public async Task ReauthenticateTest_DeviceUpdateServiceIdentity()
{
// Arrange
string iothubHostName = "testiothub.azure-devices.net";
string edgehubHostName = "edgehub1";
string deviceId = "d1";
var underlyingAuthenticator = Mock.Of <IAuthenticator>();
var deviceScopeIdentitiesCache = new Mock <IDeviceScopeIdentitiesCache>();
string key = GetKey();
var serviceIdentity1 = new ServiceIdentity(deviceId, "1234", new string[0], new ServiceAuthentication(new SymmetricKeyAuthentication(GetKey(), GetKey())), ServiceIdentityStatus.Enabled);
var serviceIdentity2 = new ServiceIdentity(deviceId, "1234", new string[0], new ServiceAuthentication(new SymmetricKeyAuthentication(key, GetKey())), ServiceIdentityStatus.Enabled);
deviceScopeIdentitiesCache.Setup(d => d.GetServiceIdentity(deviceId))
.ReturnsAsync(Option.Some(serviceIdentity1));
deviceScopeIdentitiesCache.Setup(d => d.RefreshServiceIdentity(deviceId))
.Callback <string>((id) => deviceScopeIdentitiesCache.Setup(d => d.GetServiceIdentity(deviceId)).ReturnsAsync(Option.Some(serviceIdentity2)))
.Returns(Task.CompletedTask);
deviceScopeIdentitiesCache.Setup(d => d.GetAuthChain(It.Is <string>(i => i == deviceId)))
.ReturnsAsync(Option.Some(deviceId));
IAuthenticator authenticator = new DeviceScopeTokenAuthenticator(deviceScopeIdentitiesCache.Object, iothubHostName, edgehubHostName, underlyingAuthenticator, true, true);
var identity = Mock.Of <IDeviceIdentity>(d => d.DeviceId == deviceId && d.Id == deviceId);
string token = GetDeviceToken(iothubHostName, deviceId, key);
var tokenCredentials = Mock.Of <ITokenCredentials>(t => t.Identity == identity && t.Token == token);
// Act
bool isAuthenticated = await authenticator.ReauthenticateAsync(tokenCredentials);
// Assert
Assert.False(isAuthenticated);
Mock.Get(underlyingAuthenticator).VerifyAll();
deviceScopeIdentitiesCache.Verify(d => d.GetServiceIdentity(deviceId), Times.Once);
deviceScopeIdentitiesCache.Verify(d => d.RefreshServiceIdentity(deviceId), Times.Never);
}
public async Task InvalidAuthChainTest_UnauthorizedActor()
{
// Arrange
string iothubHostName = "testiothub.azure-devices.net";
string edgehubHostName = "edgehub1";
string rootEdgeId = "rootEdge";
string actorEdgeId = "childEdge";
string leafDeviceId = "leaf";
var authChain = Option.Some <string>(leafDeviceId + ";" + "NotActorEdge" + ";" + rootEdgeId);
var underlyingAuthenticator = Mock.Of <IAuthenticator>();
var deviceScopeIdentitiesCache = new Mock <IDeviceScopeIdentitiesCache>();
string key = GetKey();
deviceScopeIdentitiesCache.Setup(d => d.GetAuthChain(It.Is <string>(i => i == leafDeviceId)))
.ReturnsAsync(authChain);
var authenticator = new DeviceScopeTokenAuthenticator(deviceScopeIdentitiesCache.Object, iothubHostName, edgehubHostName, underlyingAuthenticator, true, true);
var identity = Mock.Of <IModuleIdentity>(d => d.DeviceId == actorEdgeId && d.ModuleId == Constants.EdgeHubModuleId && d.Id == $"{actorEdgeId}/{Constants.EdgeHubModuleId}");
string token = GetDeviceToken(iothubHostName, actorEdgeId, Constants.EdgeHubModuleId, key);
var tokenCredentials = Mock.Of <ITokenCredentials>(t => t.Identity == identity && t.Token == token);
// Act
bool isAuthenticated = await authenticator.AuthenticateAsync(tokenCredentials);
// Assert
Assert.False(isAuthenticated);
}
public async Task ValidateUnderlyingAuthenticatorErrorTest()
{
// Arrange
string iothubHostName = "testiothub.azure-devices.net";
string edgehubHostName = "edgehub1";
string deviceId = "d1";
var underlyingAuthenticator = Mock.Of <IAuthenticator>();
Mock.Get(underlyingAuthenticator).Setup(u => u.AuthenticateAsync(It.IsAny <IClientCredentials>())).ThrowsAsync(new TimeoutException());
var deviceScopeIdentitiesCache = new Mock <IDeviceScopeIdentitiesCache>();
deviceScopeIdentitiesCache.Setup(d => d.GetServiceIdentity(It.Is <string>(i => i == deviceId)))
.ReturnsAsync(Option.None <ServiceIdentity>());
IAuthenticator authenticator = new DeviceScopeTokenAuthenticator(deviceScopeIdentitiesCache.Object, iothubHostName, edgehubHostName, underlyingAuthenticator, true, true);
var identity = Mock.Of <IDeviceIdentity>(d => d.DeviceId == deviceId && d.Id == deviceId);
string token = GetDeviceToken(iothubHostName, deviceId, GetKey());
var tokenCredentials = Mock.Of <ITokenCredentials>(t => t.Identity == identity && t.Token == token);
// Act
await Assert.ThrowsAsync <TimeoutException>(() => authenticator.AuthenticateAsync(tokenCredentials));
// Assert
Mock.Get(underlyingAuthenticator).VerifyAll();
Mock.Get(underlyingAuthenticator).Verify(u => u.AuthenticateAsync(It.IsAny <IClientCredentials>()), Times.Once);
}
public void InvalidAudienceTest_Hostname()
{
// Arrange
string iothubHostName = "testiothub.azure-devices.net";
string edgehubHostName = "edgehub1";
string deviceId = "d1";
var underlyingAuthenticator = Mock.Of <IAuthenticator>();
var deviceScopeIdentitiesCache = Mock.Of <IDeviceScopeIdentitiesCache>();
string key = GetKey();
var authenticator = new DeviceScopeTokenAuthenticator(deviceScopeIdentitiesCache, iothubHostName, edgehubHostName, underlyingAuthenticator, true, true);
