def kit_reset(is_sim=False):
print('\nOpening AWS Zero-touch Kit Device')
if not is_sim:
device = MchpAwsZTKitDevice(hid.device())
else:
device = MchpAwsZTKitDevice(SimMchpAwsZTHidDevice())
device.open()
print('\nInitializing Kit')
resp = device.init()
print(' ATECCx08A SN: %s' % resp['deviceSn'])
print('\nResetting Device')
device.reset_kit()
print('\nDone')
def kit_set_wifi(ssid, password, is_sim=False):
print('\nOpening AWS Zero-touch Kit Device')
if not is_sim:
device = MchpAwsZTKitDevice(hid.device())
else:
device = MchpAwsZTKitDevice(SimMchpAwsZTHidDevice())
device.open()
print('\nInitializing Kit')
resp = device.init()
print(' ATECCx08A SN: %s' % resp['deviceSn'])
print('\nSetting WiFi Information')
device.set_wifi(ssid=ssid, psk=password)
kit_info = read_kit_info()
kit_info['wifi_ssid'] = ssid
kit_info['wifi_password'] = password
save_kit_info(kit_info)
print('\nDone')
def main():
# Create argument parser to document script use
parser = argparse.ArgumentParser(description='Reset the board to a factory state')
args = parser.parse_args()
print('\nOpening AWS Zero-touch Kit Device')
device = MchpAwsZTKitDevice(hid.device())
#device = MchpAwsZTKitDevice(SimMchpAwsZTHidDevice())
device.open()
print('\nInitializing Kit')
resp = device.init()
print(' ATECC508A SN: %s' % resp['deviceSn'])
print('\nResetting Device')
device.reset_kit()
print('\nDone')
def main():
# Create argument parser to document script use
parser = argparse.ArgumentParser(description='Set the WiFi connection settings on the demo board.')
parser.add_argument(
'--ssid',
dest='ssid',
nargs=1,
required=True,
metavar='name',
help='WiFi network name')
parser.add_argument(
'--password',
dest='password',
nargs=1,
default=[None],
metavar='pw',
help='WiFi network password')
args = parser.parse_args()
print('\nOpening AWS Zero-touch Kit Device')
device = MchpAwsZTKitDevice(hid.device())
#device = MchpAwsZTKitDevice(SimMchpAwsZTHidDevice())
device.open()
print('\nInitializing Kit')
resp = device.init()
print(' ATECC508A SN: %s' % resp['deviceSn'])
time.sleep(3)
print('\nSetting WiFi Information')
device.set_wifi(ssid=args.ssid[0], psk=args.password[0])
kit_info = read_kit_info()
kit_info['wifi_ssid'] = args.ssid[0]
kit_info['wifi_password'] = args.password[0]
save_kit_info(kit_info)
print('\nDone')
def main():
# Create argument parser to document script use
print('\nOpening AWS Zero-touch Kit Device')
device = MchpAwsZTKitDevice(hid.device())
#device = MchpAwsZTKitDevice(SimMchpAwsZTHidDevice())
device.open()
print('\nInitializing Kit')
resp = device.init()
print(' ATECC508A SN: %s' % resp['deviceSn'])
time.sleep(3)
print('\nGet Thing ID')
resp = device.get_thing_id()
print(' Thing ID: %s' % resp['thingId'])
print('\nDone')
return 1
def main():
# Create argument parser to document script use
parser = argparse.ArgumentParser(description='Provisions the kit by requesting a CSR and returning signed certificates.')
args = parser.parse_args()
kit_info = read_kit_info()
print('\nOpening AWS Zero-touch Kit Device')
device = MchpAwsZTKitDevice(hid.device())
#device = MchpAwsZTKitDevice(SimMchpAwsZTHidDevice())
device.open()
print('\nInitializing Kit')
resp = device.init()
print(' ATECC508A SN: %s' % resp['deviceSn'])
print(' ATECC508A Public Key:')
int_size = int(len(resp['devicePublicKey']) / 2)
print(' X: %s' % resp['devicePublicKey'][:int_size])
print(' Y: %s' % resp['devicePublicKey'][int_size:])
kit_info['device_sn'] = resp['deviceSn']
save_kit_info(kit_info)
print('\nLoading root CA certificate')
if not os.path.isfile(ROOT_CA_CERT_FILENAME):
raise AWSZTKitError('Failed to find root CA certificate file, ' + ROOT_CA_CERT_FILENAME + '. Have you run ca_create_root first?')
with open(ROOT_CA_CERT_FILENAME, 'rb') as f:
print(' Loading from ' + f.name)
root_ca_cert = x509.load_pem_x509_certificate(f.read(), crypto_be)
print('\nLoading signer CA key')
if not os.path.isfile(SIGNER_CA_KEY_FILENAME):
raise AWSZTKitError('Failed to find signer CA key file, ' + SIGNER_CA_KEY_FILENAME + '. Have you run ca_create_signer_csr first?')
