async Task <SignResponse> SignAsyncWithRetry(HttpWorkloadClient hsmHttpClient, SignRequest signRequest)
{
var transientRetryPolicy = new RetryPolicy(TransientErrorDetectionStrategy, TransientRetryStrategy);
SignResponse response = await transientRetryPolicy.ExecuteAsync(() => hsmHttpClient.SignAsync(this.apiVersion, this.moduleId, this.generationId, signRequest));
return(response);
}
public async Task SignAsync()
{
byte[] data = Encoding.UTF8.GetBytes("some text");
using (HttpClient httpClient = HttpClientHelper.GetHttpClient(this.serverUri))
{
var workload = new HttpWorkloadClient(httpClient)
{
BaseUrl = HttpClientHelper.GetBaseUrl(this.serverUri)
};
var payload = new SignRequest()
{
Algo = SignRequestAlgo.HMACSHA256,
Data = data,
KeyId = "primary"
};
SignResponse response = await workload.SignAsync(WorkloadApiVersion, "testModule", "1", payload);
string expected;
using (var algorithm = new HMACSHA256(Encoding.UTF8.GetBytes("key")))
{
expected = Convert.ToBase64String(algorithm.ComputeHash(data));
}
Assert.Equal(expected, Convert.ToBase64String(response.Digest));
}
}
public override Task DeleteSecretAsync(string secretId)
{
using (HttpClient httpClient = HttpClientHelper.GetHttpClient(this.WorkloadUri))
{
var edgeletHttpClient = new HttpWorkloadClient(httpClient)
{
BaseUrl = HttpClientHelper.GetBaseUrl(this.WorkloadUri)
};
return(this.Execute(() => edgeletHttpClient.DeleteSecretAsync(this.Version.Name, this.ModuleId, secretId), "DeleteSecretAsync"));
}
}
public override async Task <string> GetTrustBundleAsync()
{
using (HttpClient httpClient = HttpClientHelper.GetHttpClient(this.WorkloadUri))
{
var edgeletHttpClient = new HttpWorkloadClient(httpClient)
{
BaseUrl = HttpClientHelper.GetBaseUrl(this.WorkloadUri)
};
TrustBundleResponse result = await this.Execute(() => edgeletHttpClient.TrustBundleAsync(this.Version.Name), "TrustBundleAsync");
return(result.Certificate);
}
}
public async Task <TrustBundleResponse> GetTrustBundleAsync()
{
using (HttpClient httpClient = HttpClientHelper.GetHttpClient(this.workloadUri))
{
var edgeletHttpClient = new HttpWorkloadClient(httpClient)
{
BaseUrl = HttpClientHelper.GetBaseUrl(this.workloadUri)
};
TrustBundleResponse result = await this.Execute(() => edgeletHttpClient.TrustBundleAsync(this.apiVersion), "TrustBundleAsync");
return(result);
}
}
public async Task <string> SignAsync(string data)
{
var signRequest = new SignRequest
{
KeyId = DefaultKeyId,
Algo = DefaultSignRequestAlgo,
Data = Encoding.UTF8.GetBytes(data)
};
HttpClient httpClient = HttpClientHelper.GetHttpClient(this.providerUri);
try
{
var hsmHttpClient = new HttpWorkloadClient(httpClient)
{
BaseUrl = HttpClientHelper.GetBaseUrl(this.providerUri)
};
SignResponse response = await this.SignAsyncWithRetry(hsmHttpClient, signRequest);
return(Convert.ToBase64String(response.Digest));
}
catch (Exception ex)
{
switch (ex)
{
case IoTEdgedException <ErrorResponse> errorResponseException:
throw new HttpHsmCommunicationException(
$"Error calling SignAsync: {errorResponseException.Result?.Message ?? string.Empty}",
errorResponseException.StatusCode);
case IoTEdgedException ioTEdgedException:
throw new HttpHsmCommunicationException(
$"Error calling SignAsync: {ioTEdgedException.Response ?? string.Empty}",
ioTEdgedException.StatusCode);
default:
throw;
}
}
finally
{
httpClient.Dispose();
}
}
