def attr_auth_device_keygen(device_id, attr_list, token):
if device_id not in " ".join(attr_list):
click.echo(
f"attr_list argument should contain device_id ({device_id})")
return
doc = search_tinydb_doc(path, 'aa_keys', where('public_key').exists())
if not doc:
with click.Context(get_attr_auth_keys) as ctx:
click.echo(
f"Public key not present, please use: {ctx.command.name}")
click.echo(get_attr_auth_keys.get_help(ctx))
return
data = {"attr_list": " ".join(attr_list)}
r = requests.post(AA_URL_DEVICE_KEYGEN,
headers={"Authorization": token},
data=data,
verify=VERIFY_CERTS)
content = r.content.decode('unicode-escape')
json_content = json_string_with_bytes_to_dict(content)
if not json_content["success"]:
click.echo(json_content)
return
t = get_tinydb_table(path, "device_keys")
device_data_doc = {
"private_key": json_content["private_key"],
"attr_list": attr_list,
}
t.update(set("device_data:data", device_data_doc),
Query().device_id == device_id)
def get_foreign_device_data(device_id, data):
doc = search_tinydb_doc(path, 'device_keys',
Query().device_id == str(device_id))
if not doc:
click.echo(
f"Keys for device: {device_id} are missing. You are probably not authorized to use it."
)
decrypted = []
for row in data["device_data"]:
try:
decrypted.append(
decrypt_using_abe_serialized_key(
row["data"], doc["device_data:data"]["public_key"],
doc["device_data:data"]["private_key"]))
except:
click.echo("Cannot decrypt row.")
result = []
for val in decrypted:
try:
if val.endswith("0"):
result.append(unpad_payload_attr(val))
except Exception as e:
click.echo(str(e))
click.echo(result)
def is_global_bi_key_missing(command, message):
doc = search_tinydb_doc(path, 'global', Query().bi_key.exists())
if not doc:
with click.Context(command) as ctx:
click.echo(f"{message}, please use: {ctx.command.name}")
click.echo(command.get_help(ctx))
return True
return False
def is_device_bi_key_missing(device_id, command, message):
doc = search_tinydb_doc(path, 'device_keys',
Query().device_id == str(device_id))
if doc is None or "bi_key" not in doc:
with click.Context(command) as ctx:
click.echo(f"{message}, please use: {ctx.command.name}")
click.echo(command.get_help(ctx))
return True
return False
def get_encryption_keys(device_id, db_keys):
"""
Retrieves encryption (decryption) keys corresponding to :param db_keys from TinyDB file
:param device_id
:param db_keys: list of TinyDB key names, e.g.: ["device_type:description", "action:name"]
:return: dictionary of key, value pair of column name and encryption string, e.g.: {"action:name": "9dd1a57836a5...858372a8c0c42515", ...}
"""
doc = search_tinydb_doc(path, 'device_keys',
Query().device_id == str(device_id))
result = {}
for key in db_keys:
if ":" in key:
if key == "device_data:data":
result[key] = [get_aa_public_key(), doc[key]["private_key"]]
else:
result[key] = doc[key]
return result
def attr_auth_keygen(api_username, device_id, attr_list, token):
doc = search_tinydb_doc(path, 'aa_keys', where('public_key').exists())
if not doc:
with click.Context(get_attr_auth_keys) as ctx:
click.echo(
f"Public key not present, please use: {ctx.command.name}")
click.echo(get_attr_auth_keys.get_help(ctx))
return
data = {
"attr_list": " ".join(attr_list),
"api_username": api_username,
"device_id": device_id
}
r = requests.post(AA_URL_KEYGEN,
headers={"Authorization": token},
data=data,
verify=VERIFY_CERTS)
click.echo(r.content.decode('unicode-escape'))
def _setup_client(user_id):
def on_publish(client, userdata, result):
click.echo("Data published")
client = paho.Client(user_id)
client.on_publish = on_publish
client.tls_set(ca_certs=os.path.join(os.path.dirname(__file__),
"certs/server.crt"),
certfile=None,
keyfile=None,
tls_version=ssl.PROTOCOL_TLSv1_2)
client.tls_insecure_set(True)
doc = search_tinydb_doc(
path, 'credentials',
where('broker_id').exists() & where('broker_password').exists())
client.username_pw_set(f"u:{doc['broker_id']}", doc['broker_password'])
client.connect(MQTT_BROKER, MQTT_PORT, 30)
return client
def send_message(user_id, device_id, data):
doc = search_tinydb_doc(path, 'device_keys',
Query().device_id == device_id)
if not doc:
with click.Context(send_key_to_device) as ctx:
click.echo(
f"Keys for device {device_id} not present, please use: {ctx.command.name}"
)
click.echo(send_key_to_device.get_help(ctx))
return
fernet_key = hex_to_fernet(doc["shared_key"])
token = fernet_key.encrypt(data.encode())
client = _setup_client(user_id)
payload = f'"{json.dumps(_create_payload({"ciphertext": token.decode()}, user_id))}"'
ret = client.publish(f"u:{user_id}/d:{device_id}/", payload)
click.echo(f"RC and MID = {ret}")
def set_action(device_id, name, token):
doc = search_tinydb_doc(path, 'device_keys',
Query().device_id == str(device_id))
if not doc:
with click.Context(send_column_keys) as ctx:
click.echo(
f"Keys for device {device_id} not present, please use: {ctx.command.name}"
)
click.echo(send_column_keys.get_help(ctx))
return
data = {
"device_id": device_id,
"name": encrypt_using_fernet_hex(doc["action:name"], name),
"correctness_hash": correctness_hash(name),
"name_bi": blind_index(get_device_bi_key(device_id), name)
}
r = requests.post(URL_SET_ACTION,
headers={"Authorization": token},
data=data,
verify=VERIFY_CERTS)
click.echo(r.content.decode('unicode-escape'))
def get_aa_public_key():
doc = search_tinydb_doc(path, 'aa_keys', where('public_key').exists())
return doc["public_key"]
def get_device_bi_key(device_id):
doc = search_tinydb_doc(path, 'device_keys',
Query().device_id == str(device_id))
return hex_to_key(doc["bi_key"])