"pubKey": vk,
"pubKeyId": vk,
"validNotAfter": int(not_after.timestamp()),
"validNotBefore": int(not_before.timestamp())
}
# Device Test UUID
# uuid = UUID(hex="da3ffc56-a7a7-552a-a3fa-a92ef0607451")
uuid = UUID(hex="e97e160c-6117-5b89-ac98-15aeb52655e0")
auth = UBIRCH_AUTH
logger.info(f"** UUID: {uuid}")
keystore = ubirch.KeyStore(
"/Volumes/Keybase (dermicha)/team/ubirchkeys/UBIRCHKEYS/ubirch/workshop_certs/workshop_certs.jks",
'service-check')
key = keystore.find_signing_key(uuid)
# logger.debug("{}".format(binascii.hexlify(key.to_bytes()).decode()))
api = API(auth=auth, env=UBIRCH_ENV, debug=(LOGLEVEL == 'DEBUG'))
protocol = Proto(uuid=uuid)
protocol.update_key(uuid,
binascii.hexlify(key.to_bytes()).decode(), "ECC_ED25519")
# pubKeyInfo = protocol.get_certificate()
# # create a json key registration request
# pubKeyInfo['hwDeviceId'] = str(uuid)
# pubKeyInfo['pubKey'] = base64.b64encode(pubKeyInfo['pubKey']).decode()
# pubKeyInfo['pubKeyId'] = base64.b64encode(pubKeyInfo['pubKeyId']).decode()
config.write(f)
env = config.get('misc', 'env', fallback=None)
auth = None
user1_uuid = UUID(hex=config.get('user1', 'uuid'))
user1_deviceA = UUID(hex=config.get('user1', 'deviceA'))
user2_uuid = UUID(hex=config.get('user2', 'uuid'))
user2_deviceB = UUID(hex=config.get('user2', 'deviceB'))
logger.info("UUID (user1) : {}".format(user1_uuid))
logger.info("UUID (user1.deviceA) : {}".format(user1_deviceA))
logger.info("UUID (user2) : {}".format(user2_uuid))
logger.info("UUID (user2.deviceB) : {}".format(user2_deviceB))
logger.info("ENV : {}".format(env))
keystore = ubirch.KeyStore("test-web-of-trust.jks", "test-keystore")
if not keystore.exists_signing_key(user1_uuid):
keystore.create_ed25519_keypair(user1_uuid)
if not keystore.exists_signing_key(user1_deviceA):
keystore.create_ed25519_keypair(user1_deviceA)
if not keystore.exists_signing_key(user2_uuid):
keystore.create_ed25519_keypair(user2_uuid)
if not keystore.exists_signing_key(user2_deviceB):
keystore.create_ed25519_keypair(user2_deviceB)
api = ubirch.API(auth=auth, env=env)
def upload_public_key(uuid: UUID, info_text: str):
proto = Proto(keystore, uuid)
import base64
import msgpack
import requests
import ubirch
from requests import Response
from ubirch.ubirch_protocol import UBIRCH_PROTOCOL_TYPE_REG, UBIRCH_PROTOCOL_TYPE_BIN
from config import device_uuid, ub_env, ub_auth, device_type, device_name, device_hwid, validator_address, \
show_username
from demo_logging import logger
from ubirch_proto import Proto
from util import ok, nok, step, abort, wait, shorten, make_sensitive_message
# region setting up the keystore, api and the protocol
keystore = ubirch.KeyStore(
device_uuid.hex + ".jks",
"demo-keystore") # use a better password in production
api = ubirch.API(ub_auth, ub_env, logger.level == logging.DEBUG)
protocol = Proto(keystore, device_uuid)
# endregion
# region check the connection to ubirch api
logger.info(step + "Checking authorization")
# TODO: replace this with client api call when it's implemented
user_req = requests.get(
"https://auth.{}.ubirch.com/api/authService/v1/userInfo".format(ub_env),
headers=api._auth)
if user_req.ok:
username = user_req.json()["displayName"]
if show_username:
import hashlib
from uuid import UUID
from ed25519 import VerifyingKey
import ubirch
from ubirch.ubirch_protocol import SIGNED
remote_uuid = UUID(hex="6eac4d0b-16e6-4508-8c46-22e7451ea5a1")
remote_vk = VerifyingKey(
"b12a906051f102881bbb487ee8264aa05d8d0fcc51218f2a47f562ceb9b0d068",
encoding='hex')
# a random signed ubirch-protocol message
keystore = ubirch.KeyStore("demo-device.jks", "keystore")
keystore.insert_ed25519_verifying_key(remote_uuid, remote_vk)
class ProtocolImpl(ubirch.Protocol):
def _verify(self, uuid: UUID, message: bytes, signature: bytes) -> dict:
hash = hashlib.sha512(message).digest()
return keystore.find_verifying_key(uuid).verify(signature, hash)
proto = ProtocolImpl(SIGNED)
message = bytes.fromhex(
"9512b06eac4d0b16e645088c4622e7451ea5a1ccef01da0040578a5b22ceb3e1"
"d0d0f8947c098010133b44d3b1d2ab398758ffed11507b607ed37dbbe006f645"
