public void BothCredentialTypesDefined_Throw()
{
// Arrange
CertificateDescription certificateDescription =
CertificateDescription.FromBase64Encoded("encoded");
MicrosoftIdentityOptions microsoftIdentityOptions = new MicrosoftIdentityOptions
{
Authority = TestConstants.AuthorityCommonTenant,
ClientId = TestConstants.ConfidentialClientId,
ClientCertificates = new CertificateDescription[] { certificateDescription },
};
ConfidentialClientApplicationOptions options = new ConfidentialClientApplicationOptions
{
ClientSecret = "some secret",
};
// Act
MicrosoftIdentityOptionsValidation microsoftIdentityOptionsValidation = new MicrosoftIdentityOptionsValidation();
Action credentialAction = () =>
microsoftIdentityOptionsValidation.ValidateEitherClientCertificateOrClientSecret(options.ClientSecret, microsoftIdentityOptions.ClientCertificates);
// Assert
var exception = Assert.Throws <MsalClientException>(credentialAction);
Assert.Equal(
string.Format(CultureInfo.InvariantCulture, "Both Client secret & client certificate, " +
"cannot be included in the configuration of the web app when calling a web API. "), exception.Message);
Assert.Equal("duplicate_client_credentials", exception.ErrorCode);
}
private static void RegisterAuthenticationServicesWithCertificate(
IServiceCollection services,
IConfiguration configuration,
AuthenticationOptions authenticationOptions,
AzureADOptions azureADOptions)
{
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddMicrosoftIdentityWebApi(
options =>
{
options.Authority = $"{azureADOptions.Instance}{azureADOptions.TenantId}/v2.0";
options.SaveToken = true;
options.TokenValidationParameters.ValidAudiences = AuthenticationServiceCollectionExtensions.GetValidAudiences(authenticationOptions);
options.TokenValidationParameters.AudienceValidator = AuthenticationServiceCollectionExtensions.AudienceValidator;
options.TokenValidationParameters.ValidIssuers = AuthenticationServiceCollectionExtensions.GetValidIssuers(authenticationOptions);
},
microsoftIdentityOptions =>
{
configuration.Bind("AzureAd", microsoftIdentityOptions);
microsoftIdentityOptions.ClientCertificates = new CertificateDescription[]
{
CertificateDescription.FromKeyVault(configuration.GetValue <string>("KeyVault:Url"), configuration.GetValue <string>("GraphAppCertName")),
};
})
.EnableTokenAcquisitionToCallDownstreamApi(
confidentialClientApplicationOptions =>
{
configuration.Bind("AzureAd", confidentialClientApplicationOptions);
})
.AddInMemoryTokenCaches();
}
internal static MockupJsonModel CreateMockupJsonModel(
int nodeTypeCount,
int vmInstancePerNodeType,
List <SettingsSectionDescription> fabricSettings,
Security security = null,
EncryptableDiagnosticStoreInformation diagnosticsStore = null,
CertificateDescription certificate = null,
DiagnosticsStorageAccountConfig diagnosticsStorageAccountConfig = null)
{
MockupJsonModel jsonModel = new MockupJsonModel();
jsonModel.Name = "TestJsonConfig";
jsonModel.ClusterConfigurationVersion = "1.0.0";
jsonModel.ApiVersion = "2016-09-26";
jsonModel.Nodes = new List <NodeDescription>();
jsonModel.Properties = new MockupProperty();
jsonModel.Properties.DiagnosticsStore = diagnosticsStore;
jsonModel.Properties.FabricSettings = fabricSettings;
jsonModel.Properties.Security = security;
jsonModel.Properties.NodeTypes = new List <NodeTypeDescription>();
jsonModel.Properties.DiagnosticsStorageAccountConfig = diagnosticsStorageAccountConfig;
for (int i = 0; i < nodeTypeCount; i++)
{
