def get(self, request):
"""
Handler which returns mdm signing public key
"""
response = {}
try:
kvstore_service = kvstore(collection=USER_META_COLLECTION_NAME, session_key=request[SESSION][AUTHTOKEN], owner=request[SESSION][USER])
result = json.loads(kvstore_service.get_item_by_key(MDM_KEYPAIR_GENERATION_TIME)[1])
response.update({TIMESTAMP: result[TIMESTAMP]})
except Exception as e:
# If key not in kvstore
if hasattr(e, 'statusCode') and e.statusCode == http.NOT_FOUND:
return {
'payload': {
'message': 'Could not find mdm keypair update time in kvstore',
'status': http.NOT_FOUND
}
}
return {
'payload': {
'message': e.message,
'status': http.BAD_REQUEST
}
}
try:
public_key = fetch_sensitive_data(request[SESSION][AUTHTOKEN], MDM_SIGN_PUBLIC_KEY)
private_key = fetch_sensitive_data(request[SESSION][AUTHTOKEN], MDM_SIGN_PRIVATE_KEY)
response.update({'sign_public_key': public_key, 'sign_private_key': private_key})
except Exception as e:
# If key not in storage/passwords
if hasattr(e, 'statusCode') and e.statusCode == http.NOT_FOUND:
return {
'payload': {
'message': 'Could not find one or both of key={} and key={} in /storage/passwords'
.format(MDM_SIGN_PUBLIC_KEY,
MDM_SIGN_PRIVATE_KEY),
'status': http.NOT_FOUND
}
}
return {
'payload': {
'message': e.message,
'status': http.BAD_REQUEST
}
}
return {
'payload': response,
'status': http.OK
}
def post(self, request):
user = request[SESSION][USER]
system_authtoken = request[SYSTEM_AUTHTOKEN]
payload = json.loads(request[PAYLOAD])
LOGGER.info("attempting to set deployment name")
deployment_name = payload.get('deployment_name', '')
status_code = HTTPStatus.OK
error_message = None
valid_deployment_name = validate_deployment_name(deployment_name)
if not valid_deployment_name:
error_message = "Invalid Deployment Name"
status_code = HTTPStatus.BAD_REQUEST
# Don't check kvstore if we already have an error
if error_message:
return {
'payload': error_message,
'status': status_code,
}
# Get the kvstore object first because posting overwrites the entire object
try:
kvstore_service = kvstore(collection=META_COLLECTION_NAME,
session_key=request[SESSION][AUTHTOKEN],
owner=NOBODY)
result = json.loads(
kvstore_service.get_item_by_key(DEPLOYMENT_INFO)[1])
except Exception as e:
# If key not in kvstore
LOGGER.exception("Exception setting deployment name={}".format(e))
if hasattr(e,
'statusCode') and e.statusCode == HTTPStatus.NOT_FOUND:
error_message = 'Could not find deployment info in kvstore'
error_status = HTTPStatus.NOT_FOUND
elif hasattr(e, 'statusCode'):
error_message = str(e)
error_status = e.statusCode
else:
error_message = str(e)
error_status = HTTPStatus.BAD_REQUEST
return {
'payload': {
'message': error_message,
'status': error_status
}
}
# Set new deployment name
result[DEPLOYMENT_FRIENDLY_NAME] = valid_deployment_name
try:
kvstore_service.insert_or_update_item_containing_key(result)
except Exception as e:
return {
'payload': {
'message': str(e),
'status': HTTPStatus.INTERNAL_SERVER_ERROR
}
}
return {
'payload': valid_deployment_name,
'status': status_code,
}
def post(self, request):
"""
Handler which generates and returns an mdm keypair
"""
# generate mdm credentials
LOGGER.info("Generating MDM Credentials")
system_authtoken = request[SYSTEM_AUTHTOKEN]
key_bundle = _load_key_bundle(system_authtoken)
[public_key, private_key] = self.sodium_client.sign_generate_keypair()
now = int(datetime.now().strftime('%s'))
response = {}
response['message'] = []
status = HTTPStatus.OK
try:
# send public signing key to spacebridge
send_mdm_signing_key_to_spacebridge(request[SESSION][AUTHTOKEN],
public_key, key_bundle)
except Exception as e:
status = HTTPStatus.INTERNAL_SERVER_ERROR
LOGGER.warn(
"Failed to register mdm keys with spacebridge. error=%s", e)
return {
'payload': {
'failed_save': True,
'message': e
},
'status': status,
}
# update key generation timestamp
try:
kvstore_service = kvstore(collection=USER_META_COLLECTION_NAME,
session_key=request[SESSION][AUTHTOKEN],
owner=request[SESSION][USER])
entry = {KEY: MDM_KEYPAIR_GENERATION_TIME, TIMESTAMP: now}
kvstore_service.insert_or_update_item_containing_key(entry)
except Exception as e:
status = HTTPStatus.INTERNAL_SERVER_ERROR
response['failed_timesave'] = True
response['message'].append(e.message)
# store to storage/passwords
try:
[_, created_public_key] = update_or_create_sensitive_data(
request[SESSION][AUTHTOKEN], MDM_SIGN_PUBLIC_KEY,
py23.b64encode_to_str(public_key))
except Exception as e:
status = HTTPStatus.INTERNAL_SERVER_ERROR
response['failed_public_localsave'] = True
response['message'].append(str(e))
try:
[_, created_private_key] = update_or_create_sensitive_data(
request[SESSION][AUTHTOKEN], MDM_SIGN_PRIVATE_KEY,
py23.b64encode_to_str(private_key))
except Exception as e:
status = HTTPStatus.INTERNAL_SERVER_ERROR
response['failed_private_localsave'] = True
response['message'].append(str(e))
# don't pass back the message if we have no errors
if not response['message']:
del response['message']
response[SIGN_PUBLIC_KEY] = py23.b64encode_to_str(public_key)
response[SIGN_PRIVATE_KEY] = py23.b64encode_to_str(private_key)
response[TIMESTAMP] = now
return {
'payload': response,
'status': status,
}