public SIPSorceryWebServicePersistor(string serverURL, string authid) {
BasicHttpSecurityMode securitymode = (serverURL.StartsWith("https")) ? BasicHttpSecurityMode.Transport : BasicHttpSecurityMode.None;
SIPSorcerySecurityHeader securityHeader = new SIPSorcerySecurityHeader(authid);
SIPSorceryCustomHeader sipSorceryHeader = new SIPSorceryCustomHeader(new List<MessageHeader>(){securityHeader});
BasicHttpCustomHeaderBinding binding = new BasicHttpCustomHeaderBinding(sipSorceryHeader, securitymode);
binding.MaxReceivedMessageSize = MAX_WCF_MESSAGE_SIZE;
EndpointAddress address = new EndpointAddress(serverURL);
m_provisioningServiceProxy = new ProvisioningServiceClient(binding, address);
// Provisioning web service delegates.
m_provisioningServiceProxy.IsAliveCompleted += IsAliveCompleted;
m_provisioningServiceProxy.TestExceptionCompleted += TestExceptionCompleted;
m_provisioningServiceProxy.AreNewAccountsEnabledCompleted += AreNewAccountsEnabledCompleted;
m_provisioningServiceProxy.CheckInviteCodeCompleted += CheckInviteCodeCompleted;
m_provisioningServiceProxy.LoginCompleted += LoginCompleted;
m_provisioningServiceProxy.LogoutCompleted += LogoutCompleted;
m_provisioningServiceProxy.GetCustomerCompleted += GetCustomerCompleted;
m_provisioningServiceProxy.UpdateCustomerCompleted += UpdateCustomerCompleted;
m_provisioningServiceProxy.UpdateCustomerPasswordCompleted += UpdateCustomerPasswordCompleted;
m_provisioningServiceProxy.GetSIPAccountsCompleted += GetSIPAccountsCompleted;
m_provisioningServiceProxy.GetSIPAccountsCountCompleted += GetSIPAccountsCountCompleted;
m_provisioningServiceProxy.AddSIPAccountCompleted += AddSIPAccountCompleted;
m_provisioningServiceProxy.UpdateSIPAccountCompleted += UpdateSIPAccountCompleted;
m_provisioningServiceProxy.DeleteSIPAccountCompleted += DeleteSIPAccountCompleted;
m_provisioningServiceProxy.GetDialPlansCountCompleted += GetDialPlansCountCompleted;
m_provisioningServiceProxy.GetDialPlansCompleted += GetDialPlansCompleted;
m_provisioningServiceProxy.UpdateDialPlanCompleted += UpdateDialPlanCompleted;
m_provisioningServiceProxy.AddDialPlanCompleted += AddDialPlanCompleted;
m_provisioningServiceProxy.DeleteDialPlanCompleted += DeleteDialPlanCompleted;
m_provisioningServiceProxy.GetSIPProvidersCountCompleted += GetSIPProvidersCountCompleted;
m_provisioningServiceProxy.GetSIPProvidersCompleted += GetSIPProvidersCompleted;
m_provisioningServiceProxy.AddSIPProviderCompleted += AddSIPProviderCompleted;
m_provisioningServiceProxy.UpdateSIPProviderCompleted += UpdateSIPProviderCompleted;
m_provisioningServiceProxy.DeleteSIPProviderCompleted += DeleteSIPProviderCompleted;
m_provisioningServiceProxy.GetSIPDomainsCompleted += GetSIPDomainsCompleted;
m_provisioningServiceProxy.GetSIPRegistrarBindingsCompleted += GetSIPRegistrarBindingsCompleted;
m_provisioningServiceProxy.GetSIPRegistrarBindingsCountCompleted += GetSIPRegistrarBindingsCountCompleted;
m_provisioningServiceProxy.GetSIPProviderBindingsCompleted += GetSIPProviderBindingsCompleted;
m_provisioningServiceProxy.GetSIPProviderBindingsCountCompleted += GetSIPProviderBindingsCountCompleted;
m_provisioningServiceProxy.GetCallsCountCompleted += m_provisioningServiceProxy_GetCallsCountCompleted;
m_provisioningServiceProxy.GetCallsCompleted += m_provisioningServiceProxy_GetCallsCompleted;
m_provisioningServiceProxy.GetCDRsCountCompleted += GetCDRsCountCompleted;
m_provisioningServiceProxy.GetCDRsCompleted += GetCDRsCompleted;
m_provisioningServiceProxy.CreateCustomerCompleted += CreateCustomerCompleted;
m_provisioningServiceProxy.DeleteCustomerCompleted += DeleteCustomerCompleted;
m_provisioningServiceProxy.GetTimeZoneOffsetMinutesCompleted += GetTimeZoneOffsetMinutesCompleted;
m_provisioningServiceProxy.ExtendSessionCompleted += ExtendSessionCompleted;
}
public async Task ProvisioningServiceClient_GetEnrollmentGroupAttestation(AttestationMechanismType attestationType)
{
ProvisioningServiceClient provisioningServiceClient = ProvisioningServiceClient.CreateFromConnectionString(Configuration.Provisioning.ConnectionString);
string groupId = AttestationTypeToString(attestationType) + "-" + Guid.NewGuid();
EnrollmentGroup enrollmentGroup = await CreateEnrollmentGroup(provisioningServiceClient, attestationType, groupId, null, AllocationPolicy.Static, null, null, null);
AttestationMechanism attestationMechanism = await provisioningServiceClient.GetEnrollmentGroupAttestationAsync(enrollmentGroup.EnrollmentGroupId);
// Note that tpm is not a supported attestation type for group enrollments
if (attestationType == AttestationMechanismType.SymmetricKey)
{
Assert.AreEqual(AttestationMechanismType.SymmetricKey, attestationMechanism.Type);
SymmetricKeyAttestation symmetricKeyAttestation = (SymmetricKeyAttestation)attestationMechanism.GetAttestation();
Assert.AreEqual(((SymmetricKeyAttestation)enrollmentGroup.Attestation).PrimaryKey, symmetricKeyAttestation.PrimaryKey);
Assert.AreEqual(((SymmetricKeyAttestation)enrollmentGroup.Attestation).SecondaryKey, symmetricKeyAttestation.SecondaryKey);
}
else if (attestationType == AttestationMechanismType.X509)
{
Assert.AreEqual(AttestationMechanismType.X509, attestationMechanism.Type);
X509Attestation x509Attestation = (X509Attestation)attestationMechanism.GetAttestation();
Assert.AreEqual(((X509Attestation)enrollmentGroup.Attestation).GetPrimaryX509CertificateInfo().SHA1Thumbprint, x509Attestation.GetPrimaryX509CertificateInfo().SHA1Thumbprint);
Assert.AreEqual(((X509Attestation)enrollmentGroup.Attestation).GetSecondaryX509CertificateInfo().SHA1Thumbprint, x509Attestation.GetSecondaryX509CertificateInfo().SHA1Thumbprint);
}
}
public static async Task ProvisioningServiceClient_GroupEnrollments_Create_Ok(string proxyServerAddress, AttestationType attestationType, ReprovisionPolicy reprovisionPolicy, AllocationPolicy allocationPolicy, CustomAllocationDefinition customAllocationDefinition, ICollection <string> iothubs)
{
string groupId = IdPrefix + AttestationTypeToString(attestationType) + "-" + Guid.NewGuid();
using (ProvisioningServiceClient provisioningServiceClient = CreateProvisioningService(proxyServerAddress))
{
EnrollmentGroup enrollmentGroup = await CreateEnrollmentGroup(provisioningServiceClient, attestationType, groupId, reprovisionPolicy, allocationPolicy, customAllocationDefinition, iothubs, null).ConfigureAwait(false);
EnrollmentGroup enrollmentGroupResult = await provisioningServiceClient.GetEnrollmentGroupAsync(enrollmentGroup.EnrollmentGroupId).ConfigureAwait(false);
Assert.AreEqual(enrollmentGroupResult.ProvisioningStatus, ProvisioningStatus.Enabled);
if (reprovisionPolicy != null)
{
Assert.AreEqual(reprovisionPolicy.MigrateDeviceData, enrollmentGroupResult.ReprovisionPolicy.MigrateDeviceData);
Assert.AreEqual(reprovisionPolicy.UpdateHubAssignment, enrollmentGroupResult.ReprovisionPolicy.UpdateHubAssignment);
}
if (customAllocationDefinition != null)
{
Assert.AreEqual(customAllocationDefinition.WebhookUrl, enrollmentGroupResult.CustomAllocationDefinition.WebhookUrl);
Assert.AreEqual(customAllocationDefinition.ApiVersion, enrollmentGroupResult.CustomAllocationDefinition.ApiVersion);
}
Assert.AreEqual(allocationPolicy, enrollmentGroup.AllocationPolicy);
