def get_credential(self, credential_id, mode) : """ get a credential as a json_ld """ credential = Claim() credential.get_by_topic_name(mode.relay_workspace_contract, None, self.workspace_contract, credential_id, mode) print(credential.__dict__) return json.dumps(credential.claim_value, ensure_ascii=False)
def store_credential(self, signed_credential, mode) : """ store credential encrypted to the repository signed_credential is json or dict return document_id """ if not isinstance(signed_credential, dict) : signed_credential = json.loads(signed_credential) credential = Claim() return credential.relay_add(self.workspace_contract, signed_credential['id'], signed_credential, 'private', mode)
def publish_credential(self, signed_credential, mode) : """ add credential to the repository signed_credential is json or dict return link to display the credential """ if not isinstance(signed_credential, dict) : signed_credential = json.loads(signed_credential) credential = Claim() credential_id = credential.relay_add(self.workspace_contract, signed_credential['id'], signed_credential, 'public', mode) if credential_id : return 'https://talao.co/certificate/?certificate_id=' + self.did + ':claim:' + credential_id else : return None
def show_certificate(mode): """ # display experience certificate for anybody. Stand alone routine # #route /guest/certificate # @route /certificate/ """ menu = session.get('menu', dict()) viewer = 'guest' if not session.get('username') else 'user' try : certificate_id = request.args['certificate_id'] method = certificate_id.split(':')[1] # translator for repository claim if method in ['web', 'tz', 'ethr'] : did = 'did:' + method + ':' + certificate_id.split(':')[2] private_key = '0x' + PBKDF2(did.encode(), SALT, 32, count=1000000, hmac_hash_module=SHA512).hex() address = helpers.ethereum_pvk_to_address(private_key) workspace_contract = ownersToContracts(address, mode) claim_id = certificate_id.split(':')[4] credential = Claim() credential.get_by_id( mode.relay_workspace_contract, None, workspace_contract, claim_id, mode) return jsonify(credential.claim_value) # standard elif method == 'talao' : try : doc_id = int(certificate_id.split(':')[5]) identity_workspace_contract = '0x'+ certificate_id.split(':')[3] except : content = json.dumps({'message' : 'request malformed'}) return Response(content, status=406, mimetype='application/json') else : content = json.dumps({'message' : 'method not supported'}) return Response(content, status=406, mimetype='application/json') except : content = json.dumps({'message' : 'request malformed'}) return Response(content, status=406, mimetype='application/json') try : self_claim = certificate_id.split(':')[6] except: self_claim = None if session.get('certificate_id') != request.args['certificate_id'] : certificate = Document('certificate') if not certificate.relay_get(identity_workspace_contract, doc_id, mode) : content = json.dumps({'message' : 'This credential does not exist or it has been deleted'}) return Response(content, status=406, mimetype='application/json') if certificate.privacy != 'public' : content = json.dumps({'message' : 'This credential is private'}) return Response(content, status=406, mimetype='application/json') session['displayed_certificate'] = certificate.__dict__ if self_claim == "experience" : description = session['displayed_certificate']['description'].replace('\r\n','<br>') my_badge = '' for skill in session['displayed_certificate']['skills'] : skill_to_display = skill.replace(" ", "").capitalize().strip(',') my_badge += """<span class="badge badge-pill badge-secondary" style="margin: 4px; padding: 8px;"> """+ skill_to_display + """</span>""" return render_template('./certificate/self_claim.html', **menu, type = 'Experience', certificate_id= certificate_id, company = session['displayed_certificate']['company']['name'], email = session['displayed_certificate']['company']['contact_email'], tel = session['displayed_certificate']['company']['contact_phone'], contact_name = session['displayed_certificate']['company']['contact_name'], start_date = session['displayed_certificate']['start_date'], end_date = session['displayed_certificate']['end_date'], description = description, badge = my_badge, viewer=viewer, title = session['displayed_certificate']['title'], ) if self_claim == "skills" : description = "" print (session['displayed_certificate']) for