def _check_proof_of_identity(identity_workspace_contract, user_workspace_contract, white_list, mode) :
global counter
if identity_workspace_contract == user_workspace_contract :
return True
if contractsToOwners(user_workspace_contract, mode) in white_list :
print('One issuer in round ',counter,' is in white list')
return True
proof_list = get_proof_list(user_workspace_contract, mode)
print('There are ', len(proof_list), ' proof(s) of identity')
if not proof_list :
return False
for proof in proof_list :
issuer_workspace_contract = ownersToContracts(proof[3], mode)
counter += 1
if _check_proof_of_identity(identity_workspace_contract, issuer_workspace_contract, white_list, mode) :
return True
counter -= 1
print('No Proof of Identity with a white listed issuer')
return False
def load(self, mode, did) :
if did.split(':')[1] not in ['web', 'tz', 'ethr', 'key'] :
raise RepositoryException('DID method not supported')
self.did = did
self.private_key = '0x' + PBKDF2(did.encode(), SALT, 32, count=1000000, hmac_hash_module=SHA512).hex()
self.address = helpers.ethereum_pvk_to_address(self.private_key)
self.workspace_contract = ownersToContracts(self.address, mode)
if not self.workspace_contract or self.workspace_contract == '0x0000000000000000000000000000000000000000' :
logging.warning('no repository for this DID')
return False
self.RSA_private = privatekey.get_key(self.address, 'rsa_key', mode)
if not self.RSA_private :
logging.warning('RSA file not found')
return False
self.public_key = helpers.ethereum_pvk_to_pub(self.private_key)
self.jwk = helpers.ethereum_to_jwk(self.private_key, 'ethr')
self.private = privatekey.get_key(self.address, 'private', mode).hex()
self.secret = privatekey.get_key(self.address, 'secret', mode).hex()
self.category = get_category(self.workspace_contract, mode)
self.email = None # need email TODO
return True
def create_user(username,
email,
mode,
did='',
password='',
firstname=None,
lastname=None,
phone=''):
email = email.lower()
# Setup user address for repository
account = mode.w3.eth.account.create('KEYSMASH FJAFJKLDSKF7JKFDJ 1530' +
email)
address = account.address
private_key = account.key.hex()
# create RSA key as derivative from Ethereum private key
RSA_key, RSA_private, RSA_public = privatekey.create_rsa_key(
private_key, mode)
# Setup a key (symetric) named 'AES' to encrypt private data and to be shared with partnership
AES_key = get_random_bytes(16)
# Setup another key named 'SECRET' (symetric) to encrypt secret data
SECRET_key = get_random_bytes(16)
# AES key encrypted with RSA key
cipher_rsa = PKCS1_OAEP.new(RSA_key)
AES_encrypted = cipher_rsa.encrypt(AES_key)
# SECRET encrypted with RSA key
cipher_rsa = PKCS1_OAEP.new(RSA_key)
SECRET_encrypted = cipher_rsa.encrypt(SECRET_key)
# Email encrypted with RSA Key
bemail = bytes(email, 'utf-8')
# Ether transfer from TalaoGen wallet
hash = ether_transfer(address, mode.ether2transfer, mode)
logging.info('ether transfer done')
# Talao tokens transfer from TalaoGen wallet
hash = token_transfer(address, mode.talao_to_transfer, mode)
logging.info('token transfer done')
# CreateVaultAccess call in the token to declare the identity within the Talao Token smart contract
hash = createVaultAccess(address, private_key, mode)
logging.info('create vault acces done')
# Identity setup
contract = mode.w3.eth.contract(mode.workspacefactory_contract,
abi=constante.Workspace_Factory_ABI)
nonce = mode.w3.eth.getTransactionCount(address)
txn = contract.functions.createWorkspace(1001, 1, 1, RSA_public,
AES_encrypted, SECRET_encrypted,
bemail).buildTransaction({
'chainId':
mode.CHAIN_ID,
'gas':
7500000,
'gasPrice':
mode.w3.toWei(
mode.GASPRICE, 'gwei'),
'nonce':
nonce,
})
signed_txn = mode.w3.eth.account.signTransaction(txn, private_key)
mode.w3.eth.sendRawTransaction(signed_txn.rawTransaction)
transaction_hash = mode.w3.toHex(mode.w3.keccak(signed_txn.rawTransaction))
if not mode.w3.eth.waitForTransactionReceipt(
transaction_hash, timeout=2000, poll_latency=1)['status']:
logging.error('transaction createWorkspace failed')
return None, None, None
logging.info('createWorkspace done')
# workspace_contract address to be read in fondation smart contract
workspace_contract = ownersToContracts(address, mode)
logging.info('workspace_contract has been setup = %s', workspace_contract)
# store RSA key in file ./RSA_key/rinkeby, talaonet ou ethereum
filename = "./RSA_key/" + mode.BLOCKCHAIN + '/did:talao:' + mode.BLOCKCHAIN + ':' + workspace_contract[
2:] + ".pem"
try:
file = open(filename, "wb")
file.write(RSA_private)
file.close()
logging.info('RSA key stored on disk')
except:
logging.error('RSA key not stored on disk')
# add username to register in local nameservice Database
if firstname and lastname:
filename = mode.db_path + 'person.json'
personal = json.load(open(filename, 'r'))
personal['lastname']['claim_value'] = lastname
personal['firstname']['claim_value'] = firstname
personal = json.dumps(personal, ensure_ascii=False)
else:
personal = ''
if not ns.add_identity(username,
workspace_contract,
email,
mode,
phone=phone,
password=password,
did=did,
personal=personal):
logging.error('add identity in nameservice.db failed')
return None, None, None
logging.info('add identity in nameservice.db done')
# store Ethereum private key in keystore
if not privatekey.add_private_key(private_key, mode):
logging.error('add private key in keystore failed')
return None, None, None
else:
logging.info('private key in keystore')
