| # -*- Mode:python; c-file-style:"gnu"; indent-tabs-mode:nil -*- */ |
| # |
| # Copyright (C) 2014-2015 Regents of the University of California. |
| # Author: Weiwei Liu <summerwing10@gmail.com> |
| # |
| # This program is free software: you can redistribute it and/or modify |
| # it under the terms of the GNU Lesser General Public License as published by |
| # the Free Software Foundation, either version 3 of the License, or |
| # (at your option) any later version. |
| # |
| # This program is distributed in the hope that it will be useful, |
| # but WITHOUT ANY WARRANTY; without even the implied warranty of |
| # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| # GNU Lesser General Public License for more details. |
| # |
| # You should have received a copy of the GNU Lesser General Public License |
| # along with this program. If not, see <http://www.gnu.org/licenses/>. |
| # A copy of the GNU Lesser General Public License is in the file COPYING. |
| |
| """ |
| This module defines the DeviceUserAccessManager class which is the interface of |
| operations related to identity, keys, and certificates. |
| """ |
| |
| import sys |
| import hmac |
| from hashlib import sha256 |
| from pyndn.name import Name |
| from device_profile import DeviceProfile |
| from device_storage import DeviceStorage |
| from hmac_key import HMACKey |
| from user_access_storage import UserAccessStorage |
| |
| class DeviceUserAccessManager(object): |
| """ |
| Create a new DeviceUserAccessManager |
| """ |
| def __init__(self, databaseFilePath = None): |
| deviceStorage = DeviceStorage(databaseFilePath) |
| self._deviceStorage = deviceStorage |
| userAccessStorage = UserAccessStorage(databaseFilePath) |
| self._userAccessStorage = userAccessStorage |
| |
| def createDevice(self, deviceProfile, seed, configurationToken, commandList = None): |
| """ |
| Create a device in the database, including it's corresponding commands and serrvice profiles |
| @param DeviceProfile deviceProfile: the device profile |
| @param SymmetricKey seed: the seed of the device |
| @param SymmetricKey configurationToken: the configuration Token of the device |
| @param list commandList: the command list of the device, must have following structure: each element in the list should be a two-tuple (commandName, commandToken), the commandName should be a string, and commandToken should be a SymmetricKey. Here is an example of a valid commandList : [('turn_on', commandToken1), ('turn_off', commandToken2)] |
| return True if succeed, otherwise False |
| """ |
| result = False |
| |
| #add device |
| deviceId = self._deviceStorage.addDevice(deviceProfile, seed, configurationToken) |
| if deviceId == 0: |
| raise RuntimeError("device already exists in database") |
| return result |
| elif deviceId == -1: |
| raise RuntimeError("error occured during adding device into database") |
| return result |
| |
| #add service profile |
| serviceProfileList = deviceProfile.getServiceProfileList() |
| for serviceProfileName in serviceProfileList: |
| serviceProfileId = self._deviceStorage.addServiceProfile(deviceId, serviceProfileName) |
| if serviceProfileId == 0: |
| raise RuntimeError("service profile: " + serviceProfileName + " already exists in database") |
| return result |
| elif serviceProfileId == -1: |
| raise RuntimeError("error occured during adding service profile :" + serviceProfileName) |
| return result |
| |
| #add command |
| for command in commandList: |
| #generate command token,firstt generate command token name |
| prefix = deviceProfile.getPrefix() |
| commandTokenName = prefix.toUri()+"/"+command+"/token/0" |
| commandTokenKey = hmac.new(seed.getKey(), commandTokenName,sha256).digest() |
| commandToken = HMACKey(0,0,commandTokenKey,commandTokenName) |
| |
| commandId = self._deviceStorage.addCommand(deviceId, command, commandToken) |
| if commandId == 0: |
| raise RuntimeError("command: " + commandTuple[0] + " already exists in database") |
| return result |
| elif commandId == -1: |
| raise RuntimeError("error occured during adding command:" +commandTuple[0]) |
| return result |
| result = True |
| return result |
| |
| def getDeviceProfile(self, prefix): |
| """ |
| get device profile of a specified device |
| :param Name prefix: the device prefix |
| :return device profile of the device if exists, otherwise return None |
| :rtype: DeviceProfile |
| """ |
| deviceProfile = self._deviceStorage.getDeviceProfileFromDevice(prefix) |
| if deviceProfile == None: |
| return deviceProfile |
| else: |
| # get device Id |
| deviceId = self._deviceStorage.getDeviceId(deviceProfile.getPrefix()) |
| if deviceId == 0: |
| raise RuntimeError("device doesn't exist") |
| |
| serviceProfileList = self._deviceStorage.getServiceProfilesOfDevice(deviceId) |
| deviceProfile.setServiceProfile(serviceProfileList) |
