def _get_claim(workspace_contract_from, identity_workspace_contract, claim_id, mode) :
""" Internal function to access claim data """
w3 = mode.w3
contract = w3.eth.contract(identity_workspace_contract, abi=constante.workspace_ABI)
claim = contract.functions.getClaim(claim_id).call()
privacy = claim[4].decode()
ipfs_hash = claim[5]
issuer = claim[2]
scheme = claim[1]
topic_value = claim[0]
data_encrypted = Talao_ipfs.ipfs_get(ipfs_hash)
address_from = contracts_to_owners(workspace_contract_from, mode)
msg = decrypt_data(identity_workspace_contract, data_encrypted, privacy, mode, address_caller=address_from)
if msg :
data = list(msg.values())[0]
else :
logging.error('decrypt claim failed')
return None
return issuer, identity_workspace_contract, data, ipfs_hash, scheme, claim_id, privacy, topic_value
def _get_claim(workspace_contract_from, private_key_from,
identity_workspace_contract, claim_id, mode):
""" Internal function to access claim data """
w3 = mode.w3
contract = w3.eth.contract(identity_workspace_contract,
abi=constante.workspace_ABI)
claim = contract.functions.getClaim(claim_id).call()
data = claim[4].decode('utf-8') # privacy
ipfs_hash = claim[5]
issuer = claim[2]
scheme = claim[1]
topic_value = claim[0]
#topicname = topicvalue2topicname(topic_value)
if data != 'private' and data != 'secret' and data != 'public':
# compatiblité avec version precedente. data public non cryptee
to_be_decrypted = False
privacy = 'public'
else:
# toutes les datas sont encryptees
to_be_decrypted = True
privacy = data
if to_be_decrypted:
# upload data encrypted from ipfs
data_encrypted = Talao_ipfs.ipfs_get(ipfs_hash)
address_from = contracts_to_owners(workspace_contract_from, mode)
msg = privatekey.decrypt_data(identity_workspace_contract,
data_encrypted,
privacy,
mode,
address_caller=address_from)
if msg:
#data= msg[topicname]
data = list(msg.values())[0]
else:
logging.error('decrypt claim failed')
data = None
gas_used = 1000
created = ""
gas_price = 1
transaction_hash = "0"
return issuer, identity_workspace_contract, data, ipfs_hash, gas_price * gas_used, transaction_hash, scheme, claim_id, privacy, topic_value, created
def get_file(workspace_contract_from, private_key_from,
workspace_contract_user, documentId, new_filename, mode):
w3 = mode.w3
contract = w3.eth.contract(workspace_contract_user,
abi=constante.workspace_ABI)
(doctype, doctypeversion, expires, issuer, checksum, engine, ipfshash,
encrypted, related) = contract.functions.getDocument(documentId).call()
if doctype == 30000:
privacy = 'public'
elif doctype == 30001:
privacy = 'private'
elif doctype == 30002:
privacy = 'secret'
else:
logging.error('Error : wrong doctype in get file')
return None
# get transaction info
contract = w3.eth.contract(workspace_contract_user,
abi=constante.workspace_ABI)
claim_filter = contract.events.DocumentAdded.createFilter(
fromBlock=mode.fromBlock, toBlock='latest')
event_list = claim_filter.get_all_entries()
found = False
for doc in event_list:
if doc['args']['id'] == documentId:
found = True
transactionhash = doc['transactionHash']
transaction_hash = transactionhash.hex()
transaction = w3.eth.getTransaction(transaction_hash)
gas_price = transaction['gasPrice']
identity_workspace_contract = transaction['to']
block_number = transaction['blockNumber']
block = mode.w3.eth.getBlock(block_number)
date = datetime.fromtimestamp(block['timestamp'])
#gas_used = w3.eth.getTransactionReceipt(transaction_hash).gasUsed
gas_used = 1000
created = str(date)
break
if not found:
logging.error('Error : event list in get_file')
return None
# recuperation du msg
data = Talao_ipfs.ipfs_get(ipfshash.decode('utf-8'))
filename = data['filename']
# calcul de la date
expires = 'Unlimited' if expires == 0 else str(
datetime.fromtimestamp(expires))
if privacy == 'public':
to_be_decrypted = False
to_be_stored = True
elif workspace_contract_from != workspace_contract_user and privacy == 'private' and private_key_from is not None:
#recuperer les cle AES cryptée du user sur son partnership de l identité
contract = w3.eth.contract(workspace_contract_from,
abi=constante.workspace_ABI)
acct = Account.from_key(private_key_from)
mode.w3.eth.defaultAccount = acct.address
partnership_data = contract.functions.getPartnership(
workspace_contract_user).call()
# one tests if the user in in partnershipg with identity (pending or authorized)
if partnership_data[1] in [1, 2] and partnership_data[4] != b'':
his_aes_encrypted = partnership_data[4]
to_be_decrypted = True
to_be_stored = True
else:
to_be_decrypted = False
to_be_stored = False
data = {'filename': filename, 'content': "Encrypted"}
elif workspace_contract_from == workspace_contract_user:
#recuperer les cle AES cryptée dans l identité
contract = w3.eth.contract(workspace_contract_user,
