def createOrLoadEntity(self, name):
"""
Check if we have already created an entity (maybe we reset the notebook kernel)
and load it. Otherwise create a new entity and persist it to disk
"""
try:
f = open("entity-" + name, "rb")
entf = pickle.load(f)
f.close()
ent = wave3.CreateEntityResponse(PublicDER=entf["pub"],
SecretDER=entf["sec"],
hash=entf["hash"])
#print("file", ent.hash)
return ent, False
except (IOError, FileNotFoundError) as e:
ent = self.agent.CreateEntity(wave3.CreateEntityParams())
if ent.error.code != 0:
raise Exception(repr(ent.error))
entf = {
"pub": ent.PublicDER,
"sec": ent.SecretDER,
"hash": ent.hash
}
f = open("entity-" + name, "wb")
pickle.dump(entf, f)
f.close()
resp = self.agent.PublishEntity(
wave3.PublishEntityParams(DER=ent.PublicDER))
#print("creat", resp.hash)
if resp.error.code != 0:
raise Exception(resp.error.message)
return ent, True
def __init__(self,
entity_name="gabe",
wave_uri="localhost:410",
mosquitto_url="broker.cal-sdb.org",
mosquitto_pass="******",
mosquitto_user="******",
on_message=None):
# connect to WAVE agent
self.agent = wave3.WAVEStub(grpc.insecure_channel(wave_uri))
# set up entity and store keys
self.entity_name = entity_name
self.entity, newlycreated = self.createOrLoadEntity(entity_name)
self.entityPublicDER = self.entity.PublicDER
self.entitySecretDER = self.entity.SecretDER
self.perspective = wave3.Perspective(entitySecret=wave3.EntitySecret(
DER=self.entity.SecretDER))
# publish this so others can refer to it
if newlycreated:
self.agent.PublishEntity(
wave3.PublishEntityParams(DER=self.entity.PublicDER))
# create mqtt client
self.client = mqtt.Client(client_id=entity_name, clean_session=True)
self._connected = False
self._pending = []
self._call_on_message = on_message
self.client.on_connect = self.on_connect
self.client.on_message = self.on_message
self.client.username_pw_set(mosquitto_user, mosquitto_pass)
self.client.connect(mosquitto_url, 1883, 60)
self.client.loop_start()
def createOrLoadEntity(agent, name):
"""
Check if we have already created an entity (maybe we reset the notebook kernel)
and load it. Otherwise create a new entity and persist it to disk
"""
try:
f = open("/tmp/entity-" + name, "rb")
entf = pickle.load(f)
f.close()
ent = wv.CreateEntityResponse(PublicDER=entf["pub"],
SecretDER=entf["sec"],
hash=entf["hash"])
return ent, False
except IOError:
ent = agent.CreateEntity(wv.CreateEntityParams())
if ent.error.code != 0:
raise Exception(repr(ent.error))
entf = {"pub": ent.PublicDER, "sec": ent.SecretDER, "hash": ent.hash}
f = open("/tmp/entity-" + name, "wb")
pickle.dump(entf, f)
f.close()
resp = agent.PublishEntity(wv.PublishEntityParams(DER=ent.PublicDER))
if resp.error.code != 0:
raise Exception(resp.error.message)
return ent, True
def __init__(self, nickname):
self.nickname = nickname
channel = grpc.insecure_channel("localhost:410")
self.agent = wv.WAVEStub(channel)
self.ent, newlycreated = createOrLoadEntity(self.agent, "homeserver")
self.entityPublicDER = self.ent.PublicDER
self.entitySecretDER = self.ent.SecretDER
self.perspective = wv.Perspective(entitySecret=wv.EntitySecret(
DER=self.ent.SecretDER))
if newlycreated:
self.agent.PublishEntity(
wv.PublishEntityParams(DER=self.ent.PublicDER))
# instantiate and display widgets
self.light_widget = widgets.Light('light-1')
self.switch_widget = widgets.Switch('light-1')
self.thermostat_widget = widgets.Thermostat()
self.motion_sensor_widget = widgets.MotionSensor()
self.notificationbox = widgets.Notification()
self.lightbox = widgets.ipw.VBox(
[self.light_widget, self.switch_widget],
layout=widgets.ipw.Layout(align_items='center',
border='solid 2px'))
self.mybox = widgets.ipw.VBox([
widgets.ipw.HBox([
self.lightbox, self.motion_sensor_widget,
self.thermostat_widget
],
layout=widgets.ipw.Layout(width='100%')),
self.notificationbox,
])
display(self.mybox)
