public void Test_UserManagement() { // Create the encrypted password for the user AsymmetricEncryptedSecret encryptedSecret = Client.Devices.GetAsymmetricEncryptedSecretUsingActivationKey(TestConstants.GatewayResourceName, TestConstants.DefaultResourceGroupName, "Password1", TestConstants.GatewayActivationKey); User user = new User() { EncryptedPassword = encryptedSecret }; // Create user. Client.Users.CreateOrUpdate(TestConstants.GatewayResourceName, "user1", TestConstants.DefaultResourceGroupName, encryptedSecret); Client.Users.CreateOrUpdate(TestConstants.GatewayResourceName, "user2", TestConstants.DefaultResourceGroupName, encryptedSecret); // Get user by name var retrievedUser = Client.Users.Get(TestConstants.GatewayResourceName, "user1", TestConstants.DefaultResourceGroupName); // List users in the device string continuationToken = null; var usersInDevice = TestUtilities.ListUsers(Client, TestConstants.GatewayResourceName, TestConstants.DefaultResourceGroupName, out continuationToken); if (continuationToken != null) { usersInDevice.ToList().AddRange(TestUtilities.ListUsers(Client, TestConstants.GatewayResourceName, TestConstants.DefaultResourceGroupName, out continuationToken)); } // Delete user Client.Users.Delete(TestConstants.GatewayResourceName, "user2", TestConstants.DefaultResourceGroupName); }
private AsymmetricEncryptedSecret EncryptSecretUsingDEK(string resourceGroupName, string managerName, string deviceName, string plainTextSecret) { PublicKey devicePublicEncryptionInfo = this.Client.Managers.GetDevicePublicEncryptionKey(deviceName.GetDoubleEncoded(), resourceGroupName, managerName); var encryptedSecret = CryptoHelper.EncryptSecretRSAPKCS(plainTextSecret, devicePublicEncryptionInfo.Key); AsymmetricEncryptedSecret secret = new AsymmetricEncryptedSecret(encryptedSecret, EncryptionAlgorithm.RSAESPKCS1V15, String.Empty); return(secret); }
public void TestConfigureCloudAppliance() { //checking for prerequisites var device = Helpers.CheckAndGetDevice(this, DeviceType.Series8000VirtualAppliance, DeviceStatus.ReadyToSetup); var deviceName = device.Name; //the service data encryption key from rollovered device var serviceDataEncryptionKey = "ZJOCJNA3k0g5WSHqskiMug=="; try { // Device admin password and snapshot manager password AsymmetricEncryptedSecret deviceAdminpassword = this.Client.Managers.GetAsymmetricEncryptedSecret(this.ResourceGroupName, this.ManagerName, "test-adminp13"); AsymmetricEncryptedSecret snapshotmanagerPassword = this.Client.Managers.GetAsymmetricEncryptedSecret(this.ResourceGroupName, this.ManagerName, "test-ssmpas1235"); //cloud appliance settings CloudApplianceSettings cloudApplianceSettings = new CloudApplianceSettings(); cloudApplianceSettings.ServiceDataEncryptionKey = EncryptSecretUsingDEK(this.ResourceGroupName, this.ManagerName, deviceName, serviceDataEncryptionKey); var managerExtendedInfo = this.Client.Managers.GetExtendedInfo(this.ResourceGroupName, this.ManagerName); cloudApplianceSettings.ChannelIntegrityKey = EncryptSecretUsingDEK(this.ResourceGroupName, this.ManagerName, deviceName, managerExtendedInfo.IntegrityKey); //security settings patch SecuritySettingsPatch securitySettingsPatch = new SecuritySettingsPatch() { DeviceAdminPassword = deviceAdminpassword, SnapshotPassword = snapshotmanagerPassword, CloudApplianceSettings = cloudApplianceSettings }; //update security settings - this will configure the SCA too. this.Client.DeviceSettings.UpdateSecuritySettings( deviceName.GetDoubleEncoded(), securitySettingsPatch, this.ResourceGroupName, this.ManagerName); var securitySettings = this.Client.DeviceSettings.GetSecuritySettings( deviceName.GetDoubleEncoded(), this.ResourceGroupName, this.ManagerName); //validation Assert.True(securitySettings != null, "Creation of Security Setting was not successful."); //validate that SCA got configured, by checking device is online now. Helpers.CheckAndGetConfiguredDevice(this, deviceName); } catch (Exception e) { Assert.Null(e); } }