jsonModel.Properties.NodeTypes.Add(CreateNodeType("NodeType" + i, vmInstancePerNodeType, i == 0));
}
for (int j = 0; j < vmInstancePerNodeType * nodeTypeCount; j++)
{
jsonModel.Nodes.Add(CreateNodeDescription("Node" + j, "NodeType0", "localhost", "fd:/dc1/r0", "UD0"));
}
return(jsonModel);
}
public void TestLoadAllCertificates(
CertificateSource certificateSource,
string container,
string referenceOrValue)
{
List <CertificateDescription> certDescriptions = CreateCertificateDescriptions(
certificateSource,
container,
referenceOrValue).ToList();
certDescriptions.Add(new CertificateDescription
{
SourceType = certificateSource,
Container = container,
ReferenceOrValue = referenceOrValue,
});
certDescriptions.Add(CertificateDescription.FromCertificate(null));
IEnumerable <X509Certificate2> certificates = DefaultCertificateLoader.LoadAllCertificates(certDescriptions);
Assert.NotNull(certificates);
Assert.Equal(2, certificates.Count());
Assert.Equal(3, certDescriptions.Count);
Assert.Equal("CN=ACS2ClientCertificate", certificates.First().Issuer);
Assert.Equal("CN=ACS2ClientCertificate", certificates.Last().Issuer);
Assert.Null(certDescriptions.ElementAt(2).Certificate);
}
internal void InternalValidateClusterCertUpdateTest(
string originalThumbprint,
string originalSecondaryThumbprint,
string updatedThumbprint,
string updatedSecondaryThumbprint,
ClusterManagementErrorCode?expectedErrorCode = null)
{
CertificateDescription currentCert = new CertificateDescription()
{
Thumbprint = originalThumbprint,
ThumbprintSecondary = originalSecondaryThumbprint,
};
CertificateDescription updatedCert = new CertificateDescription()
{
Thumbprint = updatedThumbprint,
ThumbprintSecondary = updatedSecondaryThumbprint,
};
Utility.ValidateExpectedValidationException(
delegate
{
StandaloneSettingsValidator.ValidateClusterCertificateUpdate(
new X509()
{
ClusterCertificate = currentCert
},
new X509()
{
ClusterCertificate = updatedCert
},
new StandAloneTraceLogger("StandAloneDeploymentManager"));
},
expectedErrorCode);
}
internal void VerifyFlow_ReplaceThumbprint(CertificateDescription currentCert, CertificateDescription targetCert, List <CertificateClusterUpgradeStep> steps)
{
Assert.AreEqual(3, steps.Count);
CertificateClusterUpgradeStep step = steps[0];
Assert.AreEqual(2, step.ThumbprintWhiteList.Count);
Assert.IsTrue(step.ThumbprintWhiteList.Contains(currentCert.Thumbprint) && step.ThumbprintWhiteList.Contains(targetCert.Thumbprint));
Assert.AreEqual(currentCert.Thumbprint, step.ThumbprintLoadList.Thumbprint);
Assert.IsNull(step.ThumbprintLoadList.ThumbprintSecondary);
Assert.AreEqual(currentCert.Thumbprint, step.ThumbprintFileStoreSvcList.Thumbprint);
Assert.IsNull(step.ThumbprintFileStoreSvcList.ThumbprintSecondary);
step = steps[1];
Assert.AreEqual(2, step.ThumbprintWhiteList.Count);
Assert.IsTrue(step.ThumbprintWhiteList.Contains(currentCert.Thumbprint) && step.ThumbprintWhiteList.Contains(targetCert.Thumbprint));
Assert.AreEqual(targetCert.Thumbprint, step.ThumbprintLoadList.Thumbprint);
Assert.IsNull(step.ThumbprintLoadList.ThumbprintSecondary);
Assert.AreEqual(currentCert.Thumbprint, step.ThumbprintFileStoreSvcList.Thumbprint);
Assert.AreEqual(targetCert.Thumbprint, step.ThumbprintFileStoreSvcList.ThumbprintSecondary);
step = steps[2];
Assert.AreEqual(1, step.ThumbprintWhiteList.Count);
Assert.AreEqual(targetCert.Thumbprint, step.ThumbprintWhiteList[0]);
Assert.AreEqual(targetCert.Thumbprint, step.ThumbprintLoadList.Thumbprint);
Assert.IsNull(step.ThumbprintLoadList.ThumbprintSecondary);