skill in session['displayed_certificate']['description'] : description += skill["skill_name"] + " " return render_template('./certificate/self_claim.html', **menu, type = 'Skill', certificate_id= certificate_id, description = description, viewer=viewer, ) if self_claim == "education" : description = session['displayed_certificate']['description'].replace('\r\n','<br>') my_badge = '' for skill in session['displayed_certificate']['skills'] : skill_to_display = skill.replace(" ", "").strip(',') if skill_to_display : my_badge = my_badge + """<span class="badge badge-pill badge-secondary" style="margin: 4px; padding: 8px;"> """+ skill_to_display.capitalize() + """</span>""" return render_template('./certificate/self_claim.html', **menu, type = 'Education', certificate_id= certificate_id, company = session['displayed_certificate']['organization']['name'], email = session['displayed_certificate']['organization']['contact_email'], tel = session['displayed_certificate']['organization']['contact_phone'], contact_name = session['displayed_certificate']['organization']['contact_name'], start_date = session['displayed_certificate']['start_date'], end_date = session['displayed_certificate']['end_date'], description = description, badge = my_badge, viewer=viewer, title = session['displayed_certificate']['title'], link = session['displayed_certificate']['certificate_link'] ) # Experience Credential Display if session['displayed_certificate']['credentialSubject']['credentialCategory'] == 'experience' : yellow_star = "color: rgb(251,211,5); font-size: 12px;" # yellow black_star = "color: rgb(0,0,0);font-size: 12px;" # black # Icon "fa-star" treatment score = [] context = dict() score.append(int(session['displayed_certificate']['credentialSubject']['reviewRecommendation']['reviewRating']['ratingValue'])) score.append(int(session['displayed_certificate']['credentialSubject']['reviewDelivery']['reviewRating']['ratingValue'])) score.append(int(session['displayed_certificate']['credentialSubject']['reviewSchedule']['reviewRating']['ratingValue'])) score.append(int(session['displayed_certificate']['credentialSubject']['reviewCommunication']['reviewRating']['ratingValue'])) for q in range(0,4) : for i in range(0,score[q]) : context["star"+str(q)+str(i)] = yellow_star for i in range(score[q],5) : context ["star"+str(q)+str(i)] = black_star if session['displayed_certificate']['credentialSubject']['skills'] : skills = session['displayed_certificate']['credentialSubject']['skills'] my_badge = "" for skill in skills : if skill['description'] : my_badge += """<span class="badge badge-pill badge-secondary" style="margin: 4px; padding: 8px;"> """+ skill['description'].strip(' ').capitalize() + """</span>""" else : my_badge = "" # if there is no signature one uses Picasso signature signature = session['displayed_certificate']['credentialSubject']['managerSignature'] if not signature : signature = 'QmS9TTtjw1Fr5oHkbW8gcU7TnnmDvnFVUxYP9BF36kgV7u' # if there is no logo one uses default logo logo = session['displayed_certificate']['credentialSubject']['companyLogo'] if not logo : logo = 'QmXKeAgNZhLibNjYJFHCiXFvGhqsqNV2sJCggzGxnxyhJ5' # upload signature and logo on server if not path.exists(mode.uploads_path + signature) : url = 'https://gateway.pinata.cloud/ipfs/'+ signature response = requests.get(url, stream=True) with open(mode.uploads_path + signature, 'wb') as out_file: shutil.copyfileobj(response.raw, out_file) del response if not path.exists(mode.uploads_path + logo) : url = 'https://gateway.pinata.cloud/ipfs/'+ logo response = requests.get(url, stream=True) with open(mode.uploads_path + logo, 'wb') as out_file: shutil.copyfileobj(response.raw, out_file) del response return render_template('./certificate/experience_certificate.html', **menu, managerName=session['displayed_certificate']['credentialSubject']['managerName'], companyName=session['displayed_certificate']['credentialSubject']['companyName'], badge=my_badge, title = session['displayed_certificate']['credentialSubject']['title'], subject_name = session['displayed_certificate']['credentialSubject']['name'], description=session['displayed_certificate']['credentialSubject']['description'], start_date=session['displayed_certificate']['credentialSubject']['startDate'], end_date=session['displayed_certificate']['credentialSubject']['endDate'], signature=signature, logo=logo, certificate_id=certificate_id, viewer=viewer, **context) # Recommendation