mirror of
https://github.com/mainflux/mainflux.git
synced 2025-05-01 13:48:56 +08:00
55e09c1921
* Move Things and Users to Clients Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com> Signed-off-by: rodneyosodo <blackd0t@protonmail.com> Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com> * NOISSUE - Update Add and Delete Policies (#1792) * Remove Policy Action Ranks Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Fix Rebase Issues Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Fix CI Test Errors Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Adding Check on Subject For Clients Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Remove Check Client Exists Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Check When Sharing Clients Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Only Add User to Group When Sharing Things Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Remove clientType Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Minor Fix on ShareClient and Fix Tests Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Fix Policies Tests Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Clean Up Things Authorization Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Fix Tests on RetrieveAll Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Test ShareThing Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Fix Merge Conflicts Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Remove Adding Policies. Only Use Ownership Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Check If Subject is same as Object Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Move Back To Union As Sometimes Policy is Empty and Fails to Evaluate on Ownership Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Fix Entity Type For Failing Tests Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Fix BUG in policy evaluation Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Fix Tests Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Add Comments Regarding checkAdmin Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Fix Tests On Rebase Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Combine Authorize For Things and Users Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Fix Tests On Rebase Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Error on Things SVC `unsupported protocol scheme` Signed-off-by: rodneyosodo <blackd0t@protonmail.com> --------- Signed-off-by: rodneyosodo <blackd0t@protonmail.com> Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com> * Fix Bug on Things Authorization Cache (#1810) Signed-off-by: rodneyosodo <blackd0t@protonmail.com> Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com> * Use Password instead of username in MQTT handler Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com> * Simplify MQTT authorization Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com> * Fix MQTT tests Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com> * NOISSUE - Add More Functions to SDK (#1811) * Add More Functions to SDK Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Add Examples to GoDoc Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Update Unassign Interface Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Pass Subject as ID and Not Token on List Channels By Thing Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Fix Bootstrap Errors For Element Check Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Add empty line Before Return Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Reorder URLS in things mux Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Fix Listing Things Policies Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Fix Share Thing Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Add Examples to CLI Docs Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Fix Update Identity To Update Another User Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Fix Identify an Update Policies on Things Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Fix Update Things Policies Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Fix GoDocs on Disconnect Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Fix Tests Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Change Authorize To Use AccessRequest Signed-off-by: rodneyosodo <blackd0t@protonmail.com> --------- Signed-off-by: rodneyosodo <blackd0t@protonmail.com> Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com> * For Evaluate Policy Use AccessRequest (#1814) Signed-off-by: rodneyosodo <blackd0t@protonmail.com> Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com> * NOISSUE - Add SDK Tests (#1812) * Add Things Tests Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Add Channel Tests Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Add Certs Tests Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Add Consumer Tests Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Enrich Group Tests Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Add Tests For Health Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Add Tests For Tokens Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Rename SDK for Tests Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Add Policies