예제 #1
0
    def _grant_permission_to(self, entityhash, namespace, uripattern,
                             permissions):
        """
        hashes: entityhash, namespace
        uripattern: string
        permissions is a list of permissions
        """

        # grants the permission to access the uri
        resp = self.agent.CreateAttestation(
            wave3.CreateAttestationParams(
                perspective=self.perspective,
                subjectHash=entityhash,
                publish=True,
                policy=wave3.Policy(rTreePolicy=wave3.RTreePolicy(
                    namespace=namespace,
                    indirections=5,
                    statements=[
                        wave3.RTreePolicyStatement(
                            permissionSet=smarthome_pset,
                            permissions=permissions,
                            resource=uripattern,
                        )
                    ]))))
        if resp.error.code != 0:
            raise Exception(resp.error.message)

        # grant permission to decrypt/encrypt
        resp = self.agent.CreateAttestation(
            wave3.CreateAttestationParams(
                perspective=self.perspective,
                subjectHash=entityhash,
                publish=True,
                policy=wave3.Policy(rTreePolicy=wave3.RTreePolicy(
                    namespace=namespace,
                    indirections=5,
                    statements=[
                        wave3.RTreePolicyStatement(
                            permissionSet=wave3.WaveBuiltinPSET,
                            permissions=[wave3.WaveBuiltinE2EE],
                            resource=uripattern,
                        )
                    ]))))
        if resp.error.code != 0:
            raise Exception(resp.error.message)
예제 #2
0
파일: tut.py 프로젝트: ericl/risecamp
    def grant_permissions_to(self, enthash):
        # grant the ability to decrypt data that the thermostat publishes
        resp = self.agent.CreateAttestation(wv.CreateAttestationParams(
            perspective=self.perspective,
            subjectHash=enthash,
            publish=True,
            policy=wv.Policy(rTreePolicy=wv.RTreePolicy(
                namespace=self.ent.hash,
                indirections=5,
                statements=[wv.RTreePolicyStatement(
                    permissionSet=wv.WaveBuiltinPSET,
                    permissions=[wv.WaveBuiltinE2EE],
                    resource="smarthome/thermostat/+",
                )]
            ))
        ))
        if resp.error.code != 0:
            raise Exception(resp.error.message)
        # grant the ability to decrypt data that the motion sensor publishes
        resp = self.agent.CreateAttestation(wv.CreateAttestationParams(
            perspective=self.perspective,
            subjectHash=enthash,
            publish=True,
            policy=wv.Policy(rTreePolicy=wv.RTreePolicy(
                namespace=self.ent.hash,
                indirections=5,
                statements=[wv.RTreePolicyStatement(
                    permissionSet=wv.WaveBuiltinPSET,
                    permissions=[wv.WaveBuiltinE2EE],
                    resource="smarthome/motion/+",
                )]
            ))
        ))
        if resp.error.code != 0:
            raise Exception(resp.error.message)
        # grant the ability to decrypt data that the light publishes
        resp = self.agent.CreateAttestation(wv.CreateAttestationParams(
            perspective=self.perspective,
            subjectHash=enthash,
            publish=True,
            policy=wv.Policy(rTreePolicy=wv.RTreePolicy(
                namespace=self.ent.hash,
                indirections=5,
                statements=[wv.RTreePolicyStatement(
                    permissionSet=wv.WaveBuiltinPSET,
                    permissions=[wv.WaveBuiltinE2EE],
                    resource="smarthome/light/+",
                )]
            ))
        ))
        if resp.error.code != 0:
            raise Exception(resp.error.message)

        # grant the ability to actuate the thermostat and the light and the notifications, and read the thermostat and light
        resp = self.agent.CreateAttestation(wv.CreateAttestationParams(
            perspective=self.perspective,
            subjectHash=enthash,
            publish=True,
            policy=wv.Policy(rTreePolicy=wv.RTreePolicy(
                namespace=self.ent.hash,
                indirections=5,
                statements=[wv.RTreePolicyStatement(
                    permissionSet=smarthome_pset,
                    permissions=["write"],
                    resource="smarthome/thermostat/control",
                ),wv.RTreePolicyStatement(
                    permissionSet=smarthome_pset,
                    permissions=["write"],
                    resource="smarthome/light/control",
                ),wv.RTreePolicyStatement(
                    permissionSet=smarthome_pset,
                    permissions=["write"],
                    resource="smarthome/notify",
                ),wv.RTreePolicyStatement(
                    permissionSet=smarthome_pset,
                    permissions=["read"],
                    resource="smarthome/thermostat/report",
                ),wv.RTreePolicyStatement(
                    permissionSet=smarthome_pset,
                    permissions=["read"],
                    resource="smarthome/light/report",
               ),wv.RTreePolicyStatement(
                    permissionSet=smarthome_pset,
                    permissions=["read"],
                    resource="smarthome/motion/report",
                )]
            ))
        ))
        if resp.error.code != 0:
            raise Exception(resp.error.message)
예제 #3
0
파일: example.py 프로젝트: immesys/pywave
ent = agent.CreateEntity(wv.CreateEntityParams())
agent.PublishEntity(wv.PublishEntityParams(DER=ent.PublicDER))
ent2 = agent.CreateEntity(wv.CreateEntityParams())
agent.PublishEntity(wv.PublishEntityParams(DER=ent2.PublicDER))

