static void Main(string[] args)
{
string[] certFilePaths = Directory.GetFiles(ConfigurationManager.AppSettings["CertDirectory"], "*.pfx");
string plainTextPassword = ConfigurationManager.AppSettings["SecureString"];
foreach (string certFilePath in certFilePaths)
{
using (X509Certificate2 cert = new X509Certificate2(certFilePath, plainTextPassword, X509KeyStorageFlags.UserKeySet))
{
using (var security = new SecurityProviderX509Certificate(cert))
using (var transport = new ProvisioningTransportHandlerAmqp(TransportFallbackType.TcpOnly))
{
ProvisioningDeviceClient provClient =
ProvisioningDeviceClient.Create(GlobalDeviceEndpoint, IdScope, security, transport);
Console.WriteLine($"Registering device with RegistrationID = {security.GetRegistrationID()}");
DeviceRegistrationResult result = provClient.RegisterAsync().GetAwaiter().GetResult();
Console.WriteLine($"{result.Status}");
Console.WriteLine(
$"ProvisioningClient AssignedHub: {result.AssignedHub}; DeviceID: {result.DeviceId}");
}
}
}
}
protected virtual async Task <DeviceRegistrationResult> RegisterDeviceAsync(
string dpsGlobalDeviceEndpoint,
string dpsIdScope)
{
DeviceRegistrationResult result = null;
using (var security =
new SecurityProviderX509Certificate(
this.HardwareSecurityModel.DeviceLeafCert))
using (var transport =
new ProvisioningTransportHandlerMqtt(
TransportFallbackType.TcpOnly))
{
ProvisioningDeviceClient provClient =
ProvisioningDeviceClient.Create(
dpsGlobalDeviceEndpoint,
dpsIdScope,
security,
transport);
result = await provClient.RegisterAsync().ConfigureAwait(false);
}
return(result);
}
static async Task Main(string[] args)
{
var securityProvider = new SecurityProviderSymmetricKey("{registrationId}", "{primaryKey}", "{secondaryKey}");
var provisioningClient = ProvisioningDeviceClient.Create("global.azure-devices-provisioning.net", "{IdScope}", securityProvider, new ProvisioningTransportHandlerMqtt(Microsoft.Azure.Devices.Shared.TransportFallbackType.TcpWithWebSocketFallback));
var result = await provisioningClient.RegisterAsync();
Console.WriteLine($"HostName='{result.AssignedHub}';DeviceId='{result.DeviceId}';SharedAccessKey='{"{primaryKey}"}';");
}
// This Main method is very similar to that used in the earlier lab.
// The two significant changes are the need to load the X.509 certificate
// and then the change to using SecurityProviderX509Certificate as the
// security provider. The remaining code is identical - you should note
// that the device twin property change code is also present.
public static async Task Main(string[] args)
{
X509Certificate2 certificate = LoadProvisioningCertificate();
using (var security = new SecurityProviderX509Certificate(certificate))
using (var transport = new ProvisioningTransportHandlerAmqp(TransportFallbackType.TcpOnly))
{
ProvisioningDeviceClient provClient =
ProvisioningDeviceClient.Create(GlobalDeviceEndpoint, dpsIdScope, security, transport);
using (deviceClient = await ProvisionDevice(provClient, security))
{
await deviceClient.OpenAsync().ConfigureAwait(false);
// Setup device twin callbacks
await deviceClient
.SetDesiredPropertyUpdateCallbackAsync(OnDesiredPropertyChanged, null)
.ConfigureAwait(false);
var twin = await deviceClient.GetTwinAsync().ConfigureAwait(false);
await OnDesiredPropertyChanged(twin.Properties.Desired, null);
// Start reading and sending device telemetry
Console.WriteLine("Start reading and sending device telemetry...");
await SendDeviceToCloudMessagesAsync();
await deviceClient.CloseAsync().ConfigureAwait(false);
}
}
}
public static async Task RunSample(X509Certificate2 certificate)
{
using (var security = new SecurityProviderX509Certificate(certificate))
// using (var transport = new ProvisioningTransportHandlerHttp())
//using (var transport = new ProvisioningTransportHandlerAmqp(TransportFallbackType.TcpOnly))
using (var transport = new ProvisioningTransportHandlerMqtt(TransportFallbackType.TcpOnly))
{
ProvisioningDeviceClient provClient =
ProvisioningDeviceClient.Create(GlobalDeviceEndpoint, s_idScope, security, transport);
Console.WriteLine($"RegistrationID = {security.GetRegistrationID()}");
Console.Write("ProvisioningClient RegisterAsync . . . ");
DeviceRegistrationResult result = await provClient.RegisterAsync();
Console.WriteLine($"{result.Status}");
Console.WriteLine($"ProvisioningClient AssignedHub: {result.AssignedHub}; DeviceID: {result.DeviceId}");
if (result.Status != ProvisioningRegistrationStatusType.Assigned)
{
return;
}
IAuthenticationMethod auth = new DeviceAuthenticationWithX509Certificate(result.DeviceId, certificate);
iotClient = DeviceClient.Create(result.AssignedHub, auth);
Console.WriteLine($"Now {deviceID} can start sending messages to assigned IoT Hub: {result.AssignedHub}");
await iotClient.OpenAsync();
SendDeviceToCloudMessagesAsync();
Console.ReadLine();
}
}
public static async Task RunSample(X509Certificate2 certificate)
{
using (var security = new SecurityClientX509(certificate))
using (var transport = new ProvisioningTransportHandlerAmqp(TransportFallbackType.TcpOnly))
{
ProvisioningDeviceClient provClient = ProvisioningDeviceClient.Create(s_idScope, security, transport);
Console.Write("ProvisioningClient RegisterAsync . . . ");
DeviceRegistrationResult result = await provClient.RegisterAsync();
Console.WriteLine($"{result.Status}");
Console.WriteLine($"ProvisioningClient AssignedHub: {result.AssignedHub}; DeviceID: {result.DeviceId}");
if (result.Status != ProvisioningRegistrationStatusType.Assigned)
