Merge pull request Azure#4898 from jobatzil/hotfix/secureString

#ApplicationGateway Introduce SecureString to cmdlets.

Author: maddieclayton

src/ResourceManager/Network/ChangeLog.md

@@ -18,6 +18,10 @@
         - Additional information about change #1
 -->
 ## Current Release
+* Changed type of parameter -Password from String to SecureString for the following cmdlets:
+    - Add-AzureRmApplicationGatewaySslCertificate
+    - New-AzureRmApplicationGatewaySslCertificate
+    - Set-AzureRmApplicationGatewaySslCertificate
 * Added cmdlet to list available internet service providers for a specified Azure region
     - Get-AzureRmNetworkWatcherReachabilityProvidersList
 * Added cmdlet to get the relative latency score for internet service providers from a specified location to Azure regions

src/ResourceManager/Network/Commands.Network.Test/Commands.Network.Test.csproj

@@ -224,6 +224,12 @@
     <None Include="ScenarioTests\Common.ps1">
       <CopyToOutputDirectory>Always</CopyToOutputDirectory>
     </None>
+    <None Include="ScenarioTests\Data\ApplicationGatewaySslCert1.pfx">
+      <CopyToOutputDirectory>Always</CopyToOutputDirectory>
+    </None>
+    <None Include="ScenarioTests\Data\ApplicationGatewaySslCert2.pfx">
+      <CopyToOutputDirectory>Always</CopyToOutputDirectory>
+    </None>
     <None Include="ScenarioTests\Data\VmssDeploymentTemplate.json">
       <CopyToOutputDirectory>Always</CopyToOutputDirectory>
     </None>

src/ResourceManager/Network/Commands.Network.Test/ScenarioTests/ApplicationGatewayTests.ps1

@@ -346,6 +346,9 @@ function Test-ApplicationGatewayCRUD2
 	$listener01Name = Get-ResourceName
 	$listener02Name = Get-ResourceName
 
+	$sslCert01Name = Get-ResourceName
+	$sslCert02Name = Get-ResourceName
+
 	$poolName = Get-ResourceName
 	$poolSetting01Name = Get-ResourceName
 
@@ -376,11 +379,15 @@ function Test-ApplicationGatewayCRUD2
 		# Create ip configuration
 		$gipconfig = New-AzureRmApplicationGatewayIPConfiguration -Name $gipconfigname -Subnet $gwSubnet
 
-		#frontend part
+		# frontend part
+		$pw01 = ConvertTo-SecureString "P@ssw0rd" -AsPlainText -Force
+		$sslCert01Path = $basedir + "\ScenarioTests\Data\ApplicationGatewaySslCert1.pfx"
+		$sslCert01 = New-AzureRmApplicationGatewaySslCertificate -Name $sslCert01Name -CertificateFile $sslCert01Path -Password $pw01
+
 		$fipconfig = New-AzureRmApplicationGatewayFrontendIPConfig -Name $fipconfigName -PublicIPAddress $publicip
-		$fp01 = New-AzureRmApplicationGatewayFrontendPort -Name $frontendPort01Name  -Port 80
-		$fp02 = New-AzureRmApplicationGatewayFrontendPort -Name $frontendPort02Name  -Port 81
-		$listener01 = New-AzureRmApplicationGatewayHttpListener -Name $listener01Name -Protocol Http -FrontendIPConfiguration $fipconfig -FrontendPort $fp01
+		$fp01 = New-AzureRmApplicationGatewayFrontendPort -Name $frontendPort01Name  -Port 443
+		$fp02 = New-AzureRmApplicationGatewayFrontendPort -Name $frontendPort02Name  -Port 80
+		$listener01 = New-AzureRmApplicationGatewayHttpListener -Name $listener01Name -Protocol Https -SslCertificate $sslCert01 -FrontendIPConfiguration $fipconfig -FrontendPort $fp01
 		$listener02 = New-AzureRmApplicationGatewayHttpListener -Name $listener02Name -Protocol Http -FrontendIPConfiguration $fipconfig -FrontendPort $fp02
 
