def verify_credential(signed_credential, did):
"""
Verify credential signed with RSA key of the DID
@parma signed_credential as a dict
@param did as a str
return bool
"""
read = requests.get('https://talao.co/resolver?did=' + did)
for Key in read.json()['publicKey']:
if Key.get('id') == did + "#secondary":
public_key = Key['publicKeyPem']
break
jws = JsonWebSignature()
try:
jws.deserialize_compact(signed_credential['proof']['jws'], public_key)
except:
return False
return True
def json_verify(msg: Union[bytes, dict, str],
pubKey: Union[str, Dict[str, str]] = None) -> bool:
msg: dict = msg if isinstance(msg, dict) else json.loads(msg)
if signature := msg.pop("signature", None):
sig = signature.split(".")
header = json.loads(base64.b64decode(sig[0]))
sig[1] = base64.b64encode(b'.'.join([
base64.b64encode(canonicaljson.encode_canonical_json(header)),
base64.b64encode(canonicaljson.encode_canonical_json(msg))
])).decode("utf-8").rstrip("=")
jws = JsonWebSignature()
key = Path(pubKey).read_bytes() if isinstance(
pubKey, str) else partial(load_key, keys=pubKey)
try:
jws.deserialize_compact(".".join(sig), key)
return True
except errors.BadSignatureError:
return False
def test_keys():
"""Try to store/get/remove keys"""
# JWS
jws = JsonWebSignature(algorithms=["RS256"])
code_payload = {
"user_id": "user",
"scope": "scope",
"client_id": "client",
"redirect_uri": "redirect_uri",
"code_challenge": "code_challenge",
}
# Token metadata
header = {"alg": "RS256"}
payload = {
"sub": "user",
"iss": "issuer",
"scope": "scope",
"setup": "setup",
"group": "my_group"
}
# Remove all keys
result = db.removeKeys()
assert result["OK"], result["Message"]
# Check active keys
result = db.getActiveKeys()
assert result["OK"], result["Message"]
assert result["Value"] == []
# Create new one
result = db.getPrivateKey()
assert result["OK"], result["Message"]
private_key = result["Value"]
assert isinstance(private_key, RSAKey)
# Sign token
header["kid"] = private_key.thumbprint()
# Find key by KID
result = db.getPrivateKey(header["kid"])
assert result["OK"], result["Message"]
# as_dict has no arguments for authlib < 1.0.0
# for authlib >= 1.0.0:
assert result["Value"].as_dict(True) == private_key.as_dict(True)
# Sign token
token = jwt.encode(header, payload, private_key)
# Sign auth code
code = jws.serialize_compact(header, json_b64encode(code_payload),
private_key)
# Get public key set
result = db.getKeySet()
keyset = result["Value"]
assert result["OK"], result["Message"]
# as_dict has no arguments for authlib < 1.0.0
# for authlib >= 1.0.0:
assert bool([
key for key in keyset.as_dict(True)["keys"]
if key["kid"] == header["kid"]
])
# Read token
_payload = jwt.decode(token, JsonWebKey.import_key_set(keyset.as_dict()))
assert _payload == payload
# Read auth code
data = jws.deserialize_compact(code, keyset.keys[0])
_code_payload = json_loads(urlsafe_b64decode(data["payload"]))
assert _code_payload == code_payload
def validate_jwt_token(self, token):
jws = JsonWebSignature(algorithms=JWS_ALGORITHMS)
secret = bytes(self.app.config['SECRET_KEY'], 'utf-8')
data = jws.deserialize_compact(token, secret)
return json.loads(data['payload'])