Certificate Display if session['displayed_certificate']['type'] == 'recommendation' : issuer_picture = session['displayed_certificate'].get('logo') if session['displayed_certificate']['issuer']['category'] == 1001 : issuer_picture = session['displayed_certificate'].get('picture') else : issuer_picture = session['displayed_certificate'].get('logo') issuer_title = "" if not session['displayed_certificate'].get('title') else session['displayed_certificate']['title'] if issuer_picture : if not path.exists(mode.uploads_path + issuer_picture) : logging.info('picture already on disk') url='https://gateway.pinata.cloud/ipfs/'+ issuer_picture response = requests.get(url, stream=True) with open(mode.uploads_path + issuer_picture, 'wb') as out_file: shutil.copyfileobj(response.raw, out_file) del response description = """ " """ + session['displayed_certificate']['description'] + """ " """ return render_template('./certificate/recommendation_certificate.html', **menu, #identity_firstname=identity_profil['firstname'], #identity_lastname=identity_profil['lastname'], description=description, issuer_picture=issuer_picture, issuer_title=issuer_title, issuer_firstname=session['displayed_certificate']['issuer']['firstname'] if session['displayed_certificate']['issuer']['category']== 1001 else "", issuer_lastname=session['displayed_certificate']['issuer']['lastname']if session['displayed_certificate']['issuer']['category']== 1001 else "", relationship=session['displayed_certificate']['relationship'], certificate_id=certificate_id, #identity_username=identity_username, #issuer_username=issuer_username, viewer=viewer ) # Skill Certificate Display if session['displayed_certificate']['type'] == 'skill' : issuer_picture = session['displayed_certificate'].get('picture') issuer_title = "" if not session['displayed_certificate'].get('title') else session['displayed_certificate']['title'] description = session['displayed_certificate']['description'].replace('\r\n','<br>') signature = session['displayed_certificate']['signature'] logo = session['displayed_certificate']['logo'] # if there is no signature one uses Picasso signature if not signature : signature = 'QmS9TTtjw1Fr5oHkbW8gcU7TnnmDvnFVUxYP9BF36kgV7u' # if there is no logo one uses default logo if not logo : logo = 'QmXKeAgNZhLibNjYJFHCiXFvGhqsqNV2sJCggzGxnxyhJ5' if not path.exists(mode.uploads_path + signature) : url = 'https://gateway.pinata.cloud/ipfs/'+ signature response = requests.get(url, stream=True) with open(mode.uploads_path + signature, 'wb') as out_file: shutil.copyfileobj(response.raw, out_file) del response if not path.exists(mode.uploads_path + logo) : url = 'https://gateway.pinata.cloud/ipfs/'+ logo response = requests.get(url, stream=True) with open(mode.uploads_path + logo, 'wb') as out_file: shutil.copyfileobj(response.raw, out_file) del response return render_template('./certificate/skill_certificate.html', **menu, manager= session['displayed_certificate']['manager'], #identity_firstname=identity_profil['firstname'], #identity_lastname=identity_profil['lastname'], #identity_name =identity_profil['firstname'] + ' ' + identity_profil['lastname'], description=description, issuer_picture=issuer_picture, signature=signature, logo=logo, certificate_id=certificate_id, title=session['displayed_certificate']['title'], #issuer_name=session['displayed_certificate']['issuer']['name'], viewer=viewer ) # agreement certificate display if session['displayed_certificate']['type'] == 'agreement': description = session['displayed_certificate']['description'].replace('\r\n','<br>') signature = session['displayed_certificate']['issued_by'].get('signature') logo = session['displayed_certificate']['issued_by'].get('logo') # if there is no signature or no logo , view is reduced see html else we download file rom ipfs if needed if signature and logo : if not path.exists(mode.uploads_path + signature) : url = 'https://gateway.pinata.cloud/ipfs/'+ signature response = requests.get(url, stream=True) with open(mode.uploads_path + signature, 'wb') as out_file: shutil.copyfileobj(response.raw, out_file) del response if not path.exists(mode.uploads_path + logo) : url = 'https://gateway.pinata.cloud/ipfs/'+ logo response = requests.get(url, stream=True) with open(mode.uploads_path + logo, 'wb') as out_file: shutil.copyfileobj(response.raw, out_file) del