This is a simple server that signs CSRs and responds with the signed Client Cert.
Instructions on how to run this server:
make setup
make serve
Welcome to the IoT Fuse 2018 workshop on PKI Integration.
The purpose of this class is to discuss and practice using tools helpful in securing devices at the transport layer. Modern IoT Platforms, such as Murano, can utilize the device's Client Certificate (public key) to authenticate and identify the connecting device.
This allows the IoT platform to utilize the asymmetric encryption methods in TLS for provisioning and identification at the connection-level.
Though it is still common, and sometimes necessary, to add a symmetric provisioning layer on top of the TLS connection (e.g. connect, retrieve auth token in a secure/trusted environment like a manufacturing facility, use token for all subsequent connections), it is often desirable and becoming more common to allow the connecting device to present its Client Cert as its identity.
@startuml | |
skinparam backgroundColor Azure | |
skinparam sequenceMessageAlign center | |
skinparam NoteBackgroundColor DarkOrange | |
skinparam NoteBorderColor Black | |
skinparam NoteFontName Lucida Console | |
skinparam NoteFontSize 18 |
#!/usr/bin/env bash | |
[[ -z ${1} ]] && echo "provide device id" && exit 1 | |
function print_timestamp_stderr() { | |
jqq=".${1}.timestamp" | |
js="echo ${1} | jq -r '${jqq}'" | |
echo $js | |
ts=$(eval $js) | |
CMD="python -c 'from datetime import datetime as dt; print(dt.fromtimestamp(${ts}/1000000.0))'" |
-----BEGIN CERTIFICATE----- | |
MIIGIjCCBAqgAwIBAgIJAKfLy05oNigQMA0GCSqGSIb3DQEBCwUAMIGdMQswCQYD | |
VQQGEwJVUzESMBAGA1UECAwJTWlubmVzb3RhMRQwEgYDVQQHDAtNaW5uZWFwb2xp | |
czEQMA4GA1UECgwHRXhvc2l0ZTEMMAoGA1UECwwDT3BzMSMwIQYDVQQDDBpFeG9z | |
aXRlIEludGVybmFsIENBIChwcm9kKTEfMB0GCSqGSIb3DQEJARYQcm9vdEBleG9z | |
aXRlLmNvbTAeFw0xNjExMjIxNzM2MDBaFw0yNjExMjAxNzM2MDBaMIGdMQswCQYD | |
VQQGEwJVUzESMBAGA1UECAwJTWlubmVzb3RhMRQwEgYDVQQHDAtNaW5uZWFwb2xp | |
czEQMA4GA1UECgwHRXhvc2l0ZTEMMAoGA1UECwwDT3BzMSMwIQYDVQQDDBpFeG9z | |
aXRlIEludGVybmFsIENBIChwcm9kKTEfMB0GCSqGSIb3DQEJARYQcm9vdEBleG9z | |
aXRlLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANnRFk1pXkXG |
#!/usr/bin/env python | |
""" | |
A simple client program for listening to a Murano Solution Websocket. | |
Author: Will Charlton | |
Company: Exosite | |
Date: 01/20/2017 | |
""" | |
import logging, websocket, threading, json, sys, time |
#!/usr/bin/python2 | |
import multiprocessing | |
import subprocess | |
import os | |
def pinger( job_q, results_q ): | |
DEVNULL = open(os.devnull,'w') | |
while True: | |
ip = job_q.get() |
#!/usr/bin/env python3 | |
""" | |
So far only tested on python3 interpreter. | |
Given an address, this script outputs a google maps url to the address. | |
""" | |
import requests, sys, time | |
from urllib.parse import quote_plus |