async Task <(X509Thumbprint, IdCertificates)> CreateIdentityCertAsync(string deviceId, CancellationToken token) { (string, string, string)rootCa = Context.Current.RootCaKeys.Expect(() => new InvalidOperationException("Missing root CA keys")); string caCertScriptPath = Context.Current.CaCertScriptPath.Expect( () => new InvalidOperationException("Missing CA cert script path")); string idScope = Context.Current.DpsIdScope.Expect( () => new InvalidOperationException("Missing DPS ID scope")); CertificateAuthority ca = await CertificateAuthority.CreateAsync( deviceId, rootCa, caCertScriptPath, token); var identityCerts = await ca.GenerateIdentityCertificatesAsync(deviceId, token); X509Certificate2 deviceCert = new X509Certificate2(identityCerts.CertificatePath); return(new X509Thumbprint() { PrimaryThumbprint = deviceCert.Thumbprint, SecondaryThumbprint = deviceCert.Thumbprint }, identityCerts); }
public async Task SetUpCertificatesAsync() { await Profiler.Run( () => this.SasProvisionEdgeAsync(), "Completed edge manual provisioning with SAS token"); await Profiler.Run( async() => { (string, string, string)rootCa = Context.Current.RootCaKeys.Expect(() => new InvalidOperationException("Missing root CA keys")); string caCertScriptPath = Context.Current.CaCertScriptPath.Expect(() => new InvalidOperationException("Missing CA cert script path")); using (var cts = new CancellationTokenSource(Context.Current.SetupTimeout)) { DateTime startTime = DateTime.Now; CancellationToken token = cts.Token; string deviceId = this.runtime.DeviceId; try { this.ca = await CertificateAuthority.CreateAsync( deviceId, rootCa, caCertScriptPath, token); CaCertificates caCert = await this.ca.GenerateCaCertificatesAsync(deviceId, token); this.ca.EdgeCertificates = caCert; await this.daemon.ConfigureAsync( config => { config.SetCertificates(caCert); config.Update(); return(Task.FromResult(("with edge certificates", Array.Empty <object>()))); }, token); await this.runtime.DeployConfigurationAsync(token); } // ReSharper disable once RedundantCatchClause catch { throw; } finally { await NUnitLogs.CollectAsync(startTime, token); } } }, "Completed custom certificate setup"); }
public async Task DpsX509() { (string, string, string)rootCa = Context.Current.RootCaKeys.Expect(() => new InvalidOperationException("Missing root CA keys")); string caCertScriptPath = Context.Current.CaCertScriptPath.Expect(() => new InvalidOperationException("Missing CA cert script path")); string idScope = Context.Current.DpsIdScope.Expect(() => new InvalidOperationException("Missing DPS ID scope")); string registrationId = DeviceId.Current.Generate(); CancellationToken token = this.TestToken; CertificateAuthority ca = await CertificateAuthority.CreateAsync( registrationId, rootCa, caCertScriptPath, token); IdCertificates idCert = await ca.GenerateIdentityCertificatesAsync(registrationId, token); // The trust bundle for this test isn't used. It can be any arbitrary existing certificate. string trustBundle = Path.Combine( caCertScriptPath, "certs", "azure-iot-test-only.intermediate-full-chain.cert.pem"); await this.daemon.ConfigureAsync( config => { config.SetDpsX509(idScope, registrationId, idCert, trustBundle); config.Update(); return(Task.FromResult(( "with DPS X509 attestation for '{Identity}'", new object[] { registrationId }))); }, token); await this.daemon.WaitForStatusAsync(EdgeDaemonStatus.Running, token); var agent = new EdgeAgent(registrationId, this.iotHub); await agent.WaitForStatusAsync(EdgeModuleStatus.Running, token); await agent.PingAsync(token); Option <EdgeDevice> device = await EdgeDevice.GetIdentityAsync( registrationId, Context.Current.ParentDeviceId, this.iotHub, token, takeOwnership : true); Context.Current.DeleteList.TryAdd( registrationId, device.Expect(() => new InvalidOperationException( $"Device '{registrationId}' should have been created by DPS, but was not found in '{this.iotHub.Hostname}'"))); }