try
{
await provisioningServiceClient.DeleteEnrollmentGroupAsync(enrollmentGroup.EnrollmentGroupId).ConfigureAwait(false);
}
catch (Exception ex)
{
Console.WriteLine($"Cleanup of enrollment group failed due to {ex}");
}
}
}
public async Task <bool> AddDeviceProvisioningServiceClientAsync(string OptionalDeviceId)
{
try
{
Console.WriteLine("Starting sample...");
using (ProvisioningServiceClient provisioningServiceClient =
ProvisioningServiceClient.CreateFromConnectionString(_provisioningConnectionString))
{
#region Create a new individualEnrollment config
Console.WriteLine("\nCreating a new individualEnrollment...");
Attestation attestation = new TpmAttestation(TpmEndorsementKey);
IndividualEnrollment individualEnrollment = new IndividualEnrollment(RegistrationId, attestation)
{
DeviceId = OptionalDeviceId,
ProvisioningStatus = OptionalProvisioningStatus
};
#endregion
#region Create the individualEnrollment
Console.WriteLine("\nAdding new individualEnrollment...");
IndividualEnrollment individualEnrollmentResult =
await provisioningServiceClient.CreateOrUpdateIndividualEnrollmentAsync(individualEnrollment).ConfigureAwait(false);
Console.WriteLine("\nIndividualEnrollment created with success.");
Console.WriteLine(individualEnrollmentResult);
#endregion
}
return(true);
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
return(false);
}
}
private async Task <SecurityProvider> CreateSecurityProviderFromName(AttestationType attestationType, EnrollmentType?enrollmentType, string groupId, ReprovisionPolicy reprovisionPolicy, AllocationPolicy allocationPolicy, CustomAllocationDefinition customAllocationDefinition, ICollection <string> iothubs, DeviceCapabilities capabilities = null)
{
_verboseLog.WriteLine($"{nameof(CreateSecurityProviderFromName)}({attestationType})");
var provisioningServiceClient = ProvisioningServiceClient.CreateFromConnectionString(Configuration.Provisioning.ConnectionString);
switch (attestationType)
{
case AttestationType.Tpm:
string registrationId = AttestationTypeToString(attestationType) + "-registration-id-" + Guid.NewGuid();
var tpmSim = new SecurityProviderTpmSimulator(registrationId);
string base64Ek = Convert.ToBase64String(tpmSim.GetEndorsementKey());
var provisioningService = ProvisioningServiceClient.CreateFromConnectionString(Configuration.Provisioning.ConnectionString);
_log.WriteLine($"Getting enrollment: RegistrationID = {registrationId}");
IndividualEnrollment individualEnrollment = new IndividualEnrollment(registrationId, new TpmAttestation(base64Ek))
{
AllocationPolicy = allocationPolicy, ReprovisionPolicy = reprovisionPolicy, IotHubs = iothubs, CustomAllocationDefinition = customAllocationDefinition, Capabilities = capabilities
};
IndividualEnrollment enrollment = await provisioningService.CreateOrUpdateIndividualEnrollmentAsync(individualEnrollment).ConfigureAwait(false);
var attestation = new TpmAttestation(base64Ek);
enrollment.Attestation = attestation;
_log.WriteLine($"Updating enrollment: RegistrationID = {registrationId} EK = '{base64Ek}'");
await provisioningService.CreateOrUpdateIndividualEnrollmentAsync(enrollment).ConfigureAwait(false);
return(tpmSim);
case AttestationType.x509:
X509Certificate2 certificate = null;
X509Certificate2Collection collection = null;
switch (enrollmentType)
{
case EnrollmentType.Individual:
certificate = Configuration.Provisioning.GetIndividualEnrollmentCertificate();
break;
case EnrollmentType.Group:
certificate = Configuration.Provisioning.GetGroupEnrollmentCertificate();
collection = Configuration.Provisioning.GetGroupEnrollmentChain();
break;
default:
throw new NotSupportedException($"Unknown X509 type: '{enrollmentType}'");
}
return(new SecurityProviderX509Certificate(certificate, collection));
case AttestationType.SymmetricKey:
switch (enrollmentType)
{
case EnrollmentType.Group:
EnrollmentGroup symmetricKeyEnrollmentGroup = await CreateEnrollmentGroup(provisioningServiceClient, AttestationType.SymmetricKey, groupId, reprovisionPolicy, allocationPolicy, customAllocationDefinition, iothubs, capabilities).ConfigureAwait(false);
Assert.IsTrue(symmetricKeyEnrollmentGroup.Attestation is SymmetricKeyAttestation);
SymmetricKeyAttestation symmetricKeyAttestation = (SymmetricKeyAttestation)symmetricKeyEnrollmentGroup.Attestation;
string registrationIdSymmetricKey = IdPrefix + Guid.NewGuid();
string primaryKeyEnrollmentGroup = symmetricKeyAttestation.PrimaryKey;
string secondaryKeyEnrollmentGroup = symmetricKeyAttestation.SecondaryKey;
string primaryKeyIndividual = ProvisioningE2ETests.ComputeDerivedSymmetricKey(Convert.FromBase64String(primaryKeyEnrollmentGroup), registrationIdSymmetricKey);
string secondaryKeyIndividual = ProvisioningE2ETests.ComputeDerivedSymmetricKey(Convert.FromBase64String(secondaryKeyEnrollmentGroup), registrationIdSymmetricKey);
return(new SecurityProviderSymmetricKey(registrationIdSymmetricKey, primaryKeyIndividual, secondaryKeyIndividual));
case EnrollmentType.Individual:
IndividualEnrollment symmetricKeyEnrollment = await CreateIndividualEnrollment(provisioningServiceClient, AttestationType.SymmetricKey, reprovisionPolicy, allocationPolicy, customAllocationDefinition, iothubs, capabilities).ConfigureAwait(false);
Assert.IsTrue(symmetricKeyEnrollment.Attestation is SymmetricKeyAttestation);
symmetricKeyAttestation = (SymmetricKeyAttestation)symmetricKeyEnrollment.Attestation;
registrationIdSymmetricKey = symmetricKeyEnrollment.RegistrationId;
string primaryKey = symmetricKeyAttestation.PrimaryKey;
string secondaryKey = symmetricKeyAttestation.SecondaryKey;
return(new SecurityProviderSymmetricKey(registrationIdSymmetricKey, primaryKey, secondaryKey));
default:
throw new NotSupportedException("Unrecognized enrollment type");
}
default:
throw new NotSupportedException("Unrecognized attestation type");
}
throw new NotSupportedException($"Unknown security type: '{attestationType}'.");
}
public IotEdgeProvisioningBusiness()
{
registryManager = RegistryManager.CreateFromConnectionString("HostName=IotAdmin.azure-devices.net;SharedAccessKeyName=iothubowner;SharedAccessKey=67sJpyzluy5nnrsRBWht/nPptY9LFFrv50z7H6Xm67M=");
provisioningServiceClient = ProvisioningServiceClient.CreateFromConnectionString("HostName=CowParkingDevices.azure-devices-provisioning.net;SharedAccessKeyName=provisioningserviceowner;SharedAccessKey=TojavzxrP8SpAWNqUto+cwbohURmpobEOD5q2MNka08=");
serviceClient = ServiceClient.CreateFromConnectionString("HostName=IotAdmin.azure-devices.net;SharedAccessKeyName=iothubowner;SharedAccessKey=67sJpyzluy5nnrsRBWht/nPptY9LFFrv50z7H6Xm67M=");
}
public EnrollmentSample(ProvisioningServiceClient provisioningServiceClient)
{
_provisioningServiceClient = provisioningServiceClient;
}
public override void ExecuteCmdlet()
{
if (ShouldProcess(this.DpsName, DPSResources.AddEnrollmentGroup))
{
ProvisioningServiceDescription provisioningServiceDescription;
if (ParameterSetName.Equals(InputObjectParameterSet))
{
this.ResourceGroupName = this.DpsObject.ResourceGroupName;
this.DpsName = this.DpsObject.Name;
provisioningServiceDescription = IotDpsUtils.ConvertObject <PSProvisioningServiceDescription, ProvisioningServiceDescription>(this.DpsObject);
