Integrate AuthenticationProvider lib into Provisioning device lib

SDK v2 migration guide.md

@@ -20,10 +20,8 @@ are outlines of the notable breaking changes as well as a mapping from version 1
 
 There are a number of reasons why the Azure IoT SDK team chose to do a major version revision. Here are a few of the more important reasons:
 
-### Creating, removing, or upgrading several NuGet dependencies.
+### Removing or upgrading several NuGet dependencies.
 
-- Created
-  - Microsoft.Azure.Devices.Authentication
 - Upgraded
   - Microsoft.Azure.Devices (IoT hub service)
   - Microsoft.Azure.Devices.Client (IoT hub device)
@@ -97,6 +95,10 @@ but users are still encouraged to migrate to version 2 when they have the chance
 | `Message.ExpiryTimeUtc` | `TelemetryMessage.ExpiresOnUtc`, `IncomingMessage.ExpiresOnUtc` |
 | `MethodRequest` | `DirectMethodRequest` |
 | `MethodResponse` | `DirectMethodResponse` |
+| `DeviceAuthenticationWithRegistrySymmetricKey`, `DeviceAuthenticationWithSharedAccessPolicyKey`, `ModuleAuthenticationWithRegistrySymmetricKey` | `ClientAuthenticationWithSharedAccessKeyRefresh` |
+| `DeviceAuthenticationWithToken`, `ModuleAuthenticationWithToken` | `ClientAuthenticationWithSharedAccessSignature` |
+| `DeviceAuthenticationWithTokenRefresh`, `ModuleAuthenticationWithTokenRefresh` | `ClientAuthenticationWithTokenRefresh` |
+| `DeviceAuthenticationWithX509Certificate` | `ClientAuthenticationWithX509Certificate` |
 
 #### Other notable breaking changes
 
@@ -335,7 +337,7 @@ but users are still encouraged to migrate to version 2 when they have the chance
 
 Breaking changes:
 
-  - Microsoft.Azure.Devices.Shared.SecurityProvider* types moved from Microsoft.Azure.Devices.Shared.dll into Microsoft.Azure.Devices.Authentication.dll and renamed.
+  - Microsoft.Azure.Devices.Shared.SecurityProvider* types moved from Microsoft.Azure.Devices.Shared.dll into Microsoft.Azure.Devices.Provisioning.Client.dll and renamed.
 
 | Version 1 API | Equivalent version 2 API |
 |:---|:---|
@@ -348,7 +350,7 @@ Breaking changes:
 
 #### Other notable breaking changes
 
-- Derived `AuthenticationProvider` types no longer require disposal because of the base class; only select derived types will (e.g., `AuthenticationProviderTpmHsm`.)
+- Derived `AuthenticationProvider` types no longer require disposal because of the base class.
 - TPM support removed. The library used for TPM operations is broken on Linux and support for it is being shutdown. We'll reconsider how to support HSM.
 