response if session['displayed_certificate']['service_product_group'] : products = session['displayed_certificate']['service_product_group'].replace(' ', '').split(",") service_product_group = "" for product in products: service_product_group = service_product_group + """<li class="text-dark my-2 mx-5">""" + product.capitalize() + "</li>" else : service_product_group = None return render_template('./certificate/agreement_certificate.html', **menu, date_of_issue = session['displayed_certificate']['date_of_issue'], date_of_validity = session['displayed_certificate']['valid_until'], location = session['displayed_certificate']['location'], description=description, logo=logo, issued_to_name = session['displayed_certificate']['issued_to'].get('name', ''), issuer_name = session['displayed_certificate']['issued_by'].get('name',''), issuer_siret = session['displayed_certificate']['issued_by'].get('siret', ''), title = session['displayed_certificate']['title'], signature=signature, viewer=viewer, standard=session['displayed_certificate']['standard'], registration_number = session['displayed_certificate']['registration_number'], service_product_group = service_product_group, certificate_id=certificate_id, ) # if reference credential display if session['displayed_certificate']['credentialSubject']['credentialCategory'] == 'reference' : yellow_star = "color: rgb(251,211,5); font-size: 12px;" # yellow black_star = "color: rgb(0,0,0);font-size: 12px;" # black description = session['displayed_certificate'].get('description','Unknown').replace('\r\n','<br>') signature = session['displayed_certificate']['credentialSubject']['managerSignature'] logo = session['displayed_certificate']['credentialSubject']['companyLogo'] if signature and logo : if not path.exists(mode.uploads_path + signature) : url = 'https://gateway.pinata.cloud/ipfs/'+ signature response = requests.get(url, stream=True) with open(mode.uploads_path + signature, 'wb') as out_file: shutil.copyfileobj(response.raw, out_file) del response if not path.exists(mode.uploads_path + logo) : url = 'https://gateway.pinata.cloud/ipfs/'+ logo response = requests.get(url, stream=True) with open(mode.uploads_path + logo, 'wb') as out_file: shutil.copyfileobj(response.raw, out_file) del response skills_str = "" try : for skill in session['displayed_certificate']['credentialSubject']['offers']['skills'] : skills_str += skill['description'] + ',' except : logging.warning('skills not found') return render_template('./certificate/reference_certificate.html', **menu, issued_to_name = session['displayed_certificate']['credentialSubject']['name'], issuanceDate = session['displayed_certificate']['issuanceDate'][:10], startDate = session['displayed_certificate']['credentialSubject']['offers']['startDate'], endDate = session['displayed_certificate']['credentialSubject']['offers']['endDate'], price = session['displayed_certificate']['credentialSubject']['offers']['price'], currency = session['displayed_certificate']['credentialSubject']['offers']['priceCurrency'], description=session['displayed_certificate']['credentialSubject']['offers']['description'], review= session['displayed_certificate']['credentialSubject']['review']['reviewBody'], location=session['displayed_certificate']['credentialSubject']['offers']['location'], logo=logo, issuer_name = session['displayed_certificate']['credentialSubject']['companyName'], title = session['displayed_certificate']['credentialSubject']['offers']['title'], signature=signature, manager = session['displayed_certificate']['credentialSubject']['companyName'], certificate_id=certificate_id, viewer=viewer, skills=skills_str ) else : # clean up to get a standard credential del session['displayed_certificate']['topic'] del session['displayed_certificate']['doc_id'] del session['displayed_certificate']['data_location'] del session['displayed_certificate']['privacy'] return jsonify(session['displayed_certificate'])