public void Test_ARMUserPasswordUpdate() { // Get user by name var retrievedUser = Client.Users.Get(TestConstants.EdgeResourceName, TestConstants.ARMLiteUserName, TestConstants.DefaultResourceGroupName); // Create the encrypted password for the user AsymmetricEncryptedSecret encryptedSecret = Client.Devices.GetAsymmetricEncryptedSecret(TestConstants.EdgeResourceName, TestConstants.DefaultResourceGroupName, "Password1", TestConstants.EdgeDeviceCIK); retrievedUser.EncryptedPassword = encryptedSecret; // Create user. Client.Users.CreateOrUpdate(TestConstants.EdgeResourceName, TestConstants.ARMLiteUserName, retrievedUser, TestConstants.DefaultResourceGroupName); }
private static ResourceModel InitStorageAccountCredentialObject( string name, string storageAccountName, string accountType, string sslStatus, AsymmetricEncryptedSecret secret) { var storageAccountCredential = new ResourceModel( name, sslStatus, accountType, userName: storageAccountName, accountKey: secret); return(storageAccountCredential); }
/// <summary> /// Gets an iot role object /// </summary> /// <param name="iotDeviceSecret"></param> /// <param name="iotEdgeDeviceSecret"></param> /// <returns>IoTRole</returns> public static IoTRole GetIoTRoleObject(AsymmetricEncryptedSecret iotDeviceSecret, AsymmetricEncryptedSecret iotEdgeDeviceSecret) { Authentication authentication = new Authentication() { SymmetricKey = new SymmetricKey(iotDeviceSecret) }; IoTDeviceInfo ioTDeviceInfo = new IoTDeviceInfo("iotdevice", "iothub.azure-devices.net", authentication: authentication); Authentication edgeAuthentication = new Authentication() { SymmetricKey = new SymmetricKey(iotEdgeDeviceSecret) }; IoTDeviceInfo ioTEdgeDeviceInfo = new IoTDeviceInfo("iotdevice", "iothub.azure-devices.net", authentication: edgeAuthentication); IoTRole ioTRole = new IoTRole("Linux", ioTDeviceInfo, ioTEdgeDeviceInfo, "Enabled"); return(ioTRole); }
/// <summary> /// Create SecuritySettings on the Device. /// </summary> private SecuritySettings CreateAndValidateSecuritySettings(string deviceName) { RemoteManagementSettingsPatch remoteManagementSettings = new RemoteManagementSettingsPatch( RemoteManagementModeConfiguration.HttpsAndHttpEnabled); AsymmetricEncryptedSecret deviceAdminpassword = this.Client.Managers.GetAsymmetricEncryptedSecret( this.ResourceGroupName, this.ManagerName, "test-adminp13"); AsymmetricEncryptedSecret snapshotmanagerPassword = this.Client.Managers.GetAsymmetricEncryptedSecret( this.ResourceGroupName, this.ManagerName, "test-ssmpas1235"); ChapSettings chapSettings = new ChapSettings( "test-initiator-user", this.Client.Managers.GetAsymmetricEncryptedSecret(this.ResourceGroupName, this.ManagerName, "chapsetInitP124"), "test-target-user", this.Client.Managers.GetAsymmetricEncryptedSecret(this.ResourceGroupName, this.ManagerName, "chapsetTargP1235")); SecuritySettingsPatch securitySettingsPatch = new SecuritySettingsPatch( remoteManagementSettings, deviceAdminpassword, snapshotmanagerPassword, chapSettings); this.Client.DeviceSettings.UpdateSecuritySettings( deviceName.GetDoubleEncoded(), securitySettingsPatch, this.ResourceGroupName, this.ManagerName); var securitySettings = this.Client.DeviceSettings.GetSecuritySettings( deviceName.GetDoubleEncoded(), this.ResourceGroupName, this.ManagerName); //validation Assert.True(securitySettings != null && securitySettings.RemoteManagementSettings.RemoteManagementMode.Equals(RemoteManagementModeConfiguration.HttpsAndHttpEnabled) && securitySettings.ChapSettings.InitiatorUser.Equals("test-initiator-user") && securitySettings.ChapSettings.TargetUser.Equals("test-target-user"), "Creation of Security Setting was not successful."); return(securitySettings); }