}
else
{
if (ParameterSetName.Equals(ResourceIdParameterSet))
{
this.ResourceGroupName = IotDpsUtils.GetResourceGroupName(this.ResourceId);
this.DpsName = IotDpsUtils.GetIotDpsName(this.ResourceId);
}
provisioningServiceDescription = GetIotDpsResource(this.ResourceGroupName, this.DpsName);
}
IEnumerable <SharedAccessSignatureAuthorizationRuleAccessRightsDescription> authPolicies = this.IotDpsClient.IotDpsResource.ListKeys(this.DpsName, this.ResourceGroupName);
SharedAccessSignatureAuthorizationRuleAccessRightsDescription policy = IotDpsUtils.GetPolicy(authPolicies, PSAccessRightsDescription.EnrollmentWrite);
PSIotDpsConnectionString psIotDpsConnectionString = IotDpsUtils.ToPSIotDpsConnectionString(policy, provisioningServiceDescription.Properties.ServiceOperationsHostName);
ProvisioningServiceClient client = ProvisioningServiceClient.CreateFromConnectionString(psIotDpsConnectionString.PrimaryConnectionString);
EnrollmentGroup enrollment = client.GetEnrollmentGroupAsync(this.Name).GetAwaiter().GetResult();
if (enrollment != null)
{
// Updating ProvisioningStatus
if (this.IsParameterBound(c => c.ProvisioningStatus))
{
enrollment.ProvisioningStatus = (ProvisioningStatus)Enum.Parse(typeof(ProvisioningStatus), this.ProvisioningStatus.ToString());
}
// Updating InitialTwinState
if (this.IsParameterBound(c => c.Tag) || this.IsParameterBound(c => c.Desired))
{
TwinCollection tags = this.IsParameterBound(c => c.Tag) ? new TwinCollection(JsonConvert.SerializeObject(this.Tag)) : (enrollment.InitialTwinState != null ? enrollment.InitialTwinState.Tags : new TwinCollection());
TwinCollection desiredProperties = this.IsParameterBound(c => c.Desired) ? new TwinCollection(JsonConvert.SerializeObject(this.Desired)) : (enrollment.InitialTwinState != null ? enrollment.InitialTwinState.DesiredProperties : new TwinCollection());
enrollment.InitialTwinState = new TwinState(tags, desiredProperties);
}
// Updating Capabilities
if (this.IsParameterBound(c => c.EdgeEnabled))
{
enrollment.Capabilities = new DeviceCapabilities()
{
IotEdge = this.EdgeEnabled
};
}
// Updating ReprovisionPolicy
if (this.IsParameterBound(c => c.ReprovisionPolicy))
{
switch (this.ReprovisionPolicy)
{
case PSReprovisionType.reprovisionandmigratedata:
enrollment.ReprovisionPolicy = new ReprovisionPolicy()
{
UpdateHubAssignment = true, MigrateDeviceData = true
};
break;
case PSReprovisionType.reprovisionandresetdata:
enrollment.ReprovisionPolicy = new ReprovisionPolicy()
{
UpdateHubAssignment = true, MigrateDeviceData = false
};
break;
case PSReprovisionType.never:
enrollment.ReprovisionPolicy = new ReprovisionPolicy()
{
UpdateHubAssignment = false, MigrateDeviceData = false
};
break;
}
}
// Updating AllocationPolicy and Hub
if (this.IsParameterBound(c => c.IotHubHostName) && this.IsParameterBound(c => c.AllocationPolicy))
{
throw new ArgumentException("\"IotHubHostName\" is not required when allocation-policy is defined.");
}
if (this.IsParameterBound(c => c.IotHubHostName) && this.IsParameterBound(c => c.IotHub))
{
throw new ArgumentException("\"IotHubHostName\" is not required when IotHub is defined.");
}
if (this.IsParameterBound(c => c.IotHubHostName))
{
enrollment.IotHubHostName = this.IotHubHostName;
enrollment.CustomAllocationDefinition = null;
enrollment.AllocationPolicy = null;
enrollment.IotHubs = null;
}
if (this.IsParameterBound(c => c.AllocationPolicy))
{
enrollment.AllocationPolicy = (Devices.Provisioning.Service.AllocationPolicy)Enum.Parse(typeof(Devices.Provisioning.Service.AllocationPolicy), this.AllocationPolicy.ToString());
}
switch (enrollment.AllocationPolicy)
{
case Devices.Provisioning.Service.AllocationPolicy.Static:
if (this.IsParameterBound(c => c.IotHub))
{
if (this.IotHub.Length > 1)
{
throw new ArgumentException("Please provide only one hub when allocation-policy is defined as Static.");
}
enrollment.IotHubs = this.IotHub;
}
enrollment.CustomAllocationDefinition = null;
enrollment.IotHubHostName = null;
break;
case Devices.Provisioning.Service.AllocationPolicy.Custom:
if (enrollment.CustomAllocationDefinition == null)
{
if (!this.IsParameterBound(c => c.WebhookUrl))
{
throw new ArgumentException("Please provide an Azure function url when allocation-policy is defined as Custom.");
}
if (!this.IsParameterBound(c => c.ApiVersion))
{
throw new ArgumentException("Please provide an Azure function api-version when allocation-policy is defined as Custom.");
}
}
string webhookUrl = string.Empty, apiVersion = string.Empty;
webhookUrl = this.IsParameterBound(c => c.WebhookUrl) ? this.WebhookUrl : enrollment.CustomAllocationDefinition.WebhookUrl;
apiVersion = this.IsParameterBound(c => c.ApiVersion) ? this.ApiVersion : enrollment.CustomAllocationDefinition.ApiVersion;
enrollment.CustomAllocationDefinition = new CustomAllocationDefinition()
{
WebhookUrl = webhookUrl, ApiVersion = apiVersion
};
enrollment.IotHubHostName = null;
if (this.IsParameterBound(c => c.IotHub))
{
enrollment.IotHubs = this.IotHub;
}
break;
case Devices.Provisioning.Service.AllocationPolicy.Hashed:
case Devices.Provisioning.Service.AllocationPolicy.GeoLatency:
if (this.IsParameterBound(c => c.IotHub))
{
enrollment.IotHubs = this.IotHub;
}
enrollment.CustomAllocationDefinition = null;
enrollment.IotHubHostName = null;
break;
default:
if (this.IsParameterBound(c => c.IotHub))
{
throw new ArgumentException("Please provide allocation policy.");
}
break;
}
}
else
{
throw new ArgumentException("The enrollment doesn't exist.");
}
EnrollmentGroup result = client.CreateOrUpdateEnrollmentGroupAsync(enrollment).GetAwaiter().GetResult();
this.WriteObject(IotDpsUtils.ToPSEnrollmentGroup(result));
}
}
public override void ExecuteCmdlet()
{
if (ShouldProcess(this.DpsName, DPSResources.AddEnrollment))
{
ProvisioningServiceDescription provisioningServiceDescription;
if (ParameterSetName.Equals(InputObjectParameterSet))
{
this.ResourceGroupName = this.DpsObject.ResourceGroupName;
this.DpsName = this.DpsObject.Name;
provisioningServiceDescription = IotDpsUtils.ConvertObject <PSProvisioningServiceDescription, ProvisioningServiceDescription>(this.DpsObject);
}
else
{
if (ParameterSetName.Equals(ResourceIdParameterSet))
{
this.ResourceGroupName = IotDpsUtils.GetResourceGroupName(this.ResourceId);
this.DpsName = IotDpsUtils.GetIotDpsName(this.ResourceId);
}
provisioningServiceDescription = GetIotDpsResource(this.ResourceGroupName, this.DpsName);
}
IEnumerable <SharedAccessSignatureAuthorizationRuleAccessRightsDescription> authPolicies = this.IotDpsClient.IotDpsResource.ListKeys(this.DpsName, this.ResourceGroupName);
SharedAccessSignatureAuthorizationRuleAccessRightsDescription policy = IotDpsUtils.GetPolicy(authPolicies, PSAccessRightsDescription.EnrollmentWrite);
PSIotDpsConnectionString psIotDpsConnectionString = IotDpsUtils.ToPSIotDpsConnectionString(policy, provisioningServiceDescription.Properties.ServiceOperationsHostName);
ProvisioningServiceClient client = ProvisioningServiceClient.CreateFromConnectionString(psIotDpsConnectionString.PrimaryConnectionString);
Attestation attestation = null;
TwinCollection tags = new TwinCollection(), desiredProperties = new TwinCollection();
