public SIPSorceryWebServicePersistor(string serverURL, string authid) { BasicHttpSecurityMode securitymode = (serverURL.StartsWith("https")) ? BasicHttpSecurityMode.Transport : BasicHttpSecurityMode.None; SIPSorcerySecurityHeader securityHeader = new SIPSorcerySecurityHeader(authid); SIPSorceryCustomHeader sipSorceryHeader = new SIPSorceryCustomHeader(new List<MessageHeader>(){securityHeader}); BasicHttpCustomHeaderBinding binding = new BasicHttpCustomHeaderBinding(sipSorceryHeader, securitymode); binding.MaxReceivedMessageSize = MAX_WCF_MESSAGE_SIZE; EndpointAddress address = new EndpointAddress(serverURL); m_provisioningServiceProxy = new ProvisioningServiceClient(binding, address); // Provisioning web service delegates. m_provisioningServiceProxy.IsAliveCompleted += IsAliveCompleted; m_provisioningServiceProxy.TestExceptionCompleted += TestExceptionCompleted; m_provisioningServiceProxy.AreNewAccountsEnabledCompleted += AreNewAccountsEnabledCompleted; m_provisioningServiceProxy.CheckInviteCodeCompleted += CheckInviteCodeCompleted; m_provisioningServiceProxy.LoginCompleted += LoginCompleted; m_provisioningServiceProxy.LogoutCompleted += LogoutCompleted; m_provisioningServiceProxy.GetCustomerCompleted += GetCustomerCompleted; m_provisioningServiceProxy.UpdateCustomerCompleted += UpdateCustomerCompleted; m_provisioningServiceProxy.UpdateCustomerPasswordCompleted += UpdateCustomerPasswordCompleted; m_provisioningServiceProxy.GetSIPAccountsCompleted += GetSIPAccountsCompleted; m_provisioningServiceProxy.GetSIPAccountsCountCompleted += GetSIPAccountsCountCompleted; m_provisioningServiceProxy.AddSIPAccountCompleted += AddSIPAccountCompleted; m_provisioningServiceProxy.UpdateSIPAccountCompleted += UpdateSIPAccountCompleted; m_provisioningServiceProxy.DeleteSIPAccountCompleted += DeleteSIPAccountCompleted; m_provisioningServiceProxy.GetDialPlansCountCompleted += GetDialPlansCountCompleted; m_provisioningServiceProxy.GetDialPlansCompleted += GetDialPlansCompleted; m_provisioningServiceProxy.UpdateDialPlanCompleted += UpdateDialPlanCompleted; m_provisioningServiceProxy.AddDialPlanCompleted += AddDialPlanCompleted; m_provisioningServiceProxy.DeleteDialPlanCompleted += DeleteDialPlanCompleted; m_provisioningServiceProxy.GetSIPProvidersCountCompleted += GetSIPProvidersCountCompleted; m_provisioningServiceProxy.GetSIPProvidersCompleted += GetSIPProvidersCompleted; m_provisioningServiceProxy.AddSIPProviderCompleted += AddSIPProviderCompleted; m_provisioningServiceProxy.UpdateSIPProviderCompleted += UpdateSIPProviderCompleted; m_provisioningServiceProxy.DeleteSIPProviderCompleted += DeleteSIPProviderCompleted; m_provisioningServiceProxy.GetSIPDomainsCompleted += GetSIPDomainsCompleted; m_provisioningServiceProxy.GetSIPRegistrarBindingsCompleted += GetSIPRegistrarBindingsCompleted; m_provisioningServiceProxy.GetSIPRegistrarBindingsCountCompleted += GetSIPRegistrarBindingsCountCompleted; m_provisioningServiceProxy.GetSIPProviderBindingsCompleted += GetSIPProviderBindingsCompleted; m_provisioningServiceProxy.GetSIPProviderBindingsCountCompleted += GetSIPProviderBindingsCountCompleted; m_provisioningServiceProxy.GetCallsCountCompleted += m_provisioningServiceProxy_GetCallsCountCompleted; m_provisioningServiceProxy.GetCallsCompleted += m_provisioningServiceProxy_GetCallsCompleted; m_provisioningServiceProxy.GetCDRsCountCompleted += GetCDRsCountCompleted; m_provisioningServiceProxy.GetCDRsCompleted += GetCDRsCompleted; m_provisioningServiceProxy.CreateCustomerCompleted += CreateCustomerCompleted; m_provisioningServiceProxy.DeleteCustomerCompleted += DeleteCustomerCompleted; m_provisioningServiceProxy.GetTimeZoneOffsetMinutesCompleted += GetTimeZoneOffsetMinutesCompleted; m_provisioningServiceProxy.ExtendSessionCompleted += ExtendSessionCompleted; }
public async Task ProvisioningServiceClient_GetEnrollmentGroupAttestation(AttestationMechanismType attestationType) { ProvisioningServiceClient provisioningServiceClient = ProvisioningServiceClient.CreateFromConnectionString(Configuration.Provisioning.ConnectionString); string groupId = AttestationTypeToString(attestationType) + "-" + Guid.NewGuid(); EnrollmentGroup enrollmentGroup = await CreateEnrollmentGroup(provisioningServiceClient, attestationType, groupId, null, AllocationPolicy.Static, null, null, null); AttestationMechanism attestationMechanism = await provisioningServiceClient.GetEnrollmentGroupAttestationAsync(enrollmentGroup.EnrollmentGroupId); // Note that tpm is not a supported attestation type for group enrollments if (attestationType == AttestationMechanismType.SymmetricKey) { Assert.AreEqual(AttestationMechanismType.SymmetricKey, attestationMechanism.Type); SymmetricKeyAttestation symmetricKeyAttestation = (SymmetricKeyAttestation)attestationMechanism.GetAttestation(); Assert.AreEqual(((SymmetricKeyAttestation)enrollmentGroup.Attestation).PrimaryKey, symmetricKeyAttestation.PrimaryKey); Assert.AreEqual(((SymmetricKeyAttestation)enrollmentGroup.Attestation).SecondaryKey, symmetricKeyAttestation.SecondaryKey); } else if (attestationType == AttestationMechanismType.X509) { Assert.AreEqual(AttestationMechanismType.X509, attestationMechanism.Type); X509Attestation x509Attestation = (X509Attestation)attestationMechanism.GetAttestation(); Assert.AreEqual(((X509Attestation)enrollmentGroup.Attestation).GetPrimaryX509CertificateInfo().SHA1Thumbprint, x509Attestation.GetPrimaryX509CertificateInfo().SHA1Thumbprint); Assert.AreEqual(((X509Attestation)enrollmentGroup.Attestation).GetSecondaryX509CertificateInfo().SHA1Thumbprint, x509Attestation.GetSecondaryX509CertificateInfo().SHA1Thumbprint); } }
public static async Task ProvisioningServiceClient_GroupEnrollments_Create_Ok(string proxyServerAddress, AttestationType attestationType, ReprovisionPolicy reprovisionPolicy, AllocationPolicy allocationPolicy, CustomAllocationDefinition customAllocationDefinition, ICollection <string> iothubs) { string groupId = IdPrefix + AttestationTypeToString(attestationType) + "-" + Guid.NewGuid(); using (ProvisioningServiceClient provisioningServiceClient = CreateProvisioningService(proxyServerAddress)) { EnrollmentGroup enrollmentGroup = await CreateEnrollmentGroup(provisioningServiceClient, attestationType, groupId, reprovisionPolicy, allocationPolicy, customAllocationDefinition, iothubs, null).ConfigureAwait(false); EnrollmentGroup enrollmentGroupResult = await provisioningServiceClient.GetEnrollmentGroupAsync(enrollmentGroup.EnrollmentGroupId).ConfigureAwait(false); Assert.AreEqual(enrollmentGroupResult.ProvisioningStatus, ProvisioningStatus.Enabled); if (reprovisionPolicy != null) { Assert.AreEqual(reprovisionPolicy.MigrateDeviceData, enrollmentGroupResult.ReprovisionPolicy.MigrateDeviceData); Assert.AreEqual(reprovisionPolicy.UpdateHubAssignment, enrollmentGroupResult.ReprovisionPolicy.UpdateHubAssignment); } if (customAllocationDefinition != null) { Assert.AreEqual(customAllocationDefinition.WebhookUrl, enrollmentGroupResult.CustomAllocationDefinition.WebhookUrl); Assert.AreEqual(customAllocationDefinition.ApiVersion, enrollmentGroupResult.CustomAllocationDefinition.ApiVersion); } Assert.AreEqual(allocationPolicy, enrollmentGroup.AllocationPolicy); try { await provisioningServiceClient.DeleteEnrollmentGroupAsync(enrollmentGroup.EnrollmentGroupId).ConfigureAwait(false); } catch (Exception ex) { Console.WriteLine($"Cleanup of enrollment group failed due to {ex}"); } } }
