public DeviceAuthenticationWithTpm(
string deviceId,
SecurityClientHsmTpm securityClient,
int suggestedTimeToLiveSeconds,
int timeBufferPercentage) : base(deviceId, suggestedTimeToLiveSeconds, timeBufferPercentage)
{
_securityClient = securityClient ?? throw new ArgumentNullException(nameof(securityClient));
}
public SaslTpmHandler(
byte[] endorsementKey,
byte[] storageRootKey,
string idScope,
SecurityClientHsmTpm security)
{
Debug.Assert(endorsementKey != null);
Debug.Assert(storageRootKey != null);
Debug.Assert(!string.IsNullOrWhiteSpace(idScope));
Debug.Assert(security != null);
Mechanism = MechanismName;
_endorsementKey = endorsementKey;
_storageRootKey = storageRootKey;
_idScope = idScope;
_security = security;
}
public DeviceAuthenticationWithTpm(
string deviceId,
SecurityClientHsmTpm securityClient,
int timeToLiveSeconds = 1 * 60 * 60,
int timeToLiveBufferSeconds = 10 * 60) : base(deviceId, timeToLiveBufferSeconds)
{
if (securityClient == null)
{
throw new ArgumentNullException(nameof(securityClient));
}
if (timeToLiveSeconds < 0)
{
throw new ArgumentOutOfRangeException(nameof(timeToLiveSeconds));
}
if (timeToLiveBufferSeconds < 0)
{
throw new ArgumentOutOfRangeException(nameof(timeToLiveBufferSeconds));
}
_securityClient = securityClient;
_timeToLiveSeconds = timeToLiveSeconds;
}
private static string BuildSasSignature(SecurityClientHsmTpm securityClient, string keyName, string target, TimeSpan timeToLive)
{
string expiresOn = BuildExpiresOn(timeToLive);
string audience = WebUtility.UrlEncode(target);
var fields = new List <string>
{
audience,
expiresOn
};
// Example string to be signed:
// dh://myiothub.azure-devices.net/a/b/c?myvalue1=a
// <Value for ExpiresOn>
byte[] signedBytes = securityClient.Sign(Encoding.UTF8.GetBytes(string.Join("\n", fields)));
string signature = Convert.ToBase64String(signedBytes);
// Example returned string:
// SharedAccessSignature sr=ENCODED(dh://myiothub.azure-devices.net/a/b/c?myvalue1=a)&sig=<Signature>&se=<ExpiresOnValue>[&skn=<KeyName>]
var buffer = new StringBuilder();
buffer.AppendFormat(CultureInfo.InvariantCulture, "{0} {1}={2}&{3}={4}&{5}={6}",
"SharedAccessSignature",
"sr", audience,
"sig", WebUtility.UrlEncode(signature),
"se", WebUtility.UrlEncode(expiresOn));
if (!string.IsNullOrEmpty(keyName))
{
buffer.AppendFormat(CultureInfo.InvariantCulture, "&{0}={1}",
"skn", WebUtility.UrlEncode(keyName));
}
return(buffer.ToString());
}
public HttpAuthStrategyTpm(SecurityClientHsmTpm security)
{
_security = security;
}
internal static string ExtractServiceAuthKey(SecurityClientHsmTpm securityClient, string hostName, byte[] activation)
{
securityClient.ActivateSymmetricIdentity(activation);
return(BuildSasSignature(securityClient, KeyName, hostName, TimeToLive));
}
public TpmDelegatingHandler(SecurityClientHsmTpm securityClient)
{
_securityClient = securityClient;
}
public TpmSharedAccessSignatureBuilder(SecurityClientHsmTpm securityClient)
{
_securityClient = securityClient;
}
public DeviceAuthenticationWithTpm(
string deviceId,
SecurityClientHsmTpm securityClient) : base(deviceId)
{
_securityClient = securityClient ?? throw new ArgumentNullException(nameof(securityClient));
}