Tests Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Fix Linter Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Fix Tests Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Make Variable Defination Inline Signed-off-by: rodneyosodo <blackd0t@protonmail.com> --------- Signed-off-by: rodneyosodo <blackd0t@protonmail.com> Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com> * NOISSUE - Make Cache Key Duration Configurable (#1815) * Make Cache Key Duration Configurable Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Rename ENV Var Signed-off-by: rodneyosodo <blackd0t@protonmail.com> --------- Signed-off-by: rodneyosodo <blackd0t@protonmail.com> Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com> * NOISSUE - Update GoDocs (#1816) * Add GoDocs Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Add Missing GoDoc Files Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Enable godot Signed-off-by: rodneyosodo <blackd0t@protonmail.com> * Add License Information Signed-off-by: rodneyosodo <blackd0t@protonmail.com> --------- Signed-off-by: rodneyosodo <blackd0t@protonmail.com> Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com> * NOISSUE - Add Call Home Client to Mainflux services (#1751) * Move Things and Users to Clients Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com> Signed-off-by: rodneyosodo <blackd0t@protonmail.com> Signed-off-by: SammyOina <sammyoina@gmail.com> * collect and send data package Signed-off-by: SammyOina <sammyoina@gmail.com> * create telemetry migrations Signed-off-by: SammyOina <sammyoina@gmail.com> * add telemetry endpoints Signed-off-by: SammyOina <sammyoina@gmail.com> * add transport Signed-off-by: SammyOina <sammyoina@gmail.com> * create service Signed-off-by: SammyOina <sammyoina@gmail.com> * remove homing server Signed-off-by: SammyOina <sammyoina@gmail.com> * add call home to adapters Signed-off-by: SammyOina <sammyoina@gmail.com> * add last seen Signed-off-by: SammyOina <sammyoina@gmail.com> * rename logger Signed-off-by: SammyOina <sammyoina@gmail.com> * remove homing client Signed-off-by: SammyOina <sammyoina@gmail.com> * use unmerged repo Signed-off-by: SammyOina <sammyoina@gmail.com> * use renamed module Signed-off-by: SammyOina <sammyoina@gmail.com> * update call home version Signed-off-by: SammyOina <sammyoina@gmail.com> * edit documentation Signed-off-by: SammyOina <sammyoina@gmail.com> * align table Signed-off-by: SammyOina <sammyoina@gmail.com> * use alias for call home client Signed-off-by: SammyOina <sammyoina@gmail.com> * update callhome Signed-off-by: SammyOina <sammyoina@gmail.com> * update call home pkg Signed-off-by: SammyOina <sammyoina@gmail.com> * update call home Signed-off-by: SammyOina <sammyoina@gmail.com> * fix modules Signed-off-by: SammyOina <sammyoina@gmail.com> * use mf build version Signed-off-by: SammyOina <sammyoina@gmail.com> * use mf build version Signed-off-by: SammyOina <sammyoina@gmail.com> * restore default Signed-off-by: SammyOina <sammyoina@gmail.com> * add call home for users and things Signed-off-by: SammyOina <sammyoina@gmail.com> * enable opting on call home Signed-off-by: SammyOina <sammyoina@gmail.com> * remove full stops Signed-off-by: SammyOina <sammyoina@gmail.com> * update callhome client Signed-off-by: SammyOina <sammyoina@gmail.com> * add call home to all services Signed-off-by: SammyOina <sammyoina@gmail.com> * fix build Signed-off-by: SammyOina <sammyoina@gmail.com> * restore sdk tests Signed-off-by: SammyOina <sammyoina@gmail.com> * remove unnecessary changes Signed-off-by: SammyOina <sammyoina@gmail.com> * restore health_test.go Signed-off-by: SammyOina <sammyoina@gmail.com> --------- Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com> Signed-off-by: rodneyosodo <blackd0t@protonmail.com> Signed-off-by: SammyOina <sammyoina@gmail.com> Co-authored-by: b1ackd0t <blackd0t@protonmail.com> Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com> --------- Signed-off-by: dusanb94 <dusan.borovcanin@mainflux.com> Signed-off-by: rodneyosodo <blackd0t@protonmail.com> Signed-off-by: SammyOina <sammyoina@gmail.com> Co-authored-by: b1ackd0t <blackd0t@protonmail.com> Co-authored-by: Sammy Kerata Oina <44265300+SammyOina@users.noreply.github.com>
265 lines
6.2 KiB
Go
265 lines
6.2 KiB
Go
// Copyright (c) Mainflux
|
|
// SPDX-License-Identifier: Apache-2.0
|
|
|
|
package provision
|
|
|
|
import (
|
|
"bufio"
|
|
"bytes"
|
|
"crypto/ecdsa"
|
|
"crypto/rand"
|
|
"crypto/rsa"
|
|
"crypto/tls"
|
|
"crypto/x509"
|
|
"crypto/x509/pkix"
|
|
"encoding/pem"
|
|
"fmt"
|
|
"log"
|
|
"math/big"
|
|
"os"
|
|
"time"
|
|
|
|
"github.com/docker/docker/pkg/namesgenerator"
|
|
sdk "github.com/mainflux/mainflux/pkg/sdk/go"
|
|
)
|
|
|
|
const (
|
|
defPass = "12345678"
|
|
defReaderURL = "http://localhost:9005"
|
|
)
|
|
|
|
// MfConn - structure describing Mainflux connection set.
|
|
type MfConn struct {
|
|
ChannelID string
|
|
ThingID string
|
|
ThingKey string
|
|
MTLSCert string
|
|
MTLSKey string
|
|
}
|
|
|
|
// Config - provisioning configuration.
|
|
type Config struct {
|
|
Host string
|
|
Username string
|
|
Password string
|
|
Num int
|
|
SSL bool
|
|
CA string
|
|
CAKey string
|
|
Prefix string
|
|
}
|
|
|
|
// Provision - function that does actual provisiong.
