| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313 |
- #!/usr/bin/env python3
- # -*- coding: utf-8 -*-
- import os
- import hashlib
- import json
- import time
- import uuid
- import boto3
- import requests
- from django.views import View
- from Ansjer.config import BASE_DIR
- from base64 import b64encode, encodebytes
- from Controller.DeviceConfirmRegion import Device_Region
- from Model.models import Device_User, Device_Info, iotdeviceInfoModel, UIDCompanySerialModel, \
- SerialNumberModel
- from Object.IOTCore.IotObject import IOTClient
- from Object.ResponseObject import ResponseObject
- from Object.TokenObject import TokenObject
- from Service.CommonService import CommonService
- import OpenSSL.crypto as ct
- class IotCoreView(View):
- def get(self, request, *args, **kwargs):
- request.encoding = 'utf-8'
- request_dict = request.GET
- operation = kwargs.get('operation', None)
- return self.validate(operation, request_dict, request)
- def post(self, request, *args, **kwargs):
- request.encoding = 'utf-8'
- request_dict = request.POST
- operation = kwargs.get('operation', None)
- return self.validate(operation, request_dict, request)
- def validate(self, operation, request_dict, request):
- response = ResponseObject()
- if operation == 'createKeysAndCertificate':
- return self.create_keys_and_certificate(request_dict, response, request)
- elif operation == 'requestPublishMessage':
- return self.request_publish_message(request_dict, response, request)
- elif operation == 'thingRegroup':
- return self.thing_regroup(request_dict, response, request)
- else:
- token = TokenObject(request_dict.get('token', None))
- if token.code != 0:
- return response.json(token.code)
- if operation == 'clearIotCerm':
- return self.clear_Iot_Cerm(request_dict, response)
- else:
- return response.json(404)
- # CVM注册 :正使用
- def create_keys_and_certificate(self, request_dict, response, request):
- uid = request_dict.get('uid', '')
- token = request_dict.get('token', None)
- uid_code = request_dict.get('uid_code', None)
- language = request_dict.get('language', None)
- time_stamp = request_dict.get('time_stamp', None)
- device_version = request_dict.get('device_version', None).replace('.', '_') # 物品组命名不能包含'.'
- if not all([token, time_stamp, device_version, language]):
- return response.json(444, {'param': 'token, uid_code, time_stamp, device_version, language'})
- # token时间戳校验
- token = int(CommonService.decode_data(token))
- time_stamp = int(time_stamp)
- now_time = int(time.time())
- distance = now_time - time_stamp
- if token != time_stamp or distance > 60000 or distance < -60000: # 为了全球化时间控制在一天内
- return response.json(404)
- if not uid:
- # 使用序列号
- serial_number = request_dict.get('serial_number', None)
- serial_number_code = request_dict.get('serial_number_code', None)
- if not all([serial_number, serial_number_code]):
- return response.json(444, {'param': 'serial_number, serial_number_code'})
- # 序列号编码解码校验
- serial_number_code = CommonService.decode_data(serial_number_code)
- if serial_number != serial_number_code:
- return response.json(404)
- serial = serial_number[0:6]
- try:
- SerialNumberModel.objects.get(serial_number=serial)
- except:
- return response.json(444)
- ThingNameSuffix = serial_number # 物品名后缀
- iotdeviceInfo_qs = iotdeviceInfoModel.objects.filter(serial_number=serial)
- else:
- # 使用uid
- # uid编码解码校验
- uid_code = CommonService.decode_data(uid_code)
- if uid != uid_code:
- return response.json(404)
- serial = '' # iot_deviceInfo表写入serial_number为''
- ThingNameSuffix = uid # 物品名后缀
- iotdeviceInfo_qs = iotdeviceInfoModel.objects.filter(uid=uid)
- # 判断设备是否已注册证书
- if not iotdeviceInfo_qs.exists():
- thingGroup = device_version + '_' + language
- ip = CommonService.get_ip_address(request)
- region_id = Device_Region().get_device_region(ip)
- iotClient = IOTClient(region_id)
- res = iotClient.create_keys_and_certificate(ThingNameSuffix, thingGroup, response)
- token_iot_number = hashlib.md5((str(uuid.uuid1()) + str(now_time)).encode('utf-8')).hexdigest()
- iotdeviceInfoModel.objects.create(uid=uid,
- serial_number=serial,
- endpoint=res[0]['endpoint'],
- certificate_id=res[0]['certificateId'],
- certificate_pem=res[0]['certificatePem'],
- public_key=res[0]['publicKey'],
- private_key=res[0]['privateKey'],
- thing_name=res[1]['ThingName'],
- thing_groups=res[1]['thingGroupName'],
- token_iot_number=token_iot_number
- )
- res = {
- 'certificateId': res[0]['certificateId'],
- 'certificatePem': res[0]['certificatePem'],
- 'publicKey': res[0]['publicKey'],
- 'privateKey': res[0]['privateKey'],
- 'endpoint': res[0]['endpoint']
- }
- return response.json(0, {'res': res})
- else:
- iot = iotdeviceInfo_qs[0]
- res = {
- 'certificateId': iot.certificate_id,
- 'certificatePem': iot.certificate_pem,
- 'publicKey': iot.public_key,
- 'privateKey': iot.private_key,
- 'endpoint': iot.endpoint
- }
- # print('此设备已注册证书')
- return response.json(0, {'res': res})
- def thing_regroup(self, request_dict, response, request):
- # 物品重新分组
- uid = request_dict.get('uid', '')
- token = request_dict.get('token', None)
- language = request_dict.get('language', None)
- time_stamp = request_dict.get('time_stamp', None)
- device_version = request_dict.get('device_version', None)
- if not all([token, language, time_stamp, device_version]):
- return response.json(444, {'param: token, language, time_stamp, device_version'})
- # 封装token认证
- token = int(CommonService.decode_data(token))
- time_stamp = int(time_stamp)
- now_time = int(time.time())
- distance = now_time - time_stamp
- if token != time_stamp or distance > 60000 or distance < -60000: # 为了全球化时间控制在一天内
- return response.json(404)
- ip = CommonService.get_ip_address(request)
- region_id = Device_Region().get_device_region(ip)
- iotClient = IOTClient(region_id)
- ThingNameSuffix = uid
- if not uid:
- # 使用序列号
- serial_number = request_dict.get('serial_number', None)
- if not serial_number:
- return response.json(444)
- ThingNameSuffix = serial_number
- thingName = 'Ansjer_Device_' + ThingNameSuffix
- new_thingGroupName = (device_version + '_' + language).replace('.', '_') # 物品组命名不能包含'.'