perspective = wv.Perspective(entitySecret=wv.EntitySecret(DER=ent.SecretDER))
att = agent.CreateAttestation(
    wv.CreateAttestationParams(
        perspective=perspective,
        subjectHash=ent2.hash,
        publish=True,
        policy=wv.Policy(
            rTreePolicy=wv.RTreePolicy(namespace=ent.hash,
                                       indirections=5,
                                       statements=[
                                           wv.RTreePolicyStatement(
                                               permissionSet=ent.hash,
                                               permissions=["foo"],
                                               resource="foo/bar",
                                           )
                                       ]))))
ent2perspective = wv.Perspective(entitySecret=wv.EntitySecret(
    DER=ent2.SecretDER))

agent.ResyncPerspectiveGraph(
    wv.ResyncPerspectiveGraphParams(perspective=ent2perspective, ))
for status in agent.WaitForSyncComplete(
        wv.SyncParams(perspective=ent2perspective)):
    print(status)

proof = agent.BuildRTreeProof(
    wv.BuildRTreeProofParams(perspective=ent2perspective,
예제 #4
0
파일: tut.py 프로젝트: ericl/risecamp
    def _make_device_entity(self, device):
        """
        - makes entity
        - publishes entity
        - namespace grant to device entity read on <hash>/<device>/control
        - namespace grant to device entity write on <hash>/<device>/report
        """
        device_entity, newlyCreated = createOrLoadEntity(self.agent, device)
        if newlyCreated:
            self.agent.PublishEntity(wv.PublishEntityParams(DER=device_entity.PublicDER))
        device_perspective=wv.Perspective(
            entitySecret=wv.EntitySecret(DER=device_entity.SecretDER)
        )

        # grant permission to encrypt on device URIs, read/write on report/control respectively

        encrypt_policy = wv.Policy(rTreePolicy=wv.RTreePolicy(
            namespace=self.ent.hash,
            indirections=5,
            # TODO: need this?
            # visibilityURI=[bytes("smarthome","utf8"),bytes(device,"utf8")],
            statements=[
                wv.RTreePolicyStatement(
                    permissionSet=wv.WaveBuiltinPSET,
                    permissions=[wv.WaveBuiltinE2EE],
                    resource="smarthome/{0}/+".format(device),
                )
            ]
        ))

        msg_policy = wv.Policy(rTreePolicy=wv.RTreePolicy(
            namespace=self.ent.hash,
            indirections=5,
            statements=[
                  wv.RTreePolicyStatement(
                    permissionSet=smarthome_pset,
                    permissions=["read"],
                    resource="smarthome/{0}/control".format(device),
                ),
                wv.RTreePolicyStatement(
                    permissionSet=smarthome_pset,
                    permissions=["write"],
                    resource="smarthome/{0}/report".format(device),
                )
            ]
        ))

        if newlyCreated:
            r = self.agent.CreateAttestation(wv.CreateAttestationParams(
                perspective=self.perspective,
                subjectHash=device_entity.hash,
                publish=True,
                policy=msg_policy
            ))
            #print(r)
            #print('msg policy attested')

            r = self.agent.CreateAttestation(wv.CreateAttestationParams(
                perspective=self.perspective,
                subjectHash=device_entity.hash,
                publish=True,
                policy=encrypt_policy,
            ))
            #print(r)
            #print('encrypt policy attested')
            #print(encrypt_policy)

        encrypt_proof = self.agent.BuildRTreeProof(wv.BuildRTreeProofParams(
            perspective=device_perspective,
            namespace=encrypt_policy.rTreePolicy.namespace,
            resyncFirst=True,
            statements=encrypt_policy.rTreePolicy.statements,
        ))
        if encrypt_proof.error.code != 0:
            raise Exception(encrypt_proof.error)

        msg_proof = self.agent.BuildRTreeProof(wv.BuildRTreeProofParams(
            perspective=device_perspective,
            namespace=msg_policy.rTreePolicy.namespace,
            resyncFirst=True,
            statements=msg_policy.rTreePolicy.statements,
        ))
        if msg_proof.error.code != 0:
            raise Exception(msg_proof.error)
        return device_entity, encrypt_proof, msg_proof