
using namespace Newtonsoft.Json
using namespace Microsoft.Azure.Commands.Common.Authentication.Abstractions
using namespace Microsoft.Azure.Commands.Common.Authentication

Set-StrictMode -Version Latest
class Helpers {
    static AbstractClass($obj, $classType) {
        $type = $obj.GetType()
        if ($type -eq $classType) {
            throw("Class '$type' must be inherited")

    static [string] SanitizeFolderName($folderPath) {
        return ($folderPath -replace '[<>:"/\\|?*]', '');

    static [string] ConvertObjectToString([PSObject] $dataObject, [bool] $defaultPsOutput) {
        [string] $msg = "";
        if ($dataObject) {
            if ($dataObject.GetType().FullName -eq "System.Management.Automation.ErrorRecord") {
                if ($defaultPsOutput) {
                    $msg = $dataObject.ToString();
                else {
                    $msg = ($dataObject | Out-String) + "`r`nStackTrace: " + $dataObject. ScriptStackTrace
            else {
                if ($defaultPsOutput -or $dataObject.GetType() -eq [string]) {
                    $msg = $dataObject | Out-String;
                else {
                    try {
                        #$msg = $dataObject | ConvertTo-Json -Depth 5 | Out-String;
                        #$msg = [Helpers]::ConvertToJsonCustom($dataObject);
                        $msg = [Helpers]::ConvertToPson($dataObject);
                    catch {
                        $e = $_
                        $msg = $dataObject | Format-List | Out-String;

                    $msg = $msg.Trim();


        return $msg;

    static [JsonSerializerSettings] $SerializerSettings = $null;
    hidden static [JsonSerializerSettings] GetSerializerSettings() {
        if (-not [Helpers]::SerializerSettings) {
            $settings = [JsonSerializerSettings]::new();
            $settings.Formatting = [Formatting]::Indented;
            $settings.NullValueHandling = [NullValueHandling]::Ignore;
            $settings.ReferenceLoopHandling = [ReferenceLoopHandling]::Ignore;
            [Helpers]::SerializerSettings = $settings;
        return [Helpers]::SerializerSettings;

    static [string] ConvertToJson([PSObject] $dataObject) {
        if ($dataObject) {
            if ($dataObject.GetType() -eq [System.Object[]] -and $dataObject.Count -ne 0) {
                $list = New-Object -TypeName "System.Collections.Generic.List[$($dataObject[0].GetType().fullname)]";
                $dataObject | ForEach-Object {
                    if ($_) {
                return [JsonConvert]::SerializeObject($list, [Helpers]::GetSerializerSettings());

            return [JsonConvert]::SerializeObject($dataObject, [Helpers]::GetSerializerSettings());
        return "";

    static [string] ConvertToJsonCustom([PSObject] $Object) {
        Set-StrictMode -Off
        $res = [Helpers]::ConvertToJsonCustomNotStrict($Object, 10, 10, $false)
        Set-StrictMode -Version Latest
        return $res

    static [string] ConvertToPson([PSObject] $Object) {
        Set-StrictMode -Off
        $res = [Helpers]::ConvertToPsonNotStrict($Object, 10, 10, $false, $false, (Get-Variable -Name PSVersionTable).Value.PSVersion)
        Set-StrictMode -Version Latest
        return $res

