def getUserVirgilJWT(): try: if not g.user: print('ERROR: No user to get Virgil JWT for.') return "", constants.STATUS_BAD_REQUEST crypto = VirgilCrypto() api_id = os.environ['VIRGIL_API_ID'] api_key_id = os.environ['VIRGIL_API_KEY_ID'] api_private_key = os.environ['VIRGIL_API_PRIVATE_KEY_ID'] token_ttl = 20 # seconds imported_key = crypto.import_private_key( Utils.b64decode(api_private_key)).private_key # Instantiate token generator builder = JwtGenerator(api_id, imported_key, api_key_id, token_ttl, AccessTokenSigner()) token = builder.generate_token(str(g.user.id)).to_string() return jsonify({"token": token}), constants.STATUS_OK except Exception as err: print('Error getting the Virgil JWT: ' + str(err)) return "", constants.STATUS_SERVER_ERROR return "", constants.STATUS_SERVER_ERROR
def __emulate_server_jwt_response(self, token_context, token_ttl): data = {"username": "******"} builder = JwtGenerator(config.VIRGIL_APP_ID, self._app_private_key, config.VIRGIL_API_KEY_ID, token_ttl, AccessTokenSigner()) identity = self.some_hash(token_context.identity) return builder.generate_token(identity, data).to_string()
def authenticated_query_to_server(self, token_context, token_ttl=9999): self.crypto = VirgilCrypto() self.app_key_base64 = "MC4CAQAwBQYDK2VwBCIEIEtNPMUG9uR8YxukWw1gX3bkXjbsbOZoN54d2ZKSz09a" # self.app_key_base64 = "MC4CAQAwBQYDK2VwBCIEIJvD17QhpJ1qFfIq3q8eqrZ0oBIf9GQ0T+6obQCmspnQ" #self.app_key_base64 = "MC4CAQAwBQYDK2VwBCIEIF+gQkN4StqMMFJGWE1tKXcitkLqHqmrBz+OaQZKGZFR" #self.app_id = "6af75f0dd9be50ebb77facad0f71eaf3" self.app_id = "def16346c7b43bbaed5b4b9ac8affa4" # self.api_key_id = "3def16346c7b43bbaed5b4b9acb9ac8affa4" self.api_key_id = "309d53349835f34d5a03966d9de51877" self.app_key = self.crypto.import_private_key( Utils.b64decode(self.app_key_base64)) self.builder = JwtGenerator(self.app_id, self.app_key, self.api_key_id, token_ttl, AccessTokenSigner()) #self.identity = token_context.identity #return self.builder.generate_token(self.identity).to_string() #PLEASE MAKE TOKEN_CONTEXT AN ACTUAL JWT TOKEN #return self.builder.generate_token(token_context) try: self.identity = token_context.identity return self.builder.generate_token(self.identity).to_string() except: return self.builder.generate_token(token_context)
def test_get_invalid_card(self): class FakeCardClient(object): def __init__(self, raw_signed_model): self._raw_signed_model = raw_signed_model def publish_card(self, raw_signed_model, access_token): return self._raw_signed_model def get_card(self, card_id, access_token): return self._raw_signed_model, False def search_card(self, identity, access_token): return [self._raw_signed_model] validator = self.NegativeVerifier() jwt_generator = JwtGenerator(config.VIRGIL_APP_ID, self._app_private_key, config.VIRGIL_API_KEY_ID, datetime.timedelta(minutes=10).seconds, AccessTokenSigner()) identity = Utils.b64encode(os.urandom(20)) token = jwt_generator.generate_token(identity) access_token_provider = self.EchoTokenProvider(token) key_pair = self._crypto.generate_keys() virgil_key_pair = self._crypto.generate_keys() additional_key_pair = self._crypto.generate_keys() model = self._data_generator.generate_raw_signed_model( key_pair, True, virgil_key_pair, additional_key_pair) client = FakeCardClient(model) card_id = self._data_generator.generate_card_id() search_identity = Utils.b64encode(os.urandom(20)) manager = CardManager(CardCrypto(), access_token_provider, validator, sign_callback=self.sign_callback) manager._card_client = client self.assertRaises(CardVerificationException, manager.import_card, model.to_json()) self.assertRaises(CardVerificationException, manager.import_card, model.to_string()) self.assertRaises(CardVerificationException, manager.get_card, card_id) self.assertRaises(CardVerificationException, manager.publish_card, model) self.assertRaises(CardVerificationException, manager.search_card, search_identity) self.assertRaises(CardVerificationException, manager.import_card, model)
def generate_token(self, private_key, signer, token_ttl): api_public_key_id = config.VIRGIL_API_KEY_ID app_id = config.VIRGIL_APP_ID jwt_generator = JwtGenerator( app_id, private_key, api_public_key_id, token_ttl, signer ) additional_data = {"username": "******"} token = jwt_generator.generate_token("some_identity", additional_data) return token