public async Task <bool> AddDeviceProvisioningServiceClientAsync(string OptionalDeviceId) { try { Console.WriteLine("Starting sample..."); using (ProvisioningServiceClient provisioningServiceClient = ProvisioningServiceClient.CreateFromConnectionString(_provisioningConnectionString)) { #region Create a new individualEnrollment config Console.WriteLine("\nCreating a new individualEnrollment..."); Attestation attestation = new TpmAttestation(TpmEndorsementKey); IndividualEnrollment individualEnrollment = new IndividualEnrollment(RegistrationId, attestation) { DeviceId = OptionalDeviceId, ProvisioningStatus = OptionalProvisioningStatus }; #endregion #region Create the individualEnrollment Console.WriteLine("\nAdding new individualEnrollment..."); IndividualEnrollment individualEnrollmentResult = await provisioningServiceClient.CreateOrUpdateIndividualEnrollmentAsync(individualEnrollment).ConfigureAwait(false); Console.WriteLine("\nIndividualEnrollment created with success."); Console.WriteLine(individualEnrollmentResult); #endregion } return(true); } catch (Exception ex) { Console.WriteLine(ex.Message); return(false); } }
private async Task <SecurityProvider> CreateSecurityProviderFromName(AttestationType attestationType, EnrollmentType?enrollmentType, string groupId, ReprovisionPolicy reprovisionPolicy, AllocationPolicy allocationPolicy, CustomAllocationDefinition customAllocationDefinition, ICollection <string> iothubs, DeviceCapabilities capabilities = null) { _verboseLog.WriteLine($"{nameof(CreateSecurityProviderFromName)}({attestationType})"); var provisioningServiceClient = ProvisioningServiceClient.CreateFromConnectionString(Configuration.Provisioning.ConnectionString); switch (attestationType) { case AttestationType.Tpm: string registrationId = AttestationTypeToString(attestationType) + "-registration-id-" + Guid.NewGuid(); var tpmSim = new SecurityProviderTpmSimulator(registrationId); string base64Ek = Convert.ToBase64String(tpmSim.GetEndorsementKey()); var provisioningService = ProvisioningServiceClient.CreateFromConnectionString(Configuration.Provisioning.ConnectionString); _log.WriteLine($"Getting enrollment: RegistrationID = {registrationId}"); IndividualEnrollment individualEnrollment = new IndividualEnrollment(registrationId, new TpmAttestation(base64Ek)) { AllocationPolicy = allocationPolicy, ReprovisionPolicy = reprovisionPolicy, IotHubs = iothubs, CustomAllocationDefinition = customAllocationDefinition, Capabilities = capabilities }; IndividualEnrollment enrollment = await provisioningService.CreateOrUpdateIndividualEnrollmentAsync(individualEnrollment).ConfigureAwait(false); var attestation = new TpmAttestation(base64Ek); enrollment.Attestation = attestation; _log.WriteLine($"Updating enrollment: RegistrationID = {registrationId} EK = '{base64Ek}'"); await provisioningService.CreateOrUpdateIndividualEnrollmentAsync(enrollment).ConfigureAwait(false); return(tpmSim); case AttestationType.x509: X509Certificate2 certificate = null; X509Certificate2Collection collection = null; switch (enrollmentType) { case EnrollmentType.Individual: certificate = Configuration.Provisioning.GetIndividualEnrollmentCertificate(); break; case EnrollmentType.Group: certificate = Configuration.Provisioning.GetGroupEnrollmentCertificate(); collection = Configuration.Provisioning.GetGroupEnrollmentChain(); break; default: throw new NotSupportedException($"Unknown X509 type: '{enrollmentType}'"); } return(new SecurityProviderX509Certificate(certificate, collection)); case AttestationType.SymmetricKey: switch (enrollmentType) { case EnrollmentType.Group: EnrollmentGroup symmetricKeyEnrollmentGroup = await CreateEnrollmentGroup(provisioningServiceClient, AttestationType.SymmetricKey, groupId, reprovisionPolicy, allocationPolicy, customAllocationDefinition, iothubs, capabilities).ConfigureAwait(false); Assert.IsTrue(symmetricKeyEnrollmentGroup.Attestation is SymmetricKeyAttestation); SymmetricKeyAttestation symmetricKeyAttestation = (SymmetricKeyAttestation)symmetricKeyEnrollmentGroup.Attestation; string registrationIdSymmetricKey = IdPrefix + Guid.NewGuid(); string primaryKeyEnrollmentGroup = symmetricKeyAttestation.PrimaryKey; string secondaryKeyEnrollmentGroup = symmetricKeyAttestation.SecondaryKey; string primaryKeyIndividual = ProvisioningE2ETests.ComputeDerivedSymmetricKey(Convert.FromBase64String(primaryKeyEnrollmentGroup), registrationIdSymmetricKey); string secondaryKeyIndividual = ProvisioningE2ETests.ComputeDerivedSymmetricKey(Convert.FromBase64String(secondaryKeyEnrollmentGroup), registrationIdSymmetricKey); return(new SecurityProviderSymmetricKey(registrationIdSymmetricKey, primaryKeyIndividual, secondaryKeyIndividual)); case EnrollmentType.Individual: IndividualEnrollment symmetricKeyEnrollment = await CreateIndividualEnrollment(provisioningServiceClient, AttestationType.SymmetricKey, reprovisionPolicy, allocationPolicy, customAllocationDefinition, iothubs, capabilities).ConfigureAwait(false); Assert.IsTrue(symmetricKeyEnrollment.Attestation is SymmetricKeyAttestation); symmetricKeyAttestation = (SymmetricKeyAttestation)symmetricKeyEnrollment.Attestation; registrationIdSymmetricKey = symmetricKeyEnrollment.RegistrationId; string primaryKey = symmetricKeyAttestation.PrimaryKey; string secondaryKey = symmetricKeyAttestation.SecondaryKey; return(new SecurityProviderSymmetricKey(registrationIdSymmetricKey, primaryKey, secondaryKey)); default: throw new NotSupportedException("Unrecognized enrollment type"); } default: throw new NotSupportedException("Unrecognized attestation type"); } throw new NotSupportedException($"Unknown security type: '{attestationType}'."); }
public IotEdgeProvisioningBusiness() { registryManager = RegistryManager.CreateFromConnectionString("HostName=IotAdmin.azure-devices.net;SharedAccessKeyName=iothubowner;SharedAccessKey=67sJpyzluy5nnrsRBWht/nPptY9LFFrv50z7H6Xm67M="); provisioningServiceClient = ProvisioningServiceClient.CreateFromConnectionString("HostName=CowParkingDevices.azure-devices-provisioning.net;SharedAccessKeyName=provisioningserviceowner;SharedAccessKey=TojavzxrP8SpAWNqUto+cwbohURmpobEOD5q2MNka08="); serviceClient = ServiceClient.CreateFromConnectionString("HostName=IotAdmin.azure-devices.net;SharedAccessKeyName=iothubowner;SharedAccessKey=67sJpyzluy5nnrsRBWht/nPptY9LFFrv50z7H6Xm67M="); }
public EnrollmentSample(ProvisioningServiceClient provisioningServiceClient) { _provisioningServiceClient = provisioningServiceClient; }
public override void ExecuteCmdlet() { if (ShouldProcess(this.DpsName, DPSResources.AddEnrollmentGroup)) { ProvisioningServiceDescription provisioningServiceDescription; if (ParameterSetName.Equals(InputObjectParameterSet)) { this.ResourceGroupName = this.DpsObject.ResourceGroupName; this.DpsName = this.DpsObject.Name; provisioningServiceDescription = IotDpsUtils.ConvertObject <PSProvisioningServiceDescription, ProvisioningServiceDescription>(this.DpsObject); } else { if (ParameterSetName.Equals(ResourceIdParameterSet)) { this.ResourceGroupName = IotDpsUtils.GetResourceGroupName(this.ResourceId); this.DpsName = IotDpsUtils.GetIotDpsName(this.ResourceId); } provisioningServiceDescription = GetIotDpsResource(this.ResourceGroupName, this.DpsName); } IEnumerable <SharedAccessSignatureAuthorizationRuleAccessRightsDescription> authPolicies = this.IotDpsClient.IotDpsResource.ListKeys(this.DpsName, this.ResourceGroupName); SharedAccessSignatureAuthorizationRuleAccessRightsDescription policy = IotDpsUtils.GetPolicy(authPolicies, PSAccessRightsDescription.EnrollmentWrite); PSIotDpsConnectionString psIotDpsConnectionString = IotDpsUtils.ToPSIotDpsConnectionString(policy, provisioningServiceDescription.Properties.ServiceOperationsHostName); ProvisioningServiceClient client = ProvisioningServiceClient.CreateFromConnectionString(psIotDpsConnectionString.PrimaryConnectionString); EnrollmentGroup enrollment = client.GetEnrollmentGroupAsync(this.Name).GetAwaiter().GetResult(); if (enrollment != null) { // Updating ProvisioningStatus if (this.IsParameterBound(c => c.ProvisioningStatus)) { enrollment.ProvisioningStatus = (ProvisioningStatus)Enum.Parse(typeof(ProvisioningStatus), this.ProvisioningStatus.ToString()); } // Updating InitialTwinState if (this.IsParameterBound(c => c.Tag) || this.IsParameterBound(c => c.Desired)) { TwinCollection tags = this.IsParameterBound(c => c.Tag) ? new TwinCollection(JsonConvert.SerializeObject(this.Tag)) : (enrollment.InitialTwinState != null ? enrollment.InitialTwinState.Tags : new TwinCollection()); TwinCollection desiredProperties = this.IsParameterBound(c => c.Desired) ? new TwinCollection(JsonConvert.SerializeObject(this.Desired)) : (enrollment.InitialTwinState != null ? enrollment.InitialTwinState.DesiredProperties : new TwinCollection()); enrollment.InitialTwinState = new TwinState(tags, desiredProperties); } // Updating Capabilities if (this.IsParameterBound(c => c.EdgeEnabled)) { enrollment.Capabilities = new DeviceCapabilities() { IotEdge = this.EdgeEnabled }; } // Updating ReprovisionPolicy if (this.IsParameterBound(c => c.ReprovisionPolicy)) { switch (this.ReprovisionPolicy) { case PSReprovisionType.reprovisionandmigratedata: enrollment.ReprovisionPolicy = new ReprovisionPolicy() { UpdateHubAssignment = true, MigrateDeviceData = true }; break; case PSReprovisionType.reprovisionandresetdata: enrollment.ReprovisionPolicy = new ReprovisionPolicy() { UpdateHubAssignment = true, MigrateDeviceData = false }; break; case PSReprovisionType.never: enrollment.ReprovisionPolicy = new ReprovisionPolicy() { UpdateHubAssignment = false, MigrateDeviceData = false }; break; } } // Updating AllocationPolicy and Hub if (this.IsParameterBound(c => c.IotHubHostName) && this.IsParameterBound(c => c.AllocationPolicy)) { throw new ArgumentException("\"IotHubHostName\" is not required when allocation-policy is defined."); } if (this.IsParameterBound(c => c.IotHubHostName) && this.IsParameterBound(c => c.IotHub)) { throw new ArgumentException("\"IotHubHostName\" is not required when IotHub is defined."); } if (this.IsParameterBound(c => c.IotHubHostName)) { enrollment.IotHubHostName = this.IotHubHostName; enrollment.CustomAllocationDefinition = null; enrollment.AllocationPolicy = null; enrollment.IotHubs = null; } if (this.IsParameterBound(c => c.AllocationPolicy)) { enrollment.AllocationPolicy = (Devices.Provisioning.Service.AllocationPolicy)Enum.Parse(typeof(Devices.Provisioning.Service.AllocationPolicy), this.AllocationPolicy.ToString()); } switch (enrollment.AllocationPolicy) { case Devices.Provisioning.Service.AllocationPolicy.Static: if (this.IsParameterBound(c => c.IotHub)) { if (this.IotHub.Length > 1) { throw new ArgumentException("Please provide only one hub when allocation-policy is defined as Static."); } enrollment.IotHubs = this.IotHub; } enrollment.CustomAllocationDefinition = null; enrollment.IotHubHostName = null; break; case Devices.Provisioning.Service.AllocationPolicy.Custom: if (enrollment.CustomAllocationDefinition == null) { if (!this.IsParameterBound(c => c.WebhookUrl)) { throw new ArgumentException("Please provide an Azure function url when allocation-policy is defined as Custom."); } if (!this.IsParameterBound(c => c.ApiVersion)) { throw new ArgumentException("Please provide an Azure function api-version when allocation-policy is defined as Custom."); } } string webhookUrl = string.Empty, apiVersion = string.Empty; webhookUrl = this.IsParameterBound(c => c.WebhookUrl) ? this.WebhookUrl : enrollment.CustomAllocationDefinition.WebhookUrl; apiVersion = this.IsParameterBound(c => c.ApiVersion) ? this.ApiVersion : enrollment.CustomAllocationDefinition.ApiVersion; enrollment.CustomAllocationDefinition = new CustomAllocationDefinition() { WebhookUrl = webhookUrl, ApiVersion = apiVersion }; enrollment.IotHubHostName = null; if (this.IsParameterBound(c => c.IotHub)) { enrollment.IotHubs = this.IotHub; } break; case Devices.Provisioning.Service.AllocationPolicy.Hashed: case Devices.Provisioning.Service.AllocationPolicy.GeoLatency: if (this.IsParameterBound(c => c.IotHub)) { enrollment.IotHubs = this.IotHub; } enrollment.CustomAllocationDefinition = null; enrollment.IotHubHostName = null; break; default: if (this.IsParameterBound(c => c.IotHub)) { throw new ArgumentException("Please provide allocation policy."); } break; } } else { throw new ArgumentException("The enrollment doesn't exist."); } EnrollmentGroup result = client.CreateOrUpdateEnrollmentGroupAsync(enrollment).GetAwaiter().GetResult(); this.WriteObject(IotDpsUtils.ToPSEnrollmentGroup(result)); } }
public override void ExecuteCmdlet() { if (ShouldProcess(this.DpsName, DPSResources.AddEnrollment)) { ProvisioningServiceDescription provisioningServiceDescription; if (ParameterSetName.Equals(InputObjectParameterSet)) { this.ResourceGroupName = this.DpsObject.ResourceGroupName; this.DpsName = this.DpsObject.Name; provisioningServiceDescription = IotDpsUtils.ConvertObject <PSProvisioningServiceDescription, ProvisioningServiceDescription>(this.DpsObject); } else { if (ParameterSetName.Equals(ResourceIdParameterSet)) { this.ResourceGroupName = IotDpsUtils.GetResourceGroupName(this.ResourceId); this.DpsName = IotDpsUtils.GetIotDpsName(this.ResourceId); } provisioningServiceDescription = GetIotDpsResource(this.ResourceGroupName, this.DpsName); } IEnumerable <SharedAccessSignatureAuthorizationRuleAccessRightsDescription> authPolicies = this.IotDpsClient.IotDpsResource.ListKeys(this.DpsName, this.ResourceGroupName); SharedAccessSignatureAuthorizationRuleAccessRightsDescription policy = IotDpsUtils.GetPolicy(authPolicies, PSAccessRightsDescription.EnrollmentWrite); PSIotDpsConnectionString psIotDpsConnectionString = IotDpsUtils.ToPSIotDpsConnectionString(policy, provisioningServiceDescription.Properties.ServiceOperationsHostName); ProvisioningServiceClient client = ProvisioningServiceClient.CreateFromConnectionString(psIotDpsConnectionString.PrimaryConnectionString); Attestation attestation = null; TwinCollection tags = new TwinCollection(), desiredProperties = new TwinCollection(); if (this.IsParameterBound(c => c.Tag)) { tags = new TwinCollection(JsonConvert.SerializeObject(this.Tag)); } if (this.IsParameterBound(c => c.Desired)) { desiredProperties = new TwinCollection(JsonConvert.SerializeObject(this.Desired)); } switch (this.AttestationType) { case PSAttestationMechanismType.SymmetricKey: if ((this.IsParameterBound(c => c.PrimaryKey) && !this.IsParameterBound(c => c.SecondaryKey)) || (!this.IsParameterBound(c => c.PrimaryKey) && this.IsParameterBound(c => c.SecondaryKey))) { throw new ArgumentException("Please provide both primary and secondary key."); } else { attestation = new SymmetricKeyAttestation(this.PrimaryKey, this.SecondaryKey); } break; case PSAttestationMechanismType.Tpm: if (this.IsParameterBound(c => c.EndorsementKey)) { attestation = new TpmAttestation(this.EndorsementKey, this.IsParameterBound(c => c.StorageRootKey) ? this.StorageRootKey : null); } else { throw new ArgumentException("Endorsement key is requried."); } break; case PSAttestationMechanismType.X509: if (!this.IsParameterBound(c => c.PrimaryCertificate) && !this.IsParameterBound(c => c.SecondaryCertificate)) { if (!this.IsParameterBound(c => c.PrimaryCAName)) { throw new ArgumentException("Primary CA reference cannot be null or empty."); } if (this.IsParameterBound(c => c.SecondaryCAName)) { attestation = X509Attestation.CreateFromCAReferences(this.PrimaryCAName, this.SecondaryCAName); } else { attestation = X509Attestation.CreateFromCAReferences(this.PrimaryCAName); } } else if (!this.IsParameterBound(c => c.PrimaryCAName) && !this.IsParameterBound(c => c.SecondaryCAName)) { string primaryCer = string.Empty, secondaryCer = string.Empty; if (!this.IsParameterBound(c => c.PrimaryCertificate)) { throw new ArgumentException("Primary certificate cannot be null or empty."); } primaryCer = IotDpsUtils.GetCertificateString(this.PrimaryCertificate); if (this.IsParameterBound(c => c.SecondaryCertificate)) { secondaryCer = IotDpsUtils.GetCertificateString(this.PrimaryCertificate); if (this.IsParameterBound(c => c.RootCertificate)) { attestation = X509Attestation.CreateFromRootCertificates(primaryCer, secondaryCer); } else { attestation = X509Attestation.CreateFromClientCertificates(primaryCer, secondaryCer); } } else { if (this.IsParameterBound(c => c.RootCertificate)) { attestation = X509Attestation.CreateFromRootCertificates(primaryCer); } else { attestation = X509Attestation.CreateFromClientCertificates(primaryCer); } } } else { throw new ArgumentException("Please provide either CA reference or X509 certificate."); } break; default: throw new ArgumentException("Please provide valid attestation mechanism."); } IndividualEnrollment enrollment = new IndividualEnrollment(this.RegistrationId, attestation); if (this.IsParameterBound(c => c.DeviceId)) { enrollment.DeviceId = this.DeviceId; } enrollment.InitialTwinState = new TwinState(tags, desiredProperties); enrollment.Capabilities = new DeviceCapabilities() { IotEdge = this.EdgeEnabled.IsPresent }; switch (this.ReprovisionPolicy) { case PSReprovisionType.reprovisionandmigratedata: enrollment.ReprovisionPolicy = new ReprovisionPolicy() { UpdateHubAssignment = true, MigrateDeviceData = true }; break; case PSReprovisionType.reprovisionandresetdata: enrollment.ReprovisionPolicy = new ReprovisionPolicy() { UpdateHubAssignment = true, MigrateDeviceData = false }; break; case PSReprovisionType.never: enrollment.ReprovisionPolicy = new ReprovisionPolicy() { UpdateHubAssignment = false, MigrateDeviceData = false }; break; } if (this.IsParameterBound(c => c.AllocationPolicy)) { if (this.IsParameterBound(c => c.IotHubHostName)) { throw new ArgumentException("\"IotHubHostName\" is not required when allocation-policy is defined."); } if (this.AllocationPolicy.Equals(PSAllocationPolicy.Static)) { if (this.IsParameterBound(c => c.IotHub)) { if (this.IotHub.Length > 1) { throw new ArgumentException("Please provide only one hub when allocation-policy is defined as Static."); } } else { throw new ArgumentException("Please provide a hub to be assigned with device."); } } if (this.AllocationPolicy.Equals(PSAllocationPolicy.Custom)) { if (!this.IsParameterBound(c => c.WebhookUrl)) { throw new ArgumentException("Please provide an Azure function url when allocation-policy is defined as Custom."); } if (!this.IsParameterBound(c => c.ApiVersion)) { throw new ArgumentException("Please provide an Azure function api-version when allocation-policy is defined as Custom."); } enrollment.CustomAllocationDefinition = new CustomAllocationDefinition() { WebhookUrl = this.WebhookUrl, ApiVersion = this.ApiVersion }; } enrollment.AllocationPolicy = (Devices.Provisioning.Service.AllocationPolicy)Enum.Parse(typeof(Devices.Provisioning.Service.AllocationPolicy), this.AllocationPolicy.ToString()); enrollment.IotHubs = this.IotHub; } else { if (this.IsParameterBound(c => c.IotHub)) { throw new ArgumentException("Please provide allocation policy."); } if (this.IsParameterBound(c => c.IotHubHostName)) { enrollment.IotHubHostName = this.IotHubHostName; } } if (this.IsParameterBound(c => c.ProvisioningStatus)) { enrollment.ProvisioningStatus = (ProvisioningStatus)Enum.Parse(typeof(ProvisioningStatus), this.ProvisioningStatus.ToString()); } IndividualEnrollment result = client.CreateOrUpdateIndividualEnrollmentAsync(enrollment).GetAwaiter().GetResult(); this.WriteObject(IotDpsUtils.ToPSIndividualEnrollment(result)); } }
public static async Task RunSample() { Console.WriteLine("Starting sample..."); TwinCollection desiredProperties = new TwinCollection() { ["Brand"] = "Contoso", ["Model"] = "SSC4", ["Color"] = "White", }; using (ProvisioningServiceClient provisioningServiceClient = ProvisioningServiceClient.CreateFromConnectionString(_provisioningConnectionString)) { #region Create a new individualEnrollment Console.WriteLine("\nCreating a new individualEnrollment..."); Attestation attestation = new TpmAttestation(_tpmEndorsementKey); IndividualEnrollment individualEnrollment = new IndividualEnrollment( SampleRegistrationId, attestation); individualEnrollment.InitialTwinState = new TwinState( null, desiredProperties); IndividualEnrollment individualEnrollmentResult = await provisioningServiceClient.CreateOrUpdateIndividualEnrollmentAsync(individualEnrollment).ConfigureAwait(false); Console.WriteLine("\nIndividualEnrollment created with success..."); Console.WriteLine( "Note that there is a difference between the content of the individualEnrollment that you sent and\n" + " the individualEnrollmentResult that you received. The individualEnrollmentResult contains the eTag."); Console.WriteLine( "\nindividualEnrollment:\n" + individualEnrollment); Console.WriteLine( "\nindividualEnrollmentResult:\n" + individualEnrollmentResult); #endregion #region Update the info of individualEnrollment /* * At this point, if you try to update your information in the provisioning service using the individualEnrollment * that you created, it will fail because of the "precondition". It will happen because the individualEnrollment * do not contains the eTag, and the provisioning service will not be able to check if the enrollment that you * are updating is the correct one. * * So, to update the information you must use the individualEnrollmentResult that the provisioning service returned * when you created the enrollment, another solution is get the latest enrollment from the provisioning service * using the provisioningServiceClient.getIndividualEnrollment(), the result of this operation is an IndividualEnrollment * object that contains the eTag. */ Console.WriteLine("\nUpdating the enrollment..."); desiredProperties["Color"] = "Glace white"; individualEnrollmentResult.InitialTwinState = new TwinState(null, desiredProperties); individualEnrollmentResult = await provisioningServiceClient.CreateOrUpdateIndividualEnrollmentAsync(individualEnrollmentResult).ConfigureAwait(false); Console.WriteLine("\nIndividualEnrollment updated with success..."); Console.WriteLine(individualEnrollmentResult); #endregion #region Delete info of individualEnrollment Console.WriteLine("\nDeleting the individualEnrollment..."); await provisioningServiceClient.DeleteIndividualEnrollmentAsync(_registrationId).ConfigureAwait(false); #endregion } }
/// <summary> /// デバイス接続情報を取得する。 /// </summary> /// <param name="edgeId">端末ID</param> /// <returns>デバイス接続情報を返す。対象デバイスが見つからない場合nullを返す。</returns> public async Task <DeviceConnectionInfo> GetDeviceConnectionInfoAsync(Guid edgeId) { DeviceConnectionInfo result = null; string connectionStringDps = null; try { _logger.Enter($"{nameof(edgeId)}: {{0}}", new object[] { edgeId }); // DPS接続文字列取得 connectionStringDps = _appSettings.DpsConnectionString; if (string.IsNullOrWhiteSpace(connectionStringDps)) { throw new RmsInvalidAppSettingException("DpsConnectionString is required."); } string iotHubName = null; using (var service = ProvisioningServiceClient.CreateFromConnectionString(connectionStringDps)) { await _dpsPolly.ExecuteAsync( async() => { // 見つからなかったらProvisioningServiceClientHttpExceptionが発生して、 // その例外のStatusCodeにHttpStatusCode型のNotFoundになる。 // これ以外はとりあえず500にする。 DeviceRegistrationState deviceRegistrationState = await service.GetDeviceRegistrationStateAsync(edgeId.ToString()); iotHubName = deviceRegistrationState.AssignedHub; }); } string iotHubConnectionStringKey = string.Format(IoTHubNamePrefixOnAppSettings, iotHubName); // IoTHub接続文字列取得 string iotHubConnectionStringValue = _appSettings.GetConnectionString(iotHubConnectionStringKey); if (string.IsNullOrWhiteSpace(iotHubConnectionStringValue)) { throw new RmsInvalidAppSettingException(string.Format("{0} is required.", iotHubConnectionStringKey)); } result = new DeviceConnectionInfo() { EdgeId = edgeId, IotHubConnectionString = new KeyValuePair <string, string>(iotHubConnectionStringKey, iotHubConnectionStringValue), }; return(result); } catch (RmsException) { throw; } catch (ArgumentException ex) { // 接続文字列がフォーマットに則っていない。 throw new RmsInvalidAppSettingException("DpsConnectionString is invalid format.", ex); } catch (ProvisioningServiceClientHttpException ex) when(ex.StatusCode == HttpStatusCode.NotFound) { // 対象デバイスが見つからない result = null; return(result); } catch (ProvisioningServiceClientHttpException ex) when(ex.StatusCode == HttpStatusCode.Unauthorized) { // 使用した接続文字列で認証が通らなかった throw new RmsException(string.Format("DPSで認証エラーが発生しました。({0})", connectionStringDps), ex); } catch (Exception ex) { throw new RmsException("接続先のIoT Hub", ex); } finally { _logger.LeaveJson("{0}", new { result }); } }
public EnrollmentGroupSample(ProvisioningServiceClient provisioningServiceClient, X509Certificate2 groupIssuerCertificate) { _provisioningServiceClient = provisioningServiceClient; _groupIssuerCertificate = groupIssuerCertificate; }
public BulkOperationSample(ProvisioningServiceClient provisioningServiceClient) { _provisioningServiceClient = provisioningServiceClient; }
public static async Task <IndividualEnrollment> CreateIndividualEnrollmentAsync( ProvisioningServiceClient provisioningServiceClient, string registrationId, AttestationMechanismType attestationType, X509Certificate2 authenticationCertificate, ReprovisionPolicy reprovisionPolicy, AllocationPolicy allocationPolicy, CustomAllocationDefinition customAllocationDefinition, ICollection <string> iotHubsToProvisionTo, DeviceCapabilities capabilities, MsTestLogger logger) { Attestation attestation; IndividualEnrollment individualEnrollment; IndividualEnrollment createdEnrollment = null; switch (attestationType) { case AttestationMechanismType.Tpm: using (var tpmSim = new SecurityProviderTpmSimulator(registrationId)) { string base64Ek = Convert.ToBase64String(tpmSim.GetEndorsementKey()); individualEnrollment = new IndividualEnrollment(registrationId, new TpmAttestation(base64Ek)) { Capabilities = capabilities, AllocationPolicy = allocationPolicy, ReprovisionPolicy = reprovisionPolicy, CustomAllocationDefinition = customAllocationDefinition, IotHubs = iotHubsToProvisionTo }; IndividualEnrollment temporaryCreatedEnrollment = null; await RetryOperationHelper .RetryOperationsAsync( async() => { temporaryCreatedEnrollment = await provisioningServiceClient.CreateOrUpdateIndividualEnrollmentAsync(individualEnrollment).ConfigureAwait(false); }, s_provisioningServiceRetryPolicy, s_retryableExceptions, logger) .ConfigureAwait(false); if (temporaryCreatedEnrollment == null) { throw new ArgumentException($"The enrollment entry with registration Id {registrationId} could not be created, exiting test."); } attestation = new TpmAttestation(base64Ek); temporaryCreatedEnrollment.Attestation = attestation; await RetryOperationHelper .RetryOperationsAsync( async() => { createdEnrollment = await provisioningServiceClient.CreateOrUpdateIndividualEnrollmentAsync(temporaryCreatedEnrollment).ConfigureAwait(false); }, s_provisioningServiceRetryPolicy, s_retryableExceptions, logger) .ConfigureAwait(false); if (createdEnrollment == null) { throw new ArgumentException($"The enrollment entry with registration Id {registrationId} could not be updated, exiting test."); } return(createdEnrollment); } case AttestationMechanismType.SymmetricKey: string primaryKey = CryptoKeyGenerator.GenerateKey(32); string secondaryKey = CryptoKeyGenerator.GenerateKey(32); attestation = new SymmetricKeyAttestation(primaryKey, secondaryKey); break; case AttestationMechanismType.X509: attestation = X509Attestation.CreateFromClientCertificates(authenticationCertificate); break; default: throw new NotSupportedException("Test code has not been written for testing this attestation type yet"); } individualEnrollment = new IndividualEnrollment(registrationId, attestation) { Capabilities = capabilities, AllocationPolicy = allocationPolicy, ReprovisionPolicy = reprovisionPolicy, CustomAllocationDefinition = customAllocationDefinition, IotHubs = iotHubsToProvisionTo, }; await RetryOperationHelper .RetryOperationsAsync( async() => { createdEnrollment = await provisioningServiceClient.CreateOrUpdateIndividualEnrollmentAsync(individualEnrollment).ConfigureAwait(false); }, s_provisioningServiceRetryPolicy, s_retryableExceptions, logger) .ConfigureAwait(false); if (createdEnrollment == null) { throw new ArgumentException($"The enrollment entry with registration Id {registrationId} could not be created, exiting test."); } return(createdEnrollment); }
/// <summary> /// Update the enrollment under test such that it forces it to reprovision to the hubs within <paramref name="iotHubsToReprovisionTo"/> /// </summary> private async Task UpdateEnrollmentToForceReprovision(EnrollmentType?enrollmentType, ProvisioningServiceClient provisioningServiceClient, ICollection <String> iotHubsToReprovisionTo, SecurityProvider security, string groupId) { if (enrollmentType == EnrollmentType.Individual) { IndividualEnrollment individualEnrollment = await provisioningServiceClient.GetIndividualEnrollmentAsync(security.GetRegistrationID()).ConfigureAwait(false); individualEnrollment.IotHubs = iotHubsToReprovisionTo; IndividualEnrollment individualEnrollmentResult = await provisioningServiceClient.CreateOrUpdateIndividualEnrollmentAsync(individualEnrollment).ConfigureAwait(false); } else { EnrollmentGroup enrollmentGroup = await provisioningServiceClient.GetEnrollmentGroupAsync(groupId).ConfigureAwait(false); enrollmentGroup.IotHubs = iotHubsToReprovisionTo; EnrollmentGroup enrollmentGroupResult = await provisioningServiceClient.CreateOrUpdateEnrollmentGroupAsync(enrollmentGroup).ConfigureAwait(false); } }
public async Task ProvisioningServiceClient_IndividualEnrollments_Create_Ok( string proxyServerAddress, AttestationMechanismType attestationType, ReprovisionPolicy reprovisionPolicy, AllocationPolicy allocationPolicy, CustomAllocationDefinition customAllocationDefinition, ICollection <string> iotHubsToProvisionTo) { using (ProvisioningServiceClient provisioningServiceClient = CreateProvisioningService(proxyServerAddress)) { string registrationId = AttestationTypeToString(attestationType) + "-" + Guid.NewGuid(); IndividualEnrollment individualEnrollment = await CreateIndividualEnrollmentAsync( provisioningServiceClient, registrationId, attestationType, null, reprovisionPolicy, allocationPolicy, customAllocationDefinition, iotHubsToProvisionTo, null, Logger).ConfigureAwait(false); IndividualEnrollment individualEnrollmentResult = null; await RetryOperationHelper .RetryOperationsAsync( async() => { individualEnrollmentResult = await provisioningServiceClient.GetIndividualEnrollmentAsync(individualEnrollment.RegistrationId).ConfigureAwait(false); }, s_provisioningServiceRetryPolicy, s_retryableExceptions, Logger) .ConfigureAwait(false); if (individualEnrollmentResult == null) { throw new ArgumentException($"The individual enrollment with registration Id {individualEnrollment.RegistrationId} could not retrieved, exiting test."); } Assert.AreEqual(individualEnrollmentResult.ProvisioningStatus, ProvisioningStatus.Enabled); if (reprovisionPolicy != null) { Assert.AreEqual(reprovisionPolicy.UpdateHubAssignment, individualEnrollmentResult.ReprovisionPolicy.UpdateHubAssignment); Assert.AreEqual(reprovisionPolicy.MigrateDeviceData, individualEnrollmentResult.ReprovisionPolicy.MigrateDeviceData); } if (customAllocationDefinition != null) { Assert.AreEqual(customAllocationDefinition.WebhookUrl, individualEnrollmentResult.CustomAllocationDefinition.WebhookUrl); Assert.AreEqual(customAllocationDefinition.ApiVersion, individualEnrollmentResult.CustomAllocationDefinition.ApiVersion); } //allocation policy is never null Assert.AreEqual(allocationPolicy, individualEnrollmentResult.AllocationPolicy); await DeleteCreatedEnrollmentAsync(EnrollmentType.Individual, individualEnrollment.RegistrationId, null, Logger); } }
/// <summary> /// Update the enrollment under test such that it forces it to reprovision to the hubs within <paramref name="iotHubsToReprovisionTo"/> /// </summary> private async Task UpdateEnrollmentToForceReprovision(EnrollmentType? enrollmentType, ProvisioningServiceClient provisioningServiceClient, ICollection<String> iotHubsToReprovisionTo, SecurityProvider security, string groupId) { if (enrollmentType == EnrollmentType.Individual) { IndividualEnrollment retrievedEnrollment = null; await RetryOperationHelper .RetryOperationsAsync( async () => { retrievedEnrollment = await provisioningServiceClient.GetIndividualEnrollmentAsync(security.GetRegistrationID()).ConfigureAwait(false); }, s_provisioningServiceRetryPolicy, s_retryableExceptions, Logger) .ConfigureAwait(false); if (retrievedEnrollment == null) { throw new ArgumentException($"The individual enrollment entry with registration Id {security.GetRegistrationID()} could not be retrieved, exiting test."); } retrievedEnrollment.IotHubs = iotHubsToReprovisionTo; IndividualEnrollment updatedEnrollment = null; await RetryOperationHelper .RetryOperationsAsync( async () => { updatedEnrollment = await provisioningServiceClient.CreateOrUpdateIndividualEnrollmentAsync(retrievedEnrollment).ConfigureAwait(false); }, s_provisioningServiceRetryPolicy, s_retryableExceptions, Logger) .ConfigureAwait(false); if (updatedEnrollment == null) { throw new ArgumentException($"The individual enrollment entry with registration Id {security.GetRegistrationID()} could not be updated, exiting test."); } } else { EnrollmentGroup retrievedEnrollmentGroup = null; await RetryOperationHelper .RetryOperationsAsync( async () => { retrievedEnrollmentGroup = await provisioningServiceClient.GetEnrollmentGroupAsync(groupId).ConfigureAwait(false); }, s_provisioningServiceRetryPolicy, s_retryableExceptions, Logger) .ConfigureAwait(false); if (retrievedEnrollmentGroup == null) { throw new ArgumentException($"The enrollment group entry with group Id {groupId} could not be retrieved, exiting test."); } retrievedEnrollmentGroup.IotHubs = iotHubsToReprovisionTo; EnrollmentGroup updatedEnrollmentGroup = null; await RetryOperationHelper .RetryOperationsAsync( async () => { updatedEnrollmentGroup = await provisioningServiceClient.CreateOrUpdateEnrollmentGroupAsync(retrievedEnrollmentGroup).ConfigureAwait(false); }, s_provisioningServiceRetryPolicy, s_retryableExceptions, Logger) .ConfigureAwait(false); if (updatedEnrollmentGroup == null) { throw new ArgumentException($"The enrollment group entry with group Id {groupId} could not be updated, exiting test."); } } }
private async Task<SecurityProvider> CreateSecurityProviderFromNameAsync( AttestationMechanismType attestationType, EnrollmentType? enrollmentType, string groupId, ReprovisionPolicy reprovisionPolicy, AllocationPolicy allocationPolicy, CustomAllocationDefinition customAllocationDefinition, ICollection<string> iothubs, DeviceCapabilities capabilities = null) { _verboseLog.WriteLine($"{nameof(CreateSecurityProviderFromNameAsync)}({attestationType})"); string registrationId = AttestationTypeToString(attestationType) + "-" + Guid.NewGuid(); using var provisioningServiceClient = ProvisioningServiceClient.CreateFromConnectionString(TestConfiguration.Provisioning.ConnectionString); switch (attestationType) { case AttestationMechanismType.Tpm: IndividualEnrollment tpmEnrollment = await CreateIndividualEnrollmentAsync( provisioningServiceClient, registrationId, AttestationMechanismType.Tpm, null, reprovisionPolicy, allocationPolicy, customAllocationDefinition, iothubs, capabilities, Logger).ConfigureAwait(false); return new SecurityProviderTpmSimulator(tpmEnrollment.RegistrationId); case AttestationMechanismType.X509: X509Certificate2 certificate = null; X509Certificate2Collection collection = null; switch (enrollmentType) { case EnrollmentType.Individual: X509Certificate2Helper.GenerateSelfSignedCertificateFiles(registrationId, s_x509CertificatesFolder, Logger); #pragma warning disable CA2000 // Dispose objects before losing scope // This certificate is used for authentication with IoT hub and is returned to the caller of this method. // It is disposed when the caller to this method is disposed, at the end of the test method. certificate = X509Certificate2Helper.CreateX509Certificate2FromPfxFile(registrationId, s_x509CertificatesFolder); #pragma warning restore CA2000 // Dispose objects before losing scope using (X509Certificate2 publicCertificate = X509Certificate2Helper.CreateX509Certificate2FromCerFile(registrationId, s_x509CertificatesFolder)) { IndividualEnrollment x509IndividualEnrollment = await CreateIndividualEnrollmentAsync( provisioningServiceClient, registrationId, AttestationMechanismType.X509, publicCertificate, reprovisionPolicy, allocationPolicy, customAllocationDefinition, iothubs, capabilities, Logger).ConfigureAwait(false); x509IndividualEnrollment.Attestation.Should().BeAssignableTo<X509Attestation>(); } break; case EnrollmentType.Group: // The X509 enrollment group has been hardcoded for the purpose of E2E tests and the root certificate has been verified on DPS. // Each device identity provisioning through the above enrollment group is created on-demand. X509Certificate2Helper.GenerateIntermediateCertificateSignedCertificateFiles( registrationId, s_intermediateCertificateSubject, s_x509CertificatesFolder, Logger); #pragma warning disable CA2000 // Dispose objects before losing scope // This certificate is used for authentication with IoT hub and is returned to the caller of this method. // It is disposed when the caller to this method is disposed, at the end of the test method. certificate = X509Certificate2Helper.CreateX509Certificate2FromPfxFile(registrationId, s_x509CertificatesFolder); #pragma warning restore CA2000 // Dispose objects before losing scope collection = new X509Certificate2Collection { TestConfiguration.CommonCertificates.GetRootCaCertificate(), TestConfiguration.CommonCertificates.GetIntermediate1Certificate(), TestConfiguration.CommonCertificates.GetIntermediate2Certificate(), X509Certificate2Helper.CreateX509Certificate2FromCerFile(registrationId, s_x509CertificatesFolder) }; break; default: throw new NotSupportedException($"Unknown X509 type: '{enrollmentType}'"); } return new SecurityProviderX509Certificate(certificate, collection); case AttestationMechanismType.SymmetricKey: switch (enrollmentType) { case EnrollmentType.Group: EnrollmentGroup symmetricKeyEnrollmentGroup = await CreateEnrollmentGroupAsync( provisioningServiceClient, AttestationMechanismType.SymmetricKey, groupId, reprovisionPolicy, allocationPolicy, customAllocationDefinition, iothubs, capabilities, Logger) .ConfigureAwait(false); Assert.IsTrue(symmetricKeyEnrollmentGroup.Attestation is SymmetricKeyAttestation); var symmetricKeyAttestation = (SymmetricKeyAttestation)symmetricKeyEnrollmentGroup.Attestation; string registrationIdSymmetricKey = _idPrefix + Guid.NewGuid(); string primaryKeyEnrollmentGroup = symmetricKeyAttestation.PrimaryKey; string secondaryKeyEnrollmentGroup = symmetricKeyAttestation.SecondaryKey; string primaryKeyIndividual = ComputeDerivedSymmetricKey(Convert.FromBase64String(primaryKeyEnrollmentGroup), registrationIdSymmetricKey); string secondaryKeyIndividual = ComputeDerivedSymmetricKey(Convert.FromBase64String(secondaryKeyEnrollmentGroup), registrationIdSymmetricKey); return new SecurityProviderSymmetricKey(registrationIdSymmetricKey, primaryKeyIndividual, secondaryKeyIndividual); case EnrollmentType.Individual: IndividualEnrollment symmetricKeyEnrollment = await CreateIndividualEnrollmentAsync( provisioningServiceClient, registrationId, AttestationMechanismType.SymmetricKey, null, reprovisionPolicy, allocationPolicy, customAllocationDefinition, iothubs, capabilities, Logger).ConfigureAwait(false); Assert.IsTrue(symmetricKeyEnrollment.Attestation is SymmetricKeyAttestation); symmetricKeyAttestation = (SymmetricKeyAttestation)symmetricKeyEnrollment.Attestation; registrationIdSymmetricKey = symmetricKeyEnrollment.RegistrationId; string primaryKey = symmetricKeyAttestation.PrimaryKey; string secondaryKey = symmetricKeyAttestation.SecondaryKey; return new SecurityProviderSymmetricKey(registrationIdSymmetricKey, primaryKey, secondaryKey); default: throw new NotSupportedException("Unrecognized enrollment type"); } default: throw new NotSupportedException("Unrecognized attestation type"); } throw new NotSupportedException($"Unknown security type: '{attestationType}'."); }
/// <summary> /// Provisions a device to a starting hub, tries to open a connection, send telemetry, /// and (if supported by the protocol) send a twin update. Then, this method updates the enrollment /// to provision the device to a different hub. Based on the provided reprovisioning settings, this /// method then checks that the device was/was not reprovisioned as expected, and that the device /// did/did not migrate twin data as expected. /// </summary> public async Task ProvisioningDeviceClient_ReprovisioningFlow( Client.TransportType transportProtocol, AttestationMechanismType attestationType, EnrollmentType? enrollmentType, bool setCustomProxy, ReprovisionPolicy reprovisionPolicy, AllocationPolicy allocationPolicy, CustomAllocationDefinition customAllocationDefinition, ICollection<string> iotHubsToStartAt, ICollection<string> iotHubsToReprovisionTo, string proxyServerAddress = null) { using ProvisioningServiceClient provisioningServiceClient = CreateProvisioningService(s_proxyServerAddress); string groupId = null; if (enrollmentType == EnrollmentType.Group) { if (attestationType == AttestationMechanismType.X509) { groupId = TestConfiguration.Provisioning.X509GroupEnrollmentName; } else { groupId = _idPrefix + AttestationTypeToString(attestationType) + "-" + Guid.NewGuid(); } } bool transportProtocolSupportsTwinOperations = transportProtocol != Client.TransportType.Http1; using ProvisioningTransportHandler transport = CreateTransportHandlerFromName(transportProtocol); using SecurityProvider security = await CreateSecurityProviderFromNameAsync( attestationType, enrollmentType, groupId, reprovisionPolicy, allocationPolicy, customAllocationDefinition, iotHubsToStartAt) .ConfigureAwait(false); //Check basic provisioning if (ImplementsWebProxy(transportProtocol) && setCustomProxy) { transport.Proxy = (proxyServerAddress != null) ? new WebProxy(s_proxyServerAddress) : null; } var provClient = ProvisioningDeviceClient.Create( s_globalDeviceEndpoint, TestConfiguration.Provisioning.IdScope, security, transport); using var cts = new CancellationTokenSource(PassingTimeoutMiliseconds); DeviceRegistrationResult result = await provClient.RegisterAsync(cts.Token).ConfigureAwait(false); ValidateDeviceRegistrationResult(result); #pragma warning disable CA2000 // Dispose objects before losing scope // The certificate instance referenced in the DeviceAuthenticationWithX509Certificate instance is common for all tests in this class. It is disposed during class cleanup. Client.IAuthenticationMethod auth = CreateAuthenticationMethodFromSecurityProvider(security, result.DeviceId); #pragma warning restore CA2000 // Dispose objects before losing scope await ConfirmRegisteredDeviceWorks(result, auth, transportProtocol, transportProtocolSupportsTwinOperations).ConfigureAwait(false); //Check reprovisioning await UpdateEnrollmentToForceReprovision(enrollmentType, provisioningServiceClient, iotHubsToReprovisionTo, security, groupId).ConfigureAwait(false); result = await provClient.RegisterAsync(cts.Token).ConfigureAwait(false); ConfirmDeviceInExpectedHub(result, reprovisionPolicy, iotHubsToStartAt, iotHubsToReprovisionTo, allocationPolicy); await ConfirmDeviceWorksAfterReprovisioning(result, auth, transportProtocol, reprovisionPolicy, transportProtocolSupportsTwinOperations).ConfigureAwait(false); if (attestationType == AttestationMechanismType.X509 && enrollmentType == EnrollmentType.Group) { Logger.Trace($"The test enrollment type {attestationType}-{enrollmentType} with group Id {groupId} is currently hardcoded - do not delete."); } else { Logger.Trace($"Deleting test enrollment type {attestationType}-{enrollmentType} with registration Id {security.GetRegistrationID()}."); await DeleteCreatedEnrollmentAsync(enrollmentType, security, groupId, Logger).ConfigureAwait(false); } if (security is SecurityProviderX509 x509Security) { X509Certificate2 deviceCertificate = x509Security.GetAuthenticationCertificate(); deviceCertificate?.Dispose(); } if (auth != null && auth is IDisposable disposableAuth) { disposableAuth?.Dispose(); } }
public static async Task RunSample() { Console.WriteLine("Starting sample..."); using (ProvisioningServiceClient provisioningServiceClient = ProvisioningServiceClient.CreateFromConnectionString(_provisioningConnectionString)) { #region Create a new enrollmentGroup config Console.WriteLine("\nCreating a new enrollmentGroup..."); string certificatePassword = ReadCertificatePassword(); var certificate = new X509Certificate2(_x509RootCertPath, certificatePassword); Attestation attestation = X509Attestation.CreateFromRootCertificates(certificate); EnrollmentGroup enrollmentGroup = new EnrollmentGroup( _enrollmentGroupId, attestation); Console.WriteLine(enrollmentGroup); #endregion #region Create the enrollmentGroup Console.WriteLine("\nAdding new enrollmentGroup..."); EnrollmentGroup enrollmentGroupResult = await provisioningServiceClient.CreateOrUpdateEnrollmentGroupAsync(enrollmentGroup).ConfigureAwait(false); Console.WriteLine("\nEnrollmentGroup created with success."); Console.WriteLine(enrollmentGroupResult); #endregion #region Get info of enrollmentGroup Console.WriteLine("\nGetting the enrollmentGroup information..."); EnrollmentGroup getResult = await provisioningServiceClient.GetEnrollmentGroupAsync(SampleEnrollmentGroupId).ConfigureAwait(false); Console.WriteLine(getResult); #endregion #region Query info of enrollmentGroup doc Console.WriteLine("\nCreating a query for enrollmentGroups..."); QuerySpecification querySpecification = new QuerySpecification("SELECT * FROM enrollmentGroups"); using (Query query = provisioningServiceClient.CreateEnrollmentGroupQuery(querySpecification)) { while (query.HasNext()) { Console.WriteLine("\nQuerying the next enrollmentGroups..."); QueryResult queryResult = await query.NextAsync().ConfigureAwait(false); Console.WriteLine(queryResult); foreach (EnrollmentGroup group in queryResult.Items) { await EnumerateRegistrationsInGroup(provisioningServiceClient, querySpecification, group).ConfigureAwait(false); } } } #endregion #region Delete info of enrollmentGroup Console.WriteLine("\nDeleting the enrollmentGroup..."); await provisioningServiceClient.DeleteEnrollmentGroupAsync(getResult).ConfigureAwait(false); #endregion } }
public CleanupEnrollmentsSample(ProvisioningServiceClient provisioningServiceClient) { _provisioningServiceClient = provisioningServiceClient; _individualEnrollmentsDeleted = 0; _enrollmentGroupsDeleted = 0; }
public static async Task RunSample() { Console.WriteLine("Starting sample..."); using (ProvisioningServiceClient provisioningServiceClient = ProvisioningServiceClient.CreateFromConnectionString(_provisioningConnectionString)) { #region Create a new individualEnrollment config Console.WriteLine("\nCreating a new set of individualEnrollments..."); List <IndividualEnrollment> individualEnrollments = new List <IndividualEnrollment>(); foreach (var item in _registrationIds) { Attestation attestation = new TpmAttestation(item.Value); individualEnrollments.Add(new IndividualEnrollment(item.Key, attestation)); } #endregion #region Create the individualEnrollment Console.WriteLine("\nRunning the bulk operation to create the individualEnrollments..."); BulkEnrollmentOperationResult bulkEnrollmentOperationResult = await provisioningServiceClient.RunBulkEnrollmentOperationAsync(BulkOperationMode.Create, individualEnrollments).ConfigureAwait(false); Console.WriteLine("\nResult of the Create bulk enrollment."); Console.WriteLine(bulkEnrollmentOperationResult); #endregion #region Get info of individualEnrollment foreach (IndividualEnrollment individualEnrollment in individualEnrollments) { String registrationId = individualEnrollment.RegistrationId; Console.WriteLine($"\nGetting the {nameof(individualEnrollment)} information for {registrationId}..."); IndividualEnrollment getResult = await provisioningServiceClient.GetIndividualEnrollmentAsync(registrationId).ConfigureAwait(false); Console.WriteLine(getResult); } #endregion #region Query info of individualEnrollment Console.WriteLine("\nCreating a query for enrollments..."); QuerySpecification querySpecification = new QuerySpecification("SELECT * FROM enrollments"); using (Query query = provisioningServiceClient.CreateIndividualEnrollmentQuery(querySpecification, QueryPageSize)) { while (query.HasNext()) { Console.WriteLine("\nQuerying the next enrollments..."); QueryResult queryResult = await query.NextAsync().ConfigureAwait(false); Console.WriteLine(queryResult); } } #endregion #region Delete info of individualEnrollment Console.WriteLine("\nDeleting the set of individualEnrollments..."); bulkEnrollmentOperationResult = await provisioningServiceClient.RunBulkEnrollmentOperationAsync(BulkOperationMode.Delete, individualEnrollments).ConfigureAwait(false); Console.WriteLine(bulkEnrollmentOperationResult); #endregion } }