Esempio n. 1
0
    def _make_device_entity(self, device):
        """
        - makes entity
        - publishes entity
        - namespace grant to device entity read on <hash>/<device>/control
        - namespace grant to device entity write on <hash>/<device>/report
        """
        device_entity, newlyCreated = createOrLoadEntity(self.agent, device)
        if newlyCreated:
            self.agent.PublishEntity(wv.PublishEntityParams(DER=device_entity.PublicDER))
        device_perspective=wv.Perspective(
            entitySecret=wv.EntitySecret(DER=device_entity.SecretDER)
        )

        # grant permission to encrypt on device URIs, read/write on report/control respectively

        encrypt_policy = wv.Policy(rTreePolicy=wv.RTreePolicy(
            namespace=self.ent.hash,
            indirections=5,
            # TODO: need this?
            # visibilityURI=[bytes("smarthome","utf8"),bytes(device,"utf8")],
            statements=[
                wv.RTreePolicyStatement(
                    permissionSet=wv.WaveBuiltinPSET,
                    permissions=[wv.WaveBuiltinE2EE],
                    resource="smarthome/{0}/+".format(device),
                )
            ]
        ))

        msg_policy = wv.Policy(rTreePolicy=wv.RTreePolicy(
            namespace=self.ent.hash,
            indirections=5,
            statements=[
                  wv.RTreePolicyStatement(
                    permissionSet=smarthome_pset,
                    permissions=["read"],
                    resource="smarthome/{0}/control".format(device),
                ),
                wv.RTreePolicyStatement(
                    permissionSet=smarthome_pset,
                    permissions=["write"],
                    resource="smarthome/{0}/report".format(device),
                )
            ]
        ))

        if newlyCreated:
            r = self.agent.CreateAttestation(wv.CreateAttestationParams(
                perspective=self.perspective,
                subjectHash=device_entity.hash,
                publish=True,
                policy=msg_policy
            ))
            #print(r)
            #print('msg policy attested')

            r = self.agent.CreateAttestation(wv.CreateAttestationParams(
                perspective=self.perspective,
                subjectHash=device_entity.hash,
                publish=True,
                policy=encrypt_policy,
            ))
            #print(r)
            #print('encrypt policy attested')
            #print(encrypt_policy)

        encrypt_proof = self.agent.BuildRTreeProof(wv.BuildRTreeProofParams(
            perspective=device_perspective,
            namespace=encrypt_policy.rTreePolicy.namespace,
            resyncFirst=True,
            statements=encrypt_policy.rTreePolicy.statements,
        ))
        if encrypt_proof.error.code != 0:
            raise Exception(encrypt_proof.error)

        msg_proof = self.agent.BuildRTreeProof(wv.BuildRTreeProofParams(
            perspective=device_perspective,
            namespace=msg_policy.rTreePolicy.namespace,
            resyncFirst=True,
            statements=msg_policy.rTreePolicy.statements,
        ))
        if msg_proof.error.code != 0:
            raise Exception(msg_proof.error)
        return device_entity, encrypt_proof, msg_proof
Esempio n. 2
0
    def grant_permissions_to(self, enthash):
        # grant the ability to decrypt data that the thermostat publishes
        resp = self.agent.CreateAttestation(wv.CreateAttestationParams(
            perspective=self.perspective,
            subjectHash=enthash,
            publish=True,
            policy=wv.Policy(rTreePolicy=wv.RTreePolicy(
                namespace=self.ent.hash,
                indirections=5,
                statements=[wv.RTreePolicyStatement(
                    permissionSet=wv.WaveBuiltinPSET,
                    permissions=[wv.WaveBuiltinE2EE],
                    resource="smarthome/thermostat/+",
                )]
            ))
        ))
        if resp.error.code != 0:
            raise Exception(resp.error.message)
        # grant the ability to decrypt data that the motion sensor publishes
        resp = self.agent.CreateAttestation(wv.CreateAttestationParams(
            perspective=self.perspective,
            subjectHash=enthash,
            publish=True,
            policy=wv.Policy(rTreePolicy=wv.RTreePolicy(
                namespace=self.ent.hash,
                indirections=5,
                statements=[wv.RTreePolicyStatement(
                    permissionSet=wv.WaveBuiltinPSET,
                    permissions=[wv.WaveBuiltinE2EE],
                    resource="smarthome/motion/+",
                )]
            ))
        ))
        if resp.error.code != 0:
            raise Exception(resp.error.message)
        # grant the ability to decrypt data that the light publishes
        resp = self.agent.CreateAttestation(wv.CreateAttestationParams(
            perspective=self.perspective,
            subjectHash=enthash,
            publish=True,
            policy=wv.Policy(rTreePolicy=wv.RTreePolicy(
                namespace=self.ent.hash,
                indirections=5,
                statements=[wv.RTreePolicyStatement(
                    permissionSet=wv.WaveBuiltinPSET,
                    permissions=[wv.WaveBuiltinE2EE],
                    resource="smarthome/light/+",
                )]
            ))
        ))
        if resp.error.code != 0:
            raise Exception(resp.error.message)

