def test_payload(self): ver = '0.7.0' iss = 'did:ont:TRAtosUZHNSiLhzBdHacyxMX4Bg3cjWy3r' sub = 'did:ont:SI59Js0zpNSiPOzBdB5cyxu80BO3cjGT70' iat = 1525465044 exp = 1530735444 jti = '4d9546fdf2eb94a364208fa65a9996b03ba0ca4ab2f56d106dac92e891b6f7fc' context = 'https://example.com/template/v1' clm = dict(Name='Bob Dylan', Age='22') clm_rev = dict(typ='AttestContract', addr='8055b362904715fd84536e754868f4c8d27ca3f6') claim_payload = Payload(ver, iss, sub, iat, exp, context, clm, clm_rev, jti) claim_payload_dict = dict(claim_payload) self.assertEqual(ver, claim_payload_dict['ver']) self.assertEqual(iss, claim_payload_dict['iss']) self.assertEqual(sub, claim_payload_dict['sub']) self.assertEqual(iat, claim_payload_dict['iat']) self.assertEqual(exp, claim_payload_dict['exp']) self.assertEqual(jti, claim_payload_dict['jti']) self.assertEqual(64, len(claim_payload_dict['jti'])) self.assertEqual(context, claim_payload_dict['@context']) self.assertEqual(clm, claim_payload_dict['clm']) self.assertEqual(clm_rev, claim_payload_dict['clm-rev']) b64_payload = claim_payload.to_base64() claim_payload_recv = Payload.from_base64(b64_payload) self.assertEqual(dict(claim_payload), dict(claim_payload_recv))
def set_claim(self, kid: str, iss_ont_id: str, sub_ont_id: str, exp: int, context: str, clm: dict, clm_rev: dict, jti: str = '', ver: str = 'v1.0'): if not isinstance(jti, str): raise SDKException(ErrorCode.require_str_params) if jti == '': jti = Digest.sha256(uuid.uuid1().bytes, is_hex=True) self.__head = Header(kid) self.__payload = Payload(ver, iss_ont_id, sub_ont_id, int(time()), exp, context, clm, clm_rev, jti)
def validate_signature(self, b64_claim: str, verify_kid: bool = True): try: b64_head, b64_payload, b64_signature, _ = b64_claim.split('.') except ValueError: raise SDKException(ErrorCode.invalid_b64_claim_data) head = Header.from_base64(b64_head) payload = Payload.from_base64(b64_payload) signature = base64.b64decode(b64_signature) kid = head.kid iss_ont_id = payload.iss msg = f'{b64_head}.{b64_payload}'.encode('ascii') pk = '' if verify_kid: pub_keys = self.__sdk.native_vm.ont_id().get_public_keys( iss_ont_id) if len(pub_keys) == 0: raise SDKException(ErrorCode.invalid_claim_head_params) for pk_info in pub_keys: if kid == pk_info.get('PubKeyId', ''): pk = pk_info.get('Value', '') break else: pk = kid.split('#')[0] if pk == '': raise SDKException(ErrorCode.invalid_b64_claim_data) handler = SignatureHandler(head.alg) result = handler.verify_signature(pk, msg, signature) return result
def from_base64(self, b64_claim: str, is_big_endian: bool = True): try: b64_head, b64_payload, b64_signature, b64_blk_proof = b64_claim.split('.') except ValueError: raise SDKException(ErrorCode.invalid_b64_claim_data) self.__head = Header.from_base64(b64_head) self.__payload = Payload.from_base64(b64_payload) self.__signature = base64.b64decode(b64_signature) self.__blk_proof = BlockchainProof(self.__sdk).from_base64(b64_blk_proof, is_big_endian)
def validate_signature(self, b64_claim: str): try: b64_head, b64_payload, b64_signature, _ = b64_claim.split('.') except ValueError: raise SDKException(ErrorCode.invalid_b64_claim_data) head = Header.from_base64(b64_head) payload = Payload.from_base64(b64_payload) signature = base64.b64decode(b64_signature) kid = head.kid iss_ont_id = payload.iss pub_keys = self.__sdk.native_vm.ont_id().get_public_keys(iss_ont_id) if len(pub_keys) == 0: return False msg = f'{b64_head}.{b64_payload}'.encode('ascii') result = False for pk_info in pub_keys: if kid == pk_info.get('PubKeyId', ''): key_type = KeyType.from_str_type(pk_info.get('Type', '')) pk = binascii.a2b_hex(pk_info.get('Value', '')) handler = SignatureHandler(key_type, head.alg) result = handler.verify_signature(pk, msg, signature) break return result
class Claim(object): def __init__(self, sdk): self.__sdk = sdk self.__head = None self.__payload = None self.__signature = b'' self.__blk_proof = BlockchainProof(sdk) def __iter__(self): data = dict(Header=dict(self.__head), Payload=dict(self.__payload), Signature=self.to_str_signature(), Proof=dict(self.__blk_proof)) for key, value in data.items(): yield (key, value) @property def claim_id(self): if not isinstance(self.__payload, Payload): return '' return self.__payload.jti @property def head(self): return self.__head @head.setter def head(self, kid: str): if not isinstance(kid, str): raise SDKException(ErrorCode.require_str_params) self.__head = Header(kid) @property def payload(self): return self.__payload @property def signature(self): return self.