# key 1 issued to Web Relay to act as agent.
if not add_key(address, workspace_contract, address, workspace_contract,
private_key, mode.relay_address, 1, mode):
logging.error('add key 1 to web Relay failed')
else:
logging.info('key 1 to web Relay has been added')
# emails send to user and admin
Talao_message.messageLog(lastname, firstname, username, email,
"createidentity.py", address, private_key,
workspace_contract, "", email, "", "", mode)
# By default an email is sent to user
Talao_message.messageUser(lastname, firstname, username, email, address,
private_key, workspace_contract, mode)
logging.info('end of create identity')
return address, private_key, workspace_contract
def show_certificate(mode):
"""
# display experience certificate for anybody. Stand alone routine
# #route /guest/certificate
# @route /certificate/
"""
menu = session.get('menu', dict())
viewer = 'guest' if not session.get('username') else 'user'
try :
certificate_id = request.args['certificate_id']
method = certificate_id.split(':')[1]
# translator for repository claim
if method in ['web', 'tz', 'ethr'] :
did = 'did:' + method + ':' + certificate_id.split(':')[2]
private_key = '0x' + PBKDF2(did.encode(), SALT, 32, count=1000000, hmac_hash_module=SHA512).hex()
address = helpers.ethereum_pvk_to_address(private_key)
workspace_contract = ownersToContracts(address, mode)
claim_id = certificate_id.split(':')[4]
credential = Claim()
credential.get_by_id( mode.relay_workspace_contract, None, workspace_contract, claim_id, mode)
return jsonify(credential.claim_value)
# standard
elif method == 'talao' :
try :
doc_id = int(certificate_id.split(':')[5])
identity_workspace_contract = '0x'+ certificate_id.split(':')[3]
except :
content = json.dumps({'message' : 'request malformed'})
return Response(content, status=406, mimetype='application/json')
else :
content = json.dumps({'message' : 'method not supported'})
return Response(content, status=406, mimetype='application/json')
except :
content = json.dumps({'message' : 'request malformed'})
return Response(content, status=406, mimetype='application/json')
try :
self_claim = certificate_id.split(':')[6]
except:
self_claim = None
if session.get('certificate_id') != request.args['certificate_id'] :
certificate = Document('certificate')
if not certificate.relay_get(identity_workspace_contract, doc_id, mode) :
content = json.dumps({'message' : 'This credential does not exist or it has been deleted'})
return Response(content, status=406, mimetype='application/json')
if certificate.privacy != 'public' :
content = json.dumps({'message' : 'This credential is private'})
return Response(content, status=406, mimetype='application/json')
session['displayed_certificate'] = certificate.__dict__
if self_claim == "experience" :
description = session['displayed_certificate']['description'].replace('\r\n','<br>')
my_badge = ''
for skill in session['displayed_certificate']['skills'] :
skill_to_display = skill.replace(" ", "").capitalize().strip(',')
my_badge += """<span class="badge badge-pill badge-secondary" style="margin: 4px; padding: 8px;"> """+ skill_to_display + """</span>"""
return render_template('./certificate/self_claim.html',
**menu,
type = 'Experience',
certificate_id= certificate_id,
company = session['displayed_certificate']['company']['name'],
email = session['displayed_certificate']['company']['contact_email'],
tel = session['displayed_certificate']['company']['contact_phone'],
contact_name = session['displayed_certificate']['company']['contact_name'],
start_date = session['displayed_certificate']['start_date'],
end_date = session['displayed_certificate']['end_date'],
description = description,
badge = my_badge,
viewer=viewer,
title = session['displayed_certificate']['title'],
)
if self_claim == "skills" :
description = ""
print (session['displayed_certificate'])
for skill in session['displayed_certificate']['description'] :
description += skill["skill_name"] + " "
return render_template('./certificate/self_claim.html',
**menu,
type = 'Skill',
certificate_id= certificate_id,
description = description,
viewer=viewer,
)
if self_claim == "education" :
description = session['displayed_certificate']['description'].replace('\r\n','<br>')
my_badge = ''
for skill in session['displayed_certificate']['skills'] :
skill_to_display = skill.replace(" ", "").strip(',')
if skill_to_display :
my_badge = my_badge + """<span class="badge badge-pill badge-secondary" style="margin: 4px; padding: 8px;"> """+ skill_to_display.capitalize() + """</span>"""
return render_template('./certificate/self_claim.html',
**menu,
type = 'Education',
certificate_id= certificate_id,
company = session['displayed_certificate']['organization']['name'],
