Create a decrytor to perform the stream transform.
+                ICryptoTransform decryptor = aesAlg.CreateDecryptor(aesAlg.Key, aesAlg.IV);
+                using (CryptoStream csDecrypt =
+                    new CryptoStream(msDecrypt, decryptor, CryptoStreamMode.Read))
+                {
+                    using (StreamReader srDecrypt = new StreamReader(csDecrypt))
+
+                        // Read the decrypted bytes from the decrypting stream
+                        // and place them in a string.
+                        plaintext = srDecrypt.ReadToEnd();
+                }
+            }
+
+            return plaintext;
+        }
+
+        /// <summary>
+        /// This method encrypts a given secret using the public certificate.
+        /// </summary>
+        /// <param name="plainText">The secret in plain text.</param>
+        /// <param name="publicCertificate">The public certificate to be used for encryption.</param>
+        /// <returns>The encrypted secret.</returns>
+        public static string EncryptSecretRSAPKCS(string plainText, string publicCertificate)
+        {
+            string encryptedSecret = null;
+            encryptedSecret = EncryptStringRsaPkcs1v15(plainText, publicCertificate);
+            return encryptedSecret;
+        }
+
+        public static string EncryptStringRsaPkcs1v15(string plaintext, string encodedCertificate)
+        {
+            X509Certificate2 cert = new X509Certificate2(Convert.FromBase64String(encodedCertificate));
+            if (string.IsNullOrEmpty(plaintext) || cert == null)
+            {
+                return null;
+            }
+
+            byte[] textBytes = Encoding.UTF8.GetBytes(plaintext);
+            byte[] encryptedTextBytes;
+
+            // Create a new instance of RSACryptoServiceProvider, and encrypt the passed byte array and specify OAEP padding false to use PKCS#1 V1.5 padding.
+#if FullNetFx
+            RSACryptoServiceProvider rsa = (RSACryptoServiceProvider)cert.PublicKey.Key;
+            encryptedTextBytes = rsa.Encrypt(textBytes, false);
+#else
+            RSA rsa = cert.GetRSAPublicKey();
+            encryptedTextBytes = rsa.Encrypt(textBytes, RSAEncryptionPadding.Pkcs1);
+#endif
+            var encryptedBase64 = Convert.ToBase64String(encryptedTextBytes);
+            return encryptedBase64;
+        }
+
+        /// <summary>
+        /// Helper method to read byte array from a stream.
+        /// </summary>
+        /// <param name="s">The stream.</param>
+        /// <returns>The byte array.</returns>
+        private static byte[] ReadByteArray(Stream s)
+        {
+            byte[] rawLength = new byte[sizeof(int)];
+            if (s.Read(rawLength, 0, rawLength.Length) != rawLength.Length)
+            {
+                throw new Exception("Stream did not contain properly formatted byte array");
+            }
+
+            byte[] buffer = new byte[BitConverter.ToInt32(rawLength, 0)];
+            if (s.Read(buffer, 0, buffer.Length) != buffer.Length)
+            {
+                throw new Exception("Did not read byte array properly");
+            }
+
+            return buffer;
+        }
+    }
+}

src/DataBoxEdge/DataBoxEdge.Management.Sdk/Customizations/ExtendedClientMethods.cs

