Exemple #1
0
        async Task SetConfigToEdgeDaemon(Option <string> manifestTrustBundle, CancellationToken token)
        {
            // This is a temporary solution see ticket: 9288683
            if (!Context.Current.ISA95Tag)
            {
                TestCertificates testCerts;
                (testCerts, this.ca) = await TestCertificates.GenerateCertsAsync(this.device.Id, token);

                this.startTime = DateTime.Now;

                await this.ConfigureDaemonAsync(
                    config =>
                {
                    testCerts.AddCertsToConfigForManifestTrust(config, manifestTrustBundle, Option.None <Dictionary <string, string> >());

                    config.SetManualSasProvisioning(this.IotHub.Hostname, Context.Current.ParentHostname, this.device.Id, this.device.SharedAccessKey);

                    config.Update();
                    return(Task.FromResult((
                                               "with connection string for device '{Identity}'",
                                               new object[] { this.device.Id })));
                },
                    this.device,
                    this.startTime,
                    token);
            }
        }
        public async Task X509ProvisionEdgeAsync()
        {
            await Profiler.Run(
                async() =>
            {
                using (var cts = new CancellationTokenSource(Context.Current.SetupTimeout))
                {
                    CancellationToken token = cts.Token;
                    DateTime startTime      = DateTime.Now;
                    string deviceId         = DeviceId.Current.Generate();

                    (X509Thumbprint thumbprint, string certPath, string keyPath) = await this.CreateIdentityCertAsync(
                        deviceId, token);

                    EdgeDevice device = await EdgeDevice.GetOrCreateIdentityAsync(
                        deviceId,
                        this.GetNestedEdgeConfig(this.IotHub),
                        this.IotHub,
                        AuthenticationType.SelfSigned,
                        thumbprint,
                        token);

                    Context.Current.DeleteList.TryAdd(device.Id, device);

                    this.runtime = new EdgeRuntime(
                        device.Id,
                        Context.Current.EdgeAgentImage,
                        Context.Current.EdgeHubImage,
                        Context.Current.EdgeProxy,
                        Context.Current.Registries,
                        Context.Current.OptimizeForPerformance,
                        this.IotHub);

                    TestCertificates testCerts;
                    (testCerts, this.ca) = await TestCertificates.GenerateCertsAsync(device.Id, token);

                    await this.ConfigureDaemonAsync(
                        config =>
                    {
                        testCerts.AddCertsToConfig(config);
                        config.SetDeviceManualX509(
                            this.IotHub.Hostname,
                            Context.Current.ParentHostname,
                            device.Id,
                            certPath,
                            keyPath);
                        config.Update();
                        return(Task.FromResult((
                                                   "with x509 certificate for device '{Identity}'",
                                                   new object[] { device.Id })));
                    },
                        device,
                        startTime,
                        token);
                }
            },
                "Completed edge manual provisioning with self-signed certificate");
        }
Exemple #3
0
        protected virtual async Task SasProvisionEdgeAsync(bool withCerts = false)
        {
            using (var cts = new CancellationTokenSource(Context.Current.SetupTimeout))
            {
                CancellationToken token     = cts.Token;
                DateTime          startTime = DateTime.Now;

                this.device = await EdgeDevice.GetOrCreateIdentityAsync(
                    Context.Current.DeviceId.GetOrElse(DeviceId.Current.Generate()),
                    this.GetNestedEdgeConfig(this.IotHub),
                    this.IotHub,
                    AuthenticationType.Sas,
                    null,
                    token);

                Log.Information($"Device ID {this.device.Id}");

                Context.Current.DeleteList.TryAdd(this.device.Id, this.device);

                this.runtime = new EdgeRuntime(
                    this.device.Id,
                    Context.Current.EdgeAgentImage,
                    Context.Current.EdgeHubImage,
                    Context.Current.EdgeProxy,
                    Context.Current.Registries,
                    Context.Current.OptimizeForPerformance,
                    this.IotHub);

                // This is a temporary solution see ticket: 9288683
                if (!Context.Current.ISA95Tag)
                {
                    TestCertificates testCerts;
                    (testCerts, this.ca) = await TestCertificates.GenerateCertsAsync(this.device.Id, token);

                    await this.ConfigureDaemonAsync(
                        config =>
                    {
                        testCerts.AddCertsToConfig(config);

                        config.SetManualSasProvisioning(Context.Current.ParentHostname.GetOrElse(this.device.HubHostname), this.device.Id, this.device.SharedAccessKey);