        # grant the ability to actuate the thermostat and the light and the notifications, and read the thermostat and light
        resp = self.agent.CreateAttestation(wv.CreateAttestationParams(
            perspective=self.perspective,
            subjectHash=enthash,
            publish=True,
            policy=wv.Policy(rTreePolicy=wv.RTreePolicy(
                namespace=self.ent.hash,
                indirections=5,
                statements=[wv.RTreePolicyStatement(
                    permissionSet=smarthome_pset,
                    permissions=["write"],
                    resource="smarthome/thermostat/control",
                ),wv.RTreePolicyStatement(
                    permissionSet=smarthome_pset,
                    permissions=["write"],
                    resource="smarthome/light/control",
                ),wv.RTreePolicyStatement(
                    permissionSet=smarthome_pset,
                    permissions=["write"],
                    resource="smarthome/notify",
                ),wv.RTreePolicyStatement(
                    permissionSet=smarthome_pset,
                    permissions=["read"],
                    resource="smarthome/thermostat/report",
                ),wv.RTreePolicyStatement(
                    permissionSet=smarthome_pset,
                    permissions=["read"],
                    resource="smarthome/light/report",
               ),wv.RTreePolicyStatement(
                    permissionSet=smarthome_pset,
                    permissions=["read"],
                    resource="smarthome/motion/report",
                )]
            ))
        ))
        if resp.error.code != 0:
            raise Exception(resp.error.message)
Esempio n. 3
0
    def on_message(self, client, userdata, msg):
        proof, payload = unpack_payload(msg.payload)
        if len(proof) == 0:
            return

        if msg.topic == self.nickname + "/smarthome/light/control":
            resp = self.agent.VerifyProof(
                wv.VerifyProofParams(
                    proofDER=proof,
                    requiredRTreePolicy=wv.RTreePolicy(
                        namespace=self.ent.hash,
                        statements=[
                            wv.RTreePolicyStatement(
                                permissionSet=smarthome_pset,
                                permissions=["write"],
                                resource="smarthome/light/control",
                            )
                        ])))
            if resp.error.code != 0:
                print(
                    "home server received light control with invalid proof: ",
                    resp.error.message)
                return
            # actuate light state when the light receives a direct message
            ls = json.loads(payload).get('state')
            self.light_widget.state = (ls == 'on' or ls == True)
            #self.notify("Light changed (remote) to {0}".format('on' if self.light_widget.state else 'off'))

        elif msg.topic == self.nickname + "/smarthome/thermostat/control":
            resp = self.agent.VerifyProof(
                wv.VerifyProofParams(
                    proofDER=proof,
                    requiredRTreePolicy=wv.RTreePolicy(
                        namespace=self.ent.hash,
                        statements=[
                            wv.RTreePolicyStatement(
                                permissionSet=smarthome_pset,
                                permissions=["write"],
                                resource="smarthome/thermostat/control",
                            )
                        ])))
            if resp.error.code != 0:
                print(
                    "home server received thermostat control with invalid proof: ",
                    resp.error.message)
                return

            # TODO integrate with gabe's widget here
            tstat_fields = json.loads(payload)
            #print('thermostat command', tstat_fields)
            if tstat_fields.get('hsp'):
                self.thermostat_widget.hsp = tstat_fields.get('hsp')
                self.notify(
                    "Thermostat heating setpoint changed to {0}".format(
                        self.thermostat_widget.hsp))
            if tstat_fields.get('csp'):
                self.thermostat_widget.csp = tstat_fields.get('csp')
                self.notify(
                    "Thermostat cooling setpoint changed to {0}".format(
                        self.thermostat_widget.csp))
            if tstat_fields.get('temperature'):
                self.thermostat_widget.temp = tstat_fields.get('temp')

        elif msg.topic == self.nickname + "/smarthome/notify":
            resp = self.agent.VerifyProof(
                wv.VerifyProofParams(proofDER=proof,
                                     requiredRTreePolicy=wv.RTreePolicy(
                                         namespace=self.ent.hash,
                                         statements=[
                                             wv.RTreePolicyStatement(
                                                 permissionSet=smarthome_pset,
                                                 permissions=["write"],
                                                 resource="smarthome/notify",
                                             )
                                         ])))
            if resp.error.code != 0:
                print("home server received notify with invalid proof: ",
                      resp.error.message)
                return
            self.notify(json.loads(payload))
        else:
            print("topic", msg.topic, "payload", payload)