Assert.AreEqual(targetCert.Thumbprint, step.ThumbprintFileStoreSvcList.Thumbprint);
Assert.IsNull(step.ThumbprintFileStoreSvcList.ThumbprintSecondary);
}
internal void InternalValidateClusterThumbprintUpdateTest(
string originalThumbprint,
string originalSecondaryThumbprint,
string updatedThumbprint,
string updatedSecondaryThumbprint,
ClusterManagementErrorCode?expectedErrorCode = null)
{
CertificateDescription currentCert = new CertificateDescription()
{
Thumbprint = originalThumbprint,
ThumbprintSecondary = originalSecondaryThumbprint,
};
CertificateDescription updatedCert = new CertificateDescription()
{
Thumbprint = updatedThumbprint,
ThumbprintSecondary = updatedSecondaryThumbprint,
};
Utility.ValidateExpectedValidationException(
delegate
{
StandaloneSettingsValidator.ValidateClusterCertificateThumbprintAndCnUpdate(
StandaloneSettingsValidator.GetUniqueThumbprints(currentCert),
StandaloneSettingsValidator.GetUniqueThumbprints(updatedCert),
true,
true);
},
expectedErrorCode);
}
public void BothCredentialTypesDefined_Throw()
{
// Arrange
CertificateDescription certificateDescription =
CertificateDescription.FromBase64Encoded("encoded");
MicrosoftIdentityOptions microsoftIdentityOptions = new MicrosoftIdentityOptions
{
Authority = TestConstants.AuthorityCommonTenant,
ClientId = TestConstants.ConfidentialClientId,
ClientCertificates = new CertificateDescription[] { certificateDescription },
};
ConfidentialClientApplicationOptions options = new ConfidentialClientApplicationOptions
{
ClientSecret = "some secret",
};
// Act
Action credentialAction = () =>
MicrosoftIdentityOptionsValidation.ValidateEitherClientCertificateOrClientSecret(options.ClientSecret, microsoftIdentityOptions.ClientCertificates);
// Assert
var exception = Assert.Throws <MsalClientException>(credentialAction);
Assert.Equal(IDWebErrorMessage.BothClientSecretAndCertificateProvided, exception.Message);
Assert.Equal(ErrorCodes.DuplicateClientCredentials, exception.ErrorCode);
}
public override void ExecuteCmdlet()
{
if (ParameterSetName.Equals(InputObjectParameterSet))
{
this.ResourceGroupName = this.InputObject.Resourcegroup;
this.Name = this.InputObject.Name;
}
if (ParameterSetName.Equals(ResourceIdParameterSet))
{
this.ResourceGroupName = IotHubUtils.GetResourceGroupName(this.ResourceId);
this.Name = IotHubUtils.GetIotHubName(this.ResourceId);
}
if (!string.IsNullOrEmpty(CertificateName))
{
CertificateDescription certificateDescription = this.IotHubClient.Certificates.Get(this.ResourceGroupName, this.Name, this.CertificateName);
this.WriteObject(IotHubUtils.ToPSCertificateDescription(certificateDescription));
}
else
{
CertificateListDescription certificateDescriptions = this.IotHubClient.Certificates.ListByIotHub(this.ResourceGroupName, this.Name);
if (certificateDescriptions.Value.Count == 1)
{
this.WriteObject(IotHubUtils.ToPSCertificateDescription(certificateDescriptions.Value[0]));
}
else
{
this.WriteObject(IotHubUtils.ToPSCertificates(certificateDescriptions), true);
}
}
}
public void TestFromBase64Encoded(string base64Encoded)
{
CertificateDescription certificateDescription = CertificateDescription.FromBase64Encoded(base64Encoded);
Assert.Equal(CertificateSource.Base64Encoded, certificateDescription.SourceType);
Assert.Equal(base64Encoded, certificateDescription.ReferenceOrValue);
Assert.Equal(base64Encoded, certificateDescription.Base64EncodedValue);
}
public void TestFromCertificate()
{
using (X509Certificate2 certificate2 = new X509Certificate2())
{