{
return;
}
IAuthenticationMethod auth = new DeviceAuthenticationWithX509Certificate(result.DeviceId, certificate);
using (DeviceClient iotClient = DeviceClient.Create(result.AssignedHub, auth))
{
Console.WriteLine("DeviceClient OpenAsync.");
await iotClient.OpenAsync();
Console.WriteLine("DeviceClient SendEventAsync.");
await iotClient.SendEventAsync(new Message(Encoding.UTF8.GetBytes("TestMessage")));
Console.WriteLine("DeviceClient CloseAsync.");
await iotClient.CloseAsync();
}
}
}
static async Task Register(SecurityProviderTpmHsm security)
{
Console.WriteLine("Press ENTER when ready to execute Registration.");
Console.WriteLine("------------------");
Console.ReadLine();
using (var transport = new ProvisioningTransportHandlerAmqp(TransportFallbackType.TcpOnly))
{
var client = ProvisioningDeviceClient.Create(GlobalDeviceEndpoint, _idScope, security, transport);
try
{
DeviceRegistrationResult result = await client.RegisterAsync().ConfigureAwait(false);
Console.ForegroundColor = ConsoleColor.Yellow;
Console.Write("\tAssigned Hub: : ");
Console.ForegroundColor = ConsoleColor.White;
Console.Write("{0} ", result.AssignedHub);
Console.WriteLine(Environment.NewLine);
Console.ForegroundColor = ConsoleColor.Yellow;
Console.Write("\tDeviceId: : ");
Console.ForegroundColor = ConsoleColor.White;
Console.Write("{0} ", result.DeviceId);
Console.WriteLine(Environment.NewLine);
}
catch (Exception)
{
Console.ForegroundColor = ConsoleColor.Red;
Console.WriteLine("The registration has failed");
Console.ForegroundColor = ConsoleColor.White;
throw;
}
}
}
// NOTE: For the purposes of this example, the certificatePassword is
// hard coded. In a production device, the password will need to be stored
// in a more secure manner. Additionally, the certificate file (PFX) should
// be stored securely on a production device using a Hardware Security Module.
public static async Task <int> Main(string[] args)
{
var tasks = new List <Task>();
foreach (var fileName in certificateFileNames)
{
X509Certificate2 certificate = LoadProvisioningCertificate(fileName);
using (var security = new SecurityProviderX509Certificate(certificate))
{
using (var transport = new ProvisioningTransportHandlerAmqp(TransportFallbackType.TcpOnly))
{
ProvisioningDeviceClient provClient =
ProvisioningDeviceClient.Create(GlobalDeviceEndpoint, dpsIdScope, security, transport);
var container = new ContainerDeviceSimulator(provClient, security);
tasks.Add(container.RunAsync());
await Task.Delay(30000); // add a device every 30 seconds
}
}
}
await Task.WhenAll(tasks);
return(0);
}
public static int Main(string[] args)
{
if (string.IsNullOrWhiteSpace(s_idScope) && (args.Length > 0))
{
s_idScope = args[0];
}
if (string.IsNullOrWhiteSpace(s_idScope))
{
Console.WriteLine("ProvisioningDeviceClientX509 <IDScope>");
return(1);
}
X509Certificate2 certificate = LoadProvisioningCertificate();
using (var security = new SecurityProviderX509Certificate(certificate))
// Select one of the available transports:
// To optimize for size, reference only the protocols used by your application.
using (var transport = new ProvisioningTransportHandlerAmqp(TransportFallbackType.TcpOnly))
// using (var transport = new ProvisioningTransportHandlerHttp())
// using (var transport = new ProvisioningTransportHandlerMqtt(TransportFallbackType.TcpOnly))
// using (var transport = new ProvisioningTransportHandlerMqtt(TransportFallbackType.WebSocketOnly))
{
ProvisioningDeviceClient provClient =
ProvisioningDeviceClient.Create(GlobalDeviceEndpoint, s_idScope, security, transport);
var sample = new ProvisioningDeviceClientSample(provClient, security);
sample.RunSampleAsync().GetAwaiter().GetResult();
}
return(0);
}
// INSERT Main method below here
public static async Task Main(string[] args)
{
using (var security = new SecurityProviderSymmetricKey(registrationId,
individualEnrollmentPrimaryKey,
individualEnrollmentSecondaryKey))
using (var transport = new ProvisioningTransportHandlerAmqp(TransportFallbackType.TcpOnly))
{
ProvisioningDeviceClient provClient =
ProvisioningDeviceClient.Create(GlobalDeviceEndpoint, dpsIdScope, security, transport);
using (deviceClient = await ProvisionDevice(provClient, security))
{
await deviceClient.OpenAsync().ConfigureAwait(false);
// INSERT Setup OnDesiredPropertyChanged Event Handling below here
await deviceClient.SetDesiredPropertyUpdateCallbackAsync(OnDesiredPropertyChanged, null).ConfigureAwait(false);
// INSERT Load Device Twin Properties below here
var twin = await deviceClient.GetTwinAsync().ConfigureAwait(false);
await OnDesiredPropertyChanged(twin.Properties.Desired, null);
// Start reading and sending device telemetry
Console.WriteLine("Start reading and sending device telemetry...");
await SendDeviceToCloudMessagesAsync();
await deviceClient.CloseAsync().ConfigureAwait(false);
}
}
}
// https://github.com/Azure-Samples/azure-iot-samples-csharp/blob/master/provisioning/Samples/device/SymmetricKeySample/Program.cs
// Azure IoT Central Client
static async Task Main(string[] args)
{
IAuthenticationMethod auth;
using (var security = new SecurityProviderSymmetricKey(registrationId, primaryKey, secondaryKey))
using (var transport = new ProvisioningTransportHandlerHttp())
{
ProvisioningDeviceClient provClient = ProvisioningDeviceClient.Create(GlobalDeviceEndpoint, idScope, security, transport);
DeviceRegistrationResult result = await provClient.RegisterAsync();