    static [string] ConvertToJsonCustomNotStrict([PSObject] $Object, [Int]$Depth, [Int]$Layers, [bool]$IsWind) {
        $Format = $Null
        $Quote = If ($Depth -le 0) {""}
        Else {""""}
        $Space = If ($Layers -le 0) {""}
        Else {" "}
        If ($Object -eq $Null) { return "null"}
        Else {
            $JSON = If ($Object -is "Array") {
                $Format = "[", ",$Space", "]"
                If ($Depth -gt 1) {
                    For ($i = 0; $i -lt $Object.Count; $i++) {
                        [Helpers]::ConvertToJsonCustomNotStrict($Object[$i], $Depth - 1, $Layers - 1, $IsWind)
            ElseIf ($Object -is "Xml") {
                $String = New-Object System.IO.StringWriter
                $Xml = "'" + ([String]$String).Replace("`'", "&apos;") + "'"
                If ($Layers -le 0) {
                    ($Xml -Replace "\r\n\s*", "") -Replace "\s+", " "
                ElseIf ($Layers -eq 1) {
                Else {
                    $Xml.Replace("`r`n", "`r`n ")
            ElseIf ($Object -is "Enum") {
            ElseIf ($Object -is "DateTime") {
            ElseIf ($Object -is "String") {
                $Object = ConvertTo-Json $Object -Depth 1
            ElseIf ($Object -is "Boolean") {
                If ($Object) {"true"}
                Else {"false"}
            ElseIf ($Object -is "Char") {
            ElseIf ($Object -is "guid") {
            ElseIf ($Object -is "ValueType") {
            ElseIf ($Object -is [System.Collections.IDictionary]) {
                If ($Object.Keys -eq $Null){
                    return "null"
                $Format = "{", ",$Space", "}"
                If ($Depth -gt 1) {
                    $Object.GetEnumerator() | ForEach-Object {
                        $Quote + $_.Name + $Quote + "$Space`:$Space" + ([Helpers]::ConvertToJsonCustomNotStrict($_.Value, $Depth - 1, $Layers - 1, $IsWind))
            ElseIf($Object -is 'System.Collections.IList'){
                $Format = "[", ",$Space", "]"
                If ($Depth -gt 1) {
                    $Object | ForEach-Object {
                        [Helpers]::ConvertToJsonCustomNotStrict($_, $Depth - 1, $Layers - 1, $IsWind)
            ElseIf ($Object -is "Object") {
                If ($Object -is "System.Management.Automation.ErrorRecord" -and !$IsWind) {
                    $Depth = 3
                    $Layers = 3
                    $IsWind = $true
                $Format = "{", ",$Space", "}"
                If ($Depth -gt 1) {
                    Get-Member -InputObject $Object -MemberType Properties | ForEach-Object {
                        $Quote + $_.Name + $Quote + "$Space`:$Space" + ([Helpers]::ConvertToJsonCustomNotStrict($Object.$($_.Name), $Depth - 1, $Layers - 1, $IsWind))
            Else {$Object}
            If ($Format) {
                $JSON = $Format[0] + (& {
                        If (($Layers -le 1) -or ($JSON.Count -le 0)) {
                            $JSON -Join $Format[1]
                        Else {
                            ("`r`n" + ($JSON -Join "$($Format[1])`r`n")).Replace("`r`n", "`r`n ") + "`r`n"
                    }) + $Format[2]
            return "$JSON"

