Raspberry Pi Powered, Android Controlled, Tomcat Serviced, Remote Garage Door Opener

A few months ago I had left for a business trip and couldn’t remember if I had closed the garage door.  Nearly all of us have done this at one point in our lives.  I promised myself this would never happen again, and a new project was spawned!

Project Overview

While some plug and play solutions exist such as the Liftmaster 828LM, I wanted to make my own out of curiosity.
The project consists of two components, both of which are entirely open source:
  • An Android application which posts commands to a web service.  The Android application retrieves an authorization token from Google and sends it along with the requested command.
  • The web service which listens for commands and credentials.  These credentials are posted to Google to verify they are authentic.  Once the user is verified, the command is executed.

I will be giving an overview of the project, but it is by no means a step-by-step tutorial.  There have been similar projects online, but I couldn’t find any with detailed code on both sides (client + server).  This should be a good reference for anyone who wants to do things like:

  • Run Tomcat on their Raspberry Pi
  • Authenticate users with Google’s OAuth 2 (both getting the token and authenticating the token)
  • Interact with the GPIO pins of the Raspberry Pi directly in Java
  • See how a basic Service to Activity (interaction / communication) model can look like in Android.  I find this to be one of the most common questions asked by new developers

 

Demonstration:

 
This is a quick video of the whole project in use.  Note the status of the door is stated on the home screen of the application so there is never any doubt whether it is open or closed!

Hardware

  • Raspberry Pi Model B  – It can act as the web service and physically interface with the garage door all in one device (rather than purchasing something like an Arduino, which would need a more powerful computer sitting in front of it to run the web service).  Less is more.
  • Edimax EW-7811Un USB Wi-Fi N Dongle – Since I don’t have CAT6 run out to my garage door opener (yet), I had to accept using Wi-Fi which I generally avoid at all costs.  The chipset in this dongle (RTL8188CUS) is compatible right out of the box with the Raspberry Pi.
  • Magnetic Switch – This is to determine whether the garage is opened or closed.  This particular switch is fantastic for one reason; depending on which contact points you hook up to, it can be made either normally open or normally closed.
  • Sainsmart Relay Module – Great little board that has relay isolation components already built into it.  Separates the power supply from the signal with an optocoupler which protects your other components when the coil’s magnetic field collapses.
  • Resistors – Miscellaneous resistors.  Supplied link is a great pack that gives you a little bit of everything for home projects.
  • Wiring of your choice.

Design requirements

  • Control (toggle) the garage remotely, whether 5 feet away, or 5 countries away
  • Check the state of the garage door, without needing to toggle / close it
  • Do so from within an Android application
    • Use Google as the application’s authenticator
    • Take advantage of Android’s AccountManager
  • Be accessible via HTTP so it could be extended to any platform in the future such as iPhone, iPad, or a simple web browser
    • Run HTTPS so eavesdropping / replay attacks would not be possible
    • Use an unsigned TLS certificate.  There is no need to pay for one if you are the developer!
  • WAF needs to be high.
    • Low cost
    • Must not affect normal operation of the door
  • No pre-built solutions
    • Rarely demonstratively secure
    • Not extensible
    • Not fun =P

Web Service

The web service is responsible for listening for requests over the network.  This performs the following actions upon receiving a request:
  1. Authenticates the request with Google OAuth 2.0 with an subclass of RealmBase, GoogleRealm.
  2. Authorizes the user with a local file containing a line delineated list of valid users
  3. If there was a successful authentication and authorization, perform the required action, namely:
    • Toggle the garage
    • Get the state of the garage

Libraries Used

  1. Pi4J – Java bindings which allows interaction with the GPIO pins on the Raspberry Pi.  Being Tomcat is the web server, Pi4J was a perfect complement.
  2. json-simple – Java library which parses and extracts JSON messages.

Security

The application is protected with an implementation of a Realm.  This implementation is dubbed “GoogleRealm” and validates Google authorization tokens, as well as validates that the returned email account exists in a local file.  When Tomcat handles an HTTP request for a protected resource (defined in web.xml), it calls the overridden authenticate method inside of GoogleRealm method with two Strings.  These strings are passed in by the defined implementation of Authenticator, also defined inside web.xml.  An Authenticator’s job in the scope of Tomcat is to take a Request and send the passed credentials to the defined Realm.  Making a custom Authenticator allows one to receive credentials from a request by any means.  In other words, it abstracts how credentials are retrieved in the request from how they are authenticated.

In this application, the BasicAuthenticator is used to retrieve credentials.  You may have been able to guess that BasicAuthenticator retrieves the username and password from HTTP basic access authentication.  The username field contains the Google authorization token and the password field contains a shared secret among all users.  The authorization token is requested with the scope oauth2:https://www.googleapis.com/auth/userinfo.email which, when posted to Google, allows the verifier to view the email address of the account that the authentication token is associated with.

I originally did not have this shared password in place but I soon realized that there was a security vulnerability in the application.  Any service that you authenticate with using your Google account could post its own authorization token to your garage door opener and open your garage.  In computer security, this is called the confused deputy problem.  This can be mitigated by requiring an additional secret with all authorized users.  With a shared secret, third party sites need an additional piece of information that only authorized users posses.

Once the user’s request is authenticated it is then checked for authorization against a line delineated local file which has a list of email addresses allowed to interact with the application.  If that email exists, the proper Principal is then added to the request session and passed to servlet routing.