var identity = Mock.Of <IDeviceIdentity>(d => d.DeviceId == deviceId && d.Id == deviceId);
string token = GetDeviceToken("edgehub2", deviceId, key);
SharedAccessSignature sharedAccessSignature = SharedAccessSignature.Parse(edgehubHostName, token);
string audience = sharedAccessSignature.Audience;
// Act
bool isAuthenticated = authenticator.ValidateAudience(audience, identity);
// Assert
Assert.False(isAuthenticated);
Mock.Get(underlyingAuthenticator).VerifyAll();
}
public async Task AuthenticateTest_Device_TokenExpired()
{
// Arrange
string iothubHostName = "testiothub.azure-devices.net";
string edgehubHostName = "edgehub1";
string deviceId = "d1";
var underlyingAuthenticator = Mock.Of <IAuthenticator>();
var deviceScopeIdentitiesCache = new Mock <IDeviceScopeIdentitiesCache>();
string key = GetKey();
var serviceIdentity = new ServiceIdentity(deviceId, "1234", new string[0], new ServiceAuthentication(new SymmetricKeyAuthentication(key, GetKey())), ServiceIdentityStatus.Enabled);
deviceScopeIdentitiesCache.Setup(d => d.GetServiceIdentity(It.Is <string>(i => i == deviceId)))
.ReturnsAsync(Option.Some(serviceIdentity));
IAuthenticator authenticator = new DeviceScopeTokenAuthenticator(deviceScopeIdentitiesCache.Object, iothubHostName, edgehubHostName, underlyingAuthenticator, true, true);
var identity = Mock.Of <IDeviceIdentity>(d => d.DeviceId == deviceId && d.Id == deviceId);
string token = GetDeviceToken(iothubHostName, deviceId, key, TimeSpan.FromHours(-1));
var tokenCredentials = Mock.Of <ITokenCredentials>(t => t.Identity == identity && t.Token == token);
// Act
bool isAuthenticated = await authenticator.AuthenticateAsync(tokenCredentials);
// Assert
Assert.False(isAuthenticated);
Mock.Get(underlyingAuthenticator).VerifyAll();
}
public async Task AuthenticateTest_Nested_Module()
{
// Arrange
string iothubHostName = "testiothub.azure-devices.net";
string edgehubHostName = "edgehub1";
string actorEdgeId = "parentEdge";
string nestedEdgeId = "childEdge";
string nestedModuleId = nestedEdgeId + "/" + Constants.EdgeHubModuleId;
var authChain = Option.Some <string>(nestedModuleId + ";" + nestedEdgeId + ";" + actorEdgeId);
var underlyingAuthenticator = Mock.Of <IAuthenticator>();
var deviceScopeIdentitiesCache = new Mock <IDeviceScopeIdentitiesCache>();
string key = GetKey();
var nestedModuleIdentity = Mock.Of <IModuleIdentity>(i => i.DeviceId == nestedEdgeId && i.ModuleId == Constants.EdgeHubModuleId && i.Id == nestedModuleId);
var actorAuth = new SymmetricKeyAuthentication(key, key);
var actorEdgeHubServiceIdentity = new ServiceIdentity(actorEdgeId, Constants.EdgeHubModuleId, null, new List <string>(), "1234", Enumerable.Empty <string>(), new ServiceAuthentication(actorAuth), ServiceIdentityStatus.Enabled);
string actorEdgeHubId = actorEdgeHubServiceIdentity.Id;
deviceScopeIdentitiesCache.Setup(d => d.GetAuthChain(It.Is <string>(i => i == nestedModuleId)))
.ReturnsAsync(authChain);
deviceScopeIdentitiesCache.Setup(d => d.GetServiceIdentity(It.Is <string>(i => i == actorEdgeHubId)))
.ReturnsAsync(Option.Some(actorEdgeHubServiceIdentity));
var authenticator = new DeviceScopeTokenAuthenticator(deviceScopeIdentitiesCache.Object, iothubHostName, edgehubHostName, underlyingAuthenticator, true, true, true);
var actorEdgeHubIdentity = Mock.Of <IModuleIdentity>(d => d.DeviceId == actorEdgeId && d.ModuleId == Constants.EdgeHubModuleId && d.Id == $"{actorEdgeId}/{Constants.EdgeHubModuleId}");
string token = GetDeviceToken(iothubHostName, actorEdgeId, Constants.EdgeHubModuleId, key);
var tokenCredentials = Mock.Of <ITokenCredentials>(t => t.Identity == actorEdgeHubIdentity && t.Token == token && t.AuthChain == authChain);
// Act
bool isAuthenticated = await authenticator.AuthenticateAsync(tokenCredentials);
// Assert
Assert.True(isAuthenticated);
Mock.Get(underlyingAuthenticator).VerifyAll();
}
public async Task AuthenticateTest_ModuleWithDeviceKey()
{
// Arrange
string iothubHostName = "testiothub.azure-devices.net";
string edgehubHostName = "edgehub1";
string deviceId = "d1";
string moduleId = "m1";
var underlyingAuthenticator = Mock.Of <IAuthenticator>();
var deviceScopeIdentitiesCache = new Mock <IDeviceScopeIdentitiesCache>();
string key = GetKey();
var deviceServiceIdentity = new ServiceIdentity(deviceId, "1234", new string[0], new ServiceAuthentication(new SymmetricKeyAuthentication(key, GetKey())), ServiceIdentityStatus.Enabled);
var moduleServiceIdentity = new ServiceIdentity(deviceId, moduleId, "e1", new List <string>(), "1234", new string[0], new ServiceAuthentication(new SymmetricKeyAuthentication(GetKey(), GetKey())), ServiceIdentityStatus.Enabled);
deviceScopeIdentitiesCache.Setup(d => d.GetServiceIdentity(It.Is <string>(i => i == $"{deviceId}/{moduleId}")))
.ReturnsAsync(Option.Some(moduleServiceIdentity));
deviceScopeIdentitiesCache.Setup(d => d.GetAuthChain(It.Is <string>(i => i == $"{deviceId}/{moduleId}")))
.ReturnsAsync(Option.Some($"{deviceId}/{moduleId}"));
deviceScopeIdentitiesCache.Setup(d => d.GetServiceIdentity(It.Is <string>(i => i == deviceId)))
.ReturnsAsync(Option.Some(deviceServiceIdentity));
deviceScopeIdentitiesCache.Setup(d => d.GetAuthChain(It.Is <string>(i => i == deviceId)))
