feat: Check timestamp and DID existence

2025-03-12 06:51:43 +01:00 · 2023-02-10 16:17:36 +01:00 · 2023-02-10 16:17:36 +01:00 · f897d42955
commit f897d42955
parent e74b2ed725
10 changed files with 69 additions and 52 deletions
--- a/.env.example
+++ b/.env.example
@ -2,3 +2,5 @@ FAB_HOST=localhost
 FAB_PORT=59661
 FAB_USER=Testuser
 FAB_PASS=secret
+DID_URL="https://did.dyne.org/dids/did:dyne:ifacer.test:"
+DELTA_TIMESTAMP=10
--- a/example/command.sh
+++ b/example/command.sh
@ -0,0 +1,40 @@
+#!/bin/sh
+
+source "../zenflows-crypto/test/utils.sh"
+
+sk="Cwj9CcqHNoBnXBo8iDfnhFkQeDun4Y4LStd2m3TEAYAg"
+
+cmd="$1"
+
+if [[ "$cmd" != "ON" && "$cmd" != "OFF" ]]; then
+  echo "Unknown command $cmd (known commands are ON and OFF)"
+  exit 1
+fi
+
+echo "SIGNING COMMAND"
+
+cat <<EOF >not_signed.json
+{
+  "command": "$cmd",
+  "service": "urn:fabaccess:resource:Another",
+  "timestamp": "`date +%s`",
+  "token": "bm90LWltcGxlbWVudGVk",
+  "keyring": {
+    "eddsa": "$sk"
+  }
+}
+EOF
+
+ts_source='../zenflows-crypto/src/sign_fabaccess_cmd'
+echo "$ts_source"
+zen_source=`getscript $ts_source`
+
+echo "$zen_source"
+zenroom -a not_signed.json -z "$zen_source" >signed.json
+
+cat signed.json
+
+echo "SEND COMMAND"
+
+curl -X POST -H 'Content-Type:application/json' -d "@signed.json" "http://localhost:8000/command"
+echo
--- a/example/new_session.sh
+++ b/example/new_session.sh
@ -1,3 +0,0 @@
-#!/bin/sh
-
-curl -X POST -H 'Content-Type:application/json' -d "@session.json" http://localhost:8000/new-session
--- a/example/send_off.json
+++ b/example/send_off.json
@ -1,8 +0,0 @@
-{
-  "command": "OFF",
-  "eddsa_public_key": "BmW1a6x43P4Rae9B4hS67PhHTCUShXAGy4K8tQtUfa8L",
-  "eddsa_signature": "3YUhX39JihVQySNAQVD4zS1PMhjsVdyndffoZmBQGUiKEH8EuAU4b2hF9fYSYutjPGdVnHtNhq3fgo9PChsp1455",
-  "service": "urn:fabaccess:resource:Another",
-  "timestamp": "1675964281",
-  "token": "todo"
-}
--- a/example/send_off.sh
+++ b/example/send_off.sh
@ -1,3 +0,0 @@
-#!/bin/sh
-
-curl -X POST -H 'Content-Type:application/json' -d "@send_off.json" "http://localhost:8000/command"
--- a/example/send_on.json
+++ b/example/send_on.json
@ -1,8 +0,0 @@
-{
-  "command": "ON",
-  "eddsa_public_key": "BmW1a6x43P4Rae9B4hS67PhHTCUShXAGy4K8tQtUfa8L",
-  "eddsa_signature": "GJxBHa1wtb2WhnwPZjs4tCTavy7tQAA7py46xMtTfDtuqwUhMHdzmfqoKCbMzUHJvbcRxkcJD7Zz1qP3d6AETMc",
-  "service": "urn:fabaccess:resource:Another",
-  "timestamp": "1675964281",
-  "token": "todo"
-}
--- a/example/send_on.sh
+++ b/example/send_on.sh
@ -1,3 +0,0 @@
-#!/bin/sh
-
-curl -X POST -H 'Content-Type:application/json' -d "@send_on.json" "http://localhost:8000/command"
--- a/example/session.json
+++ b/example/session.json
@ -1,6 +0,0 @@
-{
-	"command": "OPEN",
-	"eddsa_public_key": "EdDja2UdyPPEduFhXLEzzRHuW9TdaG7g16oVFAXWYvHt",
-	"eddsa_signature": "4YApLBq9KMytJZmcRUdU2Ltn6QqLiDCPWshziBJymeP88vRg63VNWL19PM8TxZjcQvkBU6g7ABmwXdCyPnzWsNjM",
-	"timestamp": "1234567"
-}
--- a/main.py
+++ b/main.py
@ -10,8 +10,10 @@ from pydantic import BaseModel
 from zenroom import zencode_exec

