static async Task <IKeyValueStore <string, string> > GetEncryptedStore(IComponentContext context, string entityName)
{
var storeProvider = context.Resolve <IStoreProvider>();
Option <IEncryptionProvider> encryptionProvider = await context.Resolve <Task <Option <IEncryptionProvider> > >();
IKeyValueStore <string, string> encryptedStore = encryptionProvider
.Map(
e =>
{
IEntityStore <string, string> entityStore = storeProvider.GetEntityStore <string, string>(entityName);
IKeyValueStore <string, string> es = new EncryptedStore <string, string>(entityStore, e);
return(es);
})
.GetOrElse(() => new NullKeyValueStore <string, string>() as IKeyValueStore <string, string>);
return(encryptedStore);
}
public async Task RoundtripNonTokenCredentialsTest()
{
// Arrange
string callerProductInfo = "productInfo";
var identity = Mock.Of <IIdentity>(i => i.Id == "d1");
var credentials = new X509CertCredentials(identity, callerProductInfo);
var dbStoreProvider = new InMemoryDbStoreProvider();
IStoreProvider storeProvider = new StoreProvider(dbStoreProvider);
var encryptedStore = new EncryptedStore <string, string>(storeProvider.GetEntityStore <string, string>("tokenCredentials"), new TestEncryptionProvider());
var tokenCredentialsStore = new PersistedTokenCredentialsCache(encryptedStore);
// Act
await tokenCredentialsStore.Add(credentials);
Option <IClientCredentials> storedCredentials = await tokenCredentialsStore.Get(identity);
// Assert
Assert.False(storedCredentials.HasValue);
}
public async Task RoundtripNonTokenCredentialsTest()
{
// Arrange
string callerProductInfo = "productInfo";
var identity = Mock.Of <IIdentity>(i => i.Id == "d1");
var clientCertificate = Util.Test.Common.CertificateHelper.GenerateSelfSignedCert("client cert");
var clientCertChain = new List <X509Certificate2>();
var credentials = new X509CertCredentials(identity, callerProductInfo, Option.None <string>(), Option.None <string>(), clientCertificate, clientCertChain);
var dbStoreProvider = new InMemoryDbStoreProvider();
IStoreProvider storeProvider = new StoreProvider(dbStoreProvider);
var encryptedStore = new EncryptedStore <string, string>(storeProvider.GetEntityStore <string, string>("tokenCredentials"), new TestEncryptionProvider());
var tokenCredentialsStore = new PersistedTokenCredentialsCache(encryptedStore);
// Act
await tokenCredentialsStore.Add(credentials);
Option <IClientCredentials> storedCredentials = await tokenCredentialsStore.Get(identity);
// Assert
Assert.False(storedCredentials.HasValue);
}
protected override void Load(ContainerBuilder builder)
{
// ISignatureProvider
builder.Register(
c =>
{
ISignatureProvider signatureProvider = this.edgeHubConnectionString.Map(
cs =>
{
IotHubConnectionStringBuilder csBuilder = IotHubConnectionStringBuilder.Create(cs);
return(new SharedAccessKeySignatureProvider(csBuilder.SharedAccessKey) as ISignatureProvider);
})
.GetOrElse(
() =>
{
string edgeHubGenerationId = this.edgeHubGenerationId.Expect(() => new InvalidOperationException("Generation ID missing"));
string workloadUri = this.workloadUri.Expect(() => new InvalidOperationException("workloadUri is missing"));
return(new HttpHsmSignatureProvider(this.edgeHubModuleId, edgeHubGenerationId, workloadUri, Service.Constants.WorkloadApiVersion) as ISignatureProvider);
});
return(signatureProvider);
})
.As <ISignatureProvider>()
.SingleInstance();
// Detect system environment
builder.Register(c => new SystemEnvironment())
.As <ISystemEnvironment>()
.SingleInstance();
// DataBase options
builder.Register(c => new Storage.RocksDb.RocksDbOptionsProvider(c.Resolve <ISystemEnvironment>(), this.optimizeForPerformance))
.As <Storage.RocksDb.IRocksDbOptionsProvider>()
.SingleInstance();
// IDbStoreProvider
builder.Register(
c =>
{
var loggerFactory = c.Resolve <ILoggerFactory>();
ILogger logger = loggerFactory.CreateLogger(typeof(RoutingModule));
if (this.usePersistentStorage)
{
// Create partitions for messages and twins
var partitionsList = new List <string> {
Core.Constants.MessageStorePartitionKey, Core.Constants.TwinStorePartitionKey, Core.Constants.CheckpointStorePartitionKey
};
try
{
