def generate_certificate_request(self, subject_list):
from subprocess import Popen, PIPE
fxkey = security.get_private_key()
self.storage["key.pem"] = fxkey.export_pem()
subject_str = "/" + "/".join(("=".join(i) for i in subject_list))
proc = Popen([
"openssl", "req", "-new", "-key",
self.storage.get_path("key.pem"), "-subj", subject_str, "-keyform",
"pem", "-nodes", "-sha256"
],
stdin=PIPE,
stderr=PIPE,
stdout=PIPE)
stdoutdata, stderrdata = proc.communicate(input="")
while proc.poll() is None:
pass
if proc.returncode > 0:
error = stdoutdata if stdoutdata else stderrdata
if error:
error = error.decode("utf8")
else:
error = "Process return %i" % proc.returncode
raise SystemError(error)
else:
return stdoutdata
def require_identify(self):
logger.debug("Require identify")
url = urlparse("%s/axon/require_identify" % self.cloud_netloc)
pkey = security.get_private_key()
publickey_base64 = b2a_base64(pkey.export_pubkey_der())
serial = security.get_serial()
model = get_model_id()
identify_base64 = b2a_base64(security.get_identify())
try:
conn = get_connection(url)
logger.debug("Require identify request sent")
conn.post_request(
url.path, {
"serial": serial,
"uuid": self.uuidhex,
"model": model,
"version": __version__,
"publickey": publickey_base64,
"signature": identify_base64
})
resp = conn.get_json_response()
if resp.get("status") == "ok":
return resp["token"].encode(), resp["subject"]
elif resp.get("status") == "error":
raise RuntimeWarning(*resp["error"])
else:
logger.error("require_identify response unknown response: %s",
resp)
raise RuntimeWarning("RESPONSE_ERROR")
except socket.gaierror as e:
raise RuntimeError("REQUIRE_IDENTIFY", "DNS_ERROR", e)
except socket.error as e:
raise RuntimeError("REQUIRE_IDENTIFY", "CONNECTION_ERROR", e)
except RuntimeWarning as e:
raise RuntimeError("REQUIRE_IDENTIFY", *e.args)
except Exception as e:
logger.exception("Error in require identify")
raise RuntimeError("REQUIRE_IDENTIFY", "UNKNOWN_ERROR", e)
def __init__(self, options):
# Create RSA key if not exist. This will prevent upnp create key during
# upnp is running (Its takes times and will cause timeout)
self.master_key = security.get_private_key()
self.slave_pkey = security.RSAObject(keylength=1024)
self.meta = Metadata.instance()
self.meta.shared_der_rsakey = self.slave_pkey.export_der()
self.meta.update_device_status(0, 0, "OFFLINE", "")
ServiceBase.__init__(self, logger, options)
self.upnp_tcp = UpnpTcpInterface(self)
self.nw_monitor = NetworkMonitor()
self.nw_monitor_watcher = self.loop.io(self.nw_monitor, pyev.EV_READ,
self.on_network_changed)
self.nw_monitor_watcher.start()
self.cron_watcher = self.loop.timer(3.0, 3.0, self.on_cron)
self.cron_watcher.start()
def on_rsakey(self, buf):
pkey = security.get_private_key()
pem = pkey.export_pubkey_pem()
self.send_response(REQ_RSAKEY, True, pem)
def privatekey(self):
try:
return security.RSAObject(der=self.meta.shared_der_rsakey)
except RuntimeError:
logger.error("Slave key not ready, use master key instead")
return security.get_private_key()