CertificateDescription certificateDescription =
CertificateDescription.FromCertificate(certificate2);
}
}
public void TestFromKeyVault(string keyVaultUrl, string certificateName)
{
CertificateDescription certificateDescription = CertificateDescription.FromKeyVault(keyVaultUrl, certificateName);
Assert.Equal(CertificateSource.KeyVault, certificateDescription.SourceType);
Assert.Equal(keyVaultUrl, certificateDescription.Container);
Assert.Equal(certificateName, certificateDescription.ReferenceOrValue);
Assert.Equal(certificateName, certificateDescription.KeyVaultCertificateName);
Assert.Equal(keyVaultUrl, certificateDescription.KeyVaultUrl);
}
public void TestFromPath(string certificatePath, string password)
{
CertificateDescription certificateDescription = CertificateDescription.FromPath(certificatePath, password);
Assert.Equal(CertificateSource.Path, certificateDescription.SourceType);
Assert.Equal(certificatePath, certificateDescription.Container);
Assert.Equal(password, certificateDescription.ReferenceOrValue);
Assert.Equal(certificatePath, certificateDescription.CertificateDiskPath);
Assert.Equal(password, certificateDescription.CertificatePassword);
}
public void TestFromStoreWithThumprint(string certificateThumbprint, StoreLocation storeLocation, StoreName storeName)
{
CertificateDescription certificateDescription =
CertificateDescription.FromStoreWithThumprint(certificateThumbprint, storeLocation, storeName);
Assert.Equal(CertificateSource.StoreWithThumbprint, certificateDescription.SourceType);
Assert.Equal($"{storeLocation}/{storeName}", certificateDescription.Container);
Assert.Equal(certificateThumbprint, certificateDescription.ReferenceOrValue);
Assert.Equal($"{storeLocation}/{storeName}", certificateDescription.CertificateStorePath);
Assert.Equal(certificateThumbprint, certificateDescription.CertificateThumbprint);
}
public void TestFromCertificateDistinguishedName(string certificateDistinguishedName, StoreLocation storeLocation, StoreName storeName)
{
CertificateDescription certificateDescription =
CertificateDescription.FromStoreWithDistinguishedName(certificateDistinguishedName, storeLocation, storeName);
Assert.Equal(CertificateSource.StoreWithDistinguishedName, certificateDescription.SourceType);
Assert.Equal($"{storeLocation}/{storeName}", certificateDescription.Container);
Assert.Equal(certificateDistinguishedName, certificateDescription.ReferenceOrValue);
Assert.Equal(certificateDistinguishedName, certificateDescription.CertificateDistinguishedName);
Assert.Equal($"{storeLocation}/{storeName}", certificateDescription.CertificateStorePath);
}
public override void ExecuteCmdlet()
{
Path = ResolveUserPath(Path);
if (ShouldProcess(CertificateName, Properties.Resources.VerifyIotHubCertificate))
{
string certificate = string.Empty;
FileInfo fileInfo = new FileInfo(this.Path);
switch (fileInfo.Extension.ToLower(CultureInfo.InvariantCulture))
{
case ".cer":
var certificateByteContent = File.ReadAllBytes(this.Path);
certificate = Convert.ToBase64String(certificateByteContent);
break;
case ".pem":
certificate = File.ReadAllText(this.Path);
break;
default:
certificate = this.Path;
break;
}
if (ParameterSetName.Equals(InputObjectParameterSet))
{
this.ResourceGroupName = this.InputObject.ResourceGroupName;
this.Name = this.InputObject.Name;
this.CertificateName = this.InputObject.CertificateName;
this.Etag = this.InputObject.Etag;
}
if (ParameterSetName.Equals(ResourceIdParameterSet))
{
this.ResourceGroupName = IotHubUtils.GetResourceGroupName(this.ResourceId);
