def _addDeviceToNetwork(self, deviceSerial, newDeviceSuffix, pin):
h = HmacHelper(pin)
self._hmacDevices[deviceSerial] = h
d = DeviceConfigurationMessage()
for source, dest in [(self.networkPrefix, d.configuration.networkPrefix),
(self.deviceSuffix, d.configuration.controllerName),
(newDeviceSuffix, d.configuration.deviceSuffix)]:
for i in range(source.size()):
component = source.get(i)
dest.components.append(component.getValue().toRawStr())
interestName = Name('/localhop/configure').append(Name(deviceSerial))
encodedParams = ProtobufTlv.encode(d)
interestName.append(encodedParams)
interest = Interest(interestName)
h.signInterest(interest)
self.face.expressInterest(interest, self._deviceAdditionResponse,
self._deviceAdditionTimedOut)
def _addDeviceToNetwork(self, deviceSerial, newDeviceSuffix, pin):
h = HmacHelper(pin)
self._hmacDevices[deviceSerial] = h
d = DeviceConfigurationMessage()
newDeviceSuffix = Name(newDeviceSuffix)
for source, dest in [(self.networkPrefix, d.configuration.networkPrefix),
(self.deviceSuffix, d.configuration.controllerName),
(newDeviceSuffix, d.configuration.deviceSuffix)]:
for i in range(len(source)):
component = source.get(i)
dest.components.append(component.getValue().toRawStr())
interestName = Name('/localhop/configure').append(Name(deviceSerial))
encodedParams = ProtobufTlv.encode(d)
interestName.append(encodedParams)
interest = Interest(interestName)
interest.setInterestLifetimeMilliseconds(5000)
h.signInterest(interest)
self.face.expressInterest(interest, self._deviceAdditionResponse,
self._deviceAdditionTimedOut)
def _handleCertificateRequest(self, interest, transport):
"""
Extracts a public key name and key bits from a command interest name
component. Generates a certificate if the request is verifiable.
This expects an HMAC signed interest.
"""
message = CertificateRequestMessage()
commandParamsTlv = interest.getName().get(self.prefix.size()+1)
ProtobufTlv.decode(message, commandParamsTlv.getValue())
signature = HmacHelper.extractInterestSignature(interest)
deviceSerial = str(signature.getKeyLocator().getKeyName().get(-1).getValue())
response = Data(interest.getName())
certData = None
hmac = None
try:
hmac = self._hmacDevices[deviceSerial]
if hmac.verifyInterest(interest):
certData = self._createCertificateFromRequest(message)
# remove this hmac; another request will require a new pin
self._hmacDevices.pop(deviceSerial)
except KeyError:
self.log.warn('Received certificate request for device with no registered key')
except SecurityException:
self.log.warn('Could not create device certificate')
else:
self.log.info('Creating certificate for device {}'.format(deviceSerial))
if certData is not None:
response.setContent(certData.wireEncode())
response.getMetaInfo().setFreshnessPeriod(10000) # should be good even longer
else:
response.setContent("Denied")
if hmac is not None:
hmac.signData(response)
self.sendData(response, transport, False)
def _handleCertificateRequest(self, interest, transport):
"""
Extracts a public key name and key bits from a command interest name
component. Generates a certificate if the request is verifiable.
This expects an HMAC signed interest.
"""
message = CertificateRequestMessage()
commandParamsTlv = interest.getName().get(self.prefix.size()+1)
ProtobufTlv.decode(message, commandParamsTlv.getValue())
signature = HmacHelper.extractInterestSignature(interest)
deviceSerial = str(signature.getKeyLocator().getKeyName().get(-1).getValue())
response = Data(interest.getName())
certData = None
hmac = None
try:
hmac = self._hmacDevices[deviceSerial]
if hmac.verifyInterest(interest):
certData = self._createCertificateFromRequest(message)
# remove this hmac; another request will require a new pin
self._hmacDevices.pop(deviceSerial)
except KeyError:
self.log.warn('Received certificate request for device with no registered key')
except SecurityException:
self.log.warn('Could not create device certificate')
else:
self.log.info('Creating certificate for device {}'.format(deviceSerial))
if certData is not None:
response.setContent(certData.wireEncode())
response.getMetaInfo().setFreshnessPeriod(10000) # should be good even longer
else:
response.setContent("Denied")
if hmac is not None:
hmac.signData(response)
self.sendData(response, transport, False)