                        config.Update();
                        return(Task.FromResult((
                                                   "with connection string for device '{Identity}'",
                                                   new object[] { this.device.Id })));
                    },
                        this.device,
                        startTime,
                        token);
                }
            }
        }
Exemple #4
0
        public async Task DpsSymmetricKey()
        {
            string idScope        = Context.Current.DpsIdScope.Expect(() => new InvalidOperationException("Missing DPS ID scope"));
            string groupKey       = Context.Current.DpsGroupKey.Expect(() => new InvalidOperationException("Missing DPS enrollment group key"));
            string registrationId = DeviceId.Current.Generate();

            string deviceKey = this.DeriveDeviceKey(Convert.FromBase64String(groupKey), registrationId);

            CancellationToken token = this.TestToken;

            (TestCertificates testCerts, _) = await TestCertificates.GenerateCertsAsync(registrationId, token);

            await this.daemon.ConfigureAsync(
                config =>
            {
                testCerts.AddCertsToConfig(config);
                config.SetDpsSymmetricKey(idScope, registrationId, deviceKey);
                config.Update();
                return(Task.FromResult((
                                           "with DPS symmetric key attestation for '{Identity}'",
                                           new object[] { registrationId })));
            },
                token);

            await this.daemon.WaitForStatusAsync(EdgeDaemonStatus.Running, token);

            var agent = new EdgeAgent(registrationId, this.iotHub);
            await agent.WaitForStatusAsync(EdgeModuleStatus.Running, token);

            await agent.PingAsync(token);

            Option <EdgeDevice> device = await EdgeDevice.GetIdentityAsync(
                registrationId,
                Context.Current.ParentDeviceId,
                this.iotHub,
                token,
                takeOwnership : true);

            Context.Current.DeleteList.TryAdd(
                registrationId,
                device.Expect(() => new InvalidOperationException(
                                  $"Device '{registrationId}' should have been created by DPS, but was not found in '{this.iotHub.Hostname}'")));
        }
Exemple #5
0
        public async Task DpsX509()
        {
            (string, string, string)rootCa =
                Context.Current.RootCaKeys.Expect(() => new InvalidOperationException("Missing DPS ID scope (check rootCaPrivateKeyPath in context.json)"));
            string caCertScriptPath =
                Context.Current.CaCertScriptPath.Expect(() => new InvalidOperationException("Missing CA cert script path (check caCertScriptPath in context.json)"));
            string idScope        = Context.Current.DpsIdScope.Expect(() => new InvalidOperationException("Missing DPS ID scope (check dpsIdScope in context.json)"));
            string registrationId = DeviceId.Current.Generate();

            CancellationToken token = this.TestToken;

            CertificateAuthority ca = await CertificateAuthority.CreateAsync(
                registrationId,
                rootCa,
                caCertScriptPath,
                token);

            IdCertificates idCert = await ca.GenerateIdentityCertificatesAsync(registrationId, token);

            (TestCertificates testCerts, _) = await TestCertificates.GenerateCertsAsync(registrationId, token);

            // Generated credentials need to be copied out of the script path because future runs
            // of the script will overwrite them.
            string path     = Path.Combine(FixedPaths.E2E_TEST_DIR, registrationId);
            string certPath = Path.Combine(path, "device_id_cert.pem");
            string keyPath  = Path.Combine(path, "device_id_cert_key.pem");

            Directory.CreateDirectory(path);
            File.Copy(idCert.CertificatePath, certPath);
            OsPlatform.Current.SetOwner(certPath, "aziotcs", "644");
            File.Copy(idCert.KeyPath, keyPath);
            OsPlatform.Current.SetOwner(keyPath, "aziotks", "600");

            await this.daemon.ConfigureAsync(
                config =>
            {
                testCerts.AddCertsToConfig(config);
                config.SetDpsX509(idScope, registrationId, certPath, keyPath);
                config.Update();
                return(Task.FromResult((
                                           "with DPS X509 attestation for '{Identity}'",
                                           new object[] { registrationId })));
            },
                token);

            await this.daemon.WaitForStatusAsync(EdgeDaemonStatus.Running, token);

            var agent = new EdgeAgent(registrationId, this.iotHub);
            await agent.WaitForStatusAsync(EdgeModuleStatus.Running, token);

            await agent.PingAsync(token);

            Option <EdgeDevice> device = await EdgeDevice.GetIdentityAsync(
                registrationId,
                this.iotHub,
                token,
                takeOwnership : true);

            Context.Current.DeleteList.TryAdd(
                registrationId,
                device.Expect(() => new InvalidOperationException(
                                  $"Device '{registrationId}' should have been created by DPS, but was not found in '{this.iotHub.Hostname}'")));
        }