this.Name = IotHubUtils.GetIotHubName(this.ResourceId);
this.CertificateName = IotHubUtils.GetIotHubCertificateName(this.ResourceId);
}
try
{
certificate = Encoding.UTF8.GetString(Encoding.UTF8.GetBytes(certificate));
CertificateVerificationDescription certificateVerificationDescription = new CertificateVerificationDescription();
certificateVerificationDescription.Certificate = certificate;
CertificateDescription certificateDescription = this.IotHubClient.Certificates.Verify(this.ResourceGroupName, this.Name, this.CertificateName, certificateVerificationDescription, this.Etag);
this.WriteObject(IotHubUtils.ToPSCertificateDescription(certificateDescription));
}
catch (Exception e)
{
throw e;
}
}
}
internal void InternalGetUniqueThumbprintsTest(CertificateDescription cert, int expectedThumbprints)
{
IEnumerable <string> thumbprints = StandaloneSettingsValidator.GetUniqueThumbprints(cert);
Assert.AreEqual(expectedThumbprints, thumbprints.Count());
Assert.IsTrue(thumbprints.Contains(cert.Thumbprint));
if (expectedThumbprints > 1)
{
Assert.IsTrue(thumbprints.Contains(cert.ThumbprintSecondary));
}
}
public void TestFromKeyVault(string keyVaultUrl, string certificateName)
{
CertificateDescription certificateDescription = CertificateDescription.FromKeyVault(keyVaultUrl, certificateName);
Assert.Equal(CertificateSource.KeyVault, certificateDescription.SourceType);
Assert.Equal(keyVaultUrl, certificateDescription.Container);
Assert.Equal(certificateName, certificateDescription.ReferenceOrValue);
Assert.Equal(certificateName, certificateDescription.KeyVaultCertificateName);
Assert.Equal(keyVaultUrl, certificateDescription.KeyVaultUrl);
Assert.Equal(X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.EphemeralKeySet, certificateDescription.X509KeyStorageFlags);
certificateDescription.X509KeyStorageFlags = X509KeyStorageFlags.UserKeySet;
Assert.Equal(X509KeyStorageFlags.UserKeySet, certificateDescription.X509KeyStorageFlags);
}
public async Task <IActionResult> OnGetAsync(int?id)
{
if (id == null)
{
return(NotFound());
}
Certificate = await _context.CertificateDescriptions.FindAsync(id);
if (Certificate == null)
{
return(NotFound());
}
return(Page());
}
public void TestDefaultCertificateLoader(CertificateSource certificateSource, string container, string referenceOrValue)
{
CertificateDescription certificateDescription;
switch (certificateSource)
{
case CertificateSource.KeyVault:
certificateDescription = CertificateDescription.FromKeyVault(container, referenceOrValue);
break;
case CertificateSource.Base64Encoded:
certificateDescription = CertificateDescription.FromBase64Encoded(referenceOrValue);
break;
case CertificateSource.Path:
certificateDescription = CertificateDescription.FromPath(container, referenceOrValue);
break;
case CertificateSource.StoreWithThumbprint:
certificateDescription = new CertificateDescription()
{
SourceType = CertificateSource.StoreWithThumbprint
};
certificateDescription.CertificateThumbprint = referenceOrValue;
certificateDescription.CertificateStorePath = container;
break;
case CertificateSource.StoreWithDistinguishedName:
certificateDescription = new CertificateDescription()
{
SourceType = CertificateSource.StoreWithDistinguishedName
};
certificateDescription.CertificateDistinguishedName = referenceOrValue;
certificateDescription.CertificateStorePath = container;
break;
default:
certificateDescription = null;
break;
}
ICertificateLoader loader = new DefaultCertificateLoader();
