def register_openssl(request):
clientId = request.event.get('clientId')
if clientId:
print 'Attempting openssl registration for id {}'.format(clientId)
client_info = registration_shared.get_user_entry(clientId)
else:
print 'Attempting openssl registration for new user'
client_info = {}
registration_status = client_info.get('RegistrationStatus')
print 'OpenSSL User status for {} returns {}'.format(
clientId, registration_status)
responseObject = {}
if registration_status == 'BANNED':
responseObject['Result'] = 'DENIED'
return responseObject
if registration_status == 'UNKNOWN':
print 'Re-registering user with unknown status {}'.format(clientId)
keys_and_cert = _create_keys_and_certificate()
certificate_info = load_certificate(FILETYPE_PEM,
keys_and_cert['certificatePem'])
certificate_sn = '{}'.format(certificate_info.get_serial_number())
print 'Got certificate SN {}'.format(certificate_sn)
if registration_status in ['NEW_USER', None]:
registration_shared.create_user_entry(certificate_sn, 'REGISTERED',
False,
keys_and_cert['certificateArn'])
print 'Attaching principal {} to policy {}'.format(
keys_and_cert['certificateArn'], registration_shared.device_policy)
registration_shared.check_add_policy(keys_and_cert['certificateArn'],
registration_shared.device_policy)
responseObject['Result'] = 'SUCCESS'
responseObject['ConnectionType'] = 'OPENSSL'
responseObject['PrivateKey'] = keys_and_cert['keyPair']['PrivateKey']
responseObject['DeviceCert'] = keys_and_cert['certificatePem']
return responseObject
def _register_user(clientId):
print 'Registering user {}'.format(clientId)
client_info = registration_shared.get_user_entry(clientId)
if not client_info:
print 'Attempting to register invalid user {}'.format(clientId)
return
if client_info.get('CGPClient'):
policy_name = cgp_listener_policy
elif client_info.get('CertificateARN'):
policy_name = device_policy
else:
policy_name = listener_policy
#Cognito Users' policies are attached to CognitoID, Certificate Permissions are attached to CertificateARN
principalId = client_info.get('CertificateARN', clientId)
iot_client.attach_policy(target=principalId, policyName=policy_name)
def register_websocket(request, cgp=False):
cognitoId = request.event.get('cognitoIdentityId')
cognitoIdentityPoolId = request.event.get('cognitoIdentityPoolId')
responseObject = {}
print 'Attempting websocket registration for cognitoId {} PoolId {}'.format(
cognitoId, cognitoIdentityPoolId)
client_info = registration_shared.get_user_entry(cognitoId)
registration_status = client_info.get('RegistrationStatus')
print 'User status for {} returns {}'.format(cognitoId,
registration_status)
if registration_status == 'BANNED':
responseObject['Result'] = 'DENIED'
return responseObject
elif registration_status in ['NEW_USER', None]:
registration_shared.create_user_entry(cognitoId, 'REGISTERED', cgp)
elif registration_status == 'UNKNOWN':
print 'Re-registering user with unknown status {}'.format(cognitoId)
registration_shared.create_user_entry(cognitoId, 'REGISTERED', cgp)
if cgp:
registration_shared.check_add_policy(
cognitoId, registration_shared.cgp_listener_policy)
else:
registration_shared.check_add_policy(
cognitoId, registration_shared.listener_policy)
responseObject['Result'] = 'SUCCESS'
responseObject['ConnectionType'] = 'WEBSOCKET'
return responseObject