 ## Frequently asked questions

azureiot.sln

@@ -7,8 +7,6 @@ Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "iothub", "iothub", "{537FA8
 EndProject
 Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "provisioning", "provisioning", "{3839DB7F-C289-4C1A-9D70-11DF35F139E0}"
 EndProject
-Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "authentication", "authentication", "{3AA089A9-A035-439E-BAF6-C3975A334379}"
-EndProject
 Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "e2e", "e2e", "{662CE01D-7A7F-48D8-80CE-5DC9C60677E8}"
 EndProject
 Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "device", "device", "{A48437BA-3C5B-431E-9B2F-96C850E9E1A5}"
@@ -35,8 +33,6 @@ Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Microsoft.Azure.Devices.Pro
 EndProject
 Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Microsoft.Azure.Devices.Provisioning.Service.Tests", "provisioning\service\tests\Microsoft.Azure.Devices.Provisioning.Service.Tests.csproj", "{C1DFF192-CDAB-4CC1-A340-F78C186EFC0A}"
 EndProject
-Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Microsoft.Azure.Devices.Authentication", "authentication\src\Microsoft.Azure.Devices.Authentication.csproj", "{275DEE86-1EEA-47C4-A9C5-797DF20EC8A7}"
-EndProject
 Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "E2ETests", "e2e\test\E2ETests.csproj", "{8E25CDE3-992D-4942-8C38-51A0D8E8EB70}"
 EndProject
 Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Solution Items", "Solution Items", "{719D18A7-E943-461B-B777-0AAEC43916F5}"
@@ -234,10 +230,6 @@ Global
 		{C1DFF192-CDAB-4CC1-A340-F78C186EFC0A}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
 		{C1DFF192-CDAB-4CC1-A340-F78C186EFC0A}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{C1DFF192-CDAB-4CC1-A340-F78C186EFC0A}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{275DEE86-1EEA-47C4-A9C5-797DF20EC8A7}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
-		{275DEE86-1EEA-47C4-A9C5-797DF20EC8A7}.Debug|Any CPU.Build.0 = Debug|Any CPU
-		{275DEE86-1EEA-47C4-A9C5-797DF20EC8A7}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{275DEE86-1EEA-47C4-A9C5-797DF20EC8A7}.Release|Any CPU.Build.0 = Release|Any CPU
 		{8E25CDE3-992D-4942-8C38-51A0D8E8EB70}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
 		{8E25CDE3-992D-4942-8C38-51A0D8E8EB70}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{8E25CDE3-992D-4942-8C38-51A0D8E8EB70}.Release|Any CPU.ActiveCfg = Release|Any CPU
@@ -414,7 +406,6 @@ Global
 		{F99E80F7-86D5-4E78-9FAB-6F1459F01E2F} = {F94CC11B-7FA5-4CF0-9103-2B89BE631AB0}
 		{AD108C3E-F395-4DDF-ADFA-645D14B6E952} = {873E717F-49D6-41E2-B073-6474B160A0F2}
 		{C1DFF192-CDAB-4CC1-A340-F78C186EFC0A} = {873E717F-49D6-41E2-B073-6474B160A0F2}
-		{275DEE86-1EEA-47C4-A9C5-797DF20EC8A7} = {3AA089A9-A035-439E-BAF6-C3975A334379}
 		{8E25CDE3-992D-4942-8C38-51A0D8E8EB70} = {9C260BF0-1CCA-45A2-AAB8-6419291B8B88}
 		{8797C176-398A-4347-B8E9-38FAF5746EC4} = {F94CC11B-7FA5-4CF0-9103-2B89BE631AB0}
 		{0F7F505C-CB9A-4CFD-855C-BDB0A9067AD1} = {A48437BA-3C5B-431E-9B2F-96C850E9E1A5}

e2e/test/E2ETests.csproj

@@ -35,7 +35,6 @@
   <ItemGroup Condition=" '$(AZURE_IOT_LOCALPACKAGES)' == '' ">
     <ProjectReference Include="$(RootDir)\iothub\device\src\Microsoft.Azure.Devices.Client.csproj" />
     <ProjectReference Include="$(RootDir)\iothub\service\src\Microsoft.Azure.Devices.csproj" />
-    <ProjectReference Include="$(RootDir)\authentication\src\Microsoft.Azure.Devices.Authentication.csproj" />
     <ProjectReference Include="$(RootDir)\provisioning\device\src\Microsoft.Azure.Devices.Provisioning.Client.csproj" />
     <ProjectReference Include="$(RootDir)\provisioning\service\src\Microsoft.Azure.Devices.Provisioning.Service.csproj" />
   </ItemGroup>

e2e/test/provisioning/ProvisioningCertificateValidationE2ETest.cs

@@ -2,13 +2,12 @@
 // Licensed under the MIT license. See LICENSE file in the project root for full license information.
 
 using System;
-using System.Linq;
 using System.IO;
+using System.Linq;
 using System.Security.Authentication;
 using System.Security.Cryptography.X509Certificates;
 using System.Threading.Tasks;
 using FluentAssertions;
-using Microsoft.Azure.Devices.Authentication;
 using Microsoft.Azure.Devices.E2ETests.Helpers;
 using Microsoft.Azure.Devices.Provisioning.Client;
 using Microsoft.Azure.Devices.Provisioning.Service;

e2e/test/provisioning/ProvisioningE2ETests.cs

@@ -11,7 +11,6 @@
 using System.Threading;
 using System.Threading.Tasks;
 using FluentAssertions;
-using Microsoft.Azure.Devices.Authentication;
 using Microsoft.Azure.Devices.Client;
 using Microsoft.Azure.Devices.E2ETests.Helpers;
 using Microsoft.Azure.Devices.Provisioning.Client;
@@ -709,7 +708,7 @@ public async Task DPS_Registration_AmqpWs_X509_IndividualEnrollment_InvalidGloba
 
                 if (authMethod is AuthenticationProviderX509 x509Auth)
                 {
-                    X509Certificate2 deviceCertificate = x509Auth.GetAuthenticationCertificate();
+                    X509Certificate2 deviceCertificate = x509Auth.ClientCertificate;
                     deviceCertificate?.Dispose();
                 }
 