    # Adapted from
    # Added case for enum
    # PSON - PowerShell Object Notation
    static [string] ConvertToPsonNotStrict($Object, [Int]$Depth, [Int]$Layers, [bool]$IsWind, [bool]$Strict, [Version]$Version) {
        $Format = $Null
        $Quote = If ($Depth -le 0) {""}
        Else {""""}
        $Space = If ($Layers -le 0) {""}
        Else {" "}
        If ($Object -eq $Null) {
            return "`$Null"
        Else {
            $Type = "[" + $Object.GetType().Name + "]"
            $PSON = If ($Object -is "Array") {
                $Format = "@(", ",$Space", ")"
                If ($Depth -gt 1) {
                    For ($i = 0; $i -lt $Object.Count; $i++) {
                        [Helpers]::ConvertToPsonNotStrict($Object[$i], $Depth - 1, $Layers - 1, $IsWind, $Strict, $Version)
            ElseIf ($Object -is "Xml") {
                $Type = "[Xml]"
                $String = New-Object System.IO.StringWriter
                $Xml = "'" + ([String]$String).Replace("`'", "&apos;") + "'"
                If ($Layers -le 0) {
                    ($Xml -Replace "\r\n\s*", "") -Replace "\s+", " "
                        ElseIf ($Layers -eq 1) {
                Else {
                    $Xml.Replace("`r`n", "`r`n ")
            ElseIf ($Object -is "Enum") {
            ElseIf ($Object -is "DateTime") {
            ElseIf ($Object -is "String") {
                0..11 | ForEach-Object {
                    $Object = $Object.Replace([String]"```'""`0`a`b`f`n`r`t`v`$"[$_], ('`' + '`''"0abfnrtv$'[$_]))}; "$Quote$Object$Quote"
            ElseIf ($Object -is "Boolean") {
                If ($Object) {"`$True"}
                Else {"`$False"}
            ElseIf ($Object -is "Char") {
                If ($Strict) {[Int]$Object}
                Else {"$Quote$Object$Quote"}
            ElseIf ($Object -is "guid") {
            ElseIf ($Object -is "ValueType") {
            ElseIf ($Object -is [System.Collections.IDictionary]) {
                If ($Object.Keys -eq $Null){
                    return "`$Null"
                If ($Type -eq "[OrderedDictionary]") {$Type = "[Ordered]"}
                $Format = "@{", ";$Space", "}"
                If ($Depth -gt 1) {
                    $Object.GetEnumerator() | ForEach-Object {
                        $Quote + $_.Name + $Quote + "$Space=$Space" + ([Helpers]::ConvertToPsonNotStrict($_.Value, $Depth - 1, $Layers - 1, $IsWind, $Strict, $Version))
            ElseIf($Object -is 'System.Collections.IList'){
                $Format = "@(", ",$Space", ")"
                If ($Depth -gt 1) {
                    $Object | ForEach-Object {
                        [Helpers]::ConvertToPsonNotStrict($_, $Depth - 1, $Layers - 1, $IsWind, $Strict, $Version)
            ElseIf ($Object -is "Object") {
                If ($Object -is "System.Management.Automation.ErrorRecord" -and !$IsWind) {
                    $Depth = 3
                    $Layers = 3
                    $IsWind = $true
                If ($Version -le [Version]"2.0") {$Type = "New-Object PSObject -Property "}
                $Format = "@{", ";$Space", "}"
                If ($Depth -gt 1) {
                    Get-Member -InputObject $Object -MemberType Properties | ForEach-Object {
                        $Quote + $_.Name + $Quote + "$Space=$Space" + ([Helpers]::ConvertToPsonNotStrict($Object.$($_.Name), $Depth - 1, $Layers - 1, $IsWind, $Strict, $Version))
            Else {$Object}
            If ($Format) {
                $PSON = $Format[0] + (& {
                        If (($Layers -le 1) -or ($PSON.Count -le 0)) {
                            $PSON -Join $Format[1]
                        Else {
                            ("`r`n" + ($PSON -Join "$($Format[1])`r`n")).Replace("`r`n", "`r`n ") + "`r`n"
                    }) + $Format[2]
            If ($Strict) {
                return "$Type$PSON"
            Else {
                return "$PSON"

   static [string] GetAccessToken([string] $resourceAppIdUri, [string] $tenantId) {

        $rmContext = Get-AzureRmContext -ErrorAction Stop;
        if ([string]::IsNullOrEmpty($tenantId)) {
            $tenantId = $rmContext.Tenant.Id

        $allEndpoints = @();
        $resourceConstant = [AzureEnvironment+Endpoint] |
            Get-Member -Static -MemberType Properties |
            Where-Object {
                $endpoint = [AzureEnvironmentExtensions]::GetEndpoint($rmContext.Environment, $_.Name)
                $allEndpoints += $endpoint;
                (-not [string]::IsNullOrWhiteSpace($endpoint) -and ($endpoint.Trimend('/') -eq $resourceAppIdUri.Trimend('/')))
            } | Select-Object -First 1

        if (-not $resourceConstant) {
            throw "The resource URL [$resourceAppIdUri] is not supported. Supported values are: " + ($allEndpoints -join ", ")

        $authResult = [AzureSession]::Instance.AuthenticationFactory.Authenticate(
                            [System.Security.SecureString] $null,

        if(-not ($authResult -and (-not [string]::IsNullOrWhiteSpace($authResult.AccessToken))))
            throw "Unable to get access token. Authentication Failed."

        return $authResult.AccessToken;

    static [string] GetAccessToken([string] $resourceAppIdUri) {
        return [Helpers]::GetAccessToken($resourceAppIdUri, "");

    static [System.Management.Automation.RuntimeDefinedParameterDictionary] NewDynamicParam([string] $parameterName, [string[]] $options, [bool] $mandatory, [string] $parameterSetName, [string] $helpMessage) {
        # Create the dictionary
        $RuntimeParameterDictionary = New-Object System.Management.Automation.RuntimeDefinedParameterDictionary
        # Create the collection of attributes
        $AttributeCollection = New-Object System.Collections.ObjectModel.Collection[System.Attribute]
        # Create and set the parameters' attributes
        $ParameterAttribute = New-Object System.Management.Automation.ParameterAttribute
        #$ParameterAttribute.ValueFromPipeline = $false
        #$ParameterAttribute.ValueFromPipelineByPropertyName = $false
        $ParameterAttribute.Mandatory = $mandatory
        if (-not [string]::IsNullOrEmpty($helpMessage)) {
            $ParameterAttribute.HelpMessage = $helpMessage;

        if (-not [string]::IsNullOrEmpty($parameterSetName)) {
            $ParameterAttribute.ParameterSetName = $parameterSetName;

