示例#1
0
def getUserVirgilJWT():
    try:
        if not g.user:
            print('ERROR: No user to get Virgil JWT for.')
            return "", constants.STATUS_BAD_REQUEST

        crypto = VirgilCrypto()
        api_id = os.environ['VIRGIL_API_ID']
        api_key_id = os.environ['VIRGIL_API_KEY_ID']
        api_private_key = os.environ['VIRGIL_API_PRIVATE_KEY_ID']

        token_ttl = 20  # seconds
        imported_key = crypto.import_private_key(
            Utils.b64decode(api_private_key)).private_key

        # Instantiate token generator
        builder = JwtGenerator(api_id, imported_key, api_key_id, token_ttl,
                               AccessTokenSigner())

        token = builder.generate_token(str(g.user.id)).to_string()
        return jsonify({"token": token}), constants.STATUS_OK
    except Exception as err:
        print('Error getting the Virgil JWT: ' + str(err))
        return "", constants.STATUS_SERVER_ERROR

    return "", constants.STATUS_SERVER_ERROR
示例#2
0
 def __emulate_server_jwt_response(self, token_context, token_ttl):
     data = {"username": "******"}
     builder = JwtGenerator(config.VIRGIL_APP_ID, self._app_private_key,
                            config.VIRGIL_API_KEY_ID, token_ttl,
                            AccessTokenSigner())
     identity = self.some_hash(token_context.identity)
     return builder.generate_token(identity, data).to_string()
    def authenticated_query_to_server(self, token_context, token_ttl=9999):
        self.crypto = VirgilCrypto()

        self.app_key_base64 = "MC4CAQAwBQYDK2VwBCIEIEtNPMUG9uR8YxukWw1gX3bkXjbsbOZoN54d2ZKSz09a"
        #        self.app_key_base64 = "MC4CAQAwBQYDK2VwBCIEIJvD17QhpJ1qFfIq3q8eqrZ0oBIf9GQ0T+6obQCmspnQ"
        #self.app_key_base64 = "MC4CAQAwBQYDK2VwBCIEIF+gQkN4StqMMFJGWE1tKXcitkLqHqmrBz+OaQZKGZFR"
        #self.app_id = "6af75f0dd9be50ebb77facad0f71eaf3"
        self.app_id = "def16346c7b43bbaed5b4b9ac8affa4"
        #        self.api_key_id = "3def16346c7b43bbaed5b4b9acb9ac8affa4"
        self.api_key_id = "309d53349835f34d5a03966d9de51877"

        self.app_key = self.crypto.import_private_key(
            Utils.b64decode(self.app_key_base64))

        self.builder = JwtGenerator(self.app_id, self.app_key, self.api_key_id,
                                    token_ttl, AccessTokenSigner())

        #self.identity = token_context.identity
        #return self.builder.generate_token(self.identity).to_string()
        #PLEASE MAKE TOKEN_CONTEXT AN ACTUAL JWT TOKEN
        #return self.builder.generate_token(token_context)
        try:
            self.identity = token_context.identity
            return self.builder.generate_token(self.identity).to_string()
        except:
            return self.builder.generate_token(token_context)
示例#4
0
    def test_get_invalid_card(self):
        class FakeCardClient(object):
            def __init__(self, raw_signed_model):
                self._raw_signed_model = raw_signed_model

            def publish_card(self, raw_signed_model, access_token):
                return self._raw_signed_model

            def get_card(self, card_id, access_token):
                return self._raw_signed_model, False

            def search_card(self, identity, access_token):
                return [self._raw_signed_model]

        validator = self.NegativeVerifier()
        jwt_generator = JwtGenerator(config.VIRGIL_APP_ID,
                                     self._app_private_key,
                                     config.VIRGIL_API_KEY_ID,
                                     datetime.timedelta(minutes=10).seconds,
                                     AccessTokenSigner())

        identity = Utils.b64encode(os.urandom(20))
        token = jwt_generator.generate_token(identity)
        access_token_provider = self.EchoTokenProvider(token)
        key_pair = self._crypto.generate_keys()
        virgil_key_pair = self._crypto.generate_keys()
        additional_key_pair = self._crypto.generate_keys()
        model = self._data_generator.generate_raw_signed_model(
            key_pair, True, virgil_key_pair, additional_key_pair)
        client = FakeCardClient(model)

