Merge pull request #164 from Azure-Samples/drwill/dpsX509

Update device DPS x509 sample

Author: David R. Williamson

.gitignore

@@ -198,6 +198,7 @@ ClientBin/
 *.dbproj.schemaview
 *.jfm
 *.pfx
+*.cer
 *.publishsettings
 orleans.codegen.cs
 

provisioning/Samples/device/SymmetricKeySample/EnrollmentType.cs

@@ -1,4 +1,7 @@
-namespace Microsoft.Azure.Devices.Provisioning.Client.Samples
+// Copyright (c) Microsoft. All rights reserved.
+// Licensed under the MIT license. See LICENSE file in the project root for full license information.
+
+namespace Microsoft.Azure.Devices.Provisioning.Client.Samples
 {
     /// <summary>
     /// The type of enrollment for a device in the provisioning service.

provisioning/Samples/device/SymmetricKeySample/Parameters.cs

@@ -1,4 +1,7 @@
-using CommandLine;
+// Copyright (c) Microsoft. All rights reserved.
+// Licensed under the MIT license. See LICENSE file in the project root for full license information.
+
+using CommandLine;
 using Microsoft.Azure.Devices.Client;
 
 namespace Microsoft.Azure.Devices.Provisioning.Client.Samples

provisioning/Samples/device/SymmetricKeySample/Program.cs

@@ -9,7 +9,7 @@
 namespace SymmetricKeySample
 {
     /// <summary>
-    /// A sample to illustrate connecting a device to hub using the device provisioning service.
+    /// A sample to illustrate connecting a device to hub using the device provisioning service and a symmetric key.
     /// </summary>
     internal class Program
     {

provisioning/Samples/device/SymmetricKeySample/ProvisioningDeviceClientSample.cs

@@ -12,7 +12,7 @@
 namespace Microsoft.Azure.Devices.Provisioning.Client.Samples
 {
     /// <summary>
-    /// Demonstrates how to register a device with the device provisioning service, and then
+    /// Demonstrates how to register a device with the device provisioning service using a symmetric key, and then
     /// use the registration information to authenticate to IoT Hub.
     /// </summary>
     internal class ProvisioningDeviceClientSample
@@ -45,16 +45,18 @@ public async Task RunSampleAsync()
                 _parameters.PrimaryKey,
                 null);
 
+            using var transportHandler = GetTransportHandler();
+
             ProvisioningDeviceClient provClient = ProvisioningDeviceClient.Create(
                 _parameters.GlobalDeviceEndpoint,
                 _parameters.IdScope,
                 security,
-                GetTransportHandler());
+                transportHandler);
 
             Console.WriteLine($"Initialized for registration Id {security.GetRegistrationID()}");
 
             Console.WriteLine("Registering with the device provisioning service... ");
-            DeviceRegistrationResult result = await provClient.RegisterAsync().ConfigureAwait(false);
+            DeviceRegistrationResult result = await provClient.RegisterAsync();
 
             Console.WriteLine($"Registration status: {result.Status}.");
             if (result.Status != ProvisioningRegistrationStatusType.Assigned)

provisioning/Samples/device/SymmetricKeySample/SymmetricKeySample.csproj

@@ -9,6 +9,9 @@
   <ItemGroup>
     <PackageReference Include="CommandLineParser" Version="2.8.0" />
     <PackageReference Include="Microsoft.Azure.Devices.Client" Version="1.33.1" />
+    <PackageReference Include="Microsoft.Azure.Devices.Provisioning.Client" Version="1.16.2" />
+
+    <!-- Note: Applications should not need to import all 3 protocols. This was done to simplify protocol selection within the sample.-->
     <PackageReference Include="Microsoft.Azure.Devices.Provisioning.Transport.Amqp" Version="1.13.3" />
     <PackageReference Include="Microsoft.Azure.Devices.Provisioning.Transport.Http" Version="1.12.2" />
     <PackageReference Include="Microsoft.Azure.Devices.Provisioning.Transport.Mqtt" Version="1.13.2" />

provisioning/Samples/device/X509Sample/GenerateTestCertificate.ps1

@@ -9,7 +9,7 @@ Self-signed device certificate generator.
 .DESCRIPTION
 Generates an X509 test certificate with the specified Common Name (CN).
 
