You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
ngcp-panel/lib/NGCP/Panel/Utils/DeviceBootstrap/Snom.pm

297 lines
11 KiB

package NGCP::Panel::Utils::DeviceBootstrap::Snom;
use strict;
use warnings;
use URI::Escape;
use Moo;
use Types::Standard qw(Str);
use JSON qw/encode_json decode_json/;
use MIME::Base64;
use Digest::MD5 qw/md5_hex/;
use Digest::SHA qw(hmac_sha256_base64);
use URI;
extends 'NGCP::Panel::Utils::DeviceBootstrap::VendorREST';
sub rpc_server_params{
my $self = shift;
my $cfg = {
proto => 'https',
host => 'secure-provisioning.snom.com',
path => 'api/v1',
};
$self->{rpc_server_params} = $cfg;
return $self->{rpc_server_params};
}
sub rest_prepare_request {
my ($self, $action) = @_;
my $c = $self->params->{c};
my $ret;
my $new_mac = $self->content_params->{mac};
my $old_mac = $self->content_params->{mac_old};
my $param_uri = $self->content_params->{uri};
my $credentials = {
id => $self->params->{credentials}->{user},
key => $self->params->{credentials}->{password}
};
$self->{rpc_server_params} //= $self->rpc_server_params;
my $cfg = $self->{rpc_server_params};
$c->log->debug("Snom prepare request for action $action");
# first, get company url
my $url = "$$cfg{proto}://$$cfg{host}/$$cfg{path}/tokens/".$credentials->{id};
$c->log->debug("Snom get tokens '$url'");
my $req = HTTP::Request->new(GET => $url);
$req->header('Authorization' => $self->generate_header($url, "GET", { credentials => $credentials, content_type => '', payload => '' }));
$req->header('accept' => 'application/json');
my $res = $self->_ua->request($req);
my $data = decode_json($res->decoded_content);
my $company_url = $data->{links}->{company};
if ($res->is_success && $data->{links}->{company}) {
$c->log->debug("Tokens fetching successful, data: " . $res->decoded_content);
$url = $data->{links}->{company};
} else {
$c->log->error("Tokens fetching failed (" . $res->status_line . "): " . $res->decoded_content);
return;
}
if ($action eq 'register_content') {
# fetch product groups
$url = "$$cfg{proto}://$$cfg{host}/$$cfg{path}/product-groups/";
$c->log->debug("Snom fetch product groups '$url'");
$req = HTTP::Request->new(GET => $url);
$req->header('Authorization' => $self->generate_header($url, "GET", { credentials => $credentials, content_type => '', payload => '' }));
$req->header('accept' => 'application/json');
$res = $self->_ua->request($req);
my $product_group_id;
my $setting_id;
$data = decode_json($res->decoded_content);
if ($res->is_success && scalar @$data) {
$c->log->debug("Snom fetch product groups successful, data: " . $res->decoded_content);
my ($product_group) = grep {$_->{name} eq $self->params->{redirect_params}->{product_family}} @$data;
if ($product_group) {
$product_group_id = $product_group->{uuid};
}
else {
$c->log->error("Snom product group of specified product family not found.");
return;
}
#fetch settings
$url = "$$cfg{proto}://$$cfg{host}/$$cfg{path}/settings/";
$c->log->debug("Snom fetch settings '$url'");
$req = HTTP::Request->new(GET => $url);
$req->header('Authorization' => $self->generate_header($url, "GET", { credentials => $credentials, content_type => '', payload => '' }));
$req->header('accept' => 'application/json');
$res = $self->_ua->request($req);
$data = decode_json($res->decoded_content);
if ($res->is_success && scalar @$data) {
$c->log->debug("Snom fetch settings successful, data: " . $res->decoded_content);
foreach my $setting (@$data) {
if ($setting->{param_name} eq 'setting_server') {
$setting_id = $setting->{uuid};
}
}
unless ($setting_id) {
$c->log->error("Snom setting for redirection server not found.");
return;
}
}
} else {
$c->log->error("Snom fetch product groups quey failed (" . $res->status_line . "): " . $res->decoded_content);
return;
}
# fetch profile
$url = "$company_url/provisioning-profiles/";
$c->log->debug("Snom check profiles '$url'");
$req = HTTP::Request->new(GET => $url);
$req->header('Authorization' => $self->generate_header($url, "GET", { credentials => $credentials, content_type => '', payload => '' }));
$req->header('accept' => 'application/json');
$res = $self->_ua->request($req);
$data = decode_json($res->decoded_content);
if ($res->is_success && scalar @$data) {
$c->log->debug("Snom check profiles query successful, data: " . $res->decoded_content);
my $profile_id;
my ($profile) = grep {$_->{name} eq $self->params->{redirect_params}->{profile}} @$data;
if ($profile) {
$profile_id = $profile->{uuid};
}
elsif (length $self->params->{redirect_params}->{profile}) {
#profile does not exist, create it
$c->log->debug("Snom create profile '$url'");