@@ -0,0 +1,137 @@
+// ----------------------------------------------------------------------------------
+//
+// Copyright Microsoft Corporation
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+// http://www.apache.org/licenses/LICENSE-2.0
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+// ----------------------------------------------------------------------------------
+
+using Microsoft.Azure.Management.DataBoxEdge.Models;
+using Microsoft.Rest;
+using Newtonsoft.Json.Linq;
+using Newtonsoft.Json;
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+
+namespace Microsoft.Azure.Management.DataBoxEdge
+{
+    public static partial class ExtendedClientMethods
+    {
+
+        /// <summary>
+        /// Use this method to encrypt the user secrets (Storage Account Access Key, Volume Container Encryption Key etc.) using activation key
+        /// </summary>
+        /// <param name="deviceName">
+        /// The resource name.
+        /// </param>
+        /// <param name="resourceGroupName">
+        /// The resource group name.
+        /// </param>
+        /// <param name="plainTextSecret">
+        /// The plain text secret.
+        /// </param>
+        /// <returns>
+        /// The <see cref="AsymmetricEncryptedSecret"/>.
+        /// </returns>
+        /// <exception cref="ValidationException">
+        /// </exception>
+        /// <exception cref="InvalidOperationException">
+        /// </exception>
+        public static AsymmetricEncryptedSecret GetAsymmetricEncryptedSecretUsingActivationKey(
+            this IDevicesOperations operations,
+                string deviceName,
+            string resourceGroupName,
+
+            string plainTextSecret,
+            string activationKey)
+        {
+            if (string.IsNullOrWhiteSpace(activationKey))
+            {
+                throw new Microsoft.Rest.ValidationException(Microsoft.Rest.ValidationRules.CannotBeNull, "activationKey");
+            }
+
+
+
+            string channelIntegrationKey = GetChannelIntegrityKey(activationKey);
+            return operations.GetAsymmetricEncryptedSecret(deviceName, resourceGroupName, plainTextSecret, channelIntegrationKey);
+        }
+
+        /// <summary>
+        /// Use this method to encrypt the user secrets (Storage Account Access Key, Volume Container Encryption Key etc.) using CIK
+        /// </summary>
+        /// <param name="deviceName">
+        /// The resource name.
+        /// </param>
+        /// <param name="resourceGroupName">
+        /// The resource group name.
+        /// </param>
+        /// <param name="plainTextSecret">
+        /// The plain text secret.
+        /// </param>
+        /// <returns>
+        /// The <see cref="AsymmetricEncryptedSecret"/>.
+        /// </returns>
+        /// <exception cref="ValidationException">
+        /// </exception>
+        /// <exception cref="InvalidOperationException">
+        /// </exception>
+        public static AsymmetricEncryptedSecret GetAsymmetricEncryptedSecret(
+            this IDevicesOperations operations,
+                string deviceName,
+                string resourceGroupName,
+                string plainTextSecret,
+                string channelIntegrationKey)
+        {
+            if (string.IsNullOrWhiteSpace(plainTextSecret))
+            {
+                throw new Microsoft.Rest.ValidationException(Microsoft.Rest.ValidationRules.CannotBeNull, "plainTextSecret");
+            }
+
+            if (string.IsNullOrWhiteSpace(resourceGroupName))
+            {
+                throw new Microsoft.Rest.ValidationException(Microsoft.Rest.ValidationRules.CannotBeNull, "resourceGroupName");
+            }
+
+            if (string.IsNullOrWhiteSpace(deviceName))
+            {
+                throw new Microsoft.Rest.ValidationException(Microsoft.Rest.ValidationRules.CannotBeNull, "resourceName");
+            }
+
+            DataBoxEdgeDeviceExtendedInfo extendedInfo = operations.GetExtendedInformation(deviceName, resourceGroupName);
+            string encryptionKey = extendedInfo.EncryptionKey;
+            string encryptionKeyThumbprint = extendedInfo.EncryptionKeyThumbprint;
+
+            string ChannelEncryptionKey = CryptoUtilities.DecryptStringAES(encryptionKey, channelIntegrationKey);
+
+            var secret = new AsymmetricEncryptedSecret()
+            {
+                EncryptionAlgorithm = EncryptionAlgorithm.AES256,
+                EncryptionCertThumbprint = encryptionKeyThumbprint,
+                Value = CryptoUtilities.EncryptStringRsaPkcs1v15(plainTextSecret, ChannelEncryptionKey)
+            };
+
+            return secret;
+        }
+
+
+        private static string GetChannelIntegrityKey(string activationKey)
+        {
+            string[] keys = activationKey.Split('#');
+            string encodedString = keys[0];
+            byte[] data = Convert.FromBase64String(encodedString);
+            string decodedString = Encoding.UTF8.GetString(data);
+            var jsondata = (JObject)JsonConvert.DeserializeObject(decodedString);
+            string serviceDataIntegrityKey = jsondata["serviceDataIntegrityKey"].Value<string>();
+            return serviceDataIntegrityKey;
+        }
+    }
+}

src/DataBoxEdge/DataBoxEdge.Management.Sdk/DataBoxEdge.Management.Sdk.csproj

@@ -0,0 +1,13 @@
+<Project Sdk="Microsoft.NET.Sdk">
+    <PropertyGroup>
+        <PsModuleName>DataBoxEdge</PsModuleName>
+    </PropertyGroup>
+    <Import Project="$(MSBuildThisFileDirectory)..\..\Az.props" />
+    <PropertyGroup>
+        <TargetFramework>netstandard2.0</TargetFramework>
+        <AssemblyName>Microsoft.Azure.PowerShell.DataBoxEdge.Management.Sdk</AssemblyName>
+        <RootNamespace>Microsoft.Azure.Management.DataBoxEdge</RootNamespace>
+        <NoWarn>$(NoWarn);CS0108;CS1573</NoWarn>
+    </PropertyGroup>
+    <Import Project="$([MSBuild]::GetDirectoryNameOfFileAbove($(MSBuildThisFileDirectory).., build.proj))\src\Az.Post.props" />
+</Project>