 import json
+import datetime

 import os
+import requests
 from dotenv import load_dotenv 

 load_dotenv()
@ -21,12 +23,16 @@ class Config:
    fab_port: int
    fab_user: str
    fab_pass: str
+    did_url: str
+    delta_timestamp: str

    def __init__(self):
        self.fab_host = os.getenv("FAB_HOST")
        self.fab_port = int(os.getenv("FAB_PORT"))
        self.fab_user = os.getenv("FAB_USER")
        self.fab_pass = os.getenv("FAB_PASS")
+        self.did_url = os.getenv("DID_URL")
+        self.delta_timestamp = int(os.getenv("DELTA_TIMESTAMP"))

 with open('zenflows-crypto/src/verify_fabaccess_open.zen','r') as file:
        zen_verify_open = file.read()
@ -34,12 +40,6 @@ with open('zenflows-crypto/src/verify_fabaccess_open.zen','r') as file:
 with open('zenflows-crypto/src/verify_fabaccess_cmd.zen','r') as file:
        zen_verify_cmd = file.read()

-class NewSession(BaseModel):
-    timestamp: str
-    command: str
-    eddsa_public_key: str
-    eddsa_signature: str
-
 class Command(BaseModel):
    timestamp: str
    token: str
@ -51,23 +51,16 @@ class Command(BaseModel):
 app = FastAPI()
 conf = Config()

-# Maybe the session is useless
-@app.post("/new-session")
-async def new_session(cmd: NewSession):
-    zen_result = zencode_exec(zen_verify_open, keys=cmd.json())
-
-    if zen_result.output == '':
-        raise HTTPException(status_code=500, detail="Invalid signature")
-
-    res = json.loads(zen_result.output)
-
-    if res["output"][0] != 'ok':
-        raise HTTPException(status_code=500, detail="Invalid signature")
-
-    return {"token": "todo"}
-
@app.post("/command")
 async def read_root(cmd: Command):
+    # Verify DID exits on DID controller
+
+    did_request = requests.get(f"{conf.did_url}{cmd.eddsa_public_key}")
+    if did_request.status_code != 200:
+        raise HTTPException(status_code=500, detail="Could not fetch did")
+
+    # Verify signature with zenroom
+
    zen_result = zencode_exec(zen_verify_cmd, keys=cmd.json())

    if zen_result.output == '':
@ -78,6 +71,18 @@ async def read_root(cmd: Command):
    if res["output"][0] != 'ok':
        raise HTTPException(status_code=500, detail="Invalid signature")

+    # Verify timestamp
+
+    now_time = datetime.datetime.now()
+    cmd_timestamp = int(cmd.timestamp)
+    delta_t = int(datetime.datetime.timestamp(now_time)) - cmd_timestamp
+    if delta_t < 0:
+        raise HTTPException(status_code=500, detail="Command from the future...")
+
+    if delta_t > conf.delta_timestamp:
+        raise HTTPException(status_code=500, detail="Signature expired")
+
+    # Connect to fabaccess and send command

    session = await fabapi.connect(conf.fab_host, conf.fab_port, conf.fab_user, conf.fab_pass)
    if session == None:
--- a/requirements.txt
+++ b/requirements.txt
@ -6,3 +6,4 @@ pydantic==1.10.4
 python-dotenv==0.21.1
 uvicorn==0.20.0
 zenroom==2.16.4
+requests==2.28.2