|
|
func Provision(conf Config) {
|
|
const (
|
|
rsaBits = 4096
|
|
ttl = "2400h"
|
|
)
|
|
|
|
msgContentType := string(sdk.CTJSONSenML)
|
|
sdkConf := sdk.Config{
|
|
ThingsURL: conf.Host,
|
|
UsersURL: conf.Host,
|
|
ReaderURL: defReaderURL,
|
|
HTTPAdapterURL: fmt.Sprintf("%s/http", conf.Host),
|
|
BootstrapURL: conf.Host,
|
|
CertsURL: conf.Host,
|
|
MsgContentType: sdk.ContentType(msgContentType),
|
|
TLSVerification: false,
|
|
}
|
|
|
|
s := sdk.NewSDK(sdkConf)
|
|
|
|
user := sdk.User{
|
|
Credentials: sdk.Credentials{
|
|
Identity: conf.Username,
|
|
Secret: conf.Password,
|
|
},
|
|
}
|
|
|
|
if user.Credentials.Identity == "" {
|
|
user.Credentials.Identity = fmt.Sprintf("%s@email.com", namesgenerator.GetRandomName(0))
|
|
user.Credentials.Secret = defPass
|
|
}
|
|
|
|
// Create new user
|
|
if _, err := s.CreateUser(user, ""); err != nil {
|
|
log.Fatalf("Unable to create new user: %s", err.Error())
|
|
return
|
|
|
|
}
|
|
|
|
var err error
|
|
|
|
// Login user
|
|
token, err := s.CreateToken(user)
|
|
if err != nil {
|
|
log.Fatalf("Unable to login user: %s", err.Error())
|
|
return
|
|
}
|
|
|
|
var tlsCert tls.Certificate
|
|
var caCert *x509.Certificate
|
|
|
|
if conf.SSL {
|
|
tlsCert, err = tls.LoadX509KeyPair(conf.CA, conf.CAKey)
|
|
if err != nil {
|
|
log.Fatalf("Failed to load CA cert")
|
|
}
|
|
|
|
b, err := os.ReadFile(conf.CA)
|
|
if err != nil {
|
|
log.Fatalf("Failed to load CA cert")
|
|
}
|
|
|
|
block, _ := pem.Decode(b)
|
|
if block == nil {
|
|
log.Fatalf("No PEM data found, failed to decode CA")
|
|
}
|
|
|
|
caCert, err = x509.ParseCertificate(block.Bytes)
|
|
if err != nil {
|
|
log.Fatalf("Failed to decode certificate - %s", err.Error())
|
|
}
|
|
}
|
|
|
|
// Create things and channels
|
|
things := make([]sdk.Thing, conf.Num)
|
|
channels := make([]sdk.Channel, conf.Num)
|
|
cIDs := []string{}
|
|
tIDs := []string{}
|
|
|
|
fmt.Println("# List of things that can be connected to MQTT broker")
|
|
|
|
for i := 0; i < conf.Num; i++ {
|
|
things[i] = sdk.Thing{Name: fmt.Sprintf("%s-thing-%d", conf.Prefix, i)}
|
|
channels[i] = sdk.Channel{Name: fmt.Sprintf("%s-channel-%d", conf.Prefix, i)}
|
|
}
|
|
|
|
things, err = s.CreateThings(things, token.AccessToken)
|
|
if err != nil {
|
|
log.Fatalf("Failed to create the things: %s", err.Error())
|
|
}
|
|
|
|
channels, err = s.CreateChannels(channels, token.AccessToken)
|
|
if err != nil {
|
|
log.Fatalf("Failed to create the chennels: %s", err.Error())
|
|
}
|
|
|
|
for _, t := range things {
|
|
tIDs = append(tIDs, t.ID)
|
|
}
|
|
|
|
for _, c := range channels {
|
|
cIDs = append(cIDs, c.ID)
|
|
}
|
|
|
|
for i := 0; i < conf.Num; i++ {
|
|
cert := ""
|
|
key := ""
|
|
|
|
if conf.SSL {
|
|
var priv interface{}
|
|
priv, _ = rsa.GenerateKey(rand.Reader, rsaBits)
|
|
|
|
notBefore := time.Now()
|
|
validFor, err := time.ParseDuration(ttl)
|
|
if err != nil {
|
|
log.Fatalf("Failed to set date %v", validFor)
|
|
