def _grant_permission_to(self, entityhash, namespace, uripattern,
permissions):
"""
hashes: entityhash, namespace
uripattern: string
permissions is a list of permissions
"""
# grants the permission to access the uri
resp = self.agent.CreateAttestation(
wave3.CreateAttestationParams(
perspective=self.perspective,
subjectHash=entityhash,
publish=True,
policy=wave3.Policy(rTreePolicy=wave3.RTreePolicy(
namespace=namespace,
indirections=5,
statements=[
wave3.RTreePolicyStatement(
permissionSet=smarthome_pset,
permissions=permissions,
resource=uripattern,
)
]))))
if resp.error.code != 0:
raise Exception(resp.error.message)
# grant permission to decrypt/encrypt
resp = self.agent.CreateAttestation(
wave3.CreateAttestationParams(
perspective=self.perspective,
subjectHash=entityhash,
publish=True,
policy=wave3.Policy(rTreePolicy=wave3.RTreePolicy(
namespace=namespace,
indirections=5,
statements=[
wave3.RTreePolicyStatement(
permissionSet=wave3.WaveBuiltinPSET,
permissions=[wave3.WaveBuiltinE2EE],
resource=uripattern,
)
]))))
if resp.error.code != 0:
raise Exception(resp.error.message)
def grant_permissions_to(self, enthash):
# grant the ability to decrypt data that the thermostat publishes
resp = self.agent.CreateAttestation(wv.CreateAttestationParams(
perspective=self.perspective,
subjectHash=enthash,
publish=True,
policy=wv.Policy(rTreePolicy=wv.RTreePolicy(
namespace=self.ent.hash,
indirections=5,
statements=[wv.RTreePolicyStatement(
permissionSet=wv.WaveBuiltinPSET,
permissions=[wv.WaveBuiltinE2EE],
resource="smarthome/thermostat/+",
)]
))
))
if resp.error.code != 0:
raise Exception(resp.error.message)
# grant the ability to decrypt data that the motion sensor publishes
resp = self.agent.CreateAttestation(wv.CreateAttestationParams(
perspective=self.perspective,
subjectHash=enthash,
publish=True,
policy=wv.Policy(rTreePolicy=wv.RTreePolicy(
namespace=self.ent.hash,
indirections=5,
statements=[wv.RTreePolicyStatement(
permissionSet=wv.WaveBuiltinPSET,
permissions=[wv.WaveBuiltinE2EE],
resource="smarthome/motion/+",
)]
))
))
if resp.error.code != 0:
raise Exception(resp.error.message)
# grant the ability to decrypt data that the light publishes
resp = self.agent.CreateAttestation(wv.CreateAttestationParams(
perspective=self.perspective,
subjectHash=enthash,
publish=True,
policy=wv.Policy(rTreePolicy=wv.RTreePolicy(
namespace=self.ent.hash,
indirections=5,
statements=[wv.RTreePolicyStatement(
permissionSet=wv.WaveBuiltinPSET,
permissions=[wv.WaveBuiltinE2EE],
resource="smarthome/light/+",
)]
))
))
if resp.error.code != 0:
raise Exception(resp.error.message)
# grant the ability to actuate the thermostat and the light and the notifications, and read the thermostat and light
resp = self.agent.CreateAttestation(wv.CreateAttestationParams(
perspective=self.perspective,
subjectHash=enthash,
publish=True,
policy=wv.Policy(rTreePolicy=wv.RTreePolicy(
namespace=self.ent.hash,
indirections=5,
statements=[wv.RTreePolicyStatement(
permissionSet=smarthome_pset,
permissions=["write"],
resource="smarthome/thermostat/control",
),wv.RTreePolicyStatement(
permissionSet=smarthome_pset,
permissions=["write"],
resource="smarthome/light/control",
),wv.RTreePolicyStatement(
permissionSet=smarthome_pset,
permissions=["write"],
resource="smarthome/notify",
),wv.RTreePolicyStatement(
permissionSet=smarthome_pset,
permissions=["read"],
resource="smarthome/thermostat/report",
),wv.RTreePolicyStatement(
permissionSet=smarthome_pset,
