JSDoc: Class: TrustedAssetsManager

new TrustedAssetsManager(taStoreFileopt, taStorePasswordopt)

The TrustedAssetsManager interface defines methods for handling trust material used for activation and authentication to the IoT CS. Depending on the capability of the client or device as well as on the security requirements implementations of this interface may simply store sensitive trust material in a plain persistent store, in some keystore or in a secure token.

Authentication of Devices with the IoT CS

Before/Upon Device Activation: A device must use client secret-based authentication to authenticate with the OAuth service and retrieve an access token to perform activation with the IoT CS server. This is done by using an activation ID and a shared secret.
After Device Activation: A device must use client assertion-based authentication to authenticate with the OAuth service and retrieve an access token to perform send and retrieve messages from the IoT CS server. This is done by using the assigned endpoint ID and generated private key.

Authentication of Pre-activated Enterprise Applications with the IoT CS

Before/After Application Activation: An enterprise integration must use client secret-based authentication to authenticate with the OAuth service and retrieve an access token to perform any REST calls with the IoT CS server. This is done by using the integration ID and a shared secret.

Parameters:

Name	Type	Attributes	Description
`taStoreFile`	string	<optional>	The trusted assets store file path to be used for trusted assets manager creation. This is optional. If none is given the default global library parameter is used: iotcs.oracle.iot.tam.store.
`taStorePassword`	string	<optional>	The trusted assets store file password to be used for trusted assets manager creation. This is optional. If none is given the default global library parameter is used: iotcs.oracle.iot.tam.storePassword.

Methods

(static) getClientId() → (nullable) {string}

Retrieves the ID of this client. If the client is a device, the client ID is the device ID. If the client is a pre-activated enterprise application, the client ID corresponds to the assigned endpoint ID. The client ID is used along with a client secret derived from the shared secret to perform secret-based client authentication with the IoT CS server.

Returns:

The ID of this client, or null if any error occurs retrieving the client ID.

Type: string

(static) getServerHost() → (nullable) {string}

Retrieves the IoT CS server host name.

Returns:

The IoT CS server host name, or null if any error occurs retrieving the server host name.

Type: string

(static) getServerPort() → (nullable) {number}

Retrieves the IoT CS server port.

Returns:

The IoT CS server port (a positive integer), or null if any error occurs retrieving the server port.

Type: number

(static) getTrustAnchorCertificates() → (nullable) {Array}

Retrieves the trust anchor or most-trusted Certification Authority (CA) to be used to validate the IoT CS server certificate chain.

Returns:

The PEM-encoded trust anchor certificates, or null if any error occurs retrieving the trust anchor.

Type: Array

(static) provision(taStoreFile, taStorePassword, serverHost, serverPort, clientIdnullable, sharedSecretnullable, truststorenullable)

Provisions the designated Trusted Assets Store with the provided provisioning assets. The provided shared secret will be encrypted using the provided password.

Parameters:

Name	Type	Attributes	Description
`taStoreFile`	string		The Trusted Assets Store file name.
`taStorePassword`	string		The Trusted Assets Store password.
`serverHost`	string		The IoT CS server host name.
`serverPort`	number		The IoT CS server port.
`clientId`	string	<nullable>	The ID of the client.
`sharedSecret`	string	<nullable>	The client's shared secret.
`truststore`	string	<nullable>	The truststore file containing PEM-encoded trust anchors certificates to be used to validate the IoT CS server certificate chain.

(static) signWithSharedSecret(data, algorithm) → (nullable) {Array}

Signs the provided data using the specified algorithm and the shared secret. This method is only use for secret-based client authentication with the IoT CS server.

Parameters:

Name	Type	Description
`data`	Array	The bytes to be signed.
`algorithm`	string	The hash algorithm to use.

Returns:

- The signature bytes, or null if any error occurs retrieving the necessary key material or performing the operation.

Type: Array

Class: TrustedAssetsManager

iotcs .enterprise.TrustedAssetsManager(taStoreFileopt, taStorePasswordopt)

new TrustedAssetsManager(taStoreFileopt, taStorePasswordopt)

Parameters:

Methods

(static) getClientId() → (nullable) {string}

Returns:

(static) getServerHost() → (nullable) {string}

Returns:

(static) getServerPort() → (nullable) {number}

Returns:

(static) getTrustAnchorCertificates() → (nullable) {Array}

Returns:

(static) provision(taStoreFile, taStorePassword, serverHost, serverPort, clientIdnullable, sharedSecretnullable, truststorenullable)

Parameters:

(static) signWithSharedSecret(data, algorithm) → (nullable) {Array}

Parameters:

Returns:

Home