public async Task ReauthenticateTest_DeviceUpdateServiceIdentity() { // Arrange string iothubHostName = "testiothub.azure-devices.net"; string edgehubHostName = "edgehub1"; string deviceId = "d1"; var underlyingAuthenticator = Mock.Of <IAuthenticator>(); var deviceScopeIdentitiesCache = new Mock <IDeviceScopeIdentitiesCache>(); string key = GetKey(); var serviceIdentity1 = new ServiceIdentity(deviceId, "1234", new string[0], new ServiceAuthentication(new SymmetricKeyAuthentication(GetKey(), GetKey())), ServiceIdentityStatus.Enabled); var serviceIdentity2 = new ServiceIdentity(deviceId, "1234", new string[0], new ServiceAuthentication(new SymmetricKeyAuthentication(key, GetKey())), ServiceIdentityStatus.Enabled); deviceScopeIdentitiesCache.Setup(d => d.GetServiceIdentity(deviceId)) .ReturnsAsync(Option.Some(serviceIdentity1)); deviceScopeIdentitiesCache.Setup(d => d.RefreshServiceIdentity(deviceId)) .Callback <string>((id) => deviceScopeIdentitiesCache.Setup(d => d.GetServiceIdentity(deviceId)).ReturnsAsync(Option.Some(serviceIdentity2))) .Returns(Task.CompletedTask); deviceScopeIdentitiesCache.Setup(d => d.GetAuthChain(It.Is <string>(i => i == deviceId))) .ReturnsAsync(Option.Some(deviceId)); IAuthenticator authenticator = new DeviceScopeTokenAuthenticator(deviceScopeIdentitiesCache.Object, iothubHostName, edgehubHostName, underlyingAuthenticator, true, true); var identity = Mock.Of <IDeviceIdentity>(d => d.DeviceId == deviceId && d.Id == deviceId); string token = GetDeviceToken(iothubHostName, deviceId, key); var tokenCredentials = Mock.Of <ITokenCredentials>(t => t.Identity == identity && t.Token == token); // Act bool isAuthenticated = await authenticator.ReauthenticateAsync(tokenCredentials); // Assert Assert.False(isAuthenticated); Mock.Get(underlyingAuthenticator).VerifyAll(); deviceScopeIdentitiesCache.Verify(d => d.GetServiceIdentity(deviceId), Times.Once); deviceScopeIdentitiesCache.Verify(d => d.RefreshServiceIdentity(deviceId), Times.Never); }
public async Task InvalidAuthChainTest_UnauthorizedActor() { // Arrange string iothubHostName = "testiothub.azure-devices.net"; string edgehubHostName = "edgehub1"; string rootEdgeId = "rootEdge"; string actorEdgeId = "childEdge"; string leafDeviceId = "leaf"; var authChain = Option.Some <string>(leafDeviceId + ";" + "NotActorEdge" + ";" + rootEdgeId); var underlyingAuthenticator = Mock.Of <IAuthenticator>(); var deviceScopeIdentitiesCache = new Mock <IDeviceScopeIdentitiesCache>(); string key = GetKey(); deviceScopeIdentitiesCache.Setup(d => d.GetAuthChain(It.Is <string>(i => i == leafDeviceId))) .ReturnsAsync(authChain); var authenticator = new DeviceScopeTokenAuthenticator(deviceScopeIdentitiesCache.Object, iothubHostName, edgehubHostName, underlyingAuthenticator, true, true); var identity = Mock.Of <IModuleIdentity>(d => d.DeviceId == actorEdgeId && d.ModuleId == Constants.EdgeHubModuleId && d.Id == $"{actorEdgeId}/{Constants.EdgeHubModuleId}"); string token = GetDeviceToken(iothubHostName, actorEdgeId, Constants.EdgeHubModuleId, key); var tokenCredentials = Mock.Of <ITokenCredentials>(t => t.Identity == identity && t.Token == token); // Act bool isAuthenticated = await authenticator.AuthenticateAsync(tokenCredentials); // Assert Assert.False(isAuthenticated); }
public async Task ValidateUnderlyingAuthenticatorErrorTest() { // Arrange string iothubHostName = "testiothub.azure-devices.net"; string edgehubHostName = "edgehub1"; string deviceId = "d1"; var underlyingAuthenticator = Mock.Of <IAuthenticator>(); Mock.Get(underlyingAuthenticator).Setup(u => u.AuthenticateAsync(It.IsAny <IClientCredentials>())).ThrowsAsync(new TimeoutException()); var deviceScopeIdentitiesCache = new Mock <IDeviceScopeIdentitiesCache>(); deviceScopeIdentitiesCache.Setup(d => d.GetServiceIdentity(It.Is <string>(i => i == deviceId))) .ReturnsAsync(Option.None <ServiceIdentity>()); IAuthenticator authenticator = new DeviceScopeTokenAuthenticator(deviceScopeIdentitiesCache.Object, iothubHostName, edgehubHostName, underlyingAuthenticator, true, true); var identity = Mock.Of <IDeviceIdentity>(d => d.DeviceId == deviceId && d.Id == deviceId); string token = GetDeviceToken(iothubHostName, deviceId, GetKey()); var tokenCredentials = Mock.Of <ITokenCredentials>(t => t.Identity == identity && t.Token == token); // Act await Assert.ThrowsAsync <TimeoutException>(() => authenticator.AuthenticateAsync(tokenCredentials)); // Assert Mock.Get(underlyingAuthenticator).VerifyAll(); Mock.Get(underlyingAuthenticator).Verify(u => u.AuthenticateAsync(It.IsAny <IClientCredentials>()), Times.Once); }
public void InvalidAudienceTest_Hostname() { // Arrange string iothubHostName = "testiothub.azure-devices.net"; string edgehubHostName = "edgehub1"; string deviceId = "d1"; var underlyingAuthenticator = Mock.Of <IAuthenticator>(); var deviceScopeIdentitiesCache = Mock.Of <IDeviceScopeIdentitiesCache>(); string key = GetKey(); var authenticator = new DeviceScopeTokenAuthenticator(deviceScopeIdentitiesCache, iothubHostName, edgehubHostName, underlyingAuthenticator, true, true); var identity = Mock.Of <IDeviceIdentity>(d => d.DeviceId == deviceId && d.Id == deviceId); string token = GetDeviceToken("edgehub2", deviceId, key); SharedAccessSignature sharedAccessSignature = SharedAccessSignature.Parse(edgehubHostName, token); string audience = sharedAccessSignature.Audience; // Act bool isAuthenticated = authenticator.ValidateAudience(audience, identity); // Assert Assert.False(isAuthenticated); Mock.Get(underlyingAuthenticator).VerifyAll(); }