__signature @property def blk_proof(self): return self.__blk_proof @blk_proof.setter def blk_proof(self, blk_proof: dict): self.__blk_proof.proof = blk_proof def set_claim(self, kid: str, iss_ont_id: str, sub_ont_id: str, exp: int, context: str, clm: dict, clm_rev: dict, jti: str = '', ver: str = 'v1.0'): if not isinstance(jti, str): raise SDKException(ErrorCode.require_str_params) if jti == '': jti = Digest.sha256(uuid.uuid1().bytes, is_hex=True) self.__head = Header(kid) self.__payload = Payload(ver, iss_ont_id, sub_ont_id, int(time()), exp, context, clm, clm_rev, jti) def generate_signature(self, iss: Account, verify_kid: bool = True): if not isinstance(self.__head, Header) or not isinstance(self.__payload, Payload): raise SDKException(ErrorCode.other_error('Please set claim parameters first.')) if verify_kid: key_index = int(self.__head.kid.split('-')[1]) result = self.__sdk.native_vm.ont_id().verify_signature(iss.get_ont_id(), key_index, iss) if not result: raise SDKException(ErrorCode.other_error('Issuer account error.')) b64_head = self.__head.to_base64() b64_payload = self.__payload.to_base64() msg = f'{b64_head}.{b64_payload}'.encode('utf-8') self.__signature = iss.generate_signature(msg) return self.__signature def validate_signature(self, b64_claim: str): try: b64_head, b64_payload, b64_signature, _ = b64_claim.split('.') except ValueError: raise SDKException(ErrorCode.invalid_b64_claim_data) head = Header.from_base64(b64_head) payload = Payload.from_base64(b64_payload) signature = base64.b64decode(b64_signature) kid = head.kid iss_ont_id = payload.iss msg = f'{b64_head}.{b64_payload}'.encode('ascii') pk = '' pub_keys = self.__sdk.native_vm.ont_id().get_public_keys(iss_ont_id) if len(pub_keys) == 0: raise SDKException(ErrorCode.invalid_claim_head_params) for pk_info in pub_keys: if kid == pk_info.get('PubKeyId', ''): pk = pk_info.get('Value', '') break if pk == '': raise SDKException(ErrorCode.invalid_b64_claim_data) handler = SignatureHandler(head.alg) result = handler.verify_signature(pk, msg, signature) return result def to_bytes_signature(self): return self.__signature def to_str_signature(self): return self.__signature.decode('latin-1') def to_b64_signature(self): return base64.b64encode(self.to_bytes_signature()).decode('ascii') @staticmethod def from_base64_signature(b64_signature: str): return bytes.hex(base64.b64decode(b64_signature)) def generate_blk_proof(self, iss_acct: Account, payer: Account, gas_limit: int, gas_price: int, is_big_endian: bool = True, hex_contract_address: str = ''): if not isinstance(hex_contract_address, str): raise SDKException(ErrorCode.require_str_params) if len(hex_contract_address) != 0 and len(hex_contract_address) == 40: self.__sdk.neo_vm.claim_record().hex_contract_address = hex_contract_address tx_hash = self.__sdk.neo_vm.claim_record().commit(self.payload.jti, iss_acct, self.payload.sub, payer, gas_limit, gas_price) sleep(12) hex_contract_address = self.__sdk.neo_vm.claim_record().hex_contract_address merkle_proof = self.__sdk.get_network().get_merkle_proof(tx_hash) tx_block_height = merkle_proof['BlockHeight'] current_block_height = merkle_proof['CurBlockHeight'] target_hash = merkle_proof['TransactionsRoot'] merkle_root = merkle_proof['CurBlockRoot'] target_hash_list = merkle_proof['TargetHashes'] proof_node = MerkleVerifier.get_proof(tx_block_height, target_hash_list, current_block_height) result = MerkleVerifier.validate_proof(proof_node, target_hash, merkle_root, is_big_endian) if not result: raise SDKException(ErrorCode.other_error('Invalid merkle proof')) self.__blk_proof.set_proof(tx_hash, hex_contract_address, tx_block_height, merkle_root, proof_node) return self.__blk_proof def validate_blk_proof(self, is_big_endian: bool = True): return self.__blk_proof.validate_blk_proof(is_big_endian) def to_base64(self): b64_head = self.__head.to_base64() b64_payload = self.__payload.to_base64() b64_signature = self.to_b64_signature() b64_blockchain_proof = self.__blk_proof.to_base64() return f'{b64_head}.{b64_payload}.{b64_signature}.{b64_blockchain_proof}' def from_base64(self, b64_claim: str, is_big_endian: bool = True): try: b64_head, b64_payload, b64_signature, b64_blk_proof = b64_claim.split('.') except ValueError: raise SDKException(ErrorCode.invalid_b64_claim_data) self.__head = Header.from_base64(b64_head) self.__payload = Payload.from_base64(b64_payload) self.__signature = base64.b64decode(b64_signature) self.__blk_proof = BlockchainProof(self.__sdk).from_base64(b64_blk_proof, is_big_endian)