.ReturnsAsync(Option.Some(deviceId));
IAuthenticator authenticator = new DeviceScopeTokenAuthenticator(deviceScopeIdentitiesCache.Object, iothubHostName, edgehubHostName, underlyingAuthenticator, true, true);
var identity = Mock.Of <IModuleIdentity>(d => d.DeviceId == deviceId && d.ModuleId == moduleId && d.Id == $"{deviceId}/{moduleId}");
string token = GetDeviceToken(iothubHostName, deviceId, moduleId, key);
var tokenCredentials = Mock.Of <ITokenCredentials>(t => t.Identity == identity && t.Token == token);
// Act
bool isAuthenticated = await authenticator.AuthenticateAsync(tokenCredentials);
// Assert
Assert.True(isAuthenticated);
Mock.Get(underlyingAuthenticator).VerifyAll();
}
public void InvalidAuthChainTest_UnauthorizedActor()
{
// Arrange
string iothubHostName = "testiothub.azure-devices.net";
string edgehubHostName = "edgehub1";
string rootEdgeId = "rootEdge";
string actorEdgeId = "childEdge";
string leafDeviceId = "leaf";
var authChain = Option.Some <string>(leafDeviceId + ";" + "NotActorEdge" + ";" + rootEdgeId);
var underlyingAuthenticator = Mock.Of <IAuthenticator>();
var deviceScopeIdentitiesCache = new Mock <IDeviceScopeIdentitiesCache>();
string key = GetKey();
deviceScopeIdentitiesCache.Setup(d => d.GetAuthChain(It.Is <string>(i => i == leafDeviceId)))
.ReturnsAsync(authChain);
var authenticator = new DeviceScopeTokenAuthenticator(deviceScopeIdentitiesCache.Object, iothubHostName, edgehubHostName, underlyingAuthenticator, true, true);
var identity = Mock.Of <IDeviceIdentity>(d => d.DeviceId == leafDeviceId && d.Id == leafDeviceId);
string token = GetDeviceToken(iothubHostName, actorEdgeId, Constants.EdgeHubModuleId, key);
SharedAccessSignature sharedAccessSignature = SharedAccessSignature.Parse(iothubHostName, token);
string audience = sharedAccessSignature.Audience;
// Act
bool isAuthenticated = authenticator.ValidateAudience(audience, identity, authChain);
// Assert
Assert.False(isAuthenticated);
}
public void InvalidAudienceTest_Device_Format()
{
// Arrange
string iothubHostName = "testiothub.azure-devices.net";
string edgehubHostName = "edgehub1";
string deviceId = "d1";
var underlyingAuthenticator = Mock.Of <IAuthenticator>();
var deviceScopeIdentitiesCache = Mock.Of <IDeviceScopeIdentitiesCache>();
var authenticator = new DeviceScopeTokenAuthenticator(deviceScopeIdentitiesCache, iothubHostName, edgehubHostName, underlyingAuthenticator, true, true);
var identity = Mock.Of <IDeviceIdentity>(d => d.DeviceId == deviceId && d.Id == deviceId);
string audience = $"{iothubHostName}/devices/{deviceId}/foo";
// Act
bool isAuthenticated = authenticator.ValidateAudience(audience, identity);
// Assert
Assert.False(isAuthenticated);
Mock.Get(underlyingAuthenticator).VerifyAll();
}
public void InvalidAudienceTest_Module_Format()
{
// Arrange
string iothubHostName = "testiothub.azure-devices.net";
string edgehubHostName = "edgehub1";
string deviceId = "d1";
string moduleId = "m1";
var connectionManager = Mock.Of <IConnectionManager>();
var underlyingAuthenticator = Mock.Of <IAuthenticator>();
var deviceScopeIdentitiesCache = Mock.Of <IDeviceScopeIdentitiesCache>();
string key = GetKey();
var authenticator = new DeviceScopeTokenAuthenticator(deviceScopeIdentitiesCache, iothubHostName, edgehubHostName, underlyingAuthenticator, connectionManager);
var identity = Mock.Of <IModuleIdentity>(d => d.DeviceId == deviceId && d.ModuleId == moduleId && d.Id == $"{deviceId}/{moduleId}");
string audience = $"{iothubHostName}/devices/{deviceId}/modules/{moduleId}/m1";
// Act
bool isAuthenticated = authenticator.ValidateAudience(audience, identity);
// Assert
Assert.False(isAuthenticated);
Mock.Get(underlyingAuthenticator).VerifyAll();
}
protected override void Load(ContainerBuilder builder)
{
// ISignatureProvider
builder.Register(
c =>
{
ISignatureProvider signatureProvider = this.edgeHubConnectionString.Map(
cs =>
{
IotHubConnectionStringBuilder csBuilder = IotHubConnectionStringBuilder.Create(cs);
return(new SharedAccessKeySignatureProvider(csBuilder.SharedAccessKey) as ISignatureProvider);
})
.GetOrElse(
() =>
{
string edgeHubGenerationId = this.edgeHubGenerationId.Expect(() => new InvalidOperationException("Generation ID missing"));
string workloadUri = this.workloadUri.Expect(() => new InvalidOperationException("workloadUri is missing"));
return(new HttpHsmSignatureProvider(this.edgeHubModuleId, edgeHubGenerationId, workloadUri, Constants.WorkloadApiVersion) as ISignatureProvider);
});
return(signatureProvider);
})
.As <ISignatureProvider>()
.SingleInstance();
// Detect system environment
builder.Register(c => new SystemEnvironment())
.As <ISystemEnvironment>()
.SingleInstance();
// DataBase options
builder.Register(c => new RocksDbOptionsProvider(c.Resolve <ISystemEnvironment>(), this.optimizeForPerformance))
.As <IRocksDbOptionsProvider>()
.SingleInstance();
// IDbStoreProvider
builder.Register(
c =>
{
var loggerFactory = c.Resolve <ILoggerFactory>();
ILogger logger = loggerFactory.CreateLogger(typeof(RoutingModule));
if (this.usePersistentStorage)
{
// Create partitions for messages and twins