def test_send_second_request_to_client_expired_token_retry_on_unauthorized( self): class FakeTokenProvider(object): def __init__(self, identity, token_generator, additional_token_generator=None): self.identity = identity self.token_generator = token_generator self.additional_token_generator = additional_token_generator def get_token(self, token_context): if not token_context.force_reload and self.additional_token_generator: token = self.additional_token_generator.generate_token( identity) return token token = self.token_generator.generate_token(identity) return token expired_jwt_generator = JwtGenerator(config.VIRGIL_APP_ID, self._app_private_key, config.VIRGIL_API_KEY_ID, 1, AccessTokenSigner()) jwt_generator = JwtGenerator(config.VIRGIL_APP_ID, self._app_private_key, config.VIRGIL_API_KEY_ID, datetime.timedelta(minutes=10).seconds, AccessTokenSigner()) identity = str(binascii.hexlify(os.urandom(20)).decode()) access_token_provider = FakeTokenProvider(identity, jwt_generator, expired_jwt_generator) validator = VirgilCardVerifier(CardCrypto()) card_manager = CardManager(card_crypto=CardCrypto(), access_token_provider=access_token_provider, card_verifier=validator, sign_callback=self.sign_callback) key_pair = self._crypto.generate_keys() card = card_manager.publish_card(key_pair.private_key, key_pair.public_key, identity) self.assertIsNotNone(card) searched_card = card_manager.search_card(identity) self.assertEqual(len(searched_card), 1)
def test_expired_token(self): token_generator = JwtGenerator(config.VIRGIL_APP_ID, self._app_private_key, config.VIRGIL_API_KEY_ID, 0, AccessTokenSigner()) access_token_provider = self.FakeTokenProvider(token_generator) card_manager = self._data_generator.generate_card_manager( access_token_provider) self.assertRaises(ClientException, card_manager.get_card, self._data_generator.generate_card_id())
def test_gets_card_with_different_id(self): class PositiveVerifier(object): def verify_card(self): return True class FakeCardClient(object): def __init__(self, raw_signed_model): self._raw_signed_model = raw_signed_model def get_card(self, card_id, access_token): return self._raw_signed_model, False validator = PositiveVerifier() key_pair = self._crypto.generate_keys() raw_card_content = RawCardContent(identity="test", public_key=key_pair.public_key, created_at=Utils.to_timestamp( datetime.datetime.now()), version="5.0") model = RawSignedModel(raw_card_content.content_snapshot) signer = ModelSigner(CardCrypto()) signer.self_sign(model, key_pair.private_key, extra_fields={"info": "some_additional_info"}) jwt_generator = JwtGenerator(config.VIRGIL_APP_ID, self._app_private_key, config.VIRGIL_API_KEY_ID, datetime.timedelta(minutes=10).seconds, AccessTokenSigner()) identity = Utils.b64encode(os.urandom(20)) token = jwt_generator.generate_token(identity) access_token_provider = self.EchoTokenProvider(token) card_id = self._data_generator.generate_app_id() manager = CardManager( card_crypto=CardCrypto(), access_token_provider=access_token_provider, card_verifier=validator, ) manager.card_client = FakeCardClient(model) self.assertRaises(CardVerificationException, manager.get_card, card_id)
def get_JWT_generator(self): return JwtGenerator(self.app_id, self.api_key, self.app_key_id, self.ttl, self.access_token_signer)
class VirgilServerClient: def __init__(self): print("generated") ####SERVER SIDE def authenticated_query_to_server(self, token_context, token_ttl=9999): self.crypto = VirgilCrypto() self.app_key_base64 = "MC4CAQAwBQYDK2VwBCIEIEtNPMUG9uR8YxukWw1gX3bkXjbsbOZoN54d2ZKSz09a" # self.app_key_base64 = "MC4CAQAwBQYDK2VwBCIEIJvD17QhpJ1qFfIq3q8eqrZ0oBIf9GQ0T+6obQCmspnQ" #self.app_key_base64 = "MC4CAQAwBQYDK2VwBCIEIF+gQkN4StqMMFJGWE1tKXcitkLqHqmrBz+OaQZKGZFR" #self.app_id = "6af75f0dd9be50ebb77facad0f71eaf3" self.app_id = "def16346c7b43bbaed5b4b9ac8affa4" # self.api_key_id = "3def16346c7b43bbaed5b4b9acb9ac8affa4" self.api_key_id = "309d53349835f34d5a03966d9de51877" self.app_key = self.crypto.import_private_key( Utils.b64decode(self.app_key_base64)) self.builder = JwtGenerator(self.app_id, self.app_key, self.api_key_id, token_ttl, AccessTokenSigner()) #self.identity = token_context.identity #return self.builder.generate_token(self.identity).to_string() #PLEASE MAKE TOKEN_CONTEXT AN ACTUAL JWT TOKEN #return self.builder.generate_token(token_context) try: self.identity = token_context.identity return self.builder.generate_token(self.identity).to_string() except: return self.builder.generate_token(token_context) ########CLIENT SIDE def get_token_from_server(self, token_context): print('get token from server') print(token_context) jwt_from_server = self.authenticated_query_to_server(token_context) return jwt_from_server def set_access_token_provider(self): self.access_token_provider = CallbackJwtProvider( self.get_token_from_server) def publish_card(self, user): self.client_crypto = VirgilCrypto() card_crypto = CardCrypto() validator = VirgilCardVerifier(card_crypto) token_provider = CallbackJwtProvider(self.get_token_from_server) print('token_provider') print(vars(token_provider)) card_manager = CardManager(card_crypto, access_token_provider=token_provider, card_verifier=validator) key_pair = self.client_crypto.generate_keys() username = user public_key_data = self.client_crypto.export_public_key( key_pair.public_key) public_key_str = Utils.b64encode(public_key_data) class DummyClass: def __init__(self, raw_key): self.raw_key = raw_key dummy = DummyClass(key_pair.public_key.raw_key) print(public_key_data) print(public_key_str) print(key_pair.public_key) card = card_manager.publish_card(identity=username, private_key=key_pair.private_key, public_key=key_pair.public_key) print(vars(card))