- try:
- # 获取旧物品组
- list_groups_res = iotClient.client.list_thing_groups_for_thing(thingName=thingName, maxResults=1)
- old_thingGroupName = list_groups_res['thingGroups'][0]['groupName']
- # 没有新物品组则创建
- list_thing_groups_res = iotClient.client.list_thing_groups(namePrefixFilter=new_thingGroupName
- , maxResults=1, recursive=False)
- if not list_thing_groups_res['thingGroups']:
- attributes = {
- "update_time": "0"
- }
- thingGroupProperties = {
- "thingGroupDescription": "OTA",
- "attributePayload": {
- "attributes": attributes,
- "merge": False # 更新时覆盖掉而不是合并
- }
- }
- iotClient.client.create_thing_group(thingGroupName=new_thingGroupName
- , thingGroupProperties=thingGroupProperties)
- iotClient.client.update_thing_groups_for_thing(thingName=thingName
- , thingGroupsToAdd=[new_thingGroupName]
- , thingGroupsToRemove=[old_thingGroupName])
- # 更新设备版本信息
- if uid:
- Device_Info.objects.filter(UID=uid).update(version=device_version)
- else:
- Device_Info.objects.filter(serial_number=serial_number).update(version=device_version)
- return response.json(0)
- except Exception as e:
- print(e)
- return response.json(500, repr(e))
- def clear_Iot_Cerm(self, userID, request_dict, response):
- serial_number = request_dict.get('serial_number', None)
- if serial_number:
- iot = iotdeviceInfoModel.objects.filter(thing_name="Ansjer_Device_" + serial_number)
- if iot.exists():
- iot.delete()
- return response.json(0)
- else:
- return response.json(444)
- def request_publish_message(self, request_dict, response, request):
- # Alexa请求IoT Core下发MQTT消息
- UID = request_dict.get('UID', None)
- MSG = request_dict.get('MSG', None)
- if not all([UID, MSG]):
- return response.json(444)
- try:
- # 获取检查uid的序列号,如果没有序列号,不使用MQTT下发消息
- device_info_qs = Device_Info.objects.filter(UID=UID).values('UID', 'serial_number')
- if not device_info_qs.exists():
- return response.json(10043)
- uid = device_info_qs[0]['UID']
- serial_number = device_info_qs[0]['serial_number']
- # 如果device_info表的serial_number不为空,物品名为'Ansjer_Device_序列号'
- ThingNameSuffix = serial_number if serial_number != '' else uid
- thing_name = 'Ansjer_Device_' + ThingNameSuffix
- # 获取数据组织将要请求的url
- iot = iotdeviceInfoModel.objects.filter(thing_name__contains=thing_name).values('thing_name', 'endpoint',
- 'token_iot_number')
- if not iot.exists():
- return response.json(10043)
- thing_name = iot[0]['thing_name'] # IoT core上的物品名: Ansjer_Device_+序列号+企业编码
- endpoint = iot[0]['endpoint']
- Token = iot[0]['token_iot_number']
- # Token = '297a601b3925e04daab5a60280650e09'
- topic_name = thing_name + '_rtsp_topic' # MQTT主题
- # rtsp://rtsp.zositech.org:8554/ZFdqWldXRFpMTkVaYVZEaEJXRXhUV0RFeE1VRT1B
- # api doc: https://docs.aws.amazon.com/zh_cn/iot/latest/developerguide/http.html
- # https://IoT_data_endpoint/topics/url_encoded_topic_name?qos=1