auth = new DeviceAuthenticationWithRegistrySymmetricKey(result.DeviceId, (security as SecurityProviderSymmetricKey).GetPrimaryKey());
using (DeviceClient iotClient = DeviceClient.Create(result.AssignedHub, auth, TransportType.Mqtt))
{
while (true)
{
if (_temperature.IsAvailable)
{
try
{
Console.WriteLine($"The CPU temperature is {Math.Round(_temperature.Temperature.Celsius, 2)}");
await SendMsgIotHub(iotClient, _temperature.Temperature.Celsius);
}
catch (Exception ex)
{
Console.WriteLine("exception msg: " + ex.Message);
}
}
Thread.Sleep(10000); // sleep for 10 seconds
}
}
}
}
public bool AddDeviceProvisioningService(string deviceId)
{
try
{
Console.WriteLine("Starting TPM simulator.");
using (var security = new SecurityProviderTpmSimulator(RegistrationId))
using (var transport = new ProvisioningTransportHandlerAmqp())
{
Console.WriteLine("Extracting endorsement key.");
string base64EK = Convert.ToBase64String(Encoding.ASCII.GetBytes(TpmEndorsementKey));//security.GetEndorsementKey());
Console.WriteLine($"\tRegistration ID: {RegistrationId}");
Console.WriteLine($"\tEndorsement key: {base64EK}");
Console.WriteLine("\tDevice ID: iothubtpmdevice1");
Console.WriteLine();
Console.WriteLine("Press ENTER when ready.");
Console.ReadLine();
ProvisioningDeviceClient provClient =
ProvisioningDeviceClient.Create(GlobalDeviceEndpoint, _dpsIdScope, security, transport);
var sample = new ProvisioningDeviceClientSample(provClient, security);
sample.RunSampleAsync().GetAwaiter().GetResult();
return(true);
}
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
return(false);
}
}
public async Task <DeviceRegistrationResult> RegisterDeviceAsync(
X509Certificate2 deviceCertificate,
X509Certificate2 enrollmentCertificate)
{
var scopeId = Configuration["ScopeId"];
//// The cert from the enrollment group is required for group registrations
//X509Certificate2 enrollmentCertificate = new X509Certificate2("dpsIntermediate1.pfx", "1234");
using (var security = new SecurityProviderX509Certificate(deviceCertificate,
new X509Certificate2Collection(enrollmentCertificate)))
// To optimize for size, reference only the protocols used by your application.
using (var transport = new ProvisioningTransportHandlerAmqp(TransportFallbackType.TcpOnly))
// using (var transport = new ProvisioningTransportHandlerHttp())
// using (var transport = new ProvisioningTransportHandlerMqtt(TransportFallbackType.TcpOnly))
// using (var transport = new ProvisioningTransportHandlerMqtt(TransportFallbackType.WebSocketOnly))
{
var client = ProvisioningDeviceClient.Create(
"global.azure-devices-provisioning.net", scopeId, security, transport);
var result = await client.RegisterAsync();
_logger.LogInformation($"DPS client created: {result}");
return(result);
}
}
public static async Task RunAsync(ProvisioningDeviceClient provisioningDeviceClient, SecurityProvider security)
{
Console.WriteLine($"RegistrationID = {security.GetRegistrationID()}");
Console.Write("ProvisioningClient RegisterAsync . . . ");
DeviceRegistrationResult result = await provisioningDeviceClient.RegisterAsync().ConfigureAwait(false);
Console.WriteLine($"{result.Status}");
Console.WriteLine($"ProvisioningClient AssignedHub: {result.AssignedHub}; DeviceID: {result.DeviceId}");
if (result.Status == ProvisioningRegistrationStatusType.Assigned)
{
X509Certificate2 certificate = (security as SecurityProviderX509).GetAuthenticationCertificate();
Console.WriteLine($"Registration certificate thumbprint: {certificate.Thumbprint}");
IAuthenticationMethod auth = new DeviceAuthenticationWithX509Certificate(result.DeviceId, certificate);
using (DeviceClient iotClient = DeviceClient.Create(result.AssignedHub, auth, TransportType.Amqp))
{
Console.WriteLine("DeviceClient OpenAsync.");
await iotClient.OpenAsync().ConfigureAwait(false);
Console.WriteLine("DeviceClient SendEventAsync.");
await iotClient.SendEventAsync(new Message(Encoding.UTF8.GetBytes("TestMessage"))).ConfigureAwait(false);
Console.WriteLine("DeviceClient CloseAsync.");
await iotClient.CloseAsync().ConfigureAwait(false);
}
}
}
public async Task ProvisioningDeviceClient_InvalidGlobalAddress_Register_Fail(
string transportType,
string securityType,
X509EnrollmentType?x509EnrollmentType,
TransportFallbackType?transportFallback)
{
if (!ConfigurationFound())
{
_log.WriteLine("Provisioning test configuration not found. Result inconclusive.");
return;
}
using (ProvisioningTransportHandler transport = CreateTransportHandlerFromName(transportType, transportFallback))
using (SecurityProvider security = CreateSecurityProviderFromName(securityType, x509EnrollmentType))
{
ProvisioningDeviceClient provClient = ProvisioningDeviceClient.Create(
InvalidGlobalAddress,
Configuration.Provisioning.IdScope,
security,
transport);
var cts = new CancellationTokenSource(FailingTimeoutMiliseconds);
_log.WriteLine("ProvisioningClient RegisterAsync . . . ");
var exception = await Assert.ThrowsExceptionAsync <ProvisioningTransportException>(
() => provClient.RegisterAsync(cts.Token)).ConfigureAwait(false);
_log.WriteLine($"Exception: {exception}");
}
}
/// <summary>
/// Provisions a device to a starting hub, tries to open a connection, send telemetry,
/// and (if supported by the protocol) send a twin update. Then, this method updates the enrollment
/// to provision the device to a different hub. Based on the provided reprovisioning settings, this
/// method then checks that the device was/was not reprovisioned as expected, and that the device
/// did/did not migrate twin data as expected.
