public void X509AttestationCreateFromClientCertificatesSucceedOnPrimaryString()
{
// arrange
string primary = PUBLIC_KEY_CERTIFICATE_STRING;
// act
X509Attestation attestation = X509Attestation.CreateFromClientCertificates(primary);
// assert
Assert.IsNotNull(attestation.ClientCertificates.Primary);
Assert.IsNull(attestation.ClientCertificates.Secondary);
Assert.IsNull(attestation.RootCertificates);
Assert.IsNull(attestation.CAReferences);
}
public void X509AttestationCreateFromClientCertificatesThrowsOnNullPrimaryCertificate()
{
// arrange
X509Certificate2 primaryCert = null;
X509Certificate2 secondaryCert = null;
string primaryStr = null;
string secondaryStr = null;
// act - assert
TestAssert.Throws <ArgumentException>(() => X509Attestation.CreateFromClientCertificates(primaryCert));
TestAssert.Throws <ArgumentException>(() => X509Attestation.CreateFromClientCertificates(primaryCert, secondaryCert));
TestAssert.Throws <ArgumentException>(() => X509Attestation.CreateFromClientCertificates(primaryStr));
TestAssert.Throws <ArgumentException>(() => X509Attestation.CreateFromClientCertificates(primaryStr, secondaryStr));
}
public async Task CreateIndividualEnrollment(
string individualEnrollmentId,
X509Certificate2 enrollmentCertificate)
{
_logger.LogInformation("Starting CreateIndividualEnrollment...");
using (ProvisioningServiceClient provisioningServiceClient =
ProvisioningServiceClient.CreateFromConnectionString(
Configuration.GetConnectionString("DpsConnection")))
{
_logger.LogInformation("Creating a new individualEnrollment...");
Attestation attestation = X509Attestation.CreateFromClientCertificates(enrollmentCertificate);
//IndividualEnrollment individualEnrollment =
// new IndividualEnrollment(
// IndividualEnrollmentId,
// attestation);
IndividualEnrollment individualEnrollment =
new IndividualEnrollment(individualEnrollmentId, attestation)
{
ProvisioningStatus = ProvisioningStatus.Enabled,
DeviceId = individualEnrollmentId,
Capabilities = new Microsoft.Azure.Devices.Shared.DeviceCapabilities
{
IotEdge = true
},
InitialTwinState = new TwinState(
new Microsoft.Azure.Devices.Shared.TwinCollection("{ \"updatedby\":\"" + "damien" + "\", \"timeZone\":\"" + TimeZoneInfo.Local.DisplayName + "\" }"),
new Microsoft.Azure.Devices.Shared.TwinCollection("{}")
),
ReprovisionPolicy = new ReprovisionPolicy
{
MigrateDeviceData = false,
UpdateHubAssignment = true
}
};
_logger.LogInformation($"{individualEnrollment}");
_logger.LogInformation("Adding new individualEnrollment...");
var individualEnrollmentResult =
await provisioningServiceClient
.CreateOrUpdateIndividualEnrollmentAsync(individualEnrollment)
.ConfigureAwait(false);
_logger.LogInformation("EnrollmentGroup created with success.");
_logger.LogInformation($"{individualEnrollmentResult}");
}
}
static async Task SetRegistrationDataAsync()
{
#region QueryingEnrollemnts
Console.WriteLine("Fetching Existing Enrollments--------------------------------");
using var serviceClient = ProvisioningServiceClient.CreateFromConnectionString(ServiceConnectionString);
QuerySpecification qu = new QuerySpecification("SELECT * FROM enrollments");
using (Query query = serviceClient.CreateIndividualEnrollmentQuery(qu))
{
while (query.HasNext())
{
Console.WriteLine("\nQuerying the next enrollments...");
QueryResult queryResult = await query.NextAsync().ConfigureAwait(false);
Console.WriteLine(queryResult);
}
}
Console.WriteLine("Enrollment Fetch Complete------------------------------------");
