From cc7e142ae812a4d5d2d22267052cc8602f41b5c3 Mon Sep 17 00:00:00 2001 From: Varun Puranik Date: Thu, 28 Jun 2018 18:34:10 +0000 Subject: [PATCH] Merged PR 928705: Fix EdgeHub in IotedgeCtl mode issue EdgeHub was expecting its cert to be present in the path pointed to by the environment variables SSL_CERTIFICATE_PATH and SSL_CERTIFICATE_NAME. However, since the start.sh script was removed, these environment variables are no longer being set. So updating EdgeHub to instead use the new Cert path Environment variables. Tested with 1.0 bits. --- edge-hub/docker/linux/amd64/Dockerfile | 2 -- edge-hub/docker/linux/arm32v7/Dockerfile | 2 -- edge-hub/docker/windows/amd64/Dockerfile | 3 --- .../Microsoft.Azure.Devices.Edge.Hub.Service/Constants.cs | 2 ++ .../Microsoft.Azure.Devices.Edge.Hub.Service/Program.cs | 5 ++++- .../CertificateHelper.cs | 8 ++------ 6 files changed, 8 insertions(+), 14 deletions(-) diff --git a/edge-hub/docker/linux/amd64/Dockerfile b/edge-hub/docker/linux/amd64/Dockerfile index c47f12a6f6f..8d5de07472f 100644 --- a/edge-hub/docker/linux/amd64/Dockerfile +++ b/edge-hub/docker/linux/amd64/Dockerfile @@ -4,8 +4,6 @@ FROM azureiotedge/azureiotedge-runtime-base:1.0.0-preview001-linux-amd64 as buil FROM microsoft/dotnet:${base_tag} ARG EXE_DIR=. -ENV SSL_CERTIFICATE_PATH=/app/certs -ENV SSL_CERTIFICATE_NAME=mqtt-server.pfx # RocksDB requires snappy RUN apk update && \ diff --git a/edge-hub/docker/linux/arm32v7/Dockerfile b/edge-hub/docker/linux/arm32v7/Dockerfile index 5c41a36608a..496334071fd 100644 --- a/edge-hub/docker/linux/arm32v7/Dockerfile +++ b/edge-hub/docker/linux/arm32v7/Dockerfile @@ -2,8 +2,6 @@ ARG base_tag=1.0.0-preview008-linux-arm32v7 FROM azureiotedge/azureiotedge-hub-base:${base_tag} ARG EXE_DIR=. -ENV SSL_CERTIFICATE_PATH=/etc/ssl/certs -ENV SSL_CERTIFICATE_NAME=mqtt-server.pfx WORKDIR /app diff --git a/edge-hub/docker/windows/amd64/Dockerfile b/edge-hub/docker/windows/amd64/Dockerfile index 942141c14b6..a5deb6dd1ad 100644 --- a/edge-hub/docker/windows/amd64/Dockerfile +++ b/edge-hub/docker/windows/amd64/Dockerfile @@ -1,9 +1,6 @@ ARG base_tag=2.1.0-runtime-nanoserver-1803 FROM microsoft/dotnet:${base_tag} -ENV SSL_CERTIFICATE_PATH=c:\\mnt\\edgehub -ENV SSL_CERTIFICATE_NAME=edge-hub-server.cert.pfx - ARG EXE_DIR=. WORKDIR /app diff --git a/edge-hub/src/Microsoft.Azure.Devices.Edge.Hub.Service/Constants.cs b/edge-hub/src/Microsoft.Azure.Devices.Edge.Hub.Service/Constants.cs index dbc36219c2f..9bfc7209215 100644 --- a/edge-hub/src/Microsoft.Azure.Devices.Edge.Hub.Service/Constants.cs +++ b/edge-hub/src/Microsoft.Azure.Devices.Edge.Hub.Service/Constants.cs @@ -20,5 +20,7 @@ public static class Constants public const string WorkloadApiVersion = "2018-06-28"; public const int CertificateValidityDays = 90; public const string InitializationVectorFileName = "EdgeHubIV"; + public const string EdgeHubServerCAChainCertificateFileKey = "EdgeModuleHubServerCAChainCertificateFile"; + public const string EdgeHubServerCertificateFileKey = "EdgeModuleHubServerCertificateFile"; } } diff --git a/edge-hub/src/Microsoft.Azure.Devices.Edge.Hub.Service/Program.cs b/edge-hub/src/Microsoft.Azure.Devices.Edge.Hub.Service/Program.cs index 430f87e98e7..d22bc557f81 100644 --- a/edge-hub/src/Microsoft.Azure.Devices.Edge.Hub.Service/Program.cs +++ b/edge-hub/src/Microsoft.Azure.Devices.Edge.Hub.Service/Program.cs @@ -62,7 +62,10 @@ public static async Task MainAsync(IConfigurationRoot configuration) } else { - (cert, chain) = CertificateHelper.GetServerCertificatesFromFile(configuration.GetValue(Constants.SslCertPathEnvName), configuration.GetValue(Constants.SslCertEnvName)); + string edgeHubCertPath = configuration.GetValue(Constants.EdgeHubServerCertificateFileKey); + cert = new X509Certificate2(edgeHubCertPath); + string edgeHubCaChainCertPath = configuration.GetValue(Constants.EdgeHubServerCAChainCertificateFileKey); + chain = CertificateHelper.GetServerCACertificatesFromFile(edgeHubCaChainCertPath); } // TODO: set certificate for Startup without the cache diff --git a/edge-util/src/Microsoft.Azure.Devices.Edge.Util/CertificateHelper.cs b/edge-util/src/Microsoft.Azure.Devices.Edge.Util/CertificateHelper.cs index 43e982875ef..98a705f4470 100644 --- a/edge-util/src/Microsoft.Azure.Devices.Edge.Util/CertificateHelper.cs +++ b/edge-util/src/Microsoft.Azure.Devices.Edge.Util/CertificateHelper.cs @@ -208,14 +208,10 @@ public static IEnumerable GetCertificatesFromPem(IEnumerable) GetServerCertificatesFromFile(string certPath, string certName) + public static IEnumerable GetServerCACertificatesFromFile(string chainPath) { - string certFullPath = Path.Combine(certPath, certName); - var sslCert = new X509Certificate2(Preconditions.CheckNonWhiteSpace(certFullPath, nameof(certFullPath))); - - string chainPath = Environment.GetEnvironmentVariable("EdgeModuleHubServerCAChainCertificateFile"); IEnumerable certChain = !string.IsNullOrWhiteSpace(chainPath) ? ExtractCertsFromPem(chainPath) : null; - return (sslCert, certChain); + return certChain; } public static IList ParsePemCerts(string pemCerts)