/// </summary>
public async Task ProvisioningDeviceClient_ReprovisioningFlow(
Client.TransportType transportProtocol,
AttestationMechanismType attestationType,
EnrollmentType?enrollmentType,
bool setCustomProxy,
ReprovisionPolicy reprovisionPolicy,
AllocationPolicy allocationPolicy,
CustomAllocationDefinition customAllocationDefinition,
ICollection <string> iotHubsToStartAt,
ICollection <string> iotHubsToReprovisionTo,
string proxyServerAddress = null)
{
ProvisioningServiceClient provisioningServiceClient = CreateProvisioningService(s_proxyServerAddress);
string groupId = _devicePrefix + AttestationTypeToString(attestationType) + "-" + Guid.NewGuid();
bool twinOperationsAllowed = transportProtocol != Client.TransportType.Http1;
using ProvisioningTransportHandler transport = ProvisioningE2ETests.CreateTransportHandlerFromName(transportProtocol);
using SecurityProvider security = await CreateSecurityProviderFromName(
attestationType,
enrollmentType,
groupId,
reprovisionPolicy,
allocationPolicy,
customAllocationDefinition,
iotHubsToStartAt)
.ConfigureAwait(false);
//Check basic provisioning
if (ProvisioningE2ETests.ImplementsWebProxy(transportProtocol) && setCustomProxy)
{
transport.Proxy = (proxyServerAddress != null) ? new WebProxy(s_proxyServerAddress) : null;
}
ProvisioningDeviceClient provClient = ProvisioningDeviceClient.Create(
s_globalDeviceEndpoint,
Configuration.Provisioning.IdScope,
security,
transport);
using var cts = new CancellationTokenSource(PassingTimeoutMiliseconds);
DeviceRegistrationResult result = await provClient.RegisterAsync(cts.Token).ConfigureAwait(false);
ValidateDeviceRegistrationResult(result);
Client.IAuthenticationMethod auth = CreateAuthenticationMethodFromSecurityProvider(security, result.DeviceId);
await ConfirmRegisteredDeviceWorks(result, auth, transportProtocol, twinOperationsAllowed).ConfigureAwait(false);
//Check reprovisioning
await UpdateEnrollmentToForceReprovision(enrollmentType, provisioningServiceClient, iotHubsToReprovisionTo, security, groupId).ConfigureAwait(false);
result = await provClient.RegisterAsync(cts.Token).ConfigureAwait(false);
ConfirmDeviceInExpectedHub(result, reprovisionPolicy, iotHubsToStartAt, iotHubsToReprovisionTo, allocationPolicy);
await ConfirmDeviceWorksAfterReprovisioning(result, auth, transportProtocol, reprovisionPolicy, twinOperationsAllowed).ConfigureAwait(false);
if (attestationType != AttestationMechanismType.X509) //x509 enrollments are hardcoded, should never be deleted
{
await ProvisioningE2ETests.DeleteCreatedEnrollmentAsync(enrollmentType, provisioningServiceClient, security, groupId).ConfigureAwait(false);
}
}
public DeviceRegistrationResult RegisterDevice(string deviceId, string password)
{
var cert = deviceManager.ReadPrivateCertificate(deviceId, password);
using (var security = new SecurityProviderX509Certificate(cert))
{
using (var transport = new ProvisioningTransportHandlerAmqp(TransportFallbackType.TcpOnly))
{
ProvisioningDeviceClient provClient =
ProvisioningDeviceClient.Create(configuration.GetValue <string>("DeviceProvisioningEndpoint"), configuration.GetValue <string>("DeviceProvisioningScope"), security, transport);
var result = provClient.RegisterAsync().GetAwaiter().GetResult();
deviceManager.SaveRegistration(new Models.RegistrationInfo
{
AssignedHub = result.AssignedHub,
DeviceId = result.DeviceId,
RegistrationId = result.RegistrationId
});
deviceManager.SavePassword(deviceId, password);
return(result);
}
}
}
private static async Task RegisterDevice(string deviceRegistrationId)
{
// using symmetric keys
using var securityProvider = new SecurityProviderSymmetricKey(
registrationId: deviceRegistrationId,
primaryKey: ComputeKeyHash(enrollmentGroupPrimaryKey, deviceRegistrationId),
secondaryKey: ComputeKeyHash(enrollmentGroupSecondaryKey, deviceRegistrationId));
// Amqp transport
using var transportHandler = new ProvisioningTransportHandlerAmqp(TransportFallbackType.TcpOnly);
// set up provisioning client for given device
var provisioningDeviceClient = ProvisioningDeviceClient.Create(
globalDeviceEndpoint: dpsGlobalDeviceEndpoint,
idScope: dpsIdScope,
securityProvider: securityProvider,
transport: transportHandler);
// register device
var deviceRegistrationResult = await provisioningDeviceClient.RegisterAsync();
Console.WriteLine($" Device registration result: {deviceRegistrationResult.Status}");
if (!string.IsNullOrEmpty(deviceRegistrationResult.AssignedHub))
{
Console.WriteLine($" Assigned to hub '{deviceRegistrationResult.AssignedHub}'");
}
Console.WriteLine();
}
public async Task ProvisioningDeviceClient_InvalidRegistrationId_TpmRegister_Fail(string transportType)
{
if (!ConfigurationFound())
{
_log.WriteLine("Provisioning test configuration not found. Result inconclusive.");
return;
}
using (ProvisioningTransportHandler transport = CreateTransportHandlerFromName(transportType, TransportFallbackType.TcpOnly))
using (SecurityProvider security = new SecurityProviderTpmSimulator("invalidregistrationid"))
{
ProvisioningDeviceClient provClient = ProvisioningDeviceClient.Create(
s_globalDeviceEndpoint,
Configuration.Provisioning.IdScope,
security,
transport);
var cts = new CancellationTokenSource(FailingTimeoutMiliseconds);
_log.WriteLine("ProvisioningClient RegisterAsync . . . ");
DeviceRegistrationResult result = await provClient.RegisterAsync(cts.Token).ConfigureAwait(false);
_log.WriteLine($"{result.Status}");
Assert.AreEqual(ProvisioningRegistrationStatusType.Failed, result.Status);
Assert.IsNull(result.AssignedHub);
Assert.IsNull(result.DeviceId);
Assert.AreEqual("Not Found", result.ErrorMessage);
Assert.AreEqual(0x00062ae9, result.ErrorCode);
}
}
// This method receives the the provisioning device client and security
// instances created earlier.
