async Task <(X509Thumbprint, IdCertificates)> CreateIdentityCertAsync(string deviceId, CancellationToken token)
{
(string, string, string)rootCa =
Context.Current.RootCaKeys.Expect(() => new InvalidOperationException("Missing root CA keys"));
string caCertScriptPath = Context.Current.CaCertScriptPath.Expect(
() => new InvalidOperationException("Missing CA cert script path"));
string idScope = Context.Current.DpsIdScope.Expect(
() => new InvalidOperationException("Missing DPS ID scope"));
CertificateAuthority ca = await CertificateAuthority.CreateAsync(
deviceId,
rootCa,
caCertScriptPath,
token);
var identityCerts = await ca.GenerateIdentityCertificatesAsync(deviceId, token);
X509Certificate2 deviceCert = new X509Certificate2(identityCerts.CertificatePath);
return(new X509Thumbprint()
{
PrimaryThumbprint = deviceCert.Thumbprint,
SecondaryThumbprint = deviceCert.Thumbprint
},
identityCerts);
}
public async Task SetUpCertificatesAsync()
{
await Profiler.Run(
() => this.SasProvisionEdgeAsync(),
"Completed edge manual provisioning with SAS token");
await Profiler.Run(
async() =>
{
(string, string, string)rootCa =
Context.Current.RootCaKeys.Expect(() => new InvalidOperationException("Missing root CA keys"));
string caCertScriptPath =
Context.Current.CaCertScriptPath.Expect(() => new InvalidOperationException("Missing CA cert script path"));
using (var cts = new CancellationTokenSource(Context.Current.SetupTimeout))
{
DateTime startTime = DateTime.Now;
CancellationToken token = cts.Token;
string deviceId = this.runtime.DeviceId;
try
{
this.ca = await CertificateAuthority.CreateAsync(
deviceId,
rootCa,
caCertScriptPath,
token);
CaCertificates caCert = await this.ca.GenerateCaCertificatesAsync(deviceId, token);
this.ca.EdgeCertificates = caCert;
await this.daemon.ConfigureAsync(
config =>
{
config.SetCertificates(caCert);
config.Update();
return(Task.FromResult(("with edge certificates", Array.Empty <object>())));
},
token);
await this.runtime.DeployConfigurationAsync(token);
}
// ReSharper disable once RedundantCatchClause
catch
{
throw;
}
finally
{
await NUnitLogs.CollectAsync(startTime, token);
}
}
},
"Completed custom certificate setup");
}
public async Task DpsX509()
{
(string, string, string)rootCa =
Context.Current.RootCaKeys.Expect(() => new InvalidOperationException("Missing root CA keys"));
string caCertScriptPath =
Context.Current.CaCertScriptPath.Expect(() => new InvalidOperationException("Missing CA cert script path"));
string idScope = Context.Current.DpsIdScope.Expect(() => new InvalidOperationException("Missing DPS ID scope"));
string registrationId = DeviceId.Current.Generate();
CancellationToken token = this.TestToken;
CertificateAuthority ca = await CertificateAuthority.CreateAsync(
registrationId,
rootCa,
caCertScriptPath,
token);
IdCertificates idCert = await ca.GenerateIdentityCertificatesAsync(registrationId, token);
// The trust bundle for this test isn't used. It can be any arbitrary existing certificate.
string trustBundle = Path.Combine(
caCertScriptPath,
"certs",
"azure-iot-test-only.intermediate-full-chain.cert.pem");
await this.daemon.ConfigureAsync(
config =>
{
config.SetDpsX509(idScope, registrationId, idCert, trustBundle);
config.Update();
return(Task.FromResult((
"with DPS X509 attestation for '{Identity}'",
new object[] { registrationId })));
},
token);
await this.daemon.WaitForStatusAsync(EdgeDaemonStatus.Running, token);
var agent = new EdgeAgent(registrationId, this.iotHub);
await agent.WaitForStatusAsync(EdgeModuleStatus.Running, token);
await agent.PingAsync(token);
Option <EdgeDevice> device = await EdgeDevice.GetIdentityAsync(
registrationId,
Context.Current.ParentDeviceId,
this.iotHub,
token,
takeOwnership : true);
Context.Current.DeleteList.TryAdd(
registrationId,
device.Expect(() => new InvalidOperationException(
$"Device '{registrationId}' should have been created by DPS, but was not found in '{this.iotHub.Hostname}'")));
}
public async Task BeforeAllAsync()
{
await Profiler.Run(
async() =>
{
(string, string, string)rootCa =
Context.Current.RootCaKeys.Expect(() => new ArgumentException());
Option <Uri> proxy = Context.Current.Proxy;
string deviceId = Context.Current.DeviceId;
using (var cts = new CancellationTokenSource(Context.Current.SetupTimeout))
{
CancellationToken token = cts.Token;
this.iotHub = new IotHub(
Context.Current.ConnectionString,
Context.Current.EventHubEndpoint,
proxy);
