def validate_signature(self, b64_claim: str, verify_kid: bool = True):
try:
b64_head, b64_payload, b64_signature, _ = b64_claim.split('.')
except ValueError:
raise SDKException(ErrorCode.invalid_b64_claim_data)
head = Header.from_base64(b64_head)
payload = Payload.from_base64(b64_payload)
signature = base64.b64decode(b64_signature)
kid = head.kid
iss_ont_id = payload.iss
msg = f'{b64_head}.{b64_payload}'.encode('ascii')
pk = ''
if verify_kid:
pub_keys = self.__sdk.native_vm.ont_id().get_public_keys(
iss_ont_id)
if len(pub_keys) == 0:
raise SDKException(ErrorCode.invalid_claim_head_params)
for pk_info in pub_keys:
if kid == pk_info.get('PubKeyId', ''):
pk = pk_info.get('Value', '')
break
else:
pk = kid.split('#')[0]
if pk == '':
raise SDKException(ErrorCode.invalid_b64_claim_data)
handler = SignatureHandler(head.alg)
result = handler.verify_signature(pk, msg, signature)
return result
def generate_signature(self, msg: bytes, signature_scheme: SignatureScheme):
if signature_scheme == SignatureScheme.SHA256withECDSA:
handler = SignatureHandler(self.__keyType, signature_scheme)
signature_value = handler.generateSignature(b2a_hex(self.__private_key), msg)
byte_signature = Signature(signature_scheme, signature_value).to_byte()
else:
raise TypeError
return byte_signature
def generate_signature(self, msg: bytes):
handler = SignatureHandler(self.__signature_scheme)
signature_value = handler.generate_signature(bytes.hex(self.__private_key), msg)
bytes_signature = Signature(self.__signature_scheme, signature_value).to_bytes()
result = handler.verify_signature(self.__public_key, msg, bytes_signature)
if not result:
raise SDKException(ErrorCode.invalid_signature_data)
return bytes_signature
def test_generateSignature(self):
acc = Account(
"75de8489fcb2dcaf2ef3cd607feffde18789de7da129b5e97c81e001793cb7cf")
sigaa = "01cf157a48216bfcd455a97a39c0ad65bd1b27d1da07965b19848146045c9f2e5a12f905a5ee0923412d589e615a5d6954c58cade367dce67fcf13eaa82c12e87a"
byte_signature = acc.generate_signature(
"sss".encode(), SignatureScheme.SHA256withECDSA)
handler = SignatureHandler(KeyType.ECDSA,
SignatureScheme.SHA256withECDSA)
res = handler.verify_signature(acc.serialize_public_key(),
"sss".encode(),
bytearray.fromhex(sigaa))
self.assertTrue(res)
def test_signature(self):
for strength in self.strengths:
master_key = HDPrivateKey.master_key_from_mnemonic(
self.mnemonic.generate(strength))
acct = Account(master_key.hex())
signature = acct.generate_signature(self.msg)
self.assertTrue(acct.verify_signature(self.msg, signature))
root_sk = HDPrivateKey.from_path(master_key)[-1]
root_pk = root_sk.public_key
bip32_root_pk = root_pk.b58encode()
for index in range(10):
child_sk = HDPrivateKey.from_path(root_sk, f'0/{index}')[-1]
child_pk = HDPublicKey.from_path(
HDPublicKey.b58decode(bip32_root_pk), f'0/{index}')[-1]
child_acct = Account(child_sk.hex())
signature = child_acct.generate_signature(self.msg)
handler = SignatureHandler(SignatureScheme.SHA256withECDSA)
handler.verify_signature(child_pk.hex(), self.msg, signature)
def test_sig_data(self):
sdk.service.sig_svr.connect_to_localhost()
export_path = path.dirname(__file__)
result = sdk.service.sig_svr.export_account(export_path)
wm = sdk.wallet_manager
wm.open_wallet(result['wallet_file'])
try:
self.assertEqual(result['account_num'], len(wm.get_acct_data_list()))
acct = wm.get_wallet().get_account_by_index(0)
b58_address = acct.b58_address
scheme = acct.signature_scheme
msg = b'Hello, world!'
