in device/core/src/iotedge_authentication_provider.ts [132:199]
protected _sign(resourceUri: string, expiry: number, callback: (err: Error, signature?: string) => void): void {
// Codes_SRS_NODE_IOTEDGED_AUTHENTICATION_PROVIDER_13_009: [ The _sign method shall throw a ReferenceError if the callback parameter is falsy or is not a function. ]
if (!callback || typeof callback !== 'function') {
throw new ReferenceError('callback cannot be \'' + callback + '\'');
}
// Codes_SRS_NODE_IOTEDGED_AUTHENTICATION_PROVIDER_13_010: [ The _sign method invoke callback with a ReferenceError if the resourceUri parameter is falsy. ]
if (!resourceUri) {
callback(new ReferenceError('resourceUri cannot be \'' + resourceUri + '\''), null);
return;
}
// Codes_SRS_NODE_IOTEDGED_AUTHENTICATION_PROVIDER_13_011: [ The _sign method shall build the HTTP request path in the format /modules/<module id>/genid/<generation id>/sign?api-version=2018-06-28. ]
// the request path needs to look like this:
// /modules/<module id>/genid/<generation id>/sign?api-version=2018-06-28
const path = `/modules/${encodeUriComponentStrict(this._authConfig.moduleId)}/genid/${encodeUriComponentStrict(
this._authConfig.generationId
)}/sign?api-version=${encodeUriComponentStrict(WORKLOAD_API_VERSION)}`;
// Codes_SRS_NODE_IOTEDGED_AUTHENTICATION_PROVIDER_13_027: [** The `_sign` method shall use the `SharedAccessSignature.createWithSigningFunction` function to build the data buffer which is to be signed by iotedged.
SharedAccessSignature.createWithSigningFunction(this._credentials, expiry, (buffer, signCallback) => {
// Codes_SRS_NODE_IOTEDGED_AUTHENTICATION_PROVIDER_13_014: [ The _sign method shall build an object with the following schema as the HTTP request body as the sign request:
// interface SignRequest {
// keyId: string;
// algo: string;
// data: string;
// }
// ]
// Codes_SRS_NODE_IOTEDGED_AUTHENTICATION_PROVIDER_13_013: [ The _sign method shall build the sign request using the following values:
// const signRequest = {
// keyId: "primary"
// algo: "HMACSHA256"
// data: `${data}\n${expiry}`
// };
// ]
const signRequest: SignRequest = {
keyId: DEFAULT_KEY_ID,
algo: DEFAULT_SIGN_ALGORITHM,
data: buffer.toString('base64')
};
// Codes_SRS_NODE_IOTEDGED_AUTHENTICATION_PROVIDER_13_019: [ The _sign method shall invoke this._restApiClient.executeApiCall to make the REST call on iotedged using the POST method. ]
// Codes_SRS_NODE_IOTEDGED_AUTHENTICATION_PROVIDER_13_025: [** The `_sign` method shall set the HTTP request option's `request` property to use the `http.request` object.
// Codes_SRS_NODE_IOTEDGED_AUTHENTICATION_PROVIDER_13_026: [** The `_sign` method shall set the HTTP request option's `port` property to use the workload URI's port if available.
this._restApiClient.executeApiCall(
'POST',
path,
{ 'Content-Type': 'application/json' },
signRequest,
this._getRequestOptions(),
(err, body: SignResponse, _response) => {
if (err) {
signCallback(err, null);
} else {
// Codes_SRS_NODE_IOTEDGED_AUTHENTICATION_PROVIDER_13_015: [ The _sign method shall invoke callback when the signature is available. ]
signCallback(null, Buffer.from(body.digest, 'base64'));
}
});
}, (err, sas) => {
if (err) {
callback(err);
} else {
callback(null, sas.toString());
}
});
}