Fix DPS registration over HTTP with escaped characters in the registr… (

#3059)

* Fix DPS registration over HTTP with escaped characters in the registration Id

* CR feedback

* Test invalid value in registration Id for symmetric key

provisioning/device/samples/getting started/ComputeDerivedSymmetricKeySample/ComputeDerivedKeySample.cs

@@ -38,7 +38,7 @@ public void RunSample()
         /// <param name="registrationId">The registration Id of the key to create.</param>
         /// <returns>The key for the specified device Id registration in the enrollment group.</returns>
         /// <seealso>
-        /// https://docs.microsoft.com/en-us/azure/iot-edge/how-to-auto-provision-symmetric-keys?view=iotedge-2018-06#derive-a-device-key
+        /// https://docs.microsoft.com/azure/iot-edge/how-to-auto-provision-symmetric-keys?view=iotedge-2018-06#derive-a-device-key
         /// </seealso>
         private static string ComputeDerivedSymmetricKey(string enrollmentKey, string registrationId)
         {

provisioning/device/samples/how to guides/SymmetricKeySample/ProvisioningDeviceClientSample.cs

@@ -75,6 +75,7 @@ public async Task RunSampleAsync()
 
         private ProvisioningTransportHandler GetTransportHandler()
         {
+            Console.WriteLine($"Using transport type {_parameters.TransportType}.");
             return _parameters.TransportType switch
             {
                 TransportType.Mqtt => new ProvisioningTransportHandlerMqtt(),

provisioning/device/samples/how to guides/TpmSample/TpmSample.csproj

@@ -3,7 +3,6 @@
   <PropertyGroup>
     <OutputType>Exe</OutputType>
     <TargetFramework>net6.0</TargetFramework>
-    <RootDir>$(MSBuildProjectDirectory)\..\..\..\..</RootDir>
     <LangVersion>8.0</LangVersion>
   </PropertyGroup>
 

provisioning/transport/http/src/ProvisioningTransportHandlerHttp.cs

@@ -20,8 +20,8 @@ namespace Microsoft.Azure.Devices.Provisioning.Client.Transport
     /// </summary>
     public class ProvisioningTransportHandlerHttp : ProvisioningTransportHandler
     {
-        private static readonly TimeSpan s_defaultOperationPoolingIntervalMilliseconds = TimeSpan.FromSeconds(2);
         private const int DefaultHttpsPort = 443;
+        private static readonly TimeSpan s_defaultOperationPoolingIntervalMilliseconds = TimeSpan.FromSeconds(2);
 
         /// <summary>
         /// Creates an instance of the ProvisioningTransportHandlerHttp class.

provisioning/transport/http/src/SymmetricKeyCredentials.cs

@@ -2,6 +2,7 @@
 // Licensed under the MIT license. See LICENSE file in the project root for full license information.
 
 using System;
+using System.Net;
 using System.Net.Http;
 using System.Net.Http.Headers;
 using System.Threading;
@@ -12,30 +13,38 @@ namespace Microsoft.Azure.Devices.Provisioning.Client.Transport
 {
     internal class SymmetricKeyCredentials : ServiceClientCredentials
     {
-        private const string SASHeaderName = "SharedAccessSignature";
+        private const string SasHeaderName = "SharedAccessSignature";
         private const string Registration = "registration";
-        private readonly string SymmetricKey;
-        private volatile string _sasToken;
 
-        public SymmetricKeyCredentials(string symmetricKey) : base()
+        private readonly string _symmetricKey;
+
+        public SymmetricKeyCredentials(string symmetricKey)
+            : base()
         {
-            SymmetricKey = symmetricKey;
+            _symmetricKey = symmetricKey;
         }
 
         public override Task ProcessHttpRequestAsync(HttpRequestMessage request, CancellationToken cancellationToken)
         {
             string audience = request.RequestUri.AbsolutePath.Trim('/');
             string[] segments = audience.Split('/');
 
-            _sasToken = ProvisioningSasBuilder.BuildSasSignature(Registration, this.SymmetricKey, string.Concat(segments[0], '/', segments[1], '/', segments[2]), TimeSpan.FromDays(1));
-            SetAuthorizationHeader(request, _sasToken);
+            string sasToken = ProvisioningSasBuilder.BuildSasSignature(
+                Registration,
+                _symmetricKey,
+                // These values may come in encoded, so decode them for the SAS token
+                $"{WebUtility.UrlDecode(segments[0])}/{WebUtility.UrlDecode(segments[1])}/{WebUtility.UrlDecode(segments[2])}",
+                TimeSpan.FromDays(1));
+            SetAuthorizationHeader(request, sasToken);
 
             return base.ProcessHttpRequestAsync(request, cancellationToken);
         }
 
         private static void SetAuthorizationHeader(HttpRequestMessage request, string sasToken)
         {
-            request.Headers.Authorization = new AuthenticationHeaderValue(SASHeaderName, sasToken.Substring(SASHeaderName.Length + 1));
+            request.Headers.Authorization = new AuthenticationHeaderValue(
+                SasHeaderName,
+                sasToken.Substring(SasHeaderName.Length + 1));
         }
     }
 }