Skip to content

Commit

Permalink
Cert fix for newer Hue App versions (diyhue#932)
Browse files Browse the repository at this point in the history
  • Loading branch information
mattisz authored Sep 29, 2023
1 parent fe1805d commit f905cf0
Show file tree
Hide file tree
Showing 5 changed files with 7 additions and 7 deletions.
2 changes: 1 addition & 1 deletion .build/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ COPY requirements.txt ./
RUN apt update \
&& apt install --no-install-recommends -y \
curl unzip python3-minimal python3-pip python3-dev python3-setuptools gcc \
openssl nmap psmisc iproute2 bluez bluetooth libcoap3-bin \
openssl nmap psmisc iproute2 bluez bluetooth libcoap3-bin faketime \
&& pip3 install -r requirements.txt --no-cache-dir --break-system-packages \
&& apt purge -y python3-pip python3-setuptools python3-dev gcc \
&& apt autoremove -y \
Expand Down
2 changes: 1 addition & 1 deletion BridgeEmulator/genCert.sh
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
mac=$1
config="${2:-/opt/hue-emulator/config}"
dec_serial=`python3 -c "print(int(\"$mac\".strip('\u200e'), 16))"`
openssl req -new -days 3650 -config /opt/hue-emulator/openssl.conf -nodes -x509 -newkey ec -pkeyopt ec_paramgen_curve:P-256 -pkeyopt ec_param_enc:named_curve -subj "/C=NL/O=Philips Hue/CN=$mac" -keyout private.key -out public.crt -set_serial $dec_serial
faketime '2017-01-01 00:00:00' openssl req -new -days 7670 -config /opt/hue-emulator/openssl.conf -nodes -x509 -newkey ec -pkeyopt ec_paramgen_curve:P-256 -pkeyopt ec_param_enc:named_curve -subj "/C=NL/O=Philips Hue/CN=$mac" -keyout private.key -out public.crt -set_serial $dec_serial

mkdir -p $config
touch $config/cert.pem
Expand Down
7 changes: 3 additions & 4 deletions BridgeEmulator/install.sh
Original file line number Diff line number Diff line change
Expand Up @@ -38,10 +38,9 @@ generate_certificate () {

echo "Generating certificat for MAC $mac"
echo -e "\033[33mIf this is a diyhue reinstallation process then you will need to reinstall official Hue apps from PC and phone in order to wipe old certificate.\033[0m"
curl https://raw.githubusercontent.com/diyhue/diyHue/9ceed19b4211aa85a90fac9ea6d45cfeb746c9dd/BridgeEmulator/openssl.conf -o openssl.conf
serial="${mac:0:2}${mac:3:2}${mac:6:2}fffe${mac:9:2}${mac:12:2}${mac:15:2}"
dec_serial=`python3 -c "print(int(\"$serial\", 16))"`
openssl req -new -config openssl.conf -nodes -x509 -newkey ec -pkeyopt ec_paramgen_curve:P-256 -pkeyopt ec_param_enc:named_curve -subj "/C=NL/O=Philips Hue/CN=$serial" -keyout private.key -out public.crt -set_serial $dec_serial -days 3650
faketime '2017-01-01 00:00:00' openssl req -new -config openssl.conf -nodes -x509 -newkey ec -pkeyopt ec_paramgen_curve:P-256 -pkeyopt ec_param_enc:named_curve -subj "/C=NL/O=Philips Hue/CN=$serial" -keyout private.key -out public.crt -set_serial $dec_serial -days 7670
if [ $? -ne 0 ] ; then
echo -e "\033[31m ERROR!! Local certificate generation failed! Attempting remote server generation\033[0m"
### test is server for certificate generation is reachable
Expand Down Expand Up @@ -98,11 +97,11 @@ esac
echo -e "\033[36m Installing dependencies.\033[0m"
if type apt &> /dev/null; then
# Debian-based distro
apt-get install -y unzip python3 python3-pip openssl bluez bluetooth libcoap2-bin
apt-get install -y unzip python3 python3-pip openssl bluez bluetooth libcoap2-bin faketime
elif type pacman &> /dev/null; then
# Arch linux
pacman -Syq --noconfirm || exit 1
pacman -Sq --noconfirm unzip python3 python-pip gnu-netcat libcoap || exit 1
pacman -Sq --noconfirm unzip python3 python-pip gnu-netcat libcoap faketime || exit 1
else
# Or assume that packages are already installed (possibly with user confirmation)?
# Or check them?
Expand Down
2 changes: 1 addition & 1 deletion BridgeEmulator/openssl.conf
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ x509_extensions = usr_cert
[ usr_cert ]
basicConstraints=critical,CA:FALSE
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer
authorityKeyIdentifier=keyid:always,issuer:always
keyUsage = critical, digitalSignature, keyEncipherment
extendedKeyUsage = serverAuth

Expand Down
1 change: 1 addition & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,7 @@ All documentation and instructions can be found over at [diyhue.readthedocs.io](
- coap-client: i.e. via `apt install libcoap2-bin`
- Python 3
- Python modules: ws4py, requests, astral, paho-mqtt [see requirements.txt](./requirements.txt)
- faketime: i.e. via `apt install faketime`

or

Expand Down

0 comments on commit f905cf0

Please sign in to comment.