From 19019a3466917e8ab2d8fd17df471aa34a07df1b Mon Sep 17 00:00:00 2001 From: Devendra Date: Fri, 5 Jun 2015 23:31:51 +0530 Subject: pam demo --- python/examples/pam_demo/demo.py | 74 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 74 insertions(+) create mode 100644 python/examples/pam_demo/demo.py (limited to 'python/examples/pam_demo') diff --git a/python/examples/pam_demo/demo.py b/python/examples/pam_demo/demo.py new file mode 100644 index 0000000..e00914d --- /dev/null +++ b/python/examples/pam_demo/demo.py @@ -0,0 +1,74 @@ + +from gevent.monkey import patch_all +patch_all() + +import sys +from Pubnub import Pubnub +import random +import json + +rand = str(random.randint(1,99999999)) + +def get_unique(s): + return 'str-' + rand + '-' + s + +# public channel +channel_public = get_unique("channel_public") + +# server auth key +server_auth_token = get_unique("server_auth_token") + +#client auth key +client_auth_token = get_unique("client_auth_token") + +#client uuid +client_uuid = get_unique("client_uuid") + +#server uuid +server_uuid = get_unique("server_uuid") + + +#init server object +server = Pubnub(publish_key="pam", subscribe_key="pam", secret_key="pam", auth_key=server_auth_token, uuid=server_uuid) + +#init client object +client = Pubnub(publish_key="pam", subscribe_key="pam", auth_key=client_auth_token, uuid=client_uuid) + +# Grant permission to server auth keys +print(server.grant(channel=channel_public, auth_key=server_auth_token, read=True, write=True)) +print(server.grant(channel=channel_public + '-pnpres', auth_key=server_auth_token, read=True, write=True)) + +# Grant permission to client auth keys +print(server.grant(channel=channel_public, auth_key=client_auth_token, read=True, write=False)) +print(server.grant(channel=channel_public + '-pnpres', auth_key=client_auth_token, read=True, write=False)) + + + +def _server_callback(message, channel): + print(message) + +def _error_callback(error): + print(error) + +#server subscribes to public channel +server.subscribe(channels=channel_public, callback=_server_callback, error=_error_callback) + + + +def _server_presence_callback(message, channel): + print message + if 'action' in message: + if message['action'] == 'join' and message['uuid'] == client_uuid: + print "Only I can see that client with UUID " + message['uuid'] + " has a state of " + json.dumps(message['data']) + +# server subscribes to presence events on public channel +server.presence(channel=channel_public, callback=_server_presence_callback, error=_error_callback) + + + + +def _client_callback(channel, message): + print(message) + +# client subscribes to public channel +client.subscribe(channels=channel_public, state={ "myKey" : get_unique("foo")}, callback=_client_callback, error=_error_callback) -- cgit v1.2.3 From ae7dbdec9a5a9e147cf5e8de160455277d328f39 Mon Sep 17 00:00:00 2001 From: gcohen Date: Fri, 5 Jun 2015 13:28:52 -0700 Subject: Added verbose comments, and added a scenarion to depict the client trying to subscribe on a restricted presence channel. --- python/examples/pam_demo/demo.py | 74 ++++++++++++++++++++++++++++------------ 1 file changed, 52 insertions(+), 22 deletions(-) (limited to 'python/examples/pam_demo') diff --git a/python/examples/pam_demo/demo.py b/python/examples/pam_demo/demo.py index e00914d..a60730c 100644 --- a/python/examples/pam_demo/demo.py +++ b/python/examples/pam_demo/demo.py @@ -1,4 +1,3 @@ - from gevent.monkey import patch_all patch_all() @@ -13,62 +12,93 @@ def get_unique(s): return 'str-' + rand + '-' + s # public channel +# This is the channel all clients announce themselves on -- or more generally speaking, a channel you expect the client +# to "check-in" on to announce his state + channel_public = get_unique("channel_public") # server auth key +# Only the server has/knows about this auth token. It will be used to grant read on the "check-in" Presence channel + server_auth_token = get_unique("server_auth_token") -#client auth key +# client auth key +# only clients will use this authey -- it does not provide presence channel read access + client_auth_token = get_unique("client_auth_token") -#client uuid +# each client must have a unique id -- a UUID, for presence information/state to bind to + +# client uuid client_uuid = get_unique("client_uuid") -#server uuid +# server uuid server_uuid = get_unique("server_uuid") +# For the demo, we'll implement a SERVER called server, who is the authoritative 'admin' entity in the system +# We'll also implement a CLIENT called client, who is an arbitrary hardware device member of the network -#init server object +# Please swap out the default 'pam' demo keys with your own PAM-enabled keys + +# init server object server = Pubnub(publish_key="pam", subscribe_key="pam", secret_key="pam", auth_key=server_auth_token, uuid=server_uuid) -#init client object +# init client object client = Pubnub(publish_key="pam", subscribe_key="pam", auth_key=client_auth_token, uuid=client_uuid) +# To access a Presence channel with PAM, its format is CHANNELNAME-pnpres + # Grant permission to server auth keys +# grant r/w to public, and r/w public Presence (public-pnpres) + print(server.grant(channel=channel_public, auth_key=server_auth_token, read=True, write=True)) print(server.grant(channel=channel_public + '-pnpres', auth_key=server_auth_token, read=True, write=True)) # Grant permission to client auth keys +# grant r/w to public, and w-only access to public Presence (public-pnpres) print(server.grant(channel=channel_public, auth_key=client_auth_token, read=True, write=False)) -print(server.grant(channel=channel_public + '-pnpres', auth_key=client_auth_token, read=True, write=False)) +print(server.grant(channel=channel_public + '-pnpres', auth_key=client_auth_token, read=False, write=False)) +# Now, we'll run it to watch it work as advertised... +# Define some simple callabcks for the Server and Client -def _server_callback(message, channel): - print(message) +def _server_message_callback(message, channel): + print("Server heard: " + message) + +def _client_callback(channel, message): + print("Client heard: " + message) def _error_callback(error): - print(error) + print("Error: " + error) -#server subscribes to public channel -server.subscribe(channels=channel_public, callback=_server_callback, error=_error_callback) +def _server_presence_callback(message, channel): + print message + if 'action' in message: + if message['action'] == 'join' and message['uuid'] == client_uuid: + print "Server can see that client with UUID " + message['uuid'] + " has a state of " + json.dumps(message['data']) +def _client_presence_callback(message, channel): + print message + if 'action' in message: + if message['action'] == 'join' and message['uuid'] == client_uuid: + print "Client can see that client with UUID " + message['uuid'] + " has a state of " + json.dumps(message['data']) +# server subscribes to public channel +server.subscribe(channels=channel_public, callback=_server_message_callback, error=_error_callback) -def _server_presence_callback(message, channel): - print message - if 'action' in message: - if message['action'] == 'join' and message['uuid'] == client_uuid: - print "Only I can see that client with UUID " + message['uuid'] + " has a state of " + json.dumps(message['data']) +# server subscribes to presence events on public channel +# presence() is a convienence method that subscribes to channel-pnpres with special logic for handling +# presence-event formatted messages -# server subscribes to presence events on public channel +## uncomment out to see server able to read on presence channel server.presence(channel=channel_public, callback=_server_presence_callback, error=_error_callback) +# now if the client tried to subscribe on the presence channel, and therefore, get state info +# he is explicitly denied! - - -def _client_callback(channel, message): - print(message) +## uncomment out to see client not able to read on presence channel +#client.presence(channel=channel_public, callback=_client_presence_callback, error=_error_callback) # client subscribes to public channel client.subscribe(channels=channel_public, state={ "myKey" : get_unique("foo")}, callback=_client_callback, error=_error_callback) -- cgit v1.2.3 From d2f95778fab683b573c6778dafdd8d0006245d93 Mon Sep 17 00:00:00 2001 From: gcohen Date: Mon, 8 Jun 2015 14:54:00 -0700 Subject: Working example of secure PAM key exchange with client and server actors. --- python/examples/pam_demo/demo.py | 32 ++++++++++++++++++++------------ 1 file changed, 20 insertions(+), 12 deletions(-) (limited to 'python/examples/pam_demo') diff --git a/python/examples/pam_demo/demo.py b/python/examples/pam_demo/demo.py index a60730c..ff91b76 100644 --- a/python/examples/pam_demo/demo.py +++ b/python/examples/pam_demo/demo.py @@ -15,17 +15,20 @@ def get_unique(s): # This is the channel all clients announce themselves on -- or more generally speaking, a channel you expect the client # to "check-in" on to announce his state -channel_public = get_unique("channel_public") +#channel_public = get_unique("channel_public") +channel_public = "channel_public" # server auth key # Only the server has/knows about this auth token. It will be used to grant read on the "check-in" Presence channel -server_auth_token = get_unique("server_auth_token") +#server_auth_token = get_unique("server_auth_token") +server_auth_token = "server_auth_token" # client auth key # only clients will use this authey -- it does not provide presence channel read access -client_auth_token = get_unique("client_auth_token") +#client_auth_token = get_unique("client_auth_token") +client_auth_token = "client_auth_token" # each client must have a unique id -- a UUID, for presence information/state to bind to @@ -64,13 +67,18 @@ print(server.grant(channel=channel_public + '-pnpres', auth_key=client_auth_toke # Define some simple callabcks for the Server and Client def _server_message_callback(message, channel): - print("Server heard: " + message) + print("Server heard: " + json.dumps(message)) -def _client_callback(channel, message): - print("Client heard: " + message) +def _client_message_callback(message, channel): + print("Client heard: " + json.dumps(message)) -def _error_callback(error): - print("Error: " + error) +def _client_error_callback(error, channel): + print("Client Error: " + error + " on channel " + channel) + print("Client will now unsubscribe from this unauthorized channel.") + client.unsubscribe(channel=channel) + +def _server_error_callback(error): + print("Server Error: " + error) def _server_presence_callback(message, channel): print message @@ -85,20 +93,20 @@ def _client_presence_callback(message, channel): print "Client can see that client with UUID " + message['uuid'] + " has a state of " + json.dumps(message['data']) # server subscribes to public channel -server.subscribe(channels=channel_public, callback=_server_message_callback, error=_error_callback) +server.subscribe(channels=channel_public, callback=_server_message_callback, error=_server_error_callback) # server subscribes to presence events on public channel # presence() is a convienence method that subscribes to channel-pnpres with special logic for handling # presence-event formatted messages ## uncomment out to see server able to read on presence channel -server.presence(channel=channel_public, callback=_server_presence_callback, error=_error_callback) +server.presence(channel=channel_public, callback=_server_presence_callback, error=_server_error_callback) # now if the client tried to subscribe on the presence channel, and therefore, get state info # he is explicitly denied! ## uncomment out to see client not able to read on presence channel -#client.presence(channel=channel_public, callback=_client_presence_callback, error=_error_callback) +client.presence(channel=channel_public, callback=_client_presence_callback, error=_client_error_callback) # client subscribes to public channel -client.subscribe(channels=channel_public, state={ "myKey" : get_unique("foo")}, callback=_client_callback, error=_error_callback) +client.subscribe(channels=channel_public, state={ "myKey" : get_unique("foo")}, callback=_client_message_callback, error=_client_error_callback) -- cgit v1.2.3 From 589a28dbf9495c3d2d904d3ffd46947278eb0a7b Mon Sep 17 00:00:00 2001 From: gcohen Date: Mon, 8 Jun 2015 18:07:40 -0700 Subject: Working example of secure PAM key exchange with client and server actors. --- python/examples/pam_demo/demo.py | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) (limited to 'python/examples/pam_demo') diff --git a/python/examples/pam_demo/demo.py b/python/examples/pam_demo/demo.py index ff91b76..decef8e 100644 --- a/python/examples/pam_demo/demo.py +++ b/python/examples/pam_demo/demo.py @@ -74,11 +74,13 @@ def _client_message_callback(message, channel): def _client_error_callback(error, channel): print("Client Error: " + error + " on channel " + channel) - print("Client will now unsubscribe from this unauthorized channel.") + print("TTL on grant expired, or token was invalid, or revoked. Client will now unsubscribe from this unauthorized channel.") client.unsubscribe(channel=channel) -def _server_error_callback(error): - print("Server Error: " + error) +def _server_error_callback(error, channel): + print("Server Error: " + error + " on channel " + channel) + print("TTL on grant expired, or token was revoked. Server will now unsubscribe from this unauthorized channel.") + server.unsubscribe(channel=channel) def _server_presence_callback(message, channel): print message -- cgit v1.2.3 From e9e089132be7a9602cccb49257acbb9719734ad4 Mon Sep 17 00:00:00 2001 From: Devendra Date: Fri, 19 Jun 2015 00:53:30 +0530 Subject: changing import --- python/examples/pam_demo/demo.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'python/examples/pam_demo') diff --git a/python/examples/pam_demo/demo.py b/python/examples/pam_demo/demo.py index decef8e..c08f9f5 100644 --- a/python/examples/pam_demo/demo.py +++ b/python/examples/pam_demo/demo.py @@ -2,7 +2,7 @@ from gevent.monkey import patch_all patch_all() import sys -from Pubnub import Pubnub +from pubnub import Pubnub import random import json -- cgit v1.2.3