in security/tpm/src/tpm_authentication_provider.ts [32:108]
constructor(credentials: TransportConfig, tpmSecurityClient: TpmSecurityClient) {
super();
this._credentials = credentials;
this._tpmSecurityClient = tpmSecurityClient;
this._fsm = new machina.Fsm({
initialState: 'inactive',
states: {
inactive: {
_onEnter: (err, callback) => {
if (callback) {
callback(err);
} else if (err) {
/*Codes_SRS_NODE_TPM_AUTH_PROVIDER_16_007: [an `error` event shall be emitted if renewing the SAS token fail in the timer handler.]*/
this.emit('error', err);
}
if (this._renewalTimeout) {
clearTimeout(this._renewalTimeout);
}
},
activate: (activateCallback) => this._fsm.transition('activating', activateCallback),
getDeviceCredentials: (callback) => {
this._fsm.handle('activate', (err, _result) => {
if (err) {
callback(err);
} else {
this._fsm.handle('getDeviceCredentials', callback);
}
});
}
},
activating: {
_onEnter: (callback, _err) => {
const newExpiry = Math.floor(Date.now() / 1000) + this._tokenValidTimeInSeconds;
/*Codes_SRS_NODE_TPM_AUTH_PROVIDER_16_001: [`getDeviceCredentials` shall use the `SharedAccessSignature.createWithSigningFunction` method with the `signWithIdentity` method of the `TpmSecurityClient` given to the constructor to generate a SAS token.]*/
SharedAccessSignature.createWithSigningFunction(this._credentials, newExpiry, this._tpmSecurityClient.signWithIdentity.bind(this._tpmSecurityClient), (err, newSas) => {
if (err) {
debug('Unable to create a new SAS token! - ' + err);
/*Codes_SRS_NODE_TPM_AUTH_PROVIDER_16_003: [`getDeviceCredentials` shall call its callback with an `Error` object if the SAS token creation fails.]*/
callback(err);
this._fsm.transition('inactive');
} else {
this._credentials.sharedAccessSignature = newSas.toString();
/*Codes_SRS_NODE_TPM_AUTH_PROVIDER_16_004: [`getDeviceCredentials` shall start a timer to renew the SAS token after the time the token is valid minus the renewal margin (60 - 15 = 45 minutes by default).]*/
this._renewalTimeout = setTimeout(() => this._renewToken(), (this._tokenValidTimeInSeconds - this._tokenRenewalMarginInSeconds) * 1000); //DevSkim: reviewed DS172411 on 2022-11-30
debug('Created a new sas token.');
this._fsm.transition('active', callback);
}
});
},
'*': () => this._fsm.deferUntilTransition()
},
active: {
_onEnter: (callback) => {
/*Codes_SRS_NODE_TPM_AUTH_PROVIDER_16_008: [a `newTokenAvailable` event shall be emitted if renewing the SAS token succeeds in the timer handler.]*/
this.emit('newTokenAvailable', this._credentials);
/*Codes_SRS_NODE_TPM_AUTH_PROVIDER_16_002: [`getDeviceCredentials` shall call its callback with an `null` first parameter and the generated SAS token as a second parameter if the SAS token creation is successful.]*/
callback(null, this._credentials);
},
getDeviceCredentials: (callback) => {
callback(null, this._credentials);
},
signingError: (err) => {
debugErrors('Unable to create a new SAS token! - ' + err);
this._fsm.transition('inactive', err);
},
signingSuccessful: () => {
debug('Created a new sas token.');
this.emit('newTokenAvailable', this._credentials);
},
stop: () => {
/*Codes_SRS_NODE_TPM_AUTH_PROVIDER_16_006: [`stop` shall stop the renewal timer if it is running.]*/
this._fsm.transition('inactive');
}
}
}
});
}