public static async Task RunSample()
{
// Replace the following type with SecurityClientTpm() to use a real TPM2.0 device.
Console.WriteLine("Starting TPM simulator.");
SecurityClientTpmSimulator.StartSimulatorProcess();
using (var security = new SecurityClientTpmSimulator(RegistrationId))
using (var transport = new ProvisioningTransportHandlerHttp())
{
// Note that the TPM simulator will create a NVChip file containing the simulated TPM state.
Console.WriteLine("Extracting endorsement key.");
string base64EK = Convert.ToBase64String(security.GetEndorsementKey());
Console.WriteLine(
"In your Azure Device Provisioning Service please go to 'Manage enrollments' and select " +
"'Individual Enrollments'. Select 'Add' then fill in the following:");
Console.WriteLine("\tMechanism: TPM");
Console.WriteLine($"\tRegistration ID: {RegistrationId}");
Console.WriteLine($"\tEndorsement key: {base64EK}");
Console.WriteLine("\tDevice ID: iothubtpmdevice1 (or any other valid DeviceID)");
Console.WriteLine();
Console.WriteLine("Press ENTER when ready.");
Console.ReadLine();
ProvisioningDeviceClient provClient = ProvisioningDeviceClient.Create(s_idScope, security, transport);
Console.Write("ProvisioningClient RegisterAsync . . . ");
DeviceRegistrationResult result = await provClient.RegisterAsync();
Console.WriteLine($"{result.Status}");
Console.WriteLine($"ProvisioningClient AssignedHub: {result.AssignedHub}; DeviceID: {result.DeviceId}");
if (result.Status != ProvisioningRegistrationStatusType.Assigned)
{
return;
}
var auth = new DeviceAuthenticationWithTpm(result.DeviceId, security);
// TODO: Temporary workaround until IoTHub DeviceClient gets Token refresh support.
await auth.GetTokenAsync(result.AssignedHub);
using (DeviceClient iotClient = DeviceClient.Create(result.AssignedHub, auth, TransportType.Mqtt))
{
Console.WriteLine("DeviceClient OpenAsync.");
await iotClient.OpenAsync();
Console.WriteLine("DeviceClient SendEventAsync.");
await iotClient.SendEventAsync(new Message(Encoding.UTF8.GetBytes("TestMessage")));
Console.WriteLine("DeviceClient CloseAsync.");
await iotClient.CloseAsync();
}
}
}
private SecurityClient CreateSecurityClientFromName(string name, X509EnrollmentType?x509Type)
{
_verboseLog.WriteLine($"{nameof(CreateSecurityClientFromName)}({name})");
switch (name)
{
case nameof(SecurityClientTpm):
var tpmSim = new SecurityClientTpmSimulator(Configuration.Provisioning.TpmDeviceRegistrationId);
SecurityClientTpmSimulator.StartSimulatorProcess();
_log.WriteLine(
$"RegistrationID = {Configuration.Provisioning.TpmDeviceRegistrationId} " +
$"EK = '{Convert.ToBase64String(tpmSim.GetEndorsementKey())}'");
return(tpmSim);
case nameof(SecurityClientX509):
X509Certificate2 certificate = null;
X509Certificate2Collection collection = null;
switch (x509Type)
{
case X509EnrollmentType.Individual:
certificate = Configuration.Provisioning.GetIndividualEnrollmentCertificate();
break;
case X509EnrollmentType.Group:
certificate = Configuration.Provisioning.GetGroupEnrollmentCertificate();
collection = Configuration.Provisioning.GetGroupEnrollmentChain();
break;
default:
throw new NotSupportedException($"Unknown X509 type: '{x509Type}'");
}
return(new SecurityClientX509(certificate, collection));
}
throw new NotSupportedException($"Unknown security type: '{name}'.");
}
// TODO: throws UnauthorizedAccessException [DataRow(nameof(ProvisioningTransportHandlerAmqp))]
public async Task ProvisioningDeviceClient_InvalidRegistrationId_TpmRegister_Fail(string transportType)
{
using (ProvisioningTransportHandler transport = CreateTransportHandlerFromName(transportType, TransportFallbackType.TcpOnly))
using (SecurityClient security = new SecurityClientTpmSimulator("invalidregistrationid"))
{
ProvisioningDeviceClient provClient = ProvisioningDeviceClient.Create(
Configuration.Provisioning.IdScope,
security,
transport);
var cts = new CancellationTokenSource(FailingTimeoutMiliseconds);
_log.WriteLine("ProvisioningClient RegisterAsync . . . ");
DeviceRegistrationResult result = await provClient.RegisterAsync(cts.Token).ConfigureAwait(false);
_log.WriteLine($"{result.Status}");
Assert.AreEqual(ProvisioningRegistrationStatusType.Failed, result.Status);
Assert.IsNull(result.AssignedHub);
Assert.IsNull(result.DeviceId);
Assert.AreEqual("Not Found", result.ErrorMessage);
Assert.AreEqual(0x00062ae9, result.ErrorCode);
}
}