#endregion
#region CreateIndividualEnrollment
Console.WriteLine("Starting SetRegistrationData");
//Attestation attestation = X509Attestation.CreateFromClientCertificates(privateKey);
var pem = System.IO.File.ReadAllText(@"D:\Code\Diality\CACerts\CACertificates\mydevice4-public.pem");
string certBuffer = GetBytesFromPEM(pem, "CERTIFICATE");
Attestation attestation = X509Attestation.CreateFromClientCertificates(certBuffer);
IndividualEnrollment individualEnrollment = new IndividualEnrollment(SampleRegistrationId, attestation);
individualEnrollment.DeviceId = OptionalDeviceId;
individualEnrollment.ProvisioningStatus = OptionalProvisioningStatus;
individualEnrollment.IotHubHostName = "vvk5cob-Iot-Hub-2.azure-devices.net";
Console.WriteLine("\nAdding new individualEnrollment...");
IndividualEnrollment individualEnrollmentResult =
await serviceClient.CreateOrUpdateIndividualEnrollmentAsync(individualEnrollment).ConfigureAwait(false);
Console.WriteLine("\nIndividualEnrollment created with success.");
Console.WriteLine(individualEnrollmentResult);
#endregion
}
public void X509AttestationCreateFromClientCertificatesSucceedOnPrimaryCertificate()
{
// arrange
X509Certificate2 primary = new X509Certificate2(Encoding.ASCII.GetBytes(PUBLIC_KEY_CERTIFICATE_STRING));
// act
X509Attestation attestation = X509Attestation.CreateFromClientCertificates(primary);
primary.Dispose();
// assert
Assert.IsNotNull(attestation.ClientCertificates.Primary);
Assert.IsNull(attestation.ClientCertificates.Secondary);
Assert.IsNull(attestation.RootCertificates);
Assert.IsNull(attestation.CAReferences);
}
public IndividualEnrollment EnrollDevice(string deviceId, string password)
{
var cert = deviceManager.GenerateCertificate(deviceId);
deviceManager.SaveCertificates(cert, deviceId, password);
var publicCert = deviceManager.ReadPublicCertificate(deviceId);
var attestation = X509Attestation.CreateFromClientCertificates(publicCert);
var individualEnrollment = new IndividualEnrollment($"{deviceId}", attestation)
{
DeviceId = deviceId
};
using (var provisioningClientService =
ProvisioningServiceClient.CreateFromConnectionString(configuration.GetValue <string>("DeviceProvisioningServiceConnection")))
{
var individualEnrollmentResult =
provisioningClientService.CreateOrUpdateIndividualEnrollmentAsync(individualEnrollment).GetAwaiter().GetResult();
return(individualEnrollment);
}
}
public override void ExecuteCmdlet()
{
if (ShouldProcess(this.DpsName, DPSResources.AddEnrollment))
{
ProvisioningServiceDescription provisioningServiceDescription;
if (ParameterSetName.Equals(InputObjectParameterSet))
{
this.ResourceGroupName = this.DpsObject.ResourceGroupName;
this.DpsName = this.DpsObject.Name;
provisioningServiceDescription = IotDpsUtils.ConvertObject <PSProvisioningServiceDescription, ProvisioningServiceDescription>(this.DpsObject);
}
else
{
if (ParameterSetName.Equals(ResourceIdParameterSet))
{
this.ResourceGroupName = IotDpsUtils.GetResourceGroupName(this.ResourceId);
this.DpsName = IotDpsUtils.GetIotDpsName(this.ResourceId);
}
provisioningServiceDescription = GetIotDpsResource(this.ResourceGroupName, this.DpsName);
}
IEnumerable <SharedAccessSignatureAuthorizationRuleAccessRightsDescription> authPolicies = this.IotDpsClient.IotDpsResource.ListKeys(this.DpsName, this.ResourceGroupName);
SharedAccessSignatureAuthorizationRuleAccessRightsDescription policy = IotDpsUtils.GetPolicy(authPolicies, PSAccessRightsDescription.EnrollmentWrite);