 		# backend part
@@ -401,7 +408,7 @@ function Test-ApplicationGatewayCRUD2
 		$sslPolicy = New-AzureRmApplicationGatewaySslPolicy -PolicyType Custom -MinProtocolVersion TLSv1_1 -CipherSuite "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", "TLS_RSA_WITH_AES_128_GCM_SHA256"
 
 		# Create Application Gateway
-		$appgw = New-AzureRmApplicationGateway -Name $appgwName -ResourceGroupName $rgname -Location $location -Probes $probeHttp -BackendAddressPools $pool -BackendHttpSettingsCollection $poolSetting01 -FrontendIpConfigurations $fipconfig -GatewayIpConfigurations $gipconfig -FrontendPorts $fp01, $fp02 -HttpListeners $listener01, $listener02 -RedirectConfiguration $redirect01 -RequestRoutingRules $rule01, $rule02 -Sku $sku -SslPolicy $sslPolicy 
+		$appgw = New-AzureRmApplicationGateway -Name $appgwName -ResourceGroupName $rgname -Location $location -Probes $probeHttp -BackendAddressPools $pool -BackendHttpSettingsCollection $poolSetting01 -FrontendIpConfigurations $fipconfig -GatewayIpConfigurations $gipconfig -FrontendPorts $fp01, $fp02 -HttpListeners $listener01, $listener02 -RedirectConfiguration $redirect01 -RequestRoutingRules $rule01, $rule02 -Sku $sku -SslPolicy $sslPolicy -SslCertificates $sslCert01
 
 		# Check get/set/remove for RedirectConfiguration
 		$redirect02 = Get-AzureRmApplicationGatewayRedirectConfiguration -ApplicationGateway $appgw -Name $redirect01Name
@@ -425,11 +432,30 @@ function Test-ApplicationGatewayCRUD2
 		# Get Application Gateway
 		$getgw = Get-AzureRmApplicationGateway -Name $appgwName -ResourceGroupName $rgname
 
+		# Check SSLCertificates
+		Assert-NotNull $getgw.SslCertificates[0]
+		Assert-Null $getgw.SslCertificates[0].Password
+
+		# Use Set/Add Certificate
+		$getgw = Set-AzureRmApplicationGatewaySslCertificate -ApplicationGateway $getgw -Name $sslCert01Name -CertificateFile $sslCert01Path -Password $pw01
+		Assert-NotNull $getgw.SslCertificates[0].Password
+
+		$pw02 = ConvertTo-SecureString "P@ssw0rd" -AsPlainText -Force
+		$sslCert02Path = $basedir + "\ScenarioTests\Data\ApplicationGatewaySslCert2.pfx"
+		$getgw = Add-AzureRmApplicationGatewaySslCertificate -ApplicationGateway $getgw -Name $sslCert02Name -CertificateFile $sslCert02Path -Password $pw02
+
 		# Modify existing application gateway with new configuration
 		$getgw = Set-AzureRmApplicationGateway -ApplicationGateway $getgw
 
 		Assert-AreEqual "Running" $getgw.OperationalState
 
+		# Check SSLCertificates again
+		Assert-AreEqual 2 $getgw.SslCertificates.Count
+		Assert-NotNull $getgw.SslCertificates[0]
+		Assert-NotNull $getgw.SslCertificates[1]
+		Assert-Null $getgw.SslCertificates[0].Password
+		Assert-Null $getgw.SslCertificates[1].Password
+
 		# Stop Application Gateway
 		$getgw = Stop-AzureRmApplicationGateway -ApplicationGateway $getgw
 

src/ResourceManager/Network/Commands.Network.Test/ScenarioTests/Data/ApplicationGatewaySslCert1.pfx

@@ -12,11 +12,11 @@
 // limitations under the License.
 // ----------------------------------------------------------------------------------
 