@@ -773,7 +772,7 @@ public async Task DPS_Registration_AmqpWs_X509_IndividualEnrollment_InvalidGloba
 
                 if (auth is AuthenticationProviderX509 x509Auth)
                 {
-                    X509Certificate2 deviceCertificate = x509Auth.GetAuthenticationCertificate();
+                    X509Certificate2 deviceCertificate = x509Auth.ClientCertificate;
                     deviceCertificate?.Dispose();
                 }
 
@@ -836,7 +835,7 @@ public async Task DPS_Registration_AmqpWs_X509_IndividualEnrollment_InvalidGloba
 
                 if (auth is AuthenticationProviderX509 x509Auth)
                 {
-                    X509Certificate2 deviceCertificate = x509Auth.GetAuthenticationCertificate();
+                    X509Certificate2 deviceCertificate = x509Auth.ClientCertificate;
                     deviceCertificate?.Dispose();
                 }
 
@@ -1059,12 +1058,12 @@ public static ProvisioningClientOptions CreateProvisioningClientOptionsFromName(
             IAuthenticationMethod auth;
             if (provisioningAuth is AuthenticationProviderX509 x509Auth)
             {
-                X509Certificate2 cert = x509Auth.GetAuthenticationCertificate();
+                X509Certificate2 cert = x509Auth.ClientCertificate;
                 auth = new ClientAuthenticationWithX509Certificate(cert, deviceId);
             }
             else if (provisioningAuth is AuthenticationProviderSymmetricKey symmetricKeyAuth)
             {
-                auth = new ClientAuthenticationWithSharedAccessKeyRefresh(symmetricKeyAuth.GetPrimaryKey(), deviceId);
+                auth = new ClientAuthenticationWithSharedAccessKeyRefresh(symmetricKeyAuth.PrimaryKey, deviceId);
             }
             else
             {

iothub/device/samples/solutions/PnpDeviceSamples/TemperatureController/Program.cs

@@ -1,14 +1,13 @@
 // Copyright (c) Microsoft. All rights reserved.
 // Licensed under the MIT license. See LICENSE file in the project root for full license information.
 
+using System;
+using System.Threading;
+using System.Threading.Tasks;
 using CommandLine;
-using Microsoft.Azure.Devices.Authentication;
 using Microsoft.Azure.Devices.Logging;
 using Microsoft.Azure.Devices.Provisioning.Client;
 using Microsoft.Extensions.Logging;
-using System;
-using System.Threading;
-using System.Threading.Tasks;
 
 namespace Microsoft.Azure.Devices.Client.Samples
 {

iothub/device/samples/solutions/PnpDeviceSamples/Thermostat/Program.cs

@@ -1,15 +1,13 @@
 // Copyright (c) Microsoft. All rights reserved.
 // Licensed under the MIT license. See LICENSE file in the project root for full license information.
 
+using System;
+using System.Threading;
+using System.Threading.Tasks;
 using CommandLine;
-using Microsoft.Azure.Devices.Authentication;
 using Microsoft.Azure.Devices.Logging;
 using Microsoft.Azure.Devices.Provisioning.Client;
 using Microsoft.Extensions.Logging;
-using Microsoft.Rest;
-using System;
-using System.Threading;
-using System.Threading.Tasks;
 
