def validate_signature(self, b64_claim: str, verify_kid: bool = True):
try:
b64_head, b64_payload, b64_signature, _ = b64_claim.split('.')
except ValueError:
raise SDKException(ErrorCode.invalid_b64_claim_data)
head = Header.from_base64(b64_head)
payload = Payload.from_base64(b64_payload)
signature = base64.b64decode(b64_signature)
kid = head.kid
iss_ont_id = payload.iss
msg = f'{b64_head}.{b64_payload}'.encode('ascii')
pk = ''
if verify_kid:
pub_keys = self.__sdk.native_vm.ont_id().get_public_keys(
iss_ont_id)
if len(pub_keys) == 0:
raise SDKException(ErrorCode.invalid_claim_head_params)
for pk_info in pub_keys:
if kid == pk_info.get('PubKeyId', ''):
pk = pk_info.get('Value', '')
break
else:
pk = kid.split('#')[0]
if pk == '':
raise SDKException(ErrorCode.invalid_b64_claim_data)
handler = SignatureHandler(head.alg)
result = handler.verify_signature(pk, msg, signature)
return result
def from_base64(self, b64_claim: str, is_big_endian: bool = True):
try:
b64_head, b64_payload, b64_signature, b64_blk_proof = b64_claim.split('.')
except ValueError:
raise SDKException(ErrorCode.invalid_b64_claim_data)
self.__head = Header.from_base64(b64_head)
self.__payload = Payload.from_base64(b64_payload)
self.__signature = base64.b64decode(b64_signature)
self.__blk_proof = BlockchainProof(self.__sdk).from_base64(b64_blk_proof, is_big_endian)
def test_head(self):
kid = 'did:ont:TRAtosUZHNSiLhzBdHacyxMX4Bg3cjWy3r#keys-1'
claim_header = Header(kid)
claim_header_dict = dict(claim_header)
self.assertEqual(kid, claim_header_dict['kid'])
self.assertTrue(isinstance(claim_header_dict, dict))
self.assertEqual('ONT-ES256', claim_header_dict['alg'])
self.assertEqual(96, len(claim_header.to_json()))
b64_head = claim_header.to_base64()
claim_header_recv = Header.from_base64(b64_head)
self.assertEqual(dict(claim_header), dict(claim_header_recv))
def validate_signature(self, b64_claim: str):
try:
b64_head, b64_payload, b64_signature, _ = b64_claim.split('.')
except ValueError:
raise SDKException(ErrorCode.invalid_b64_claim_data)
head = Header.from_base64(b64_head)
payload = Payload.from_base64(b64_payload)
signature = base64.b64decode(b64_signature)
kid = head.kid
iss_ont_id = payload.iss
pub_keys = self.__sdk.native_vm.ont_id().get_public_keys(iss_ont_id)
if len(pub_keys) == 0:
return False
msg = f'{b64_head}.{b64_payload}'.encode('ascii')
result = False
for pk_info in pub_keys:
if kid == pk_info.get('PubKeyId', ''):
key_type = KeyType.from_str_type(pk_info.get('Type', ''))
pk = binascii.a2b_hex(pk_info.get('Value', ''))
handler = SignatureHandler(key_type, head.alg)
result = handler.verify_signature(pk, msg, signature)
break
return result
def test_claim_head_b64(self):
self.assertEqual(
dict(self.claim_header),
dict(Header.from_base64(self.claim_header.to_base64())))