- # 请求url来发布MQTT消息
- url = 'https://{}/topics/{}?rtsp_command={}'.format(endpoint, topic_name, MSG)
- authorizer_name = 'Ansjer_Iot_Auth'
- signature = self.rsa_sign(Token) # Token签名
- headers = {'x-amz-customauthorizer-name': authorizer_name, 'Token': Token,
- 'x-amz-customauthorizer-signature': signature}
- r = requests.get(url=url, headers=headers, timeout=2)
- if r.status_code == 200:
- return response.json(0)
- else:
- # print('发布失败')
- return response.json(10044)
- except Exception as e:
- # print(e)
- return response.json(500, repr(e))
- def rsa_sign(self, Token):
- # 私钥签名Token
- private_key_file = '''-----BEGIN RSA PRIVATE KEY-----
- MIIEpQIBAAKCAQEA5iJzEDPqtGmFMggekVro6C0lrjuC2BjunGkrFNJWpDYzxCzE
- X5jf4/Fq7hcIaQd5sqHugDxPVollSLPe9zNilbrd0sZfU+Ed8gRVuKW9KwfE9XFr
- L0pt6bKRQ0IIRfiZ9TuR0tsQysvcO1GZSXcYfPue3tGM1zOnWFThWDqZ06+sOxzt
- RMRl4yNfbpCG4MfxG3itNXOfrjZv2OMLSXrxmzubSvRpUYSvQPs4fm9302SAnySY
- 0MKzx6H6528ZQm/IDDSZy6EmNBIyTRDfxC56vnYcXvqedAQh7jJnjdvt6Q4MhASH
- eIYi1FBSdu2NT6wgpnrqXzx5pq9kR/lnsLID0wIDAQABAoIBAQCiF4GT1/1oNSpr
- ouxk1PNXFPWFUsVGD8mAwVJmx//eiY7MjfuCmdqYYmI+cFqsH2fIOeYSzGfVO9Dq
- 9EYHN1oovAWhf7eFDPpajFMUSyiCNmazub8VAAeKowtNpCTPo9pMsDh1m3aoYA4u
- ebrN0+Sbo16y8kWRDgDAZoiR7DSMs8lczk16hwfv5mw8XpNDbaL3Coi4Koe2S1Yh
- 2SX3vWFlpd7qF1ZYXuZIp+b8JPrV7n9eUKoFgzj0gqgwQK80CoexIjiOrNMPvkQa
- q+8kCvFjAzKxOK7e8gjM8lMRiGodb61kmYZkkJzFwWO4EaGbl34lfVECd1Ixp3tF
- be0OWAGBAoGBAPSteXDzzToD8ovM7LL11x0jWwI6HOiHu89kZtW566rIezjWBuA2
- TxrcYKM3h9jQRXS3CsMdoIv6XGk5lqM8ADtjn23FBWe/THYLh8bm8JOgh5RRWQDg
- SvkLfi9Ih2mM4NJfmuuDOh3Nze2efLM7+kOZWUQwF2Zx9mL5jvRBk351AoGBAPDI
- sYmT2Li+i5+0vykA2m5uPF8ZOW8BGtAfCZv0suW7BNzSgin78g9WapRd/4p0NNiL
- /nVMqPPCpd1akCUpV+GDWQt0hV+HZjxANE0KWhciQRyo2qvo51j8SWILJSgh0tXC
- aTF8qt6oGw3VN3m57vKhbrlDaz0J/NDJFci6msAnAoGBAOuG6bXPGijUj+//DYKf
- n7jOxdZ49kboEePrtAncdHzri6IEdI3z+WXT6bpzw/LzWUimwldb96WHFNm9s8Hi
- Ch8hIODbnP5naUTgiIzw1XhmONyPCewL/F+LrqX5XVA/alNX8JrwsUrrR2WLAGLQ
- Q3I69XDsEjptTU2tCO0bCs3ZAoGBAJ2lCHfm0JHET230zONvp5N9oREyVqQSuRdh
- +syc3TQDyh85w/bw+X6JOaaCFHj1tFPC9Iqf8k4GNspCLPXnp54CfR4+38O3xnvU
- HWoDSRC0YKT++IxtJGriYrlKSr2Hx54kdvLriIPW1D+uRW/xCDza7L9nIKMKEvgv
- b4/IfOEpAoGAeKM9Te7T1VzlAkS0CJOwanzwYV/zrex84WuXxlsGgPQ871lTs5AP
- H1QLfLfFXH+UVrCEC2yv4eml/cqFkpB3gE5i4MQ8GPVIOSs5tsIyl8YUA03vdNdB
- GCqvlyw5dfxNA+EtxNE2wCW/LW7ENJlACgcfgPlBZtpLheWoZB/maw4=
- -----END RSA PRIVATE KEY-----'''
- # 使用密钥文件方式
- # private_key_file_path = os.path.join(BASE_DIR, 'static/iotCore/private.pem')#.replace('\\', '/')
- # private_key_file = open(private_key_file_path, 'r')
- private_key = ct.load_privatekey(ct.FILETYPE_PEM, private_key_file)
- signature = ct.sign(private_key, Token.encode('utf8'), 'sha256')
- signature = encodebytes(signature).decode('utf8').replace('\n', '')
- # print('signature:', signature)
- return signature
|