public void Test_IoTRoles() { AsymmetricEncryptedSecret iotDevicesecret = Client.Devices.GetAsymmetricEncryptedSecretUsingActivationKey(TestConstants.EdgeResourceName, TestConstants.DefaultResourceGroupName, "IotDeviceConnectionString", TestConstants.EdgeDeviceActivationKey); AsymmetricEncryptedSecret iotEdgeDevicesecret = Client.Devices.GetAsymmetricEncryptedSecretUsingActivationKey(TestConstants.EdgeResourceName, TestConstants.DefaultResourceGroupName, "IotEdgeDeviceConnectionString", TestConstants.EdgeDeviceActivationKey); var iotRole = TestUtilities.GetIoTRoleObject(iotDevicesecret, iotEdgeDevicesecret); // Create an iot role Client.Roles.CreateOrUpdate(TestConstants.EdgeResourceName, "iot-1", iotRole, TestConstants.DefaultResourceGroupName); // Get an iot role by name Client.Roles.Get(TestConstants.EdgeResourceName, "iot-1", TestConstants.DefaultResourceGroupName); // List iot Roles in the device string continuationToken = null; TestUtilities.ListRoles(Client, TestConstants.EdgeResourceName, TestConstants.DefaultResourceGroupName, out continuationToken); // Delete iot role Client.Roles.Delete(TestConstants.EdgeResourceName, "iot-1", TestConstants.DefaultResourceGroupName); }
/// <summary> /// Update SecuritySettings on the Device. /// </summary> private void ValidateCreateOrUpdateSecuritySettings(string deviceName) { AsymmetricEncryptedSecret deviceAdminpassword = this.Client.Managers.GetAsymmetricEncryptedSecret( this.ResourceGroupName, this.ManagerName, "test-adminp13"); SecuritySettings newSecuritySettings = new SecuritySettings() { DeviceAdminPassword = deviceAdminpassword }; // Update security settings for the given device this.Client.Devices.CreateOrUpdateSecuritySettings( deviceName.GetDoubleEncoded(), newSecuritySettings, this.ResourceGroupName, this.ManagerName); // No validation since there isn't GET Security Settings API }
public void Test_SACManagement() { //Create storage account credential AsymmetricEncryptedSecret encryptedSecret = Client.Devices.GetAsymmetricEncryptedSecretUsingActivationKey(TestConstants.GatewayResourceName, TestConstants.DefaultResourceGroupName, "EyIbt0QelBmm4ggkWsvQGaGaijYv/JBXIRl5ZR7pwgCJCkLYQmKY+H5RV4COGhbi01dBRIC1dNSF1sbJoeAL1Q==", TestConstants.GatewayActivationKey); StorageAccountCredential sac1 = TestUtilities.GetSACObject(encryptedSecret, "sac1"); Client.StorageAccountCredentials.CreateOrUpdate(TestConstants.GatewayResourceName, "sac1", sac1, TestConstants.DefaultResourceGroupName); StorageAccountCredential sac2 = TestUtilities.GetSACObject(encryptedSecret, "sac2"); Client.StorageAccountCredentials.CreateOrUpdate(TestConstants.GatewayResourceName, "sac2", sac2, TestConstants.DefaultResourceGroupName); //Get storage account credential by name. Client.StorageAccountCredentials.Get(TestConstants.GatewayResourceName, "sac1", TestConstants.DefaultResourceGroupName); //List storage account credentials in the device string continuationToken = null; var storageCredentials = TestUtilities.ListStorageAccountCredentials(Client, TestConstants.GatewayResourceName, TestConstants.DefaultResourceGroupName, out continuationToken); //List storage account credentials in the device Client.StorageAccountCredentials.Delete(TestConstants.GatewayResourceName, "sac2", TestConstants.DefaultResourceGroupName); }
public static IoTRole GetIoTRoleObject( string deviceId, string edgeDeviceId, string ioTHostHub, string platform, AsymmetricEncryptedSecret iotDeviceSecret, AsymmetricEncryptedSecret iotEdgeDeviceSecret, string roleStatus) { var authentication = new Authentication() { SymmetricKey = new SymmetricKey(iotDeviceSecret) }; var ioTDeviceInfo = new IoTDeviceInfo(deviceId, ioTHostHub, authentication: authentication); var edgeAuthentication = new Authentication() { SymmetricKey = new SymmetricKey(iotEdgeDeviceSecret) }; var ioTEdgeDeviceInfo = new IoTDeviceInfo(edgeDeviceId, ioTHostHub, authentication: edgeAuthentication); return(new IoTRole(platform, ioTDeviceInfo, ioTEdgeDeviceInfo, roleStatus)); }