if (this.IsParameterBound(c => c.Tag))
{
tags = new TwinCollection(JsonConvert.SerializeObject(this.Tag));
}
if (this.IsParameterBound(c => c.Desired))
{
desiredProperties = new TwinCollection(JsonConvert.SerializeObject(this.Desired));
}
switch (this.AttestationType)
{
case PSAttestationMechanismType.SymmetricKey:
if ((this.IsParameterBound(c => c.PrimaryKey) && !this.IsParameterBound(c => c.SecondaryKey)) ||
(!this.IsParameterBound(c => c.PrimaryKey) && this.IsParameterBound(c => c.SecondaryKey)))
{
throw new ArgumentException("Please provide both primary and secondary key.");
}
else
{
attestation = new SymmetricKeyAttestation(this.PrimaryKey, this.SecondaryKey);
}
break;
case PSAttestationMechanismType.Tpm:
if (this.IsParameterBound(c => c.EndorsementKey))
{
attestation = new TpmAttestation(this.EndorsementKey, this.IsParameterBound(c => c.StorageRootKey) ? this.StorageRootKey : null);
}
else
{
throw new ArgumentException("Endorsement key is requried.");
}
break;
case PSAttestationMechanismType.X509:
if (!this.IsParameterBound(c => c.PrimaryCertificate) && !this.IsParameterBound(c => c.SecondaryCertificate))
{
if (!this.IsParameterBound(c => c.PrimaryCAName))
{
throw new ArgumentException("Primary CA reference cannot be null or empty.");
}
if (this.IsParameterBound(c => c.SecondaryCAName))
{
attestation = X509Attestation.CreateFromCAReferences(this.PrimaryCAName, this.SecondaryCAName);
}
else
{
attestation = X509Attestation.CreateFromCAReferences(this.PrimaryCAName);
}
}
else if (!this.IsParameterBound(c => c.PrimaryCAName) && !this.IsParameterBound(c => c.SecondaryCAName))
{
string primaryCer = string.Empty, secondaryCer = string.Empty;
if (!this.IsParameterBound(c => c.PrimaryCertificate))
{
throw new ArgumentException("Primary certificate cannot be null or empty.");
}
primaryCer = IotDpsUtils.GetCertificateString(this.PrimaryCertificate);
if (this.IsParameterBound(c => c.SecondaryCertificate))
{
secondaryCer = IotDpsUtils.GetCertificateString(this.PrimaryCertificate);
if (this.IsParameterBound(c => c.RootCertificate))
{
attestation = X509Attestation.CreateFromRootCertificates(primaryCer, secondaryCer);
}
else
{
attestation = X509Attestation.CreateFromClientCertificates(primaryCer, secondaryCer);
}
}
else
{
if (this.IsParameterBound(c => c.RootCertificate))
{
attestation = X509Attestation.CreateFromRootCertificates(primaryCer);
}
else
{
attestation = X509Attestation.CreateFromClientCertificates(primaryCer);
}
}
}
else
{
throw new ArgumentException("Please provide either CA reference or X509 certificate.");
}
break;
default:
throw new ArgumentException("Please provide valid attestation mechanism.");
}
IndividualEnrollment enrollment = new IndividualEnrollment(this.RegistrationId, attestation);
if (this.IsParameterBound(c => c.DeviceId))
{
enrollment.DeviceId = this.DeviceId;
}
enrollment.InitialTwinState = new TwinState(tags, desiredProperties);
enrollment.Capabilities = new DeviceCapabilities()
{
IotEdge = this.EdgeEnabled.IsPresent
};
switch (this.ReprovisionPolicy)
{
case PSReprovisionType.reprovisionandmigratedata:
enrollment.ReprovisionPolicy = new ReprovisionPolicy()
{
UpdateHubAssignment = true, MigrateDeviceData = true
};
break;
case PSReprovisionType.reprovisionandresetdata:
enrollment.ReprovisionPolicy = new ReprovisionPolicy()
{
UpdateHubAssignment = true, MigrateDeviceData = false
};
break;
case PSReprovisionType.never:
enrollment.ReprovisionPolicy = new ReprovisionPolicy()
{
UpdateHubAssignment = false, MigrateDeviceData = false
};
break;
}
if (this.IsParameterBound(c => c.AllocationPolicy))
{
if (this.IsParameterBound(c => c.IotHubHostName))
{
throw new ArgumentException("\"IotHubHostName\" is not required when allocation-policy is defined.");
}
if (this.AllocationPolicy.Equals(PSAllocationPolicy.Static))
{
if (this.IsParameterBound(c => c.IotHub))
{
if (this.IotHub.Length > 1)
{
throw new ArgumentException("Please provide only one hub when allocation-policy is defined as Static.");
}
}
else
{
throw new ArgumentException("Please provide a hub to be assigned with device.");
}
}
if (this.AllocationPolicy.Equals(PSAllocationPolicy.Custom))
{
if (!this.IsParameterBound(c => c.WebhookUrl))
{
throw new ArgumentException("Please provide an Azure function url when allocation-policy is defined as Custom.");
}
if (!this.IsParameterBound(c => c.ApiVersion))
{
throw new ArgumentException("Please provide an Azure function api-version when allocation-policy is defined as Custom.");
}
enrollment.CustomAllocationDefinition = new CustomAllocationDefinition()
{
WebhookUrl = this.WebhookUrl, ApiVersion = this.ApiVersion
};
}
enrollment.AllocationPolicy = (Devices.Provisioning.Service.AllocationPolicy)Enum.Parse(typeof(Devices.Provisioning.Service.AllocationPolicy), this.AllocationPolicy.ToString());
enrollment.IotHubs = this.IotHub;
}
else
{
if (this.IsParameterBound(c => c.IotHub))
{
throw new ArgumentException("Please provide allocation policy.");
}
if (this.IsParameterBound(c => c.IotHubHostName))
{
enrollment.IotHubHostName = this.IotHubHostName;
}
}
if (this.IsParameterBound(c => c.ProvisioningStatus))
{
enrollment.ProvisioningStatus = (ProvisioningStatus)Enum.Parse(typeof(ProvisioningStatus), this.ProvisioningStatus.ToString());
}
IndividualEnrollment result = client.CreateOrUpdateIndividualEnrollmentAsync(enrollment).GetAwaiter().GetResult();
this.WriteObject(IotDpsUtils.ToPSIndividualEnrollment(result));
}
}
public static async Task RunSample()
{
Console.WriteLine("Starting sample...");
TwinCollection desiredProperties =
new TwinCollection()
{
["Brand"] = "Contoso",
["Model"] = "SSC4",
["Color"] = "White",
};
using (ProvisioningServiceClient provisioningServiceClient =
ProvisioningServiceClient.CreateFromConnectionString(_provisioningConnectionString))
{
#region Create a new individualEnrollment
Console.WriteLine("\nCreating a new individualEnrollment...");
Attestation attestation = new TpmAttestation(_tpmEndorsementKey);
IndividualEnrollment individualEnrollment =
new IndividualEnrollment(
SampleRegistrationId,
attestation);
individualEnrollment.InitialTwinState = new TwinState(
null,
desiredProperties);
IndividualEnrollment individualEnrollmentResult =
await provisioningServiceClient.CreateOrUpdateIndividualEnrollmentAsync(individualEnrollment).ConfigureAwait(false);
Console.WriteLine("\nIndividualEnrollment created with success...");
Console.WriteLine(
"Note that there is a difference between the content of the individualEnrollment that you sent and\n" +
" the individualEnrollmentResult that you received. The individualEnrollmentResult contains the eTag.");
Console.WriteLine(
"\nindividualEnrollment:\n" + individualEnrollment);
Console.WriteLine(
"\nindividualEnrollmentResult:\n" + individualEnrollmentResult);
#endregion
#region Update the info of individualEnrollment
/*
* At this point, if you try to update your information in the provisioning service using the individualEnrollment
* that you created, it will fail because of the "precondition". It will happen because the individualEnrollment
* do not contains the eTag, and the provisioning service will not be able to check if the enrollment that you
* are updating is the correct one.
