/// <summary> /// Initializes a new instance of the <see cref="DeviceAuthenticationWithTpm"/> class with default /// time to live of 1 hour and default buffer percentage value of 15. /// </summary> /// <remarks> /// This constructor will create an authentication method instance that will be disposed when its /// associated device client instance is disposed. To reuse the authentication method instance across multiple client instance lifetimes, /// use <see cref="DeviceAuthenticationWithTpm(string, SecurityProviderTpm, int, int, bool)"/> constructor and set <c>disposeWithClient</c> to <c>false</c>. /// </remarks> /// <param name="deviceId">Device Identifier.</param> /// <param name="securityProvider">Device Security Provider settings for TPM Hardware Security Modules.</param> public DeviceAuthenticationWithTpm( string deviceId, SecurityProviderTpm securityProvider) : base(deviceId) { _securityProvider = securityProvider ?? throw new ArgumentNullException(nameof(securityProvider)); }
public DeviceAuthenticationWithTpm( string deviceId, SecurityProviderTpm securityProvider, int suggestedTimeToLiveSeconds, int timeBufferPercentage) : base(deviceId, suggestedTimeToLiveSeconds, timeBufferPercentage) { _securityProvider = securityProvider ?? throw new ArgumentNullException(nameof(securityProvider)); }
/// <summary> /// Initializes a new instance of the <see cref="DeviceAuthenticationWithTpm"/> class. /// </summary> /// <param name="deviceId">Device Identifier.</param> /// <param name="securityProvider">Device Security Provider settings for TPM Hardware Security Modules.</param> /// <param name="suggestedTimeToLiveSeconds">Token time to live suggested value.</param> /// <param name="timeBufferPercentage">Time buffer before expiry when the token should be renewed expressed as percentage of /// the time to live. EX: If you want a SAS token to live for 85% of life before proactive renewal, this value should be 15.</param> public DeviceAuthenticationWithTpm( string deviceId, SecurityProviderTpm securityProvider, int suggestedTimeToLiveSeconds, int timeBufferPercentage) : this(deviceId, securityProvider, suggestedTimeToLiveSeconds, timeBufferPercentage, true) { }
public SaslTpmHandler( byte[] endorsementKey, byte[] storageRootKey, string idScope, SecurityProviderTpm security) { Debug.Assert(endorsementKey != null); Debug.Assert(storageRootKey != null); Debug.Assert(!string.IsNullOrWhiteSpace(idScope)); Debug.Assert(security != null); Mechanism = MechanismName; _endorsementKey = endorsementKey; _storageRootKey = storageRootKey; _idScope = idScope; _security = security; }
private static string BuildSasSignature(SecurityProviderTpm securityProvider, string keyName, string target, TimeSpan timeToLive) { string expiresOn = BuildExpiresOn(timeToLive); string audience = WebUtility.UrlEncode(target); var fields = new List <string> { audience, expiresOn }; // Example string to be signed: // dh://myiothub.azure-devices-provisioning.net/a/b/c?myvalue1=a // <Value for ExpiresOn> byte[] signedBytes = securityProvider.Sign(Encoding.UTF8.GetBytes(string.Join("\n", fields))); string signature = Convert.ToBase64String(signedBytes); // Example returned string: // SharedAccessSignature sr=ENCODED(dh://myiothub.azure-devices.net/a/b/c?myvalue1=a)&sig=<Signature>&se=<ExpiresOnValue>[&skn=<KeyName>] var buffer = new StringBuilder(); buffer.AppendFormat( CultureInfo.InvariantCulture, "{0} {1}={2}&{3}={4}&{5}={6}", "SharedAccessSignature", "sr", audience, "sig", WebUtility.UrlEncode(signature), "se", WebUtility.UrlEncode(expiresOn)); if (!string.IsNullOrEmpty(keyName)) { buffer.AppendFormat(CultureInfo.InvariantCulture, "&{0}={1}", "skn", WebUtility.UrlEncode(keyName)); } return(buffer.ToString()); }
public TpmSharedAccessSignatureBuilder(SecurityProviderTpm securityProvider) { _securityProvider = securityProvider; }
public AmqpAuthStrategyTpm(SecurityProviderTpm security) { _security = security; }
internal static string ExtractServiceAuthKey(SecurityProviderTpm securityProvider, string hostName, byte[] activation) { securityProvider.ActivateIdentityKey(activation); return(BuildSasSignature(securityProvider, KeyName, hostName, TimeToLive)); }
public TpmDelegatingHandler(SecurityProviderTpm securityProvider) { _securityProvider = securityProvider; }
public async Task RunSampleAsync() { SecurityProviderTpm security = null; try { if (_parameters.UseTpmSimulator) { Console.WriteLine("Starting TPM simulator..."); SecurityProviderTpmSimulator.StartSimulatorProcess(); security = new SecurityProviderTpmSimulator(_parameters.RegistrationId); } else { Console.WriteLine("Initializing security using the local TPM..."); security = new SecurityProviderTpmHsm(_parameters.RegistrationId); } Console.WriteLine($"Initializing the device provisioning client..."); using var transport = GetTransportHandler(); ProvisioningDeviceClient provClient = ProvisioningDeviceClient.Create( _parameters.GlobalDeviceEndpoint, _parameters.IdScope, security, transport); Console.WriteLine($"Initialized for registration Id {security.GetRegistrationID()}."); Console.WriteLine("Registering with the device provisioning service... "); DeviceRegistrationResult result = await provClient.RegisterAsync(); Console.WriteLine($"Registration status: {result.Status}."); if (result.Status != ProvisioningRegistrationStatusType.Assigned) { Console.WriteLine($"Registration status did not assign a hub, so exiting this sample."); return; } Console.WriteLine($"Device {result.DeviceId} registered to {result.AssignedHub}."); Console.WriteLine("Creating TPM authentication for IoT Hub..."); IAuthenticationMethod auth = new DeviceAuthenticationWithTpm(result.DeviceId, security); Console.WriteLine($"Testing the provisioned device with IoT Hub..."); using DeviceClient iotClient = DeviceClient.Create(result.AssignedHub, auth, _parameters.TransportType); Console.WriteLine("Sending a telemetry message..."); using var message = new Message(Encoding.UTF8.GetBytes("TestMessage")); await iotClient.SendEventAsync(message); } finally { if (_parameters.UseTpmSimulator) { SecurityProviderTpmSimulator.StopSimulatorProcess(); } security?.Dispose(); } Console.WriteLine("Finished."); }