Class: TrustedAssetsManager

iotcs.device.TrustedAssetsManager(taStoreFileopt, taStorePasswordopt)

new TrustedAssetsManager(taStoreFileopt, taStorePasswordopt)

The TrustedAssetsManager interface defines methods for handling trust material used for activation and authentication to the IoT CS. Depending on the capability of the client or device as well as on the security requirements implementations of this interface may simply store sensitive trust material in a plain persistent store, in some keystore or in a secure token.
Authentication of Devices with the IoT CS
Before/Upon Device Activation
A device must use client secret-based authentication to authenticate with the OAuth service and retrieve an access token to perform activation with the IoT CS server. This is done by using an activation ID and a shared secret.
After Device Activation
A device must use client assertion-based authentication to authenticate with the OAuth service and retrieve an access token to perform send and retrieve messages from the IoT CS server. This is done by using the assigned endpoint ID and generated private key.
Authentication of Pre-activated Enterprise Applications with the IoT CS
Before/After Application Activation
An enterprise integration must use client secret-based authentication to authenticate with the OAuth service and retrieve an access token to perform any REST calls with the IoT CS server. This is done by using the integration ID and a shared secret.
Parameters:
Name Type Attributes Description
taStoreFile string <optional>
 The trusted assets store file path to be used for trusted assets manager creation. This is optional. If none is given the default global library parameter is used: iotcs.oracle.iot.tam.store.
taStorePassword string <optional>
 The trusted assets store file password to be used for trusted assets manager creation. This is optional. If none is given the default global library parameter is used: iotcs.oracle.iot.tam.storePassword.

Methods

(static) generateKeyPair(algorithm, keySize) → {boolean}

Generates the key pair to be used for assertion-based client authentication with the IoT CS.
Parameters:
Name Type Description
algorithm string The key algorithm.
keySize number The key size.
Returns:
true if the key pair generation succeeded.
Type
boolean

(static) getClientId() → (nullable) {string}

Retrieves the ID of this client. If the client is a device the client ID is the device activation ID; if the client is a pre-activated enterprise application the client ID corresponds to the assigned integration ID. The client ID is used along with a client secret derived from the shared secret to perform secret-based client authentication with the IoT CS server.
Returns:
The ID of this client or null if any error occurs retrieving the client ID.
Type
string

(static) getConnectedDevices() → (nullable) {object}

Retrieves the IoT CS connected devices.
Returns:
The IoT CS connected devices or null if any error occurs retrieving connected devices.
Type
object

(static) getEndpointCertificate() → (nullable) {string}

Retrieves the assigned endpoint certificate.
Returns:
The PEM-encoded certificate or null if no certificate was assigned, or if any error occurs retrieving the endpoint certificate.
Type
string

(static) getEndpointId() → (nullable) {string}

Retrieves the assigned endpoint ID.
Returns:
The assigned endpoint ID or null if any error occurs retrieving the endpoint ID.
Type
string

(static) getPublicKey() → (nullable) {string}

Retrieves the public key to be used for certificate request.
Returns:
The device public key as a PEM-encoded string or null if any error occurs retrieving the public key.
Type
string

(static) getServerHost() → (nullable) {string}

Retrieves the IoT CS server host name.
Returns:
The IoT CS server host name or null if any error occurs retrieving the server host name.
Type
string

(static) getServerPort() → (nullable) {number}

Retrieves the IoT CS server port.
Returns:
The IoT CS server port (a positive integer) or null if any error occurs retrieving the server port.
Type
number

(static) getServerScheme() → (nullable) {string}

Retrieves the IoT CS server scheme.
Returns:
The IoT CS server scheme, or null if any error occurs retrieving the server scheme.
Type
string

(static) getTrustAnchorCertificates() → (nullable) {Array}

Retrieves the trust anchor or most-trusted Certification Authority (CA) to be used to validate the IoT CS server certificate chain.
Returns:
The PEM-encoded trust anchor certificates, or null if any error occurs retrieving the trust anchor.
Type
Array

(static) isActivated() → {boolean}

Returns whether the client is activated. The client is deemed activated if it has at least been assigned endpoint ID.
Returns:
true if the device is activated.
Type
boolean

(static) provision(taStoreFile, taStorePassword, serverScheme, serverHost, serverPort, clientId, sharedSecret, truststore, connectedDevices)

Provisions the designated Trusted Assets Store with the provided provisioning assets. The provided shared secret will be encrypted using the provided password.
Parameters:
Name Type Description
taStoreFile string The Trusted Assets Store file name.
taStorePassword string The Trusted Assets Store password.
serverScheme string The scheme used to communicate with the server. Must be http(s).
serverHost string The IoT CS server host name.
serverPort number The IoT CS server port.
clientId string The ID of the client.
sharedSecret string The client's shared secret.
truststore string The truststore file containing PEM-encoded trust anchors certificates to be used to validate the IoT CS server certificate chain.
connectedDevices object The indirect connect devices.

(static) reset() → {boolean}

Resets the trust material back to its provisioning state; in particular, the key pair is erased. The client will have to go, at least,through activation again; depending on the provisioning policy in place, the client may have to go through registration again.
Returns:
true if the operation was successful.
Type
boolean

(static) setEndpointCredentials(endpointId, certificate) → {boolean}

Sets the assigned endpoint ID and certificate as returned by the activation procedure. Upon a call to this method, a compliant implementation of the TrustedAssetsManager interface must ensure the persistence of the provided endpoint credentials. This method can only be called once; unless the TrustedAssetsManager has been reset.

If the client is a pre-activated enterprise application, the endpoint ID has already been provisioned and calling this method MUST fail with an IllegalStateException.

Parameters:
Name Type Description
endpointId string The assigned endpoint ID.
certificate string The PEM-encoded certificate issued by the server or null if no certificate was provided by the server.
Returns:
whether setting the endpoint credentials succeeded.
Type
boolean

(static) signWithPrivateKey(data, algorithm) → (nullable) {Array}

Signs the provided data using the specified algorithm and the private key. This method is only use for assertion-based client authentication with the IoT CS.
Parameters:
Name Type Description
data Array | string A byte string to sign.
algorithm string The algorithm to use.
Returns:
The signature bytes or null if any error occurs retrieving the necessary key material or performing the operation.
Type
Array

(static) signWithSharedSecret(data, algorithm, hardwareIdnullable) → (nullable) {Array}

Signs the provided data using the specified algorithm and the shared secret of the device indicated by the given hardware id. Passing null for hardwareId is identical to passing #getClientId().
Parameters:
Name Type Attributes Description
data Array The bytes to be signed.
algorithm string The hash algorithm to use.
hardwareId string <nullable>
 The hardware id of the device whose shared secret is to be used for signing.
Returns:
The signature bytes or null if any error occurs retrieving the necessary key material or performing the operation.
Type
Array

Home