public async Task AuthenticateTest_Device_TokenExpired() { // Arrange string iothubHostName = "testiothub.azure-devices.net"; string edgehubHostName = "edgehub1"; string deviceId = "d1"; var underlyingAuthenticator = Mock.Of <IAuthenticator>(); var deviceScopeIdentitiesCache = new Mock <IDeviceScopeIdentitiesCache>(); string key = GetKey(); var serviceIdentity = new ServiceIdentity(deviceId, "1234", new string[0], new ServiceAuthentication(new SymmetricKeyAuthentication(key, GetKey())), ServiceIdentityStatus.Enabled); deviceScopeIdentitiesCache.Setup(d => d.GetServiceIdentity(It.Is <string>(i => i == deviceId))) .ReturnsAsync(Option.Some(serviceIdentity)); IAuthenticator authenticator = new DeviceScopeTokenAuthenticator(deviceScopeIdentitiesCache.Object, iothubHostName, edgehubHostName, underlyingAuthenticator, true, true); var identity = Mock.Of <IDeviceIdentity>(d => d.DeviceId == deviceId && d.Id == deviceId); string token = GetDeviceToken(iothubHostName, deviceId, key, TimeSpan.FromHours(-1)); var tokenCredentials = Mock.Of <ITokenCredentials>(t => t.Identity == identity && t.Token == token); // Act bool isAuthenticated = await authenticator.AuthenticateAsync(tokenCredentials); // Assert Assert.False(isAuthenticated); Mock.Get(underlyingAuthenticator).VerifyAll(); }
public async Task AuthenticateTest_Nested_Module() { // Arrange string iothubHostName = "testiothub.azure-devices.net"; string edgehubHostName = "edgehub1"; string actorEdgeId = "parentEdge"; string nestedEdgeId = "childEdge"; string nestedModuleId = nestedEdgeId + "/" + Constants.EdgeHubModuleId; var authChain = Option.Some <string>(nestedModuleId + ";" + nestedEdgeId + ";" + actorEdgeId); var underlyingAuthenticator = Mock.Of <IAuthenticator>(); var deviceScopeIdentitiesCache = new Mock <IDeviceScopeIdentitiesCache>(); string key = GetKey(); var nestedModuleIdentity = Mock.Of <IModuleIdentity>(i => i.DeviceId == nestedEdgeId && i.ModuleId == Constants.EdgeHubModuleId && i.Id == nestedModuleId); var actorAuth = new SymmetricKeyAuthentication(key, key); var actorEdgeHubServiceIdentity = new ServiceIdentity(actorEdgeId, Constants.EdgeHubModuleId, null, new List <string>(), "1234", Enumerable.Empty <string>(), new ServiceAuthentication(actorAuth), ServiceIdentityStatus.Enabled); string actorEdgeHubId = actorEdgeHubServiceIdentity.Id; deviceScopeIdentitiesCache.Setup(d => d.GetAuthChain(It.Is <string>(i => i == nestedModuleId))) .ReturnsAsync(authChain); deviceScopeIdentitiesCache.Setup(d => d.GetServiceIdentity(It.Is <string>(i => i == actorEdgeHubId))) .ReturnsAsync(Option.Some(actorEdgeHubServiceIdentity)); var authenticator = new DeviceScopeTokenAuthenticator(deviceScopeIdentitiesCache.Object, iothubHostName, edgehubHostName, underlyingAuthenticator, true, true, true); var actorEdgeHubIdentity = Mock.Of <IModuleIdentity>(d => d.DeviceId == actorEdgeId && d.ModuleId == Constants.EdgeHubModuleId && d.Id == $"{actorEdgeId}/{Constants.EdgeHubModuleId}"); string token = GetDeviceToken(iothubHostName, actorEdgeId, Constants.EdgeHubModuleId, key); var tokenCredentials = Mock.Of <ITokenCredentials>(t => t.Identity == actorEdgeHubIdentity && t.Token == token && t.AuthChain == authChain); // Act bool isAuthenticated = await authenticator.AuthenticateAsync(tokenCredentials); // Assert Assert.True(isAuthenticated); Mock.Get(underlyingAuthenticator).VerifyAll(); }
public async Task AuthenticateTest_ModuleWithDeviceKey() { // Arrange string iothubHostName = "testiothub.azure-devices.net"; string edgehubHostName = "edgehub1"; string deviceId = "d1"; string moduleId = "m1"; var underlyingAuthenticator = Mock.Of <IAuthenticator>(); var deviceScopeIdentitiesCache = new Mock <IDeviceScopeIdentitiesCache>(); string key = GetKey(); var deviceServiceIdentity = new ServiceIdentity(deviceId, "1234", new string[0], new ServiceAuthentication(new SymmetricKeyAuthentication(key, GetKey())), ServiceIdentityStatus.Enabled); var moduleServiceIdentity = new ServiceIdentity(deviceId, moduleId, "e1", new List <string>(), "1234", new string[0], new ServiceAuthentication(new SymmetricKeyAuthentication(GetKey(), GetKey())), ServiceIdentityStatus.Enabled); deviceScopeIdentitiesCache.Setup(d => d.GetServiceIdentity(It.Is <string>(i => i == $"{deviceId}/{moduleId}"))) .ReturnsAsync(Option.Some(moduleServiceIdentity)); deviceScopeIdentitiesCache.Setup(d => d.GetAuthChain(It.Is <string>(i => i == $"{deviceId}/{moduleId}"))) .ReturnsAsync(Option.Some($"{deviceId}/{moduleId}")); deviceScopeIdentitiesCache.Setup(d => d.GetServiceIdentity(It.Is <string>(i => i == deviceId))) .ReturnsAsync(Option.Some(deviceServiceIdentity)); deviceScopeIdentitiesCache.Setup(d => d.GetAuthChain(It.Is <string>(i => i == deviceId))) .ReturnsAsync(Option.Some(deviceId)); IAuthenticator authenticator = new DeviceScopeTokenAuthenticator(deviceScopeIdentitiesCache.Object, iothubHostName, edgehubHostName, underlyingAuthenticator, true, true); var identity = Mock.Of <IModuleIdentity>(d => d.DeviceId == deviceId && d.ModuleId == moduleId && d.Id == $"{deviceId}/{moduleId}"); string token = GetDeviceToken(iothubHostName, deviceId, moduleId, key); var tokenCredentials = Mock.Of <ITokenCredentials>(t => t.Identity == identity && t.Token == token); // Act bool isAuthenticated = await authenticator.AuthenticateAsync(tokenCredentials); // Assert Assert.True(isAuthenticated); Mock.Get(underlyingAuthenticator).VerifyAll(); }
