B ÒHÇ^.ã@sfddlmZddlZddlmZddlZddlZddlZddl Z ddl Z ddl m Z Gdd„dƒZ dS)é)ÚAWSIoTMQTTClientN)ÚConfig)ÚFigletc@steZdZdd„Zdd„Zdd„Zdd„Zd d „Zd d „Zd d„Z dd„Z dd„Z dd„Z dd„Z dd„Zdd„ZdS)ÚProvisioningHandlerc Cstdd}t| d¡ƒt| d¡ƒt| d¡ƒtjtjdt t¡|_t |ƒ}|  d¡|_ |j d|_ |j d |_ |j d |_|j d |_|j d |_|j d |_|j d|_t|jƒ$}t |¡}|d|_|d|_WdQRXd|_tdƒ|_|j|j_d|_i|_dS)NZslant)Zfontz F l e e tZ Provisioningz ----------)ÚlevelZSETTINGSZSECURE_CERT_PATHZ IOT_ENDPOINTZPROVISIONING_TEMPLATE_NAMEZ CLAIM_CERTZ SECURE_KEYZ ROOT_CERTZMACHINE_CONFIG_PATHÚ serial_numÚ model_typeTZfleet_provisioning_demoF)rÚprintZ renderTextÚloggingÚ basicConfigÚERRORÚ getLoggerÚ__name__ÚloggerrZ get_sectionZconfig_parametersÚsecure_cert_pathÚ iot_endpointÚ template_nameÚ claim_certÚ secure_keyÚ root_certZmachine_configÚopenÚjsonÚloadrrÚhasValidAccountrÚprimary_MQTTClientÚon_message_callbackZ onMessageÚcallback_returnedÚmessage_payload)ÚselfZ file_pathÚfZconfigZ json_fileÚdata©r!ú;c:\Users\djjohnse\Desktop\rawclient\provisioning_handler.pyÚ__init__s0                zProvisioningHandler.__init__cCs–|j |jd¡|j d |j|j¡d |j|j¡d |j|j¡¡|j  d¡|j  d¡|j  d¡|j  d¡|j  d¡tdƒ|j ¡dS) zd Method used to connect to connect to AWS IoTCore Service. Endpoint collected from config. i³"z{}/{}éÿÿÿÿéé éz3##### CONNECTING WITH PROVISIONING CLAIM CERT #####N)rÚconfigureEndpointrÚconfigureCredentialsÚformatrrrrÚconfigureOfflinePublishQueueingÚconfigureDrainingFrequencyÚ!configureConnectDisconnectTimeoutÚconfigureMQTTOperationTimeoutrÚinfor Úconnect)rr!r!r"Ú core_connectMs     z ProvisioningHandler.core_connectcCs4|jjd |j¡d|jd|jjdd|jddS)zF Subscribe to pertinent IoTCore topics that would emit errors z6$aws/provisioning-templates/{}/provision/json/rejectedé)Úcallbackz&$aws/certificates/create/json/rejectedN)rÚ subscriber*rÚbasic_callback)rr!r!r"Úenable_error_monitor^s z(ProvisioningHandler.enable_error_monitorcCst | |¡¡S)z¯ Initiates an async loop/call to kick off the provisioning flow. Triggers: on_message_callback() providing the certificate payload )ÚasyncioÚrunÚorchestrate_provisioning_flow)rr3r!r!r"Úget_official_certsfsz&ProvisioningHandler.get_official_certscÃsF| ¡| ¡|j ddd¡x|js:t d¡IdHq"W||jƒS)Nz$aws/certificates/create/jsonz{}r)r1r6rÚpublishrr7Úsleepr)rr3r!r!r"r9ns z1ProvisioningHandler.orchestrate_provisioning_flowcCs~t |j¡}d|kr4|j d¡tdƒ| |¡nFd|krn|j d |d¡¡td |d¡ƒ| ¡n |j |¡dS)zÆ Callback Message handler responsible for workflow routing of msg responses from provisioning services. Arguments: message {string} -- The response message payload. Ú certificateIdz+##### SUCCESS. SAVING KEYS TO DEVICE! #####ZdeviceConfigurationz/##### CERT ACTIVATED AND THING {} CREATED #####Z thingNameN) rÚloadsÚpayloadrr/r Úassemble_certificatesr*Ú rotate_certs)rÚmessageZ json_datar!r!r"r€s       z'ProvisioningHandler.on_message_callbackcCs¨|d}|dd…|_d |j¡|_td |j|j¡dƒ}| |d¡| ¡d |j¡|_td |j|j¡dƒ}| |d ¡| ¡|d |_|  |j |j¡d S) ad Method takes the payload and constructs/saves the certificate and private key. Method uses existing AWS IoT Core naming convention. Arguments: payload {string} -- Certifiable certificate/key data. Returns: ownership_token {string} -- proof of ownership from certificate issuance activity. r=rr&z{}-certificate.pem.crtz{}/{}zw+ZcertificatePemz{}-private.pem.keyZ privateKeyÚcertificateOwnershipTokenN) Z new_key_rootr*Ú new_cert_namerrÚwriteÚcloseÚ new_key_nameZownership_tokenÚregister_thingr)rr?Zcert_idrr!r!r"r@˜s  z)ProvisioningHandler.assemble_certificatescCsN|j d¡tdƒ||j|j|jdœdœ}|j d |j ¡t   |¡d¡dS)aCalls the fleet provisioning service responsible for acting upon instructions within device templates. Arguments: serial {string} -- unique identifer for the thing. Specified as a property in provisioning template. token {string} -- The token response from certificate creation to prove ownership/immediate possession of the certs. Triggers: on_message_callback() - providing acknowledgement that the provisioning template was processed. z*##### CREATING THING ACTIVATING CERT #####)Z SerialNumberZ ModelTyper)rCÚ parametersz-$aws/provisioning-templates/{}/provision/jsonrN) rr/r rrrrr;r*rrÚdumps)rÚserialÚtokenZregister_templater!r!r"rH¸s  z"ProvisioningHandler.register_thingcCsL|j d¡tdƒ| ¡| ¡td |j|j¡ƒtd |j¡ƒdS)z€Responsible for (re)connecting to IoTCore with the newly provisioned/activated certificate - (first class citizen cert) z)##### CONNECTING WITH OFFICIAL CERT #####z6##### ACTIVATED AND TESTED CREDENTIALS ({}, {}). #####z##### FILES SAVED TO {} #####N) rr/r Úcert_validation_testÚnew_cert_pub_subr*rGrDr)rr!r!r"rAËs z ProvisioningHandler.rotate_certscCsŽt|jƒ|_|j |jd¡|j d |j|j¡d |j|j ¡d |j|j ¡¡|j  d¡|j  d¡|j  d¡|j d¡|j ¡dS)Ni³"z{}/{}r$r%r&r')rrÚtest_MQTTClientr(rr)r*rrrGrDr+r,r-r.r0)rr!r!r"rMÙs     z(ProvisioningHandler.cert_validation_testcCs(|j |j ¡¡|j ¡|_d|_dS)zuMethod responding to the openworld publish attempt. Demonstrating a successful pub/sub with new certificate. TN)rr/r?Údecoderr)rÚclientZuserdataÚmsgr!r!r"r5çs z"ProvisioningHandler.basic_callbackcCs>|j d |j¡d|j¡|j d |j¡tddiƒd¡dS)zsMethod testing a call to the 'openworld' topic (which was specified in the policy for the new certificate) z dt/{}/testr2Zservice_responsezp##### YOUR INDIVIDUALIZED PRODUCTION CERTS HAVE BEEN SUCCESSFULLY ACTIVATED AND ADDED TO THE /certs FOLDER #####rN)rOr4r*rr5r;Ústr)rr!r!r"rNîsz$ProvisioningHandler.new_cert_pub_subcCsBy(t d |j¡¡t d |j¡¡Wntk r<YnXdS)Nz{}/bootstrap-private.pem.keyz {}/bootstrap-certificate.pem.crt)ÚosÚremover*rÚOSError)rr!r!r"Úremove_bootstrap_certsösz*ProvisioningHandler.remove_bootstrap_certsN)rÚ __module__Ú __qualname__r#r1r6r:r9rr@rHrArMr5rNrWr!r!r!r"rs3 r)ZAWSIoTPythonSDK.MQTTLibrZAWSIoTPythonSDK.exceptionZAWSIoTPythonSDKZutils.config_loaderrÚtimer rrTr7Zpyfigletrrr!r!r!r"Ú s