        # Add the attributes to the attributes collection
        # Generate and set the ValidateSet
        $ValidateSetAttribute = New-Object System.Management.Automation.ValidateSetAttribute($options)
        # Add the ValidateSet to the attributes collection
        # Create and return the dynamic parameter
        $RuntimeParameter = New-Object System.Management.Automation.RuntimeDefinedParameter($parameterName, [string], $AttributeCollection)
        $RuntimeParameterDictionary.Add($parameterName, $RuntimeParameter)
        return $RuntimeParameterDictionary

    static [bool] CompareObject($referenceObject, $differenceObject)
        return [Helpers]::CompareObject($referenceObject, $differenceObject, $false)

    static [bool] CompareObject($referenceObject, $differenceObject, [bool] $strictComparison) 
        $result = $true;

        if($null -ne $referenceObject)
            if($null -ne $differenceObject)
                if($referenceObject -is "Array")
                    if($differenceObject -is "Array")
                        if((-not $strictComparison) -or ($referenceObject.Count -eq $differenceObject.Count))
                            foreach ($refObject in $referenceObject)
                                $arrayResult = $false;
                                foreach ($diffObject in $differenceObject)
                                    $arrayResult = [Helpers]::CompareObject($refObject, $diffObject, $strictComparison);

                                $result = $result -and $arrayResult
                                if(-not $arrayResult)
                            $result = $false;
                        $result = $false;
                # Condition for all primitive types
                elseif ($referenceObject -is "string" -or $referenceObject -is "ValueType")
                    # For primitve types, use default comparer
                    $result = $result -and (((Compare-Object $referenceObject $differenceObject) | Where-Object { $_.SideIndicator -eq "<=" } | Measure-Object).Count -eq 0)
                    $result = $result -and [Helpers]::CompareObjectProperties($referenceObject, $differenceObject, $strictComparison)
                $result = $false;
        elseif($null -eq $differenceObject)
            $result = $true;
            $result = $false;

        return $result;
    hidden static [bool] CompareObjectProperties($referenceObject, $differenceObject, [bool] $strictComparison) 
        $result = $true;
        $refProps = @();
        $diffProps = @();
        $refProps += [Helpers]::GetProperties($referenceObject);
        $diffProps += [Helpers]::GetProperties($differenceObject);

        if((-not $strictComparison) -or ($refProps.Count -eq $diffProps.Count))
            foreach ($propName in $refProps)
                $refProp = $referenceObject.$propName;
                if (-not [string]::IsNullOrWhiteSpace(($diffProps | Where-Object { $_ -eq $propName } | Select-Object -First 1))) 
                    $compareProp = $differenceObject.$propName;

                    if($null -ne $refProp)
                        if($null -ne $compareProp)
                            $result = $result -and [Helpers]::CompareObject($refProp, $compareProp, $strictComparison);
                            $result = $result -and $false;
                    elseif($null -eq $compareProp)
                        $result = $result -and $true;
                        $result = $result -and $false;
                    $result = $false;

                if(-not $result)
            $result = $false;

        return $result;

    hidden static [string[]] GetProperties($object) 
        $props = @();
        if($object -is "Hashtable")
            $object.Keys | ForEach-Object { 
                $props += $_;
            ($object | Get-Member -MemberType Properties) |
                ForEach-Object {
                    $props += $_.Name;
        return $props;

    static [bool] CompareObjectOld($referenceObject, $differenceObject) {
        $result = $true;

        if($null -ne $referenceObject)
            if($null -ne $differenceObject)
                ($referenceObject | Get-Member -MemberType Properties) |
                ForEach-Object {
                    $refProp = $referenceObject."$($_.Name)";

                    if ($differenceObject | Get-Member -Name $_.Name) {
                        $compareProp = $differenceObject."$($_.Name)";

