def getUserVirgilJWT():
try:
if not g.user:
print('ERROR: No user to get Virgil JWT for.')
return "", constants.STATUS_BAD_REQUEST
crypto = VirgilCrypto()
api_id = os.environ['VIRGIL_API_ID']
api_key_id = os.environ['VIRGIL_API_KEY_ID']
api_private_key = os.environ['VIRGIL_API_PRIVATE_KEY_ID']
token_ttl = 20 # seconds
imported_key = crypto.import_private_key(
Utils.b64decode(api_private_key)).private_key
# Instantiate token generator
builder = JwtGenerator(api_id, imported_key, api_key_id, token_ttl,
AccessTokenSigner())
token = builder.generate_token(str(g.user.id)).to_string()
return jsonify({"token": token}), constants.STATUS_OK
except Exception as err:
print('Error getting the Virgil JWT: ' + str(err))
return "", constants.STATUS_SERVER_ERROR
return "", constants.STATUS_SERVER_ERROR
class VirgilKeyGenerator(KeyGeneratorInterface):
"""
Represents key pair entity for virgil_crypto lib usage only
"""
def __init__(self,
key_type: str,
private_key=None,
public_key=None,
ec_type=VirgilKeyPair.Type_EC_SECP256R1,
hash_type=HashAlgorithm.SHA256):
self._crypto = VirgilCrypto()
self._crypto.signature_hash_algorithm = hash_type
self.__hash_type = hash_type
self.__key_type = key_type
self.__ec_type = ec_type
self.__public_key = None if not public_key else b64_to_bytes(
public_key)
self.__private_key = None if not private_key else b64_to_bytes(
private_key)
self.__key_id = None
self.__signature = None
self.device_serial = None
def generate(self,
*,
signature_limit=None,
rec_pub_keys=None,
signer_key: Optional[KeyGeneratorInterface] = None,
private_key_base64: Optional[str] = None,
start_date: Optional[int] = 0,
expire_date: Optional[int] = 0,
meta_data: Optional[bytes] = bytes()):
def make_signature():
byte_buffer = io.BytesIO()
# vs_pubkey_dated_t
byte_buffer.write(
start_date.to_bytes(4, byteorder='big', signed=False))
byte_buffer.write(
expire_date.to_bytes(4, byteorder='big', signed=False))
byte_buffer.write(
self.key_type_secmodule.to_bytes(1,
byteorder='big',
signed=False))
byte_buffer.write(
self.ec_type_secmodule.to_bytes(1,
byteorder='big',
signed=False))
byte_buffer.write(
len(meta_data).to_bytes(2, byteorder='big', signed=False))
byte_buffer.write(meta_data)
byte_buffer.write(b64_to_bytes(self.public_key))
bytes_to_sign = byte_buffer.getvalue()
return signer_key.sign(to_b64(bytes_to_sign), long_sign=False)
if private_key_base64:
self.__private_key = b64_to_bytes(private_key_base64)
virgil_priv_key = self._crypto.import_private_key(
self.__private_key)
virgil_pubkey = self._crypto.extract_public_key(virgil_priv_key)
self.__public_key = VirgilKeyPair.publicKeyToDER(
virgil_pubkey.raw_key)[-65:]
if self.__private_key is None:
virgil_key_pair = VirgilKeyPair.generate(self.ec_type)
self.__private_key = VirgilKeyPair.privateKeyToDER(
virgil_key_pair.privateKey())
self.__public_key = VirgilKeyPair.publicKeyToDER(
virgil_key_pair.publicKey())[-65:]
if signer_key:
self.__signature = make_signature()
return self
@property
def ec_type(self):
return self.__ec_type
@property
def hash_type(self):
return self.__hash_type
@property
def private_key(self):
return to_b64(self.__private_key)
@property
def public_key(self):
return to_b64(self.__public_key)
@property
def public_key_full(self):
virgil_private_key = self._crypto.import_private_key(
b64_to_bytes(self.private_key))
return to_b64(self._crypto.extract_public_key(virgil_private_key))
@property
def signature(self):
return self.__signature
@property
def key_id(self):
return CRCCCITT().calculate(b64_to_bytes(self.public_key))
@property
def key_type(self):
return self.__key_type
def sign(self, data, long_sign=False):
data = b64_to_bytes(data)
private_key = b64_to_bytes(self.private_key)
signature = self._crypto.sign(
data, self._crypto.import_private_key(private_key))
if not long_sign:
signature = VirgilSignExtractor.extract_sign(signature)
return to_b64(signature)
def verify(self, data, signature, long_sign=False):
data = b64_to_bytes(data)
public_key = b64_to_bytes(
self.public_key_full) # verify signature with full public key
return self._crypto.verify(data, signature,
self._crypto.import_public_key(public_key))
def encrypt(self, data):
data = b64_to_bytes(data)
public_key = b64_to_bytes(
self.public_key_full) # encrypt with full public key
encrypted = self._crypto.encrypt(
data, self._crypto.import_public_key(public_key))
return to_b64(encrypted)
def decrypt(self, data):
data = b64_to_bytes(data)
private_key = b64_to_bytes(self.private_key)
decrypted = self._crypto.decrypt(
data, self._crypto.import_private_key(private_key))
return to_b64(decrypted)
class VirgilFlaskLib:
def __init__(self):
self.crypto = VirgilCrypto()
self.api_key_base64 = "MC4CAQAwBQYDK2VwBCIEIF+gQkN4StqMMFJGWE1tKXcitkLqHqmrBz+OaQZKGZFR"
self.app_id = "6af75f0dd9be50ebb77facad0f71eaf3"
self.app_key_id = "3def16346c7b43bbaed5b4b9acb9ac8affa4"
self.api_key = self.crypto.import_private_key(Utils.b64_decode(self.api_key_base64))
self.ttl = datetime.timedelta(hours=1).seconds