abi=constante.workspace_ABI)
mydata = contract.functions.identityInformation().call()
if privacy == 'private':
his_aes_encrypted = mydata[5]
if privacy == 'secret':
his_aes_encrypted = mydata[6]
to_be_decrypted = True
to_be_stored = True
else: # workspace_contract_from != wokspace_contract_user and privacy == secret or private_key_from is None:
to_be_decrypted = False
to_be_stored = False
logging.error(
'Warning : workspace_contract_from != wokspace_contract_user and privacy == secret or private_key_from is None (file.py)'
)
data = {'filename': filename, 'content': "Encrypted"}
if to_be_decrypted:
# read la cle RSA privee sur le fichier de l identité
contract = mode.w3.eth.contract(mode.foundation_contract,
abi=constante.foundation_ABI)
address_from = contract.functions.contractsToOwners(
workspace_contract_from).call()
rsa_key = privatekey.get_key(address_from, 'rsa_key', mode)
if rsa_key is None:
logging.error('Warning : RSA key not found in file.py')
return None
# decoder la cle AES cryptée avec la cle RSA privée
key = RSA.importKey(rsa_key)
cipher = PKCS1_OAEP.new(key)
his_aes = cipher.decrypt(his_aes_encrypted)
# decoder les datas
try:
del data['filename']
b64 = data #json.loads(json_input)
json_k = ['nonce', 'header', 'ciphertext', 'tag']
jv = {k: b64decode(b64[k]) for k in json_k}
cipher = AES.new(his_aes, AES.MODE_EAX, nonce=jv['nonce'])
cipher.update(jv['header'])
plaintext = cipher.decrypt_and_verify(jv['ciphertext'], jv['tag'])
msg = json.loads(plaintext.decode('utf-8'))
data = msg
except ValueError:
logging.error("Error : data Decryption error")
return None
new_filename = filename if new_filename == "" else new_filename
if to_be_stored:
new_file = open(mode.uploads_path + new_filename, "wb")
new_file.write(b64decode(data['content']))
new_file.close()
return issuer, identity_workspace_contract, data, ipfshash.decode(
'utf-8'
), gas_price * gas_used, transaction_hash, doctype, doctypeversion, created, expires, issuer, privacy, related
def _get(workspace_contract_from, private_key_from, workspace_contract_user,
documentId, mode):
# @documentID is int
if not isinstance(documentId, int):
documentId = int(documentId)
logging.error('doc_id must be int')
w3 = mode.w3
contract = w3.eth.contract(workspace_contract_user,
abi=constante.workspace_ABI)
#try :
(doctype, doctypeversion, unused, issuer, unused, unused, ipfshash, unused,
unused) = contract.functions.getDocument(documentId).call()
#except :
# logging.error('connexion blockchain talaonet impossble, document.py')
# return None, None, None, None, None, None, None
if doctype in [50000, 40000, 10000, 15000, 20000, 11000]:
privacy = 'public'
if doctype in [50001, 40001, 15001, 20001]:
privacy = 'private'
if doctype in [50002, 40002, 20002]:
privacy = 'secret'
workspace_contract_identity = workspace_contract_user
# download from IPFS
ipfs_data = Talao_ipfs.ipfs_get(ipfshash.decode('utf-8'))
# previous version (deprecated)
if privacy == 'public' and doctypeversion == 2:
return issuer, workspace_contract_identity, ipfs_data, ipfshash.decode(
), privacy, "", 0
# data encrypted server side with AES algo and server keys (public, private, secret)
elif doctypeversion == 3:
msg = privatekey.decrypt_data(workspace_contract_user, ipfs_data,
privacy, mode)
if msg:
# decrypt avec algo AES-EAX ou AES-CBC
return issuer, workspace_contract_user, msg, ipfshash.decode(
'utf-8'), privacy, "", 0
else:
# la clé RSA n'est pas disponible sur le serveur
logging.warning('Cannot decrypt data')
return issuer, workspace_contract_user, {
"data": 'Encrypted'
}, ipfshash.decode('utf-8'), privacy, "", 0
# data encrypted server side as JWE with RSA identity key
elif doctypeversion == 4:
jwe = JsonWebEncryption()
address_user = contracts_to_owners(workspace_contract_user, mode)
key = privatekey.get_key(address_user, 'rsa_key', mode)
data = jwe.deserialize_compact(ipfs_data['jwe'], key)
payload = data['payload']
return issuer, workspace_contract_user, payload.decode(
), ipfshash.decode(), privacy, "", 0
# data encrypted server side as JWE with AES key
elif doctypeversion == 5:
jwe = JsonWebEncryption()
address_user = contracts_to_owners(workspace_contract_user, mode)
if privacy == 'public':
secret = mode.aes_public_key.encode()
else:
secret = privatekey.get_key(address_user, privacy, mode)
data = jwe.deserialize_compact(ipfs_data['jwe'], secret)
payload = data['payload']
return issuer, workspace_contract_user, payload.decode(
), ipfshash.decode(), privacy, ipfs_data['id'], ipfs_data['sequence']
# data encrypted client side as JWE. There is no server decryption.
elif doctypeversion == 6:
return issuer, workspace_contract_user, ipfs_data[
'jwe'], ipfshash.decode(), privacy, "", 0
else:
logging.error('pb doctypeversion')
return None, None, None, None, None, None, None