loader.LoadIfNeeded(certificateDescription);
Assert.NotNull(certificateDescription.Certificate);
}
public void ValidateCredentialType_Certificate(string base64Encoded)
{
// Arrange
CertificateDescription certificateDescription =
CertificateDescription.FromBase64Encoded(base64Encoded);
MicrosoftIdentityOptions microsoftIdentityOptions = new MicrosoftIdentityOptions
{
Authority = TestConstants.AuthorityCommonTenant,
ClientId = TestConstants.ConfidentialClientId,
ClientCertificates = new CertificateDescription[] { certificateDescription },
};
ConfidentialClientApplicationOptions options = new ConfidentialClientApplicationOptions
{
ClientSecret = string.Empty,
};
// Act & Assert
// Should not throw
MicrosoftIdentityOptionsValidation.ValidateEitherClientCertificateOrClientSecret(options.ClientSecret, microsoftIdentityOptions.ClientCertificates);
}
protected override List <SettingsTypeSection> OnGenerateFabricSettings(Security security, CertificateDescription thumbprintFileStoreCert, List <string> thumbprintClusterCertList, ServerCertificateCommonNames commonNameFileStoreCert, Dictionary <string, string> commonNameClusterCertList, int currentClusterSize)
{
return(new List <SettingsTypeSection>());
}
static async Task Main(string[] args)
{
string clientId = "6af093f3-b445-4b7a-beae-046864468ad6";
string tenant = "msidentitysamplestesting.onmicrosoft.com";
string[] scopes = new[] { "api://8206b76f-586e-4098-b1e5-598c1aa3e2a1/.default" };
// Simulates the configuration, could be a IConfiguration or anything
Dictionary <string, string> Configuration = new Dictionary <string, string>();
// Certificate Loading
string keyVaultContainer = "https://WebAppsApisTests.vault.azure.net";
string keyVaultReference = "Self-Signed-5-5-22";
CertificateDescription certDescription = CertificateDescription.FromKeyVault(keyVaultContainer, keyVaultReference);
ICertificateLoader certificateLoader = new DefaultCertificateLoader();
certificateLoader.LoadIfNeeded(certDescription);
// Create the confidential client application
IConfidentialClientApplication app;
app = ConfidentialClientApplicationBuilder.Create(clientId)
// Alternatively to the certificate you can use .WithClientSecret(clientSecret)
.WithCertificate(certDescription.Certificate)
.WithTenantId(tenant)
.Build();
// In memory token caches (App and User caches)
// app.AddInMemoryTokenCache();
// Or
// Distributed token caches (App and User caches)
// Add one of the below: SQL, Redis, CosmosDb
app.AddDistributedTokenCache(services =>
{
services.AddDistributedMemoryCache();
services.AddLogging(configure => configure.AddConsole())
.Configure <LoggerFilterOptions>(options => options.MinLevel = Microsoft.Extensions.Logging.LogLevel.Debug);
/* Remove comments to use SQL cache implementation
* services.AddDistributedSqlServerCache(options =>
* {
* // SQL Server token cache
* // Requires to reference Microsoft.Extensions.Caching.SqlServer
* options.ConnectionString = @"Data Source=(localdb)\MSSQLLocalDB;Initial Catalog=TestCache;Integrated Security=True;Connect Timeout=30;Encrypt=False;TrustServerCertificate=False;ApplicationIntent=ReadWrite;MultiSubnetFailover=False";
* options.SchemaName = "dbo";
* options.TableName = "TestCache";
*
* // You don't want the SQL token cache to be purged before the access token has expired. Usually
* // access tokens expire after 1 hour (but this can be changed by token lifetime policies), whereas
* // the default sliding expiration for the distributed SQL database is 20 mins.
