Skip to content
This repository has been archived by the owner on Oct 11, 2023. It is now read-only.

Commit

Permalink
Add CA signed authentication support.
Browse files Browse the repository at this point in the history
  • Loading branch information
anthonyvercolano committed Jul 9, 2017
1 parent f8485ed commit ed78c5d
Show file tree
Hide file tree
Showing 2 changed files with 17 additions and 7 deletions.
6 changes: 3 additions & 3 deletions common.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ function createDeviceConnectionString(deviceInfo, hubHostName) {
cs += ';SharedAccessKey=' + deviceInfo.authentication.SymmetricKey.primaryKey;
} else if (deviceInfo.authentication.SymmetricKey.secondaryKey) {
cs += ';SharedAccessKey=' + deviceInfo.authentication.SymmetricKey.secondaryKey;
} else if (deviceInfo.authentication.x509Thumbprint.primaryThumbprint || deviceInfo.authentication.x509Thumbprint.secondaryThumbprint) {
} else if (deviceInfo.authentication.x509Thumbprint.primaryThumbprint || deviceInfo.authentication.x509Thumbprint.secondaryThumbprint || (deviceInfo.authentication.type === 'certificateAuthority')) {
cs += ';x509=true';
} else {
cs = null;
Expand Down Expand Up @@ -96,7 +96,7 @@ function printSuccess(message) {

/**
* printDevice will display a device either pretty-printed or as raw JSON.
*
*
* @param {any} device The device object received from the IoT hub registry.
* @param {any} hubHostName used to build the connection string.
* @param {any} propertyFilter Filter the properties that should be displayed.
Expand Down Expand Up @@ -132,7 +132,7 @@ function printDevice(device, hubHostName, propertyFilter, rawOutput) {

var result = filtered;
result.connectionString = createDeviceConnectionString(device, hubHostName);


var output = rawOutput ? JSON.stringify(result) : prettyjson.render(result);
console.log(output);
Expand Down
18 changes: 14 additions & 4 deletions iothub-explorer-create.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@ program
.description('Create a device identity in your IoT Hub device registry, either using the specified device id or JSON description.')
.usage('[options] [device-id|device-json]')
.option('-a, --auto', 'create a device with an auto-generated device id')
.option('--certificateAuthority', 'create a device that is authenticated with a CA signed cert')
.option('-cs, --connection-string', '[deprecated] The connection string is now displayed by default')
.option('-d, --display <property-filter>', 'comma-separated list of device properties that should be displayed')
.option('-l, --login <connection-string>', 'connection string to use to authenticate with your IoT Hub instance')
Expand All @@ -32,8 +33,10 @@ program
.option('-t2, --thumbprint2 <thumbprint>', 'specify the secondary thumbprint of the x509 certificate')
.parse(process.argv);

if((program.key1 || program.key2) && (program.x509 || program.thumbprint1 || program.thumbprint2)) {
inputError('A device can use either x509 certificates or symmetric keys to authenticate but not both.');
if (((program.key1 || program.key2) && (program.x509 || program.thumbprint1 || program.thumbprint2)) ||
((program.key1 || program.key2) && (program.certificateAuthority)) ||
((program.x509 || program.thumbprint1 || program.thumbprint2) && (program.certificateAuthority))) {
inputError('A device can use only one of: x509 certificates, CA signed certificates, or symmetric keys to authenticate.');
}

if(program.daysValid && !program.x509) {
Expand Down Expand Up @@ -63,6 +66,7 @@ if (program.auto && program.args[0]) {
if(program.x509) {
if (program.thumbprint1 || program.thumbprint2) {
info.authentication = {
type: 'selfSigned',
x509Thumbprint: {
primaryThumbprint: program.thumbprint1,
secondaryThumbprint: program.thumbprint2,
Expand All @@ -75,12 +79,18 @@ if(program.x509) {
}
} else if (program.key1 || program.key2) {
info.authentication = {
type: 'sas',
symmetricKey: {
primaryKey: program.key1,
secondaryKey: program.key2,
}
};
createDevice(info);
} else if (program.certificateAuthority) {
info.authentication = {
type: 'certificateAuthority'
};
createDevice(info);
} else if (isMissingAuth(info)) {
console.log('No authentication method given. Device will be created with auto-generated symmetric keys.');
createDevice(info);
Expand Down Expand Up @@ -138,11 +148,11 @@ function generateCertAndCreateDevice(deviceInfo) {
}

function isMissingAuth(deviceInfo) {
return deviceInfo.authentication ?
return deviceInfo.authentication ?
deviceInfo.authentication.symmetricKeys ?
deviceInfo.authentication.symmetricKeys.primaryKey || deviceInfo.authentication.symmetricKeys.secondaryKey
: deviceInfo.authentication.x509Thumbprints ?
deviceInfo.authentication.x509Thumbprints.primaryThumbprint || deviceInfo.authentication.x509Thumbprints.secondaryThumbprint
: false
: deviceInfo.authentication.type === 'certificateAuthority'
: false;
}

0 comments on commit ed78c5d

Please sign in to comment.