def sign(self, private_key):
eosk = UnifEosKey(private_key)
self.jwt_signature = eosk.sign(self.digest_sha)
self.jwt_signature_enc = base64url_encode(
self.jwt_signature.encode('utf-8'))
self.jwt = self.digest + "." + str(self.jwt_signature_enc.decode())
def sign_message(private_key, message):
eosk = UnifEosKey(private_key)
digest_sha = sha256(message.encode('utf-8'))
signed_msg = eosk.sign(digest_sha)
return signed_msg, digest_sha
def generate_eos_key_pair():
"""
Generate EOS Key pair
"""
eosk = UnifEosKey()
private_key = eosk.to_wif()
public_key = eosk.to_public()
return private_key, public_key
def test_sign_and_verify_pub_key(message):
private_key, public_key = generate_eos_key_pair()
signed_msg, digest_sha = sign_message(private_key, message)
eosk = UnifEosKey()
# Check public key against signature
assert eosk.verify_pub_key(signed_msg, digest_sha, public_key) is True
def test_sign_and_verify_change_pub_key(message):
private_key, public_key = generate_eos_key_pair()
signed_msg, digest_sha = sign_message(private_key, message)
eosk = UnifEosKey()
private_key2, public_key2 = generate_eos_key_pair()
# Should fail, since public key doesn't match signed message
assert eosk.verify_pub_key(signed_msg, digest_sha, public_key2) is False
def __validate_signature(self):
# rfc7515 5.2: 7
eosk = UnifEosKey()
digest = self.jwt_header_enc + "." + self.jwt_payload_enc
digest_sha = sha256(digest.encode('utf-8'))
jwt_signature = base64url_decode(
self.jwt_signature_enc.encode('utf-8'))
key_match = eosk.verify_pub_key(jwt_signature.decode(), digest_sha,
self.public_key)
self.sig_valid = key_match
if not key_match:
raise JWTSignatureMismatch("Invalid JWT: Signature mismatch")
def __verify_change_request(self, perm: dict) -> bool:
perm_digest_sha = generate_perm_digest_sha(perm['perms'],
perm['schema_id'],
perm['p_nonce'],
perm['consumer'])
return UnifEosKey().verify_pub_key(perm['p_sig'], perm_digest_sha,
perm['pub_key'])
def add_to_mother(self, app_config, appname, unif_mother_private_key):
contract_hash = self.get_code_hash(appname)
ipfs_client = get_ipfs_client()
app_conf = app_config[appname]
schema_vers = ""
for i in app_conf['db_schemas']:
# hard-code version num to 1 for demo
schema_vers = schema_vers + i['schema_name'] + ":1,"
schema_vers = schema_vers.rstrip(",")
uapp_data = {
'uapp_contract_acc': appname,
'schema_vers': schema_vers,
'uapp_contract_hash': contract_hash,
'rpc_server_ip': app_conf['rpc_server'],
'rpc_server_port': app_conf['rpc_server_port'],
'name': app_conf['uapp_name'],
'description': app_conf['uapp_desc'],
'website': app_conf['uapp_website'],
'nonce': generate_nonce(16),
'time_added': int(time.time()),
'time_updated': int(time.time())
}
eosk = UnifEosKey(unif_mother_private_key)
digest_sha = sha256(json.dumps(uapp_data).encode('utf-8'))
mother_sig = eosk.sign(digest_sha)
mother_data = {'data': uapp_data, 'sig': mother_sig}
mother_json = json.dumps(mother_data)
ipfs_hash = ipfs_client.add_json(mother_json)
d = {'uapp_contract_acc': appname, 'ipfs_hash': ipfs_hash}
ret = self.cleos.run([
'push', 'action', 'unif.mother', 'addnew',
json.dumps(d), '-p', 'unif.mother'
])
print(ret.stdout)
def __call_mother(self):
"""
Call the Mother Smart Contract, and check if the requesting_app is both
a verified app, and that it's smart contract code is valid (by checking
the code's hash).
"""
self.__deployed_contract_hash = self.__get_contract_hash()
table_data = self.__eosClient.get_table_rows(self.__mother,
self.__mother,
self.__valid_apps_table,
True, 0, -1, -1)
req_app_uint64 = eosio_account.string_to_name(self.__uapp_contract_acc)
for i in table_data['rows']:
if int(i['uapp_contract_acc']) == req_app_uint64:
ipfs_hash = i['ipfs_hash']
uapp_json_str = self.__ipfs_client.get_json(ipfs_hash)
uapp_json = json.loads(uapp_json_str)
uapp_data = uapp_json['data']
mother_sig = uapp_json['sig']
mother_public_key = self.__cleos.get_public_key(
self.__mother, 'active')
eosk = UnifEosKey()
digest_sha = sha256(json.dumps(uapp_data).encode('utf-8'))
self.__signed_by_mother = eosk.verify_pub_key(
mother_sig, digest_sha, mother_public_key)
if int(i['is_valid']) == 1:
self.__is_valid_app = True
if (uapp_data['uapp_contract_hash'] ==
self.__deployed_contract_hash):
self.__is_valid_code = True
self.__uapp_sc_hash_in_mother = uapp_data['uapp_contract_hash']
self.__haiku_rpc_server_ip = uapp_data['rpc_server_ip']
self.__haiku_rpc_server_port = uapp_data['rpc_server_port']
break