permissions=["read"],
resource="smarthome/light/report",
),wv.RTreePolicyStatement(
permissionSet=smarthome_pset,
permissions=["read"],
resource="smarthome/motion/report",
)]
))
))
if resp.error.code != 0:
raise Exception(resp.error.message)
# print(rv)
ent = agent.CreateEntity(wv.CreateEntityParams())
agent.PublishEntity(wv.PublishEntityParams(DER=ent.PublicDER))
ent2 = agent.CreateEntity(wv.CreateEntityParams())
agent.PublishEntity(wv.PublishEntityParams(DER=ent2.PublicDER))
perspective = wv.Perspective(entitySecret=wv.EntitySecret(DER=ent.SecretDER))
att = agent.CreateAttestation(
wv.CreateAttestationParams(
perspective=perspective,
subjectHash=ent2.hash,
publish=True,
policy=wv.Policy(
rTreePolicy=wv.RTreePolicy(namespace=ent.hash,
indirections=5,
statements=[
wv.RTreePolicyStatement(
permissionSet=ent.hash,
permissions=["foo"],
resource="foo/bar",
)
]))))
ent2perspective = wv.Perspective(entitySecret=wv.EntitySecret(
DER=ent2.SecretDER))
agent.ResyncPerspectiveGraph(
wv.ResyncPerspectiveGraphParams(perspective=ent2perspective, ))
for status in agent.WaitForSyncComplete(
wv.SyncParams(perspective=ent2perspective)):
print(status)
def _make_device_entity(self, device):
"""
- makes entity
- publishes entity
- namespace grant to device entity read on <hash>/<device>/control
- namespace grant to device entity write on <hash>/<device>/report
"""
device_entity, newlyCreated = createOrLoadEntity(self.agent, device)
if newlyCreated:
self.agent.PublishEntity(wv.PublishEntityParams(DER=device_entity.PublicDER))
device_perspective=wv.Perspective(
entitySecret=wv.EntitySecret(DER=device_entity.SecretDER)
)
# grant permission to encrypt on device URIs, read/write on report/control respectively
encrypt_policy = wv.Policy(rTreePolicy=wv.RTreePolicy(
namespace=self.ent.hash,
indirections=5,
# TODO: need this?
# visibilityURI=[bytes("smarthome","utf8"),bytes(device,"utf8")],
statements=[
wv.RTreePolicyStatement(
permissionSet=wv.WaveBuiltinPSET,
permissions=[wv.WaveBuiltinE2EE],
resource="smarthome/{0}/+".format(device),
)
]
))
msg_policy = wv.Policy(rTreePolicy=wv.RTreePolicy(
namespace=self.ent.hash,
indirections=5,
statements=[
wv.RTreePolicyStatement(
permissionSet=smarthome_pset,
permissions=["read"],
resource="smarthome/{0}/control".format(device),
),
wv.RTreePolicyStatement(
permissionSet=smarthome_pset,
permissions=["write"],
resource="smarthome/{0}/report".format(device),
)
]
))
if newlyCreated:
r = self.agent.CreateAttestation(wv.CreateAttestationParams(
perspective=self.perspective,
subjectHash=device_entity.hash,
publish=True,
policy=msg_policy
))
#print(r)
#print('msg policy attested')
r = self.agent.CreateAttestation(wv.CreateAttestationParams(
perspective=self.perspective,
subjectHash=device_entity.hash,
publish=True,
policy=encrypt_policy,
))
#print(r)
#print('encrypt policy attested')
#print(encrypt_policy)
encrypt_proof = self.agent.BuildRTreeProof(wv.BuildRTreeProofParams(
perspective=device_perspective,
namespace=encrypt_policy.rTreePolicy.namespace,
resyncFirst=True,
statements=encrypt_policy.rTreePolicy.statements,
))
if encrypt_proof.error.code != 0:
raise Exception(encrypt_proof.error)
msg_proof = self.agent.BuildRTreeProof(wv.BuildRTreeProofParams(
perspective=device_perspective,
namespace=msg_policy.rTreePolicy.namespace,
resyncFirst=True,
statements=msg_policy.rTreePolicy.statements,
))
if msg_proof.error.code != 0:
raise Exception(msg_proof.error)
return device_entity, encrypt_proof, msg_proof