/// <summary>
/// Create from service model
/// </summary>
/// <param name="model"></param>
public EndpointActivationFilterApiModel(EndpointActivationFilterModel model)
{
if (model == null)
{
throw new ArgumentNullException(nameof(model));
}
SecurityPolicies = model.SecurityPolicies;
SecurityPolicies = model.SecurityPolicies;
SecurityMode = model.SecurityMode;
}
/// <summary>
/// Apply activation filter
/// </summary>
/// <param name="filter"></param>
/// <param name="registration"></param>
/// <param name="context"></param>
/// <param name="ct"></param>
/// <returns></returns>
private async Task <string> ApplyActivationFilterAsync(
EndpointActivationFilterModel filter, EndpointRegistration registration,
RegistryOperationContextModel context, CancellationToken ct = default)
{
if (filter == null || registration == null)
{
return(null);
}
// TODO: Get trust list entry and validate endpoint.Certificate
var mode = registration.SecurityMode ?? SecurityMode.None;
if (!mode.MatchesFilter(filter.SecurityMode ?? SecurityMode.Best))
{
return(null);
}
var policy = registration.SecurityPolicy;
if (filter.SecurityPolicies != null)
{
if (!filter.SecurityPolicies.Any(p =>
p.EqualsIgnoreCase(registration.SecurityPolicy)))
{
return(null);
}
}
try {
// Ensure device scope for the registration before getting the secret.
// Changing device's scope regenerates the secret.
await EnsureDeviceScopeForRegistrationAsync(registration, ct);
// Get endpoint twin secret
var secret = await _iothub.GetPrimaryKeyAsync(registration.DeviceId, null, ct);
var endpoint = registration.ToServiceModel();
// Try activate endpoint - if possible...
await _activator.ActivateEndpointAsync(endpoint.Registration, secret, ct);
// Mark in supervisor
await SetSupervisorTwinSecretAsync(registration.SupervisorId,
registration.DeviceId, secret, ct);
registration.Activated = true;
await _broker.NotifyAllAsync(
l => l.OnEndpointActivatedAsync(context, endpoint));
return(secret);
}
catch (Exception ex) {
_logger.Information(ex, "Failed activating {eeviceId} based off " +
"filter. Manual activation required.", registration.DeviceId);
return(null);
}
}
/// <summary>
/// Create from service model
/// </summary>
/// <param name="model"></param>
public static EndpointActivationFilterApiModel ToApiModel(
this EndpointActivationFilterModel model)
{
if (model == null)
{
return(null);
}
return(new EndpointActivationFilterApiModel {
TrustLists = model.TrustLists,
SecurityPolicies = model.SecurityPolicies,
SecurityMode = (IIoT.OpcUa.Api.Core.Models.SecurityMode?)model.SecurityMode
});
}