# TODO: have read/write topic?
self.tstat_entity, self.tstat_encrypt_proof, self.tstat_msg_proof = self._make_device_entity(
'thermostat')
self.light_entity, self.light_encrypt_proof, self.light_msg_proof = self._make_device_entity(
'light')
self.motion_entity, self.motion_encrypt_proof, self.motion_msg_proof = self._make_device_entity(
'motion')
self.light_widget.observe(self._publish_light_state, 'state')
self.thermostat_widget.observe(self._publish_tstat_state)
self.motion_sensor_widget.observe(self._publish_motion_sensor_state)
# hook up triggers to report?
self.client = mqtt.Client()
self.client.on_connect = self.on_connect
self.client.on_message = self.on_message
self.client.username_pw_set("risecamp2018", "risecamp2018")
self.client.connect("broker.cal-sdb.org", 1883, 60)
self.client.loop_start()
import grpc
import wave3 as wv
channel = grpc.insecure_channel("localhost:410")
agent = wv.WAVEStub(channel)
# rv = stub.ListLocations(eapi_pb2.ListLocationsParams())
# print(rv)
ent = agent.CreateEntity(wv.CreateEntityParams())
agent.PublishEntity(wv.PublishEntityParams(DER=ent.PublicDER))
ent2 = agent.CreateEntity(wv.CreateEntityParams())
agent.PublishEntity(wv.PublishEntityParams(DER=ent2.PublicDER))
perspective = wv.Perspective(entitySecret=wv.EntitySecret(DER=ent.SecretDER))
att = agent.CreateAttestation(
wv.CreateAttestationParams(
perspective=perspective,
subjectHash=ent2.hash,
publish=True,
policy=wv.Policy(
rTreePolicy=wv.RTreePolicy(namespace=ent.hash,
indirections=5,
statements=[
wv.RTreePolicyStatement(
permissionSet=ent.hash,
permissions=["foo"],
resource="foo/bar",
)
]))))
ent2perspective = wv.Perspective(entitySecret=wv.EntitySecret(
def _make_device_entity(self, device):
"""
- makes entity
- publishes entity
- namespace grant to device entity read on <hash>/<device>/control
- namespace grant to device entity write on <hash>/<device>/report
"""
device_entity, newlyCreated = createOrLoadEntity(self.agent, device)
if newlyCreated:
self.agent.PublishEntity(wv.PublishEntityParams(DER=device_entity.PublicDER))
device_perspective=wv.Perspective(
entitySecret=wv.EntitySecret(DER=device_entity.SecretDER)
)
# grant permission to encrypt on device URIs, read/write on report/control respectively
encrypt_policy = wv.Policy(rTreePolicy=wv.RTreePolicy(
namespace=self.ent.hash,
indirections=5,
# TODO: need this?
# visibilityURI=[bytes("smarthome","utf8"),bytes(device,"utf8")],
statements=[
wv.RTreePolicyStatement(
permissionSet=wv.WaveBuiltinPSET,
permissions=[wv.WaveBuiltinE2EE],
resource="smarthome/{0}/+".format(device),
)
]
))
msg_policy = wv.Policy(rTreePolicy=wv.RTreePolicy(
namespace=self.ent.hash,
indirections=5,
statements=[
wv.RTreePolicyStatement(
permissionSet=smarthome_pset,
permissions=["read"],
resource="smarthome/{0}/control".format(device),
),
wv.RTreePolicyStatement(
permissionSet=smarthome_pset,
permissions=["write"],
resource="smarthome/{0}/report".format(device),
)
]
))
if newlyCreated:
r = self.agent.CreateAttestation(wv.CreateAttestationParams(
perspective=self.perspective,
subjectHash=device_entity.hash,
publish=True,
policy=msg_policy
))
#print(r)
#print('msg policy attested')
r = self.agent.CreateAttestation(wv.CreateAttestationParams(
perspective=self.perspective,
subjectHash=device_entity.hash,
publish=True,
policy=encrypt_policy,
))
#print(r)
#print('encrypt policy attested')
#print(encrypt_policy)
encrypt_proof = self.agent.BuildRTreeProof(wv.BuildRTreeProofParams(
perspective=device_perspective,
namespace=encrypt_policy.rTreePolicy.namespace,
resyncFirst=True,
statements=encrypt_policy.rTreePolicy.statements,
))
if encrypt_proof.error.code != 0:
raise Exception(encrypt_proof.error)
msg_proof = self.agent.BuildRTreeProof(wv.BuildRTreeProofParams(
perspective=device_perspective,
namespace=msg_policy.rTreePolicy.namespace,
resyncFirst=True,
statements=msg_policy.rTreePolicy.statements,
))
if msg_proof.error.code != 0:
raise Exception(msg_proof.error)
return device_entity, encrypt_proof, msg_proof
