def getUserVirgilJWT(): try: if not g.user: print('ERROR: No user to get Virgil JWT for.') return "", constants.STATUS_BAD_REQUEST crypto = VirgilCrypto() api_id = os.environ['VIRGIL_API_ID'] api_key_id = os.environ['VIRGIL_API_KEY_ID'] api_private_key = os.environ['VIRGIL_API_PRIVATE_KEY_ID'] token_ttl = 20 # seconds imported_key = crypto.import_private_key( Utils.b64decode(api_private_key)).private_key # Instantiate token generator builder = JwtGenerator(api_id, imported_key, api_key_id, token_ttl, AccessTokenSigner()) token = builder.generate_token(str(g.user.id)).to_string() return jsonify({"token": token}), constants.STATUS_OK except Exception as err: print('Error getting the Virgil JWT: ' + str(err)) return "", constants.STATUS_SERVER_ERROR return "", constants.STATUS_SERVER_ERROR
class VirgilKeyGenerator(KeyGeneratorInterface): """ Represents key pair entity for virgil_crypto lib usage only """ def __init__(self, key_type: str, private_key=None, public_key=None, ec_type=VirgilKeyPair.Type_EC_SECP256R1, hash_type=HashAlgorithm.SHA256): self._crypto = VirgilCrypto() self._crypto.signature_hash_algorithm = hash_type self.__hash_type = hash_type self.__key_type = key_type self.__ec_type = ec_type self.__public_key = None if not public_key else b64_to_bytes( public_key) self.__private_key = None if not private_key else b64_to_bytes( private_key) self.__key_id = None self.__signature = None self.device_serial = None def generate(self, *, signature_limit=None, rec_pub_keys=None, signer_key: Optional[KeyGeneratorInterface] = None, private_key_base64: Optional[str] = None, start_date: Optional[int] = 0, expire_date: Optional[int] = 0, meta_data: Optional[bytes] = bytes()): def make_signature(): byte_buffer = io.BytesIO() # vs_pubkey_dated_t byte_buffer.write( start_date.to_bytes(4, byteorder='big', signed=False)) byte_buffer.write( expire_date.to_bytes(4, byteorder='big', signed=False)) byte_buffer.write( self.key_type_secmodule.to_bytes(1, byteorder='big', signed=False)) byte_buffer.write( self.ec_type_secmodule.to_bytes(1, byteorder='big', signed=False)) byte_buffer.write( len(meta_data).to_bytes(2, byteorder='big', signed=False)) byte_buffer.write(meta_data) byte_buffer.write(b64_to_bytes(self.public_key)) bytes_to_sign = byte_buffer.getvalue() return signer_key.sign(to_b64(bytes_to_sign), long_sign=False) if private_key_base64: self.__private_key = b64_to_bytes(private_key_base64) virgil_priv_key = self._crypto.import_private_key( self.__private_key) virgil_pubkey = self._crypto.extract_public_key(virgil_priv_key) self.__public_key = VirgilKeyPair.publicKeyToDER( virgil_pubkey.raw_key)[-65:] if self.__private_key is None: virgil_key_pair = VirgilKeyPair.generate(self.ec_type) self.__private_key = VirgilKeyPair.privateKeyToDER( virgil_key_pair.privateKey()) self.__public_key = VirgilKeyPair.publicKeyToDER( virgil_key_pair.publicKey())[-65:] if signer_key: self.__signature = make_signature() return self @property def ec_type(self): return self.__ec_type @property def hash_type(self): return self.__hash_type @property def private_key(self): return to_b64(self.__private_key) @property def public_key(self): return to_b64(self.__public_key) @property def public_key_full(self): virgil_private_key = self._crypto.import_private_key( b64_to_bytes(self.private_key)) return to_b64(self._crypto.extract_public_key(virgil_private_key)) @property def signature(self): return self.__signature @property def key_id(self): return CRCCCITT().calculate(b64_to_bytes(self.public_key)) @property def key_type(self): return self.__key_type def sign(self, data, long_sign=False): data = b64_to_bytes(data) private_key = b64_to_bytes(self.private_key) signature = self._crypto.sign( data, self._crypto.import_private_key(private_key)) if not long_sign: signature = VirgilSignExtractor.extract_sign(signature) return to_b64(signature) def verify(self, data, signature, long_sign=False): data = b64_to_bytes(data) public_key = b64_to_bytes( self.public_key_full) # verify signature with full public key return self._crypto.verify(data, signature, self._crypto.import_public_key(public_key)) def encrypt(self, data): data = b64_to_bytes(data) public_key = b64_to_bytes( self.public_key_full) # encrypt with full public key encrypted = self._crypto.encrypt( data, self._crypto.import_public_key(public_key)) return to_b64(encrypted) def decrypt(self, data): data = b64_to_bytes(data) private_key = b64_to_bytes(self.private_key) decrypted = self._crypto.decrypt( data, self._crypto.import_private_key(private_key)) return to_b64(decrypted)
class VirgilFlaskLib: def __init__(self): self.crypto = VirgilCrypto() self.api_key_base64 = "MC4CAQAwBQYDK2VwBCIEIF+gQkN4StqMMFJGWE1tKXcitkLqHqmrBz+OaQZKGZFR" self.app_id = "6af75f0dd9be50ebb77facad0f71eaf3" self.app_key_id = "3def16346c7b43bbaed5b4b9acb9ac8affa4" self.api_key = self.crypto.import_private_key(Utils.b64_decode(self.api_key_base64)) self.ttl = datetime.timedelta(hours=1).seconds self.access_token_signer = AccessTokenSigner() self.key_pair = self.crypto.generate_keys() self.server_crypto = VirgilCrypto() self.server_key_pair = self.server_crypto.generate_keys() self.server_private_key_data = self.server_crypto.export_private_key(self.server_key_pair.private_key, "test password") self.server_public_key_data = self.server_crypto.export_public_key(self.server_key_pair.public_key) self.server_private_key_str = Utils.b64encode(self.server_private_key_data) self.server_for_client_public = Utils.b64encode(self.server_public_key_data) self.server_exporter = PrivateKeyExporter(self.server_crypto) self.server_private_key_storage = PrivateKeyStorage(self.server_exporter) self.server_public_key_str = self.server_key_pair.public_key self.server_card_crypto = CardCrypto() self.server_your_backend_white_list = WhiteList() self.server_your_backend_white_list = VerifierCredentials(signer="Jonathan",public_key_base64 = self.server_public_key_str) self.verifier = VirgilCardVerifier(self.server_card_crypto, white_lists = [self.server_your_backend_white_list]) self.access_token_provider = CallbackJwtProvider(self.get_token_from_server("Alice")) self.card_manager = CardManager( self.server_card_crypto, self.access_token_provider, self.verifier ) def get_private_key(self): return self.key_pair.private_key def get_public_key(self): return self.key_pair.public_key #jwt token generation def get_token_from_server(self, token_context): #jwt_from_server = authficated_query_to_server(token_context) #jwt_from_server = token_context jwt_from_server = self.generate_JWT_for_user("Alice") return jwt_from_server #JWT generator with necessary paramters def get_JWT_generator(self): return JwtGenerator(self.app_id, self.api_key, self.app_key_id, self.ttl, self.access_token_signer) def generate_JWT_for_user(self, identity): jwt_generator = self.get_JWT_generator() self.identity = identity return jwt_generator.generate_token(identity) #function is broken def publish_card(self): #self.card = self.card_manager.publish_card(identity = self.identity, private_key = self.server_key_pair.private_key, public_key = self.server_key_pair.public_key) self.card = self.card_manager.publish_card(identity = self.identity, private_key = self.server_key_pair.private_key, public_key = self.server_key_pair.public_key) def signAndEncrypt(self, message): message_to_encrypt = message data_to_encrypt = Utils.strtobytes(message) alice_private_key, alice_private_key_additional_data = self.server_private_key_storage.load("Alice")
class VirgilServerClient: def __init__(self): print("generated") ####SERVER SIDE def authenticated_query_to_server(self, token_context, token_ttl=9999): self.crypto = VirgilCrypto() self.app_key_base64 = "MC4CAQAwBQYDK2VwBCIEIEtNPMUG9uR8YxukWw1gX3bkXjbsbOZoN54d2ZKSz09a" # self.app_key_base64 = "MC4CAQAwBQYDK2VwBCIEIJvD17QhpJ1qFfIq3q8eqrZ0oBIf9GQ0T+6obQCmspnQ" #self.app_key_base64 = "MC4CAQAwBQYDK2VwBCIEIF+gQkN4StqMMFJGWE1tKXcitkLqHqmrBz+OaQZKGZFR" #self.app_id = "6af75f0dd9be50ebb77facad0f71eaf3" self.app_id = "def16346c7b43bbaed5b4b9ac8affa4" # self.api_key_id = "3def16346c7b43bbaed5b4b9acb9ac8affa4" self.api_key_id = "309d53349835f34d5a03966d9de51877" self.app_key = self.crypto.import_private_key( Utils.b64decode(self.app_key_base64)) self.builder = JwtGenerator(self.app_id, self.app_key, self.api_key_id, token_ttl, AccessTokenSigner()) #self.identity = token_context.identity #return self.builder.generate_token(self.identity).to_string() #PLEASE MAKE TOKEN_CONTEXT AN ACTUAL JWT TOKEN #return self.builder.generate_token(token_context) try: self.identity = token_context.identity return self.builder.generate_token(self.identity).to_string() except: return self.builder.generate_token(token_context) ########CLIENT SIDE def get_token_from_server(self, token_context): print('get token from server') print(token_context) jwt_from_server = self.authenticated_query_to_server(token_context) return jwt_from_server def set_access_token_provider(self): self.access_token_provider = CallbackJwtProvider( self.get_token_from_server) def publish_card(self, user): self.client_crypto = VirgilCrypto() card_crypto = CardCrypto() validator = VirgilCardVerifier(card_crypto) token_provider = CallbackJwtProvider(self.get_token_from_server) print('token_provider') print(vars(token_provider)) card_manager = CardManager(card_crypto, access_token_provider=token_provider, card_verifier=validator) key_pair = self.client_crypto.generate_keys() username = user public_key_data = self.client_crypto.export_public_key( key_pair.public_key) public_key_str = Utils.b64encode(public_key_data) class DummyClass: def __init__(self, raw_key): self.raw_key = raw_key dummy = DummyClass(key_pair.public_key.raw_key) print(public_key_data) print(public_key_str) print(key_pair.public_key) card = card_manager.publish_card(identity=username, private_key=key_pair.private_key, public_key=key_pair.public_key) print(vars(card))