def verify_jws_signature_with_jwk(account_id=None, jws_json_to_verify=None):
"""
Verifies signature of JWS with key related to user account.
Key used in verification is fetched from database by account_id.
:param account_id: User account ID
:param jws_json_to_verify: JSON presentation of JWS object that should be verified
:return: Boolean, presenting if verification passed
"""
if account_id is None:
raise AttributeError("Provide account_id or as parameter")
if jws_json_to_verify is None:
raise AttributeError("Provide jws_json_to_verify or as parameter")
# Prepare JWS for signing
try:
jws_object_to_verify = jws_json_to_object(jws_json=jws_json_to_verify)
except Exception as exp:
exp = append_description_to_exception(
exp=exp, description='Could not convert JWS json to JWS object')
logger.error('Could not convert JWS json to JWS object: ' + repr(exp))
raise
else:
logger.debug("jws_object_to_verify: " +
str(jws_object_to_verify.__dict__))
logger.info("######## JWS object -> OK ########")
# Prepare database connection
try:
connection = get_sqlite_connection()
except Exception as exp:
exp = append_description_to_exception(
exp=exp, description='Could not get connection SQL database.')
logger.error('Could not get connection SQL database: ' + repr(exp))
raise
else:
logger.info("######## DB Connection -> OK ########")
# Prepare database cursor
try:
cursor, connection = get_sqlite_cursor(connection=connection)
except Exception as exp:
exp = append_description_to_exception(
exp=exp,
description='Could not get cursor for database connection')
logger.error('Could not get cursor for database connection: ' +
repr(exp))
raise
else:
logger.info("######## DB Cursor -> OK ########")
# Get Key as JWK object and Key ID
try:
cursor, key_object, kid = get_key(account_id=account_id, cursor=cursor)
except Exception as exp:
exp = append_description_to_exception(
exp=exp, description='Could not get key object')
logger.error('Could not get key object: ' + repr(exp))
connection.rollback()
connection.close()
raise
else:
logger.info("######## Key Object -> OK ########")
connection.close()
# Verifying JWS
logger.info("Verifying JWS")
jws_signature_valid = jws_verify(jws_object=jws_object_to_verify,
jwk_object=key_object)
logger.info("JWS verified: " + str(jws_signature_valid))
return jws_signature_valid
def generate_and_sign_jws(account_id=None, jws_payload=None):
if account_id is None:
raise AttributeError("Provide account_id or as parameter")
if jws_payload is None:
raise AttributeError("Provide jws_payload or as parameter")
# Prepare database connection
try:
connection = get_sqlite_connection()
except Exception as exp:
exp = append_description_to_exception(
exp=exp, description='Could not get connection SQL database.')
logger.error('Could not get connection SQL database: ' + repr(exp))
raise
else:
logger.info("######## DB Connection -> OK ########")
# Prepare database cursor
try:
cursor, connection = get_sqlite_cursor(connection=connection)
except Exception as exp:
exp = append_description_to_exception(
exp=exp,
description='Could not get cursor for database connection')
logger.error('Could not get cursor for database connection: ' +
repr(exp))
raise
else:
logger.info("######## DB Cursor -> OK ########")
# Get public Key as JSON and Key ID
kid = {}
try:
cursor, key_public_json, kid[0] = get_public_key_by_account_id(
account_id=account_id, cursor=cursor)
except Exception as exp:
exp = append_description_to_exception(
exp=exp, description='Could not get public key as JSON')
logger.error('Could not get public key as JSON: ' + repr(exp))
connection.rollback()
connection.close()
raise
else:
logger.info("######## Public Key -> OK ########")
# Get Key as JWK object and Key ID
try:
cursor, key_object, kid[1] = get_key(account_id=account_id,
cursor=cursor)
except Exception as exp:
exp = append_description_to_exception(
exp=exp, description='Could not get key object')
logger.error('Could not get key object: ' + repr(exp))
connection.rollback()
connection.close()
raise
else:
logger.info("######## Key Object -> OK ########")
connection.close()
# Generate JWS
try:
jws_object = jws_generate(payload=jws_payload)
except Exception as exp:
exp = append_description_to_exception(
exp=exp, description='Could not generate JWS object')
logger.error('Could not generate JWS object: ' + repr(exp))
raise
else:
logger.info("######## JWS Object -> OK ########")
# Sign JWS
try:
jws_object_signed = jws_sign(account_id=account_id,
account_kid=kid[0],
jws_object=jws_object,
jwk_object=key_object,
jwk_public_json=key_public_json)
except Exception as exp:
exp = append_description_to_exception(
exp=exp, description='Could not sign JWS object')
logger.error('Could not sign JWS object: ' + repr(exp))
raise
else:
logger.info("######## JWS signature -> OK ########")
# JWS object to JWS JSON
try:
jws_json = jws_object_to_json(jws_object=jws_object_signed)
except Exception as exp:
exp = append_description_to_exception(
exp=exp, description='Could not convert JWS object to JWS json')
logger.error('Could not convert JWS object to JWS json: ' + repr(exp))
raise
else:
logger.info("######## JWS conversion -> OK ########")
return jws_json
def sign_jws_with_jwk(account_id=None, jws_json_to_sign=None):
"""
For signing JWSs that have been generated by others.
