private async Task <Client.IAuthenticationMethod> CreateAuthenticationMethodFromSecurityClient(
SecurityClient provisioningSecurity,
string deviceId,
string iotHub)
{
_verboseLog.WriteLine($"{nameof(CreateAuthenticationMethodFromSecurityClient)}({deviceId})");
if (provisioningSecurity is SecurityClientHsmTpm)
{
var security = (SecurityClientHsmTpm)provisioningSecurity;
var auth = new DeviceAuthenticationWithTpm(deviceId, security);
// TODO: workaround to populate Token.
await auth.GetTokenAsync(iotHub).ConfigureAwait(false);
return(auth);
}
else if (provisioningSecurity is SecurityClientHsmX509)
{
var security = (SecurityClientHsmX509)provisioningSecurity;
X509Certificate2 cert = security.GetAuthenticationCertificate();
return(new DeviceAuthenticationWithX509Certificate(deviceId, cert));
}
throw new NotSupportedException($"Unknown provisioningSecurity type.");
}
public static async Task RunSample()
{
// Replace the following type with SecurityClientTpm() to use a real TPM2.0 device.
Console.WriteLine("Starting TPM simulator.");
SecurityClientTpmSimulator.StartSimulatorProcess();
using (var security = new SecurityClientTpmSimulator(RegistrationId))
using (var transport = new ProvisioningTransportHandlerHttp())
{
// Note that the TPM simulator will create a NVChip file containing the simulated TPM state.
Console.WriteLine("Extracting endorsement key.");
string base64EK = Convert.ToBase64String(security.GetEndorsementKey());
Console.WriteLine(
"In your Azure Device Provisioning Service please go to 'Manage enrollments' and select " +
"'Individual Enrollments'. Select 'Add' then fill in the following:");
Console.WriteLine("\tMechanism: TPM");
Console.WriteLine($"\tRegistration ID: {RegistrationId}");
Console.WriteLine($"\tEndorsement key: {base64EK}");
Console.WriteLine("\tDevice ID: iothubtpmdevice1 (or any other valid DeviceID)");
Console.WriteLine();
Console.WriteLine("Press ENTER when ready.");
Console.ReadLine();
ProvisioningDeviceClient provClient = ProvisioningDeviceClient.Create(s_idScope, security, transport);
Console.Write("ProvisioningClient RegisterAsync . . . ");
DeviceRegistrationResult result = await provClient.RegisterAsync();
Console.WriteLine($"{result.Status}");
Console.WriteLine($"ProvisioningClient AssignedHub: {result.AssignedHub}; DeviceID: {result.DeviceId}");
if (result.Status != ProvisioningRegistrationStatusType.Assigned)
{
return;
}
var auth = new DeviceAuthenticationWithTpm(result.DeviceId, security);
// TODO: Temporary workaround until IoTHub DeviceClient gets Token refresh support.
await auth.GetTokenAsync(result.AssignedHub);
using (DeviceClient iotClient = DeviceClient.Create(result.AssignedHub, auth, TransportType.Mqtt))
{
Console.WriteLine("DeviceClient OpenAsync.");
await iotClient.OpenAsync();
Console.WriteLine("DeviceClient SendEventAsync.");
await iotClient.SendEventAsync(new Message(Encoding.UTF8.GetBytes("TestMessage")));
Console.WriteLine("DeviceClient CloseAsync.");
await iotClient.CloseAsync();
}
}
}