* // Use a value which is above 60 mins (or the lifetime of a token in case of longer lived tokens)
* options.DefaultSlidingExpiration = TimeSpan.FromMinutes(90);
* });
*/
/* Remove comments to use Redis cache implementation
* // Add Redis
* services.AddStackExchangeRedisCache(options =>
* {
* options.Configuration = "localhost";
* options.InstanceName = "Redis";
* });
*/
/* Remove comments to use CosmosDB cache implementation
* // Add CosmosDB
* services.AddCosmosCache((CosmosCacheOptions cacheOptions) =>
* {
* cacheOptions.ContainerName = Configuration["CosmosCacheContainer"];
* cacheOptions.DatabaseName = Configuration["CosmosCacheDatabase"];
* cacheOptions.ClientBuilder = new CosmosClientBuilder(Configuration["CosmosConnectionString"]);
* cacheOptions.CreateIfNotExists = true;
* });
*/
});
// Acquire a token (twice)
var result = await app.AcquireTokenForClient(scopes)
.ExecuteAsync();
Console.WriteLine(result.AuthenticationResultMetadata.TokenSource);
result = await app.AcquireTokenForClient(scopes)
.ExecuteAsync();
Console.WriteLine(result.AuthenticationResultMetadata.TokenSource);
}
public async Task IotHubClient_HubCertificate()
{
try
{
using var context = MockContext.Start(GetType());
Initialize(context);
// Create resource group
ResourceGroup resourceGroup = await CreateResourceGroupAsync(IotHubTestUtilities.DefaultCertificateResourceGroupName).ConfigureAwait(false);
// Check if hub exists and delete
IotHubNameAvailabilityInfo iotHubNameAvailabilityInfo = await _iotHubClient.IotHubResource
.CheckNameAvailabilityAsync(IotHubTestUtilities.DefaultCertificateIotHubName)
.ConfigureAwait(false);
if (!iotHubNameAvailabilityInfo.NameAvailable.Value)
{
_ = await _iotHubClient.IotHubResource
.DeleteAsync(
IotHubTestUtilities.DefaultCertificateResourceGroupName,
IotHubTestUtilities.DefaultCertificateIotHubName)
.ConfigureAwait(false);
}
// Create hub
IotHubDescription iotHub = await CreateIotHubAsync(resourceGroup, IotHubTestUtilities.DefaultLocation, IotHubTestUtilities.DefaultCertificateIotHubName, null)
.ConfigureAwait(false);
// Upload certificate to the hub
CertificateDescription newCertificateDescription = await CreateCertificateAsync(
resourceGroup,
IotHubTestUtilities.DefaultCertificateIotHubName,
IotHubTestUtilities.DefaultIotHubCertificateName)
.ConfigureAwait(false);
newCertificateDescription.Name.Should().Be(IotHubTestUtilities.DefaultIotHubCertificateName);
newCertificateDescription.Properties.Subject.Should().Be(IotHubTestUtilities.DefaultIotHubCertificateSubject);
newCertificateDescription.Properties.Thumbprint.Should().Be(IotHubTestUtilities.DefaultIotHubCertificateThumbprint);
newCertificateDescription.Type.Should().Be(IotHubTestUtilities.DefaultIotHubCertificateType);
newCertificateDescription.Properties.IsVerified.Should().BeFalse();
// Get all certificates
var certificateList = await GetCertificatesAsync(resourceGroup, IotHubTestUtilities.DefaultCertificateIotHubName).ConfigureAwait(false);
certificateList.Value.Count().Should().Be(1);
// Get certificate
CertificateDescription certificate = await GetCertificateAsync(resourceGroup, IotHubTestUtilities.DefaultCertificateIotHubName, IotHubTestUtilities.DefaultIotHubCertificateName)
.ConfigureAwait(false);
certificate.Name.Should().Be(IotHubTestUtilities.DefaultIotHubCertificateName);
certificate.Properties.Subject.Should().Be(IotHubTestUtilities.DefaultIotHubCertificateSubject);
certificate.Properties.Thumbprint.Should().Be(IotHubTestUtilities.DefaultIotHubCertificateThumbprint);
certificate.Type.Should().Be(IotHubTestUtilities.DefaultIotHubCertificateType);
certificate.Properties.IsVerified.Should().BeFalse();
CertificateWithNonceDescription certificateWithNonceDescription = await GenerateVerificationCodeAsync(
resourceGroup,
IotHubTestUtilities.DefaultCertificateIotHubName,
IotHubTestUtilities.DefaultIotHubCertificateName,
certificate.Etag)
.ConfigureAwait(false);
certificateWithNonceDescription.Name.Should().Be(IotHubTestUtilities.DefaultIotHubCertificateName);
certificateWithNonceDescription.Properties.Subject.Should().Be(IotHubTestUtilities.DefaultIotHubCertificateSubject);