/// <summary> /// Use this method to encrypt the user secrets (Storage Account Access Key, Volume Container Encryption Key etc.) /// </summary> /// <param name="deviceName"> /// The resource name. /// </param> /// <param name="resourceGroupName"> /// The resource group name. /// </param> /// <param name="plainTextSecret"> /// The plain text secret. /// </param> /// <returns> /// The <see cref="AsymmetricEncryptedSecret"/>. /// </returns> /// <exception cref="ValidationException"> /// </exception> /// <exception cref="InvalidOperationException"> /// </exception> public static AsymmetricEncryptedSecret GetAsymmetricEncryptedSecretFromCIK( this IDevicesOperations operations, string deviceName, string resourceGroupName, string plainTextSecret, string channelIntegrationKey) { if (string.IsNullOrWhiteSpace(plainTextSecret)) { throw new Microsoft.Rest.ValidationException(Microsoft.Rest.ValidationRules.CannotBeNull, "plainTextSecret"); } if (string.IsNullOrWhiteSpace(resourceGroupName)) { throw new Microsoft.Rest.ValidationException(Microsoft.Rest.ValidationRules.CannotBeNull, "resourceGroupName"); } if (string.IsNullOrWhiteSpace(deviceName)) { throw new Microsoft.Rest.ValidationException(Microsoft.Rest.ValidationRules.CannotBeNull, "resourceName"); } DataBoxEdgeDeviceExtendedInfo extendedInfo = operations.GetExtendedInformation(deviceName, resourceGroupName); string encryptionKey = extendedInfo.EncryptionKey; string encryptionKeyThumbprint = extendedInfo.EncryptionKeyThumbprint; string ChannelEncryptionKey = CryptoUtilities.DecryptStringAES(encryptionKey, channelIntegrationKey); var secret = new AsymmetricEncryptedSecret() { EncryptionAlgorithm = EncryptionAlgorithm.AES256, EncryptionCertThumbprint = encryptionKeyThumbprint, Value = CryptoUtilities.EncryptStringRsaPkcs1v15(plainTextSecret, ChannelEncryptionKey) }; return(secret); }
public void Test_SACManagement() { // There is a restriction that storage account name and SAC name has to be same. So the names are used interchanteable string storageAccountName = "databoxedgeutdst"; //Create storage account credential AsymmetricEncryptedSecret encryptedSecret = Client.Devices.GetAsymmetricEncryptedSecret(TestConstants.EdgeResourceName, TestConstants.DefaultResourceGroupName, "EyIbt0QelBmm4ggkWsvQGaGaijYv/JBXIRl5ZR7pwgCJCkLYQmKY+H5RV4COGhbi01dBRIC1dNSF1sbJoeAL1Q==", TestConstants.EdgeDeviceCIK); StorageAccountCredential sac1 = TestUtilities.GetSACObject(encryptedSecret, storageAccountName); Client.StorageAccountCredentials.CreateOrUpdate(TestConstants.EdgeResourceName, storageAccountName, sac1, TestConstants.DefaultResourceGroupName); //Get storage account credential by name. Client.StorageAccountCredentials.Get(TestConstants.EdgeResourceName, storageAccountName, TestConstants.DefaultResourceGroupName); //List storage account credentials in the device string continuationToken = null; var storageCredentials = TestUtilities.ListStorageAccountCredentials(Client, TestConstants.EdgeResourceName, TestConstants.DefaultResourceGroupName, out continuationToken); //List storage account credentials in the device Client.StorageAccountCredentials.Delete(TestConstants.EdgeResourceName, storageAccountName, TestConstants.DefaultResourceGroupName); //Create again as we want to keep the SAC object inresource sac1 = TestUtilities.GetSACObject(encryptedSecret, storageAccountName); Client.StorageAccountCredentials.CreateOrUpdate(TestConstants.EdgeResourceName, storageAccountName, sac1, TestConstants.DefaultResourceGroupName); }
/// <summary> /// Updates the security settings on a data box edge/gateway device. /// </summary> /// <param name='operations'> /// The operations group for this extension method. /// </param> /// <param name='deviceName'> /// The device name. /// </param> /// <param name='resourceGroupName'> /// The resource group name. /// </param> /// <param name='deviceAdminPassword'> /// Device administrator password as an encrypted string (encrypted using RSA /// PKCS #1) is used to sign into the local web UI of the device. The Actual /// password should have at least 8 characters that are a combination of /// uppercase, lowercase, numeric, and special characters. /// </param> /// <param name='cancellationToken'> /// The cancellation token. /// </param> public static async Task BeginCreateOrUpdateSecuritySettingsAsync(this IDevicesOperations operations, string deviceName, string resourceGroupName, AsymmetricEncryptedSecret deviceAdminPassword, CancellationToken cancellationToken = default(CancellationToken)) { (await operations.BeginCreateOrUpdateSecuritySettingsWithHttpMessagesAsync(deviceName, resourceGroupName, deviceAdminPassword, null, cancellationToken).ConfigureAwait(false)).Dispose(); }