private static async Task <DeviceClient> ProvisionDevice(
ProvisioningDeviceClient provisioningDeviceClient,
SecurityProviderSymmetricKey security)
{
// The provisioningDeviceClient.RegisterAsync()
// is called, which returns a DeviceRegistrationResult instance.
// This result contains a number of properties including the DeviceId,
// AssignedHub and the Status.
var result = await provisioningDeviceClient
.RegisterAsync()
.ConfigureAwait(false);
Console.WriteLine($"ProvisioningClient AssignedHub: {result.AssignedHub}; DeviceID: {result.DeviceId}");
// The method then checks to ensure that the provisioning status has
// been set and throws an exception if the device is not Assigned.
// Other possible results here include Unassigned, Assigning,
// Failed and Disabled.
if (result.Status != ProvisioningRegistrationStatusType.Assigned)
{
throw new Exception($"DeviceRegistrationResult.Status is NOT 'Assigned'");
}
// The DeviceAuthenticationWithRegistrySymmetricKey class simplifies
// the creation of an IoT Hub connection string using the device
// ID and the Primary Symmetric Key
var auth = new DeviceAuthenticationWithRegistrySymmetricKey(
result.DeviceId,
security.GetPrimaryKey());
// Finally, a DeviceClient instance is returned that is connected
// to the desired IoT Hub, using the authentication created above,
// and using the AMQP protocol.
return(DeviceClient.Create(result.AssignedHub, auth, TransportType.Amqp));
}
public async Task RunSampleAsync()
{
// When registering with a symmetric key using a group enrollment, the provided key will not
// work for a specific device, rather it must be computed based on two values: the group enrollment
// key and the desired device Id.
if (_parameters.EnrollmentType == EnrollmentType.Group)
{
_parameters.PrimaryKey = ComputeDerivedSymmetricKey(_parameters.PrimaryKey, _parameters.Id);
}
Console.WriteLine($"Initializing the device provisioning client...");
// For individual enrollments, the first parameter must be the registration Id, where in the enrollment
// the device Id is already chosen. However, for group enrollments the device Id can be requested by
// the device, as long as the key has been computed using that value.
// Also, the secondary could could be included, but was left out for the simplicity of this sample.
using var security = new SecurityProviderSymmetricKey(
_parameters.Id,
_parameters.PrimaryKey,
null);
using var transportHandler = GetTransportHandler();
ProvisioningDeviceClient provClient = ProvisioningDeviceClient.Create(
_parameters.GlobalDeviceEndpoint,
_parameters.IdScope,
security,
transportHandler);
Console.WriteLine($"Initialized for registration Id {security.GetRegistrationID()}.");
Console.WriteLine("Registering with the device provisioning service...");
DeviceRegistrationResult result = await provClient.RegisterAsync();
Console.WriteLine($"Registration status: {result.Status}.");
if (result.Status != ProvisioningRegistrationStatusType.Assigned)
{
Console.WriteLine($"Registration status did not assign a hub, so exiting this sample.");
return;
}
Console.WriteLine($"Device {result.DeviceId} registered to {result.AssignedHub}.");
Console.WriteLine("Creating symmetric key authentication for IoT Hub...");
IAuthenticationMethod auth = new DeviceAuthenticationWithRegistrySymmetricKey(
result.DeviceId,
security.GetPrimaryKey());
Console.WriteLine($"Testing the provisioned device with IoT Hub...");
using DeviceClient iotClient = DeviceClient.Create(result.AssignedHub, auth, _parameters.TransportType);
Console.WriteLine("Sending a telemetry message...");
using var message = new Message(Encoding.UTF8.GetBytes("TestMessage"));
await iotClient.SendEventAsync(message);
Console.WriteLine("Finished.");
}
public static async Task RunTest(string scopeId, string sasToken, string deviceId, string dpsEndpoint)
{
Console.WriteLine("Starting DPS client tests.");
int successes = 0;
int failures = 0;
var security = new SecurityProviderSymmetricKey(deviceId, sasToken, null);
var transportHandlers = new List <(ProvisioningTransportHandler, string)>();
transportHandlers.Add((new ProvisioningTransportHandlerHttp(), "default"));
foreach (var transportFallbackType in _transportFallbackTypes)
{
transportHandlers.Add((new ProvisioningTransportHandlerAmqp(transportFallbackType), transportFallbackType.ToString()));
transportHandlers.Add((new ProvisioningTransportHandlerMqtt(transportFallbackType), transportFallbackType.ToString()));
}
foreach ((ProvisioningTransportHandler, string)transportHandler in transportHandlers)
{
try
{
Console.WriteLine($"Registering with {transportHandler.Item1.GetType().Name}/{transportHandler.Item2}");
var provClient = ProvisioningDeviceClient.Create(
dpsEndpoint,
scopeId,
security,
transportHandler.Item1);
DeviceRegistrationResult provResult = await provClient.RegisterAsync().ConfigureAwait(false);
if (provResult.Status != ProvisioningRegistrationStatusType.Assigned)
{
Console.WriteLine($"Failed to connect due to {provResult.ErrorCode}: {provResult.ErrorMessage}.");
continue;
}
Console.WriteLine("Succeeded.\n");
successes++;
}
catch (Exception ex)
{
// Print all the relevant reasons for failing, without printing out the entire exception information