        card_id = self._data_generator.generate_card_id()
        search_identity = Utils.b64encode(os.urandom(20))
        manager = CardManager(CardCrypto(),
                              access_token_provider,
                              validator,
                              sign_callback=self.sign_callback)
        manager._card_client = client
        self.assertRaises(CardVerificationException, manager.import_card,
                          model.to_json())
        self.assertRaises(CardVerificationException, manager.import_card,
                          model.to_string())
        self.assertRaises(CardVerificationException, manager.get_card, card_id)
        self.assertRaises(CardVerificationException, manager.publish_card,
                          model)
        self.assertRaises(CardVerificationException, manager.search_card,
                          search_identity)
        self.assertRaises(CardVerificationException, manager.import_card,
                          model)
示例#5
0
    def generate_token(self, private_key, signer, token_ttl):
        api_public_key_id = config.VIRGIL_API_KEY_ID
        app_id = config.VIRGIL_APP_ID

        jwt_generator = JwtGenerator(
            app_id,
            private_key,
            api_public_key_id,
            token_ttl,
            signer
        )

        additional_data = {"username": "******"}
        token = jwt_generator.generate_token("some_identity", additional_data)
        return token
示例#6
0
    def test_send_second_request_to_client_expired_token_retry_on_unauthorized(
            self):
        class FakeTokenProvider(object):
            def __init__(self,
                         identity,
                         token_generator,
                         additional_token_generator=None):
                self.identity = identity
                self.token_generator = token_generator
                self.additional_token_generator = additional_token_generator

            def get_token(self, token_context):
                if not token_context.force_reload and self.additional_token_generator:
                    token = self.additional_token_generator.generate_token(
                        identity)
                    return token
                token = self.token_generator.generate_token(identity)
                return token

        expired_jwt_generator = JwtGenerator(config.VIRGIL_APP_ID,
                                             self._app_private_key,
                                             config.VIRGIL_API_KEY_ID, 1,
                                             AccessTokenSigner())

        jwt_generator = JwtGenerator(config.VIRGIL_APP_ID,
                                     self._app_private_key,
                                     config.VIRGIL_API_KEY_ID,
                                     datetime.timedelta(minutes=10).seconds,
                                     AccessTokenSigner())

        identity = str(binascii.hexlify(os.urandom(20)).decode())

        access_token_provider = FakeTokenProvider(identity, jwt_generator,
                                                  expired_jwt_generator)
        validator = VirgilCardVerifier(CardCrypto())
        card_manager = CardManager(card_crypto=CardCrypto(),
                                   access_token_provider=access_token_provider,
                                   card_verifier=validator,
                                   sign_callback=self.sign_callback)
        key_pair = self._crypto.generate_keys()
        card = card_manager.publish_card(key_pair.private_key,
                                         key_pair.public_key, identity)
        self.assertIsNotNone(card)
        searched_card = card_manager.search_card(identity)
        self.assertEqual(len(searched_card), 1)
示例#7
0
 def test_expired_token(self):
     token_generator = JwtGenerator(config.VIRGIL_APP_ID,
                                    self._app_private_key,
                                    config.VIRGIL_API_KEY_ID, 0,
                                    AccessTokenSigner())
     access_token_provider = self.FakeTokenProvider(token_generator)
     card_manager = self._data_generator.generate_card_manager(
         access_token_provider)
     self.assertRaises(ClientException, card_manager.get_card,
                       self._data_generator.generate_card_id())
示例#8
0
    def test_gets_card_with_different_id(self):
        class PositiveVerifier(object):
            def verify_card(self):
                return True

        class FakeCardClient(object):
            def __init__(self, raw_signed_model):
                self._raw_signed_model = raw_signed_model

            def get_card(self, card_id, access_token):
                return self._raw_signed_model, False

