feat: Check timestamp and DID existence

2025-03-12 15:01:44 +01:00 · 2023-02-10 16:17:36 +01:00 · 2023-02-10 16:17:36 +01:00 · f897d42955
commit f897d42955
parent e74b2ed725
10 changed files with 69 additions and 52 deletions
--- a/.env.example
+++ b/.env.example
@ -2,3 +2,5 @@ FAB_HOST=localhost
 FAB_PORT=59661
 FAB_USER=Testuser
 FAB_PASS=secret
 DID_URL="https://did.dyne.org/dids/did:dyne:ifacer.test:"
 DELTA_TIMESTAMP=10
--- a/example/command.sh
+++ b/example/command.sh
@ -0,0 +1,40 @@
 #!/bin/sh
 source "../zenflows-crypto/test/utils.sh"
 sk="Cwj9CcqHNoBnXBo8iDfnhFkQeDun4Y4LStd2m3TEAYAg"
 cmd="$1"
 if [[ "$cmd" != "ON" && "$cmd" != "OFF" ]]; then
  echo "Unknown command $cmd (known commands are ON and OFF)"
  exit 1
 fi
 echo "SIGNING COMMAND"
 cat <<EOF >not_signed.json
 {
  "command": "$cmd",
  "service": "urn:fabaccess:resource:Another",
  "timestamp": "`date +%s`",
  "token": "bm90LWltcGxlbWVudGVk",
  "keyring": {
    "eddsa": "$sk"
  }
 }
 EOF
 ts_source='../zenflows-crypto/src/sign_fabaccess_cmd'
 echo "$ts_source"
 zen_source=`getscript $ts_source`
 echo "$zen_source"
 zenroom -a not_signed.json -z "$zen_source" >signed.json
 cat signed.json
 echo "SEND COMMAND"
 curl -X POST -H 'Content-Type:application/json' -d "@signed.json" "http://localhost:8000/command"
 echo
--- a/example/new_session.sh
+++ b/example/new_session.sh
@ -1,3 +0,0 @@
 #!/bin/sh
 curl -X POST -H 'Content-Type:application/json' -d "@session.json" http://localhost:8000/new-session
--- a/example/send_off.json
+++ b/example/send_off.json
@ -1,8 +0,0 @@
 {
  "command": "OFF",
  "eddsa_public_key": "BmW1a6x43P4Rae9B4hS67PhHTCUShXAGy4K8tQtUfa8L",
  "eddsa_signature": "3YUhX39JihVQySNAQVD4zS1PMhjsVdyndffoZmBQGUiKEH8EuAU4b2hF9fYSYutjPGdVnHtNhq3fgo9PChsp1455",
  "service": "urn:fabaccess:resource:Another",
  "timestamp": "1675964281",
  "token": "todo"
 }
--- a/example/send_off.sh
+++ b/example/send_off.sh
@ -1,3 +0,0 @@
 #!/bin/sh
 curl -X POST -H 'Content-Type:application/json' -d "@send_off.json" "http://localhost:8000/command"
--- a/example/send_on.json
+++ b/example/send_on.json
@ -1,8 +0,0 @@
 {
  "command": "ON",
  "eddsa_public_key": "BmW1a6x43P4Rae9B4hS67PhHTCUShXAGy4K8tQtUfa8L",
  "eddsa_signature": "GJxBHa1wtb2WhnwPZjs4tCTavy7tQAA7py46xMtTfDtuqwUhMHdzmfqoKCbMzUHJvbcRxkcJD7Zz1qP3d6AETMc",
  "service": "urn:fabaccess:resource:Another",
  "timestamp": "1675964281",
  "token": "todo"
 }
--- a/example/send_on.sh
+++ b/example/send_on.sh
@ -1,3 +0,0 @@
 #!/bin/sh
 curl -X POST -H 'Content-Type:application/json' -d "@send_on.json" "http://localhost:8000/command"
--- a/example/session.json
+++ b/example/session.json
@ -1,6 +0,0 @@
 {
 	"command": "OPEN",
 	"eddsa_public_key": "EdDja2UdyPPEduFhXLEzzRHuW9TdaG7g16oVFAXWYvHt",
 	"eddsa_signature": "4YApLBq9KMytJZmcRUdU2Ltn6QqLiDCPWshziBJymeP88vRg63VNWL19PM8TxZjcQvkBU6g7ABmwXdCyPnzWsNjM",
 	"timestamp": "1234567"
 }
--- a/main.py
+++ b/main.py
@ -10,8 +10,10 @@ from pydantic import BaseModel
 from zenroom import zencode_exec
