public void SetCertificates(CaCertificates certs)
{
if (!File.Exists(certs.CertificatePath))
{
throw new InvalidOperationException($"{certs.CertificatePath} does not exist");
}
if (!File.Exists(certs.KeyPath))
{
throw new InvalidOperationException($"{certs.KeyPath} does not exist");
}
if (!File.Exists(certs.TrustedCertificatesPath))
{
throw new InvalidOperationException($"{certs.TrustedCertificatesPath} does not exist");
}
if (certs.ManifestTrustedCertificatesPath.HasValue && File.Exists(certs.ManifestTrustedCertificatesPath.OrDefault()))
{
this.config[Service.Certd].Document.ReplaceOrAdd("preloaded_certs.aziot-edged-manifest-trust-bundle", "file://" + certs.ManifestTrustedCertificatesPath.OrDefault());
}
this.config[Service.Certd].Document.ReplaceOrAdd("preloaded_certs.aziot-edged-ca", "file://" + certs.CertificatePath);
this.config[Service.Keyd].Document.ReplaceOrAdd("preloaded_keys.aziot-edged-ca", "file://" + certs.KeyPath);
this.config[Service.Certd].Document.ReplaceOrAdd("preloaded_certs.aziot-edged-trust-bundle", "file://" + certs.TrustedCertificatesPath);
}
public async Task SetUpCertificatesAsync()
{
await Profiler.Run(
() => this.SasProvisionEdgeAsync(),
"Completed edge manual provisioning with SAS token");
await Profiler.Run(
async() =>
{
(string, string, string)rootCa =
Context.Current.RootCaKeys.Expect(() => new InvalidOperationException("Missing root CA keys"));
string caCertScriptPath =
Context.Current.CaCertScriptPath.Expect(() => new InvalidOperationException("Missing CA cert script path"));
using (var cts = new CancellationTokenSource(Context.Current.SetupTimeout))
{
DateTime startTime = DateTime.Now;
CancellationToken token = cts.Token;
string deviceId = this.runtime.DeviceId;
try
{
this.ca = await CertificateAuthority.CreateAsync(
deviceId,
rootCa,
caCertScriptPath,
token);
CaCertificates caCert = await this.ca.GenerateCaCertificatesAsync(deviceId, token);
this.ca.EdgeCertificates = caCert;
await this.daemon.ConfigureAsync(
config =>
{
config.SetCertificates(caCert);
config.Update();
return(Task.FromResult(("with edge certificates", Array.Empty <object>())));
},
token);
await this.runtime.DeployConfigurationAsync(token);
}
// ReSharper disable once RedundantCatchClause
catch
{
throw;
}
finally
{
await NUnitLogs.CollectAsync(startTime, token);
}
}
},
"Completed custom certificate setup");
}
public void SetCertificates(CaCertificates certs)
{
if (!File.Exists(certs.CertificatePath))
{
throw new InvalidOperationException($"{certs.CertificatePath} does not exist");
}
if (!File.Exists(certs.KeyPath))
{
throw new InvalidOperationException($"{certs.KeyPath} does not exist");
}
if (!File.Exists(certs.TrustedCertificatesPath))
{
throw new InvalidOperationException($"{certs.TrustedCertificatesPath} does not exist");
}
if (certs.ManifestTrustedCertificatesPath.HasValue && File.Exists(certs.ManifestTrustedCertificatesPath.OrDefault()))
{
this.config[Service.Certd].Document.ReplaceOrAdd("preloaded_certs.aziot-edged-manifest-trust-bundle", "file://" + certs.ManifestTrustedCertificatesPath.OrDefault());
}
if (certs.ContentTrustInputs.HasValue)
{
// Content trust config is a part of super-config.toml. Currently, We don't have a way to set up super config in E2E test.
// To enable content trust in E2E, both certd and edged needs to be configured with right mapping.
foreach (var kvp in certs.ContentTrustInputs.OrDefault())
{
string quoted_hostname = $"\"{kvp.Key}\"";
string prefix_hostname = $"content-trust-{kvp.Key}";
string prefix_quoted_hostname = $"\"content-trust-{kvp.Key}\"";
this.config[Service.Edged].Document.AddTable("moby_runtime.content_trust.ca_certs", quoted_hostname, prefix_hostname);
this.config[Service.Certd].Document.AddToTableWithExistingEntry("preloaded_certs", prefix_quoted_hostname, $"file://{kvp.Value}");
}
}
this.config[Service.Certd].Document.ReplaceOrAdd("preloaded_certs.aziot-edged-ca", "file://" + certs.CertificatePath);
this.config[Service.Keyd].Document.ReplaceOrAdd("preloaded_keys.aziot-edged-ca", "file://" + certs.KeyPath);
this.config[Service.Certd].Document.ReplaceOrAdd("preloaded_certs.aziot-edged-trust-bundle", "file://" + certs.TrustedCertificatesPath);
}
public void SetCertificates(CaCertificates certs)
{
this.config.ReplaceOrAdd("certificates.device_ca_cert", certs.CertificatePath);
this.config.ReplaceOrAdd("certificates.device_ca_pk", certs.KeyPath);
this.config.ReplaceOrAdd("certificates.trusted_ca_certs", certs.TrustedCertificatesPath);
}