public void InvalidAuthChainTest_UnauthorizedActor() { // Arrange string iothubHostName = "testiothub.azure-devices.net"; string edgehubHostName = "edgehub1"; string rootEdgeId = "rootEdge"; string actorEdgeId = "childEdge"; string leafDeviceId = "leaf"; var authChain = Option.Some <string>(leafDeviceId + ";" + "NotActorEdge" + ";" + rootEdgeId); var underlyingAuthenticator = Mock.Of <IAuthenticator>(); var deviceScopeIdentitiesCache = new Mock <IDeviceScopeIdentitiesCache>(); string key = GetKey(); deviceScopeIdentitiesCache.Setup(d => d.GetAuthChain(It.Is <string>(i => i == leafDeviceId))) .ReturnsAsync(authChain); var authenticator = new DeviceScopeTokenAuthenticator(deviceScopeIdentitiesCache.Object, iothubHostName, edgehubHostName, underlyingAuthenticator, true, true); var identity = Mock.Of <IDeviceIdentity>(d => d.DeviceId == leafDeviceId && d.Id == leafDeviceId); string token = GetDeviceToken(iothubHostName, actorEdgeId, Constants.EdgeHubModuleId, key); SharedAccessSignature sharedAccessSignature = SharedAccessSignature.Parse(iothubHostName, token); string audience = sharedAccessSignature.Audience; // Act bool isAuthenticated = authenticator.ValidateAudience(audience, identity, authChain); // Assert Assert.False(isAuthenticated); }
public void InvalidAudienceTest_Device_Format() { // Arrange string iothubHostName = "testiothub.azure-devices.net"; string edgehubHostName = "edgehub1"; string deviceId = "d1"; var underlyingAuthenticator = Mock.Of <IAuthenticator>(); var deviceScopeIdentitiesCache = Mock.Of <IDeviceScopeIdentitiesCache>(); var authenticator = new DeviceScopeTokenAuthenticator(deviceScopeIdentitiesCache, iothubHostName, edgehubHostName, underlyingAuthenticator, true, true); var identity = Mock.Of <IDeviceIdentity>(d => d.DeviceId == deviceId && d.Id == deviceId); string audience = $"{iothubHostName}/devices/{deviceId}/foo"; // Act bool isAuthenticated = authenticator.ValidateAudience(audience, identity); // Assert Assert.False(isAuthenticated); Mock.Get(underlyingAuthenticator).VerifyAll(); }
public void InvalidAudienceTest_Module_Format() { // Arrange string iothubHostName = "testiothub.azure-devices.net"; string edgehubHostName = "edgehub1"; string deviceId = "d1"; string moduleId = "m1"; var connectionManager = Mock.Of <IConnectionManager>(); var underlyingAuthenticator = Mock.Of <IAuthenticator>(); var deviceScopeIdentitiesCache = Mock.Of <IDeviceScopeIdentitiesCache>(); string key = GetKey(); var authenticator = new DeviceScopeTokenAuthenticator(deviceScopeIdentitiesCache, iothubHostName, edgehubHostName, underlyingAuthenticator, connectionManager); var identity = Mock.Of <IModuleIdentity>(d => d.DeviceId == deviceId && d.ModuleId == moduleId && d.Id == $"{deviceId}/{moduleId}"); string audience = $"{iothubHostName}/devices/{deviceId}/modules/{moduleId}/m1"; // Act bool isAuthenticated = authenticator.ValidateAudience(audience, identity); // Assert Assert.False(isAuthenticated); Mock.Get(underlyingAuthenticator).VerifyAll(); }
protected override void Load(ContainerBuilder builder) { // ISignatureProvider builder.Register( c => { ISignatureProvider signatureProvider = this.edgeHubConnectionString.Map( cs => { IotHubConnectionStringBuilder csBuilder = IotHubConnectionStringBuilder.Create(cs); return(new SharedAccessKeySignatureProvider(csBuilder.SharedAccessKey) as ISignatureProvider); }) .GetOrElse( () => { string edgeHubGenerationId = this.edgeHubGenerationId.Expect(() => new InvalidOperationException("Generation ID missing")); string workloadUri = this.workloadUri.Expect(() => new InvalidOperationException("workloadUri is missing")); return(new HttpHsmSignatureProvider(this.edgeHubModuleId, edgeHubGenerationId, workloadUri, Constants.WorkloadApiVersion) as ISignatureProvider); }); return(signatureProvider); }) .As <ISignatureProvider>() .SingleInstance(); // Detect system environment builder.Register(c => new SystemEnvironment()) .As <ISystemEnvironment>() .SingleInstance(); // DataBase options builder.Register(c => new RocksDbOptionsProvider(c.Resolve <ISystemEnvironment>(), this.optimizeForPerformance)) .As <IRocksDbOptionsProvider>() .SingleInstance(); // IDbStoreProvider builder.Register( c => { var loggerFactory = c.Resolve <ILoggerFactory>(); ILogger logger = loggerFactory.CreateLogger(typeof(RoutingModule)); if (this.usePersistentStorage) { // Create partitions for