*
* So, to update the information you must use the individualEnrollmentResult that the provisioning service returned
* when you created the enrollment, another solution is get the latest enrollment from the provisioning service
* using the provisioningServiceClient.getIndividualEnrollment(), the result of this operation is an IndividualEnrollment
* object that contains the eTag.
*/
Console.WriteLine("\nUpdating the enrollment...");
desiredProperties["Color"] = "Glace white";
individualEnrollmentResult.InitialTwinState = new TwinState(null, desiredProperties);
individualEnrollmentResult =
await provisioningServiceClient.CreateOrUpdateIndividualEnrollmentAsync(individualEnrollmentResult).ConfigureAwait(false);
Console.WriteLine("\nIndividualEnrollment updated with success...");
Console.WriteLine(individualEnrollmentResult);
#endregion
#region Delete info of individualEnrollment
Console.WriteLine("\nDeleting the individualEnrollment...");
await provisioningServiceClient.DeleteIndividualEnrollmentAsync(_registrationId).ConfigureAwait(false);
#endregion
}
}
/// <summary>
/// デバイス接続情報を取得する。
/// </summary>
/// <param name="edgeId">端末ID</param>
/// <returns>デバイス接続情報を返す。対象デバイスが見つからない場合nullを返す。</returns>
public async Task <DeviceConnectionInfo> GetDeviceConnectionInfoAsync(Guid edgeId)
{
DeviceConnectionInfo result = null;
string connectionStringDps = null;
try
{
_logger.Enter($"{nameof(edgeId)}: {{0}}", new object[] { edgeId });
// DPS接続文字列取得
connectionStringDps = _appSettings.DpsConnectionString;
if (string.IsNullOrWhiteSpace(connectionStringDps))
{
throw new RmsInvalidAppSettingException("DpsConnectionString is required.");
}
string iotHubName = null;
using (var service = ProvisioningServiceClient.CreateFromConnectionString(connectionStringDps))
{
await _dpsPolly.ExecuteAsync(
async() =>
{
// 見つからなかったらProvisioningServiceClientHttpExceptionが発生して、
// その例外のStatusCodeにHttpStatusCode型のNotFoundになる。
// これ以外はとりあえず500にする。
DeviceRegistrationState deviceRegistrationState = await service.GetDeviceRegistrationStateAsync(edgeId.ToString());
iotHubName = deviceRegistrationState.AssignedHub;
});
}
string iotHubConnectionStringKey = string.Format(IoTHubNamePrefixOnAppSettings, iotHubName);
// IoTHub接続文字列取得
string iotHubConnectionStringValue = _appSettings.GetConnectionString(iotHubConnectionStringKey);
if (string.IsNullOrWhiteSpace(iotHubConnectionStringValue))
{
throw new RmsInvalidAppSettingException(string.Format("{0} is required.", iotHubConnectionStringKey));
}
result = new DeviceConnectionInfo()
{
EdgeId = edgeId,
IotHubConnectionString = new KeyValuePair <string, string>(iotHubConnectionStringKey, iotHubConnectionStringValue),
};
return(result);
}
catch (RmsException)
{
throw;
}
catch (ArgumentException ex)
{
// 接続文字列がフォーマットに則っていない。
throw new RmsInvalidAppSettingException("DpsConnectionString is invalid format.", ex);
}
catch (ProvisioningServiceClientHttpException ex) when(ex.StatusCode == HttpStatusCode.NotFound)
{
// 対象デバイスが見つからない
result = null;
return(result);
}
catch (ProvisioningServiceClientHttpException ex) when(ex.StatusCode == HttpStatusCode.Unauthorized)
{
// 使用した接続文字列で認証が通らなかった
throw new RmsException(string.Format("DPSで認証エラーが発生しました。({0})", connectionStringDps), ex);
}
catch (Exception ex)
{
throw new RmsException("接続先のIoT Hub", ex);
}
finally
{
_logger.LeaveJson("{0}", new { result });
}
}
public EnrollmentGroupSample(ProvisioningServiceClient provisioningServiceClient, X509Certificate2 groupIssuerCertificate)
{
_provisioningServiceClient = provisioningServiceClient;
_groupIssuerCertificate = groupIssuerCertificate;
}
public BulkOperationSample(ProvisioningServiceClient provisioningServiceClient)
{
_provisioningServiceClient = provisioningServiceClient;
}
public static async Task <IndividualEnrollment> CreateIndividualEnrollmentAsync(
ProvisioningServiceClient provisioningServiceClient,
string registrationId,
AttestationMechanismType attestationType,
X509Certificate2 authenticationCertificate,
ReprovisionPolicy reprovisionPolicy,
AllocationPolicy allocationPolicy,
CustomAllocationDefinition customAllocationDefinition,
ICollection <string> iotHubsToProvisionTo,
DeviceCapabilities capabilities,
MsTestLogger logger)
{
Attestation attestation;
IndividualEnrollment individualEnrollment;
IndividualEnrollment createdEnrollment = null;
switch (attestationType)
{
case AttestationMechanismType.Tpm:
using (var tpmSim = new SecurityProviderTpmSimulator(registrationId))
{
string base64Ek = Convert.ToBase64String(tpmSim.GetEndorsementKey());
individualEnrollment = new IndividualEnrollment(registrationId, new TpmAttestation(base64Ek))
{
Capabilities = capabilities,
AllocationPolicy = allocationPolicy,
ReprovisionPolicy = reprovisionPolicy,
CustomAllocationDefinition = customAllocationDefinition,
IotHubs = iotHubsToProvisionTo
};
IndividualEnrollment temporaryCreatedEnrollment = null;
await RetryOperationHelper
.RetryOperationsAsync(
async() =>
{
temporaryCreatedEnrollment = await provisioningServiceClient.CreateOrUpdateIndividualEnrollmentAsync(individualEnrollment).ConfigureAwait(false);
},
s_provisioningServiceRetryPolicy,
s_retryableExceptions,
logger)
.ConfigureAwait(false);
if (temporaryCreatedEnrollment == null)
{
throw new ArgumentException($"The enrollment entry with registration Id {registrationId} could not be created, exiting test.");
}
attestation = new TpmAttestation(base64Ek);
temporaryCreatedEnrollment.Attestation = attestation;
await RetryOperationHelper
.RetryOperationsAsync(
async() =>
{
createdEnrollment = await provisioningServiceClient.CreateOrUpdateIndividualEnrollmentAsync(temporaryCreatedEnrollment).ConfigureAwait(false);
},
s_provisioningServiceRetryPolicy,
s_retryableExceptions,
logger)
.ConfigureAwait(false);
if (createdEnrollment == null)
{
throw new ArgumentException($"The enrollment entry with registration Id {registrationId} could not be updated, exiting test.");
}
return(createdEnrollment);
}
case AttestationMechanismType.SymmetricKey:
string primaryKey = CryptoKeyGenerator.GenerateKey(32);
string secondaryKey = CryptoKeyGenerator.GenerateKey(32);
attestation = new SymmetricKeyAttestation(primaryKey, secondaryKey);
break;
case AttestationMechanismType.X509:
attestation = X509Attestation.CreateFromClientCertificates(authenticationCertificate);
break;
default:
throw new NotSupportedException("Test code has not been written for testing this attestation type yet");
}
individualEnrollment = new IndividualEnrollment(registrationId, attestation)
{
Capabilities = capabilities,
AllocationPolicy = allocationPolicy,
ReprovisionPolicy = reprovisionPolicy,
CustomAllocationDefinition = customAllocationDefinition,
IotHubs = iotHubsToProvisionTo,
};
await RetryOperationHelper
.RetryOperationsAsync(
async() =>
{
createdEnrollment = await provisioningServiceClient.CreateOrUpdateIndividualEnrollmentAsync(individualEnrollment).ConfigureAwait(false);
},
s_provisioningServiceRetryPolicy,
s_retryableExceptions,
logger)
.ConfigureAwait(false);
if (createdEnrollment == null)
{
throw new ArgumentException($"The enrollment entry with registration Id {registrationId} could not be created, exiting test.");
}
return(createdEnrollment);
}
/// <summary>
/// Update the enrollment under test such that it forces it to reprovision to the hubs within <paramref name="iotHubsToReprovisionTo"/>
/// </summary>