public async Task BeforeAllAsync() { await Profiler.Run( async() => { (string, string, string)rootCa = Context.Current.RootCaKeys.Expect(() => new ArgumentException()); Option <Uri> proxy = Context.Current.Proxy; string deviceId = Context.Current.DeviceId; using (var cts = new CancellationTokenSource(Context.Current.SetupTimeout)) { CancellationToken token = cts.Token; this.iotHub = new IotHub( Context.Current.ConnectionString, Context.Current.EventHubEndpoint, proxy); this.ca = await CertificateAuthority.CreateAsync( deviceId, rootCa, Context.Current.CaCertScriptPath, token); this.daemon = OsPlatform.Current.CreateEdgeDaemon(Context.Current.InstallerPath); await this.daemon.ConfigureAsync( config => { config.SetCertificates(this.ca.Certificates); config.Update(); return(Task.FromResult(("with edge certificates", Array.Empty <object>()))); }, token); var runtime = new EdgeRuntime( deviceId, Context.Current.EdgeAgentImage, Context.Current.EdgeHubImage, proxy, Context.Current.Registries, Context.Current.OptimizeForPerformance, this.iotHub); await runtime.DeployConfigurationAsync(token); } }, "Completed custom certificate setup"); }
async Task <(X509Thumbprint, string, string)> CreateIdentityCertAsync(string deviceId, CancellationToken token) { (string, string, string)rootCa = Context.Current.RootCaKeys.Expect(() => new InvalidOperationException("Missing root CA keys")); string caCertScriptPath = Context.Current.CaCertScriptPath.Expect( () => new InvalidOperationException("Missing CA cert script path")); string idScope = Context.Current.DpsIdScope.Expect( () => new InvalidOperationException("Missing DPS ID scope")); CertificateAuthority ca = await CertificateAuthority.CreateAsync( deviceId, rootCa, caCertScriptPath, token); var identityCerts = await ca.GenerateIdentityCertificatesAsync(deviceId, token); // Generated credentials need to be copied out of the script path because future runs // of the script will overwrite them. string path = $"/etc/aziot/e2e_tests/{deviceId}"; string certPath = $"{path}/device_id_cert.pem"; string keyPath = $"{path}/device_id_cert_key.pem"; Directory.CreateDirectory(path); File.Copy(identityCerts.CertificatePath, certPath); OsPlatform.Current.SetOwner(certPath, "aziotcs", "644"); File.Copy(identityCerts.KeyPath, keyPath); OsPlatform.Current.SetOwner(keyPath, "aziotks", "600"); X509Certificate2 deviceCert = new X509Certificate2(identityCerts.CertificatePath); return(new X509Thumbprint() { PrimaryThumbprint = deviceCert.Thumbprint, SecondaryThumbprint = deviceCert.Thumbprint }, certPath, keyPath); }
public async Task DpsX509() { (string, string, string)rootCa = Context.Current.RootCaKeys.Expect(() => new InvalidOperationException("Missing DPS ID scope (check rootCaPrivateKeyPath in context.json)")); string caCertScriptPath = Context.Current.CaCertScriptPath.Expect(() => new InvalidOperationException("Missing CA cert script path (check caCertScriptPath in context.json)")); string idScope = Context.Current.DpsIdScope.Expect(() => new InvalidOperationException("Missing DPS ID scope (check dpsIdScope in context.json)")); string registrationId = DeviceId.Current.Generate(); CancellationToken token = this.TestToken; CertificateAuthority ca = await CertificateAuthority.CreateAsync( registrationId, rootCa, caCertScriptPath, token); IdCertificates idCert = await ca.GenerateIdentityCertificatesAsync(registrationId, token); (TestCertificates testCerts, _) = await TestCertificates.GenerateCertsAsync(registrationId, token); // Generated credentials need to be copied out of the script path because future runs // of the script will overwrite them. string path = Path.Combine(FixedPaths.E2E_TEST_DIR, registrationId); string certPath = Path.Combine(path, "device_id_cert.pem"); string keyPath = Path.Combine(path, "device_id_cert_key.pem"); Directory.CreateDirectory(path); File.Copy(idCert.CertificatePath, certPath); OsPlatform.Current.SetOwner(certPath, "aziotcs", "644"); File.Copy(idCert.KeyPath, keyPath); OsPlatform.Current.SetOwner(keyPath, "aziotks", "600"); await this.daemon.ConfigureAsync( config => { testCerts.AddCertsToConfig(config); config.SetDpsX509(idScope, registrationId, certPath, keyPath); config.Update(); return(Task.FromResult(( "with DPS X509 attestation for '{Identity}'", new object[] { registrationId }))); }, token); await this.daemon.WaitForStatusAsync(EdgeDaemonStatus.Running, token); var agent = new EdgeAgent(registrationId, this.iotHub); await agent.WaitForStatusAsync(EdgeModuleStatus.Running, token); await agent.PingAsync(token); Option <EdgeDevice> device = await EdgeDevice.GetIdentityAsync( registrationId, this.iotHub, token, takeOwnership : true); Context.Current.DeleteList.TryAdd( registrationId, device.Expect(() => new InvalidOperationException( $"Device '{registrationId}' should have been created by DPS, but was not found in '{this.iotHub.Hostname}'"))); }