def verifySig(identifier, signature, msg) -> bool:
key = cryptonymToHex(identifier) if not isHex(identifier) else identifier
ser = serializeForSig(msg)
b64sig = signature.encode('utf-8')
sig = b64decode(b64sig)
vr = Verifier(key)
return vr.verify(sig, ser)
def testFullSigning():
# stored securely/privately
seed = randombytes(32)
# generates key pair based on seed
sk = SigningKey(seed=seed)
# helper for signing
signer = Signer(sk)
# this is the public key used to verify signatures (securely shared before-hand with recipient)
verkey = signer.verhex
# the message to be signed
msg = b'1234'
# the signature
sig = signer.signature(msg)
# helper for verification
vr = Verifier(verkey)
# verification
isVerified = vr.verify(sig, msg)
assert isVerified
def testFullSigning():
# stored securely/privately
seed = randombytes(32)
# generates key pair based on seed
sk = SigningKey(seed=seed)
# helper for signing
signer = Signer(sk)
# this is the public key used to verify signatures (securely shared before-hand with recipient)
verkey = signer.verhex
# the message to be signed
msg = b'1234'
# the signature
sig = signer.signature(msg)
# helper for verification
vr = Verifier(verkey)
# verification
isVerified = vr.verify(sig, msg)
assert isVerified
def authenticate(self,
msg: Mapping,
identifier: str=None,
signature: str=None) -> bool:
"""
Authenticate the client's message with the signature provided.
:param identifier: some unique identifier; if None, then try to use
msg['clientId'] as identifier
:param signature: a utf-8 and base64 encoded signature
:param msg: the message to authenticate
:return: the identifier; an exception of type SigningException is
raised if the signature is not valid
"""
try:
if not signature:
try:
signature = msg["signature"]
if not signature:
raise EmptySignature
except KeyError:
raise MissingSignature
if not identifier:
try:
identifier = msg[f.CLIENT_ID.nm]
if not identifier:
raise EmptyIdentifier
except KeyError:
raise MissingIdentifier
b64sig = signature.encode('utf-8')
sig = b64decode(b64sig)
ser = serializeForSig(msg)
try:
verkey = self.clients[identifier]
except KeyError:
raise InvalidIdentifier
vr = Verifier(verkey)
isVerified = vr.verify(sig, ser)
if not isVerified:
raise InvalidSignature
except SigningException:
raise
except Exception as ex:
raise CouldNotAuthenticate from ex
return identifier
def authenticate(self,
msg: Dict,
identifier: str = None,
signature: str = None) -> str:
try:
if not signature:
try:
signature = msg[f.SIG.nm]
if not signature:
raise EmptySignature(identifier, msg.get(f.REQ_ID.nm))
except KeyError:
raise MissingSignature
if not identifier:
try:
identifier = msg[f.IDENTIFIER.nm]
if not identifier:
raise EmptyIdentifier
except KeyError:
raise MissingIdentifier
b64sig = signature.encode('utf-8')
sig = b64decode(b64sig)
ser = serializeForSig(msg)
try:
verkey = self.getVerkey(identifier)
except KeyError:
# TODO: Should probably be called UnknownIdentifier
raise InvalidIdentifier(identifier, msg.get(f.REQ_ID.nm))
vr = Verifier(verkey)
isVerified = vr.verify(sig, ser)
if not isVerified:
raise InvalidSignature
except SigningException as e:
raise e
except Exception as ex:
raise CouldNotAuthenticate from ex
return identifier
def authenticate(self,
msg: Dict,
identifier: str = None,
signature: str = None) -> str:
try:
if not signature:
try:
signature = msg[f.SIG.nm]
if not signature:
raise EmptySignature(identifier, msg.get(f.REQ_ID.nm))
except KeyError:
raise MissingSignature
if not identifier:
try:
identifier = msg[f.IDENTIFIER.nm]
if not identifier:
raise EmptyIdentifier
except KeyError:
raise MissingIdentifier
b64sig = signature.encode('utf-8')
sig = b64decode(b64sig)
ser = serializeForSig(msg)
try:
verkey = self.getVerkey(identifier)
except KeyError:
# TODO: Should probably be called UnknownIdentifier
raise InvalidIdentifier(identifier, msg.get(f.REQ_ID.nm))
vr = Verifier(verkey)
isVerified = vr.verify(sig, ser)
if not isVerified:
raise InvalidSignature
except SigningException as e:
raise e
except Exception as ex:
raise CouldNotAuthenticate from ex
return identifier
class DidVerifier(Verifier):
def __init__(self, verkey, identifier=None):
self._verkey = None
self._vr = None
if identifier:
rawIdr = b58decode(identifier)
if len(rawIdr) == 32 and not verkey: # assume cryptonym
verkey = identifier
if verkey[0] == '~': # abbreviated
verkey = b58encode(
b58decode(identifier) + b58decode(verkey[1:]))
self.verkey = verkey
@property
def verkey(self):
return self._verkey
@verkey.setter
def verkey(self, value):
self._verkey = value
self._vr = NaclVerifier(b58decode(value))
def verify(self, sig, msg) -> bool:
return self._vr.verify(sig, msg)
class DidVerifier(Verifier):
def __init__(self, verkey, identifier=None):
self._verkey = None
self._vr = None
if identifier:
rawIdr = b58decode(identifier)
if len(rawIdr) == 32 and not verkey: # assume cryptonym
verkey = identifier
if verkey[0] == '~': # abbreviated
verkey = b58encode(b58decode(identifier) +
b58decode(verkey[1:]))
self.verkey = verkey
@property
def verkey(self):
return self._verkey
@verkey.setter
def verkey(self, value):
self._verkey = value
self._vr = NaclVerifier(b58decode(value))
def verify(self, sig, msg) -> bool:
return self._vr.verify(sig, msg)
def verkey(self, value):
self._verkey = value
self._vr = NaclVerifier(b58decode(value))
def verkey(self, value):
self._verkey = value
self._vr = NaclVerifier(b58decode(value))