var reason = new StringBuilder();
Exception next = ex;
do
{
reason.AppendFormat($" - {next.GetType()}: {next.Message}\n");
next = next.InnerException;
}while (next != null);
Console.WriteLine($"Failed for {transportHandler} due to:\n{reason}");
failures++;
}
}
Console.WriteLine($"DPS client tests finished with {successes} successes and {failures} failures.");
}
public async Task <ResultCommand> ProvisionDevice(RequestCommandProvisionDevice requestProvisionDevice, string password)
{
try
{
DeviceCertificateModel certificateInfo = requestProvisionDevice.DeviceCertificateInformation;
//Load certificate chain
var(deviceCertificate, collectionCertificates) =
LoadCertificateFromPfx(Convert.FromBase64String(certificateInfo.Certificate), password);
//Save certificate in store
if (!await SaveCertificateInStore(deviceCertificate))
{
return(ResultCommand.CreateFailedCommand($"Error while saving User Certificate in Store."));
}
using (var securityProvider = new SecurityProviderX509Certificate(deviceCertificate, collectionCertificates))
{
using (var transport = new ProvisioningTransportHandlerHttp())
{
ProvisioningDeviceClient provClient =
ProvisioningDeviceClient.Create(certificateInfo.DpsInstance, certificateInfo.DpsIdScope, securityProvider, transport);
DeviceRegistrationResult result = await provClient.RegisterAsync();
if (result.Status != ProvisioningRegistrationStatusType.Assigned)
{
DebugHelper.LogError($"ProvisioningClient AssignedHub: {result.AssignedHub}; DeviceID: {result.DeviceId}");
return(ResultCommand.CreateFailedCommand($"Error during registration: {result.Status}, {result.ErrorMessage}"));
}
//Test the connection
if (!await TestDeviceConnection(result.DeviceId, result.AssignedHub, deviceCertificate))
{
return(ResultCommand.CreateFailedCommand($"Error while testing the device connection."));
}
//Persist provision in TPM/HSM
SimulatedDevice.ProvisionDevice(result.AssignedHub, result.DeviceId);
//Provisioned!
SimulatedDevice.IsProvisioned = true;
}
}
if (deviceCertificate != null)
{
deviceCertificate.Dispose();
}
return(ResultCommand.CreateSuccessCommand());
}
catch (Exception e)
{
DebugHelper.LogError($"Error ProvisionDevice: {e.Message}.");
return(ResultCommand.CreateFailedCommand($"Error ProvisionDevice: {e.Message}."));
}
}
public static int Main(string[] args)
{
if (string.IsNullOrWhiteSpace(s_idScope) && (args.Length > 0))
{
s_idScope = args[0];
}
if (string.IsNullOrWhiteSpace(s_idScope))
{
Console.WriteLine("ProvisioningDeviceClientTpm <IDScope>");
return(1);
}
// Remove if a real TPM is being used.
Console.WriteLine("Starting TPM simulator.");
SecurityProviderTpmSimulator.StartSimulatorProcess();
// Replace the following type with SecurityProviderTpmHsm() to use a real TPM2.0 device.
using (var security = new SecurityProviderTpmSimulator(s_registrationID))
// Select one of the available transports:
// To optimize for size, reference only the protocols used by your application.
using (var transport = new ProvisioningTransportHandlerHttp())
// using (var transport = new ProvisioningTransportHandlerAmqp(TransportFallbackType.TcpOnly))
// using (var transport = new ProvisioningTransportHandlerAmqp(TransportFallbackType.WebSocketOnly))
{
// Note that the TPM simulator will create an NVChip file containing the simulated TPM state.
Console.WriteLine("Extracting endorsement key.");
string base64EK = Convert.ToBase64String(security.GetEndorsementKey());
Console.WriteLine(
"In your Azure Device Provisioning Service please go to 'Manage enrollments' and select " +
"'Individual Enrollments'. Select 'Add' then fill in the following:");
Console.WriteLine("\tMechanism: TPM");
Console.WriteLine($"\tEndorsement key: {base64EK}");
Console.WriteLine($"\tRegistration ID: {s_registrationID}");
Console.WriteLine($"\tDevice ID: {s_registrationID} (or any other valid DeviceID)");
Console.WriteLine();
Console.WriteLine("Press ENTER once enrollment has been created.");
Console.ReadLine();
ProvisioningDeviceClient provClient =
ProvisioningDeviceClient.Create(GlobalDeviceEndpoint, s_idScope, security, transport);
var sample = new ProvisioningDeviceClientSample(provClient, security);
sample.RunSampleAsync().GetAwaiter().GetResult();
}
// Remove if a real TPM is being used.
Console.ForegroundColor = ConsoleColor.White; Console.WriteLine("Stopping TPM simulator.");
SecurityProviderTpmSimulator.StopSimulatorProcess();
return(0);
}
//Provision the Device
static void ProvisionDevice()
{
Console.WriteLine("Provisioning process starting..");
Console.WriteLine("Fetching secrets..");
var secrets = ReadSecrets();
if (secrets == null)
{
Console.WriteLine("No secrets found!");
return;
}
Console.WriteLine("Secrets found!");
string dpsServiceEndpoint = secrets.serviceEndpoint;
string idScope = secrets.idScope;
string registrationId = secrets.registrationId;
string primaryDeviceKey = secrets.primaryDerivedKey;
string secondaryDeviceKey = secrets.secondaryDerivedKey;
using (var security = new SecurityProviderSymmetricKey(registrationId, primaryDeviceKey, secondaryDeviceKey))
{
// Select one of the available transports:
// To optimize for size, reference only the protocols used by your application.
