async Task SetConfigToEdgeDaemon(Option <string> manifestTrustBundle, CancellationToken token)
{
// This is a temporary solution see ticket: 9288683
if (!Context.Current.ISA95Tag)
{
TestCertificates testCerts;
(testCerts, this.ca) = await TestCertificates.GenerateCertsAsync(this.device.Id, token);
this.startTime = DateTime.Now;
await this.ConfigureDaemonAsync(
config =>
{
testCerts.AddCertsToConfigForManifestTrust(config, manifestTrustBundle, Option.None <Dictionary <string, string> >());
config.SetManualSasProvisioning(this.IotHub.Hostname, Context.Current.ParentHostname, this.device.Id, this.device.SharedAccessKey);
config.Update();
return(Task.FromResult((
"with connection string for device '{Identity}'",
new object[] { this.device.Id })));
},
this.device,
this.startTime,
token);
}
}
public async Task X509ProvisionEdgeAsync()
{
await Profiler.Run(
async() =>
{
using (var cts = new CancellationTokenSource(Context.Current.SetupTimeout))
{
CancellationToken token = cts.Token;
DateTime startTime = DateTime.Now;
string deviceId = DeviceId.Current.Generate();
(X509Thumbprint thumbprint, string certPath, string keyPath) = await this.CreateIdentityCertAsync(
deviceId, token);
EdgeDevice device = await EdgeDevice.GetOrCreateIdentityAsync(
deviceId,
this.GetNestedEdgeConfig(this.IotHub),
this.IotHub,
AuthenticationType.SelfSigned,
thumbprint,
token);
Context.Current.DeleteList.TryAdd(device.Id, device);
this.runtime = new EdgeRuntime(
device.Id,
Context.Current.EdgeAgentImage,
Context.Current.EdgeHubImage,
Context.Current.EdgeProxy,
Context.Current.Registries,
Context.Current.OptimizeForPerformance,
this.IotHub);
TestCertificates testCerts;
(testCerts, this.ca) = await TestCertificates.GenerateCertsAsync(device.Id, token);
await this.ConfigureDaemonAsync(
config =>
{
testCerts.AddCertsToConfig(config);
config.SetDeviceManualX509(
this.IotHub.Hostname,
Context.Current.ParentHostname,
device.Id,
certPath,
keyPath);
config.Update();
return(Task.FromResult((
"with x509 certificate for device '{Identity}'",
new object[] { device.Id })));
},
device,
startTime,
token);
}
},
"Completed edge manual provisioning with self-signed certificate");
}
protected virtual async Task SasProvisionEdgeAsync(bool withCerts = false)
{
using (var cts = new CancellationTokenSource(Context.Current.SetupTimeout))
{
CancellationToken token = cts.Token;
DateTime startTime = DateTime.Now;
this.device = await EdgeDevice.GetOrCreateIdentityAsync(
Context.Current.DeviceId.GetOrElse(DeviceId.Current.Generate()),
this.GetNestedEdgeConfig(this.IotHub),
this.IotHub,
AuthenticationType.Sas,
null,
token);
Log.Information($"Device ID {this.device.Id}");
Context.Current.DeleteList.TryAdd(this.device.Id, this.device);
this.runtime = new EdgeRuntime(
this.device.Id,
Context.Current.EdgeAgentImage,
Context.Current.EdgeHubImage,
Context.Current.EdgeProxy,
Context.Current.Registries,
Context.Current.OptimizeForPerformance,
this.IotHub);
// This is a temporary solution see ticket: 9288683
if (!Context.Current.ISA95Tag)
{
TestCertificates testCerts;
(testCerts, this.ca) = await TestCertificates.GenerateCertsAsync(this.device.Id, token);
await this.ConfigureDaemonAsync(
config =>
{
testCerts.AddCertsToConfig(config);
config.SetManualSasProvisioning(Context.Current.ParentHostname.GetOrElse(this.device.HubHostname), this.device.Id, this.device.SharedAccessKey);
config.Update();
return(Task.FromResult((
"with connection string for device '{Identity}'",
new object[] { this.device.Id })));
},
this.device,
startTime,
token);
}
}
}
public async Task DpsSymmetricKey()
{
string idScope = Context.Current.DpsIdScope.Expect(() => new InvalidOperationException("Missing DPS ID scope"));