messages and twins var partitionsList = new List <string> { Core.Constants.MessageStorePartitionKey, Core.Constants.TwinStorePartitionKey, Core.Constants.CheckpointStorePartitionKey }; try { IDbStoreProvider dbStoreprovider = DbStoreProvider.Create( c.Resolve <IRocksDbOptionsProvider>(), this.storagePath, partitionsList); logger.LogInformation($"Created persistent store at {this.storagePath}"); return(dbStoreprovider); } catch (Exception ex) when(!ExceptionEx.IsFatal(ex)) { logger.LogError(ex, "Error creating RocksDB store. Falling back to in-memory store."); return(new InMemoryDbStoreProvider()); } } else { logger.LogInformation($"Using in-memory store"); return(new InMemoryDbStoreProvider()); } }) .As <IDbStoreProvider>() .SingleInstance(); // Task<Option<IEncryptionProvider>> builder.Register( async c => { Option <IEncryptionProvider> encryptionProviderOption = await this.workloadUri .Map( async uri => { var encryptionProvider = await EncryptionProvider.CreateAsync( this.storagePath, new Uri(uri), Constants.WorkloadApiVersion, this.edgeHubModuleId, this.edgeHubGenerationId.Expect(() => new InvalidOperationException("Missing generation ID")), Constants.InitializationVectorFileName) as IEncryptionProvider; return(Option.Some(encryptionProvider)); }) .GetOrElse(() => Task.FromResult(Option.None <IEncryptionProvider>())); return(encryptionProviderOption); }) .As <Task <Option <IEncryptionProvider> > >() .SingleInstance(); // IStoreProvider builder.Register(c => new StoreProvider(c.Resolve <IDbStoreProvider>())) .As <IStoreProvider>() .SingleInstance(); // ITokenProvider builder.Register(c => new ClientTokenProvider(c.Resolve <ISignatureProvider>(), this.iothubHostName, this.edgeDeviceId, this.edgeHubModuleId, TimeSpan.FromHours(1))) .Named <ITokenProvider>("EdgeHubClientAuthTokenProvider") .SingleInstance(); // ITokenProvider builder.Register( c => { string deviceId = WebUtility.UrlEncode(this.edgeDeviceId); string moduleId = WebUtility.UrlEncode(this.edgeHubModuleId); return(new ClientTokenProvider(c.Resolve <ISignatureProvider>(), this.iothubHostName, deviceId, moduleId, TimeSpan.FromHours(1))); }) .Named <ITokenProvider>("EdgeHubServiceAuthTokenProvider") .SingleInstance(); // Task<IDeviceScopeIdentitiesCache> builder.Register( async c => { IDeviceScopeIdentitiesCache deviceScopeIdentitiesCache; if (this.authenticationMode == AuthenticationMode.CloudAndScope || this.authenticationMode == AuthenticationMode.Scope) { var edgeHubTokenProvider = c.ResolveNamed <ITokenProvider>("EdgeHubServiceAuthTokenProvider"); IDeviceScopeApiClient securityScopesApiClient = new DeviceScopeApiClient(this.iothubHostName, this.edgeDeviceId, this.edgeHubModuleId, 10, edgeHubTokenProvider); IServiceProxy serviceProxy = new ServiceProxy(securityScopesApiClient); IKeyValueStore <string, string> encryptedStore = await GetEncryptedStore(c, "DeviceScopeCache"); deviceScopeIdentitiesCache = await DeviceScopeIdentitiesCache.Create(serviceProxy, encryptedStore, this.scopeCacheRefreshRate); } else { deviceScopeIdentitiesCache = new NullDeviceScopeIdentitiesCache(); } return(deviceScopeIdentitiesCache); }) .As <Task <IDeviceScopeIdentitiesCache> >() .AutoActivate() .SingleInstance(); // Task<ICredentialsCache> builder.Register( async c => { ICredentialsCache underlyingCredentialsCache; if (this.persistTokens) { IKeyValueStore <string, string> encryptedStore = await GetEncryptedStore(c, "CredentialsCache"); return(new PersistedTokenCredentialsCache(encryptedStore)); } else { underlyingCredentialsCache = new NullCredentialsCache(); } ICredentialsCache credentialsCache = new CredentialsCache(underlyingCredentialsCache); return(credentialsCache); }) .As <Task <ICredentialsCache> >() .SingleInstance(); // Task<IAuthenticator> builder.Register( async c => { IAuthenticator tokenAuthenticator; IAuthenticator certificateAuthenticator; IDeviceScopeIdentitiesCache deviceScopeIdentitiesCache; var credentialsCacheTask = c.Resolve <Task <ICredentialsCache> >(); // by default regardless of how the authenticationMode, X.509 certificate validation will always be scoped deviceScopeIdentitiesCache = await c.Resolve <Task <IDeviceScopeIdentitiesCache> >(); certificateAuthenticator = new DeviceScopeCertificateAuthenticator(deviceScopeIdentitiesCache, new NullAuthenticator(), this.trustBundle, true); switch (this.authenticationMode) { case AuthenticationMode.Cloud: tokenAuthenticator = await this.GetCloudTokenAuthenticator(c); break; case AuthenticationMode.Scope: tokenAuthenticator = new DeviceScopeTokenAuthenticator(deviceScopeIdentitiesCache, this.iothubHostName, this.edgeDeviceHostName, new NullAuthenticator(), true, true); break; default: IAuthenticator cloudTokenAuthenticator = await this.GetCloudTokenAuthenticator(c); tokenAuthenticator = new DeviceScopeTokenAuthenticator(deviceScopeIdentitiesCache, this.iothubHostName, this.edgeDeviceHostName, cloudTokenAuthenticator, true, true); break; } ICredentialsCache credentialsCache = await credentialsCacheTask; return(new Authenticator(tokenAuthenticator, certificateAuthenticator, credentialsCache) as IAuthenticator); }) .As <Task <IAuthenticator> >() .SingleInstance(); // IClientCredentialsFactory builder.Register(c => new ClientCredentialsFactory(c.Resolve <IIdentityProvider>(), this.productInfo)) .As <IClientCredentialsFactory>() .SingleInstance(); // ConnectionReauthenticator builder.Register( async c => { var edgeHubCredentials = c.ResolveNamed <IClientCredentials>("EdgeHubCredentials"); var connectionManagerTask = c.Resolve <Task <IConnectionManager> >(); var authenticatorTask = c.Resolve <Task <IAuthenticator> >(); var credentialsCacheTask = c.Resolve <Task <ICredentialsCache> >(); var deviceScopeIdentitiesCacheTask = c.Resolve <Task <IDeviceScopeIdentitiesCache> >(); var deviceConnectivityManager = c.Resolve <IDeviceConnectivityManager>(); IConnectionManager connectionManager = await connectionManagerTask; IAuthenticator authenticator = await authenticatorTask; ICredentialsCache credentialsCache = await credentialsCacheTask; IDeviceScopeIdentitiesCache deviceScopeIdentitiesCache = await deviceScopeIdentitiesCacheTask; var connectionReauthenticator = new ConnectionReauthenticator( connectionManager, authenticator, credentialsCache, deviceScopeIdentitiesCache, TimeSpan.FromMinutes(5), edgeHubCredentials.Identity, deviceConnectivityManager); return(connectionReauthenticator); }) .As <Task <ConnectionReauthenticator> >() .SingleInstance(); base.Load(builder); }
protected override void Load(ContainerBuilder builder) { // ISignatureProvider builder.Register( c => { ISignatureProvider signatureProvider = this.edgeHubConnectionString.Map( cs => { IotHubConnectionStringBuilder csBuilder = IotHubConnectionStringBuilder.Create(cs); return(new SharedAccessKeySignatureProvider(csBuilder.SharedAccessKey) as ISignatureProvider); }) .GetOrElse( () => { string edgeHubGenerationId = this.edgeHubGenerationId.Expect(() => new InvalidOperationException("Generation ID missing")); string workloadUri = this.workloadUri.Expect(() => new InvalidOperationException("workloadUri is missing")); return(new HttpHsmSignatureProvider(this.edgeHubModuleId, edgeHubGenerationId, workloadUri, Service.Constants.WorkloadApiVersion) as ISignatureProvider); }); return(signatureProvider); }) .As <ISignatureProvider>() .SingleInstance(); // Detect system environment builder.Register(c => new SystemEnvironment()) .As <ISystemEnvironment>() .SingleInstance(); // DataBase options builder.Register(c => new Storage.RocksDb.RocksDbOptionsProvider(c.Resolve <ISystemEnvironment>(), this.optimizeForPerformance)) .As <Storage.RocksDb.IRocksDbOptionsProvider>() .SingleInstance(); // IDbStoreProvider builder.Register( c => { var loggerFactory = c.Resolve <ILoggerFactory>(); ILogger logger = loggerFactory.CreateLogger(typeof(RoutingModule)); if (this.usePersistentStorage) { // Create partitions for messages and twins var partitionsList = new List <string> { Core.Constants.MessageStorePartitionKey, Core.Constants.TwinStorePartitionKey, Core.Constants.CheckpointStorePartitionKey }; try { IDbStoreProvider dbStoreprovider = Storage.RocksDb.DbStoreProvider.Create(c.Resolve <Storage.RocksDb.IRocksDbOptionsProvider>(), this.storagePath, partitionsList); logger.LogInformation($"Created persistent store at {this.storagePath}"); return(dbStoreprovider); } catch (Exception ex) when(!ExceptionEx.IsFatal(ex)) { logger.LogError(ex, "Error creating RocksDB store. Falling back to in-memory store."); return(new InMemoryDbStoreProvider()); } } else { logger.LogInformation($"Using in-memory store"); return(new InMemoryDbStoreProvider()); } }) .As <IDbStoreProvider>() .SingleInstance(); // Task<IEncryptionProvider> builder.Register( async c => { IEncryptionProvider encryptionProvider = await this.workloadUri.Map( async uri => await EncryptionProvider.CreateAsync( this.storagePath, new Uri(uri), Service.Constants.WorkloadApiVersion, this.edgeHubModuleId, this.edgeHubGenerationId.Expect(() => new InvalidOperationException("Missing generation ID")), Service.Constants.InitializationVectorFileName) as IEncryptionProvider) .GetOrElse(() => Task.FromResult <IEncryptionProvider>(NullEncryptionProvider.Instance)); return(encryptionProvider); }) .As <Task <IEncryptionProvider> >() .SingleInstance(); // IStoreProvider builder.Register(c => new StoreProvider(c.Resolve <IDbStoreProvider>())) .As <IStoreProvider>() .SingleInstance(); // ITokenProvider builder.Register(c => new ModuleTokenProvider(c.Resolve <ISignatureProvider>(), this.iothubHostName, this.edgeDeviceId, this.edgeHubModuleId, TimeSpan.FromHours(1))) .Named <ITokenProvider>("EdgeHubClientAuthTokenProvider") .SingleInstance(); // ITokenProvider builder.Register(c => { string deviceId = WebUtility.UrlEncode(this.edgeDeviceId); string moduleId = WebUtility.UrlEncode(this.edgeHubModuleId); return(new ModuleTokenProvider(c.Resolve <ISignatureProvider>(), this.iothubHostName, deviceId, moduleId, TimeSpan.FromHours(1))); }) .Named <ITokenProvider>("EdgeHubServiceAuthTokenProvider") .SingleInstance(); // Task<IKeyValueStore<string, string>> - EncryptedStore builder.Register( async c => { var storeProvider = c.Resolve <IStoreProvider>(); IEncryptionProvider