-using Microsoft.Azure.Commands.Network.Models;
 using System;
 using System.IO;
 using System.Management.Automation;
-using System.Security.Cryptography.X509Certificates;
+using System.Security;
+using Microsoft.Azure.Commands.Network.Models;
 
 namespace Microsoft.Azure.Commands.Network
 {
@@ -38,18 +38,15 @@ public class AzureApplicationGatewaySslCertificateBase : NetworkBaseCmdlet
                Mandatory = true,
                HelpMessage = "Certificate password")]
         [ValidateNotNullOrEmpty]
-        [Obsolete("(Get/Set/New)-AzureRmApplicationGatewaySslCertificate: The parameter \"Password\" is being changed from a string to a SecureString in an upcoming breaking change release.")]
-        public string Password { get; set; }
+        public SecureString Password { get; set; }
 
         public PSApplicationGatewaySslCertificate NewObject()
         {
             var sslCertificate = new PSApplicationGatewaySslCertificate();
 
             sslCertificate.Name = this.Name;
-            sslCertificate.Data = Convert.ToBase64String(File.ReadAllBytes(CertificateFile));
-#pragma warning disable 0618
+            sslCertificate.Data = Convert.ToBase64String(File.ReadAllBytes(this.CertificateFile));
             sslCertificate.Password = this.Password;
-#pragma warning restore 0618
             sslCertificate.Id =
                 ApplicationGatewayChildResourceHelper.GetResourceNotSetId(
                     this.NetworkClient.NetworkManagementClient.SubscriptionId,

src/ResourceManager/Network/Commands.Network.Test/ScenarioTests/Data/ApplicationGatewaySslCert2.pfx

@@ -39,10 +39,8 @@ public override void ExecuteCmdlet()
             {
                 throw new ArgumentException("Ssl certificate with the specified name does not exist");
             }
-
-#pragma warning disable 0618
-            X509Certificate2 cert = new X509Certificate2(CertificateFile, Password, X509KeyStorageFlags.Exportable);
-#pragma warning restore 0618
+            
+            X509Certificate2 cert = new X509Certificate2(this.CertificateFile, this.Password, X509KeyStorageFlags.Exportable);
 
             var newSslCertificate = base.NewObject();
 

src/ResourceManager/Network/Commands.Network.Test/SessionRecords/Commands.Network.Test.ScenarioTests.ApplicationGatewayTests/TestApplicationGatewayCRUD2.json

@@ -18,6 +18,8 @@ namespace Microsoft.Azure.Commands.Network
     using System;
     using System.Collections;
     using System.Collections.Generic;
+    using System.Security;
+    using WindowsAzure.Commands.Common;
     using CNM = Microsoft.Azure.Commands.Network.Models;
     using MNM = Microsoft.Azure.Management.Network.Models;
     using Microsoft.WindowsAzure.Commands.Utilities.Common;
@@ -563,7 +565,9 @@ private static void Initialize()
                 cfg.CreateMap<CNM.PSApplicationGatewayBackendHttpSettings, MNM.ApplicationGatewayBackendHttpSettings>();
                 cfg.CreateMap<CNM.PSApplicationGatewayFrontendIPConfiguration, MNM.ApplicationGatewayFrontendIPConfiguration>();
                 cfg.CreateMap<CNM.PSApplicationGatewayFrontendPort, MNM.ApplicationGatewayFrontendPort>();
-                cfg.CreateMap<CNM.PSApplicationGatewaySslCertificate, MNM.ApplicationGatewaySslCertificate>();
+                cfg.CreateMap<CNM.PSApplicationGatewaySslCertificate, MNM.ApplicationGatewaySslCertificate>().ForMember(
+                    dest => dest.Password,
+                    opt => opt.ResolveUsing(src => src.Password?.ConvertToString()));
                 cfg.CreateMap<CNM.PSApplicationGatewayHttpListener, MNM.ApplicationGatewayHttpListener>();
                 cfg.CreateMap<CNM.PSApplicationGatewayIPConfiguration, MNM.ApplicationGatewayIPConfiguration>();
                 cfg.CreateMap<CNM.PSApplicationGatewayRequestRoutingRule, MNM.ApplicationGatewayRequestRoutingRule>();
@@ -603,7 +607,9 @@ private static void Initialize()
                 cfg.CreateMap<MNM.ApplicationGatewayBackendAddressPool, CNM.PSApplicationGatewayBackendAddressPool>();
                 cfg.CreateMap<MNM.ApplicationGatewayBackendHttpSettings, CNM.PSApplicationGatewayBackendHttpSettings>();
                 cfg.CreateMap<MNM.ApplicationGatewayFrontendIPConfiguration, CNM.PSApplicationGatewayFrontendIPConfiguration>();
-                cfg.CreateMap<MNM.ApplicationGatewaySslCertificate, CNM.PSApplicationGatewaySslCertificate>();
+                cfg.CreateMap<MNM.ApplicationGatewaySslCertificate, CNM.PSApplicationGatewaySslCertificate>().ForMember(
+                    dest => dest.Password,
+                    opt => opt.ResolveUsing(src => src.Password?.ConvertToSecureString()));
                 cfg.CreateMap<MNM.ApplicationGatewayFrontendPort, CNM.PSApplicationGatewayFrontendPort>();
                 cfg.CreateMap<MNM.ApplicationGatewayHttpListener, CNM.PSApplicationGatewayHttpListener>();
                 cfg.CreateMap<MNM.ApplicationGatewayIPConfiguration, CNM.PSApplicationGatewayIPConfiguration>();