 import json
 import datetime
 import os
 import requests
 from dotenv import load_dotenv 
 load_dotenv()
@ -21,12 +23,16 @@ class Config:
    fab_port: int
    fab_user: str
    fab_pass: str
    did_url: str
    delta_timestamp: str
    def __init__(self):
        self.fab_host = os.getenv("FAB_HOST")
        self.fab_port = int(os.getenv("FAB_PORT"))
        self.fab_user = os.getenv("FAB_USER")
        self.fab_pass = os.getenv("FAB_PASS")
        self.did_url = os.getenv("DID_URL")
        self.delta_timestamp = int(os.getenv("DELTA_TIMESTAMP"))
 with open('zenflows-crypto/src/verify_fabaccess_open.zen','r') as file:
        zen_verify_open = file.read()
@ -34,12 +40,6 @@ with open('zenflows-crypto/src/verify_fabaccess_open.zen','r') as file:
 with open('zenflows-crypto/src/verify_fabaccess_cmd.zen','r') as file:
        zen_verify_cmd = file.read()
 class NewSession(BaseModel):
    timestamp: str
    command: str
    eddsa_public_key: str
    eddsa_signature: str
 class Command(BaseModel):
    timestamp: str
    token: str
@ -51,23 +51,16 @@ class Command(BaseModel):
 app = FastAPI()
 conf = Config()
 # Maybe the session is useless
@app.post("/new-session")
 async def new_session(cmd: NewSession):
    zen_result = zencode_exec(zen_verify_open, keys=cmd.json())
    if zen_result.output == '':
        raise HTTPException(status_code=500, detail="Invalid signature")
    res = json.loads(zen_result.output)
    if res["output"][0] != 'ok':
        raise HTTPException(status_code=500, detail="Invalid signature")
    return {"token": "todo"}
@app.post("/command")
 async def read_root(cmd: Command):
    # Verify DID exits on DID controller
    did_request = requests.get(f"{conf.did_url}{cmd.eddsa_public_key}")
    if did_request.status_code != 200:
        raise HTTPException(status_code=500, detail="Could not fetch did")
    # Verify signature with zenroom
    zen_result = zencode_exec(zen_verify_cmd, keys=cmd.json())
    if zen_result.output == '':
@ -78,6 +71,18 @@ async def read_root(cmd: Command):
    if res["output"][0] != 'ok':
        raise HTTPException(status_code=500, detail="Invalid signature")
    # Verify timestamp
    now_time = datetime.datetime.now()
    cmd_timestamp = int(cmd.timestamp)
    delta_t = int(datetime.datetime.timestamp(now_time)) - cmd_timestamp
    if delta_t < 0:
        raise HTTPException(status_code=500, detail="Command from the future...")
    if delta_t > conf.delta_timestamp:
        raise HTTPException(status_code=500, detail="Signature expired")
    # Connect to fabaccess and send command
    session = await fabapi.connect(conf.fab_host, conf.fab_port, conf.fab_user, conf.fab_pass)
    if session == None:
--- a/requirements.txt
+++ b/requirements.txt
@ -6,3 +6,4 @@ pydantic==1.10.4
 python-dotenv==0.21.1
 uvicorn==0.20.0
 zenroom==2.16.4
 requests==2.28.2
		`@ -1,3 +0,0 @@`
			`#!/bin/sh`

			`curl -X POST -H 'Content-Type:application/json' -d "@session.json" http://localhost:8000/new-session`