async Task <(X509Thumbprint, IdCertificates)> CreateIdentityCertAsync(string deviceId, CancellationToken token) { (string, string, string)rootCa = Context.Current.RootCaKeys.Expect(() => new InvalidOperationException("Missing root CA keys")); string caCertScriptPath = Context.Current.CaCertScriptPath.Expect( () => new InvalidOperationException("Missing CA cert script path")); string idScope = Context.Current.DpsIdScope.Expect( () => new InvalidOperationException("Missing DPS ID scope")); CertificateAuthority ca = await CertificateAuthority.CreateAsync( deviceId, rootCa, caCertScriptPath, token); var identityCerts = await ca.GenerateIdentityCertificatesAsync(deviceId, token); X509Certificate2 deviceCert = new X509Certificate2(identityCerts.CertificatePath); return(new X509Thumbprint() { PrimaryThumbprint = deviceCert.Thumbprint, SecondaryThumbprint = deviceCert.Thumbprint }, identityCerts); }
public async Task DpsX509() { (string, string, string)rootCa = Context.Current.RootCaKeys.Expect(() => new InvalidOperationException("Missing root CA keys")); string caCertScriptPath = Context.Current.CaCertScriptPath.Expect(() => new InvalidOperationException("Missing CA cert script path")); string idScope = Context.Current.DpsIdScope.Expect(() => new InvalidOperationException("Missing DPS ID scope")); string registrationId = DeviceId.Current.Generate(); CancellationToken token = this.TestToken; CertificateAuthority ca = await CertificateAuthority.CreateAsync( registrationId, rootCa, caCertScriptPath, token); IdCertificates idCert = await ca.GenerateIdentityCertificatesAsync(registrationId, token); // The trust bundle for this test isn't used. It can be any arbitrary existing certificate. string trustBundle = Path.Combine( caCertScriptPath, "certs", "azure-iot-test-only.intermediate-full-chain.cert.pem"); await this.daemon.ConfigureAsync( config => { config.SetDpsX509(idScope, registrationId, idCert, trustBundle); config.Update(); return(Task.FromResult(( "with DPS X509 attestation for '{Identity}'", new object[] { registrationId }))); }, token); await this.daemon.WaitForStatusAsync(EdgeDaemonStatus.Running, token); var agent = new EdgeAgent(registrationId, this.iotHub); await agent.WaitForStatusAsync(EdgeModuleStatus.Running, token); await agent.PingAsync(token); Option <EdgeDevice> device = await EdgeDevice.GetIdentityAsync( registrationId, Context.Current.ParentDeviceId, this.iotHub, token, takeOwnership : true); Context.Current.DeleteList.TryAdd( registrationId, device.Expect(() => new InvalidOperationException( $"Device '{registrationId}' should have been created by DPS, but was not found in '{this.iotHub.Hostname}'"))); }
static async Task <LeafDevice> CreateWithCaCertAsync( string leafDeviceId, string parentId, CertificateAuthority ca, IotHub iotHub, ITransportSettings transport, string edgeHostname, CancellationToken token, ClientOptions options) { Device edge = await GetEdgeDeviceIdentityAsync(parentId, iotHub, token); Device leaf = new Device(leafDeviceId) { Authentication = new AuthenticationMechanism { Type = AuthenticationType.CertificateAuthority }, Scope = edge.Scope }; leaf = await iotHub.CreateDeviceIdentityAsync(leaf, token); return(await DeleteIdentityIfFailedAsync( leaf, iotHub, token, async() => { IdCertificates certFiles = await ca.GenerateIdentityCertificatesAsync(leafDeviceId, token); (X509Certificate2 leafCert, IEnumerable <X509Certificate2> trustedCerts) = CertificateHelper.GetServerCertificateAndChainFromFile(certFiles.CertificatePath, certFiles.KeyPath); // .NET runtime requires that we install the chain of CA certs, otherwise it can't // provide them to a server during authentication. OsPlatform.Current.InstallTrustedCertificates(trustedCerts); return await CreateLeafDeviceAsync( leaf, () => DeviceClient.Create( iotHub.Hostname, edgeHostname, new DeviceAuthenticationWithX509Certificate(leaf.Id, leafCert), new[] { transport }, options), iotHub, token); }));
