def __init__(self,
entity_name="gabe",
wave_uri="localhost:410",
mosquitto_url="broker.cal-sdb.org",
mosquitto_pass="******",
mosquitto_user="******",
on_message=None):
# connect to WAVE agent
self.agent = wave3.WAVEStub(grpc.insecure_channel(wave_uri))
# set up entity and store keys
self.entity_name = entity_name
self.entity, newlycreated = self.createOrLoadEntity(entity_name)
self.entityPublicDER = self.entity.PublicDER
self.entitySecretDER = self.entity.SecretDER
self.perspective = wave3.Perspective(entitySecret=wave3.EntitySecret(
DER=self.entity.SecretDER))
# publish this so others can refer to it
if newlycreated:
self.agent.PublishEntity(
wave3.PublishEntityParams(DER=self.entity.PublicDER))
# create mqtt client
self.client = mqtt.Client(client_id=entity_name, clean_session=True)
self._connected = False
self._pending = []
self._call_on_message = on_message
self.client.on_connect = self.on_connect
self.client.on_message = self.on_message
self.client.username_pw_set(mosquitto_user, mosquitto_pass)
self.client.connect(mosquitto_url, 1883, 60)
self.client.loop_start()
def __init__(self, nickname):
self.nickname = nickname
channel = grpc.insecure_channel("localhost:410")
self.agent = wv.WAVEStub(channel)
self.ent, newlycreated = createOrLoadEntity(self.agent, "homeserver")
self.entityPublicDER = self.ent.PublicDER
self.entitySecretDER = self.ent.SecretDER
self.perspective = wv.Perspective(entitySecret=wv.EntitySecret(
DER=self.ent.SecretDER))
if newlycreated:
self.agent.PublishEntity(
wv.PublishEntityParams(DER=self.ent.PublicDER))
# instantiate and display widgets
self.light_widget = widgets.Light('light-1')
self.switch_widget = widgets.Switch('light-1')
self.thermostat_widget = widgets.Thermostat()
self.motion_sensor_widget = widgets.MotionSensor()
self.notificationbox = widgets.Notification()
self.lightbox = widgets.ipw.VBox(
[self.light_widget, self.switch_widget],
layout=widgets.ipw.Layout(align_items='center',
border='solid 2px'))
self.mybox = widgets.ipw.VBox([
widgets.ipw.HBox([
self.lightbox, self.motion_sensor_widget,
self.thermostat_widget
],
layout=widgets.ipw.Layout(width='100%')),
self.notificationbox,
])
display(self.mybox)
# TODO: have read/write topic?
self.tstat_entity, self.tstat_encrypt_proof, self.tstat_msg_proof = self._make_device_entity(
'thermostat')
self.light_entity, self.light_encrypt_proof, self.light_msg_proof = self._make_device_entity(
'light')
self.motion_entity, self.motion_encrypt_proof, self.motion_msg_proof = self._make_device_entity(
'motion')
self.light_widget.observe(self._publish_light_state, 'state')
self.thermostat_widget.observe(self._publish_tstat_state)
self.motion_sensor_widget.observe(self._publish_motion_sensor_state)
# hook up triggers to report?
self.client = mqtt.Client()
self.client.on_connect = self.on_connect
self.client.on_message = self.on_message
self.client.username_pw_set("risecamp2018", "risecamp2018")
self.client.connect("broker.cal-sdb.org", 1883, 60)
self.client.loop_start()
def auth_deploy_python_model(clipper_conn,
model_name,
wave_obj,
recipient_entity,
ciphertext,
version=1,
input_type="doubles"):
'''Deploy a Python function with a python model.
Parameters
----------
clipper_conn : :py:meth:`clipper_admin.ClipperConnection`
A ``ClipperConnection`` object connected to a running Clipper cluster.
name : str
The name to be assigned to both the registered application and deployed model.
version : str
The version to assign this model. Versions must be unique on a per-model
basis, but may be re-used across different models.
input_type : str
The input_type to be associated with the registered app and deployed model.
One of "integers", "floats", "doubles", "bytes", or "strings".
func : function
The prediction function. Any state associated with the function will be
captured via closure capture and pickled with Cloudpickle.
wave_obj: wave object
recipient_entity: parameter for wave decrypt call
ciphertext: text to be decoded
'''
decrypt_response = wave_obj.DecryptMessage(
wv.DecryptMessageParams(perspective=wv.Perspective(
entitySecret=wv.EntitySecret(DER=recipient_entity.SecretDER)),
ciphertext=ciphertext,
resyncFirst=True))
if decrypt_response.error.code != 0:
raise Exception("Incorrect authentication")
model = cloudpickle.loads(decrypt_response.content)
# temporarily put the predict method here...
def predict(inputs):
# model.predict returns a list of predictions
preds = model.predict(inputs)
return [str(p) for p in preds]
py_deployer.deploy_python_closure(
clipper_conn,
name=model_name,
version=version,
input_type=input_type,
func=predict,
pkgs_to_install=["numpy", "scipy", "pandas", "sklearn"])
def auth_deploy_rllib_model(clipper_conn,
model_name,
func,
wave_obj,
recipient_entity,
ciphertext,
version=1,
input_type="doubles",
klass=ppo.PPOAgent,
ppo_env="pong_env"):
'''Deploy a Python function with a RLlib model.
