This repository has been archived by the owner on Feb 17, 2021. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat(iot): allow multiple enrollment groups
- Loading branch information
1 parent
dc4e330
commit 6c7e408
Showing
20 changed files
with
441 additions
and
298 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
export const resourceGroupName = () => 'bifravst' | ||
|
||
export const deploymentName = resourceGroupName | ||
|
||
/** | ||
* Returns the name of the Device Provisioning Service | ||
*/ | ||
export const iotDeviceProvisioningServiceName = () => `${resourceGroupName()}ProvisioningService` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,71 @@ | ||
import chalk from 'chalk' | ||
import { ComandDefinition } from './CommandDefinition' | ||
import { generateCAIntermediate } from '../iot/generateCAIntermediate' | ||
import { ProvisioningServiceClient } from 'azure-iot-provisioning-service' | ||
import { IotDpsClient } from '@azure/arm-deviceprovisioningservices' | ||
import { add as addToIntermediateRegistry } from '../iot/intermediateRegistry' | ||
import { v4 } from 'uuid' | ||
import { log, debug } from '../logging' | ||
|
||
export const registerCAIntermediateCommand = ({ | ||
certsDir, | ||
ioTHubDPSConnectionString, | ||
}: { | ||
certsDir: string | ||
ioTHubDPSConnectionString: () => Promise<string> | ||
iotDpsClient: () => Promise<IotDpsClient> | ||
}): ComandDefinition => ({ | ||
command: 'register-ca-intermediate', | ||
action: async () => { | ||
|
||
const id = v4() | ||
|
||
const intermediate = await generateCAIntermediate({ | ||
id, | ||
certsDir, | ||
log, | ||
debug | ||
}) | ||
console.log(chalk.magenta(`CA intermediate certificate generated.`)) | ||
|
||
await addToIntermediateRegistry({ certsDir, id }) | ||
|
||
// Create enrollment group | ||
|
||
const dpsConnString = await ioTHubDPSConnectionString() | ||
|
||
const dpsClient = ProvisioningServiceClient.fromConnectionString(dpsConnString) | ||
|
||
const enrollmentGroupId = `bifravst-${id}` | ||
|
||
await dpsClient.createOrUpdateEnrollmentGroup({ | ||
enrollmentGroupId, | ||
attestation: { | ||
type: 'x509', | ||
//@ts-ignore | ||
x509: { | ||
signingCertificates: { | ||
primary: { | ||
certificate: intermediate.certificate | ||
} | ||
} | ||
} | ||
}, | ||
provisioningStatus: "enabled", | ||
reprovisionPolicy: { | ||
migrateDeviceData: true, | ||
updateHubAssignment: true | ||
} | ||
}) | ||
|
||
console.log( | ||
chalk.magenta(`Created enrollment group for CA intermediate certificiate`), | ||
chalk.yellow(enrollmentGroupId) | ||
) | ||
|
||
console.log() | ||
|
||
console.log(chalk.green('You can now generate device certificates using'), chalk.blueBright('node cli generate-device-cert')) | ||
}, | ||
help: 'Creates a CA intermediate certificate registers it with an IoT Device Provisioning Service enrollment group', | ||
}) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,81 @@ | ||
import chalk from 'chalk' | ||
import { ComandDefinition } from './CommandDefinition' | ||
import { IotDpsClient } from '@azure/arm-deviceprovisioningservices' | ||
import { generateProofOfPosession } from '../iot/generateProofOfPosession' | ||
import { v4 } from 'uuid' | ||
import { generateCARoot } from '../iot/generateCARoot' | ||
import { log, debug } from '../logging' | ||
|
||
export const registerCARootCommand = ({ | ||
certsDir, | ||
iotDpsClient, | ||
resourceGroup, | ||
dpsName, | ||
}: { | ||
certsDir: string | ||
resourceGroup: string | ||
dpsName: string | ||
iotDpsClient: () => Promise<IotDpsClient> | ||
}): ComandDefinition => ({ | ||
command: 'register-ca-root', | ||
action: async () => { | ||
const certificateName = `bifravst-root-${v4()}` | ||
|
||
const root = await generateCARoot({ | ||
certsDir, | ||
name: certificateName, | ||
log, | ||
debug | ||
}) | ||
console.log(chalk.magenta(`CA root certificate generated.`)) | ||
|
||
// Register root CA certificate on DPS | ||
|
||
const armDpsClient = await iotDpsClient() | ||
|
||
await armDpsClient.dpsCertificate.createOrUpdate( | ||
resourceGroup, | ||
dpsName, | ||
certificateName, | ||
{ | ||
certificate: root.certificate | ||
}, | ||
) | ||
|
||
console.log( | ||
chalk.magenta(`CA root registered with DPS.`), | ||
chalk.yellow(dpsName) | ||
) | ||
|
||
// Create verification cert | ||
|
||
const { etag } = await armDpsClient.dpsCertificate.get(certificateName, resourceGroup, dpsName) | ||
const { properties } = await armDpsClient.dpsCertificate.generateVerificationCode( | ||
certificateName, | ||
etag as string, | ||
resourceGroup, | ||
dpsName | ||
) | ||
|
||
if (!properties?.verificationCode) { | ||
throw new Error(`Failed to generate verification code`) | ||
} | ||
|
||
await generateProofOfPosession({ | ||
certsDir, | ||
log, | ||
debug, | ||
verificationCode: properties.verificationCode | ||
}) | ||
|
||
console.log( | ||
chalk.magenta(`Generated verification certificate for verification code`), | ||
chalk.yellow(properties.verificationCode) | ||
) | ||
|
||
console.log() | ||
|
||
console.log(chalk.green('You can now verify the proof of posession using'), chalk.blueBright('node cli proof-ca-root-possession')) | ||
}, | ||
help: 'Creates a CA root certificate and registers it with the IoT Device Provisioning Service', | ||
}) |
Oops, something went wrong.