-
Notifications
You must be signed in to change notification settings - Fork 47
/
enroll_script.py
224 lines (169 loc) · 7.39 KB
/
enroll_script.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
"""
Additional dependencies:
python3 -m pip install PyQtWebEngine
To run:
export PYTHONPATH=.
python3 -m ipv8.attestation.wallet.irmaexact.enroll_script
"""
# ruff: noqa
import base64
import binascii
import json
import sys
import time
from PyQt5.QtCore import *
from PyQt5.QtWebEngineWidgets import *
from PyQt5.QtWidgets import QApplication
import urllib3
from .gabi.attributes import make_attribute_list
from .gabi.builder import BuildDistributedProofList, Challenge, CredentialBuilder, IssueCommitmentMessage, IssueSignatureMessage
from .gabi.keys import CLSignature, DefaultSystemParameters
from .gabi.proofs import ProofP, ProofPCommitment, ProofS
from .keydump import nijmegen_pk_1623505755 as nijmegen_pk
from .wrappers import serialize_proof_d
from ..primitives.cryptography_wrapper import generate_safe_prime
from ....util import int2byte
my_app = QApplication(sys.argv)
my_web = QWebEngineView()
profile = QWebEngineProfile("storage", my_web)
cookie_store = profile.cookieStore()
cookie_store.deleteAllCookies()
token = None
def print_result(r):
global token
if r:
u = json.loads(r)["u"].encode()
token = u.split(b'/')[-1].decode()
my_web.hide()
my_app.quit()
def page_loaded(ok):
if ok and my_web.url() == QUrl('https://services.nijmegen.nl/irma/gemeente/issue?'):
my_web.page().runJavaScript("window.irmaSessionPtr", print_result)
my_web.loadFinished.connect(page_loaded)
my_web.load(QUrl("https://services.nijmegen.nl/irma/gemeente/issue"))
my_web.setWindowTitle("Annoying Pop-up")
my_web.show()
my_app.exec_()
secret = generate_safe_prime(DefaultSystemParameters[1024].Lm)
no_pin = 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=\\n'
def do_get(u):
http = urllib3.PoolManager()
headers = {'Content-Type': 'application/json',
"X-IRMA-MinProtocolVersion": "2.4",
"X-IRMA-MaxProtocolVersion": "2.4"}
r = http.request('GET', u, headers=headers)
try:
out = json.loads(r.data)
except ValueError:
out = r.data
return out
def do_post(u, content, extra_headers={}):
http = urllib3.PoolManager()
headers = {'Content-Type': 'application/json'}
headers.update(extra_headers)
r = http.request('POST', u, headers=headers, body=content)
try:
out = json.loads(r.data)
except ValueError:
out = r.data
return out
u = "https://keyshare.privacybydesign.foundation/tomcat/irma_keyshare_server/api/v1/client/register"
u = do_post(u, "{\"username\":\"\",\"pin\":\"%s\",\"email\":null,\"language\":\"en\"}" % no_pin)['u']
response = do_get(u)
context = int(binascii.hexlify(base64.b64decode(response["context"])), 16)
nonce = int(binascii.hexlify(base64.b64decode(response["nonce"])), 16)
irmaid = response["credentials"][0]["attributes"]["pseudonym"]
u = "https://keyshare.privacybydesign.foundation/tomcat/irma_keyshare_server/api/v1/users/verify/pin"
jwt = do_post(u, f"{{\"id\":\"{irmaid}\",\"pin\":\"{no_pin}\"}}")["message"]
extra_headers = {"Authorization": jwt, "X-IRMA-Keyshare-Username": ""}
u = "https://keyshare.privacybydesign.foundation/tomcat/irma_keyshare_server/api/v1/prove/getCommitments"
response = do_post(u, "["
"{\"issuer\":{\"identifier\":\"pbdf.gemeente\"},\"counter\": 1},"
"{\"issuer\":{\"identifier\":\"pbdf.gemeente\"},\"counter\": 1}"
"]", extra_headers=extra_headers)
Pcommit = response['c'][0][1]['Pcommit']
P = response['c'][0][1]['P']
# Get nijmegen issuance
u = 'https://gw.nijmegen.nl/irma/session/%s/' % token
issuance_output = do_get(u)