        validator = PositiveVerifier()
        key_pair = self._crypto.generate_keys()
        raw_card_content = RawCardContent(identity="test",
                                          public_key=key_pair.public_key,
                                          created_at=Utils.to_timestamp(
                                              datetime.datetime.now()),
                                          version="5.0")
        model = RawSignedModel(raw_card_content.content_snapshot)
        signer = ModelSigner(CardCrypto())
        signer.self_sign(model,
                         key_pair.private_key,
                         extra_fields={"info": "some_additional_info"})
        jwt_generator = JwtGenerator(config.VIRGIL_APP_ID,
                                     self._app_private_key,
                                     config.VIRGIL_API_KEY_ID,
                                     datetime.timedelta(minutes=10).seconds,
                                     AccessTokenSigner())
        identity = Utils.b64encode(os.urandom(20))
        token = jwt_generator.generate_token(identity)
        access_token_provider = self.EchoTokenProvider(token)
        card_id = self._data_generator.generate_app_id()
        manager = CardManager(
            card_crypto=CardCrypto(),
            access_token_provider=access_token_provider,
            card_verifier=validator,
        )
        manager.card_client = FakeCardClient(model)
        self.assertRaises(CardVerificationException, manager.get_card, card_id)
示例#9
0
 def get_JWT_generator(self):
     return JwtGenerator(self.app_id, self.api_key, self.app_key_id, self.ttl, self.access_token_signer)
class VirgilServerClient:
    def __init__(self):
        print("generated")

    ####SERVER SIDE
    def authenticated_query_to_server(self, token_context, token_ttl=9999):
        self.crypto = VirgilCrypto()

        self.app_key_base64 = "MC4CAQAwBQYDK2VwBCIEIEtNPMUG9uR8YxukWw1gX3bkXjbsbOZoN54d2ZKSz09a"
        #        self.app_key_base64 = "MC4CAQAwBQYDK2VwBCIEIJvD17QhpJ1qFfIq3q8eqrZ0oBIf9GQ0T+6obQCmspnQ"
        #self.app_key_base64 = "MC4CAQAwBQYDK2VwBCIEIF+gQkN4StqMMFJGWE1tKXcitkLqHqmrBz+OaQZKGZFR"
        #self.app_id = "6af75f0dd9be50ebb77facad0f71eaf3"
        self.app_id = "def16346c7b43bbaed5b4b9ac8affa4"
        #        self.api_key_id = "3def16346c7b43bbaed5b4b9acb9ac8affa4"
        self.api_key_id = "309d53349835f34d5a03966d9de51877"

        self.app_key = self.crypto.import_private_key(
            Utils.b64decode(self.app_key_base64))

        self.builder = JwtGenerator(self.app_id, self.app_key, self.api_key_id,
                                    token_ttl, AccessTokenSigner())

        #self.identity = token_context.identity
        #return self.builder.generate_token(self.identity).to_string()
        #PLEASE MAKE TOKEN_CONTEXT AN ACTUAL JWT TOKEN
        #return self.builder.generate_token(token_context)
        try:
            self.identity = token_context.identity
            return self.builder.generate_token(self.identity).to_string()
        except:
            return self.builder.generate_token(token_context)

    ########CLIENT SIDE
    def get_token_from_server(self, token_context):
        print('get token from server')
        print(token_context)
        jwt_from_server = self.authenticated_query_to_server(token_context)
        return jwt_from_server

    def set_access_token_provider(self):
        self.access_token_provider = CallbackJwtProvider(
            self.get_token_from_server)

    def publish_card(self, user):
        self.client_crypto = VirgilCrypto()
        card_crypto = CardCrypto()
        validator = VirgilCardVerifier(card_crypto)
        token_provider = CallbackJwtProvider(self.get_token_from_server)
        print('token_provider')
        print(vars(token_provider))
        card_manager = CardManager(card_crypto,
                                   access_token_provider=token_provider,
                                   card_verifier=validator)

        key_pair = self.client_crypto.generate_keys()

        username = user
        public_key_data = self.client_crypto.export_public_key(
            key_pair.public_key)
        public_key_str = Utils.b64encode(public_key_data)

        class DummyClass:
            def __init__(self, raw_key):
                self.raw_key = raw_key

        dummy = DummyClass(key_pair.public_key.raw_key)

        print(public_key_data)
        print(public_key_str)
        print(key_pair.public_key)

        card = card_manager.publish_card(identity=username,
                                         private_key=key_pair.private_key,
                                         public_key=key_pair.public_key)
        print(vars(card))