using (var transport = new ProvisioningTransportHandlerAmqp(TransportFallbackType.TcpOnly))
// using (var transport = new ProvisioningTransportHandlerHttp())
// using (var transport = new ProvisioningTransportHandlerMqtt(TransportFallbackType.TcpOnly))
// using (var transport = new ProvisioningTransportHandlerMqtt(TransportFallbackType.WebSocketOnly))
{
try
{
Console.WriteLine("Creating provisioning client");
ProvisioningDeviceClient provClient =
ProvisioningDeviceClient.Create(dpsServiceEndpoint, idScope, security, transport);
Console.WriteLine("Starting attestation..");
DeviceRegistrationResult registrationResult = provClient.RegisterAsync().GetAwaiter().GetResult();
Console.WriteLine("Device successfully provisioned");
Console.WriteLine("Storing primary and secondary connection strings in settings file!");
Console.WriteLine("Primary Connection string: Hostname={0};DeviceId={1};SharedAccessKey={2}", registrationResult.AssignedHub, registrationId, primaryDeviceKey);
Console.WriteLine("Secondary Connection string: Hostname={0};DeviceId={1};SharedAccessKey={2}", registrationResult.AssignedHub, registrationId, secondaryDeviceKey);
string primaryConnectionString = "Hostname=" + registrationResult.AssignedHub + ";DeviceId=" + registrationResult.DeviceId + ";SharedAccessKey=" + primaryDeviceKey;
string secondaryConnectionString = "Hostname=" + registrationResult.AssignedHub + ";DeviceId=" + registrationResult.DeviceId + ";SharedAccessKey=" + secondaryDeviceKey;
WriteSettings(primaryConnectionString, secondaryConnectionString);
}
catch (Exception ex)
{
Console.WriteLine(ex.Message + ": " + ex.InnerException.Message);
}
}
}
}
public static async Task RunSample()
{
// Replace the following type with SecurityClientTpm() to use a real TPM2.0 device.
Console.WriteLine("Starting TPM simulator.");
SecurityClientTpmSimulator.StartSimulatorProcess();
using (var security = new SecurityClientTpmSimulator(RegistrationId))
using (var transport = new ProvisioningTransportHandlerHttp())
{
// Note that the TPM simulator will create a NVChip file containing the simulated TPM state.
Console.WriteLine("Extracting endorsement key.");
string base64EK = Convert.ToBase64String(security.GetEndorsementKey());
Console.WriteLine(
"In your Azure Device Provisioning Service please go to 'Manage enrollments' and select " +
"'Individual Enrollments'. Select 'Add' then fill in the following:");
Console.WriteLine("\tMechanism: TPM");
Console.WriteLine($"\tRegistration ID: {RegistrationId}");
Console.WriteLine($"\tEndorsement key: {base64EK}");
Console.WriteLine("\tDevice ID: iothubtpmdevice1 (or any other valid DeviceID)");
Console.WriteLine();
Console.WriteLine("Press ENTER when ready.");
Console.ReadLine();
ProvisioningDeviceClient provClient = ProvisioningDeviceClient.Create(s_idScope, security, transport);
Console.Write("ProvisioningClient RegisterAsync . . . ");
DeviceRegistrationResult result = await provClient.RegisterAsync();
Console.WriteLine($"{result.Status}");
Console.WriteLine($"ProvisioningClient AssignedHub: {result.AssignedHub}; DeviceID: {result.DeviceId}");
if (result.Status != ProvisioningRegistrationStatusType.Assigned)
{
return;
}
var auth = new DeviceAuthenticationWithTpm(result.DeviceId, security);
// TODO: Temporary workaround until IoTHub DeviceClient gets Token refresh support.
await auth.GetTokenAsync(result.AssignedHub);
using (DeviceClient iotClient = DeviceClient.Create(result.AssignedHub, auth, TransportType.Mqtt))
{
Console.WriteLine("DeviceClient OpenAsync.");
await iotClient.OpenAsync();
Console.WriteLine("DeviceClient SendEventAsync.");
await iotClient.SendEventAsync(new Message(Encoding.UTF8.GetBytes("TestMessage")));
Console.WriteLine("DeviceClient CloseAsync.");
await iotClient.CloseAsync();
}
}
}
public async Task ProvisioningDeviceClient_ValidRegistrationId_Register_Ok(
string transportType,
string securityType,
X509EnrollmentType?x509EnrollmentType,
TransportFallbackType?transportFallback,
bool setCustomProxy,
string proxyServerAddress = null)
{
using (ProvisioningTransportHandler transport = CreateTransportHandlerFromName(transportType, transportFallback))
using (SecurityProvider security = await CreateSecurityProviderFromName(securityType, x509EnrollmentType).ConfigureAwait(false))
{
_verboseLog.WriteLine("Creating device");
if (ImplementsWebProxy(transportType, transportFallback) && setCustomProxy)
{
transport.Proxy = (proxyServerAddress != null) ? new WebProxy(proxyServerAddress) : null;
}
ProvisioningDeviceClient provClient = ProvisioningDeviceClient.Create(
s_globalDeviceEndpoint,
Configuration.Provisioning.IdScope,
security,
transport);
var cts = new CancellationTokenSource(PassingTimeoutMiliseconds);
_log.WriteLine("ProvisioningDeviceClient RegisterAsync . . . ");
DeviceRegistrationResult result = await provClient.RegisterAsync(cts.Token).ConfigureAwait(false);
Assert.IsNotNull(result);
_log.WriteLine($"{result.Status} (Error Code: {result.ErrorCode}; Error Message: {result.ErrorMessage})");
_log.WriteLine($"ProvisioningDeviceClient AssignedHub: {result.AssignedHub}; DeviceID: {result.DeviceId}");
Assert.AreEqual(ProvisioningRegistrationStatusType.Assigned, result.Status);
Assert.IsNotNull(result.AssignedHub);
Assert.IsNotNull(result.DeviceId);
Client.IAuthenticationMethod auth = CreateAuthenticationMethodFromSecurityProvider(security, result.DeviceId);
// TODO: #591 - ProvisioningClient and DeviceClient should use the same protocol.
