def get(self, request): """ Handler which returns mdm signing public key """ response = {} try: kvstore_service = kvstore(collection=USER_META_COLLECTION_NAME, session_key=request[SESSION][AUTHTOKEN], owner=request[SESSION][USER]) result = json.loads(kvstore_service.get_item_by_key(MDM_KEYPAIR_GENERATION_TIME)[1]) response.update({TIMESTAMP: result[TIMESTAMP]}) except Exception as e: # If key not in kvstore if hasattr(e, 'statusCode') and e.statusCode == http.NOT_FOUND: return { 'payload': { 'message': 'Could not find mdm keypair update time in kvstore', 'status': http.NOT_FOUND } } return { 'payload': { 'message': e.message, 'status': http.BAD_REQUEST } } try: public_key = fetch_sensitive_data(request[SESSION][AUTHTOKEN], MDM_SIGN_PUBLIC_KEY) private_key = fetch_sensitive_data(request[SESSION][AUTHTOKEN], MDM_SIGN_PRIVATE_KEY) response.update({'sign_public_key': public_key, 'sign_private_key': private_key}) except Exception as e: # If key not in storage/passwords if hasattr(e, 'statusCode') and e.statusCode == http.NOT_FOUND: return { 'payload': { 'message': 'Could not find one or both of key={} and key={} in /storage/passwords' .format(MDM_SIGN_PUBLIC_KEY, MDM_SIGN_PRIVATE_KEY), 'status': http.NOT_FOUND } } return { 'payload': { 'message': e.message, 'status': http.BAD_REQUEST } } return { 'payload': response, 'status': http.OK }
def post(self, request): user = request[SESSION][USER] system_authtoken = request[SYSTEM_AUTHTOKEN] payload = json.loads(request[PAYLOAD]) LOGGER.info("attempting to set deployment name") deployment_name = payload.get('deployment_name', '') status_code = HTTPStatus.OK error_message = None valid_deployment_name = validate_deployment_name(deployment_name) if not valid_deployment_name: error_message = "Invalid Deployment Name" status_code = HTTPStatus.BAD_REQUEST # Don't check kvstore if we already have an error if error_message: return { 'payload': error_message, 'status': status_code, } # Get the kvstore object first because posting overwrites the entire object try: kvstore_service = kvstore(collection=META_COLLECTION_NAME, session_key=request[SESSION][AUTHTOKEN], owner=NOBODY) result = json.loads( kvstore_service.get_item_by_key(DEPLOYMENT_INFO)[1]) except Exception as e: # If key not in kvstore LOGGER.exception("Exception setting deployment name={}".format(e)) if hasattr(e, 'statusCode') and e.statusCode == HTTPStatus.NOT_FOUND: error_message = 'Could not find deployment info in kvstore' error_status = HTTPStatus.NOT_FOUND elif hasattr(e, 'statusCode'): error_message = str(e) error_status = e.statusCode else: error_message = str(e) error_status = HTTPStatus.BAD_REQUEST return { 'payload': { 'message': error_message, 'status': error_status } } # Set new deployment name result[DEPLOYMENT_FRIENDLY_NAME] = valid_deployment_name try: kvstore_service.insert_or_update_item_containing_key(result) except Exception as e: return { 'payload': { 'message': str(e), 'status': HTTPStatus.INTERNAL_SERVER_ERROR } } return { 'payload': valid_deployment_name, 'status': status_code, }
def post(self, request): """ Handler which generates and returns an mdm keypair """ # generate mdm credentials LOGGER.info("Generating MDM Credentials") system_authtoken = request[SYSTEM_AUTHTOKEN] key_bundle = _load_key_bundle(system_authtoken) [public_key, private_key] = self.sodium_client.sign_generate_keypair() now = int(datetime.now().strftime('%s')) response = {} response['message'] = [] status = HTTPStatus.OK try: # send public signing key to spacebridge send_mdm_signing_key_to_spacebridge(request[SESSION][AUTHTOKEN], public_key, key_bundle) except Exception as e: status = HTTPStatus.INTERNAL_SERVER_ERROR LOGGER.warn( "Failed to register mdm keys with spacebridge. error=%s", e) return { 'payload': { 'failed_save': True, 'message': e }, 'status': status, } # update key generation timestamp try: kvstore_service = kvstore(collection=USER_META_COLLECTION_NAME, session_key=request[SESSION][AUTHTOKEN], owner=request[SESSION][USER]) entry = {KEY: MDM_KEYPAIR_GENERATION_TIME, TIMESTAMP: now} kvstore_service.insert_or_update_item_containing_key(entry) except Exception as e: status = HTTPStatus.INTERNAL_SERVER_ERROR response['failed_timesave'] = True response['message'].append(e.message) # store to storage/passwords try: [_, created_public_key] = update_or_create_sensitive_data( request[SESSION][AUTHTOKEN], MDM_SIGN_PUBLIC_KEY, py23.b64encode_to_str(public_key)) except Exception as e: status = HTTPStatus.INTERNAL_SERVER_ERROR response['failed_public_localsave'] = True response['message'].append(str(e)) try: [_, created_private_key] = update_or_create_sensitive_data( request[SESSION][AUTHTOKEN], MDM_SIGN_PRIVATE_KEY, py23.b64encode_to_str(private_key)) except Exception as e: status = HTTPStatus.INTERNAL_SERVER_ERROR response['failed_private_localsave'] = True response['message'].append(str(e)) # don't pass back the message if we have no errors if not response['message']: del response['message'] response[SIGN_PUBLIC_KEY] = py23.b64encode_to_str(public_key) response[SIGN_PRIVATE_KEY] = py23.b64encode_to_str(private_key) response[TIMESTAMP] = now return { 'payload': response, 'status': status, }