encryptionProvider = await c.Resolve <Task <IEncryptionProvider> >(); IEntityStore <string, string> entityStore = storeProvider.GetEntityStore <string, string>("SecurityScopeCache"); IKeyValueStore <string, string> encryptedStore = new EncryptedStore <string, string>(entityStore, encryptionProvider); return(encryptedStore); }) .Named <Task <IKeyValueStore <string, string> > >("EncryptedStore") .SingleInstance(); // Task<IDeviceScopeIdentitiesCache> builder.Register( async c => { IDeviceScopeIdentitiesCache deviceScopeIdentitiesCache; if (this.authenticationMode == AuthenticationMode.CloudAndScope || this.authenticationMode == AuthenticationMode.Scope) { var edgeHubTokenProvider = c.ResolveNamed <ITokenProvider>("EdgeHubServiceAuthTokenProvider"); IDeviceScopeApiClient securityScopesApiClient = new DeviceScopeApiClient(this.iothubHostName, this.edgeDeviceId, this.edgeHubModuleId, 10, edgeHubTokenProvider); IServiceProxy serviceProxy = new ServiceProxy(securityScopesApiClient); IKeyValueStore <string, string> encryptedStore = await c.ResolveNamed <Task <IKeyValueStore <string, string> > >("EncryptedStore"); deviceScopeIdentitiesCache = await DeviceScopeIdentitiesCache.Create(serviceProxy, encryptedStore, this.scopeCacheRefreshRate); } else { deviceScopeIdentitiesCache = new NullDeviceScopeIdentitiesCache(); } return(deviceScopeIdentitiesCache); }) .As <Task <IDeviceScopeIdentitiesCache> >() .SingleInstance(); // Task<IAuthenticator> builder.Register(async c => { IConnectionManager connectionManager = await c.Resolve <Task <IConnectionManager> >(); IAuthenticator tokenAuthenticator; IDeviceScopeIdentitiesCache deviceScopeIdentitiesCache; switch (this.authenticationMode) { case AuthenticationMode.Cloud: if (this.cacheTokens) { ICredentialsStore credentialsStore = await c.Resolve <Task <ICredentialsStore> >(); IAuthenticator authenticator = new CloudTokenAuthenticator(connectionManager); tokenAuthenticator = new TokenCacheAuthenticator(authenticator, credentialsStore, this.iothubHostName); } else { tokenAuthenticator = new CloudTokenAuthenticator(connectionManager); } break; case AuthenticationMode.Scope: deviceScopeIdentitiesCache = await c.Resolve <Task <IDeviceScopeIdentitiesCache> >(); tokenAuthenticator = new DeviceScopeTokenAuthenticator(deviceScopeIdentitiesCache, this.iothubHostName, this.edgeDeviceHostName, new NullAuthenticator(), connectionManager); break; default: deviceScopeIdentitiesCache = await c.Resolve <Task <IDeviceScopeIdentitiesCache> >(); IAuthenticator cloudAuthenticator = new CloudTokenAuthenticator(connectionManager); tokenAuthenticator = new DeviceScopeTokenAuthenticator(deviceScopeIdentitiesCache, this.iothubHostName, this.edgeDeviceHostName, cloudAuthenticator, connectionManager); break; } return(new Authenticator(tokenAuthenticator, this.edgeDeviceId, connectionManager) as IAuthenticator); }) .As <Task <IAuthenticator> >() .SingleInstance(); // IClientCredentialsFactory builder.Register(c => new ClientCredentialsFactory(this.iothubHostName, this.productInfo)) .As <IClientCredentialsFactory>() .SingleInstance(); base.Load(builder); }
protected override void Load(ContainerBuilder builder) { // IMetricsListener builder.Register( c => this.metricsConfig.Enabled ? new MetricsListener(this.metricsConfig.ListenerConfig, c.Resolve <IMetricsProvider>()) : new NullMetricsListener() as IMetricsListener) .As <IMetricsListener>() .SingleInstance(); // IMetricsProvider builder.Register( c => this.metricsConfig.Enabled ? new MetricsProvider(MetricsConstants.EdgeHubMetricPrefix, this.iothubHostName, this.edgeDeviceId, this.metricsConfig.HistogramMaxAge) : new NullMetricsProvider() as IMetricsProvider) .As <IMetricsProvider>() .SingleInstance(); // ISignatureProvider builder.Register( c => { ISignatureProvider signatureProvider = this.edgeHubConnectionString.Map( cs => { IotHubConnectionStringBuilder csBuilder = IotHubConnectionStringBuilder.Create(cs); return(new SharedAccessKeySignatureProvider(csBuilder.SharedAccessKey) as ISignatureProvider); }) .GetOrElse( () => { string edgeHubGenerationId = this.edgeHubGenerationId.Expect(() => new InvalidOperationException("Generation ID missing")); string workloadUri = this.workloadUri.Expect(() => new InvalidOperationException("workloadUri is missing")); string workloadApiVersion = this.workloadApiVersion.Expect(() => new InvalidOperationException("workloadUri version is missing")); return(new HttpHsmSignatureProvider(this.edgeHubModuleId, edgeHubGenerationId, workloadUri, workloadApiVersion, Constants.WorkloadApiVersion) as ISignatureProvider); }); return(signatureProvider); }) .As <ISignatureProvider>() .SingleInstance(); // Detect system environment builder.Register(c => new SystemEnvironment()) .As <ISystemEnvironment>() .SingleInstance(); // DataBase options builder.Register(c => new RocksDbOptionsProvider(c.Resolve <ISystemEnvironment>(), this.optimizeForPerformance, this.storageMaxTotalWalSize, this.storageMaxOpenFiles, this.storageLogLevel)) .As <IRocksDbOptionsProvider>() .SingleInstance(); if (!this.usePersistentStorage && this.useBackupAndRestore) { // Backup