def validate_certificate(cert, hash_prefix, testnet):
filename = os.path.basename(cert)
tmp_filename = '__' + filename
shutil.copy(cert, tmp_filename)
proof = get_and_remove_chainpoint_proof(tmp_filename)
if proof == None:
os.remove(tmp_filename)
return False
# get the hash after removing the metadata
filehash = ''
with open(tmp_filename, 'rb') as pdf_file:
filehash = hashlib.sha256(pdf_file.read()).hexdigest()
# cleanup now that we got original filehash
os.remove(tmp_filename)
# validate receipt
cp = ChainPointV2()
if cp.validate_receipt(proof, filehash, hash_prefix, testnet):
return True
else:
return False
def prepare_chainpoint_tree(hashes):
cp = ChainPointV2()
cp.add_leaf(hashes)
cp.make_tree()
return cp
def validate_certificate(cert, issuer_identifier, testnet):
valid_certificate = False
filename = os.path.basename(cert)
tmp_filename = '__' + filename
shutil.copy(cert, tmp_filename)
proof = get_and_remove_chainpoint_proof(tmp_filename)
if proof == None:
os.remove(tmp_filename)
return False
# get the hash after removing the metadata
filehash = ''
with open(tmp_filename, 'rb') as pdf_file:
filehash = hashlib.sha256(pdf_file.read()).hexdigest()
# cleanup now that we got original filehash
os.remove(tmp_filename)
# validate receipt
cp = ChainPointV2()
if cp.validate_receipt(proof, filehash, issuer_identifier, testnet):
valid_certificate = True
else:
return False
# blockchain receipt is valid but we need to also check if the certificate
# was revoked after issuing
txid = proof['anchors'][0]['sourceId']
data_before_issuance, data_after_issuance = network_utils.get_all_op_return_hexes(
txid, testnet)
# check if cert or batch was revoked from oldest to newest; if a valid
# revoke address is found further commands are ignored
# (TODO: REVOKE ADDRESS CMD
for op_return in reversed(data_after_issuance):
cred_dict = cred_protocol.parse_op_return_hex(op_return)
if cred_dict:
if cred_dict['cmd'] == cred_protocol.hex_op('op_revoke_batch'):
if txid == cred_dict['data']['txid']:
return False # log: cert invalid - batch was revoked
elif cred_dict['cmd'] == cred_protocol.hex_op('op_revoke_creds'):
if txid == cred_dict['data']['txid']:
# compare the certificate hash bytes
filehash_bytes = utils.hex_to_bytes(filehash)
ripemd_filehash = utils.ripemd160(filehash_bytes)
ripemd_hex = utils.bytes_to_hex(ripemd_filehash)
if ripemd_hex == cred_dict['data']['hashes'][0]:
return False # log: cert invalid - cert was revoked
if len(cred_dict['data']['hashes']) > 1:
if ripemd_hex == cred_dict['data']['hashes'][1]:
return False # log: cert invalid - cert was revoked
elif cred_dict['cmd'] == cred_protocol.hex_op('op_revoke_address'):
# if correct address and valid revoke then stop checking other
# revokes and break loop (TODO: REVOKE ADDRESS CMD)
print("TODO: revoke address not implemented yet!")
# check if cert's issuance is after a revoke address cmd on that address
# TODO: REVOKE ADDRESS CMD
# check the data_before_issuance... and return False!!
return True