email = session['displayed_certificate']['organization']['contact_email'],
tel = session['displayed_certificate']['organization']['contact_phone'],
contact_name = session['displayed_certificate']['organization']['contact_name'],
start_date = session['displayed_certificate']['start_date'],
end_date = session['displayed_certificate']['end_date'],
description = description,
badge = my_badge,
viewer=viewer,
title = session['displayed_certificate']['title'],
link = session['displayed_certificate']['certificate_link']
)
# Experience Credential Display
if session['displayed_certificate']['credentialSubject']['credentialCategory'] == 'experience' :
yellow_star = "color: rgb(251,211,5); font-size: 12px;" # yellow
black_star = "color: rgb(0,0,0);font-size: 12px;" # black
# Icon "fa-star" treatment
score = []
context = dict()
score.append(int(session['displayed_certificate']['credentialSubject']['reviewRecommendation']['reviewRating']['ratingValue']))
score.append(int(session['displayed_certificate']['credentialSubject']['reviewDelivery']['reviewRating']['ratingValue']))
score.append(int(session['displayed_certificate']['credentialSubject']['reviewSchedule']['reviewRating']['ratingValue']))
score.append(int(session['displayed_certificate']['credentialSubject']['reviewCommunication']['reviewRating']['ratingValue']))
for q in range(0,4) :
for i in range(0,score[q]) :
context["star"+str(q)+str(i)] = yellow_star
for i in range(score[q],5) :
context ["star"+str(q)+str(i)] = black_star
if session['displayed_certificate']['credentialSubject']['skills'] :
skills = session['displayed_certificate']['credentialSubject']['skills']
my_badge = ""
for skill in skills :
if skill['description'] :
my_badge += """<span class="badge badge-pill badge-secondary" style="margin: 4px; padding: 8px;"> """+ skill['description'].strip(' ').capitalize() + """</span>"""
else :
my_badge = ""
# if there is no signature one uses Picasso signature
signature = session['displayed_certificate']['credentialSubject']['managerSignature']
if not signature :
signature = 'QmS9TTtjw1Fr5oHkbW8gcU7TnnmDvnFVUxYP9BF36kgV7u'
# if there is no logo one uses default logo
logo = session['displayed_certificate']['credentialSubject']['companyLogo']
if not logo :
logo = 'QmXKeAgNZhLibNjYJFHCiXFvGhqsqNV2sJCggzGxnxyhJ5'
# upload signature and logo on server
if not path.exists(mode.uploads_path + signature) :
url = 'https://gateway.pinata.cloud/ipfs/'+ signature
response = requests.get(url, stream=True)
with open(mode.uploads_path + signature, 'wb') as out_file:
shutil.copyfileobj(response.raw, out_file)
del response
if not path.exists(mode.uploads_path + logo) :
url = 'https://gateway.pinata.cloud/ipfs/'+ logo
response = requests.get(url, stream=True)
with open(mode.uploads_path + logo, 'wb') as out_file:
shutil.copyfileobj(response.raw, out_file)
del response
return render_template('./certificate/experience_certificate.html',
**menu,
managerName=session['displayed_certificate']['credentialSubject']['managerName'],
companyName=session['displayed_certificate']['credentialSubject']['companyName'],
badge=my_badge,
title = session['displayed_certificate']['credentialSubject']['title'],
subject_name = session['displayed_certificate']['credentialSubject']['name'],
description=session['displayed_certificate']['credentialSubject']['description'],
start_date=session['displayed_certificate']['credentialSubject']['startDate'],
end_date=session['displayed_certificate']['credentialSubject']['endDate'],
signature=signature,
logo=logo,
certificate_id=certificate_id,
viewer=viewer,
**context)
# Recommendation Certificate Display
if session['displayed_certificate']['type'] == 'recommendation' :
issuer_picture = session['displayed_certificate'].get('logo')
if session['displayed_certificate']['issuer']['category'] == 1001 :
issuer_picture = session['displayed_certificate'].get('picture')
else :
issuer_picture = session['displayed_certificate'].get('logo')
issuer_title = "" if not session['displayed_certificate'].get('title') else session['displayed_certificate']['title']
if issuer_picture :
if not path.exists(mode.uploads_path + issuer_picture) :
logging.info('picture already on disk')
url='https://gateway.pinata.cloud/ipfs/'+ issuer_picture
response = requests.get(url, stream=True)
with open(mode.uploads_path + issuer_picture, 'wb') as out_file:
shutil.copyfileobj(response.raw, out_file)
del response
description = """ " """ + session['displayed_certificate']['description'] + """ " """
return render_template('./certificate/recommendation_certificate.html',
**menu,
#identity_firstname=identity_profil['firstname'],
#identity_lastname=identity_profil['lastname'],
description=description,
issuer_picture=issuer_picture,
issuer_title=issuer_title,