this.ca = await CertificateAuthority.CreateAsync(
deviceId,
rootCa,
Context.Current.CaCertScriptPath,
token);
this.daemon = OsPlatform.Current.CreateEdgeDaemon(Context.Current.InstallerPath);
await this.daemon.ConfigureAsync(
config =>
{
config.SetCertificates(this.ca.Certificates);
config.Update();
return(Task.FromResult(("with edge certificates", Array.Empty <object>())));
},
token);
var runtime = new EdgeRuntime(
deviceId,
Context.Current.EdgeAgentImage,
Context.Current.EdgeHubImage,
proxy,
Context.Current.Registries,
Context.Current.OptimizeForPerformance,
this.iotHub);
await runtime.DeployConfigurationAsync(token);
}
},
"Completed custom certificate setup");
}
async Task <(X509Thumbprint, string, string)> CreateIdentityCertAsync(string deviceId, CancellationToken token)
{
(string, string, string)rootCa =
Context.Current.RootCaKeys.Expect(() => new InvalidOperationException("Missing root CA keys"));
string caCertScriptPath = Context.Current.CaCertScriptPath.Expect(
() => new InvalidOperationException("Missing CA cert script path"));
string idScope = Context.Current.DpsIdScope.Expect(
() => new InvalidOperationException("Missing DPS ID scope"));
CertificateAuthority ca = await CertificateAuthority.CreateAsync(
deviceId,
rootCa,
caCertScriptPath,
token);
var identityCerts = await ca.GenerateIdentityCertificatesAsync(deviceId, token);
// Generated credentials need to be copied out of the script path because future runs
// of the script will overwrite them.
string path = $"/etc/aziot/e2e_tests/{deviceId}";
string certPath = $"{path}/device_id_cert.pem";
string keyPath = $"{path}/device_id_cert_key.pem";
Directory.CreateDirectory(path);
File.Copy(identityCerts.CertificatePath, certPath);
OsPlatform.Current.SetOwner(certPath, "aziotcs", "644");
File.Copy(identityCerts.KeyPath, keyPath);
OsPlatform.Current.SetOwner(keyPath, "aziotks", "600");
X509Certificate2 deviceCert = new X509Certificate2(identityCerts.CertificatePath);
return(new X509Thumbprint()
{
PrimaryThumbprint = deviceCert.Thumbprint,
SecondaryThumbprint = deviceCert.Thumbprint
},
certPath,
keyPath);
}
public async Task DpsX509()
{
(string, string, string)rootCa =
Context.Current.RootCaKeys.Expect(() => new InvalidOperationException("Missing DPS ID scope (check rootCaPrivateKeyPath in context.json)"));
string caCertScriptPath =
Context.Current.CaCertScriptPath.Expect(() => new InvalidOperationException("Missing CA cert script path (check caCertScriptPath in context.json)"));
string idScope = Context.Current.DpsIdScope.Expect(() => new InvalidOperationException("Missing DPS ID scope (check dpsIdScope in context.json)"));
string registrationId = DeviceId.Current.Generate();
CancellationToken token = this.TestToken;
CertificateAuthority ca = await CertificateAuthority.CreateAsync(
registrationId,
rootCa,
caCertScriptPath,
token);
IdCertificates idCert = await ca.GenerateIdentityCertificatesAsync(registrationId, token);
(TestCertificates testCerts, _) = await TestCertificates.GenerateCertsAsync(registrationId, token);
// Generated credentials need to be copied out of the script path because future runs
// of the script will overwrite them.
string path = Path.Combine(FixedPaths.E2E_TEST_DIR, registrationId);
string certPath = Path.Combine(path, "device_id_cert.pem");
string keyPath = Path.Combine(path, "device_id_cert_key.pem");
Directory.CreateDirectory(path);
File.Copy(idCert.CertificatePath, certPath);
OsPlatform.Current.SetOwner(certPath, "aziotcs", "644");
File.Copy(idCert.KeyPath, keyPath);
OsPlatform.Current.SetOwner(keyPath, "aziotks", "600");
await this.daemon.ConfigureAsync(
config =>
{
testCerts.AddCertsToConfig(config);
config.SetDpsX509(idScope, registrationId, certPath, keyPath);
config.Update();
return(Task.FromResult((
"with DPS X509 attestation for '{Identity}'",
new object[] { registrationId })));
},
token);
await this.daemon.WaitForStatusAsync(EdgeDaemonStatus.Running, token);
var agent = new EdgeAgent(registrationId, this.iotHub);
await agent.WaitForStatusAsync(EdgeModuleStatus.Running, token);
await agent.PingAsync(token);
Option <EdgeDevice> device = await EdgeDevice.GetIdentityAsync(
registrationId,
this.iotHub,
token,
takeOwnership : true);
Context.Current.DeleteList.TryAdd(
registrationId,
device.Expect(() => new InvalidOperationException(
$"Device '{registrationId}' should have been created by DPS, but was not found in '{this.iotHub.Hostname}'")));
}