                        if($null -ne $refProp)
                            if($null -ne $compareProp)
                                if ($refProp.GetType().Name -eq "PSCustomObject")
                                    $result = $result -and [Helpers]::CompareObjectOld($refProp, $compareProp);
                                    $result = $result -and (((Compare-Object $refProp $compareProp) | Where-Object { $_.SideIndicator -eq "<=" } | Measure-Object).Count -eq 0)
                                $result = $result -and $false;
                        elseif($null -eq $compareProp)
                            $result = $result -and $true;
                            $result = $result -and $false;
                        $result = $false;
                $result = $false;
        elseif($null -eq $differenceObject)
            $result = $true;
            $result = $false;

        return $result;

    static [bool] CheckMember([PSObject] $refObject, [string] $memberPath) {
        [bool]$result = $false;
        if ($refObject) {
            $properties = @();
            $properties += $memberPath.Split(".");

            if ($properties.Count -gt 0) {
                $currentItem = $properties.Get(0);
                if (-not [string]::IsNullOrWhiteSpace($currentItem)) {
                    if (($refObject | Get-Member -Name $currentItem) -and $refObject.$currentItem) {
                        $result = $true;
                        if ($properties.Count -gt 1) {
                            $result = $result -and [Helpers]::CheckMember($refObject.$currentItem, [string]::Join(".", $properties[1..($properties.length - 1)]));
        return $result;

    static [PSObject] SelectMembers([PSObject] $refObject, [string[]] $memberPaths) 
        $result = $null;
        if ($null -ne $refObject)
            if($refObject -is "Array")
                $result = @();
                $refObject | ForEach-Object {
                    $memberValue = [Helpers]::SelectMembers($_, $memberPaths); 
                    if($null -ne $memberValue)
                        $result += $memberValue;
                $processedMemberPaths = @();
                $objectProps = [Helpers]::GetProperties($refObject);
                if($objectProps.Count -ne 0 -and $null -ne $memberPaths -and $memberPaths.Count -ne 0)
                    $memberPaths | Where-Object { -not [string]::IsNullOrWhiteSpace($_) } |
                        ForEach-Object {
                            $splitPaths = @();
                            $splitPaths += $_.Split(".");
                            $firstMemberPath = $splitPaths.Get(0);
                            if(-not [string]::IsNullOrWhiteSpace($firstMemberPath) -and $objectProps.Contains($firstMemberPath))
                                $pathObject = $processedMemberPaths | Where-Object { $_.MemberPath -eq $firstMemberPath } | Select-Object -First 1;

                                if(-not $pathObject)
                                    $pathObject = @{
                                        MemberPath = $firstMemberPath;
                                        ChildPaths = @();
                                    $processedMemberPaths += $pathObject;

                                # Count > 1 indicates that it has child path
                                if($splitPaths.Count -gt 1)
                                    $pathObject.ChildPaths += [string]::Join(".", $splitPaths[1..($splitPaths.length - 1)]);

                if ($processedMemberPaths.Count -ne 0) 
                    $processedMemberPaths | ForEach-Object {
                        $memberValue = $null;
                        if($_.ChildPaths.Count -eq 0)
                            $memberValue = $refObject."$($_.MemberPath)";
                            $memberValue = [Helpers]::SelectMembers($refObject."$($_.MemberPath)", $_.ChildPaths); 

                        if($null -ne $memberValue)
                            if($null -eq $result)
                                $result = New-Object PSObject;
                            $result | Add-Member -MemberType NoteProperty -Name ($_.MemberPath) -Value $memberValue;
                    $result = $refObject;

        return $result;

    static [PSObject] NewAzsdkCompliantStorage([string]$Name, [string]$ResourceGroup, [string]$Location) {
        $storageSku = "Standard_GRS"
        $storageObject = $null
        try {
            #create storage
            $newStorage = New-AzureRmStorageAccount -ResourceGroupName $ResourceGroup -Name $Name -Type $storageSku -Location $Location `
             -Kind BlobStorage -AccessTier Cool -EnableEncryptionService Blob -ErrorAction Stop