$req = HTTP::Request->new(POST => $url);
my $body = encode_json({
name => $self->params->{redirect_params}->{profile},
product_group => $product_group_id,
autoprovisioning_enabled => 'true',
});
$req->header('Authorization' => $self->generate_header($url, "POST", { credentials => $credentials, content_type => '', payload => '' }));
$req->header('accept' => 'application/json');
$req->content_type('application/json');
$req->content($body);
$res = $self->_ua->request($req);
$data = decode_json($res->decoded_content);
if ($res->is_success && $res->code == 201) {
$c->log->debug("Snom create profile query successful, data: " . $res->decoded_content);
$profile_id = $data->{uuid};
}
else{
$c->log->error("Snom create profile query failed (" . $res->status_line . "): " . $res->decoded_content);
return;
}
}
my $body = {
mac => $new_mac,
autoprovisioning_enabled => 'true',
settings_manager => {
$setting_id => {
value => $param_uri,
attrs => {
perm => 'RW'
}
}
}
};
$body->{provisioning_profile} = $profile_id if ($profile_id);
$url = "$company_url/endpoints/$new_mac";
$ret = {
method =>'PUT',
url => $url,
body => $body,
hawk => $self->generate_header($url, "PUT", { credentials => $credentials, content_type => '', payload => '' }),
};
} else {
$c->log->error("Snom check profile query failed (" . $res->status_line . "): " . $res->decoded_content);
return;
}
} elsif ($action eq 'unregister_content') {
# we've to fetch the id first before constructing the delete request
$url = "$company_url/endpoints/";
$c->log->debug("Snom check devices '$url'");
$req = HTTP::Request->new(GET => $url);
$req->header('Authorization' => $self->generate_header($url, "GET", { credentials => $credentials, content_type => '', payload => '' }));
$req->header('accept' => 'application/json');
$res = $self->_ua->request($req);
$data = decode_json($res->decoded_content);
if ($res->is_success && scalar @$data) {
$c->log->debug("Snom check devices query successful, data: " . $res->decoded_content);
my $device_id;
my ($device) = grep {uc($_->{mac}) eq uc($old_mac)} @$data;
if ($device) {
$device_id = $device->{mac};
}
$c->log->debug("Snom unregister query successful, data: " . $res->decoded_content);
$data = decode_json($res->decoded_content);
$url = "$company_url/endpoints/$device_id";
$ret = {
method =>'DELETE',
url => $url,
body => undef,
hawk => $self->generate_header($url, "DELETE", { credentials => $credentials, content_type => '', payload => '' }),
};
} else {
$c->log->error("Snom unregister query failed (" . $res->status_line . "): " . $res->decoded_content);
return;
}
}
return $ret;
}
sub generate_header {
my ($self, $uri, $method, $options) = @_;
my $time = time;
my $credentials = $options->{credentials};
my @chars = ("A".."Z", "a".."z");
my $nonce;
$nonce .= $chars[rand @chars] for 1..8;
$uri = URI->new($uri);
my $hash = $self->calculate_payload_hash($options->{payload}, $options->{content_type}, $credentials->{key});
my $artifacts = {
ts => $time,
nonce => $nonce,
method => $method,
resource => $uri->path_query,
host => $uri->host,
port => $uri->port,
hash => $hash || ''
};
my $mac = $self->calculate_mac($credentials, $artifacts);
my $auth = 'Hawk';
$auth .= ' mac="' . $mac . '",';
$auth .= ' hash="' . $artifacts->{hash} . '",' unless $hash eq '';
$auth .= ' id="' . $credentials->{id} . '",';
$auth .= ' ts="' . $artifacts->{ts} . '",';
$auth .= ' nonce="' . $artifacts->{nonce} .'"';
return $auth;
}
sub calculate_mac {
my ($self, $credentials, $options) = @_;
my $normalized = $self->generate_normalized_string($options);
my $result_b64 = "";
$result_b64 = hmac_sha256_base64($normalized, $credentials->{key});
while (length($result_b64) % 4) {
$result_b64 .= '=';
}
return $result_b64;
}
sub calculate_payload_hash {
my ($self, $payload, $content_type, $key) = @_;
return '' if $payload eq '';
my $pload = "hawk.1.payload\n";
$pload .= $content_type . "\n";
$pload .= ($payload || '');
my $result_b64 = hmac_sha256_base64($pload, $key);
while (length($result_b64) % 4) {
$result_b64 .= '=';
}
return $result_b64;
}
sub generate_normalized_string {
my ($self, $options) = @_;
my $normalized = "hawk.1.header\n";
$normalized .= $options->{ts}."\n";
$normalized .= $options->{nonce}."\n";
$normalized .= uc($options->{method}) . "\n";
$normalized .= $options->{resource}."\n";
$normalized .= $options->{host}."\n";
$normalized .= $options->{port}."\n";
$normalized .= "\n";
$normalized .= "\n"; # this is also needed for a healthy header ( and mac ) since an extension is allowed in hawk
return $normalized;
}
1;