PSIotDpsConnectionString psIotDpsConnectionString = IotDpsUtils.ToPSIotDpsConnectionString(policy, provisioningServiceDescription.Properties.ServiceOperationsHostName);
ProvisioningServiceClient client = ProvisioningServiceClient.CreateFromConnectionString(psIotDpsConnectionString.PrimaryConnectionString);
Attestation attestation = null;
TwinCollection tags = new TwinCollection(), desiredProperties = new TwinCollection();
if (this.IsParameterBound(c => c.Tag))
{
tags = new TwinCollection(JsonConvert.SerializeObject(this.Tag));
}
if (this.IsParameterBound(c => c.Desired))
{
desiredProperties = new TwinCollection(JsonConvert.SerializeObject(this.Desired));
}
switch (this.AttestationType)
{
case PSAttestationMechanismType.SymmetricKey:
if ((this.IsParameterBound(c => c.PrimaryKey) && !this.IsParameterBound(c => c.SecondaryKey)) ||
(!this.IsParameterBound(c => c.PrimaryKey) && this.IsParameterBound(c => c.SecondaryKey)))
{
throw new ArgumentException("Please provide both primary and secondary key.");
}
else
{
attestation = new SymmetricKeyAttestation(this.PrimaryKey, this.SecondaryKey);
}
break;
case PSAttestationMechanismType.Tpm:
if (this.IsParameterBound(c => c.EndorsementKey))
{
attestation = new TpmAttestation(this.EndorsementKey, this.IsParameterBound(c => c.StorageRootKey) ? this.StorageRootKey : null);
}
else
{
throw new ArgumentException("Endorsement key is requried.");
}
break;
case PSAttestationMechanismType.X509:
if (!this.IsParameterBound(c => c.PrimaryCertificate) && !this.IsParameterBound(c => c.SecondaryCertificate))
{
if (!this.IsParameterBound(c => c.PrimaryCAName))
{
throw new ArgumentException("Primary CA reference cannot be null or empty.");
}
if (this.IsParameterBound(c => c.SecondaryCAName))
{
attestation = X509Attestation.CreateFromCAReferences(this.PrimaryCAName, this.SecondaryCAName);
}
else
{
attestation = X509Attestation.CreateFromCAReferences(this.PrimaryCAName);
}
}
else if (!this.IsParameterBound(c => c.PrimaryCAName) && !this.IsParameterBound(c => c.SecondaryCAName))
{
string primaryCer = string.Empty, secondaryCer = string.Empty;
if (!this.IsParameterBound(c => c.PrimaryCertificate))
{
throw new ArgumentException("Primary certificate cannot be null or empty.");
}
primaryCer = IotDpsUtils.GetCertificateString(this.PrimaryCertificate);
if (this.IsParameterBound(c => c.SecondaryCertificate))
{
secondaryCer = IotDpsUtils.GetCertificateString(this.PrimaryCertificate);
if (this.IsParameterBound(c => c.RootCertificate))
{
attestation = X509Attestation.CreateFromRootCertificates(primaryCer, secondaryCer);
}
else
{
attestation = X509Attestation.CreateFromClientCertificates(primaryCer, secondaryCer);
}
}
else
{
if (this.IsParameterBound(c => c.RootCertificate))
{
attestation = X509Attestation.CreateFromRootCertificates(primaryCer);
}
else
{
attestation = X509Attestation.CreateFromClientCertificates(primaryCer);
}
}
}
else
{
throw new ArgumentException("Please provide either CA reference or X509 certificate.");
}
break;
default:
throw new ArgumentException("Please provide valid attestation mechanism.");
}
IndividualEnrollment enrollment = new IndividualEnrollment(this.RegistrationId, attestation);
if (this.IsParameterBound(c => c.DeviceId))
{
enrollment.DeviceId = this.DeviceId;
}
enrollment.InitialTwinState = new TwinState(tags, desiredProperties);
enrollment.Capabilities = new DeviceCapabilities()
{
IotEdge = this.EdgeEnabled.IsPresent
};
switch (this.ReprovisionPolicy)
{
case PSReprovisionType.reprovisionandmigratedata:
enrollment.ReprovisionPolicy = new ReprovisionPolicy()
{
UpdateHubAssignment = true, MigrateDeviceData = true
};
break;
case PSReprovisionType.reprovisionandresetdata:
enrollment.ReprovisionPolicy = new ReprovisionPolicy()
{
UpdateHubAssignment = true, MigrateDeviceData = false
};
break;
case PSReprovisionType.never:
enrollment.ReprovisionPolicy = new ReprovisionPolicy()
{
UpdateHubAssignment = false, MigrateDeviceData = false
};
break;
}
if (this.IsParameterBound(c => c.AllocationPolicy))
{
if (this.IsParameterBound(c => c.IotHubHostName))
{
throw new ArgumentException("\"IotHubHostName\" is not required when allocation-policy is defined.");
}
if (this.AllocationPolicy.Equals(PSAllocationPolicy.Static))
{
if (this.IsParameterBound(c => c.IotHub))
{
if (this.IotHub.Length > 1)
{
throw new ArgumentException("Please provide only one hub when allocation-policy is defined as Static.");
}
}
else
{
throw new ArgumentException("Please provide a hub to be assigned with device.");
}
}
if (this.AllocationPolicy.Equals(PSAllocationPolicy.Custom))
{
if (!this.IsParameterBound(c => c.WebhookUrl))
{
throw new ArgumentException("Please provide an Azure function url when allocation-policy is defined as Custom.");
}
if (!this.IsParameterBound(c => c.ApiVersion))
{
throw new ArgumentException("Please provide an Azure function api-version when allocation-policy is defined as Custom.");
}
enrollment.CustomAllocationDefinition = new CustomAllocationDefinition()
{
WebhookUrl = this.WebhookUrl, ApiVersion = this.ApiVersion
};
}
enrollment.AllocationPolicy = (Devices.Provisioning.Service.AllocationPolicy)Enum.Parse(typeof(Devices.Provisioning.Service.AllocationPolicy), this.AllocationPolicy.ToString());
enrollment.IotHubs = this.IotHub;
}
else
{
if (this.IsParameterBound(c => c.IotHub))
{
throw new ArgumentException("Please provide allocation policy.");
}
if (this.IsParameterBound(c => c.IotHubHostName))
{
enrollment.IotHubHostName = this.IotHubHostName;
}
}
if (this.IsParameterBound(c => c.ProvisioningStatus))
{
enrollment.ProvisioningStatus = (ProvisioningStatus)Enum.Parse(typeof(ProvisioningStatus), this.ProvisioningStatus.ToString());
}
IndividualEnrollment result = client.CreateOrUpdateIndividualEnrollmentAsync(enrollment).GetAwaiter().GetResult();
this.WriteObject(IotDpsUtils.ToPSIndividualEnrollment(result));
}
}
public override void ExecuteCmdlet()
{
if (ShouldProcess(this.DpsName, DPSResources.AddEnrollmentGroup))
{
ProvisioningServiceDescription provisioningServiceDescription;
if (ParameterSetName.Equals(InputObjectParameterSet))
{
this.ResourceGroupName = this.DpsObject.ResourceGroupName;
this.DpsName = this.DpsObject.Name;
provisioningServiceDescription = IotDpsUtils.ConvertObject <PSProvisioningServiceDescription, ProvisioningServiceDescription>(this.DpsObject);
}
else
{
if (ParameterSetName.Equals(ResourceIdParameterSet))
{
this.ResourceGroupName = IotDpsUtils.GetResourceGroupName(this.ResourceId);
this.DpsName = IotDpsUtils.GetIotDpsName(this.ResourceId);
}
provisioningServiceDescription = GetIotDpsResource(this.ResourceGroupName, this.DpsName);
}
IEnumerable <SharedAccessSignatureAuthorizationRuleAccessRightsDescription> authPolicies = this.IotDpsClient.IotDpsResource.ListKeys(this.DpsName, this.ResourceGroupName);
SharedAccessSignatureAuthorizationRuleAccessRightsDescription policy = IotDpsUtils.GetPolicy(authPolicies, PSAccessRightsDescription.EnrollmentWrite);
PSIotDpsConnectionString psIotDpsConnectionString = IotDpsUtils.ToPSIotDpsConnectionString(policy, provisioningServiceDescription.Properties.ServiceOperationsHostName);
ProvisioningServiceClient client = ProvisioningServiceClient.CreateFromConnectionString(psIotDpsConnectionString.PrimaryConnectionString);
EnrollmentGroup enrollment = client.GetEnrollmentGroupAsync(this.Name).GetAwaiter().GetResult();
if (enrollment != null)
{
// Updating ProvisioningStatus
if (this.IsParameterBound(c => c.ProvisioningStatus))
{
enrollment.ProvisioningStatus = (ProvisioningStatus)Enum.Parse(typeof(ProvisioningStatus), this.ProvisioningStatus.ToString());
}
// Updating InitialTwinState
if (this.IsParameterBound(c => c.Tag) || this.IsParameterBound(c => c.Desired))
{
TwinCollection tags = this.IsParameterBound(c => c.Tag) ? new TwinCollection(JsonConvert.SerializeObject(this.Tag)) : (enrollment.InitialTwinState != null ? enrollment.InitialTwinState.Tags : new TwinCollection());
TwinCollection desiredProperties = this.IsParameterBound(c => c.Desired) ? new TwinCollection(JsonConvert.SerializeObject(this.Desired)) : (enrollment.InitialTwinState != null ? enrollment.InitialTwinState.DesiredProperties : new TwinCollection());
enrollment.InitialTwinState = new TwinState(tags, desiredProperties);
}
// Updating Capabilities
if (this.IsParameterBound(c => c.EdgeEnabled))
{
enrollment.Capabilities = new DeviceCapabilities()
{
IotEdge = this.EdgeEnabled
};
}
// Updating ReprovisionPolicy
if (this.IsParameterBound(c => c.ReprovisionPolicy))
{
switch (this.ReprovisionPolicy)
{
case PSReprovisionType.reprovisionandmigratedata:
enrollment.ReprovisionPolicy = new ReprovisionPolicy()
{
UpdateHubAssignment = true, MigrateDeviceData = true
};
break;
case PSReprovisionType.reprovisionandresetdata:
enrollment.ReprovisionPolicy = new ReprovisionPolicy()
{
UpdateHubAssignment = true, MigrateDeviceData = false
};
break;
case PSReprovisionType.never:
enrollment.ReprovisionPolicy = new ReprovisionPolicy()
{
UpdateHubAssignment = false, MigrateDeviceData = false
};
break;
}
}
// Updating AllocationPolicy and Hub
if (this.IsParameterBound(c => c.IotHubHostName) && this.IsParameterBound(c => c.AllocationPolicy))
{
throw new ArgumentException("\"IotHubHostName\" is not required when allocation-policy is defined.");
}
if (this.IsParameterBound(c => c.IotHubHostName) && this.IsParameterBound(c => c.IotHub))
{
throw new ArgumentException("\"IotHubHostName\" is not required when IotHub is defined.");
}
if (this.IsParameterBound(c => c.IotHubHostName))
{
enrollment.IotHubHostName = this.IotHubHostName;
enrollment.CustomAllocationDefinition = null;
enrollment.AllocationPolicy = null;
enrollment.IotHubs = null;
}
if (this.IsParameterBound(c => c.AllocationPolicy))
{
enrollment.AllocationPolicy = (Devices.Provisioning.Service.AllocationPolicy)Enum.Parse(typeof(Devices.Provisioning.Service.AllocationPolicy), this.AllocationPolicy.ToString());
}
switch (enrollment.AllocationPolicy)
{
case Devices.Provisioning.Service.AllocationPolicy.Static:
if (this.IsParameterBound(c => c.IotHub))
{
if (this.IotHub.Length > 1)
{
throw new ArgumentException("Please provide only one hub when allocation-policy is defined as Static.");
}
enrollment.IotHubs = this.IotHub;
}
enrollment.CustomAllocationDefinition = null;
enrollment.IotHubHostName = null;
break;
case Devices.Provisioning.Service.AllocationPolicy.Custom:
if (enrollment.CustomAllocationDefinition == null)
{
if (!this.IsParameterBound(c => c.WebhookUrl))
{
