GCM match check for ipsec policy

henry416 · henry416 · commit 7c14c33d287b · 2017-06-27T11:45:51.000-07:00
diff --git a/src/ResourceManager/Network/Commands.Network/VirtualNetworkGatewayConnection/NewAzureRmIpsecPolicyCommand.cs b/src/ResourceManager/Network/Commands.Network/VirtualNetworkGatewayConnection/NewAzureRmIpsecPolicyCommand.cs
@@ -13,6 +13,7 @@
 // ----------------------------------------------------------------------------------
 
 using Microsoft.Azure.Commands.Network.Models;
+using System;
 using System.Management.Automation;
 using MNM = Microsoft.Azure.Management.Network.Models;
 
@@ -129,6 +130,12 @@ public override void Execute()
             ipsecPolicy.SALifeTimeSeconds = (!this.MyInvocation.BoundParameters.ContainsKey("SALifeTimeSeconds")) ? 27000 : this.SALifeTimeSeconds;
             ipsecPolicy.SADataSizeKilobytes = (!this.MyInvocation.BoundParameters.ContainsKey("SADataSizeKilobytes")) ? 102400000 : this.SADataSizeKilobytes;
 
+            // GCM matching check
+            if ((this.IpsecEncryption.Contains("GCM") || this.IpsecIntegrity.Contains("GCM")) && this.IpsecEncryption != this.IpsecIntegrity)
+            {
+                throw new ArgumentException("IpsecEncryption and IpsecIntegrity must use matching GCM algorithms");
+            }
+
             ipsecPolicy.IpsecEncryption = this.IpsecEncryption;
             ipsecPolicy.IpsecIntegrity = this.IpsecIntegrity;
             ipsecPolicy.IkeEncryption = this.IkeEncryption;