src/ResourceManager/Network/Commands.Network/ApplicationGateway/SslCertificate/AzureApplicationGatewaySslCertificateBase.cs

@@ -15,10 +15,12 @@
 
 namespace Microsoft.Azure.Commands.Network.Models
 {
+    using System.Security;
+
     public class PSApplicationGatewaySslCertificate : PSChildResource
     {
         public string Data { get; set; }
-        public string Password { get; set; }
+        public SecureString Password { get; set; }
         public string PublicCertData { get; set; }
         public string ProvisioningState { get; set; }
         public string Type { get; set; }

src/ResourceManager/Network/Commands.Network/ApplicationGateway/SslCertificate/SetAzureApplicationGatewaySslCertificateCommand.cs

@@ -15,7 +15,8 @@ Adds an SSL certificate to an application gateway.
 
 ```
 Add-AzureRmApplicationGatewaySslCertificate -ApplicationGateway <PSApplicationGateway> -Name <String>
- -CertificateFile <String> -Password <String> [-DefaultProfile <IAzureContextContainer>] [<CommonParameters>]
+ -CertificateFile <String> -Password <SecureString> [-DefaultProfile <IAzureContextContainer>]
+ [<CommonParameters>]
 ```
 
 ## DESCRIPTION
@@ -25,8 +26,9 @@ The **Add-AzureRmApplicationGatewaySslCertificate** cmdlet adds an SSL certifica
 
 ### Example 1: Add an SSL certificate to an application gateway.
 ```
-PS C:\>$AppGW = Get-AzureRmApplicationGateway -Name "ApplicationGateway01" -ResourceGroupName "ResourceGroup01"
-PS C:\> $AppGW = Add-AzureRmApplicationGatewaySslCertificate -ApplicationGateway $AppGW -Name "Cert01" -CertificateFile "D:\cert01.pfx" -Password "Password01"
+PS C:\> $AppGW = Get-AzureRmApplicationGateway -Name "ApplicationGateway01" -ResourceGroupName "ResourceGroup01"
+PS C:\> $password = ConvertTo-SecureString "P@ssw0rd" -AsPlainText -Force
+PS C:\> $AppGW = Add-AzureRmApplicationGatewaySslCertificate -ApplicationGateway $AppGW -Name "Cert01" -CertificateFile "D:\cert01.pfx" -Password $password
 ```
 
 This command gets an application gateway named ApplicationGateway01 and then adds an SSL certificate named Cert01 to it.
@@ -97,7 +99,7 @@ Accept wildcard characters: False
 Specifies the password of the SSL certificate that this cmdlet adds.
 
 ```yaml
-Type: String
+Type: SecureString
 Parameter Sets: (All)
 Aliases: 
 

src/ResourceManager/Network/Commands.Network/Common/NetworkResourceManagerProfile.cs

@@ -14,7 +14,7 @@ Creates an SSL certificate for an Azure application gateway.
 ## SYNTAX
 