def create(self, did, mode, email=None, password=False, phone=None, wallet=None, category=1001) : """ Main function to create a repository for a user category is 1001 for person and 2001 for company DID is used to generate an ethereum private key email is used to recover in case of did keys are lost Talao smart contract is deployed on talaonet """ # Setup with DID as password, deterministic way to generate an address if not did : logging.error('did malformed') return False if did.split(':')[1] not in ['web', 'tz', 'ethr', 'key'] : logging.error('did not supported') return False repository = Repository() if repository.load(mode, did) : logging.error('A repository already exists for this DID') return False self.did = did self.email = email if email else "" if category not in [1001, 2001] : logging.error('wrong category') return False self.category = category self.private_key = '0x' + PBKDF2(self.did.encode(), SALT, 32, count=1000000, hmac_hash_module=SHA512).hex() self.address = helpers.ethereum_pvk_to_address(self.private_key) self.public_key = helpers.ethereum_pvk_to_pub(self.private_key) self.jwk = helpers.ethereum_to_jwk(self.private_key, 'ethr') # create RSA key RSA_key = RSA.generate(2048) self.RSA_private = RSA_key.exportKey('PEM') self.RSA_public = RSA_key.publickey().exportKey('PEM') logging.info('RSA key generated') # Setup an AES key named 'private' to encrypt private data and to be shared with partnership private = get_random_bytes(16) self.private = private.hex() # Setup an AES key named 'secret' to encrypt secret data FIXME secret = get_random_bytes(16) self.secret = secret.hex() # AES private encrypted with RSA key cipher_rsa = PKCS1_OAEP.new(RSA_key) private_encrypted = cipher_rsa.encrypt(private) # AES secret encrypted with RSA key cipher_rsa = PKCS1_OAEP.new(RSA_key) secret_encrypted = cipher_rsa.encrypt(secret) try : # Ether transfer from TalaoGen wallet ether_transfer(self.address, mode.ether2transfer,mode) logging.info('ether transfer done ') # Talao tokens transfer from TalaoGen wallet token_transfer(self.address, mode.talao_to_transfer, mode) logging.info('token transfer done') # CreateVaultAccess call in the token to declare the identity within the Talao Token smart contract createVaultAccess(self.address, self.private_key, mode) logging.info('vault access created') except : logging.error('init Talao protocol failed') return False # Identity setup contract = mode.w3.eth.contract(mode.workspacefactory_contract,abi=constante.Workspace_Factory_ABI) nonce = mode.w3.eth.getTransactionCount(self.address) bemail = bytes(self.email.lower() , 'utf-8') txn = contract.functions.createWorkspace(self.category, 1, 1, self.RSA_public, private_encrypted, secret_encrypted, bemail).buildTransaction({'chainId': mode.CHAIN_ID, 'gas': 7500000, 'gasPrice': mode.w3.toWei(mode.GASPRICE, 'gwei'), 'nonce': nonce}) signed_txn = mode.w3.eth.account.signTransaction(txn, self.private_key) mode.w3.eth.sendRawTransaction(signed_txn.rawTransaction) transaction_hash = mode.w3.toHex(mode.w3.keccak(signed_txn.rawTransaction)) receipt = mode.w3.eth.waitForTransactionReceipt(transaction_hash, timeout=2000, poll_latency=1) if not receipt['status'] : logging.error('transaction to create repository failed') return False # workspace_contract address to be read in fondation smart contract self.workspace_contract = ownersToContracts(self.address, mode) logging.info('repository has been deployed') # store RSA key in file ./RSA_key/rinkeby, talaonet ou ethereum filename = "./RSA_key/" + mode.BLOCKCHAIN + '/did:talao:' + mode.BLOCKCHAIN + ':' + self.workspace_contract[2:] + ".pem" try : file = open(filename,"wb") file.write( self.RSA_private) file.close() logging.info('RSA key stored on server') except : logging.error('RSA key not stored on server') return False # store Ethereum private key in keystore if not privatekey.add_private_key(self.private_key, mode) : logging.error('private key storage failed') return False else : logging.info('private key stored on server') # ERC725 key 1 issued to Web Relay as the Repository Manager if not add_key(self.address, self.workspace_contract, self.address, self.workspace_contract, self.private_key, mode.relay_address, 1, mode) : logging.error('ERC725 key 1 to repository manager failed') return False else : logging.error('ERC725 key 1 isued to repository manager') # rewrite email for recovery if Claim().add(self.address, self.workspace_contract, self.address, self.workspace_contract, self.private_key, 'email', self.email, 'public', mode)[0] : logging.info('email encryted updated') else : logging.warning('email encrypted not updated') logging.info('end of create repository') return True
def remove_credential(self, credential_id, mode) : credential = Claim() return credential.relay_delete(self.workspace_contract, credential_id, mode)