var partitionsList = new List <string> {
Core.Constants.MessageStorePartitionKey, Core.Constants.TwinStorePartitionKey, Core.Constants.CheckpointStorePartitionKey
};
try
{
IDbStoreProvider dbStoreprovider = DbStoreProvider.Create(
c.Resolve <IRocksDbOptionsProvider>(),
this.storagePath,
partitionsList);
logger.LogInformation($"Created persistent store at {this.storagePath}");
return(dbStoreprovider);
}
catch (Exception ex) when(!ExceptionEx.IsFatal(ex))
{
logger.LogError(ex, "Error creating RocksDB store. Falling back to in-memory store.");
return(new InMemoryDbStoreProvider());
}
}
else
{
logger.LogInformation($"Using in-memory store");
return(new InMemoryDbStoreProvider());
}
})
.As <IDbStoreProvider>()
.SingleInstance();
// Task<Option<IEncryptionProvider>>
builder.Register(
async c =>
{
Option <IEncryptionProvider> encryptionProviderOption = await this.workloadUri
.Map(
async uri =>
{
var encryptionProvider = await EncryptionProvider.CreateAsync(
this.storagePath,
new Uri(uri),
Constants.WorkloadApiVersion,
this.edgeHubModuleId,
this.edgeHubGenerationId.Expect(() => new InvalidOperationException("Missing generation ID")),
Constants.InitializationVectorFileName) as IEncryptionProvider;
return(Option.Some(encryptionProvider));
})
.GetOrElse(() => Task.FromResult(Option.None <IEncryptionProvider>()));
return(encryptionProviderOption);
})
.As <Task <Option <IEncryptionProvider> > >()
.SingleInstance();
// IStoreProvider
builder.Register(c => new StoreProvider(c.Resolve <IDbStoreProvider>()))
.As <IStoreProvider>()
.SingleInstance();
// ITokenProvider
builder.Register(c => new ClientTokenProvider(c.Resolve <ISignatureProvider>(), this.iothubHostName, this.edgeDeviceId, this.edgeHubModuleId, TimeSpan.FromHours(1)))
.Named <ITokenProvider>("EdgeHubClientAuthTokenProvider")
.SingleInstance();
// ITokenProvider
builder.Register(
c =>
{
string deviceId = WebUtility.UrlEncode(this.edgeDeviceId);
string moduleId = WebUtility.UrlEncode(this.edgeHubModuleId);
return(new ClientTokenProvider(c.Resolve <ISignatureProvider>(), this.iothubHostName, deviceId, moduleId, TimeSpan.FromHours(1)));
})
.Named <ITokenProvider>("EdgeHubServiceAuthTokenProvider")
.SingleInstance();
// Task<IDeviceScopeIdentitiesCache>
builder.Register(
async c =>
{
IDeviceScopeIdentitiesCache deviceScopeIdentitiesCache;
if (this.authenticationMode == AuthenticationMode.CloudAndScope || this.authenticationMode == AuthenticationMode.Scope)
{
var edgeHubTokenProvider = c.ResolveNamed <ITokenProvider>("EdgeHubServiceAuthTokenProvider");
IDeviceScopeApiClient securityScopesApiClient = new DeviceScopeApiClient(this.iothubHostName, this.edgeDeviceId, this.edgeHubModuleId, 10, edgeHubTokenProvider);
IServiceProxy serviceProxy = new ServiceProxy(securityScopesApiClient);
IKeyValueStore <string, string> encryptedStore = await GetEncryptedStore(c, "DeviceScopeCache");
deviceScopeIdentitiesCache = await DeviceScopeIdentitiesCache.Create(serviceProxy, encryptedStore, this.scopeCacheRefreshRate);
}
else
{
deviceScopeIdentitiesCache = new NullDeviceScopeIdentitiesCache();
}
return(deviceScopeIdentitiesCache);
})
.As <Task <IDeviceScopeIdentitiesCache> >()
.AutoActivate()
.SingleInstance();
// Task<ICredentialsCache>
builder.Register(
async c =>
{
ICredentialsCache underlyingCredentialsCache;
if (this.persistTokens)
{
IKeyValueStore <string, string> encryptedStore = await GetEncryptedStore(c, "CredentialsCache");
return(new PersistedTokenCredentialsCache(encryptedStore));
}
else
{
underlyingCredentialsCache = new NullCredentialsCache();
}
ICredentialsCache credentialsCache = new CredentialsCache(underlyingCredentialsCache);
return(credentialsCache);
})
.As <Task <ICredentialsCache> >()
.SingleInstance();
// Task<IAuthenticator>
builder.Register(
async c =>
{
IAuthenticator tokenAuthenticator;
IAuthenticator certificateAuthenticator;
IDeviceScopeIdentitiesCache deviceScopeIdentitiesCache;
var credentialsCacheTask = c.Resolve <Task <ICredentialsCache> >();
// by default regardless of how the authenticationMode, X.509 certificate validation will always be scoped
deviceScopeIdentitiesCache = await c.Resolve <Task <IDeviceScopeIdentitiesCache> >();
certificateAuthenticator = new DeviceScopeCertificateAuthenticator(deviceScopeIdentitiesCache, new NullAuthenticator(), this.trustBundle, true);
switch (this.authenticationMode)
{
case AuthenticationMode.Cloud:
tokenAuthenticator = await this.GetCloudTokenAuthenticator(c);
break;
case AuthenticationMode.Scope:
tokenAuthenticator = new DeviceScopeTokenAuthenticator(deviceScopeIdentitiesCache, this.iothubHostName, this.edgeDeviceHostName, new NullAuthenticator(), true, true);
break;
default:
IAuthenticator cloudTokenAuthenticator = await this.GetCloudTokenAuthenticator(c);
tokenAuthenticator = new DeviceScopeTokenAuthenticator(deviceScopeIdentitiesCache, this.iothubHostName, this.edgeDeviceHostName, cloudTokenAuthenticator, true, true);
break;
}
ICredentialsCache credentialsCache = await credentialsCacheTask;
return(new Authenticator(tokenAuthenticator, certificateAuthenticator, credentialsCache) as IAuthenticator);
})