issuer_firstname=session['displayed_certificate']['issuer']['firstname'] if session['displayed_certificate']['issuer']['category']== 1001 else "",
issuer_lastname=session['displayed_certificate']['issuer']['lastname']if session['displayed_certificate']['issuer']['category']== 1001 else "",
relationship=session['displayed_certificate']['relationship'],
certificate_id=certificate_id,
#identity_username=identity_username,
#issuer_username=issuer_username,
viewer=viewer
)
# Skill Certificate Display
if session['displayed_certificate']['type'] == 'skill' :
issuer_picture = session['displayed_certificate'].get('picture')
issuer_title = "" if not session['displayed_certificate'].get('title') else session['displayed_certificate']['title']
description = session['displayed_certificate']['description'].replace('\r\n','<br>')
signature = session['displayed_certificate']['signature']
logo = session['displayed_certificate']['logo']
# if there is no signature one uses Picasso signature
if not signature :
signature = 'QmS9TTtjw1Fr5oHkbW8gcU7TnnmDvnFVUxYP9BF36kgV7u'
# if there is no logo one uses default logo
if not logo :
logo = 'QmXKeAgNZhLibNjYJFHCiXFvGhqsqNV2sJCggzGxnxyhJ5'
if not path.exists(mode.uploads_path + signature) :
url = 'https://gateway.pinata.cloud/ipfs/'+ signature
response = requests.get(url, stream=True)
with open(mode.uploads_path + signature, 'wb') as out_file:
shutil.copyfileobj(response.raw, out_file)
del response
if not path.exists(mode.uploads_path + logo) :
url = 'https://gateway.pinata.cloud/ipfs/'+ logo
response = requests.get(url, stream=True)
with open(mode.uploads_path + logo, 'wb') as out_file:
shutil.copyfileobj(response.raw, out_file)
del response
return render_template('./certificate/skill_certificate.html',
**menu,
manager= session['displayed_certificate']['manager'],
#identity_firstname=identity_profil['firstname'],
#identity_lastname=identity_profil['lastname'],
#identity_name =identity_profil['firstname'] + ' ' + identity_profil['lastname'],
description=description,
issuer_picture=issuer_picture,
signature=signature,
logo=logo,
certificate_id=certificate_id,
title=session['displayed_certificate']['title'],
#issuer_name=session['displayed_certificate']['issuer']['name'],
viewer=viewer
)
# agreement certificate display
if session['displayed_certificate']['type'] == 'agreement':
description = session['displayed_certificate']['description'].replace('\r\n','<br>')
signature = session['displayed_certificate']['issued_by'].get('signature')
logo = session['displayed_certificate']['issued_by'].get('logo')
# if there is no signature or no logo , view is reduced see html else we download file rom ipfs if needed
if signature and logo :
if not path.exists(mode.uploads_path + signature) :
url = 'https://gateway.pinata.cloud/ipfs/'+ signature
response = requests.get(url, stream=True)
with open(mode.uploads_path + signature, 'wb') as out_file:
shutil.copyfileobj(response.raw, out_file)
del response
if not path.exists(mode.uploads_path + logo) :
url = 'https://gateway.pinata.cloud/ipfs/'+ logo
response = requests.get(url, stream=True)
with open(mode.uploads_path + logo, 'wb') as out_file:
shutil.copyfileobj(response.raw, out_file)
del response
if session['displayed_certificate']['service_product_group'] :
products = session['displayed_certificate']['service_product_group'].replace(' ', '').split(",")
service_product_group = ""
for product in products:
service_product_group = service_product_group + """<li class="text-dark my-2 mx-5">""" + product.capitalize() + "</li>"
else :
service_product_group = None
return render_template('./certificate/agreement_certificate.html',
**menu,
date_of_issue = session['displayed_certificate']['date_of_issue'],
date_of_validity = session['displayed_certificate']['valid_until'],
location = session['displayed_certificate']['location'],
description=description,
logo=logo,
issued_to_name = session['displayed_certificate']['issued_to'].get('name', ''),
issuer_name = session['displayed_certificate']['issued_by'].get('name',''),
issuer_siret = session['displayed_certificate']['issued_by'].get('siret', ''),
title = session['displayed_certificate']['title'],
signature=signature,
viewer=viewer,
standard=session['displayed_certificate']['standard'],
registration_number = session['displayed_certificate']['registration_number'],
service_product_group = service_product_group,
certificate_id=certificate_id,
)
# if reference credential display
if session['displayed_certificate']['credentialSubject']['credentialCategory'] == 'reference' :
yellow_star = "color: rgb(251,211,5); font-size: 12px;" # yellow
black_star = "color: rgb(0,0,0);font-size: 12px;" # black
description = session['displayed_certificate'].get('description','Unknown').replace('\r\n','<br>')
signature = session['displayed_certificate']['credentialSubject']['managerSignature']
logo = session['displayed_certificate']['credentialSubject']['companyLogo']
if signature and logo :
if not path.exists(mode.uploads_path + signature) :
url = 'https://gateway.pinata.cloud/ipfs/'+ signature
response = requests.get(url, stream=True)
with open(mode.uploads_path + signature, 'wb') as out_file:
shutil.copyfileobj(response.raw, out_file)
del response
if not path.exists(mode.uploads_path + logo) :
url = 'https://gateway.pinata.cloud/ipfs/'+ logo
response = requests.get(url, stream=True)
with open(mode.uploads_path + logo, 'wb') as out_file:
shutil.copyfileobj(response.raw, out_file)
del response
skills_str = ""
try :
for skill in session['displayed_certificate']['credentialSubject']['offers']['skills'] :
skills_str += skill['description'] + ','
except :
logging.warning('skills not found')
return render_template('./certificate/reference_certificate.html',
**menu,
issued_to_name = session['displayed_certificate']['credentialSubject']['name'],
issuanceDate = session['displayed_certificate']['issuanceDate'][:10],
startDate = session['displayed_certificate']['credentialSubject']['offers']['startDate'],
endDate = session['displayed_certificate']['credentialSubject']['offers']['endDate'],
price = session['displayed_certificate']['credentialSubject']['offers']['price'],
currency = session['displayed_certificate']['credentialSubject']['offers']['priceCurrency'],
description=session['displayed_certificate']['credentialSubject']['offers']['description'],
review= session['displayed_certificate']['credentialSubject']['review']['reviewBody'],
location=session['displayed_certificate']['credentialSubject']['offers']['location'],
logo=logo,
issuer_name = session['displayed_certificate']['credentialSubject']['companyName'],
title = session['displayed_certificate']['credentialSubject']['offers']['title'],
signature=signature,
manager = session['displayed_certificate']['credentialSubject']['companyName'],
certificate_id=certificate_id,
viewer=viewer,
skills=skills_str
)
else :
# clean up to get a standard credential
del session['displayed_certificate']['topic']
del session['displayed_certificate']['doc_id']
del session['displayed_certificate']['data_location']
del session['displayed_certificate']['privacy']
return jsonify(session['displayed_certificate'])
# for test only
if __name__ == '__main__':
import os
import environment
# Environment variables set in gunicornconf.py and transfered to environment.py
mychain = os.getenv('MYCHAIN')
myenv = os.getenv('MYENV')
# Environment setup
mode = environment.currentMode(mychain,myenv)
# test1 address
test1_address = '0x106A53E31557296Ed1a81643d81c52334bb6F435'
test1_workspace_contract = '0x3B4bA595955c8E783aB565a9564D0E7F14a6CaaC'
# thierry thevenet address
tt_address = '0xE474E9a6DFD6D8A3D60A36C2aBC428Bf54d2B1E8'
tt_workspace_contract = ownersToContracts(tt_address, mode)
# wc de masociete
workspace_contract = '0xc5C1B070b46138AC3079cD9Bce10010d6e1fCD8D'
talao_workspace_contract = '0x4562DB03D8b84C5B10FfCDBa6a7A509FF0Cdcc68'
# wc de newco 0xC15e3A2f17cD01c5A85F816165c455D9F954cBa9
newco_workspace_contract = '0xC15e3A2f17cD01c5A85F816165c455D9F954cBa9'
print('proof index= ', check_proof_of_identity(newco_workspace_contract, workspace_contract, mode))
def _create_user_step_1(wallet_address, email, mode, firstname, lastname, rsa,
private, secret, decentralized):
"""
Setup an initial random Ethereum private key and derive address
This address will be eventually the owner if the wallet is used as an Alias in the centralized mode
"""
account = mode.w3.eth.account.create('KEYSMASH FJAFJKLDSKF7JKFDJ 1530' +
email)
address = account.address
private_key = account.privateKey.hex()
"""
if mode = decentralized , all keys come from wallet
if mode = centralized , all keys are generated by server
"""
if decentralized:
# clean RSA pem key received (str)
RSA_public = rsa.encode('utf-8')
RSA_public = RSA_public.replace(b'\r\n', b'\n')
# get bytes from keys generated and encrypted client side. Keys have been passed (JS=>Python) un hex trsing
AES_encrypted = bytes.fromhex(private[2:])
SECRET_encrypted = bytes.fromhex(secret[2:])
else:
# create RSA key as derivative from Ethereum private key
RSA_key, RSA_private, RSA_public = privatekey.create_rsa_key(
private_key, mode)
# Setup a key (symetric) named 'AES' to encrypt private data and to be shared with partnership
AES_key = get_random_bytes(16)
# Setup another key named 'SECRET' (symetric) to encrypt secret data
SECRET_key = get_random_bytes(16)
# AES key encrypted with RSA key
cipher_rsa = PKCS1_OAEP.new(RSA_key)
AES_encrypted = cipher_rsa.encrypt(AES_key)
# SECRET encrypted with RSA key
cipher_rsa = PKCS1_OAEP.new(RSA_key)
SECRET_encrypted = cipher_rsa.encrypt(SECRET_key)
# store Ethereum private key in keystore
if not privatekey.add_private_key(private_key, mode):
print('Error : add private key in keystore failed')
return None, None, None
else:
print('Success : private key in keystore')
# Email requested by solidity function. it will be encrypted later on
#bemail = bytes(email.lower() , 'utf-8')
bemail = bytes(" ".lower(), 'utf-8')
# Ether transfer from TalaoGen wallet to address
ether_transfer(address, mode.ether2transfer, mode)
# Talao tokens transfer from TalaoGen wallet to address
token_transfer(address, mode.talao_to_transfer, mode)
# CreateVaultAccess call in the token to declare the identity within the Talao Token smart contract
if not createVaultAccess(address, private_key, mode):
print('Error : transaction createVaultAccess failed')
return None, None, None
# Deploy workspace contract on blockchain
contract = mode.w3.eth.contract(mode.workspacefactory_contract,
abi=constante.Workspace_Factory_ABI)
nonce = mode.w3.eth.getTransactionCount(address)
txn = contract.functions.createWorkspace(1001, 1, 1, RSA_public,
AES_encrypted, SECRET_encrypted,
bemail).buildTransaction({
'chainId':
mode.CHAIN_ID,
'gas':
7500000,
'gasPrice':
mode.w3.toWei(
mode.GASPRICE, 'gwei'),
'nonce':
nonce,
})
signed_txn = mode.w3.eth.account.signTransaction(txn, private_key)
mode.w3.eth.sendRawTransaction(signed_txn.rawTransaction)
transaction_hash = mode.w3.toHex(mode.w3.keccak(signed_txn.rawTransaction))
receipt = mode.w3.eth.waitForTransactionReceipt(transaction_hash,
timeout=2000,
poll_latency=1)
if not receipt['status']:
print('Error : transaction createWorkspace failed')
return None, None, None
# workspace_contract address to be read in foundation smart contract
workspace_contract = ownersToContracts(address, mode)
print('Success : workspace_contract has been setup = ', workspace_contract)
# if centralized, store RSA key in file ./RSA_key/rinkeby, talaonet ou ethereum
if not decentralized:
filename = "./RSA_key/" + mode.BLOCKCHAIN + '/did:talao:' + mode.BLOCKCHAIN + ':' + workspace_contract[
2:] + ".pem"
try:
file = open(filename, "wb")
file.write(RSA_private)
file.close()
print('Success : RSA key stored on disk')
except:
print('Error : RSA key not stored on disk')
# add hexpublic key for wallet address
ns.add_publickey(wallet_address, mode)
# claims for firstname and lastname
if firstname and lastname:
if not update_self_claims(address, private_key, {
'firstname': firstname,
'lastname': lastname
}, mode):
print('Error : firstname and lastname not updated')
print('Success : firstname and lastname updated')
print("Success : create identity process step 1 is over")
return address, private_key, workspace_contract
def create(self, did, mode, email=None, password=False, phone=None, wallet=None, category=1001) :
""" Main function to create a repository for a user
category is 1001 for person and 2001 for company
DID is used to generate an ethereum private key
email is used to recover in case of did keys are lost
Talao smart contract is deployed on talaonet
"""
# Setup with DID as password, deterministic way to generate an address
if not did :
logging.error('did malformed')
return False
if did.split(':')[1] not in ['web', 'tz', 'ethr', 'key'] :
logging.error('did not supported')
return False
repository = Repository()
if repository.load(mode, did) :
logging.error('A repository already exists for this DID')
return False
self.did = did
self.email = email if email else ""
if category not in [1001, 2001] :
logging.error('wrong category')
return False
self.category = category
self.private_key = '0x' + PBKDF2(self.did.encode(), SALT, 32, count=1000000, hmac_hash_module=SHA512).hex()
self.address = helpers.ethereum_pvk_to_address(self.private_key)
self.public_key = helpers.ethereum_pvk_to_pub(self.private_key)
self.jwk = helpers.ethereum_to_jwk(self.private_key, 'ethr')
# create RSA key
RSA_key = RSA.generate(2048)
self.RSA_private = RSA_key.exportKey('PEM')
self.RSA_public = RSA_key.publickey().exportKey('PEM')
logging.info('RSA key generated')
# Setup an AES key named 'private' to encrypt private data and to be shared with partnership
private = get_random_bytes(16)
self.private = private.hex()
# Setup an AES key named 'secret' to encrypt secret data FIXME
secret = get_random_bytes(16)
self.secret = secret.hex()
# AES private encrypted with RSA key
cipher_rsa = PKCS1_OAEP.new(RSA_key)
private_encrypted = cipher_rsa.encrypt(private)
# AES secret encrypted with RSA key
cipher_rsa = PKCS1_OAEP.new(RSA_key)
secret_encrypted = cipher_rsa.encrypt(secret)
try :
# Ether transfer from TalaoGen wallet
ether_transfer(self.address, mode.ether2transfer,mode)
logging.info('ether transfer done ')
# Talao tokens transfer from TalaoGen wallet
token_transfer(self.address, mode.talao_to_transfer, mode)
logging.info('token transfer done')
# CreateVaultAccess call in the token to declare the identity within the Talao Token smart contract
createVaultAccess(self.address, self.private_key, mode)
logging.info('vault access created')
except :
logging.error('init Talao protocol failed')
return False
# Identity setup
contract = mode.w3.eth.contract(mode.workspacefactory_contract,abi=constante.Workspace_Factory_ABI)
nonce = mode.w3.eth.getTransactionCount(self.address)
bemail = bytes(self.email.lower() , 'utf-8')
txn = contract.functions.createWorkspace(self.category,
1,
1,
self.RSA_public,
private_encrypted,
secret_encrypted,
bemail).buildTransaction({'chainId': mode.CHAIN_ID,
'gas': 7500000,
'gasPrice': mode.w3.toWei(mode.GASPRICE, 'gwei'),
'nonce': nonce})
signed_txn = mode.w3.eth.account.signTransaction(txn, self.private_key)
mode.w3.eth.sendRawTransaction(signed_txn.rawTransaction)
transaction_hash = mode.w3.toHex(mode.w3.keccak(signed_txn.rawTransaction))
receipt = mode.w3.eth.waitForTransactionReceipt(transaction_hash, timeout=2000, poll_latency=1)
if not receipt['status'] :
logging.error('transaction to create repository failed')
return False
# workspace_contract address to be read in fondation smart contract
self.workspace_contract = ownersToContracts(self.address, mode)
logging.info('repository has been deployed')
# store RSA key in file ./RSA_key/rinkeby, talaonet ou ethereum
filename = "./RSA_key/" + mode.BLOCKCHAIN + '/did:talao:' + mode.BLOCKCHAIN + ':' + self.workspace_contract[2:] + ".pem"
try :
file = open(filename,"wb")
file.write( self.RSA_private)
file.close()
logging.info('RSA key stored on server')
except :
logging.error('RSA key not stored on server')
return False
# store Ethereum private key in keystore
if not privatekey.add_private_key(self.private_key, mode) :
logging.error('private key storage failed')
return False
else :
logging.info('private key stored on server')
# ERC725 key 1 issued to Web Relay as the Repository Manager
if not add_key(self.address, self.workspace_contract, self.address, self.workspace_contract, self.private_key, mode.relay_address, 1, mode) :
logging.error('ERC725 key 1 to repository manager failed')
return False
else :
logging.error('ERC725 key 1 isued to repository manager')
# rewrite email for recovery
if Claim().add(self.address, self.workspace_contract, self.address, self.workspace_contract, self.private_key, 'email', self.email, 'public', mode)[0] :
logging.info('email encryted updated')
else :
logging.warning('email encrypted not updated')
logging.info('end of create repository')
return True
def history_html(workspace_contract, days, mode):
history = dict()
history_string = """ """
contract = mode.w3.eth.contract(workspace_contract,
abi=constante.workspace_ABI)
block_number = mode.w3.eth.getBlock('latest')['number']
# 30 days behind, one transaction every 15s except for Talaonet...
if mode.BLOCKCHAIN == 'talaonet':
fromblock = mode.fromBlock
else:
fromblock = block_number - (days * 24 * 60 * 4)
filter_list = [
contract.events.PartnershipRequested.createFilter(fromBlock=fromblock,
toBlock='latest'),
contract.events.PartnershipAccepted.createFilter(fromBlock=fromblock,
toBlock='latest'),
contract.events.KeyAdded.createFilter(fromBlock=fromblock,
toBlock='latest'),
contract.events.DocumentAdded.createFilter(fromBlock=fromblock,
toBlock='latest'),
contract.events.DocumentRemoved.createFilter(fromBlock=fromblock,
toBlock='latest'),
contract.events.ClaimRemoved.createFilter(fromBlock=fromblock,
toBlock='latest'),
contract.events.ClaimAdded.createFilter(fromBlock=fromblock,
toBlock='latest'),
contract.events.KeyRemoved.createFilter(fromBlock=fromblock,
toBlock='latest')
]
for i in range(0, len(filter_list)):
eventlist = filter_list[i].get_all_entries()
for doc in eventlist:
transactionhash = doc['transactionHash']
transaction = mode.w3.eth.getTransaction(transactionhash)
issuer = transaction['from']
issuer_workspace_contract = ownersToContracts(issuer, mode)
profil, category = read_profil(issuer_workspace_contract,
mode,
loading='light')
if category == 1001:
firstname = "Unknown" if profil[
'firstname'] is None else profil['firstname']
lastname = "Unknown" if profil['lastname'] is None else profil[
'lastname']
issuer_name = firstname + ' ' + lastname
if category == 2001:
issuer_name = 'unknown' if profil['name'] is None else profil[
'name']
blockNumber = transaction['blockNumber']
block = mode.w3.eth.getBlock(blockNumber)
date = datetime.fromtimestamp(block['timestamp'])
# html view preparation
issuer_name = 'me' if issuer_name == 'Relay' else issuer_name
issuer_name = 'me' if issuer_workspace_contract == workspace_contract else issuer_name
if i == 4:
history[date] = 'Document ' + str(
doc['args']['id']) + ' removed by ' + issuer_name
elif i == 3:
history[date] = 'Document ' + str(
doc['args']['id']) + ' created by ' + issuer_name
elif i == 2 and doc['args']['purpose'] == 20002:
history[date] = 'New Referent added'
elif i == 2 and doc['args']['purpose'] == 5:
history[date] = 'New issuer for White List'
elif i == 6:
history[date] = 'Personal Setting updated'
elif i == 7 and doc['args']['purpose'] == 20002:
history[date] = 'Referent removed'
elif i == 7 and doc['args']['purpose'] == 5:
history[date] = 'Issuer removed from White List'
elif i == 7 and doc['args']['purpose'] == 3:
history[date] = 'Claim Key removed'
else:
history[date] = 'unknown ' + doc['event']
sorted_history = sorted(history.items(), key=lambda x: x[0], reverse=True)
for event in sorted_history:
history_string = history_string + str(
event[0]) + ' - ' + event[1] + """<br>"""
return history_string
def create_company(email, username, did, mode, siren=None, name=None) :
global relay_address
# wallet init
account = mode.w3.eth.account.create('KEYSMASH FJAFJKLDSKF7JKFDJ 1530')
address = account.address
private_key = account.privateKey.hex()
logging.info('adresse = %s', address)
logging.info('Success : private key = %s', private_key)
# calculate RSA key
RSA_key, RSA_private, RSA_public = privatekey.create_rsa_key(private_key, mode)
# création de la cle AES
AES_key = get_random_bytes(16)
# création de la cle SECRET
SECRET_key = get_random_bytes(16)
# encryption de la cle AES avec la cle RSA
cipher_rsa = PKCS1_OAEP.new(RSA_key)
AES_encrypted=cipher_rsa.encrypt(AES_key)
# encryption de la cle SECRET avec la cle RSA
cipher_rsa = PKCS1_OAEP.new(RSA_key)
SECRET_encrypted=cipher_rsa.encrypt(SECRET_key)
# Email to bytes
bemail = bytes(email , 'utf-8')
try :
# Transaction pour le transfert des nethers depuis le portfeuille TalaoGen
h1 = ether_transfer(address, mode.ether2transfer, mode)
logging.info('ether transfer done')
# Transaction pour le transfert des tokens Talao depuis le portfeuille TalaoGen
h2 = token_transfer(address, mode.talao_to_transfer, mode)
logging.info('token transfer done')
# Transaction pour l'acces dans le token Talao par createVaultAccess
h3 = createVaultAccess(address, private_key, mode)
logging.info('create vault access done')
# Transaction pour la creation du workspace :
bemail = bytes(email , 'utf-8')
h4 = createWorkspace(address, private_key, RSA_public, AES_encrypted, SECRET_encrypted, bemail, mode, user_type=2001)
logging.info('create create workspace done')
except :
logging.error('transaction failed')
return None, None, None
if not (h1 and h2 and h3 and h4) :
logging.error('transaction failed')
return None, None, None
# lecture de l'adresse du workspace contract dans la fondation
workspace_contract = ownersToContracts(address, mode)
logging.info( 'workspace contract = %s', workspace_contract)
# store RSA key in file ./RSA_key/rinkeby, talaonet ou ethereum
filename = "./RSA_key/" + mode.BLOCKCHAIN + '/did:talao:' + mode.BLOCKCHAIN + ':' + workspace_contract[2:] + ".pem"
try :
file = open(filename,"wb")
file.write(RSA_private)
file.close()
logging.info('RSA key stored on disk')
except :
logging.error(' RSA key not stored on disk')
# add private key in keystore
if privatekey.add_private_key(private_key, mode) :
logging.info('private key added in keystore ')
else :
logging.error('add private key failed')
return None, None, None
# update resolver and create local database for this company
if not ns.add_identity(username, workspace_contract, email, mode, did=did) :
logging.error('add identity in nameservice failed')
return None, None, None
# create database for manager within the company
if not ns.init_host(username, mode) :
logging.error('add company in nameservice failed')
# For setup of new chain one need to first create workspaces for Relay and Talao
if username != 'relay' and username != 'talao' :
# management key (1) issued to Relay
add_key(address, workspace_contract, address, workspace_contract, private_key, mode.relay_address, 1, mode)
if username == 'relay' :
# one stores relay address for Talao workspace setup
relay_address = address
if username == 'talao' :
add_key(address, workspace_contract, address, workspace_contract, private_key, relay_address, 1, mode)
# send messages
Talao_message.messageLog("no lastname","no firstname", username, email, 'Company created by Talao', address, private_key, workspace_contract, "", email, "", "", mode)
# one sends an email by default
Talao_message.messageUser("no lastname", "no firstname", username, email, address, private_key, workspace_contract, mode)
logging.info('end of of create company')
return address, private_key, workspace_contract