-.\GenerateTestCertificate.ps1 <DeviceID>
+.\GenerateTestCertificate.ps1 <DeviceId>
 
 .EXAMPLE
 .\GenerateTestCertificate.ps1 testdevice1
@@ -23,11 +23,20 @@ https://github.com/azure/azure-iot-sdk-csharp
 #>
 
 Param(
-	$deviceName = "iothubx509device1",
-	$certificateValidityInYears = 1
+    $deviceName = "iothubx509device1",
+    $certificateValidityInYears = 1
 )
 
-$cert = New-SelfSignedCertificate -Type Custom -Subject "CN=$deviceName, O=TEST, C=US" -KeySpec Signature -KeyExportPolicy Exportable -HashAlgorithm sha256 -KeyLength 2048 -TextExtension @("2.5.29.37={text}1.3.6.1.5.5.7.3.2") -CertStoreLocation "Cert:\CurrentUser\My" -NotAfter (Get-Date).AddYears($certificateValidityInYears)
+$cert = New-SelfSignedCertificate `
+    -Type Custom `
+    -Subject "CN=$deviceName, O=TEST, C=US" `
+    -KeySpec Signature `
+    -KeyExportPolicy Exportable `
+    -HashAlgorithm sha256 `
+    -KeyLength 2048 `
+    -TextExtension @("2.5.29.37={text}1.3.6.1.5.5.7.3.2") `
+    -CertStoreLocation "Cert:\CurrentUser\My" `
+    -NotAfter (Get-Date).AddYears($certificateValidityInYears)
 
 Write-Host "Generated the certificate:"
 Write-Host $cert

provisioning/Samples/device/X509Sample/Parameters.cs

@@ -0,0 +1,80 @@
+// Copyright (c) Microsoft. All rights reserved.
+// Licensed under the MIT license. See LICENSE file in the project root for full license information.
+
+using CommandLine;
+using Microsoft.Azure.Devices.Client;
+using System;
+using System.IO;
+using System.Reflection;
+
+namespace Microsoft.Azure.Devices.Provisioning.Client.Samples
+{
+    /// <summary>
+    /// Parameters for the application
+    /// </summary>
+    internal class Parameters
+    {
+        [Option(
+            's',
+            "IdScope",
+            Required = true,
+            HelpText = "The Id Scope of the DPS instance")]
+        public string IdScope { get; set; }
+
+        [Option(
+            'c',
+            "CertificateName",
+            Default = "certificate.pfx",
+            HelpText = "The PFX certificate to load for device provisioning authentication.")]
+        public string CertificateName { get; set; }
+
+        [Option(
+            'p',
+            "CertificatePassword",
+            HelpText = "The password of the PFX certificate file. If not specified, the program will prompt at run time.")]
+        public string CertificatePassword { get; set; }
+
+        [Option(
+            'g',
+            "GlobalDeviceEndpoint",
+            Default = "global.azure-devices-provisioning.net",
+            HelpText = "The global endpoint for devices to connect to.")]
+        public string GlobalDeviceEndpoint { get; set; }
+
+        [Option(
+            't',
+            "TransportType",
+            Default = TransportType.Mqtt,
+            HelpText = "The transport to use to communicate with the device provisioning instance. Possible values include Mqtt, Mqtt_WebSocket_Only, Mqtt_Tcp_Only, Amqp, Amqp_WebSocket_Only, Amqp_Tcp_only, and Http1.")]
+        public TransportType TransportType { get; set; }
+
+        public string GetCertificatePath()
+        {
+            if (string.IsNullOrWhiteSpace(CertificateName))
+            {
+                throw new InvalidOperationException("The certificate name has not been set.");
+            }
+
+            string codeBase = Assembly.GetExecutingAssembly().Location;
+            string workingDirectory = Path.GetDirectoryName(codeBase);
+
+            // Ascend the directory looking for one that has a certficate with the specified name,
+            // because the sample exe is likely in a build output folder ~3 levels below in
+            // the project folder.
+            while (!string.IsNullOrWhiteSpace(workingDirectory))
+            {
+                string certificatePath = Path.Combine(workingDirectory, CertificateName);
+                if (File.Exists(certificatePath))
+                {
+                    return certificatePath;
+                }
+
+                workingDirectory = Directory.GetParent(workingDirectory)?.FullName;
+            }
+
+            // Once we get to the root, the call to parent will return null
+            // so that is our failure condition.
+            throw new InvalidOperationException($"Could not find the certificate file {CertificateName} in the sample execution folder or any parent folder.");
+        }
+    }
+}

provisioning/Samples/device/X509Sample/Program.cs

@@ -1,145 +1,35 @@
 // Copyright (c) Microsoft. All rights reserved.
 // Licensed under the MIT license. See LICENSE file in the project root for full license information.
 
-using Microsoft.Azure.Devices.Provisioning.Client;
-using Microsoft.Azure.Devices.Provisioning.Client.Transport;
-using Microsoft.Azure.Devices.Shared;
+using CommandLine;
 using System;
-using System.IO;
-using System.Security.Cryptography.X509Certificates;
-using System.Text;
+using System.Threading.Tasks;
 
