#!/usr/bin/env python3 # -*- coding: utf-8 -*- import os import hashlib import json import time import uuid import boto3 import requests from django.views import View from Ansjer.config import BASE_DIR from base64 import b64encode, encodebytes from Controller.DeviceConfirmRegion import Device_Region from Model.models import Device_User, Device_Info, iotdeviceInfoModel, UIDCompanySerialModel, \ SerialNumberModel from Object.IOTCore.IotObject import IOTClient from Object.ResponseObject import ResponseObject from Object.TokenObject import TokenObject from Service.CommonService import CommonService import OpenSSL.crypto as ct class IotCoreView(View): def get(self, request, *args, **kwargs): request.encoding = 'utf-8' request_dict = request.GET operation = kwargs.get('operation', None) return self.validate(operation, request_dict, request) def post(self, request, *args, **kwargs): request.encoding = 'utf-8' request_dict = request.POST operation = kwargs.get('operation', None) return self.validate(operation, request_dict, request) def validate(self, operation, request_dict, request): response = ResponseObject() if operation == 'createKeysAndCertificate': return self.create_keys_and_certificate(request_dict, response, request) elif operation == 'requestPublishMessage': return self.request_publish_message(request_dict, response, request) elif operation == 'thingRegroup': return self.thing_regroup(request_dict, response, request) else: token = TokenObject(request_dict.get('token', None)) if token.code != 0: return response.json(token.code) if operation == 'clearIotCerm': return self.clear_Iot_Cerm(request_dict, response) else: return response.json(404) # CVM注册 :正使用 def create_keys_and_certificate(self, request_dict, response, request): uid = request_dict.get('uid', '') token = request_dict.get('token', None) uid_code = request_dict.get('uid_code', None) language = request_dict.get('language', None) time_stamp = request_dict.get('time_stamp', None) device_version = request_dict.get('device_version', None).replace('.', '_') # 物品组命名不能包含'.' if not all([token, time_stamp, device_version, language]): return response.json(444, {'param': 'token, uid_code, time_stamp, device_version, language'}) # token时间戳校验 token = int(CommonService.decode_data(token)) time_stamp = int(time_stamp) now_time = int(time.time()) distance = now_time - time_stamp if token != time_stamp or distance > 60000 or distance < -60000: # 为了全球化时间控制在一天内 return response.json(404) if not uid: # 使用序列号 serial_number = request_dict.get('serial_number', None) serial_number_code = request_dict.get('serial_number_code', None) if not all([serial_number, serial_number_code]): return response.json(444, {'param': 'serial_number, serial_number_code'}) # 序列号编码解码校验 serial_number_code = CommonService.decode_data(serial_number_code) if serial_number != serial_number_code: return response.json(404) serial = serial_number[0:6] try: SerialNumberModel.objects.get(serial_number=serial) except: return response.json(444) ThingNameSuffix = serial_number # 物品名后缀 iotdeviceInfo_qs = iotdeviceInfoModel.objects.filter(serial_number=serial) else: # 使用uid # uid编码解码校验 uid_code = CommonService.decode_data(uid_code) if uid != uid_code: return response.json(404) serial = '' # iot_deviceInfo表写入serial_number为'' ThingNameSuffix = uid # 物品名后缀 iotdeviceInfo_qs = iotdeviceInfoModel.objects.filter(uid=uid) # 判断设备是否已注册证书 if not iotdeviceInfo_qs.exists(): thingGroup = device_version + '_' + language ip = CommonService.get_ip_address(request) region_id = Device_Region().get_device_region(ip) iotClient = IOTClient(region_id) res = iotClient.create_keys_and_certificate(ThingNameSuffix, thingGroup, response) token_iot_number = hashlib.md5((str(uuid.uuid1()) + str(now_time)).encode('utf-8')).hexdigest() iotdeviceInfoModel.objects.create(uid=uid, serial_number=serial, endpoint=res[0]['endpoint'], certificate_id=res[0]['certificateId'], certificate_pem=res[0]['certificatePem'], public_key=res[0]['publicKey'], private_key=res[0]['privateKey'], thing_name=res[1]['ThingName'], thing_groups=res[1]['thingGroupName'], token_iot_number=token_iot_number ) res = { 'certificateId': res[0]['certificateId'], 'certificatePem': res[0]['certificatePem'], 'publicKey': res[0]['publicKey'], 'privateKey': res[0]['privateKey'], 'endpoint': res[0]['endpoint'] } return response.json(0, {'res': res}) else: iot = iotdeviceInfo_qs[0] res = { 'certificateId': iot.certificate_id, 'certificatePem': iot.certificate_pem, 'publicKey': iot.public_key, 'privateKey': iot.private_key, 'endpoint': iot.endpoint } # print('此设备已注册证书') return response.json(0, {'res': res}) def thing_regroup(self, request_dict, response, request): # 物品重新分组 uid = request_dict.get('uid', '') token = request_dict.get('token', None) language = request_dict.get('language', None) time_stamp = request_dict.get('time_stamp', None) device_version = request_dict.get('device_version', None) if not all([token, language, time_stamp, device_version]): return response.json(444, {'param: token, language, time_stamp, device_version'}) # 封装token认证 token = int(CommonService.decode_data(token)) time_stamp = int(time_stamp) now_time = int(time.time()) distance = now_time - time_stamp if token != time_stamp or distance > 60000 or distance < -60000: # 为了全球化时间控制在一天内 return response.json(404) ip = CommonService.get_ip_address(request) region_id = Device_Region().get_device_region(ip) iotClient = IOTClient(region_id) ThingNameSuffix = uid if not uid: # 使用序列号 serial_number = request_dict.get('serial_number', None) if not serial_number: return response.json(444) ThingNameSuffix = serial_number thingName = 'Ansjer_Device_' + ThingNameSuffix new_thingGroupName = (device_version + '_' + language).replace('.', '_') # 物品组命名不能包含'.' try: # 获取旧物品组 list_groups_res = iotClient.client.list_thing_groups_for_thing(thingName=thingName, maxResults=1) old_thingGroupName = list_groups_res['thingGroups'][0]['groupName'] # 没有新物品组则创建 list_thing_groups_res = iotClient.client.list_thing_groups(namePrefixFilter=new_thingGroupName , maxResults=1, recursive=False) if not list_thing_groups_res['thingGroups']: attributes = { "update_time": "0" } thingGroupProperties = { "thingGroupDescription": "OTA", "attributePayload": { "attributes": attributes, "merge": False # 更新时覆盖掉而不是合并 } } iotClient.client.create_thing_group(thingGroupName=new_thingGroupName , thingGroupProperties=thingGroupProperties) iotClient.client.update_thing_groups_for_thing(thingName=thingName , thingGroupsToAdd=[new_thingGroupName] , thingGroupsToRemove=[old_thingGroupName]) # 更新设备版本信息 if uid: Device_Info.objects.filter(UID=uid).update(version=device_version) else: Device_Info.objects.filter(serial_number=serial_number).update(version=device_version) return response.json(0) except Exception as e: print(e) return response.json(500, repr(e)) def clear_Iot_Cerm(self, userID, request_dict, response): serial_number = request_dict.get('serial_number', None) if serial_number: iot = iotdeviceInfoModel.objects.filter(thing_name="Ansjer_Device_" + serial_number) if iot.exists(): iot.delete() return response.json(0) else: return response.json(444) def request_publish_message(self, request_dict, response, request): # Alexa请求IoT Core下发MQTT消息 UID = request_dict.get('UID', None) MSG = request_dict.get('MSG', None) if not all([UID, MSG]): return response.json(444) try: # 获取检查uid的序列号,如果没有序列号,不使用MQTT下发消息 device_info_qs = Device_Info.objects.filter(UID=UID).values('UID', 'serial_number') if not device_info_qs.exists(): return response.json(10043) uid = device_info_qs[0]['UID'] serial_number = device_info_qs[0]['serial_number'] # 如果device_info表的serial_number不为空,物品名为'Ansjer_Device_序列号' ThingNameSuffix = serial_number if serial_number != '' else uid thing_name = 'Ansjer_Device_' + ThingNameSuffix # 获取数据组织将要请求的url iot = iotdeviceInfoModel.objects.filter(thing_name__contains=thing_name).values('thing_name', 'endpoint', 'token_iot_number') if not iot.exists(): return response.json(10043) thing_name = iot[0]['thing_name'] # IoT core上的物品名: Ansjer_Device_+序列号+企业编码 endpoint = iot[0]['endpoint'] Token = iot[0]['token_iot_number'] # Token = '297a601b3925e04daab5a60280650e09' topic_name = thing_name + '_rtsp_topic' # MQTT主题 # rtsp://rtsp.zositech.org:8554/ZFdqWldXRFpMTkVaYVZEaEJXRXhUV0RFeE1VRT1B # api doc: https://docs.aws.amazon.com/zh_cn/iot/latest/developerguide/http.html # https://IoT_data_endpoint/topics/url_encoded_topic_name?qos=1 # 请求url来发布MQTT消息 url = 'https://{}/topics/{}?rtsp_command={}'.format(endpoint, topic_name, MSG) authorizer_name = 'Ansjer_Iot_Auth' signature = self.rsa_sign(Token) # Token签名 headers = {'x-amz-customauthorizer-name': authorizer_name, 'Token': Token, 'x-amz-customauthorizer-signature': signature} r = requests.get(url=url, headers=headers, timeout=2) if r.status_code == 200: return response.json(0) else: # print('发布失败') return response.json(10044) except Exception as e: # print(e) return response.json(500, repr(e)) def rsa_sign(self, Token): # 私钥签名Token private_key_file = '''-----BEGIN RSA PRIVATE KEY----- MIIEpQIBAAKCAQEA5iJzEDPqtGmFMggekVro6C0lrjuC2BjunGkrFNJWpDYzxCzE X5jf4/Fq7hcIaQd5sqHugDxPVollSLPe9zNilbrd0sZfU+Ed8gRVuKW9KwfE9XFr L0pt6bKRQ0IIRfiZ9TuR0tsQysvcO1GZSXcYfPue3tGM1zOnWFThWDqZ06+sOxzt RMRl4yNfbpCG4MfxG3itNXOfrjZv2OMLSXrxmzubSvRpUYSvQPs4fm9302SAnySY 0MKzx6H6528ZQm/IDDSZy6EmNBIyTRDfxC56vnYcXvqedAQh7jJnjdvt6Q4MhASH eIYi1FBSdu2NT6wgpnrqXzx5pq9kR/lnsLID0wIDAQABAoIBAQCiF4GT1/1oNSpr ouxk1PNXFPWFUsVGD8mAwVJmx//eiY7MjfuCmdqYYmI+cFqsH2fIOeYSzGfVO9Dq 9EYHN1oovAWhf7eFDPpajFMUSyiCNmazub8VAAeKowtNpCTPo9pMsDh1m3aoYA4u ebrN0+Sbo16y8kWRDgDAZoiR7DSMs8lczk16hwfv5mw8XpNDbaL3Coi4Koe2S1Yh 2SX3vWFlpd7qF1ZYXuZIp+b8JPrV7n9eUKoFgzj0gqgwQK80CoexIjiOrNMPvkQa q+8kCvFjAzKxOK7e8gjM8lMRiGodb61kmYZkkJzFwWO4EaGbl34lfVECd1Ixp3tF be0OWAGBAoGBAPSteXDzzToD8ovM7LL11x0jWwI6HOiHu89kZtW566rIezjWBuA2 TxrcYKM3h9jQRXS3CsMdoIv6XGk5lqM8ADtjn23FBWe/THYLh8bm8JOgh5RRWQDg SvkLfi9Ih2mM4NJfmuuDOh3Nze2efLM7+kOZWUQwF2Zx9mL5jvRBk351AoGBAPDI sYmT2Li+i5+0vykA2m5uPF8ZOW8BGtAfCZv0suW7BNzSgin78g9WapRd/4p0NNiL /nVMqPPCpd1akCUpV+GDWQt0hV+HZjxANE0KWhciQRyo2qvo51j8SWILJSgh0tXC aTF8qt6oGw3VN3m57vKhbrlDaz0J/NDJFci6msAnAoGBAOuG6bXPGijUj+//DYKf n7jOxdZ49kboEePrtAncdHzri6IEdI3z+WXT6bpzw/LzWUimwldb96WHFNm9s8Hi Ch8hIODbnP5naUTgiIzw1XhmONyPCewL/F+LrqX5XVA/alNX8JrwsUrrR2WLAGLQ Q3I69XDsEjptTU2tCO0bCs3ZAoGBAJ2lCHfm0JHET230zONvp5N9oREyVqQSuRdh +syc3TQDyh85w/bw+X6JOaaCFHj1tFPC9Iqf8k4GNspCLPXnp54CfR4+38O3xnvU HWoDSRC0YKT++IxtJGriYrlKSr2Hx54kdvLriIPW1D+uRW/xCDza7L9nIKMKEvgv b4/IfOEpAoGAeKM9Te7T1VzlAkS0CJOwanzwYV/zrex84WuXxlsGgPQ871lTs5AP H1QLfLfFXH+UVrCEC2yv4eml/cqFkpB3gE5i4MQ8GPVIOSs5tsIyl8YUA03vdNdB GCqvlyw5dfxNA+EtxNE2wCW/LW7ENJlACgcfgPlBZtpLheWoZB/maw4= -----END RSA PRIVATE KEY-----''' # 使用密钥文件方式 # private_key_file_path = os.path.join(BASE_DIR, 'static/iotCore/private.pem')#.replace('\\', '/') # private_key_file = open(private_key_file_path, 'r') private_key = ct.load_privatekey(ct.FILETYPE_PEM, private_key_file) signature = ct.sign(private_key, Token.encode('utf8'), 'sha256') signature = encodebytes(signature).decode('utf8').replace('\n', '') # print('signature:', signature) return signature