result = sdk.service.sig_svr.sig_data(bytes.hex(msg), b58_address, password)
signature = bytes.fromhex(result.get('signed_data', ''))
handler = SignatureHandler(scheme)
is_valid = handler.verify_signature(acct.public_key, msg, signature)
self.assertTrue(is_valid)
finally:
wm.del_wallet_file()
def validate_signature(self, b64_claim: str):
try:
b64_head, b64_payload, b64_signature, _ = b64_claim.split('.')
except ValueError:
raise SDKException(ErrorCode.invalid_b64_claim_data)
head = Header.from_base64(b64_head)
payload = Payload.from_base64(b64_payload)
signature = base64.b64decode(b64_signature)
kid = head.kid
iss_ont_id = payload.iss
pub_keys = self.__sdk.native_vm.ont_id().get_public_keys(iss_ont_id)
if len(pub_keys) == 0:
return False
msg = f'{b64_head}.{b64_payload}'.encode('ascii')
result = False
for pk_info in pub_keys:
if kid == pk_info.get('PubKeyId', ''):
key_type = KeyType.from_str_type(pk_info.get('Type', ''))
pk = binascii.a2b_hex(pk_info.get('Value', ''))
handler = SignatureHandler(key_type, head.alg)
result = handler.verify_signature(pk, msg, signature)
break
return result
def verify_signature(self, public_key: bytearray, data: bytearray,
signature: bytearray):
key_type = KeyType.ECDSA
if len(public_key) == 33:
key_type = KeyType.ECDSA
elif len(public_key) == 35:
key_type = KeyType.from_label(public_key[0])
handler = SignatureHandler(key_type, SignatureScheme.SHA256withECDSA)
if key_type == KeyType.ECDSA:
handler = SignatureHandler(key_type,
SignatureScheme.SHA256withECDSA)
elif key_type == KeyType.SM2:
handler = SignatureHandler(key_type, SignatureScheme.SM3withSM2)
else:
raise Exception("unsupport key type")
return handler.verify_signature(public_key, data, signature)
def test_verify_cyano_signature(self):
msg = b'123'
sign = '0b6912568942a1e646b3a532dc904e965eb1085bab877bc34fe06768257f07b3' \
'079af3fa69fc759b51fa2bf894a7fd748ab5bc326c8663a01f90dcc518184e65'
pk = '03036c12be3726eb283d078dff481175e96224f0b0c632c7a37e10eb40fe6be889'
handler = SignatureHandler(SignatureScheme.SHA256withECDSA)
result = handler.verify_signature(bytes.fromhex(pk), msg, bytes.fromhex(sign))
self.assertTrue(result)
sign = '010b6912568942a1e646b3a532dc904e965eb1085bab877bc34fe06768257f07b' \
'3079af3fa69fc759b51fa2bf894a7fd748ab5bc326c8663a01f90dcc518184e65'
handler = SignatureHandler(SignatureScheme.SHA256withECDSA)
result = handler.verify_signature(bytes.fromhex(pk), msg, bytes.fromhex(sign))
self.assertTrue(result)
def verify_signature(self, msg: bytearray, signature: bytearray):
if msg is None or signature is None:
raise Exception(ErrorCode.param_err("param should not be None"))
handler = SignatureHandler(self.__keyType, self.__signature_scheme)
return handler.verify_signature(self.serialize_public_key(), msg,
signature)
def verify_signature(self, msg: bytes, signature: bytes):
if msg is None or signature is None:
raise Exception(ErrorCode.param_err("param should not be None"))
handler = SignatureHandler(self.__signature_scheme)
return handler.verify_signature(self.get_public_key_bytes(), msg, signature)