| |
| return deviceProfile |
| |
| def getSeed(self, prefix): |
| """ |
| get seed of a specified device |
| :param Name prefix: the device prefix |
| :return seed of the device if exists, otherwise return None |
| :rtype: SymmetricKey |
| """ |
| return self._deviceStorage.getSeed(prefix) |
| |
| def getConfigurationToken(self, prefix): |
| """ |
| get configuration token of a specified device |
| :param Name prefix: the device prefix |
| :return seed of the device if exists, otherwise return None |
| :rtype: SymmetricKey |
| """ |
| return self._deviceStorage.getConfigurationToken(prefix) |
| |
| def getCommandToken(self, prefix, commandName): |
| """ |
| get command token of a specified command |
| :param Name prefix: the device prefix |
| :param str commandName: device name of the command |
| :return command token if command existsm, otherwise None |
| :rtype SymmetricKey |
| """ |
| deviceId = self._deviceStorage.getDeviceId(prefix) |
| if deviceId == 0: |
| return None |
| return self._deviceStorage.getCommandToken(deviceId, commandName) |
| |
| def getCommandsOfDevice(self, prefix): |
| """ |
| get all the commands of a specified device |
| :param Name prefix: the device prefix |
| :return command name list if any commands exist, otherwise None |
| """ |
| deviceId = self._deviceStorage.getDeviceId(prefix) |
| if deviceId == 0: |
| return None |
| return self._deviceStorage.getCommandsOfDevice(deviceId) |
| |
| def getServiceProfilesOfDevice(self, prefix): |
| """ |
| get all the service profiles of a specified device |
| :param Name prefix: the device prefix |
| :return service profiles name list if any service profiles exist, otherwise None |
| """ |
| deviceId = self._deviceStorage.getDeviceId(prefix) |
| if deviceId == 0: |
| return None |
| return self._deviceStorage.getServiceProfilesOfDevice(deviceId) |
| |
| def addUser(self, prefix, username, hash_, salt, type_): |
| """ |
| Add a new user to User table, do nothing if the user already exists |
| |
| :param Name prefix: the prefix of the user |
| :param str username: username |
| :param hash_: |
| :param salt: |
| :param str type: the type of user, either guest or user |
| :return the user id if it's added successfully, 0 if prefix conflict exists, -1 if username conflict exists |
| :rtype: INTEGER |
| """ |
| return self._userAccessStorage.addUser(prefix, username, hash_, salt, type_) |
| |
| def addAccess(self, devicePrefix, commandName, userPrefix, userDevice, accessToken): |
| """ |
| Add a new access to the Access table, do nothing if the access already exists |
| :param Name devicePrefix: the device prefix |
| :param str command name : the command name |
| :param Name userPrefix: the user prefix |
| :param int userDevice: the user device |
| :param HMACKey accessToken: the access token |
| :return the access id if it's added successfully, 0 if the access already exists, otherwise -1 |
| :rtype: int |
| """ |
| #get device Id |
| deviceId = self._deviceStorage.getDeviceId(devicePrefix) |
| if deviceId == 0: |
| print 1 |
| return -1 |
| |
| #get command id |
| commandId = self._deviceStorage.getCommandId(deviceId, commandName) |
| if commandId == 0: |
| print 2 |
| return -1 |
| |
| #get user id |
| userId = self._userAccessStorage.getUserId(userPrefix) |
| if userId ==0: |
| print 3 |
| return -1 |
| |
| return self._userAccessStorage.addAccess(commandId, userId, userDevice, accessToken) |
| |
| def getAccessInfo(self, userPrefix, devicePrefix): |
| """ |
| get all aceess info for pair(user, device) |
| :param Name userPrefix: the prefix of user |
| :param Name devicePrefix: the prefix of device |
| :return a list of tuples of form (str commandName,str userDevice, HmacKey accessToken). e.g. [('turn_on','laptop'. AccessToken1), ('turn_off','laptop' AccessToken2)], return None if no such access exists |
| :rtype list |
| """ |
| #get device Id |
| deviceId = self._deviceStorage.getDeviceId(devicePrefix) |
| |
| #get user Id |
| userId = self._userAccessStorage.getUserId(userPrefix) |
| |
| if userId <= 0 or deviceId <= 0: |
| #either user or device doesn't exist in table |
| return None |
| |
| #get command id list of device |
| commandIdList = self._deviceStorage.getCommandIdsOfDevice(deviceId) |
| if commandIdList == []: |
| return None |
| |
| accessList =[] |
| for commandId in commandIdList: |
| doesExist = self._userAccessStorage.doesAccessExist(commandId, userId) |
| if doesExist: |
| commandName = self._deviceStorage.getCommandNameFromId(commandId) |
| userDeviceList = self._userAccessStorage.getUserDevices(commandId, userId) |
| for userDevice in userDeviceList: |
| accessToken = self._userAccessStorage.getAccessToken(commandId, userId, userDevice) |
| accessTuple = (commandName, userDevice, accessToken) |
| accessList.append(accessTuple) |
| |
| return accessList |