## Wallet App Simulator
- Execute each cell with Crtl+Enter
- Two cells will ask for an input. Make sure the respective QR (init, DCC) is visible on scree next to this browser window


Install libraries if you run this notebook for the first time

In [None]:
!pip install pyjwt cryptography protobuf pycryptodome pyjwt ecdsa


### Scan a QR code

Create a process in the booking portal. Match the personal data (firstname, lastname) with a valid DCC that you have. 
Make sure the init QR displays next to this browser windoW

Run the code cell with Crtl+Enter. 

The code will print the decoded token which is embedded in the QR code.

In [None]:
import pyautogui
import requests
import json
import jwt
from pyzbar.pyzbar import decode as qr_decode

# Before running this box, make sure that the init QR code of the booking system is visible 
# on the main screen. 

screenshot = pyautogui.screenshot()
print(screenshot)
qr_code = qr_decode(screenshot)[0] # First QR Code on screen. Change index to select different QR code!
qr_code_data =  json.loads(qr_code.data.decode())
print(f"QR-Code data: {json.dumps(qr_code_data, indent=4)}")
token_info = jwt.decode(qr_code_data['token'], options={"verify_signature":False})
print(f"Token: {token_info}")


### Init QR code handling by wallet app
The QR code is ingested by the wallet app. 

First step is to query directory of validation services for recommendation. A call to /identity returns options

The user is prompted to enter her choice (1,2,3, etc)

With that information, the wallet app does the following:
 - get the endpoint for the validation service
 - request an access token from the token service by sending a freshly generated public key
    - the keypair is saved for later to sign the DCC upload
    - together with the access token, a nonce for encryption is obtained

In [None]:
import ecdsa
import base64
from Crypto.Hash import SHA256
from ecdsa.curves import NIST256p

# Load the identity document 
serviceIdentity = requests.get( qr_code_data['serviceIdentity'] ).json()

# Get the information from the identity document. Identity contents
## service, i.e. which providers offer validation
## verification method, cryptographic material

validationlist=[];
for service in serviceIdentity['service']:
    
    # This should not always be 'ValidationService-1' but the current service
    # depending on rules and requirements
    if service['id'].find('#ValidationService')>0: 
        validatonlist.append(service);
        validation_service_id = service['id']        
        print(f"Validation ServiceID {validation_service_id}") 
#print(validationlist) 
print("make your choice")
                              
 


In [None]:
import ecdsa
import base64
from Crypto.Hash import SHA256
from ecdsa.curves import NIST256p

choice = input('Please enter number of service you have chosen (1,2,3): ').strip()  # This picks up the validation service
#do something with outcome of choice, 


#nex step is to request validation service keeper what proof has to be delivered from DCC-s in wallet
# the request for proof is embedded in access token to validation service

userkey = ecdsa.SigningKey.generate(curve=NIST256p,hashfunc=SHA256.new) #create wallet key-pair to sign the DCC on upload

    # App should select the latest AccessTokenService here (not sure why, but only #1 is available)
for service in serviceIdentity['service']:
    if service['id'].endswith('#AccessTokenService-1'):
        response = requests.post( service['serviceEndpoint'], 
                    headers={'Authorization': f'Bearer {qr_code_data["token"]}', #initR-token goes here
                             'Content-Type':'application/json', 
                             'X-Version' : '1.0'},
                    json = {"pubKey": userkey.get_verifying_key().to_pem().decode(), 
                                    #advise pub key to validation service for inspection of signature on DCC
                            "service":validation_service_id}
                                     #advise chosen validation service
        )
 #       print ("Undecoded Response", response.status_code, response.text, '\n\n')
        
        # This is the access token for the validation service
        validator_token = response.text     
        validation_nonce = response.headers['x-nonce']
        
        token_info = jwt.decode(validator_token, options={"verify_signature":False})
        print(f"Token: {json.dumps(token_info, indent=4)}")




### Get the public key from the validation service
With the validation service endpoint that has been extracted from the decorator's identity document, we now load the validation service's identity document too to obtain its public key for encryption. 

In [13]:
validation_identity = requests.get(validation_service_endpoint+'/identity').json()

for verificationMethod in validation_identity['verificationMethod']:
    if verificationMethod['id'].endswith('ValidationServiceEncKey-1'):
        validation_service_publickey =  verificationMethod['publicKeyJwk']
        print("Selected Public Key:", validation_service_publickey )

KeyError: 'verificationMethod'

### Submit the health certificate
You can either enter the health certificate data into an input field or scan a DCC-QR-Code from screen. Comment or uncomment the first lines according to the behavior that you prefer. Make sure that the name and date-of-birth match the data in the token from above. 

The wallet app now executes the following steps: 
- choose a random password (32 bytes)
- AES-encrypt the DCC with the password from above and the nonce that was obtained together with the access token 
- encrypt the password with the validation service's public key 
- sign the encrypted AES-encrypted data with the userkey that has been submitted to get the access token
- send JSON data to the validation service:
   - kid of validation server's public key that was used to encrypt password
   - encrypted dcc data
   - signature of encrypted dcc data
   - PKI encrypted password for dcc
   - constants: encScheme = RSAOAEPWithSHA256AESCBC, sigAlg = SHA256withECDSA
   - header: Access token that was previously obtained
- decode the response and print it

In [None]:
#hcert = input('Please paste your HCert: ').strip()  # Option 1: Enter the HC1:-String into the input field
screenshot = pyautogui.screenshot()                   # Option 2: Scan a DCC-QR-Code from screen
hcert = qr_decode(screenshot)[0].data.decode()        # Option 2 continued
#hcert = input('Please paste your HCert: ').strip()  
assert hcert.startswith('HC1:')

from base64 import b64decode
from random import randint
from Crypto.Cipher import PKCS1_OAEP
from Crypto.PublicKey import RSA
from Crypto.Cipher import AES
from Crypto.Util.Padding import pad
from ecdsa.util import sigencode_der

# Use real random numbers for production instead!
password = bytearray([randint(0,255) for i in range(32)])

validatorkey = RSA.import_key(f'-----BEGIN CERTIFICATE-----\n{validation_service_publickey["x5c"]}\n-----END CERTIFICATE-----')
aesCipher = AES.new(password, AES.MODE_CBC,iv=b64decode(validation_nonce))

cipher = PKCS1_OAEP.new(validatorkey,hashAlgo=SHA256)
cryptKey = cipher.encrypt(password)
ciphertext= aesCipher.encrypt(pad(bytes(hcert,'utf-8'),AES.block_size))
signature = userkey.sign(ciphertext,hashfunc=SHA256.new,sigencode=sigencode_der)

headers = {'content-type': 'application/json', "Authorization":"Bearer " + validator_token ,"X-Version":"1.0"}

body = {"kid":validation_service_publickey["kid"],
        "dcc":base64.b64encode(ciphertext).decode(),
        "sig":base64.b64encode(signature).decode(),
        "encKey":base64.b64encode(cryptKey).decode(),
        "encScheme":"RSAOAEPWithSHA256AESCBC",
        "sigAlg":"SHA256withECDSA"}

headers = {'content-type': 'application/json', "Authorization":"Bearer " +validator_token,"X-Version":"1.0"}
response = requests.post(token_info['aud'], data=json.dumps(body), headers=headers)
print ("Undecoded Response", response.status_code, response.text, '\n\n')
if response.ok:
    validate_result = jwt.decode(response.content, options={"verify_signature":False})
    print(f'Validate result message: {json.dumps(validate_result, indent=4)}')