self.access_token_signer = AccessTokenSigner()
self.key_pair = self.crypto.generate_keys()
self.server_crypto = VirgilCrypto()
self.server_key_pair = self.server_crypto.generate_keys()
self.server_private_key_data = self.server_crypto.export_private_key(self.server_key_pair.private_key, "test password")
self.server_public_key_data = self.server_crypto.export_public_key(self.server_key_pair.public_key)
self.server_private_key_str = Utils.b64encode(self.server_private_key_data)
self.server_for_client_public = Utils.b64encode(self.server_public_key_data)
self.server_exporter = PrivateKeyExporter(self.server_crypto)
self.server_private_key_storage = PrivateKeyStorage(self.server_exporter)
self.server_public_key_str = self.server_key_pair.public_key
self.server_card_crypto = CardCrypto()
self.server_your_backend_white_list = WhiteList()
self.server_your_backend_white_list = VerifierCredentials(signer="Jonathan",public_key_base64 = self.server_public_key_str)
self.verifier = VirgilCardVerifier(self.server_card_crypto, white_lists = [self.server_your_backend_white_list])
self.access_token_provider = CallbackJwtProvider(self.get_token_from_server("Alice"))
self.card_manager = CardManager(
self.server_card_crypto,
self.access_token_provider,
self.verifier
)
def get_private_key(self):
return self.key_pair.private_key
def get_public_key(self):
return self.key_pair.public_key
#jwt token generation
def get_token_from_server(self, token_context):
#jwt_from_server = authficated_query_to_server(token_context)
#jwt_from_server = token_context
jwt_from_server = self.generate_JWT_for_user("Alice")
return jwt_from_server
#JWT generator with necessary paramters
def get_JWT_generator(self):
return JwtGenerator(self.app_id, self.api_key, self.app_key_id, self.ttl, self.access_token_signer)
def generate_JWT_for_user(self, identity):
jwt_generator = self.get_JWT_generator()
self.identity = identity
return jwt_generator.generate_token(identity)
#function is broken
def publish_card(self):
#self.card = self.card_manager.publish_card(identity = self.identity, private_key = self.server_key_pair.private_key, public_key = self.server_key_pair.public_key)
self.card = self.card_manager.publish_card(identity = self.identity, private_key = self.server_key_pair.private_key, public_key = self.server_key_pair.public_key)
def signAndEncrypt(self, message):
message_to_encrypt = message
data_to_encrypt = Utils.strtobytes(message)
alice_private_key, alice_private_key_additional_data = self.server_private_key_storage.load("Alice")
class VirgilServerClient:
def __init__(self):
print("generated")
####SERVER SIDE
def authenticated_query_to_server(self, token_context, token_ttl=9999):
self.crypto = VirgilCrypto()
self.app_key_base64 = "MC4CAQAwBQYDK2VwBCIEIEtNPMUG9uR8YxukWw1gX3bkXjbsbOZoN54d2ZKSz09a"
# self.app_key_base64 = "MC4CAQAwBQYDK2VwBCIEIJvD17QhpJ1qFfIq3q8eqrZ0oBIf9GQ0T+6obQCmspnQ"
#self.app_key_base64 = "MC4CAQAwBQYDK2VwBCIEIF+gQkN4StqMMFJGWE1tKXcitkLqHqmrBz+OaQZKGZFR"
#self.app_id = "6af75f0dd9be50ebb77facad0f71eaf3"
self.app_id = "def16346c7b43bbaed5b4b9ac8affa4"
# self.api_key_id = "3def16346c7b43bbaed5b4b9acb9ac8affa4"
self.api_key_id = "309d53349835f34d5a03966d9de51877"
self.app_key = self.crypto.import_private_key(
Utils.b64decode(self.app_key_base64))
self.builder = JwtGenerator(self.app_id, self.app_key, self.api_key_id,
token_ttl, AccessTokenSigner())
#self.identity = token_context.identity
#return self.builder.generate_token(self.identity).to_string()
#PLEASE MAKE TOKEN_CONTEXT AN ACTUAL JWT TOKEN
#return self.builder.generate_token(token_context)
try:
self.identity = token_context.identity
return self.builder.generate_token(self.identity).to_string()
except:
return self.builder.generate_token(token_context)
########CLIENT SIDE
def get_token_from_server(self, token_context):
print('get token from server')
print(token_context)
jwt_from_server = self.authenticated_query_to_server(token_context)
return jwt_from_server
def set_access_token_provider(self):
self.access_token_provider = CallbackJwtProvider(
self.get_token_from_server)
def publish_card(self, user):
self.client_crypto = VirgilCrypto()
card_crypto = CardCrypto()
validator = VirgilCardVerifier(card_crypto)
token_provider = CallbackJwtProvider(self.get_token_from_server)
print('token_provider')
print(vars(token_provider))
card_manager = CardManager(card_crypto,
access_token_provider=token_provider,
card_verifier=validator)
key_pair = self.client_crypto.generate_keys()
username = user
public_key_data = self.client_crypto.export_public_key(
key_pair.public_key)
public_key_str = Utils.b64encode(public_key_data)
class DummyClass:
def __init__(self, raw_key):
self.raw_key = raw_key
dummy = DummyClass(key_pair.public_key.raw_key)
print(public_key_data)
print(public_key_str)
print(key_pair.public_key)
card = card_manager.publish_card(identity=username,
private_key=key_pair.private_key,
public_key=key_pair.public_key)
print(vars(card))