using (DeviceClient iotClient = DeviceClient.Create(result.AssignedHub, auth, Client.TransportType.Http1))
{
_log.WriteLine("DeviceClient OpenAsync.");
await iotClient.OpenAsync().ConfigureAwait(false);
_log.WriteLine("DeviceClient SendEventAsync.");
await iotClient.SendEventAsync(
new Client.Message(Encoding.UTF8.GetBytes("TestMessage"))).ConfigureAwait(false);
_log.WriteLine("DeviceClient CloseAsync.");
await iotClient.CloseAsync().ConfigureAwait(false);
}
}
}
private static string ProvisionDevice(string scope, string deviceId, string primaryKey)
{
Console.Write("Provisioning device...");
using var transport = new ProvisioningTransportHandlerMqtt(TransportFallbackType.TcpOnly);
var security = new SecurityProviderSymmetricKey(deviceId, primaryKey, null);
var provClient = ProvisioningDeviceClient.Create(GlobalProvisionEndPoint, scope, security, transport);
var result = provClient.RegisterAsync().GetAwaiter().GetResult();
Console.WriteLine(" successfully provisioned");
return(result.AssignedHub);
}
static async Task <DeviceClient> DeviceRegistration(string applicationId, string deviceId, int port)
{
string deviceKey;
// See if AzureIoT hub connections string has been configured
string connectionString = ApplicationConfiguration.ConnectionStringResolve(applicationId, port);
if (!String.IsNullOrEmpty(connectionString))
{
return(DeviceClient.CreateFromConnectionString(connectionString, deviceId));
}
// See if Azure DPS has been configured
using (var hmac = new HMACSHA256(Convert.FromBase64String(ApplicationConfiguration.DpsEnrollmentGroupSymmetricKeyResolve(applicationId, port))))
{
deviceKey = Convert.ToBase64String(hmac.ComputeHash(Encoding.UTF8.GetBytes(deviceId)));
}
using (var securityProvider = new SecurityProviderSymmetricKey(deviceId, deviceKey, null))
{
using (var transport = new ProvisioningTransportHandlerAmqp(TransportFallbackType.TcpOnly))
{
ProvisioningDeviceClient provClient = ProvisioningDeviceClient.Create(ApplicationConfiguration.DpsGlobaDeviceEndpointResolve(),
ApplicationConfiguration.DpsIdScopeResolve(applicationId, port),
securityProvider,
transport);
DeviceRegistrationResult result = await provClient.RegisterAsync();
if (result.Status != ProvisioningRegistrationStatusType.Assigned)
{
throw new ApplicationException($"DevID:{deviceId} Status:{result.Status} RegisterAsync failed");
}
IAuthenticationMethod authentication = new DeviceAuthenticationWithRegistrySymmetricKey(result.DeviceId, (securityProvider as SecurityProviderSymmetricKey).GetPrimaryKey());
return(DeviceClient.Create(result.AssignedHub,
authentication,
new ITransportSettings[]
{
new AmqpTransportSettings(TransportType.Amqp_Tcp_Only)
{
PrefetchCount = 0,
AmqpConnectionPoolSettings = new AmqpConnectionPoolSettings()
{
Pooling = true,
}
}
}
));
}
}
}
public static int Main(string[] args)
{
if (string.IsNullOrWhiteSpace(s_idScope) && (args.Length > 0))
{
s_idScope = args[0];
}
if (string.IsNullOrWhiteSpace(s_idScope))
{
Console.WriteLine("ProvisioningDeviceClientSymmetricKey <IDScope>");
return(1);
}
string primaryKey = "";
string secondaryKey = "";
if (!String.IsNullOrEmpty(registrationId) && !String.IsNullOrEmpty(enrollmentGroupPrimaryKey) && !String.IsNullOrEmpty(enrollmentGroupSecondaryKey))
{
//Group enrollment flow, the primary and secondary keys are derived from the enrollment group keys and from the desired registration id
primaryKey = ComputeDerivedSymmetricKey(Convert.FromBase64String(enrollmentGroupPrimaryKey), registrationId);
secondaryKey = ComputeDerivedSymmetricKey(Convert.FromBase64String(enrollmentGroupSecondaryKey), registrationId);
}
else if (!String.IsNullOrEmpty(registrationId) && !String.IsNullOrEmpty(individualEnrollmentPrimaryKey) && !String.IsNullOrEmpty(individualEnrollmentSecondaryKey))
{
//Individual enrollment flow, the primary and secondary keys are the same as the individual enrollment keys
primaryKey = individualEnrollmentPrimaryKey;
secondaryKey = individualEnrollmentSecondaryKey;
}
else
{
Console.WriteLine("Invalid configuration provided, must provide group enrollment keys or individual enrollment keys");
return(-1);
}
using (var security = new SecurityProviderSymmetricKey(registrationId, primaryKey, secondaryKey))
// Select one of the available transports:
// To optimize for size, reference only the protocols used by your application.
using (var transport = new ProvisioningTransportHandlerAmqp(TransportFallbackType.TcpOnly))
// using (var transport = new ProvisioningTransportHandlerHttp())
// using (var transport = new ProvisioningTransportHandlerMqtt(TransportFallbackType.TcpOnly))
// using (var transport = new ProvisioningTransportHandlerMqtt(TransportFallbackType.WebSocketOnly))
{
ProvisioningDeviceClient provClient =
ProvisioningDeviceClient.Create(GlobalDeviceEndpoint, s_idScope, security, transport);
var sample = new ProvisioningDeviceClientSample(provClient, security);
sample.RunSampleAsync().GetAwaiter().GetResult();
}
Console.WriteLine("Enter any key to exit");
Console.ReadLine();
return(0);
}