}
|
|
notAfter := notBefore.Add(validFor)
|
|
|
|
serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128)
|
|
serialNumber, err := rand.Int(rand.Reader, serialNumberLimit)
|
|
if err != nil {
|
|
log.Fatalf("Failed to generate serial number: %s", err)
|
|
}
|
|
|
|
tmpl := x509.Certificate{
|
|
SerialNumber: serialNumber,
|
|
Subject: pkix.Name{
|
|
Organization: []string{"Mainflux"},
|
|
CommonName: things[i].Credentials.Secret,
|
|
OrganizationalUnit: []string{"mainflux"},
|
|
},
|
|
NotBefore: notBefore,
|
|
NotAfter: notAfter,
|
|
|
|
KeyUsage: x509.KeyUsageDigitalSignature,
|
|
ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth, x509.ExtKeyUsageServerAuth},
|
|
SubjectKeyId: []byte{1, 2, 3, 4, 6},
|
|
}
|
|
|
|
derBytes, err := x509.CreateCertificate(rand.Reader, &tmpl, caCert, publicKey(priv), tlsCert.PrivateKey)
|
|
if err != nil {
|
|
log.Fatalf("Failed to create certificate: %s", err)
|
|
}
|
|
|
|
var bw, keyOut bytes.Buffer
|
|
buffWriter := bufio.NewWriter(&bw)
|
|
buffKeyOut := bufio.NewWriter(&keyOut)
|
|
|
|
if err := pem.Encode(buffWriter, &pem.Block{Type: "CERTIFICATE", Bytes: derBytes}); err != nil {
|
|
log.Fatalf("Failed to write cert pem data: %s", err)
|
|
}
|
|
buffWriter.Flush()
|
|
cert = bw.String()
|
|
|
|
if err := pem.Encode(buffKeyOut, pemBlockForKey(priv)); err != nil {
|
|
log.Fatalf("Failed to write key pem data: %s", err)
|
|
}
|
|
buffKeyOut.Flush()
|
|
key = keyOut.String()
|
|
}
|
|
|
|
// Print output
|
|
fmt.Printf("[[things]]\nthing_id = \"%s\"\nthing_key = \"%s\"\n", things[i].ID, things[i].Credentials.Secret)
|
|
if conf.SSL {
|
|
fmt.Printf("mtls_cert = \"\"\"%s\"\"\"\n", cert)
|
|
fmt.Printf("mtls_key = \"\"\"%s\"\"\"\n", key)
|
|
}
|
|
fmt.Println("")
|
|
}
|
|
|
|
fmt.Printf("# List of channels that things can publish to\n" +
|
|
"# each channel is connected to each thing from things list\n")
|
|
for i := 0; i < conf.Num; i++ {
|
|
fmt.Printf("[[channels]]\nchannel_id = \"%s\"\n\n", cIDs[i])
|
|
}
|
|
|
|
conIDs := sdk.ConnectionIDs{
|
|
ChannelIDs: cIDs,
|
|
ThingIDs: tIDs,
|
|
}
|
|
if err := s.Connect(conIDs, token.AccessToken); err != nil {
|
|
log.Fatalf("Failed to connect things %s to channels %s: %s", conIDs.ThingIDs, conIDs.ChannelIDs, err)
|
|
}
|
|
}
|
|
|
|
func publicKey(priv interface{}) interface{} {
|
|
switch k := priv.(type) {
|
|
case *rsa.PrivateKey:
|
|
return &k.PublicKey
|
|
case *ecdsa.PrivateKey:
|
|
return &k.PublicKey
|
|
default:
|
|
return nil
|
|
}
|
|
}
|
|
|
|
func pemBlockForKey(priv interface{}) *pem.Block {
|
|
switch k := priv.(type) {
|
|
case *rsa.PrivateKey:
|
|
return &pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(k)}
|
|
case *ecdsa.PrivateKey:
|
|
b, err := x509.MarshalECPrivateKey(k)
|
|
if err != nil {
|
|
fmt.Fprintf(os.Stderr, "Unable to marshal ECDSA private key: %v", err)
|
|
os.Exit(2)
|
|
}
|
|
return &pem.Block{Type: "EC PRIVATE KEY", Bytes: b}
|
|
default:
|
|
return nil
|
|
}
|
|
}
|