 namespace Microsoft.Azure.Devices.Provisioning.Client.Samples
 {
+    /// <summary>
+    /// A sample to illustrate connecting a device to hub using the device provisioning service and a certificate.
+    /// </summary>
     public static class Program
     {
-        // The Provisioning Hub IDScope.
-
-        // For this sample either:
-        // - pass this value as a command-prompt argument
-        // - set the DPS_IDSCOPE environment variable 
-        // - create a launchSettings.json (see launchSettings.json.template) containing the variable
-        private static string s_idScope = Environment.GetEnvironmentVariable("DPS_IDSCOPE");
-
-        // In your Device Provisioning Service please go to "Manage enrollments" and select "Individual Enrollments".
-        // Select "Add individual enrollment" then fill in the following:
-        // Mechanism: X.509
-        // Certificate: 
-        //    You can generate a self-signed certificate by running the GenerateTestCertificate.ps1 powershell script.
-        //    Select the public key 'certificate.cer' file. ('certificate.pfx' contains the private key and is password protected.)
-        //    For production code, it is advised that you install the certificate in the CurrentUser (My) store.
-        // DeviceID: iothubx509device1
-
-        // X.509 certificates may also be used for enrollment groups.
-        // In your Device Provisioning Service please go to "Manage enrollments" and select "Enrollment Groups".
-        // Select "Add enrollment group" then fill in the following:
-        // Group name: <your  group name>
-        // Attestation Type: Certificate
-        // Certificate Type: 
-        //    choose CA certificate then link primary and secondary certificates 
-        //    OR choose Intermediate certificate and upload primary and secondary certificate files
-        // You may also change other enrollemtn group parameters according to your needs
-
-        private const string GlobalDeviceEndpoint = "global.azure-devices-provisioning.net";
-        private static string s_certificateFileName = "certificate.pfx";
-
-        public static int Main(string[] args)
+        public static async Task<int> Main(string[] args)
         {
-            if (string.IsNullOrWhiteSpace(s_idScope) && (args.Length > 0))
-            {
-                s_idScope = args[0];
-            }
-
-            if (string.IsNullOrWhiteSpace(s_idScope))
-            {
-                Console.WriteLine("ProvisioningDeviceClientX509 <IDScope>");
-                return 1;
-            }
-
-            X509Certificate2 certificate = LoadProvisioningCertificate();
-
-            using (var security = new SecurityProviderX509Certificate(certificate))
-
-            // Select one of the available transports:
-            // To optimize for size, reference only the protocols used by your application.
-            using (var transport = new ProvisioningTransportHandlerAmqp(TransportFallbackType.TcpOnly))
-            // using (var transport = new ProvisioningTransportHandlerHttp())
-            // using (var transport = new ProvisioningTransportHandlerMqtt(TransportFallbackType.TcpOnly))
-            // using (var transport = new ProvisioningTransportHandlerMqtt(TransportFallbackType.WebSocketOnly))
-            {
-                ProvisioningDeviceClient provClient =
-                    ProvisioningDeviceClient.Create(GlobalDeviceEndpoint, s_idScope, security, transport);
-
-                var sample = new ProvisioningDeviceClientSample(provClient, security);
-                sample.RunSampleAsync().GetAwaiter().GetResult();
-            }
-
-            return 0;
-        }
-
-        private static X509Certificate2 LoadProvisioningCertificate()
-        {
-            string certificatePassword = ReadCertificatePassword();
-
-            var certificateCollection = new X509Certificate2Collection();
-            certificateCollection.Import(s_certificateFileName, certificatePassword, X509KeyStorageFlags.UserKeySet);
-
-            X509Certificate2 certificate = null;
-
-            foreach (X509Certificate2 element in certificateCollection)
-            {
-                Console.WriteLine($"Found certificate: {element?.Thumbprint} {element?.Subject}; PrivateKey: {element?.HasPrivateKey}");
-                if (certificate == null && element.HasPrivateKey)
+            // Parse application parameters
+            Parameters parameters = null;
+            ParserResult<Parameters> result = Parser.Default.ParseArguments<Parameters>(args)
+                .WithParsed(parsedParams =>
                 {
-                    certificate = element;
-                }
-                else
+                    parameters = parsedParams;
+                })
+                .WithNotParsed(errors =>
                 {
-                    element.Dispose();
-                }
-            }
+                    Environment.Exit(1);
+                });
 
-            if (certificate == null)
-            {
-                throw new FileNotFoundException($"{s_certificateFileName} did not contain any certificate with a private key.");
-            }
-            else
-            {
-                Console.WriteLine($"Using certificate {certificate.Thumbprint} {certificate.Subject}");
-            }
+            var sample = new ProvisioningDeviceClientSample(parameters);
+            await sample.RunSampleAsync();
 
-            return certificate;
-        }
-
-        private static string ReadCertificatePassword()
-        {
-            var password = new StringBuilder();
-            Console.WriteLine($"Enter the PFX password for {s_certificateFileName}:");
-
-            while(true)
-            {
-                ConsoleKeyInfo key = Console.ReadKey(true);
-                if (key.Key == ConsoleKey.Backspace)
-                {
-                    if (password.Length > 0)
-                    {
-                        password.Remove(password.Length - 1, 1);
-                        Console.Write("\b \b");
-                    }
-                }
-                else if (key.Key == ConsoleKey.Enter)
-                {
-                    Console.WriteLine();
-                    break;
-                }
-                else
-                {
-                    Console.Write('*');
-                    password.Append(key.KeyChar);
-                }
-            }
-
-            return password.ToString();
+            return 0;
         }
     }
 }