private async Task UpdateEnrollmentToForceReprovision(EnrollmentType?enrollmentType, ProvisioningServiceClient provisioningServiceClient, ICollection <String> iotHubsToReprovisionTo, SecurityProvider security, string groupId)
{
if (enrollmentType == EnrollmentType.Individual)
{
IndividualEnrollment individualEnrollment = await provisioningServiceClient.GetIndividualEnrollmentAsync(security.GetRegistrationID()).ConfigureAwait(false);
individualEnrollment.IotHubs = iotHubsToReprovisionTo;
IndividualEnrollment individualEnrollmentResult = await provisioningServiceClient.CreateOrUpdateIndividualEnrollmentAsync(individualEnrollment).ConfigureAwait(false);
}
else
{
EnrollmentGroup enrollmentGroup = await provisioningServiceClient.GetEnrollmentGroupAsync(groupId).ConfigureAwait(false);
enrollmentGroup.IotHubs = iotHubsToReprovisionTo;
EnrollmentGroup enrollmentGroupResult = await provisioningServiceClient.CreateOrUpdateEnrollmentGroupAsync(enrollmentGroup).ConfigureAwait(false);
}
}
public async Task ProvisioningServiceClient_IndividualEnrollments_Create_Ok(
string proxyServerAddress,
AttestationMechanismType attestationType,
ReprovisionPolicy reprovisionPolicy,
AllocationPolicy allocationPolicy,
CustomAllocationDefinition customAllocationDefinition,
ICollection <string> iotHubsToProvisionTo)
{
using (ProvisioningServiceClient provisioningServiceClient = CreateProvisioningService(proxyServerAddress))
{
string registrationId = AttestationTypeToString(attestationType) + "-" + Guid.NewGuid();
IndividualEnrollment individualEnrollment = await CreateIndividualEnrollmentAsync(
provisioningServiceClient,
registrationId,
attestationType,
null,
reprovisionPolicy,
allocationPolicy,
customAllocationDefinition,
iotHubsToProvisionTo,
null,
Logger).ConfigureAwait(false);
IndividualEnrollment individualEnrollmentResult = null;
await RetryOperationHelper
.RetryOperationsAsync(
async() =>
{
individualEnrollmentResult = await provisioningServiceClient.GetIndividualEnrollmentAsync(individualEnrollment.RegistrationId).ConfigureAwait(false);
},
s_provisioningServiceRetryPolicy,
s_retryableExceptions,
Logger)
.ConfigureAwait(false);
if (individualEnrollmentResult == null)
{
throw new ArgumentException($"The individual enrollment with registration Id {individualEnrollment.RegistrationId} could not retrieved, exiting test.");
}
Assert.AreEqual(individualEnrollmentResult.ProvisioningStatus, ProvisioningStatus.Enabled);
if (reprovisionPolicy != null)
{
Assert.AreEqual(reprovisionPolicy.UpdateHubAssignment, individualEnrollmentResult.ReprovisionPolicy.UpdateHubAssignment);
Assert.AreEqual(reprovisionPolicy.MigrateDeviceData, individualEnrollmentResult.ReprovisionPolicy.MigrateDeviceData);
}
if (customAllocationDefinition != null)
{
Assert.AreEqual(customAllocationDefinition.WebhookUrl, individualEnrollmentResult.CustomAllocationDefinition.WebhookUrl);
Assert.AreEqual(customAllocationDefinition.ApiVersion, individualEnrollmentResult.CustomAllocationDefinition.ApiVersion);
}
//allocation policy is never null
Assert.AreEqual(allocationPolicy, individualEnrollmentResult.AllocationPolicy);
await DeleteCreatedEnrollmentAsync(EnrollmentType.Individual, individualEnrollment.RegistrationId, null, Logger);
}
}
/// <summary>
/// Update the enrollment under test such that it forces it to reprovision to the hubs within <paramref name="iotHubsToReprovisionTo"/>
/// </summary>
private async Task UpdateEnrollmentToForceReprovision(EnrollmentType? enrollmentType, ProvisioningServiceClient provisioningServiceClient, ICollection<String> iotHubsToReprovisionTo, SecurityProvider security, string groupId)
{
if (enrollmentType == EnrollmentType.Individual)
{
IndividualEnrollment retrievedEnrollment = null;
await RetryOperationHelper
.RetryOperationsAsync(
async () =>
{
retrievedEnrollment = await provisioningServiceClient.GetIndividualEnrollmentAsync(security.GetRegistrationID()).ConfigureAwait(false);
},
s_provisioningServiceRetryPolicy,
s_retryableExceptions,
Logger)
.ConfigureAwait(false);
if (retrievedEnrollment == null)
{
throw new ArgumentException($"The individual enrollment entry with registration Id {security.GetRegistrationID()} could not be retrieved, exiting test.");
}
retrievedEnrollment.IotHubs = iotHubsToReprovisionTo;
IndividualEnrollment updatedEnrollment = null;
await RetryOperationHelper
.RetryOperationsAsync(
async () =>
{
updatedEnrollment = await provisioningServiceClient.CreateOrUpdateIndividualEnrollmentAsync(retrievedEnrollment).ConfigureAwait(false);
},
s_provisioningServiceRetryPolicy,
s_retryableExceptions,
Logger)
.ConfigureAwait(false);
if (updatedEnrollment == null)
{
throw new ArgumentException($"The individual enrollment entry with registration Id {security.GetRegistrationID()} could not be updated, exiting test.");
}
}
else
{
EnrollmentGroup retrievedEnrollmentGroup = null;
await RetryOperationHelper
.RetryOperationsAsync(
async () =>
{
retrievedEnrollmentGroup = await provisioningServiceClient.GetEnrollmentGroupAsync(groupId).ConfigureAwait(false);
},
s_provisioningServiceRetryPolicy,
s_retryableExceptions,
Logger)
.ConfigureAwait(false);
if (retrievedEnrollmentGroup == null)
{
throw new ArgumentException($"The enrollment group entry with group Id {groupId} could not be retrieved, exiting test.");
}
retrievedEnrollmentGroup.IotHubs = iotHubsToReprovisionTo;
EnrollmentGroup updatedEnrollmentGroup = null;
await RetryOperationHelper
.RetryOperationsAsync(
async () =>
{
updatedEnrollmentGroup = await provisioningServiceClient.CreateOrUpdateEnrollmentGroupAsync(retrievedEnrollmentGroup).ConfigureAwait(false);
},
s_provisioningServiceRetryPolicy,
s_retryableExceptions,
Logger)
.ConfigureAwait(false);
if (updatedEnrollmentGroup == null)
{
throw new ArgumentException($"The enrollment group entry with group Id {groupId} could not be updated, exiting test.");
}
}
}
private async Task<SecurityProvider> CreateSecurityProviderFromNameAsync(
AttestationMechanismType attestationType,
EnrollmentType? enrollmentType,
string groupId,
ReprovisionPolicy reprovisionPolicy,
AllocationPolicy allocationPolicy,
CustomAllocationDefinition customAllocationDefinition,
ICollection<string> iothubs,
DeviceCapabilities capabilities = null)
{
_verboseLog.WriteLine($"{nameof(CreateSecurityProviderFromNameAsync)}({attestationType})");
string registrationId = AttestationTypeToString(attestationType) + "-" + Guid.NewGuid();
using var provisioningServiceClient = ProvisioningServiceClient.CreateFromConnectionString(TestConfiguration.Provisioning.ConnectionString);
switch (attestationType)
{
case AttestationMechanismType.Tpm:
IndividualEnrollment tpmEnrollment = await CreateIndividualEnrollmentAsync(
provisioningServiceClient,
registrationId,
AttestationMechanismType.Tpm,
null,
reprovisionPolicy,
allocationPolicy,
customAllocationDefinition,
iothubs,
capabilities,
Logger).ConfigureAwait(false);
return new SecurityProviderTpmSimulator(tpmEnrollment.RegistrationId);
case AttestationMechanismType.X509:
X509Certificate2 certificate = null;
X509Certificate2Collection collection = null;
switch (enrollmentType)
{
case EnrollmentType.Individual:
X509Certificate2Helper.GenerateSelfSignedCertificateFiles(registrationId, s_x509CertificatesFolder, Logger);
#pragma warning disable CA2000 // Dispose objects before losing scope
// This certificate is used for authentication with IoT hub and is returned to the caller of this method.