            $retryAccount = 0
            do {
                $storageObject = Get-AzureRmStorageAccount -ResourceGroupName $ResourceGroup -Name $Name -ErrorAction SilentlyContinue
                Start-Sleep -seconds 2
            }while (!$storageObject -and $retryAccount -ne 6)

            if ($storageObject) {
                #create alert rules
                $emailAction = New-AzureRmAlertRuleEmail -SendToServiceOwners -ErrorAction Stop -WarningAction SilentlyContinue
                $targetId = $storageObject.Id + "/services/" + "blob"

                $alertName = $Name + "alert"
                Add-AzureRmMetricAlertRule -Location $storageObject.Location -MetricName AnonymousSuccess -Name $alertName -Operator GreaterThan `
                                                -ResourceGroup $storageObject.ResourceGroupName `
                                                -TargetResourceId $targetId `
                                                -Threshold 0 -TimeAggregationOperator Total -WindowSize 01:00:00  -Actions $emailAction `
                                                -WarningAction SilentlyContinue `
                                                -ErrorAction Stop

                #set diagnostics on
                $currentContext = $storageObject.Context
                Set-AzureStorageServiceLoggingProperty -ServiceType Blob -LoggingOperations All -Context $currentContext -RetentionDays 365 -PassThru -ErrorAction Stop
                Set-AzureStorageServiceMetricsProperty -MetricsType Hour -ServiceType Blob -Context $currentContext -MetricsLevel ServiceAndApi -RetentionDays 365 -PassThru -ErrorAction Stop
        catch {
            #cleanup storage if error occurs
            if ((Find-AzureRmResource -ResourceGroupNameEquals $ResourceGroup -ResourceNameEquals $Name|Measure-Object).Count -gt 0) {
                Remove-AzureRmStorageAccount -ResourceGroupName $ResourceGroup -Name $Name -Force -ErrorAction SilentlyContinue
        return $storageObject

    static [bool] NewAzSDKResourceGroup([string]$ResourceGroup, [string]$Location, [string] $Version)
            [Hashtable] $RGTags = @{};
                $RGTags += @{
                "AzSDKFeature" = "ContinuousAssurance";
                $RGTags += @{
                "AzSDKFeature" = "ContinuousAssurance";

            $newRG = New-AzureRmResourceGroup -Name $ResourceGroup -Location $Location `
            -Tag $RGTags `
            -ErrorAction Stop

            return $true
            return $false


    static [string] ComputeHash([String] $data)
        $HashValue = [System.Text.StringBuilder]::new()
        [System.Security.Cryptography.HashAlgorithm]::Create("SHA256").ComputeHash([System.Text.Encoding]::UTF8.GetBytes($data))| ForEach-Object {
        return $HashValue.ToString()

    static [string] GetCurrentSessionUser()
        $context = Get-AzureRmContext -ErrorAction SilentlyContinue
        if($null -ne $context)
            return $context.Account.Id
            return "NO_ACTIVE_SESSION"

    static [VerificationResult] EvaluateVerificationResult([VerificationResult] $verificationResult, [AttestationStatus] $attestationStatus)
        [VerificationResult] $result = $verificationResult;
        # No action required if Attestation status is None OR verification result is Passed
        if($attestationStatus -ne [AttestationStatus]::None -or $verificationResult -ne [VerificationResult]::Passed)
            # Changing State Machine logic
            #if($verificationResult -eq [VerificationResult]::Verify -or $verificationResult -eq [VerificationResult]::Manual)
            switch ($attestationStatus)
                    $result = [VerificationResult]::Passed;
                    $result = [VerificationResult]::RiskAck;
            #elseif($verificationResult -eq [VerificationResult]::Failed -or $verificationResult -eq [VerificationResult]::Error)
            # $result = [VerificationResult]::RiskAck;
        return $result;

    static [PSObject] NewSecurePassword()
        #create password
        $randomBytes = New-Object Byte[] 32
        $provider = [System.Security.Cryptography.RNGCryptoServiceProvider]::Create()
        $pwstring = [System.Convert]::ToBase64String($randomBytes)
        $newPassword = new-object securestring
        $pwstring.ToCharArray() | ForEach-Object{
        $encryptedPassword = ConvertFrom-SecureString -SecureString $newPassword -Key (1..16)
        $securePassword = ConvertTo-SecureString -String $encryptedPassword -Key (1..16)
        return $securePassword