/// <summary> /// Updates the security settings on a data box edge/gateway device. /// </summary> /// <param name='operations'> /// The operations group for this extension method. /// </param> /// <param name='deviceName'> /// The device name. /// </param> /// <param name='resourceGroupName'> /// The resource group name. /// </param> /// <param name='deviceAdminPassword'> /// Device administrator password as an encrypted string (encrypted using RSA /// PKCS #1) is used to sign into the local web UI of the device. The Actual /// password should have at least 8 characters that are a combination of /// uppercase, lowercase, numeric, and special characters. /// </param> public static void BeginCreateOrUpdateSecuritySettings(this IDevicesOperations operations, string deviceName, string resourceGroupName, AsymmetricEncryptedSecret deviceAdminPassword) { operations.BeginCreateOrUpdateSecuritySettingsAsync(deviceName, resourceGroupName, deviceAdminPassword).GetAwaiter().GetResult(); }
/// <summary> /// Gets a sac object /// </summary> /// <param name="secret"></param> /// <param name="sacName"></param> /// <returns>StorageAccountCredential</returns> public static StorageAccountCredential GetSACObject(AsymmetricEncryptedSecret secret, string sacName) { StorageAccountCredential sac = new StorageAccountCredential(sacName, "Disabled", "BlobStorage", userName: sacName, accountKey: secret); return(sac); }
/// <summary> /// Creates a new user or updates an existing user's information on a data box /// edge/gateway device. /// </summary> /// <param name='operations'> /// The operations group for this extension method. /// </param> /// <param name='deviceName'> /// The device name. /// </param> /// <param name='name'> /// The user name. /// </param> /// <param name='resourceGroupName'> /// The resource group name. /// </param> /// <param name='encryptedPassword'> /// The password details. /// </param> /// <param name='shareAccessRights'> /// List of shares that the user has rights on. This field should not be /// specified during user creation. /// </param> /// <param name='cancellationToken'> /// The cancellation token. /// </param> public static async Task <User> BeginCreateOrUpdateAsync(this IUsersOperations operations, string deviceName, string name, string resourceGroupName, AsymmetricEncryptedSecret encryptedPassword = default(AsymmetricEncryptedSecret), IList <ShareAccessRight> shareAccessRights = default(IList <ShareAccessRight>), CancellationToken cancellationToken = default(CancellationToken)) { using (var _result = await operations.BeginCreateOrUpdateWithHttpMessagesAsync(deviceName, name, resourceGroupName, encryptedPassword, shareAccessRights, null, cancellationToken).ConfigureAwait(false)) { return(_result.Body); } }
/// <summary> /// Creates a new user or updates an existing user's information on a data box /// edge/gateway device. /// </summary> /// <param name='operations'> /// The operations group for this extension method. /// </param> /// <param name='deviceName'> /// The device name. /// </param> /// <param name='name'> /// The user name. /// </param> /// <param name='resourceGroupName'> /// The resource group name. /// </param> /// <param name='encryptedPassword'> /// The password details. /// </param> /// <param name='shareAccessRights'> /// List of shares that the user has rights on. This field should not be /// specified during user creation. /// </param> public static User BeginCreateOrUpdate(this IUsersOperations operations, string deviceName, string name, string resourceGroupName, AsymmetricEncryptedSecret encryptedPassword = default(AsymmetricEncryptedSecret), IList <ShareAccessRight> shareAccessRights = default(IList <ShareAccessRight>)) { return(operations.BeginCreateOrUpdateAsync(deviceName, name, resourceGroupName, encryptedPassword, shareAccessRights).GetAwaiter().GetResult()); }