public override async Task <string> DecryptAsync(string initializationVector, string encryptedText)
{
var request = new DecryptRequest
{
Ciphertext = Convert.FromBase64String(encryptedText),
InitializationVector = Encoding.UTF8.GetBytes(initializationVector)
};
using (HttpClient httpClient = HttpClientHelper.GetHttpClient(this.WorkloadUri))
{
var edgeletHttpClient = new HttpWorkloadClient(httpClient)
{
BaseUrl = HttpClientHelper.GetBaseUrl(this.WorkloadUri)
};
DecryptResponse result = await this.Execute(() => edgeletHttpClient.DecryptAsync(this.Version.Name, this.ModuleId, this.ModuleGenerationId, request), "Decrypt");
return(Encoding.UTF8.GetString(result.Plaintext));
}
}
public async Task <string> EncryptAsync(string initializationVector, string plainText)
{
var request = new EncryptRequest
{
Plaintext = Encoding.UTF8.GetBytes(plainText),
InitializationVector = Encoding.UTF8.GetBytes(initializationVector)
};
using (HttpClient httpClient = HttpClientHelper.GetHttpClient(this.workloadUri))
{
var edgeletHttpClient = new HttpWorkloadClient(httpClient)
{
BaseUrl = HttpClientHelper.GetBaseUrl(this.workloadUri)
};
EncryptResponse result = await this.Execute(() => edgeletHttpClient.EncryptAsync(this.apiVersion, this.moduleId, this.moduleGenerationId, request), "Encrypt");
return(Convert.ToBase64String(result.Ciphertext));
}
}
public async Task <CertificateResponse> CreateServerCertificateAsync(string hostname, DateTime expiration)
{
var request = new ServerCertificateRequest
{
CommonName = hostname,
Expiration = expiration
};
using (HttpClient httpClient = HttpClientHelper.GetHttpClient(this.workloadUri))
{
var edgeletHttpClient = new HttpWorkloadClient(httpClient)
{
BaseUrl = HttpClientHelper.GetBaseUrl(this.workloadUri)
};
CertificateResponse result = await this.Execute(() => edgeletHttpClient.CreateServerCertificateAsync(this.apiVersion, this.moduleId, this.moduleGenerationId, request), "CreateServerCertificateAsync");
return(result);
}
}
public override async Task <string> SignAsync(string keyId, string algorithm, string data)
{
var signRequest = new SignRequest
{
KeyId = keyId,
Algo = this.GetSignatureAlgorithm(algorithm),
Data = Encoding.UTF8.GetBytes(data)
};
using (HttpClient httpClient = HttpClientHelper.GetHttpClient(this.WorkloadUri))
{
var edgeletHttpClient = new HttpWorkloadClient(httpClient)
{
BaseUrl = HttpClientHelper.GetBaseUrl(this.WorkloadUri)
};
SignResponse response = await this.Execute(() => edgeletHttpClient.SignAsync(this.Version.Name, this.ModuleId, this.ModuleGenerationId, signRequest), "SignAsync");
return(Convert.ToBase64String(response.Digest));
}
}
public override async Task <ServerCertificateResponse> CreateServerCertificateAsync(string hostname, DateTime expiration)
{
var request = new ServerCertificateRequest
{
CommonName = hostname,
Expiration = expiration
};
using (HttpClient httpClient = HttpClientHelper.GetHttpClient(this.WorkloadUri))
{
var edgeletHttpClient = new HttpWorkloadClient(httpClient)
{
BaseUrl = HttpClientHelper.GetBaseUrl(this.WorkloadUri)
};
CertificateResponse result = await this.Execute(() => edgeletHttpClient.CreateServerCertificateAsync(this.Version.Name, this.ModuleId, this.ModuleGenerationId, request), "CreateServerCertificateAsync");
return(new ServerCertificateResponse()
{
Certificate = result.Certificate,
PrivateKey = result.PrivateKey.Bytes
});
}
}