IDbStoreProvider dbStoreprovider = Storage.RocksDb.DbStoreProvider.Create(c.Resolve <Storage.RocksDb.IRocksDbOptionsProvider>(),
this.storagePath, partitionsList);
logger.LogInformation($"Created persistent store at {this.storagePath}");
return(dbStoreprovider);
}
catch (Exception ex) when(!ExceptionEx.IsFatal(ex))
{
logger.LogError(ex, "Error creating RocksDB store. Falling back to in-memory store.");
return(new InMemoryDbStoreProvider());
}
}
else
{
logger.LogInformation($"Using in-memory store");
return(new InMemoryDbStoreProvider());
}
})
.As <IDbStoreProvider>()
.SingleInstance();
// Task<IEncryptionProvider>
builder.Register(
async c =>
{
IEncryptionProvider encryptionProvider = await this.workloadUri.Map(
async uri => await EncryptionProvider.CreateAsync(
this.storagePath,
new Uri(uri),
Service.Constants.WorkloadApiVersion,
this.edgeHubModuleId,
this.edgeHubGenerationId.Expect(() => new InvalidOperationException("Missing generation ID")),
Service.Constants.InitializationVectorFileName) as IEncryptionProvider)
.GetOrElse(() => Task.FromResult <IEncryptionProvider>(NullEncryptionProvider.Instance));
return(encryptionProvider);
})
.As <Task <IEncryptionProvider> >()
.SingleInstance();
// IStoreProvider
builder.Register(c => new StoreProvider(c.Resolve <IDbStoreProvider>()))
.As <IStoreProvider>()
.SingleInstance();
// ITokenProvider
builder.Register(c => new ModuleTokenProvider(c.Resolve <ISignatureProvider>(), this.iothubHostName, this.edgeDeviceId, this.edgeHubModuleId, TimeSpan.FromHours(1)))
.Named <ITokenProvider>("EdgeHubClientAuthTokenProvider")
.SingleInstance();
// ITokenProvider
builder.Register(c =>
{
string deviceId = WebUtility.UrlEncode(this.edgeDeviceId);
string moduleId = WebUtility.UrlEncode(this.edgeHubModuleId);
return(new ModuleTokenProvider(c.Resolve <ISignatureProvider>(), this.iothubHostName, deviceId, moduleId, TimeSpan.FromHours(1)));
})
.Named <ITokenProvider>("EdgeHubServiceAuthTokenProvider")
.SingleInstance();
// Task<IKeyValueStore<string, string>> - EncryptedStore
builder.Register(
async c =>
{
var storeProvider = c.Resolve <IStoreProvider>();
IEncryptionProvider encryptionProvider = await c.Resolve <Task <IEncryptionProvider> >();
IEntityStore <string, string> entityStore = storeProvider.GetEntityStore <string, string>("SecurityScopeCache");
IKeyValueStore <string, string> encryptedStore = new EncryptedStore <string, string>(entityStore, encryptionProvider);
return(encryptedStore);
})
.Named <Task <IKeyValueStore <string, string> > >("EncryptedStore")
.SingleInstance();
// Task<IDeviceScopeIdentitiesCache>
builder.Register(
async c =>
{
IDeviceScopeIdentitiesCache deviceScopeIdentitiesCache;
if (this.authenticationMode == AuthenticationMode.CloudAndScope || this.authenticationMode == AuthenticationMode.Scope)
{
var edgeHubTokenProvider = c.ResolveNamed <ITokenProvider>("EdgeHubServiceAuthTokenProvider");
IDeviceScopeApiClient securityScopesApiClient = new DeviceScopeApiClient(this.iothubHostName, this.edgeDeviceId, this.edgeHubModuleId, 10, edgeHubTokenProvider);
IServiceProxy serviceProxy = new ServiceProxy(securityScopesApiClient);
IKeyValueStore <string, string> encryptedStore = await c.ResolveNamed <Task <IKeyValueStore <string, string> > >("EncryptedStore");
deviceScopeIdentitiesCache = await DeviceScopeIdentitiesCache.Create(serviceProxy, encryptedStore, this.scopeCacheRefreshRate);
}
else
{
deviceScopeIdentitiesCache = new NullDeviceScopeIdentitiesCache();
}
return(deviceScopeIdentitiesCache);
})
.As <Task <IDeviceScopeIdentitiesCache> >()
.SingleInstance();
// Task<IAuthenticator>
builder.Register(async c =>
{
IConnectionManager connectionManager = await c.Resolve <Task <IConnectionManager> >();
IAuthenticator tokenAuthenticator;
IDeviceScopeIdentitiesCache deviceScopeIdentitiesCache;
switch (this.authenticationMode)
{
case AuthenticationMode.Cloud:
if (this.cacheTokens)
{
ICredentialsStore credentialsStore = await c.Resolve <Task <ICredentialsStore> >();
IAuthenticator authenticator = new CloudTokenAuthenticator(connectionManager);
tokenAuthenticator = new TokenCacheAuthenticator(authenticator, credentialsStore, this.iothubHostName);