 namespace Microsoft.Azure.Devices.Client.Samples
 {

iothub/device/src/Authentication/ClientAuthenticationWithX509Certificate.cs

@@ -7,7 +7,7 @@
 namespace Microsoft.Azure.Devices.Client
 {
     /// <summary>
-    /// Authentication method that uses a X.509 certificate
+    /// Authentication method that uses an X.509 certificate
     /// </summary>
     public sealed class ClientAuthenticationWithX509Certificate : IAuthenticationMethod
     {
@@ -18,26 +18,26 @@ public sealed class ClientAuthenticationWithX509Certificate : IAuthenticationMet
         /// Creates an instance of this class.
         /// </summary>
         /// <remarks>
-        /// The <paramref name="certificate"/> managed resource should be disposed by the user.
+        /// The <paramref name="clientCertificate"/> managed resource should be disposed by the user.
         /// This class doesn't dispose it since the user might want to reuse it.
         /// </remarks>
-        /// <param name="certificate">X.509 certificate.</param>
-        /// <param name="chainCertificates">Certificates in the device certificate chain.</param>
+        /// <param name="clientCertificate">X.509 certificate.</param>
+        /// <param name="certificateChain">Certificates in the device certificate chain.</param>
         /// <param name="deviceId">Device identifier.</param>
         /// <param name="moduleId">Module identifier.</param>
-        /// <exception cref="ArgumentException">When <paramref name="certificate"/> or <paramref name="chainCertificates"/> is null.</exception>
+        /// <exception cref="ArgumentException">When <paramref name="clientCertificate"/> or <paramref name="certificateChain"/> is null.</exception>
         public ClientAuthenticationWithX509Certificate(
-            X509Certificate2 certificate,
-            X509Certificate2Collection chainCertificates,
+            X509Certificate2 clientCertificate,
+            X509Certificate2Collection certificateChain,
             string deviceId,
             string moduleId = default)
         {
             SetDeviceId(deviceId);
             SetModuleId(moduleId);
-            Certificate = certificate
-                ?? throw new ArgumentException("No certificate was found. To use certificate authentication certificate must be present.", nameof(certificate));
-            ChainCertificates = chainCertificates
-                ?? throw new ArgumentException("No certificate chain was found.", nameof(chainCertificates));
+            ClientCertificate = clientCertificate
+                ?? throw new ArgumentException("No certificate was found. To use certificate authentication certificate must be present.", nameof(clientCertificate));
+            CertificateChain = certificateChain
+                ?? throw new ArgumentException("No certificate chain was found.", nameof(certificateChain));
         }
 
         /// <summary>
@@ -58,7 +58,7 @@ public sealed class ClientAuthenticationWithX509Certificate : IAuthenticationMet
         {
             SetDeviceId(deviceId);
             SetModuleId(moduleId);
-            Certificate = certificate
+            ClientCertificate = certificate
                 ?? throw new ArgumentException("No certificate was found. To use certificate authentication certificate must be present.", nameof(certificate));
         }
 
@@ -85,14 +85,14 @@ public string ModuleId
         /// The private key should be available in the <see cref="X509Certificate2"/> object,
         /// or should be available in the certificate store of the system where the client will be authenticated from.
         /// </summary>
-        public X509Certificate2 Certificate { get; }
+        public X509Certificate2 ClientCertificate { get; }
 
         /// <summary>
         /// Full chain of certificates from the one used to sign the device certificate to the one uploaded to the
         /// service. Private keys are not required for these certificates.
         /// This is only supported on AMQP_Tcp_Only and Mqtt_Tcp_Only
         /// </summary>
-        public X509Certificate2Collection ChainCertificates { get; }
+        public X509Certificate2Collection CertificateChain { get; }
 
         /// <summary>
         /// Populates a supplied instance based on the properties of the current instance.
@@ -105,8 +105,8 @@ public void Populate(ref IotHubConnectionCredentials iotHubConnectionCredentials
 
             iotHubConnectionCredentials.DeviceId = DeviceId;
             iotHubConnectionCredentials.ModuleId = ModuleId;
-            iotHubConnectionCredentials.Certificate = Certificate;
-            iotHubConnectionCredentials.ChainCertificates = ChainCertificates;
+            iotHubConnectionCredentials.ClientCertificate = ClientCertificate;
+            iotHubConnectionCredentials.CertificateChain = CertificateChain;
             iotHubConnectionCredentials.SharedAccessSignature = null;
             iotHubConnectionCredentials.SharedAccessKey = null;
             iotHubConnectionCredentials.SharedAccessKeyName = null;

iothub/device/src/Authentication/IConnectionCredentials.cs

@@ -68,12 +68,12 @@ internal interface IConnectionCredentials
         /// <summary>
         /// The client X509 certificates used for authenticating with IoT hub.
         /// </summary>
-        X509Certificate2 Certificate { get; }
+        X509Certificate2 ClientCertificate { get; }
 
         /// <summary>
         /// The full chain of certificates from the one used to sign the client certificate to the one uploaded to the service.
         /// </summary>
-        X509Certificate2Collection ChainCertificates { get; }
+        X509Certificate2Collection CertificateChain { get; }
 
         /// <summary>
         /// The suggested time to live value for tokens generated for SAS authenticated clients.