and restore serialization builder.Register(c => new ProtoBufDataBackupRestore()) .As <IDataBackupRestore>() .SingleInstance(); } // IStorageSpaceChecker builder.Register( c => { IStorageSpaceChecker spaceChecker = !this.usePersistentStorage ? new MemorySpaceChecker(() => 0L) as IStorageSpaceChecker : new NullStorageSpaceChecker(); return(spaceChecker); }) .As <IStorageSpaceChecker>() .SingleInstance(); // IDbStoreProvider builder.Register( async c => { var loggerFactory = c.Resolve <ILoggerFactory>(); ILogger logger = loggerFactory.CreateLogger(typeof(RoutingModule)); if (this.usePersistentStorage) { // Create partitions for messages and twins var partitionsList = new List <string> { Core.Constants.MessageStorePartitionKey, Core.Constants.TwinStorePartitionKey, Core.Constants.CheckpointStorePartitionKey }; try { IDbStoreProvider dbStoreProvider = DbStoreProvider.Create( c.Resolve <IRocksDbOptionsProvider>(), this.storagePath, partitionsList); logger.LogInformation($"Created persistent store at {this.storagePath}"); return(dbStoreProvider); } catch (Exception ex) when(!ex.IsFatal()) { logger.LogError(ex, "Error creating RocksDB store. Falling back to in-memory store."); IDbStoreProvider dbStoreProvider = await this.BuildInMemoryDbStoreProvider(c); return(dbStoreProvider); } } else { logger.LogInformation($"Using in-memory store"); IDbStoreProvider dbStoreProvider = await this.BuildInMemoryDbStoreProvider(c); return(dbStoreProvider); } }) .As <Task <IDbStoreProvider> >() .SingleInstance(); // Task<Option<IEncryptionProvider>> builder.Register( async c => { Option <IEncryptionProvider> encryptionProviderOption = await this.workloadUri .Map( async uri => { var encryptionProvider = await EncryptionProvider.CreateAsync( this.storagePath, new Uri(uri), this.workloadApiVersion.Expect(() => new InvalidOperationException("Missing workload API version")), Constants.WorkloadApiVersion, this.edgeHubModuleId, this.edgeHubGenerationId.Expect(() => new InvalidOperationException("Missing generation ID")), Constants.InitializationVectorFileName) as IEncryptionProvider; return(Option.Some(encryptionProvider)); }) .GetOrElse(() => Task.FromResult(Option.None <IEncryptionProvider>())); return(encryptionProviderOption); }) .As <Task <Option <IEncryptionProvider> > >() .SingleInstance(); // Task<IStoreProvider> builder.Register(async c => { var dbStoreProvider = await c.Resolve <Task <IDbStoreProvider> >(); IStoreProvider storeProvider = new StoreProvider(dbStoreProvider); return(storeProvider); }) .As <Task <IStoreProvider> >() .SingleInstance(); // Task<IMetadataStore> builder.Register( async c => { var storeProvider = await c.Resolve <Task <IStoreProvider> >(); IKeyValueStore <string, string> entityStore = storeProvider.GetEntityStore <string, string>("ProductInfo", "MetadataStore"); IMetadataStore metadataStore = new MetadataStore(entityStore, this.productInfo); return(metadataStore); }) .As <Task <IMetadataStore> >() .SingleInstance(); // ITokenProvider builder.Register(c => new ClientTokenProvider(c.Resolve <ISignatureProvider>(), this.iothubHostName, this.edgeDeviceId, this.edgeHubModuleId, TimeSpan.FromHours(1))) .Named <ITokenProvider>("EdgeHubClientAuthTokenProvider") .SingleInstance(); // ITokenProvider builder.Register( c => { string deviceId = WebUtility.UrlEncode(this.edgeDeviceId); string moduleId = WebUtility.UrlEncode(this.edgeHubModuleId); return(new ClientTokenProvider(c.Resolve <ISignatureProvider>(), this.iothubHostName, deviceId, moduleId, TimeSpan.FromHours(1))); }) .Named <ITokenProvider>("EdgeHubServiceAuthTokenProvider") .SingleInstance(); builder.Register( c => { var loggerFactory = c.Resolve <ILoggerFactory>(); var logger = loggerFactory.CreateLogger <RoutingModule>(); return(Proxy.Parse(this.proxy, logger)); }) .As <Option <IWebProxy> >() .SingleInstance(); // IServiceIdentityHierarchy builder.Register <IServiceIdentityHierarchy>( c => { if (this.nestedEdgeEnabled) { return(new ServiceIdentityTree(this.edgeDeviceId)); } else { return(new ServiceIdentityDictionary(this.edgeDeviceId)); } }) .As <IServiceIdentityHierarchy>() .SingleInstance(); // Task<IDeviceScopeIdentitiesCache> builder.Register( async c => { IDeviceScopeIdentitiesCache deviceScopeIdentitiesCache; if (this.authenticationMode == AuthenticationMode.CloudAndScope || this.authenticationMode == AuthenticationMode.Scope) { var edgeHubTokenProvider = c.ResolveNamed <ITokenProvider>("EdgeHubServiceAuthTokenProvider"); var proxy = c.Resolve <Option <IWebProxy> >(); IServiceIdentityHierarchy serviceIdentityHierarchy = c.Resolve <IServiceIdentityHierarchy>(); string hostName = this.gatewayHostName.GetOrElse(this.iothubHostName); IDeviceScopeApiClientProvider securityScopesApiClientProvider = new DeviceScopeApiClientProvider(hostName, this.edgeDeviceId, this.edgeHubModuleId, 10, edgeHubTokenProvider, serviceIdentityHierarchy, proxy); IServiceProxy serviceProxy = new ServiceProxy(securityScopesApiClientProvider, this.nestedEdgeEnabled); IKeyValueStore <string, string> encryptedStore = await GetEncryptedStore(c, "DeviceScopeCache"); deviceScopeIdentitiesCache = await DeviceScopeIdentitiesCache.Create(serviceIdentityHierarchy, serviceProxy, encryptedStore, this.scopeCacheRefreshRate, this.scopeCacheRefreshDelay); } else { deviceScopeIdentitiesCache = new NullDeviceScopeIdentitiesCache(); } return(deviceScopeIdentitiesCache); }) .As <Task <IDeviceScopeIdentitiesCache> >() .AutoActivate() .SingleInstance(); // IRegistryApiClient builder.Register( c => { string upstreamHostname = this.gatewayHostName.GetOrElse(this.iothubHostName); var proxy = c.Resolve <Option <IWebProxy> >(); var edgeHubTokenProvider = c.ResolveNamed <ITokenProvider>("EdgeHubServiceAuthTokenProvider"); return(new RegistryOnBehalfOfApiClient(upstreamHostname, proxy, edgeHubTokenProvider)); }) .As <IRegistryOnBehalfOfApiClient>() .SingleInstance(); // Task<ICredentialsCache> builder.Register( async c => { ICredentialsCache underlyingCredentialsCache; if (this.persistTokens) { IKeyValueStore <string, string> encryptedStore = await GetEncryptedStore(c, "CredentialsCache"); return(new PersistedTokenCredentialsCache(encryptedStore)); } else { underlyingCredentialsCache = new NullCredentialsCache(); } ICredentialsCache credentialsCache; if (this.nestedEdgeEnabled) { credentialsCache = new NestedCredentialsCache(underlyingCredentialsCache); } else { credentialsCache = new CredentialsCache(underlyingCredentialsCache); } return(credentialsCache); }) .As <Task <ICredentialsCache> >() .SingleInstance(); // Task<IAuthenticator> builder.Register( async c => { IAuthenticator tokenAuthenticator; IAuthenticator certificateAuthenticator; IDeviceScopeIdentitiesCache deviceScopeIdentitiesCache; var credentialsCacheTask = c.Resolve <Task <ICredentialsCache> >(); // by default regardless of how the authenticationMode, X.509 certificate validation will always be scoped deviceScopeIdentitiesCache = await c.Resolve <Task <IDeviceScopeIdentitiesCache> >(); certificateAuthenticator = new DeviceScopeCertificateAuthenticator(deviceScopeIdentitiesCache, new NullAuthenticator(), this.trustBundle, true, this.nestedEdgeEnabled); switch (this.authenticationMode) { case AuthenticationMode.Cloud: tokenAuthenticator = await this.GetCloudTokenAuthenticator(c); break; case AuthenticationMode.Scope: tokenAuthenticator = new DeviceScopeTokenAuthenticator(deviceScopeIdentitiesCache, this.iothubHostName, this.edgeDeviceHostName, new NullAuthenticator(), true, true, this.nestedEdgeEnabled); break; default: IAuthenticator cloudTokenAuthenticator = await this.GetCloudTokenAuthenticator(c); tokenAuthenticator = new DeviceScopeTokenAuthenticator(deviceScopeIdentitiesCache, this.iothubHostName, this.edgeDeviceHostName, cloudTokenAuthenticator, true, true, this.nestedEdgeEnabled); break; } ICredentialsCache credentialsCache = await credentialsCacheTask; return(new Authenticator(tokenAuthenticator, certificateAuthenticator, credentialsCache) as IAuthenticator); }) .As <Task <IAuthenticator> >() .SingleInstance(); // IClientCredentialsFactory builder.Register(c => new ClientCredentialsFactory(c.Resolve <IIdentityProvider>(), this.productInfo)) .As <IClientCredentialsFactory>() .SingleInstance(); // IClientCredentials "EdgeHubCredentials" builder.Register( c => { var identityFactory = c.Resolve <IClientCredentialsFactory>(); IClientCredentials edgeHubCredentials = this.edgeHubConnectionString.Map(cs => identityFactory.GetWithConnectionString(cs)).GetOrElse( () => identityFactory.GetWithIotEdged(this.edgeDeviceId, this.edgeHubModuleId)); return(edgeHubCredentials); }) .Named <IClientCredentials>("EdgeHubCredentials") .SingleInstance(); // ServiceIdentity "EdgeHubIdentity" builder.Register( c => { return(new ServiceIdentity( this.edgeDeviceId, this.edgeHubModuleId, deviceScope: null, parentScopes: new List <string>(), this.edgeHubGenerationId.GetOrElse("0"), capabilities: new List <string>(), new ServiceAuthentication(ServiceAuthenticationType.None), ServiceIdentityStatus.Enabled)); }) .Named <ServiceIdentity>("EdgeHubIdentity") .SingleInstance(); // ConnectionReauthenticator builder.Register( async c => { var edgeHubCredentials = c.ResolveNamed <IClientCredentials>("EdgeHubCredentials"); var connectionManagerTask = c.Resolve <Task <IConnectionManager> >(); var authenticatorTask = c.Resolve <Task <IAuthenticator> >(); var credentialsCacheTask = c.Resolve <Task <ICredentialsCache> >(); var deviceScopeIdentitiesCacheTask = c.Resolve <Task <IDeviceScopeIdentitiesCache> >(); var deviceConnectivityManager = c.Resolve <IDeviceConnectivityManager>(); IConnectionManager connectionManager = await connectionManagerTask; IAuthenticator authenticator = await authenticatorTask; ICredentialsCache credentialsCache = await credentialsCacheTask; IDeviceScopeIdentitiesCache deviceScopeIdentitiesCache = await deviceScopeIdentitiesCacheTask; var connectionReauthenticator = new ConnectionReauthenticator( connectionManager, authenticator, credentialsCache, deviceScopeIdentitiesCache, TimeSpan.FromMinutes(5), edgeHubCredentials.Identity, deviceConnectivityManager); return(connectionReauthenticator); }) .As <Task <ConnectionReauthenticator> >() .SingleInstance(); base.Load(builder); }