def verifySignature(self, msg: Dict[str, str]): signature = msg.get(f.SIG.nm) identifier = msg.get(IDENTIFIER) msgWithoutSig = {k: v for k, v in msg.items() if k != f.SIG.nm} # TODO This assumes the current key is the cryptonym. This is a BAD # ASSUMPTION!!! Sovrin needs to provide the current key. ser = serializeMsg(msgWithoutSig) signature = b58decode(signature.encode()) typ = msg.get(TYPE) # TODO: Maybe keeping ACCEPT_INVITE open is a better option than keeping # an if condition here? if typ == ACCEPT_INVITE: verkey = msg.get(VERKEY) else: try: link = self.getLinkForMsg(msg) verkey = self.getVerkeyForLink(link) except (LinkNotFound, VerkeyNotFound): # This is for verification of `NOTIFY` events link = self.wallet.getLinkBy(remote=identifier) # TODO: If verkey is None, it should be fetched from Sovrin. # Assuming CID for now. verkey = link.remoteVerkey v = DidVerifier(verkey, identifier=identifier) if not v.verify(signature, ser): raise SignatureRejected else: if typ == ACCEPT_INVITE: self.logger.info('Signature accepted.') return True
def sign(self, msg: Dict) -> Dict: """ Return a signature for the given message. """ ser = serializeMsg(msg) bsig = self.naclSigner.signature(ser) sig = base58.b58encode(bsig) return sig
def getDigest(self): return sha256(serializeMsg(self.signingState)).hexdigest()
def verifyMsg(self, sig, msg: Dict): ser = serializeMsg(msg) return self.verify(sig, ser)
def serializeForSig(self, msg): return serializeMsg(msg)
def serializeForSig(self, msg, topLevelKeysToIgnore=None): return serializeMsg(msg, topLevelKeysToIgnore=topLevelKeysToIgnore)
def digest(self): # The digest needs to be of the whole request. If only client id and # request id are used to construct digest, then a malicious client might # send different operations to different nodes and the nodes will not # realize an have different ledgers. return sha256(serializeMsg(self.__dict__)).hexdigest()