throw new ArgumentException("Please provide an Azure function url when allocation-policy is defined as Custom.");
}
if (!this.IsParameterBound(c => c.ApiVersion))
{
throw new ArgumentException("Please provide an Azure function api-version when allocation-policy is defined as Custom.");
}
}
string webhookUrl = string.Empty, apiVersion = string.Empty;
webhookUrl = this.IsParameterBound(c => c.WebhookUrl) ? this.WebhookUrl : enrollment.CustomAllocationDefinition.WebhookUrl;
apiVersion = this.IsParameterBound(c => c.ApiVersion) ? this.ApiVersion : enrollment.CustomAllocationDefinition.ApiVersion;
enrollment.CustomAllocationDefinition = new CustomAllocationDefinition()
{
WebhookUrl = webhookUrl, ApiVersion = apiVersion
};
enrollment.IotHubHostName = null;
if (this.IsParameterBound(c => c.IotHub))
{
enrollment.IotHubs = this.IotHub;
}
break;
case Devices.Provisioning.Service.AllocationPolicy.Hashed:
case Devices.Provisioning.Service.AllocationPolicy.GeoLatency:
if (this.IsParameterBound(c => c.IotHub))
{
enrollment.IotHubs = this.IotHub;
}
enrollment.CustomAllocationDefinition = null;
enrollment.IotHubHostName = null;
break;
default:
if (this.IsParameterBound(c => c.IotHub))
{
throw new ArgumentException("Please provide allocation policy.");
}
break;
}
switch (enrollment.Attestation)
{
case SymmetricKeyAttestation attestation:
if (this.IsParameterBound(c => c.PrimaryKey) || this.IsParameterBound(c => c.SecondaryKey))
{
enrollment.Attestation = new SymmetricKeyAttestation(
this.IsParameterBound(c => c.PrimaryKey) ? this.PrimaryKey : attestation.PrimaryKey,
this.IsParameterBound(c => c.SecondaryKey) ? this.SecondaryKey : attestation.SecondaryKey
);
}
break;
case X509Attestation attestation:
bool updatedPrimaryCAName = this.IsParameterBound(c => c.PrimaryCAName);
bool updatedSecondaryCAName = this.IsParameterBound(c => c.SecondaryCAName);
bool updatedPrimaryCertificate = this.IsParameterBound(c => c.PrimaryCertificate);
bool updatedSecondaryCertificate = this.IsParameterBound(c => c.SecondaryCertificate);
if (updatedPrimaryCAName || updatedSecondaryCAName)
{
enrollment.Attestation = X509Attestation.CreateFromCAReferences(
updatedPrimaryCAName ? this.PrimaryCAName : attestation.CAReferences.Primary,
updatedSecondaryCAName ? this.SecondaryCAName : (attestation.CAReferences.Secondary ?? null)
);
}
else if (updatedPrimaryCertificate || updatedSecondaryCertificate)
{
string primaryCer = string.Empty, secondaryCer = string.Empty;
if (!updatedPrimaryCertificate)
{
throw new ArgumentException("Primary certificate cannot be null or empty.");
}
primaryCer = IotDpsUtils.GetCertificateString(this.PrimaryCertificate);
if (this.IsParameterBound(c => c.SecondaryCertificate))
{
secondaryCer = IotDpsUtils.GetCertificateString(this.SecondaryCertificate);
if (this.IsParameterBound(c => c.RootCertificate))
{
enrollment.Attestation = X509Attestation.CreateFromRootCertificates(primaryCer, secondaryCer);
}
else
{
enrollment.Attestation = X509Attestation.CreateFromClientCertificates(primaryCer, secondaryCer);
}
}
else
{
if (this.IsParameterBound(c => c.RootCertificate))
{
enrollment.Attestation = X509Attestation.CreateFromRootCertificates(primaryCer);
}
else
{
enrollment.Attestation = X509Attestation.CreateFromClientCertificates(primaryCer);
}
}
}
break;
default: break;
}
}
else
{
throw new ArgumentException("The enrollment doesn't exist.");
}
EnrollmentGroup result = client.CreateOrUpdateEnrollmentGroupAsync(enrollment).GetAwaiter().GetResult();