Parameters
----------
clipper_conn : :py:meth:`clipper_admin.ClipperConnection`
A ``ClipperConnection`` object connected to a running Clipper cluster.
name : str
The name to be assigned to both the registered application and deployed model.
version : str
The version to assign this model. Versions must be unique on a per-model
basis, but may be re-used across different models.
input_type : str
The input_type to be associated with the registered app and deployed model.
One of "integers", "floats", "doubles", "bytes", or "strings".
func : function
The prediction function. Any state associated with the function will be
captured via closure capture and pickled with Cloudpickle.
wave_obj: wave object
recipient_entity: parameter for wave decrypt call
ciphertext: text to be decoded
'''
decrypt_response = wave_obj.DecryptMessage(
wv.DecryptMessageParams(perspective=wv.Perspective(
entitySecret=wv.EntitySecret(DER=recipient_entity.SecretDER)),
ciphertext=ciphertext,
resyncFirst=True))
if decrypt_response.error.code != 0:
raise Exception("Incorrect authentication")
agent = klass(env=ppo_env, config={'env_config': {}})
agent.restore_from_object(decrypt_response.content)
deploy_rllib_model(clipper_conn,
name=model_name,
version=version,
input_type=input_type,
func=func,
trainer=agent)
import grpc
import wave3 as wv
channel = grpc.insecure_channel("localhost:410")
agent = wv.WAVEStub(channel)
# rv = stub.ListLocations(eapi_pb2.ListLocationsParams())
# print(rv)
ent = agent.CreateEntity(wv.CreateEntityParams())
agent.PublishEntity(wv.PublishEntityParams(DER=ent.PublicDER))
ent2 = agent.CreateEntity(wv.CreateEntityParams())
agent.PublishEntity(wv.PublishEntityParams(DER=ent2.PublicDER))
perspective = wv.Perspective(entitySecret=wv.EntitySecret(DER=ent.SecretDER))
att = agent.CreateAttestation(
wv.CreateAttestationParams(
perspective=perspective,
subjectHash=ent2.hash,
publish=True,
policy=wv.Policy(
rTreePolicy=wv.RTreePolicy(namespace=ent.hash,
indirections=5,
statements=[
wv.RTreePolicyStatement(
permissionSet=ent.hash,
permissions=["foo"],
resource="foo/bar",
)
]))))
ent2perspective = wv.Perspective(entitySecret=wv.EntitySecret(
def _make_device_entity(self, device):
"""
- makes entity
- publishes entity
- namespace grant to device entity read on <hash>/<device>/control
- namespace grant to device entity write on <hash>/<device>/report
"""
device_entity, newlyCreated = createOrLoadEntity(self.agent, device)
if newlyCreated:
self.agent.PublishEntity(wv.PublishEntityParams(DER=device_entity.PublicDER))
device_perspective=wv.Perspective(
entitySecret=wv.EntitySecret(DER=device_entity.SecretDER)
)
# grant permission to encrypt on device URIs, read/write on report/control respectively
encrypt_policy = wv.Policy(rTreePolicy=wv.RTreePolicy(
namespace=self.ent.hash,
indirections=5,
# TODO: need this?
# visibilityURI=[bytes("smarthome","utf8"),bytes(device,"utf8")],
statements=[
wv.RTreePolicyStatement(
permissionSet=wv.WaveBuiltinPSET,
permissions=[wv.WaveBuiltinE2EE],
resource="smarthome/{0}/+".format(device),
)
]
))
msg_policy = wv.Policy(rTreePolicy=wv.RTreePolicy(
namespace=self.ent.hash,
indirections=5,
statements=[
wv.RTreePolicyStatement(
permissionSet=smarthome_pset,
permissions=["read"],
resource="smarthome/{0}/control".format(device),
),
wv.RTreePolicyStatement(
permissionSet=smarthome_pset,
permissions=["write"],
resource="smarthome/{0}/report".format(device),
)
]
))
if newlyCreated:
r = self.agent.CreateAttestation(wv.CreateAttestationParams(
perspective=self.perspective,
subjectHash=device_entity.hash,
publish=True,
policy=msg_policy
))
#print(r)
#print('msg policy attested')
r = self.agent.CreateAttestation(wv.CreateAttestationParams(
perspective=self.perspective,
subjectHash=device_entity.hash,
publish=True,
policy=encrypt_policy,
))
#print(r)
#print('encrypt policy attested')
#print(encrypt_policy)
encrypt_proof = self.agent.BuildRTreeProof(wv.BuildRTreeProofParams(
perspective=device_perspective,
namespace=encrypt_policy.rTreePolicy.namespace,
resyncFirst=True,
statements=encrypt_policy.rTreePolicy.statements,
))
if encrypt_proof.error.code != 0:
raise Exception(encrypt_proof.error)
msg_proof = self.agent.BuildRTreeProof(wv.BuildRTreeProofParams(
perspective=device_perspective,
namespace=msg_policy.rTreePolicy.namespace,
resyncFirst=True,
statements=msg_policy.rTreePolicy.statements,
))
if msg_proof.error.code != 0:
raise Exception(msg_proof.error)
return device_entity, encrypt_proof, msg_proof