}
else
{
tokenAuthenticator = new CloudTokenAuthenticator(connectionManager);
}
break;
case AuthenticationMode.Scope:
deviceScopeIdentitiesCache = await c.Resolve <Task <IDeviceScopeIdentitiesCache> >();
tokenAuthenticator = new DeviceScopeTokenAuthenticator(deviceScopeIdentitiesCache, this.iothubHostName, this.edgeDeviceHostName, new NullAuthenticator(), connectionManager);
break;
default:
deviceScopeIdentitiesCache = await c.Resolve <Task <IDeviceScopeIdentitiesCache> >();
IAuthenticator cloudAuthenticator = new CloudTokenAuthenticator(connectionManager);
tokenAuthenticator = new DeviceScopeTokenAuthenticator(deviceScopeIdentitiesCache, this.iothubHostName, this.edgeDeviceHostName, cloudAuthenticator, connectionManager);
break;
}
return(new Authenticator(tokenAuthenticator, this.edgeDeviceId, connectionManager) as IAuthenticator);
})
.As <Task <IAuthenticator> >()
.SingleInstance();
// IClientCredentialsFactory
builder.Register(c => new ClientCredentialsFactory(this.iothubHostName, this.productInfo))
.As <IClientCredentialsFactory>()
.SingleInstance();
base.Load(builder);
}
public async Task BatchWithKeyResetTest()
{
// Arrange
var encryptionProvider = new ResettableEncryptionProvider();
IEntityStore <string, string> entityStore = GetEntityStore <string, string>("smokeTest");
IKeyValueStore <string, TestDevice> encryptedStore = new EncryptedStore <string, TestDevice>(entityStore, encryptionProvider);
IDictionary <string, TestDevice> devices = new Dictionary <string, TestDevice>();
for (int i = 0; i < 10; i++)
{
devices[$"d{i}"] = new TestDevice(Guid.NewGuid().ToString(), new KeyAuth(Guid.NewGuid().ToString()));
}
// Act
foreach (KeyValuePair <string, TestDevice> device in devices)
{
await encryptedStore.Put(device.Key, device.Value);
}
IDictionary <string, TestDevice> obtainedDevices = new Dictionary <string, TestDevice>();
await encryptedStore.IterateBatch(
10,
(key, device) =>
{
obtainedDevices[key] = device;
return(Task.CompletedTask);
});
// Assert
Assert.Equal(devices.Count, obtainedDevices.Count);
foreach (KeyValuePair <string, TestDevice> device in devices)
{
Assert.Equal(device.Value.GenId, obtainedDevices[device.Key].GenId);
Assert.Equal(device.Value.Auth.Key, obtainedDevices[device.Key].Auth.Key);
}
// Act
Option <(string key, TestDevice value)> first = await encryptedStore.GetFirstEntry();
Option <(string key, TestDevice value)> last = await encryptedStore.GetLastEntry();
// Assert
Assert.True(first.HasValue);
Assert.True(last.HasValue);
Assert.Equal("d0", first.OrDefault().key);
Assert.Equal(devices["d0"].GenId, first.OrDefault().value.GenId);
Assert.Equal("d9", last.OrDefault().key);
Assert.Equal(devices["d9"].GenId, last.OrDefault().value.GenId);
// Act
encryptionProvider.Reset();
obtainedDevices = new Dictionary <string, TestDevice>();
await encryptedStore.IterateBatch(
10,
(key, device) =>
{
obtainedDevices[key] = device;
return(Task.CompletedTask);
});
// Assert
Assert.Equal(0, obtainedDevices.Count);
// Act
first = await encryptedStore.GetFirstEntry();
last = await encryptedStore.GetLastEntry();
// Assert
Assert.False(first.HasValue);
Assert.False(last.HasValue);
// Act
foreach (KeyValuePair <string, TestDevice> device in devices)
{
await encryptedStore.Put(device.Key, device.Value);
}
obtainedDevices = new Dictionary <string, TestDevice>();
await encryptedStore.IterateBatch(
10,
(key, device) =>
{
obtainedDevices[key] = device;
return(Task.CompletedTask);
});
// Assert
Assert.Equal(devices.Count, obtainedDevices.Count);
foreach (KeyValuePair <string, TestDevice> device in devices)
{
Assert.Equal(device.Value.GenId, obtainedDevices[device.Key].GenId);
Assert.Equal(device.Value.Auth.Key, obtainedDevices[device.Key].Auth.Key);
}
// Act
first = await encryptedStore.GetFirstEntry();
last = await encryptedStore.GetLastEntry();
// Assert
Assert.True(first.HasValue);
Assert.True(last.HasValue);
Assert.Equal("d0", first.OrDefault().key);
Assert.Equal(devices["d0"].GenId, first.OrDefault().value.GenId);
Assert.Equal("d9", last.OrDefault().key);
Assert.Equal(devices["d9"].GenId, last.OrDefault().value.GenId);
}