Gathers necessary data for JWS signing. Signs JWS.
:param account_id: User account ID
:param jws_json_to_sign: JSON presentation of JWS that should be signed
:return: Signed JWS json
"""
if account_id is None:
raise AttributeError("Provide account_id or as parameter")
if jws_json_to_sign is None:
raise AttributeError("Provide jws_json_to_sign or as parameter")
# jws_json_to_sign to dict
try:
jws_structure = json.loads(jws_json_to_sign)
except Exception as exp:
exp = append_description_to_exception(
exp=exp, description='Could not convert jws_json_to_sign to dict')
logger.error('Could not convert jws_json_to_sign to dict: ' +
repr(exp))
raise
else:
log_dict_as_json(jws_structure)
logger.info("######## jws_json_to_sign to dict -> OK ########")
# Fix incorrect padding of base64 string
try:
# dict_keys = jws_structure.keys() # Top-level dict key to enable access to JWS payload
# first_key_in_dict = dict_keys[0]
# logger.debug('JWS payload before Base64 fix: ' + str(jws_structure[first_key_in_dict]['payload']))
# jws_structure[first_key_in_dict]['payload'] += '=' * (-len(jws_structure[first_key_in_dict]['payload']) % 4) # Fix incorrect padding of base64 string.
logger.debug('JWS payload before Base64 fix: ' +
str(jws_structure['payload']))
jws_structure['payload'] += '=' * (
-len(jws_structure['payload']) % 4
) # Fix incorrect padding of base64 string.
except Exception as exp:
exp = append_description_to_exception(
exp=exp,
description='Failed to fix incorrect padding of base64 string')
logger.error('Failed to fix incorrect padding of base64 string: ' +
repr(exp))
raise
else:
#logger.debug('JWS payload after Base64 fix: ' + str(jws_structure[first_key_in_dict]['payload']))
logger.debug('JWS payload after Base64 fix: ' +
str(jws_structure['payload']))
logger.info("######## Base64 fix -> OK ########")
# Convert jws_structure to JSON for future steps
try:
#jws_structure_json = json.dumps(jws_structure[first_key_in_dict])
jws_structure_json = json.dumps(jws_structure)
except Exception as exp:
exp = append_description_to_exception(
exp=exp, description='JSON conversion failed')
logger.error('JSON conversion failed: ' + repr(exp))
raise
else:
logger.info("######## JSON conversion -> OK ########")
# Prepare JWS for signing
try:
jws_object_to_sign = jws_json_to_object(jws_json=jws_structure_json)
except Exception as exp:
exp = append_description_to_exception(
exp=exp, description='Could not convert JWS json to JWS object')
logger.error('Could not convert JWS json to JWS object: ' + repr(exp))
raise
else:
logger.debug("jws_object_to_sign: " + str(jws_object_to_sign.__dict__))
logger.info("######## JWS object -> OK ########")
# Prepare database connection
try:
connection = get_sqlite_connection()
except Exception as exp:
exp = append_description_to_exception(
exp=exp, description='Could not get connection SQL database.')
logger.error('Could not get connection SQL database: ' + repr(exp))
raise
else:
logger.info("######## DB Connection -> OK ########")
# Prepare database cursor
try:
cursor, connection = get_sqlite_cursor(connection=connection)
except Exception as exp:
exp = append_description_to_exception(
exp=exp,
description='Could not get cursor for database connection')
logger.error('Could not get cursor for database connection: ' +
repr(exp))
raise
else:
logger.info("######## DB Cursor -> OK ########")
# Get public Key as JSON and Key ID
kid = {}
try:
cursor, key_public_json, kid[0] = get_public_key_by_account_id(
account_id=account_id, cursor=cursor)
except Exception as exp:
exp = append_description_to_exception(
exp=exp, description='Could not get public key as JSON')
logger.error('Could not get public key as JSON: ' + repr(exp))
connection.rollback()
connection.close()
raise
else:
logger.info("######## Public Key -> OK ########")
# Get Key as JWK object and Key ID
try:
cursor, key_object, kid[1] = get_key(account_id=account_id,
cursor=cursor)
except Exception as exp:
exp = append_description_to_exception(
exp=exp, description='Could not get key object')
logger.error('Could not get key object: ' + repr(exp))
connection.rollback()
connection.close()
raise
else:
logger.info("######## Key Object -> OK ########")
connection.close()
# Sign JWS
try:
jws_object_signed = jws_sign(account_id=account_id,
account_kid=kid[0],
jws_object=jws_object_to_sign,
jwk_object=key_object,
jwk_public_json=key_public_json)
except Exception as exp:
exp = append_description_to_exception(
exp=exp, description='Could not sign JWS object')
logger.error('Could not sign JWS object: ' + repr(exp))
raise
else:
logger.info("######## JWS signature -> OK ########")
# JWS object to JWS JSON
try:
jws_json = jws_object_to_json(jws_object=jws_object_signed)
except Exception as exp:
exp = append_description_to_exception(
exp=exp, description='Could not convert JWS object to JWS json')
logger.error('Could not convert JWS object to JWS json: ' + repr(exp))
raise
else:
logger.info("######## JWS conversion -> OK ########")
return jws_json