"f0ed0fdbeb1b48bb50fd71d832340ce024d5a0e21c0ebc8e0e")
print(proto.message_verify(message))
uuid = UUID(hex=config.get('device', 'uuid'))
auth = config.get('device', 'auth')
env = config.get('device', 'env', fallback=None)
debug = config.getboolean('device', 'debug', fallback=False)
groups = list(
filter(None,
config.get('device', 'groups', fallback="").split(",")))
logger.info("UUID : {}".format(uuid))
logger.info("AUTH : {}".format(auth))
logger.info("ENV : {}".format(env))
logger.info("DEBUG: {}".format(debug))
# create a new device uuid and a keystore for the device
keystore = ubirch.KeyStore(uuid.hex + ".jks", "test-keystore")
# check if the device already has keys or generate a new pair
if not keystore.exists_signing_key(uuid):
keystore.create_ed25519_keypair(uuid)
# create new protocol
proto = Proto(keystore, uuid)
# use the ubirch API to create a new device and send data using the ubirch-protocol
api = ubirch.API(auth=auth, debug=debug, env=env)
# check if the device exists and delete if that is the case
if api.device_exists(uuid):
logger.warning("device {} exists, deleting".format(str(uuid)))
api.device_delete(uuid)
class Proto(ubirch.Protocol):
def __init__(self, key_store: ubirch.KeyStore) -> None:
super().__init__()
self.__ks = key_store
def _sign(self, uuid: UUID, message: bytes) -> bytes:
return self.__ks.find_signing_key(uuid).sign(message)
# this is a bad hack to fix the problem of an unpinned msgpack dependency
def _Protocol__serialize(self, msg: any) -> bytearray:
import msgpack
return bytearray(msgpack.packb(msg, use_bin_type=False))
# temporary key store with fixed test-key
keystore = ubirch.KeyStore("service-check.jks", 'service-check')
if not keystore.exists_signing_key(uuid):
keystore.insert_ed25519_keypair(uuid, vk, sk)
# configure client specific services if we have one instead of core ubirch services
if UBIRCH_CLIENT and UBIRCH_CLIENT.strip():
# create a sub-class of the ubirch API to use
class ClientAPI(ubirch.API):
def __init__(self,
client: str,
auth: str = None,
env: str = None,
debug: bool = False) -> None:
super().__init__(auth, env, debug)
self._services[AVATAR_SERVICE] = "https://ubirch.api.{}.{}.ubirch.com/api/avatarService/v1" \
print(" export UBIRCH_ENV=[dev|demo|prod]")
print(" PYTHONPATH=. python3 examples/test-identity.py")
import sys
sys.exit(0)
uuid = UUID(hex=os.getenv("UBIRCH_UUID"))
auth = os.getenv("UBIRCH_AUTH")
env = os.getenv("UBIRCH_ENV")
logger.info("UUID : {}".format(uuid))
logger.info("AUTH : {}".format(auth))
logger.info("ENV : {}".format(env))
# create a keystore for the device
keystore = ubirch.KeyStore("test-identity.jks", "test-keystore")
# check if the device already has keys or generate a new pair
if not keystore.exists_signing_key(uuid):
keystore.create_ed25519_keypair(uuid)
# get the keys
sk = keystore.find_signing_key(uuid)
vk = keystore.find_verifying_key(uuid)
# create protocol instance
proto = Proto(keystore)
# create API instance
api = ubirch.API(env=env)
api.set_authentication(uuid, auth)
"keyService": "https://key.{}.ubirch.com/api/keyService/v1/pubkey".format(env),
"niomon": "https://niomon.{}.ubirch.com/".format(env),
"dataMsgPack": "https://data.{}.ubirch.com/v1/msgPack".format(env),
"dataJson": "https://data.{}.ubirch.com/v1/json".format(env)
}
url = apiConfig["dataJson"]
passwordB64 = base64.b64encode(bytes(password, "UTF-8")).decode("ascii").rstrip('\n')
headers = {"X-Ubirch-Auth-Type": "ubirch",
"X-Ubirch-Hardware-Id": counterId,
"X-Ubirch-Credential": passwordB64,
"Content-Type": "application/json"}
logger.info("current password: {}".format(password))
logger.info("current HTTP headers: {}".format(headers))
keystore = ubirch.KeyStore(UUID(counterId).hex + ".jks", "demo-keystore")
ubirch = UbirchClient(UUID(counterId), keystore, apiConfig['keyService'], apiConfig['niomon'], headers)
macUtil.init(dbPath)
def processStations(splitted):
mac = splitted[0].strip()
if(mac.startswith(":")):
logger.warning("got invalid MAC: {}".format(mac))
return None
else:
manId = macUtil.getMacManufacturerId(mac)
manName = macUtil.lookupMac(mac)
firstTime = splitted[1].strip()