with open(SIGNER_CA_KEY_FILENAME, 'rb') as f:
print(' Loading from ' + f.name)
signer_ca_priv_key = serialization.load_pem_private_key(
data=f.read(),
password=None,
backend=crypto_be)
print('\nLoading signer CA certificate')
if not os.path.isfile(SIGNER_CA_CERT_FILENAME):
raise AWSZTKitError('Failed to find signer CA certificate file, ' + SIGNER_CA_CERT_FILENAME + '. Have you run ca_create_signer first?')
with open(SIGNER_CA_CERT_FILENAME, 'rb') as f:
print(' Loading from ' + f.name)
signer_ca_cert = x509.load_pem_x509_certificate(f.read(), crypto_be)
if 'endpointAddress' not in kit_info:
raise AWSZTKitError('endpointAddress not found in %s. Have you run aws_register_signer yet?' % KIT_INFO_FILENAME)
if 'wifi_ssid' not in kit_info:
raise AWSZTKitError('wifi_ssid not found in %s. Have you run kit_set_wifi yet?' % KIT_INFO_FILENAME)
if 'wifi_password' not in kit_info:
raise AWSZTKitError('wifi_password not found in %s. Have you run kit_set_wifi yet?' % KIT_INFO_FILENAME)
print('\nRequesting device CSR')
resp = device.gen_csr()
device_csr = x509.load_der_x509_csr(binascii.a2b_hex(resp['csr']), crypto_be)
if not device_csr.is_signature_valid:
raise AWSZTKitError('Device CSR has invalid signature.')
with open(DEVICE_CSR_FILENAME, 'wb') as f:
print(' Saving to ' + f.name)
f.write(device_csr.public_bytes(encoding=serialization.Encoding.PEM))
print('\nGenerating device certificate from CSR')
# Build certificate
builder = x509.CertificateBuilder()
builder = builder.issuer_name(signer_ca_cert.subject)
builder = builder.not_valid_before(datetime.datetime.now(tz=pytz.utc).replace(minute=0,second=0)) # Device cert must have minutes and seconds set to 0
builder = builder.not_valid_after(datetime.datetime(3000, 12, 31, 23, 59, 59)) # Should be year 9999, but this doesn't work on windows
builder = builder.subject_name(device_csr.subject)
builder = builder.public_key(device_csr.public_key())
# Device certificate is generated from certificate dates and public key
builder = builder.serial_number(device_cert_sn(16, builder))
# Add in extensions specified by CSR
for extension in device_csr.extensions:
builder = builder.add_extension(extension.value, extension.critical)
# Subject Key ID is used as the thing name and MQTT client ID and is required for this demo
builder = builder.add_extension(
x509.SubjectKeyIdentifier.from_public_key(builder._public_key),
critical=False)
issuer_ski = signer_ca_cert.extensions.get_extension_for_class(x509.SubjectKeyIdentifier)
builder = builder.add_extension(
x509.AuthorityKeyIdentifier.from_issuer_subject_key_identifier(issuer_ski),
critical=False)
# Sign certificate
device_cert = builder.sign(
private_key=signer_ca_priv_key,
algorithm=hashes.SHA256(),
backend=crypto_be)
# Find the subject key ID for use as the thing name
is_subject_key_id_found = False
for extension in device_cert.extensions:
if extension.oid._name != 'subjectKeyIdentifier':
continue # Not the extension we're looking for, skip
kit_info['thing_name'] = binascii.b2a_hex(extension.value.digest).decode('ascii')
save_kit_info(kit_info)
is_subject_key_id_found = True
if not is_subject_key_id_found:
raise RuntimeError('Could not find the subjectKeyIdentifier extension in the device certificate.')
# Save certificate for reference
with open(DEVICE_CERT_FILENAME, 'wb') as f:
print(' Saving to ' + f.name)
f.write(device_cert.public_bytes(encoding=serialization.Encoding.PEM))
print('\nProvisioning device with AWS IoT credentials')
pub_nums = root_ca_cert.public_key().public_numbers()
pubkey = pub_nums.x.to_bytes(32, byteorder='big', signed=False)
pubkey += pub_nums.y.to_bytes(32, byteorder='big', signed=False)
device.save_credentials(
host_name=kit_info['endpointAddress'],
device_cert=device_cert.public_bytes(encoding=serialization.Encoding.DER),
signer_cert=signer_ca_cert.public_bytes(encoding=serialization.Encoding.DER),
signer_ca_public_key=pubkey)
print('\nUpdating WiFi settings')
print(' SSID: %s' % kit_info['wifi_ssid'])
disp_password = '******'
if kit_info['wifi_password'] is not None:
disp_password = '******'*len(kit_info['wifi_password'])
print(' Password: %s' % disp_password)
device.set_wifi(ssid=kit_info['wifi_ssid'], psk=kit_info['wifi_password'])
print('\nDone')