.As <Task <IAuthenticator> >()
.SingleInstance();
// IClientCredentialsFactory
builder.Register(c => new ClientCredentialsFactory(c.Resolve <IIdentityProvider>(), this.productInfo))
.As <IClientCredentialsFactory>()
.SingleInstance();
// ConnectionReauthenticator
builder.Register(
async c =>
{
var edgeHubCredentials = c.ResolveNamed <IClientCredentials>("EdgeHubCredentials");
var connectionManagerTask = c.Resolve <Task <IConnectionManager> >();
var authenticatorTask = c.Resolve <Task <IAuthenticator> >();
var credentialsCacheTask = c.Resolve <Task <ICredentialsCache> >();
var deviceScopeIdentitiesCacheTask = c.Resolve <Task <IDeviceScopeIdentitiesCache> >();
var deviceConnectivityManager = c.Resolve <IDeviceConnectivityManager>();
IConnectionManager connectionManager = await connectionManagerTask;
IAuthenticator authenticator = await authenticatorTask;
ICredentialsCache credentialsCache = await credentialsCacheTask;
IDeviceScopeIdentitiesCache deviceScopeIdentitiesCache = await deviceScopeIdentitiesCacheTask;
var connectionReauthenticator = new ConnectionReauthenticator(
connectionManager,
authenticator,
credentialsCache,
deviceScopeIdentitiesCache,
TimeSpan.FromMinutes(5),
edgeHubCredentials.Identity,
deviceConnectivityManager);
return(connectionReauthenticator);
})
.As <Task <ConnectionReauthenticator> >()
.SingleInstance();
base.Load(builder);
}
protected override void Load(ContainerBuilder builder)
{
// ISignatureProvider
builder.Register(
c =>
{
ISignatureProvider signatureProvider = this.edgeHubConnectionString.Map(
cs =>
{
IotHubConnectionStringBuilder csBuilder = IotHubConnectionStringBuilder.Create(cs);
return(new SharedAccessKeySignatureProvider(csBuilder.SharedAccessKey) as ISignatureProvider);
})
.GetOrElse(
() =>
{
string edgeHubGenerationId = this.edgeHubGenerationId.Expect(() => new InvalidOperationException("Generation ID missing"));
string workloadUri = this.workloadUri.Expect(() => new InvalidOperationException("workloadUri is missing"));
return(new HttpHsmSignatureProvider(this.edgeHubModuleId, edgeHubGenerationId, workloadUri, Service.Constants.WorkloadApiVersion) as ISignatureProvider);
});
return(signatureProvider);
})
.As <ISignatureProvider>()
.SingleInstance();
// Detect system environment
builder.Register(c => new SystemEnvironment())
.As <ISystemEnvironment>()
.SingleInstance();
// DataBase options
builder.Register(c => new Storage.RocksDb.RocksDbOptionsProvider(c.Resolve <ISystemEnvironment>(), this.optimizeForPerformance))
.As <Storage.RocksDb.IRocksDbOptionsProvider>()
.SingleInstance();
// IDbStoreProvider
builder.Register(
c =>
{
var loggerFactory = c.Resolve <ILoggerFactory>();
ILogger logger = loggerFactory.CreateLogger(typeof(RoutingModule));
if (this.usePersistentStorage)
{
// Create partitions for messages and twins
var partitionsList = new List <string> {
Core.Constants.MessageStorePartitionKey, Core.Constants.TwinStorePartitionKey, Core.Constants.CheckpointStorePartitionKey
};
try
{
IDbStoreProvider dbStoreprovider = Storage.RocksDb.DbStoreProvider.Create(c.Resolve <Storage.RocksDb.IRocksDbOptionsProvider>(),
this.storagePath, partitionsList);
logger.LogInformation($"Created persistent store at {this.storagePath}");
return(dbStoreprovider);
}
catch (Exception ex) when(!ExceptionEx.IsFatal(ex))
{
logger.LogError(ex, "Error creating RocksDB store. Falling back to in-memory store.");
return(new InMemoryDbStoreProvider());
}
}
else
{
logger.LogInformation($"Using in-memory store");
return(new InMemoryDbStoreProvider());
}
})
.As <IDbStoreProvider>()
.SingleInstance();
// Task<IEncryptionProvider>
builder.Register(
async c =>
{
IEncryptionProvider encryptionProvider = await this.workloadUri.Map(
async uri => await EncryptionProvider.CreateAsync(
this.storagePath,
new Uri(uri),
Service.Constants.WorkloadApiVersion,
this.edgeHubModuleId,
this.edgeHubGenerationId.Expect(() => new InvalidOperationException("Missing generation ID")),
Service.Constants.InitializationVectorFileName) as IEncryptionProvider)
.GetOrElse(() => Task.FromResult <IEncryptionProvider>(NullEncryptionProvider.Instance));
return(encryptionProvider);
})
.As <Task <IEncryptionProvider> >()
.SingleInstance();
// IStoreProvider
builder.Register(c => new StoreProvider(c.Resolve <IDbStoreProvider>()))
.As <IStoreProvider>()
.SingleInstance();
// ITokenProvider
builder.Register(c => new ModuleTokenProvider(c.Resolve <ISignatureProvider>(), this.iothubHostName, this.edgeDeviceId, this.edgeHubModuleId, TimeSpan.FromHours(1)))
.Named <ITokenProvider>("EdgeHubClientAuthTokenProvider")
.SingleInstance();
// ITokenProvider
builder.Register(c =>
{
string deviceId = WebUtility.UrlEncode(this.edgeDeviceId);
string moduleId = WebUtility.UrlEncode(this.edgeHubModuleId);
return(new ModuleTokenProvider(c.Resolve <ISignatureProvider>(), this.iothubHostName, deviceId, moduleId, TimeSpan.FromHours(1)));
})
.Named <ITokenProvider>("EdgeHubServiceAuthTokenProvider")
.SingleInstance();
// Task<IKeyValueStore<string, string>> - EncryptedStore
builder.Register(
async c =>
{
var storeProvider = c.Resolve <IStoreProvider>();