Garage Interface

The garage interface and GPIO control was the simplest part of the application, thanks to the Pi4j library.  All of the wiring below below, are the pinouts used for application inside of GarageDoorGPIO.  Note that Pi4J does not use pin numbers as their identifiers, and instead uses the more abstract method that WiringPi uses.
  • Toggling the garage
    • The garage door was fairly straight forward to interact with physically.  I had a wall mounted control which toggles the garage door when two wires are shorted together (this is the behavior of most any door).
    • When this module is activated, the garage is toggled.  This module is controlled via the following wires: (Note – make sure you know which revision of the Raspberry Pi you have as their pins have changed!)
      • 5V – Pin 02 on the Raspberry Pi diagram below (upper right pin) to label G on the relay diagram.  This powers the relay coil.
      • 3.3V – Pin 17 (fifth from the bottom, left row) to label F.  This provides 3.3V as a signal current to the relay.
      • 0V – Pin 25 to label E.  This grounds the 5V supply.  Note that the 5V and 0V are isolated via an optocoupler  from the 3.3V connection(The schematic can be found here.)
      • GPIO – Pin 11 (GPIO 17) to label B.  This is going to be configured as an OUTPUT pin, and set LOW, which will activate the relay.
      • The two top most screw-down relay holes (in the upper left) are what will be connected to each other when the relay triggers.  These two wires will need to be run to your garage door in a manufacturer / model dependent fashion.
  • Checking the garage state
    • This was accomplished with the magnetic switch listed above.  One half of the switch is connected to the swinging door, the other half is attached to the door frame.  In this case half of it was attached to the wall above the garage door, and half of it was attached to the garage door itself.  When the garage door is closed, these two halves are within about a 1/4 inch of each other.
    • Make a wire with an inline 1k ohm resistor (to prevent accidentally blowing out a GPIO pin).
      • 3.3V – Connect this wire from Pin 1 on the Raspberry Pi and connect it to one side of the magnetic switch mentioned above (red, or white wire in diagram below)
      • Connect a wire from the opposite side of the magnetic switch and run it to pin 12 (GPIO 18).
      • When the door is closed, this circuit should be closed.
This is the magnetic switch.  The front side (closest in this picture) is attached to the moving door, the rear side is screwed into the wall.  When they come within about 1/4 inch of each other, it toggles.
Sorry for the mediocre picture… it’s mounted on top of the opener.

Android Application

 

Architecture:

The architecture of the application is very simple.  Clicking an action button in the UI triggers an IntentService to run.  These IntentService(s) are run in the background on a worker thread already, so we don’t need to worry about spawning off threads on our own.  When the Service is completed, it fires off a broadcast.  If the main Activity is active at this point, a Toast is generated for the user which states what the result of their action was.

Overview:

 
The controller for this application is written for the Android platform.  This could have been a web application but I wanted to use the AccoutManager on Android so the setup was as seamless as possible to any end user (no need to enter account information).  The first time a user account is selected and an action button is clicked, an authorization prompt pops up for the user.  This allows the application to get a token which can prove the account’s identity.

There are three interaction points in the application that this token is used for:

  • Toggle the garage (actuate the relay which in turns activates the door)
  • Close the the garage (toggles the garage if it is not in a closed state)
  • Display the status of the garage (open / closed)

Security:

The security of the Android application lies in its use of HTTPS.  I did not want to create my own domain and pay for a signed TLS certificate, so instead, I made an SSLSocketFactory factory (GarageSSLSocketFactory).  This is described in good detail here.  What this does is initialize the application’s SSLContext to use your own default key store for acceptable certificates.  This includes your own self-signed certificates and allows you to have secure communication without the need for paying for a signed certificate, or doing something really, really, bad.  All you need is a dynamic DNS domain, assuming you do not have a reserved WAN IP address.

UI:

Main screen
Configuration Screen (accessible by hitting menu button)

Configuration

  1. Download the web service from Github.
    1. The Pi will need to be flashed with a soft-float OS in order to support Java.  I used Debian Wheezy.  You may find these downloads here.
  2. Open the GarageDoor project in eclipse (the web service)
    1. Export the following classes into a jar file and put them inside Tomcat’s lib folder
      1. GoogleRealm
      2. GoogleUtil
      3. UserDAO
  3. Create a file called “garage_users” and place it inside the home directory of the user that Tomcat is running as
    1. Add a user by entering an email on the first line of this file, with no spaces.
  4. Configure Tomcat to use a self-signed SSL certificate for the web app.
  5. Generate a war file in eclipse and load that file into the Tomcat manager.
  6. After the SSL certificate is generated above, we can generate our custom keystore that the application will use.  Again, follow the directions on crazybob’s blog.
    1. Copy the generated file to res/raw/mystore.bks
    2. Change the password in GarageSSLSocketFactory to whatever was used when generating the keystore.

     

Reblogged from: http://ryanfx.blogspot.com/2013/06/raspberry-pi-powered-android-controlled.html

Advertisements

6 responses

  1. I really seem to go along with every aspect that has been composed
    in “Raspberry Pi Powered, Android Controlled,
    Tomcat Serviced, Remote Garage Door Opener | SainSmart”.
    Thanks a lot for all of the actual facts.Thanks a lot,Alexandra

    1. It is our honour that so many people like our blog, we will fo a better jod in the future. thanks a lot!

  2. Every weekend i used to pay a quick visit this web site, because i want enjoyment,
    since this this web page conations in fact fastidious funny material too.

    1. Thanks a lot, we will keep the effert on this and do a better job in the future.

  3. Do you do this ???? Ryan don’t answered

  4. You could certainly see your skills in the work you
    write. The world hopes for even more passionate writers such as you who
    aren’t afraid to say how they believe. All the time go after your heart.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: