def sign(self, private_key): eosk = UnifEosKey(private_key) self.jwt_signature = eosk.sign(self.digest_sha) self.jwt_signature_enc = base64url_encode( self.jwt_signature.encode('utf-8')) self.jwt = self.digest + "." + str(self.jwt_signature_enc.decode())
def sign_message(private_key, message): eosk = UnifEosKey(private_key) digest_sha = sha256(message.encode('utf-8')) signed_msg = eosk.sign(digest_sha) return signed_msg, digest_sha
def generate_eos_key_pair(): """ Generate EOS Key pair """ eosk = UnifEosKey() private_key = eosk.to_wif() public_key = eosk.to_public() return private_key, public_key
def test_sign_and_verify_pub_key(message): private_key, public_key = generate_eos_key_pair() signed_msg, digest_sha = sign_message(private_key, message) eosk = UnifEosKey() # Check public key against signature assert eosk.verify_pub_key(signed_msg, digest_sha, public_key) is True
def test_sign_and_verify_change_pub_key(message): private_key, public_key = generate_eos_key_pair() signed_msg, digest_sha = sign_message(private_key, message) eosk = UnifEosKey() private_key2, public_key2 = generate_eos_key_pair() # Should fail, since public key doesn't match signed message assert eosk.verify_pub_key(signed_msg, digest_sha, public_key2) is False
def __validate_signature(self): # rfc7515 5.2: 7 eosk = UnifEosKey() digest = self.jwt_header_enc + "." + self.jwt_payload_enc digest_sha = sha256(digest.encode('utf-8')) jwt_signature = base64url_decode( self.jwt_signature_enc.encode('utf-8')) key_match = eosk.verify_pub_key(jwt_signature.decode(), digest_sha, self.public_key) self.sig_valid = key_match if not key_match: raise JWTSignatureMismatch("Invalid JWT: Signature mismatch")
def __verify_change_request(self, perm: dict) -> bool: perm_digest_sha = generate_perm_digest_sha(perm['perms'], perm['schema_id'], perm['p_nonce'], perm['consumer']) return UnifEosKey().verify_pub_key(perm['p_sig'], perm_digest_sha, perm['pub_key'])
def add_to_mother(self, app_config, appname, unif_mother_private_key): contract_hash = self.get_code_hash(appname) ipfs_client = get_ipfs_client() app_conf = app_config[appname] schema_vers = "" for i in app_conf['db_schemas']: # hard-code version num to 1 for demo schema_vers = schema_vers + i['schema_name'] + ":1," schema_vers = schema_vers.rstrip(",") uapp_data = { 'uapp_contract_acc': appname, 'schema_vers': schema_vers, 'uapp_contract_hash': contract_hash, 'rpc_server_ip': app_conf['rpc_server'], 'rpc_server_port': app_conf['rpc_server_port'], 'name': app_conf['uapp_name'], 'description': app_conf['uapp_desc'], 'website': app_conf['uapp_website'], 'nonce': generate_nonce(16), 'time_added': int(time.time()), 'time_updated': int(time.time()) } eosk = UnifEosKey(unif_mother_private_key) digest_sha = sha256(json.dumps(uapp_data).encode('utf-8')) mother_sig = eosk.sign(digest_sha) mother_data = {'data': uapp_data, 'sig': mother_sig} mother_json = json.dumps(mother_data) ipfs_hash = ipfs_client.add_json(mother_json) d = {'uapp_contract_acc': appname, 'ipfs_hash': ipfs_hash} ret = self.cleos.run([ 'push', 'action', 'unif.mother', 'addnew', json.dumps(d), '-p', 'unif.mother' ]) print(ret.stdout)
def __call_mother(self): """ Call the Mother Smart Contract, and check if the requesting_app is both a verified app, and that it's smart contract code is valid (by checking the code's hash). """ self.__deployed_contract_hash = self.__get_contract_hash() table_data = self.__eosClient.get_table_rows(self.__mother, self.__mother, self.__valid_apps_table, True, 0, -1, -1) req_app_uint64 = eosio_account.string_to_name(self.__uapp_contract_acc) for i in table_data['rows']: if int(i['uapp_contract_acc']) == req_app_uint64: ipfs_hash = i['ipfs_hash'] uapp_json_str = self.__ipfs_client.get_json(ipfs_hash) uapp_json = json.loads(uapp_json_str) uapp_data = uapp_json['data'] mother_sig = uapp_json['sig'] mother_public_key = self.__cleos.get_public_key( self.__mother, 'active') eosk = UnifEosKey() digest_sha = sha256(json.dumps(uapp_data).encode('utf-8')) self.__signed_by_mother = eosk.verify_pub_key( mother_sig, digest_sha, mother_public_key) if int(i['is_valid']) == 1: self.__is_valid_app = True if (uapp_data['uapp_contract_hash'] == self.__deployed_contract_hash): self.__is_valid_code = True self.__uapp_sc_hash_in_mother = uapp_data['uapp_contract_hash'] self.__haiku_rpc_server_ip = uapp_data['rpc_server_ip'] self.__haiku_rpc_server_port = uapp_data['rpc_server_port'] break