Secure Provisioning is the first contact from qbert to figure out how the unit should be provisioned.
Device uses mDNS to discover one or more services that publish product-provisioner endpoints. The same device exposes an http server responding to the /bzt232hub02-provisioner endpoint.
Display list of services on device. or select if only one comes up.
GET /bzt232hub02-provisioner?deviceId=10101010
Response:
{
"product": "bzt232hub02",
"software": "rsync://ntn-mstevens-01.ntn.com:59144/site/BTUpdates",
"content": "rsync://ntn-mstevens-01.ntn.com:59144/site/BTContent",
"software-cache": "rsync://ntn-mstevens-01.ntn.com:59144/tablet/software",
"content-cache": "rsync://ntn-mstevens-01.ntn.com:59144/tablet/content",
"certificates": "rsync://ntn-mstevens-01.ntn.com:59144/site/CACerts",
"user": "git",
"password": "git",
"secrets": [
{"key": "jwt", "secret": "secret_value" },
{"key": "platform", "secret": "{....}" },
]
}
Upon receiving the above data:
Data | Disposition |
---|---|
certificates | certificates here are installed into the User CA Certs and registered by sha256 |
secrets | secrets are stored securely in the LockboxProvider until they can be transferred into BTSettings |
software | all files in the folder are copied, to be installed according to the software manifest |
content | all files are copied. When the content manifest is retrieved, the content is integrated into the MediaContentProvider |
software-cache | files are copied into http software folder and organized for tablet software downloads |
content-cache | files are copied into http content folder and organized for tablet content downloads |