new TrustedAssetsManager(taStoreFileopt, taStorePasswordopt)
The
TrustedAssetsManager
interface defines methods for handling trust
material used for activation and authentication to the IoT CS. Depending on
the capability of the client or device as well as on the security
requirements implementations of this interface may simply store sensitive
trust material in a plain persistent store, in some keystore or in a secure
token.
- Authentication of Devices with the IoT CS
-
- Before/Upon Device Activation
- A device must use client secret-based authentication to authenticate with the OAuth service and retrieve an access token to perform activation with the IoT CS server. This is done by using an activation ID and a shared secret.
- After Device Activation
- A device must use client assertion-based authentication to authenticate with the OAuth service and retrieve an access token to perform send and retrieve messages from the IoT CS server. This is done by using the assigned endpoint ID and generated private key.
- Authentication of Pre-activated Enterprise Applications with the IoT CS
-
- Before/After Application Activation
- An enterprise integration must use client secret-based authentication to authenticate with the OAuth service and retrieve an access token to perform any REST calls with the IoT CS server. This is done by using the integration ID and a shared secret.
Parameters:
Name | Type | Attributes | Description |
---|---|---|---|
taStoreFile |
string |
<optional> |
The trusted assets store file path to be used for trusted assets manager creation. This is optional. If none is given the default global library parameter is used: iotcs.oracle.iot.tam.store. |
taStorePassword |
string |
<optional> |
The trusted assets store file password to be used for trusted assets manager creation. This is optional. If none is given the default global library parameter is used: iotcs.oracle.iot.tam.storePassword. |
Methods
(static) getClientId() → (nullable) {string}
Retrieves the ID of this client. If the client is a device, the client ID is the device ID. If
the client is a pre-activated enterprise application, the client ID corresponds to the assigned
endpoint ID. The client ID is used along with a client secret derived from the shared secret to
perform secret-based client authentication with the IoT CS server.
Returns:
The ID of this client, or
null
if any error occurs retrieving the
client ID.
- Type
- string
(static) getServerHost() → (nullable) {string}
Retrieves the IoT CS server host name.
Returns:
The IoT CS server host name, or
null
if any error occurs
retrieving the server host name.
- Type
- string
(static) getServerPort() → (nullable) {number}
Retrieves the IoT CS server port.
Returns:
The IoT CS server port (a positive integer), or
null
if any error
occurs retrieving the server port.
- Type
- number
(static) getTrustAnchorCertificates() → (nullable) {Array}
Retrieves the trust anchor or most-trusted Certification Authority (CA) to be used to validate
the IoT CS server certificate chain.
Returns:
The PEM-encoded trust anchor certificates, or
null
if any error
occurs retrieving the trust anchor.
- Type
- Array
(static) provision(taStoreFile, taStorePassword, serverHost, serverPort, clientIdnullable, sharedSecretnullable, truststorenullable)
Provisions the designated Trusted Assets Store with the provided provisioning assets. The
provided shared secret will be encrypted using the provided password.
Parameters:
Name | Type | Attributes | Description |
---|---|---|---|
taStoreFile |
string | The Trusted Assets Store file name. | |
taStorePassword |
string | The Trusted Assets Store password. | |
serverHost |
string | The IoT CS server host name. | |
serverPort |
number | The IoT CS server port. | |
clientId |
string |
<nullable> |
The ID of the client. |
sharedSecret |
string |
<nullable> |
The client's shared secret. |
truststore |
string |
<nullable> |
The truststore file containing PEM-encoded trust anchors certificates to be used to validate the IoT CS server certificate chain. |
(static) signWithSharedSecret(data, algorithm) → (nullable) {Array}
Signs the provided data using the specified algorithm and the shared secret. This method is only
use for secret-based client authentication with the IoT CS server.
Parameters:
Name | Type | Description |
---|---|---|
data |
Array | The bytes to be signed. |
algorithm |
string | The hash algorithm to use. |
Returns:
- The signature bytes, or
null
if any error occurs retrieving the
necessary key material or performing the operation.
- Type
- Array