IEncryptionProvider encryptionProvider = await c.Resolve <Task <IEncryptionProvider> >();
IEntityStore <string, string> entityStore = storeProvider.GetEntityStore <string, string>("SecurityScopeCache");
IKeyValueStore <string, string> encryptedStore = new EncryptedStore <string, string>(entityStore, encryptionProvider);
return(encryptedStore);
})
.Named <Task <IKeyValueStore <string, string> > >("EncryptedStore")
.SingleInstance();
// Task<IDeviceScopeIdentitiesCache>
builder.Register(
async c =>
{
IDeviceScopeIdentitiesCache deviceScopeIdentitiesCache;
if (this.authenticationMode == AuthenticationMode.CloudAndScope || this.authenticationMode == AuthenticationMode.Scope)
{
var edgeHubTokenProvider = c.ResolveNamed <ITokenProvider>("EdgeHubServiceAuthTokenProvider");
IDeviceScopeApiClient securityScopesApiClient = new DeviceScopeApiClient(this.iothubHostName, this.edgeDeviceId, this.edgeHubModuleId, 10, edgeHubTokenProvider);
IServiceProxy serviceProxy = new ServiceProxy(securityScopesApiClient);
IKeyValueStore <string, string> encryptedStore = await c.ResolveNamed <Task <IKeyValueStore <string, string> > >("EncryptedStore");
deviceScopeIdentitiesCache = await DeviceScopeIdentitiesCache.Create(serviceProxy, encryptedStore, this.scopeCacheRefreshRate);
}
else
{
deviceScopeIdentitiesCache = new NullDeviceScopeIdentitiesCache();
}
return(deviceScopeIdentitiesCache);
})
.As <Task <IDeviceScopeIdentitiesCache> >()
.SingleInstance();
// Task<IAuthenticator>
builder.Register(async c =>
{
IConnectionManager connectionManager = await c.Resolve <Task <IConnectionManager> >();
IAuthenticator tokenAuthenticator;
IDeviceScopeIdentitiesCache deviceScopeIdentitiesCache;
switch (this.authenticationMode)
{
case AuthenticationMode.Cloud:
if (this.cacheTokens)
{
ICredentialsStore credentialsStore = await c.Resolve <Task <ICredentialsStore> >();
IAuthenticator authenticator = new CloudTokenAuthenticator(connectionManager);
tokenAuthenticator = new TokenCacheAuthenticator(authenticator, credentialsStore, this.iothubHostName);
}
else
{
tokenAuthenticator = new CloudTokenAuthenticator(connectionManager);
}
break;
case AuthenticationMode.Scope:
deviceScopeIdentitiesCache = await c.Resolve <Task <IDeviceScopeIdentitiesCache> >();
tokenAuthenticator = new DeviceScopeTokenAuthenticator(deviceScopeIdentitiesCache, this.iothubHostName, this.edgeDeviceHostName, new NullAuthenticator(), connectionManager);
break;
default:
deviceScopeIdentitiesCache = await c.Resolve <Task <IDeviceScopeIdentitiesCache> >();
IAuthenticator cloudAuthenticator = new CloudTokenAuthenticator(connectionManager);
tokenAuthenticator = new DeviceScopeTokenAuthenticator(deviceScopeIdentitiesCache, this.iothubHostName, this.edgeDeviceHostName, cloudAuthenticator, connectionManager);
break;
}
return(new Authenticator(tokenAuthenticator, this.edgeDeviceId, connectionManager) as IAuthenticator);
})
.As <Task <IAuthenticator> >()
.SingleInstance();
// IClientCredentialsFactory
builder.Register(c => new ClientCredentialsFactory(this.iothubHostName, this.productInfo))
.As <IClientCredentialsFactory>()
.SingleInstance();
base.Load(builder);
}
protected override void Load(ContainerBuilder builder)
{
// IMetricsListener
builder.Register(
c =>
this.metricsConfig.Enabled
? new MetricsListener(this.metricsConfig.ListenerConfig, c.Resolve <IMetricsProvider>())
: new NullMetricsListener() as IMetricsListener)
.As <IMetricsListener>()
.SingleInstance();
// IMetricsProvider
builder.Register(
c =>
this.metricsConfig.Enabled
? new MetricsProvider(MetricsConstants.EdgeHubMetricPrefix, this.iothubHostName, this.edgeDeviceId, this.metricsConfig.HistogramMaxAge)
: new NullMetricsProvider() as IMetricsProvider)
.As <IMetricsProvider>()
.SingleInstance();
// ISignatureProvider
builder.Register(
c =>
{
ISignatureProvider signatureProvider = this.edgeHubConnectionString.Map(
cs =>
{
IotHubConnectionStringBuilder csBuilder = IotHubConnectionStringBuilder.Create(cs);
return(new SharedAccessKeySignatureProvider(csBuilder.SharedAccessKey) as ISignatureProvider);
})
.GetOrElse(
() =>
{
string edgeHubGenerationId = this.edgeHubGenerationId.Expect(() => new InvalidOperationException("Generation ID missing"));
string workloadUri = this.workloadUri.Expect(() => new InvalidOperationException("workloadUri is missing"));
string workloadApiVersion = this.workloadApiVersion.Expect(() => new InvalidOperationException("workloadUri version is missing"));
return(new HttpHsmSignatureProvider(this.edgeHubModuleId, edgeHubGenerationId, workloadUri, workloadApiVersion, Constants.WorkloadApiVersion) as ISignatureProvider);
});
return(signatureProvider);
})
.As <ISignatureProvider>()
.SingleInstance();
// Detect system environment
builder.Register(c => new SystemEnvironment())
.As <ISystemEnvironment>()
.SingleInstance();
// DataBase options
builder.Register(c => new RocksDbOptionsProvider(c.Resolve <ISystemEnvironment>(), this.optimizeForPerformance, this.storageMaxTotalWalSize, this.storageMaxOpenFiles, this.storageLogLevel))
.As <IRocksDbOptionsProvider>()
.SingleInstance();
if (!this.usePersistentStorage && this.useBackupAndRestore)
{