this.WriteObject(IotDpsUtils.ToPSEnrollmentGroup(result));
}
}
public static async Task <IndividualEnrollment> CreateIndividualEnrollmentAsync(
ProvisioningServiceClient provisioningServiceClient,
string registrationId,
AttestationMechanismType attestationType,
X509Certificate2 authenticationCertificate,
ReprovisionPolicy reprovisionPolicy,
AllocationPolicy allocationPolicy,
CustomAllocationDefinition customAllocationDefinition,
ICollection <string> iotHubsToProvisionTo,
DeviceCapabilities capabilities,
MsTestLogger logger)
{
Attestation attestation;
IndividualEnrollment individualEnrollment;
IndividualEnrollment createdEnrollment = null;
switch (attestationType)
{
case AttestationMechanismType.Tpm:
using (var tpmSim = new SecurityProviderTpmSimulator(registrationId))
{
string base64Ek = Convert.ToBase64String(tpmSim.GetEndorsementKey());
individualEnrollment = new IndividualEnrollment(registrationId, new TpmAttestation(base64Ek))
{
Capabilities = capabilities,
AllocationPolicy = allocationPolicy,
ReprovisionPolicy = reprovisionPolicy,
CustomAllocationDefinition = customAllocationDefinition,
IotHubs = iotHubsToProvisionTo
};
IndividualEnrollment temporaryCreatedEnrollment = null;
await RetryOperationHelper
.RetryOperationsAsync(
async() =>
{
temporaryCreatedEnrollment = await provisioningServiceClient.CreateOrUpdateIndividualEnrollmentAsync(individualEnrollment).ConfigureAwait(false);
},
s_provisioningServiceRetryPolicy,
s_retryableExceptions,
logger)
.ConfigureAwait(false);
if (temporaryCreatedEnrollment == null)
{
throw new ArgumentException($"The enrollment entry with registration Id {registrationId} could not be created, exiting test.");
}
attestation = new TpmAttestation(base64Ek);
temporaryCreatedEnrollment.Attestation = attestation;
await RetryOperationHelper
.RetryOperationsAsync(
async() =>
{
createdEnrollment = await provisioningServiceClient.CreateOrUpdateIndividualEnrollmentAsync(temporaryCreatedEnrollment).ConfigureAwait(false);
},
s_provisioningServiceRetryPolicy,
s_retryableExceptions,
logger)
.ConfigureAwait(false);
if (createdEnrollment == null)
{
throw new ArgumentException($"The enrollment entry with registration Id {registrationId} could not be updated, exiting test.");
}
return(createdEnrollment);
}
case AttestationMechanismType.SymmetricKey:
string primaryKey = CryptoKeyGenerator.GenerateKey(32);
string secondaryKey = CryptoKeyGenerator.GenerateKey(32);
attestation = new SymmetricKeyAttestation(primaryKey, secondaryKey);
break;
case AttestationMechanismType.X509:
attestation = X509Attestation.CreateFromClientCertificates(authenticationCertificate);
break;
default:
throw new NotSupportedException("Test code has not been written for testing this attestation type yet");
}
individualEnrollment = new IndividualEnrollment(registrationId, attestation)
{
Capabilities = capabilities,
AllocationPolicy = allocationPolicy,
ReprovisionPolicy = reprovisionPolicy,
CustomAllocationDefinition = customAllocationDefinition,
IotHubs = iotHubsToProvisionTo,
};
await RetryOperationHelper
.RetryOperationsAsync(
async() =>
{
createdEnrollment = await provisioningServiceClient.CreateOrUpdateIndividualEnrollmentAsync(individualEnrollment).ConfigureAwait(false);
},
s_provisioningServiceRetryPolicy,
s_retryableExceptions,
logger)
.ConfigureAwait(false);
if (createdEnrollment == null)
{
throw new ArgumentException($"The enrollment entry with registration Id {registrationId} could not be created, exiting test.");
}
return(createdEnrollment);
}
