Fix enrolment when using client certificate (#181)

josesimoes · web-flow · commit 29dc167dffe1 · 2022-05-18T15:15:32.000+01:00
diff --git a/nanoFramework.Azure.Devices.Client/DeviceClient.cs b/nanoFramework.Azure.Devices.Client/DeviceClient.cs
@@ -30,7 +30,6 @@ public class DeviceClient : IDisposable
         private readonly string _telemetryTopic;
         private readonly X509Certificate2 _clientCert;
         private readonly string _deviceMessageTopic;
-        private readonly string _privateKey;
         private Twin _twin;
         private bool _twinReceived;
         private MqttClient _mqttc;
@@ -40,7 +39,7 @@ public class DeviceClient : IDisposable
         private readonly object _lock = new object();
         private Timer _timerTokenRenew;
         private readonly X509Certificate _azureRootCACert;
-        private bool _isCertificate;
+        private bool _hasClientCertificate;
 
         /// <summary>
         /// Device twin updated event.
@@ -70,9 +69,7 @@ public class DeviceClient : IDisposable
         public DeviceClient(string iotHubName, string deviceId, string moduleId, string sasKey, MqttQoSLevel qosLevel = MqttQoSLevel.AtLeastOnce, X509Certificate azureCert = null, string modelId = null)
 
         {
-            _isCertificate = false;
             _clientCert = null;
-            _privateKey = null;
             _iotHubName = iotHubName;
             ModelId = modelId;
             ModuleId = moduleId;
@@ -109,10 +106,8 @@ public DeviceClient(string iotHubName, string deviceId, string moduleId, string
         /// /// <param name="modelId">Azure Plug and Play model ID.</param>
         public DeviceClient(string iotHubName, string deviceId, string moduleId, X509Certificate2 clientCert, MqttQoSLevel qosLevel = MqttQoSLevel.AtMostOnce, X509Certificate azureCert = null, string modelId = null)
         {
-            _isCertificate = true;
+            _hasClientCertificate = true;
             _clientCert = clientCert;
-            // In case we are using the store, the magic should happen automaticall
-            _privateKey = _clientCert != null ? Convert.ToBase64String(clientCert.PrivateKey) : null;
             _iotHubName = iotHubName;
             ModelId = modelId;
             ModuleId = moduleId;
@@ -224,8 +219,10 @@ public bool Open()
 
             Helper.ComposeTelemetryInformation(ref userName);
 
+            // need to compute SHA if not using client certificate
+            string key = _hasClientCertificate ? null : Helper.GetSharedAccessSignature(null, _sasKey, $"{_iotHubName}/devices/{_deviceId}", new TimeSpan(24, 0, 0));
+
             // Now connect the device
-            string key = _isCertificate ? _privateKey : Helper.GetSharedAccessSignature(null, _sasKey, $"{_iotHubName}/devices/{_deviceId}", new TimeSpan(24, 0, 0));
             _mqttc.Connect(
                 _deviceId,
                 userName,