async Task <(X509Thumbprint, string, string)> CreateIdentityCertAsync(string deviceId, CancellationToken token) { (string, string, string)rootCa = Context.Current.RootCaKeys.Expect(() => new InvalidOperationException("Missing root CA keys")); string caCertScriptPath = Context.Current.CaCertScriptPath.Expect( () => new InvalidOperationException("Missing CA cert script path")); string idScope = Context.Current.DpsIdScope.Expect( () => new InvalidOperationException("Missing DPS ID scope")); CertificateAuthority ca = await CertificateAuthority.CreateAsync( deviceId, rootCa, caCertScriptPath, token); var identityCerts = await ca.GenerateIdentityCertificatesAsync(deviceId, token); // Generated credentials need to be copied out of the script path because future runs // of the script will overwrite them. string path = $"/etc/aziot/e2e_tests/{deviceId}"; string certPath = $"{path}/device_id_cert.pem"; string keyPath = $"{path}/device_id_cert_key.pem"; Directory.CreateDirectory(path); File.Copy(identityCerts.CertificatePath, certPath); OsPlatform.Current.SetOwner(certPath, "aziotcs", "644"); File.Copy(identityCerts.KeyPath, keyPath); OsPlatform.Current.SetOwner(keyPath, "aziotks", "600"); X509Certificate2 deviceCert = new X509Certificate2(identityCerts.CertificatePath); return(new X509Thumbprint() { PrimaryThumbprint = deviceCert.Thumbprint, SecondaryThumbprint = deviceCert.Thumbprint }, certPath, keyPath); }
public async Task DpsX509() { (string, string, string)rootCa = Context.Current.RootCaKeys.Expect(() => new InvalidOperationException("Missing DPS ID scope (check rootCaPrivateKeyPath in context.json)")); string caCertScriptPath = Context.Current.CaCertScriptPath.Expect(() => new InvalidOperationException("Missing CA cert script path (check caCertScriptPath in context.json)")); string idScope = Context.Current.DpsIdScope.Expect(() => new InvalidOperationException("Missing DPS ID scope (check dpsIdScope in context.json)")); string registrationId = DeviceId.Current.Generate(); CancellationToken token = this.TestToken; CertificateAuthority ca = await CertificateAuthority.CreateAsync( registrationId, rootCa, caCertScriptPath, token); IdCertificates idCert = await ca.GenerateIdentityCertificatesAsync(registrationId, token); (TestCertificates testCerts, _) = await TestCertificates.GenerateCertsAsync(registrationId, token); // Generated credentials need to be copied out of the script path because future runs // of the script will overwrite them. string path = Path.Combine(FixedPaths.E2E_TEST_DIR, registrationId); string certPath = Path.Combine(path, "device_id_cert.pem"); string keyPath = Path.Combine(path, "device_id_cert_key.pem"); Directory.CreateDirectory(path); File.Copy(idCert.CertificatePath, certPath); OsPlatform.Current.SetOwner(certPath, "aziotcs", "644"); File.Copy(idCert.KeyPath, keyPath); OsPlatform.Current.SetOwner(keyPath, "aziotks", "600"); await this.daemon.ConfigureAsync( config => { testCerts.AddCertsToConfig(config); config.SetDpsX509(idScope, registrationId, certPath, keyPath); config.Update(); return(Task.FromResult(( "with DPS X509 attestation for '{Identity}'", new object[] { registrationId }))); }, token); await this.daemon.WaitForStatusAsync(EdgeDaemonStatus.Running, token); var agent = new EdgeAgent(registrationId, this.iotHub); await agent.WaitForStatusAsync(EdgeModuleStatus.Running, token); await agent.PingAsync(token); Option <EdgeDevice> device = await EdgeDevice.GetIdentityAsync( registrationId, this.iotHub, token, takeOwnership : true); Context.Current.DeleteList.TryAdd( registrationId, device.Expect(() => new InvalidOperationException( $"Device '{registrationId}' should have been created by DPS, but was not found in '{this.iotHub.Hostname}'"))); }