// Backup and restore serialization
builder.Register(c => new ProtoBufDataBackupRestore())
.As <IDataBackupRestore>()
.SingleInstance();
}
// IStorageSpaceChecker
builder.Register(
c =>
{
IStorageSpaceChecker spaceChecker = !this.usePersistentStorage
? new MemorySpaceChecker(() => 0L) as IStorageSpaceChecker
: new NullStorageSpaceChecker();
return(spaceChecker);
})
.As <IStorageSpaceChecker>()
.SingleInstance();
// IDbStoreProvider
builder.Register(
async c =>
{
var loggerFactory = c.Resolve <ILoggerFactory>();
ILogger logger = loggerFactory.CreateLogger(typeof(RoutingModule));
if (this.usePersistentStorage)
{
// Create partitions for messages and twins
var partitionsList = new List <string> {
Core.Constants.MessageStorePartitionKey, Core.Constants.TwinStorePartitionKey, Core.Constants.CheckpointStorePartitionKey
};
try
{
IDbStoreProvider dbStoreProvider = DbStoreProvider.Create(
c.Resolve <IRocksDbOptionsProvider>(),
this.storagePath,
partitionsList);
logger.LogInformation($"Created persistent store at {this.storagePath}");
return(dbStoreProvider);
}
catch (Exception ex) when(!ex.IsFatal())
{
logger.LogError(ex, "Error creating RocksDB store. Falling back to in-memory store.");
IDbStoreProvider dbStoreProvider = await this.BuildInMemoryDbStoreProvider(c);
return(dbStoreProvider);
}
}
else
{
logger.LogInformation($"Using in-memory store");
IDbStoreProvider dbStoreProvider = await this.BuildInMemoryDbStoreProvider(c);
return(dbStoreProvider);
}
})
.As <Task <IDbStoreProvider> >()
.SingleInstance();
// Task<Option<IEncryptionProvider>>
builder.Register(
async c =>
{
Option <IEncryptionProvider> encryptionProviderOption = await this.workloadUri
.Map(
async uri =>
{
var encryptionProvider = await EncryptionProvider.CreateAsync(
this.storagePath,
new Uri(uri),
this.workloadApiVersion.Expect(() => new InvalidOperationException("Missing workload API version")),
Constants.WorkloadApiVersion,
this.edgeHubModuleId,
this.edgeHubGenerationId.Expect(() => new InvalidOperationException("Missing generation ID")),
Constants.InitializationVectorFileName) as IEncryptionProvider;
return(Option.Some(encryptionProvider));
})
.GetOrElse(() => Task.FromResult(Option.None <IEncryptionProvider>()));
return(encryptionProviderOption);
})
.As <Task <Option <IEncryptionProvider> > >()
.SingleInstance();
// Task<IStoreProvider>
builder.Register(async c =>
{
var dbStoreProvider = await c.Resolve <Task <IDbStoreProvider> >();
IStoreProvider storeProvider = new StoreProvider(dbStoreProvider);
return(storeProvider);
})
.As <Task <IStoreProvider> >()
.SingleInstance();
// Task<IMetadataStore>
builder.Register(
async c =>
{
var storeProvider = await c.Resolve <Task <IStoreProvider> >();
IKeyValueStore <string, string> entityStore = storeProvider.GetEntityStore <string, string>("ProductInfo", "MetadataStore");
IMetadataStore metadataStore = new MetadataStore(entityStore, this.productInfo);
return(metadataStore);
})
.As <Task <IMetadataStore> >()
.SingleInstance();
// ITokenProvider
builder.Register(c => new ClientTokenProvider(c.Resolve <ISignatureProvider>(), this.iothubHostName, this.edgeDeviceId, this.edgeHubModuleId, TimeSpan.FromHours(1)))
.Named <ITokenProvider>("EdgeHubClientAuthTokenProvider")
.SingleInstance();
// ITokenProvider
builder.Register(
c =>
{
string deviceId = WebUtility.UrlEncode(this.edgeDeviceId);
string moduleId = WebUtility.UrlEncode(this.edgeHubModuleId);
return(new ClientTokenProvider(c.Resolve <ISignatureProvider>(), this.iothubHostName, deviceId, moduleId, TimeSpan.FromHours(1)));
})
.Named <ITokenProvider>("EdgeHubServiceAuthTokenProvider")
.SingleInstance();
builder.Register(
c =>
{
var loggerFactory = c.Resolve <ILoggerFactory>();
var logger = loggerFactory.CreateLogger <RoutingModule>();
return(Proxy.Parse(this.proxy, logger));
})
.As <Option <IWebProxy> >()
.SingleInstance();
// IServiceIdentityHierarchy
builder.Register <IServiceIdentityHierarchy>(
c =>
{
if (this.nestedEdgeEnabled)
{
return(new ServiceIdentityTree(this.edgeDeviceId));
}
else
{
return(new ServiceIdentityDictionary(this.edgeDeviceId));
}
})
.As <IServiceIdentityHierarchy>()
.SingleInstance();
// Task<IDeviceScopeIdentitiesCache>
builder.Register(
async c =>
{
IDeviceScopeIdentitiesCache deviceScopeIdentitiesCache;
if (this.authenticationMode == AuthenticationMode.CloudAndScope || this.authenticationMode == AuthenticationMode.Scope)
{
var edgeHubTokenProvider = c.ResolveNamed <ITokenProvider>("EdgeHubServiceAuthTokenProvider");
var proxy = c.Resolve <Option <IWebProxy> >();
IServiceIdentityHierarchy serviceIdentityHierarchy = c.Resolve <IServiceIdentityHierarchy>();
string hostName = this.gatewayHostName.GetOrElse(this.iothubHostName);
IDeviceScopeApiClientProvider securityScopesApiClientProvider = new DeviceScopeApiClientProvider(hostName, this.edgeDeviceId, this.edgeHubModuleId, 10, edgeHubTokenProvider, serviceIdentityHierarchy, proxy);
IServiceProxy serviceProxy = new ServiceProxy(securityScopesApiClientProvider, this.nestedEdgeEnabled);
IKeyValueStore <string, string> encryptedStore = await GetEncryptedStore(c, "DeviceScopeCache");