string groupKey = Context.Current.DpsGroupKey.Expect(() => new InvalidOperationException("Missing DPS enrollment group key"));
string registrationId = DeviceId.Current.Generate();
string deviceKey = this.DeriveDeviceKey(Convert.FromBase64String(groupKey), registrationId);
CancellationToken token = this.TestToken;
(TestCertificates testCerts, _) = await TestCertificates.GenerateCertsAsync(registrationId, token);
await this.daemon.ConfigureAsync(
config =>
{
testCerts.AddCertsToConfig(config);
config.SetDpsSymmetricKey(idScope, registrationId, deviceKey);
config.Update();
return(Task.FromResult((
"with DPS symmetric key attestation for '{Identity}'",
new object[] { registrationId })));
},
token);
await this.daemon.WaitForStatusAsync(EdgeDaemonStatus.Running, token);
var agent = new EdgeAgent(registrationId, this.iotHub);
await agent.WaitForStatusAsync(EdgeModuleStatus.Running, token);
await agent.PingAsync(token);
Option <EdgeDevice> device = await EdgeDevice.GetIdentityAsync(
registrationId,
Context.Current.ParentDeviceId,
this.iotHub,
token,
takeOwnership : true);
Context.Current.DeleteList.TryAdd(
registrationId,
device.Expect(() => new InvalidOperationException(
$"Device '{registrationId}' should have been created by DPS, but was not found in '{this.iotHub.Hostname}'")));
}
public async Task DpsX509()
{
(string, string, string)rootCa =
Context.Current.RootCaKeys.Expect(() => new InvalidOperationException("Missing DPS ID scope (check rootCaPrivateKeyPath in context.json)"));
string caCertScriptPath =
Context.Current.CaCertScriptPath.Expect(() => new InvalidOperationException("Missing CA cert script path (check caCertScriptPath in context.json)"));
string idScope = Context.Current.DpsIdScope.Expect(() => new InvalidOperationException("Missing DPS ID scope (check dpsIdScope in context.json)"));
string registrationId = DeviceId.Current.Generate();
CancellationToken token = this.TestToken;
CertificateAuthority ca = await CertificateAuthority.CreateAsync(
registrationId,
rootCa,
caCertScriptPath,
token);
IdCertificates idCert = await ca.GenerateIdentityCertificatesAsync(registrationId, token);
(TestCertificates testCerts, _) = await TestCertificates.GenerateCertsAsync(registrationId, token);
// Generated credentials need to be copied out of the script path because future runs
// of the script will overwrite them.
string path = Path.Combine(FixedPaths.E2E_TEST_DIR, registrationId);
string certPath = Path.Combine(path, "device_id_cert.pem");
string keyPath = Path.Combine(path, "device_id_cert_key.pem");
Directory.CreateDirectory(path);
File.Copy(idCert.CertificatePath, certPath);
OsPlatform.Current.SetOwner(certPath, "aziotcs", "644");
File.Copy(idCert.KeyPath, keyPath);
OsPlatform.Current.SetOwner(keyPath, "aziotks", "600");
await this.daemon.ConfigureAsync(
config =>
{
testCerts.AddCertsToConfig(config);
config.SetDpsX509(idScope, registrationId, certPath, keyPath);
config.Update();
return(Task.FromResult((
"with DPS X509 attestation for '{Identity}'",
new object[] { registrationId })));
},
token);
await this.daemon.WaitForStatusAsync(EdgeDaemonStatus.Running, token);
var agent = new EdgeAgent(registrationId, this.iotHub);
await agent.WaitForStatusAsync(EdgeModuleStatus.Running, token);
await agent.PingAsync(token);
Option <EdgeDevice> device = await EdgeDevice.GetIdentityAsync(
registrationId,
this.iotHub,
token,
takeOwnership : true);
Context.Current.DeleteList.TryAdd(
registrationId,
device.Expect(() => new InvalidOperationException(
$"Device '{registrationId}' should have been created by DPS, but was not found in '{this.iotHub.Hostname}'")));
}