// It is disposed when the caller to this method is disposed, at the end of the test method.
certificate = X509Certificate2Helper.CreateX509Certificate2FromPfxFile(registrationId, s_x509CertificatesFolder);
#pragma warning restore CA2000 // Dispose objects before losing scope
using (X509Certificate2 publicCertificate = X509Certificate2Helper.CreateX509Certificate2FromCerFile(registrationId, s_x509CertificatesFolder))
{
IndividualEnrollment x509IndividualEnrollment = await CreateIndividualEnrollmentAsync(
provisioningServiceClient,
registrationId,
AttestationMechanismType.X509,
publicCertificate,
reprovisionPolicy,
allocationPolicy,
customAllocationDefinition,
iothubs,
capabilities,
Logger).ConfigureAwait(false);
x509IndividualEnrollment.Attestation.Should().BeAssignableTo<X509Attestation>();
}
break;
case EnrollmentType.Group:
// The X509 enrollment group has been hardcoded for the purpose of E2E tests and the root certificate has been verified on DPS.
// Each device identity provisioning through the above enrollment group is created on-demand.
X509Certificate2Helper.GenerateIntermediateCertificateSignedCertificateFiles(
registrationId,
s_intermediateCertificateSubject,
s_x509CertificatesFolder,
Logger);
#pragma warning disable CA2000 // Dispose objects before losing scope
// This certificate is used for authentication with IoT hub and is returned to the caller of this method.
// It is disposed when the caller to this method is disposed, at the end of the test method.
certificate = X509Certificate2Helper.CreateX509Certificate2FromPfxFile(registrationId, s_x509CertificatesFolder);
#pragma warning restore CA2000 // Dispose objects before losing scope
collection = new X509Certificate2Collection
{
TestConfiguration.CommonCertificates.GetRootCaCertificate(),
TestConfiguration.CommonCertificates.GetIntermediate1Certificate(),
TestConfiguration.CommonCertificates.GetIntermediate2Certificate(),
X509Certificate2Helper.CreateX509Certificate2FromCerFile(registrationId, s_x509CertificatesFolder)
};
break;
default:
throw new NotSupportedException($"Unknown X509 type: '{enrollmentType}'");
}
return new SecurityProviderX509Certificate(certificate, collection);
case AttestationMechanismType.SymmetricKey:
switch (enrollmentType)
{
case EnrollmentType.Group:
EnrollmentGroup symmetricKeyEnrollmentGroup = await CreateEnrollmentGroupAsync(
provisioningServiceClient,
AttestationMechanismType.SymmetricKey,
groupId,
reprovisionPolicy,
allocationPolicy,
customAllocationDefinition,
iothubs,
capabilities,
Logger)
.ConfigureAwait(false);
Assert.IsTrue(symmetricKeyEnrollmentGroup.Attestation is SymmetricKeyAttestation);
var symmetricKeyAttestation = (SymmetricKeyAttestation)symmetricKeyEnrollmentGroup.Attestation;
string registrationIdSymmetricKey = _idPrefix + Guid.NewGuid();
string primaryKeyEnrollmentGroup = symmetricKeyAttestation.PrimaryKey;
string secondaryKeyEnrollmentGroup = symmetricKeyAttestation.SecondaryKey;
string primaryKeyIndividual = ComputeDerivedSymmetricKey(Convert.FromBase64String(primaryKeyEnrollmentGroup), registrationIdSymmetricKey);
string secondaryKeyIndividual = ComputeDerivedSymmetricKey(Convert.FromBase64String(secondaryKeyEnrollmentGroup), registrationIdSymmetricKey);
return new SecurityProviderSymmetricKey(registrationIdSymmetricKey, primaryKeyIndividual, secondaryKeyIndividual);
case EnrollmentType.Individual:
IndividualEnrollment symmetricKeyEnrollment = await CreateIndividualEnrollmentAsync(
provisioningServiceClient,
registrationId,
AttestationMechanismType.SymmetricKey,
null,
reprovisionPolicy,
allocationPolicy,
customAllocationDefinition,
iothubs,
capabilities,
Logger).ConfigureAwait(false);
Assert.IsTrue(symmetricKeyEnrollment.Attestation is SymmetricKeyAttestation);
symmetricKeyAttestation = (SymmetricKeyAttestation)symmetricKeyEnrollment.Attestation;
registrationIdSymmetricKey = symmetricKeyEnrollment.RegistrationId;
string primaryKey = symmetricKeyAttestation.PrimaryKey;
string secondaryKey = symmetricKeyAttestation.SecondaryKey;
return new SecurityProviderSymmetricKey(registrationIdSymmetricKey, primaryKey, secondaryKey);
default:
throw new NotSupportedException("Unrecognized enrollment type");
}
default:
throw new NotSupportedException("Unrecognized attestation type");
}
throw new NotSupportedException($"Unknown security type: '{attestationType}'.");
}
/// <summary>
/// Provisions a device to a starting hub, tries to open a connection, send telemetry,
/// and (if supported by the protocol) send a twin update. Then, this method updates the enrollment
/// to provision the device to a different hub. Based on the provided reprovisioning settings, this
/// method then checks that the device was/was not reprovisioned as expected, and that the device
/// did/did not migrate twin data as expected.