deviceScopeIdentitiesCache = await DeviceScopeIdentitiesCache.Create(serviceIdentityHierarchy, serviceProxy, encryptedStore, this.scopeCacheRefreshRate, this.scopeCacheRefreshDelay);
}
else
{
deviceScopeIdentitiesCache = new NullDeviceScopeIdentitiesCache();
}
return(deviceScopeIdentitiesCache);
})
.As <Task <IDeviceScopeIdentitiesCache> >()
.AutoActivate()
.SingleInstance();
// IRegistryApiClient
builder.Register(
c =>
{
string upstreamHostname = this.gatewayHostName.GetOrElse(this.iothubHostName);
var proxy = c.Resolve <Option <IWebProxy> >();
var edgeHubTokenProvider = c.ResolveNamed <ITokenProvider>("EdgeHubServiceAuthTokenProvider");
return(new RegistryOnBehalfOfApiClient(upstreamHostname, proxy, edgeHubTokenProvider));
})
.As <IRegistryOnBehalfOfApiClient>()
.SingleInstance();
// Task<ICredentialsCache>
builder.Register(
async c =>
{
ICredentialsCache underlyingCredentialsCache;
if (this.persistTokens)
{
IKeyValueStore <string, string> encryptedStore = await GetEncryptedStore(c, "CredentialsCache");
return(new PersistedTokenCredentialsCache(encryptedStore));
}
else
{
underlyingCredentialsCache = new NullCredentialsCache();
}
ICredentialsCache credentialsCache;
if (this.nestedEdgeEnabled)
{
credentialsCache = new NestedCredentialsCache(underlyingCredentialsCache);
}
else
{
credentialsCache = new CredentialsCache(underlyingCredentialsCache);
}
return(credentialsCache);
})
.As <Task <ICredentialsCache> >()
.SingleInstance();
// Task<IAuthenticator>
builder.Register(
async c =>
{
IAuthenticator tokenAuthenticator;
IAuthenticator certificateAuthenticator;
IDeviceScopeIdentitiesCache deviceScopeIdentitiesCache;
var credentialsCacheTask = c.Resolve <Task <ICredentialsCache> >();
// by default regardless of how the authenticationMode, X.509 certificate validation will always be scoped
deviceScopeIdentitiesCache = await c.Resolve <Task <IDeviceScopeIdentitiesCache> >();
certificateAuthenticator = new DeviceScopeCertificateAuthenticator(deviceScopeIdentitiesCache, new NullAuthenticator(), this.trustBundle, true, this.nestedEdgeEnabled);
switch (this.authenticationMode)
{
case AuthenticationMode.Cloud:
tokenAuthenticator = await this.GetCloudTokenAuthenticator(c);
break;
case AuthenticationMode.Scope:
tokenAuthenticator = new DeviceScopeTokenAuthenticator(deviceScopeIdentitiesCache, this.iothubHostName, this.edgeDeviceHostName, new NullAuthenticator(), true, true, this.nestedEdgeEnabled);
break;
default:
IAuthenticator cloudTokenAuthenticator = await this.GetCloudTokenAuthenticator(c);
tokenAuthenticator = new DeviceScopeTokenAuthenticator(deviceScopeIdentitiesCache, this.iothubHostName, this.edgeDeviceHostName, cloudTokenAuthenticator, true, true, this.nestedEdgeEnabled);
break;
}
ICredentialsCache credentialsCache = await credentialsCacheTask;
return(new Authenticator(tokenAuthenticator, certificateAuthenticator, credentialsCache) as IAuthenticator);
})
.As <Task <IAuthenticator> >()
.SingleInstance();
// IClientCredentialsFactory
builder.Register(c => new ClientCredentialsFactory(c.Resolve <IIdentityProvider>(), this.productInfo))
.As <IClientCredentialsFactory>()
.SingleInstance();
// IClientCredentials "EdgeHubCredentials"
builder.Register(
c =>
{
var identityFactory = c.Resolve <IClientCredentialsFactory>();
IClientCredentials edgeHubCredentials = this.edgeHubConnectionString.Map(cs => identityFactory.GetWithConnectionString(cs)).GetOrElse(
() => identityFactory.GetWithIotEdged(this.edgeDeviceId, this.edgeHubModuleId));
return(edgeHubCredentials);
})
.Named <IClientCredentials>("EdgeHubCredentials")
.SingleInstance();
// ServiceIdentity "EdgeHubIdentity"
builder.Register(
c =>
{
return(new ServiceIdentity(
this.edgeDeviceId,
this.edgeHubModuleId,
deviceScope: null,
parentScopes: new List <string>(),
this.edgeHubGenerationId.GetOrElse("0"),
capabilities: new List <string>(),
new ServiceAuthentication(ServiceAuthenticationType.None),
ServiceIdentityStatus.Enabled));
})
.Named <ServiceIdentity>("EdgeHubIdentity")
.SingleInstance();
// ConnectionReauthenticator
builder.Register(
async c =>
{
var edgeHubCredentials = c.ResolveNamed <IClientCredentials>("EdgeHubCredentials");
var connectionManagerTask = c.Resolve <Task <IConnectionManager> >();
var authenticatorTask = c.Resolve <Task <IAuthenticator> >();
var credentialsCacheTask = c.Resolve <Task <ICredentialsCache> >();
var deviceScopeIdentitiesCacheTask = c.Resolve <Task <IDeviceScopeIdentitiesCache> >();
var deviceConnectivityManager = c.Resolve <IDeviceConnectivityManager>();
IConnectionManager connectionManager = await connectionManagerTask;
IAuthenticator authenticator = await authenticatorTask;
ICredentialsCache credentialsCache = await credentialsCacheTask;
IDeviceScopeIdentitiesCache deviceScopeIdentitiesCache = await deviceScopeIdentitiesCacheTask;
var connectionReauthenticator = new ConnectionReauthenticator(
connectionManager,
authenticator,
credentialsCache,
deviceScopeIdentitiesCache,
TimeSpan.FromMinutes(5),
edgeHubCredentials.Identity,
deviceConnectivityManager);
return(connectionReauthenticator);
})
.As <Task <ConnectionReauthenticator> >()
.SingleInstance();
base.Load(builder);
}