 ```
-New-AzureRmApplicationGatewaySslCertificate -Name <String> -CertificateFile <String> -Password <String>
+New-AzureRmApplicationGatewaySslCertificate -Name <String> -CertificateFile <String> -Password <SecureString>
  [-DefaultProfile <IAzureContextContainer>] [<CommonParameters>]
 ```
 
@@ -25,7 +25,8 @@ The **New-AzureRmApplicationGatewaySslCertificate** cmdlet creates an SSL certif
 
 ### Example 1: Create an SSL certificate for an Azure application gateway.
 ```
-PS C:\>$Cert = New-AzureRmApplicationGatewaySslCertificate -Name "Cert01" -CertificateFile "D:\cert01.pfx" -Password "Password01"
+PS C:\> $password = ConvertTo-SecureString "P@ssw0rd" -AsPlainText -Force
+PS C:\> $cert = New-AzureRmApplicationGatewaySslCertificate -Name "Cert01" -CertificateFile "D:\cert01.pfx" -Password $password
 ```
 
 This command creates a SSL certificate named Cert01 for the default application gateway and stores the result in the variable named $Cert.
@@ -81,7 +82,7 @@ Accept wildcard characters: False
 Specifies the password of the SSL that this cmdlet creates.
 
 ```yaml
-Type: String
+Type: SecureString
 Parameter Sets: (All)
 Aliases: 
 

src/ResourceManager/Network/Commands.Network/Models/PSApplicationGatewaySslCertificate.cs

@@ -15,7 +15,8 @@ Sets the goal state of an SSL certificate.
 
 ```
 Set-AzureRmApplicationGatewaySslCertificate -ApplicationGateway <PSApplicationGateway> -Name <String>
- -CertificateFile <String> -Password <String> [-DefaultProfile <IAzureContextContainer>] [<CommonParameters>]
+ -CertificateFile <String> -Password <SecureString> [-DefaultProfile <IAzureContextContainer>]
+ [<CommonParameters>]
 ```
 
 ## DESCRIPTION
@@ -25,8 +26,9 @@ The **Set-AzureRmApplicationGatewaySslCertificate** cmdlet sets the goal state o
 
 ### Example 1: Set the goal state of an SSL certificate
 ```
-PS C:\>$AppGW = Get-AzureRmApplicationGateway -Name "ApplicationGateway01" -ResourceGroupName "ResourceGroup01"
-PS C:\> $Cert = Set-AzureRmApplicationGatewaySslCertificate -ApplicationGateway $AppGW -Name "Cert01" -CertificateFile "D:\cert01.pfx" -Password "Password01"
+PS C:\> $appGW = Get-AzureRmApplicationGateway -Name "ApplicationGateway01" -ResourceGroupName "ResourceGroup01"
+PS C:\> $password = ConvertTo-SecureString "P@ssw0rd" -AsPlainText -Force
+PS C:\> $cert = Set-AzureRmApplicationGatewaySslCertificate -ApplicationGateway $AppGW -Name "Cert01" -CertificateFile "D:\cert01.pfx" -Password $password
 ```
 
 This command sets the goal state for an SSL certificate from the application gateway named ApplicationGateway01.
@@ -97,7 +99,7 @@ Accept wildcard characters: False
 Specifies the password of the SSL certificate.
 
 ```yaml
-Type: String
+Type: SecureString
 Parameter Sets: (All)
 Aliases: 
 

src/ResourceManager/Network/Commands.Network/help/Add-AzureRmApplicationGatewaySslCertificate.md

@@ -185,6 +185,8 @@
         <string>ResourceManager\\Compute\\Stack\\Commands.Compute.Test\\Templates\\client.rb</string>
         <string>ResourceManager\\Compute\\Stack\\Commands.Compute.Test\\Templates\\tstorgnztn-validator.pem</string>
         <string>ResourceManager\\Network\\Stack\\Commands.Network.Test\\SessionRecords\\Commands.Network.Test.ScenarioTests.ApplicationGatewayTests\\TestApplicationGatewayCRUD.json</string>
+        <string>ResourceManager\\Network\\Commands.Network.Test\\ScenarioTests\\Data\\ApplicationGatewaySslCert1.pfx</string>
+        <string>ResourceManager\\Network\\Commands.Network.Test\\ScenarioTests\\Data\\ApplicationGatewaySslCert2.pfx</string>
 		<string>\\bin\\Debug\\</string>
 		<string>\\package[s]?\\</string>
       </Filters>