certificateWithNonceDescription.Properties.Thumbprint.Should().Be(IotHubTestUtilities.DefaultIotHubCertificateThumbprint);
certificateWithNonceDescription.Type.Should().Be(IotHubTestUtilities.DefaultIotHubCertificateType);
certificateWithNonceDescription.Properties.IsVerified.Should().BeFalse();
certificateWithNonceDescription.Properties.VerificationCode.Should().NotBeNull();
// Delete certificate
await DeleteCertificateAsync(
resourceGroup,
IotHubTestUtilities.DefaultCertificateIotHubName,
IotHubTestUtilities.DefaultIotHubCertificateName,
certificateWithNonceDescription.Etag)
.ConfigureAwait(false);
// Get all certificate after delete
var certificateListAfterDelete = await GetCertificatesAsync(resourceGroup, IotHubTestUtilities.DefaultCertificateIotHubName)
.ConfigureAwait(false);
certificateListAfterDelete.Value.Count().Should().Be(0);
}
catch (ErrorDetailsException ex)
{
Console.WriteLine(ex.ToString());
Console.WriteLine($"{ex.Body.Message}: {ex.Body.Details}");
throw;
}
catch (Exception ex)
{
Console.WriteLine(ex.ToString());
throw;
}
}
public static PSCertificateDescription ToPSCertificateDescription(CertificateDescription certificateDescription)
{
return ConvertObject<CertificateDescription, PSCertificateDescription>(certificateDescription);
}
protected override List <SettingsTypeSection> OnGenerateFabricSettings(
Security security,
CertificateDescription thumbprintFileStoreCert,
List <string> thumbprintClusterCertList,
ServerCertificateCommonNames commonNameFileStoreCert,
Dictionary <string, string> commonNameClusterCertList,
int currentClusterSize = -1)
{
var result = new List <SettingsTypeSection>();
// GenerateSecuritySection always returns a non-null value
var securitySections = this.GenerateSecuritySection(security, thumbprintClusterCertList, commonNameClusterCertList);
result.AddRange(securitySections);
var runAsSection = this.GenerateRunAsSection(security);
if (runAsSection != null)
{
result.Add(runAsSection);
}
var httpApplicationGatewaySection = this.GenerateHttpApplicationGatewaySection();
if (httpApplicationGatewaySection != null)
{
result.Add(httpApplicationGatewaySection);
}
if (security == null || security.WindowsIdentities == null || security.WindowsIdentities.ClustergMSAIdentity == null)
{
var fileStoreSection = this.GenerateFileStoreServiceSection(
thumbprintFileStoreCert,
commonNameFileStoreCert,
this.currentPrimaryAccountNtlmPassword,
this.currentSecondaryAccountNtlmPassword,
this.currentCommonNameNtlmPassword);
if (fileStoreSection != null)
{
result.Add(fileStoreSection);
}
}
var failoverManagerSection = currentClusterSize == -1 ? this.GenerateFailoverManagerSection() : this.GenerateFailoverManagerSection(currentClusterSize);
result.Add(failoverManagerSection);
if (this.TargetCsmConfig.DiagnosticsStoreInformation != null)
{
var dcaSections = this.GenerateDcaSections();
if (dcaSections != null)
{
result.AddRange(dcaSections);
}
}
result.AddRange(this.GenerateClusterManagerSection());
var upgradeOrchestrationServiceSection = this.GenerateUpgradeOrchestrationServiceSection();
result.Add(upgradeOrchestrationServiceSection);
result.AddRange(this.GenerateCommonSection());
result.AddRange(StandAloneFabricSettingsGenerator.GenerateSecretStoreSections(this.TargetCsmConfig));
result.AddRange(StandAloneFabricSettingsGenerator.GenerateRepairManagerSection(this.TargetCsmConfig));
result.AddRange(StandAloneFabricSettingsGenerator.GenerateDnsServiceSection(this.TargetCsmConfig));
result.AddRange(StandAloneFabricSettingsGenerator.GenerateBackupRestoreServiceSection(this.TargetCsmConfig));
result.AddRange(StandAloneFabricSettingsGenerator.GenerateResourceMonitorServiceSection(this.TargetCsmConfig));
result.AddRange(StandAloneFabricSettingsGenerator.GenerateSFVolumeDiskServiceSection(this.TargetCsmConfig));
result.AddRange(StandAloneFabricSettingsGenerator.GenerateEventStoreServiceSection(this.TargetCsmConfig));
result.AddRange(StandAloneFabricSettingsGenerator.GenerateGatewayResourceManagerSection(this.TargetCsmConfig));
return(result);
}