context = int(binascii.hexlify(base64.b64decode(issuance_output['context'])), 16)
nonce1 = int(binascii.hexlify(base64.b64decode(issuance_output['nonce'])), 16)
u = "https://keyshare.privacybydesign.foundation/tomcat/irma_keyshare_server/api/v1/prove/getResponse"
# 2 because: 'pbdf.gemeente.address' and 'pbdf.gemeente.personalData'
cbs = [CredentialBuilder(nijmegen_pk, context, secret, nonce1) for _ in range(2)]
for cb in cbs:
cb.MergeProofPCommitment(ProofPCommitment(P, Pcommit))
challenge = Challenge(cbs, context, nonce1, False)
commit_jwt = do_post(u, str(challenge), extra_headers=extra_headers)
proofP_d = commit_jwt.split(b'.')[1]
lens = len(proofP_d)
lenx = lens - (lens % 4 if lens % 4 else 4)
proofP_d = json.loads(base64.decodebytes(proofP_d[:lenx]) + b'}')["ProofP"]
P = proofP_d["P"]
c = proofP_d["c"]
s_response = proofP_d["s_response"]
proofP = ProofP(P, c, s_response)
u = 'https://gw.nijmegen.nl/irma/session/%s/status' % token
while do_get(u) != "CONNECTED":
time.sleep(0.5)
u = 'https://gw.nijmegen.nl/irma/session/%s/commitments' % token
proofs = BuildDistributedProofList(cbs, challenge, [])
commitMsg = IssueCommitmentMessage(None, proofs, nonce1)
def proof_to_str(proof):
return ('{"U": ' + str(proof.U)
+ ', "c": ' + str(proof.C)
+ ', "v_prime_response": ' + str(proof.VPrimeResponse)
+ ', "s_response": ' + str(proof.SResponse) + '}')
outjson = '{'
outjson += '"U": null,'
outjson += '"combinedProofs": [' + ', '.join(proof_to_str(p) for p in commitMsg.Proofs) + '],'
outjson += '"indices": [],'
outjson += '"n_2": ' + str(commitMsg.Nonce2) + ","
outjson += '"proofPJwt": "",'
outjson += '"proofPJwts": {"pbdf": "' + commit_jwt.decode() + '"}'
outjson += '}'
output_proof = do_post(u, outjson)
def b64_to_int(s):
return str_to_int(base64.b64decode(s))
def str_to_int(s):
if isinstance(s, str):
s = b''.join(int2byte(ord(c)) for c in s)
if s is None:
return 0
if s == b"":
return 1
return int(binascii.hexlify(s), 16)
isms = []
for ism in output_proof:
proof_s_desc = ism["proof"]
sig_desc = ism["signature"]
proof_s = ProofS(b64_to_int(proof_s_desc["c"]), b64_to_int(proof_s_desc["e_response"]))
signature = CLSignature(b64_to_int(sig_desc["A"]), b64_to_int(sig_desc["e"]), b64_to_int(sig_desc["v"]))
isms.append(IssueSignatureMessage(signature, proof_s))
order_map = {
'pbdf.gemeente.address': ["street", "houseNumber", "zipcode", "municipality", "city"],
'pbdf.gemeente.personalData': ["initials", "firstnames", "prefix", "familyname", "fullname", "gender",
"nationality", "surname", "dateofbirth", "cityofbirth", "countryofbirth", "over12",
"over16", "over18", "over21", "over65", "bsn", "digidlevel"]
}
for i in range(len(cbs)):
cb = cbs[i]
ism = isms[i]
ordering = order_map[issuance_output["credentials"][i]['credential']]
attribute_ints, signing_date = make_attribute_list(issuance_output["credentials"][i], ordering)
credential = cb.ConstructCredential(ism, attribute_ints)
builder = credential.CreateDisclosureProofBuilder(list(range(1, len(attribute_ints) + 1)))
builder.MergeProofPCommitment(ProofPCommitment(P, Pcommit))
commit_randomizer = generate_safe_prime(nijmegen_pk.Params.LmCommit)
A, Z = builder.Commit(commit_randomizer)
p = builder.CreateProof(challenge)
p.MergeProofP(proofP, nijmegen_pk)
attr_output = '{\n'
attr_output += '\t"sign_date": ' + str(signing_date) + ',\n'
attr_output += '\t"proofd": "' + binascii.hexlify(serialize_proof_d(p)).decode() + '",\n'
attr_output += '\t"z": ' + str(Z) + '\n'
attr_output += '}'
print("*" * 20) # noqa: T201
print("Attribute:", issuance_output["credentials"][i]['credential']) # noqa: T201
print(attr_output) # noqa: T201
print("*" * 20) # noqa: T201