/// </summary>
public async Task ProvisioningDeviceClient_ReprovisioningFlow(
Client.TransportType transportProtocol,
AttestationMechanismType attestationType,
EnrollmentType? enrollmentType,
bool setCustomProxy,
ReprovisionPolicy reprovisionPolicy,
AllocationPolicy allocationPolicy,
CustomAllocationDefinition customAllocationDefinition,
ICollection<string> iotHubsToStartAt,
ICollection<string> iotHubsToReprovisionTo,
string proxyServerAddress = null)
{
using ProvisioningServiceClient provisioningServiceClient = CreateProvisioningService(s_proxyServerAddress);
string groupId = null;
if (enrollmentType == EnrollmentType.Group)
{
if (attestationType == AttestationMechanismType.X509)
{
groupId = TestConfiguration.Provisioning.X509GroupEnrollmentName;
}
else
{
groupId = _idPrefix + AttestationTypeToString(attestationType) + "-" + Guid.NewGuid();
}
}
bool transportProtocolSupportsTwinOperations = transportProtocol != Client.TransportType.Http1;
using ProvisioningTransportHandler transport = CreateTransportHandlerFromName(transportProtocol);
using SecurityProvider security = await CreateSecurityProviderFromNameAsync(
attestationType,
enrollmentType,
groupId,
reprovisionPolicy,
allocationPolicy,
customAllocationDefinition,
iotHubsToStartAt)
.ConfigureAwait(false);
//Check basic provisioning
if (ImplementsWebProxy(transportProtocol) && setCustomProxy)
{
transport.Proxy = (proxyServerAddress != null) ? new WebProxy(s_proxyServerAddress) : null;
}
var provClient = ProvisioningDeviceClient.Create(
s_globalDeviceEndpoint,
TestConfiguration.Provisioning.IdScope,
security,
transport);
using var cts = new CancellationTokenSource(PassingTimeoutMiliseconds);
DeviceRegistrationResult result = await provClient.RegisterAsync(cts.Token).ConfigureAwait(false);
ValidateDeviceRegistrationResult(result);
#pragma warning disable CA2000 // Dispose objects before losing scope
// The certificate instance referenced in the DeviceAuthenticationWithX509Certificate instance is common for all tests in this class. It is disposed during class cleanup.
Client.IAuthenticationMethod auth = CreateAuthenticationMethodFromSecurityProvider(security, result.DeviceId);
#pragma warning restore CA2000 // Dispose objects before losing scope
await ConfirmRegisteredDeviceWorks(result, auth, transportProtocol, transportProtocolSupportsTwinOperations).ConfigureAwait(false);
//Check reprovisioning
await UpdateEnrollmentToForceReprovision(enrollmentType, provisioningServiceClient, iotHubsToReprovisionTo, security, groupId).ConfigureAwait(false);
result = await provClient.RegisterAsync(cts.Token).ConfigureAwait(false);
ConfirmDeviceInExpectedHub(result, reprovisionPolicy, iotHubsToStartAt, iotHubsToReprovisionTo, allocationPolicy);
await ConfirmDeviceWorksAfterReprovisioning(result, auth, transportProtocol, reprovisionPolicy, transportProtocolSupportsTwinOperations).ConfigureAwait(false);
if (attestationType == AttestationMechanismType.X509 && enrollmentType == EnrollmentType.Group)
{
Logger.Trace($"The test enrollment type {attestationType}-{enrollmentType} with group Id {groupId} is currently hardcoded - do not delete.");
}
else
{
Logger.Trace($"Deleting test enrollment type {attestationType}-{enrollmentType} with registration Id {security.GetRegistrationID()}.");
await DeleteCreatedEnrollmentAsync(enrollmentType, security, groupId, Logger).ConfigureAwait(false);
}
if (security is SecurityProviderX509 x509Security)
{
X509Certificate2 deviceCertificate = x509Security.GetAuthenticationCertificate();
deviceCertificate?.Dispose();
}
if (auth != null && auth is IDisposable disposableAuth)
{
disposableAuth?.Dispose();
}
}
public static async Task RunSample()
{
Console.WriteLine("Starting sample...");
using (ProvisioningServiceClient provisioningServiceClient =
ProvisioningServiceClient.CreateFromConnectionString(_provisioningConnectionString))
{
#region Create a new enrollmentGroup config
Console.WriteLine("\nCreating a new enrollmentGroup...");
string certificatePassword = ReadCertificatePassword();
var certificate = new X509Certificate2(_x509RootCertPath, certificatePassword);
Attestation attestation = X509Attestation.CreateFromRootCertificates(certificate);
EnrollmentGroup enrollmentGroup =
new EnrollmentGroup(
_enrollmentGroupId,
attestation);
Console.WriteLine(enrollmentGroup);
#endregion
#region Create the enrollmentGroup
Console.WriteLine("\nAdding new enrollmentGroup...");
EnrollmentGroup enrollmentGroupResult =
await provisioningServiceClient.CreateOrUpdateEnrollmentGroupAsync(enrollmentGroup).ConfigureAwait(false);
Console.WriteLine("\nEnrollmentGroup created with success.");
Console.WriteLine(enrollmentGroupResult);
#endregion
#region Get info of enrollmentGroup
Console.WriteLine("\nGetting the enrollmentGroup information...");
EnrollmentGroup getResult =
await provisioningServiceClient.GetEnrollmentGroupAsync(SampleEnrollmentGroupId).ConfigureAwait(false);
Console.WriteLine(getResult);
#endregion
#region Query info of enrollmentGroup doc
Console.WriteLine("\nCreating a query for enrollmentGroups...");
QuerySpecification querySpecification = new QuerySpecification("SELECT * FROM enrollmentGroups");
using (Query query = provisioningServiceClient.CreateEnrollmentGroupQuery(querySpecification))
{
while (query.HasNext())
{
Console.WriteLine("\nQuerying the next enrollmentGroups...");
QueryResult queryResult = await query.NextAsync().ConfigureAwait(false);
Console.WriteLine(queryResult);
foreach (EnrollmentGroup group in queryResult.Items)
{
await EnumerateRegistrationsInGroup(provisioningServiceClient, querySpecification, group).ConfigureAwait(false);
}
}
}
#endregion
#region Delete info of enrollmentGroup
Console.WriteLine("\nDeleting the enrollmentGroup...");
await provisioningServiceClient.DeleteEnrollmentGroupAsync(getResult).ConfigureAwait(false);
#endregion
}
}
public CleanupEnrollmentsSample(ProvisioningServiceClient provisioningServiceClient)
{
_provisioningServiceClient = provisioningServiceClient;
_individualEnrollmentsDeleted = 0;
_enrollmentGroupsDeleted = 0;
}
public static async Task RunSample()
{
Console.WriteLine("Starting sample...");
using (ProvisioningServiceClient provisioningServiceClient =
ProvisioningServiceClient.CreateFromConnectionString(_provisioningConnectionString))
{
#region Create a new individualEnrollment config
Console.WriteLine("\nCreating a new set of individualEnrollments...");
List <IndividualEnrollment> individualEnrollments = new List <IndividualEnrollment>();
foreach (var item in _registrationIds)
{
Attestation attestation = new TpmAttestation(item.Value);
individualEnrollments.Add(new IndividualEnrollment(item.Key, attestation));
}
#endregion
#region Create the individualEnrollment
Console.WriteLine("\nRunning the bulk operation to create the individualEnrollments...");
BulkEnrollmentOperationResult bulkEnrollmentOperationResult =
await provisioningServiceClient.RunBulkEnrollmentOperationAsync(BulkOperationMode.Create, individualEnrollments).ConfigureAwait(false);
Console.WriteLine("\nResult of the Create bulk enrollment.");
Console.WriteLine(bulkEnrollmentOperationResult);
#endregion
#region Get info of individualEnrollment
foreach (IndividualEnrollment individualEnrollment in individualEnrollments)
{
String registrationId = individualEnrollment.RegistrationId;
Console.WriteLine($"\nGetting the {nameof(individualEnrollment)} information for {registrationId}...");
IndividualEnrollment getResult =
await provisioningServiceClient.GetIndividualEnrollmentAsync(registrationId).ConfigureAwait(false);
Console.WriteLine(getResult);
}
#endregion
#region Query info of individualEnrollment
Console.WriteLine("\nCreating a query for enrollments...");
QuerySpecification querySpecification = new QuerySpecification("SELECT * FROM enrollments");
using (Query query = provisioningServiceClient.CreateIndividualEnrollmentQuery(querySpecification, QueryPageSize))
{
while (query.HasNext())
{
Console.WriteLine("\nQuerying the next enrollments...");
QueryResult queryResult = await query.NextAsync().ConfigureAwait(false);
Console.WriteLine(queryResult);
}
}
#endregion
#region Delete info of individualEnrollment
Console.WriteLine("\nDeleting the set of individualEnrollments...");
bulkEnrollmentOperationResult =
await provisioningServiceClient.RunBulkEnrollmentOperationAsync(BulkOperationMode.Delete, individualEnrollments).ConfigureAwait(false);
Console.WriteLine(bulkEnrollmentOperationResult);
#endregion
}
}
