oydid 0.4.3 → 0.5.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/VERSION +1 -1
- data/lib/oydid/basic.rb +204 -26
- data/lib/oydid/didcomm.rb +25 -6
- data/lib/oydid/log.rb +15 -7
- data/lib/oydid/vc.rb +264 -0
- data/lib/oydid.rb +286 -111
- data/spec/input/basic/sample_b16_dec.doc +1 -0
- data/spec/input/basic/{sample_enc.doc → sample_b16_enc.doc} +0 -0
- data/spec/input/basic/sample_b17_edec.doc +1 -0
- data/spec/input/basic/{sample_hash.doc → sample_b17_enc.doc} +0 -0
- data/spec/input/basic/sample_b32_dec.doc +1 -0
- data/spec/{output/basic/sample_dec.doc → input/basic/sample_b32_enc.doc} +0 -0
- data/spec/input/basic/{sample_dec.doc → sample_b58_dec.doc} +0 -0
- data/spec/input/basic/sample_b58_enc.doc +1 -0
- data/spec/input/basic/sample_b64_dec.doc +1 -0
- data/spec/input/basic/sample_b64_enc.doc +1 -0
- data/spec/input/basic/sample_blake2b-16_b16_hash.doc +1 -0
- data/spec/input/basic/sample_blake2b-32_b32_hash.doc +1 -0
- data/spec/input/basic/sample_blake2b-64_b58_hash.doc +1 -0
- data/spec/input/basic/sample_invalid2_readkey.doc +1 -1
- data/spec/input/basic/sample_invalid3_readkey.doc +1 -1
- data/spec/input/basic/sample_readkey.doc +1 -1
- data/spec/input/basic/sample_sha2-256_b58_hash.doc +1 -0
- data/spec/input/basic/sample_sha2-512_b58_hash.doc +1 -0
- data/spec/input/basic/sample_sha3-224_b64_hash.doc +1 -0
- data/spec/output/basic/sample_b16_dec.doc +1 -0
- data/spec/output/basic/sample_b16_enc.doc +1 -0
- data/spec/output/basic/sample_b17_edec.doc +2 -0
- data/spec/output/basic/sample_b17_enc.doc +1 -0
- data/spec/output/basic/sample_b32_dec.doc +1 -0
- data/spec/output/basic/sample_b32_enc.doc +1 -0
- data/spec/output/basic/sample_b58_dec.doc +1 -0
- data/spec/output/basic/{sample_enc.doc → sample_b58_enc.doc} +0 -0
- data/spec/output/basic/sample_b64_dec.doc +1 -0
- data/spec/output/basic/sample_b64_enc.doc +1 -0
- data/spec/output/basic/sample_blake2b-16_b16_hash.doc +1 -0
- data/spec/output/basic/sample_blake2b-32_b32_hash.doc +1 -0
- data/spec/output/basic/sample_blake2b-64_b58_hash.doc +1 -0
- data/spec/output/basic/{sample_hash.doc → sample_sha2-256_b58_hash.doc} +0 -0
- data/spec/output/basic/sample_sha2-512_b58_hash.doc +1 -0
- data/spec/output/basic/sample_sha3-224_b64_hash.doc +1 -0
- data/spec/oydid_spec.rb +95 -13
- metadata +72 -19
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 872454b12ba811fdab1ac25967a94f2555b3a3eb5e0b9e33128f671084c1c8ba
|
|
4
|
+
data.tar.gz: ba79bd15b747a1ff8344bb0084184bdd6f810cc4f13dde5e2abda974459d6576
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 6f365d7a094576d29cf1dc056a6c0ac6ff869b3f7ebe26d99817f439b369f7537caef79f170d1fbe8201eb7d44b36f29f0a0028f858d5ba0bace8de10f6972f6
|
|
7
|
+
data.tar.gz: 6e7425342af56e8bb2139138ad3162a82fc5023af0db7ba8d005abf5231e098df5d9718af1ee144ca4d8100a69c57e448dd5a4c3c20bc10127be317e1e05eff5
|
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
0.
|
|
1
|
+
0.5.3
|
data/lib/oydid/basic.rb
CHANGED
|
@@ -4,16 +4,79 @@
|
|
|
4
4
|
class Oydid
|
|
5
5
|
|
|
6
6
|
# basic functions ---------------------------
|
|
7
|
-
|
|
8
|
-
|
|
7
|
+
# %w[multibases multihashes rbnacl json].each { |f| require f }
|
|
8
|
+
def self.multi_encode(message, options)
|
|
9
|
+
method = options[:encode] || DEFAULT_ENCODING rescue DEFAULT_ENCODING
|
|
10
|
+
case method
|
|
11
|
+
when *SUPPORTED_ENCODINGS
|
|
12
|
+
return [Multibases.pack(method, message).to_s, ""]
|
|
13
|
+
else
|
|
14
|
+
return [nil, "unsupported encoding: '" + method + "'"]
|
|
15
|
+
end
|
|
9
16
|
end
|
|
10
17
|
|
|
11
|
-
def self.
|
|
12
|
-
|
|
18
|
+
def self.multi_decode(message)
|
|
19
|
+
begin
|
|
20
|
+
[Multibases.unpack(message).decode.to_s('ASCII-8BIT'), ""]
|
|
21
|
+
rescue => error
|
|
22
|
+
[nil, error.message]
|
|
23
|
+
end
|
|
13
24
|
end
|
|
14
25
|
|
|
15
26
|
def self.hash(message)
|
|
16
|
-
|
|
27
|
+
return multi_hash(message, {:digest => DEFAULT_DIGEST}).first
|
|
28
|
+
end
|
|
29
|
+
|
|
30
|
+
def self.multi_hash(message, options)
|
|
31
|
+
method = options[:digest] || DEFAULT_DIGEST
|
|
32
|
+
case method.to_s
|
|
33
|
+
when "sha2-256"
|
|
34
|
+
digest = RbNaCl::Hash.sha256(message)
|
|
35
|
+
when "sha2-512"
|
|
36
|
+
digest = RbNaCl::Hash.sha512(message)
|
|
37
|
+
when "sha3-224", "sha3-256", "sha3-384", "sha3-512"
|
|
38
|
+
digest = OpenSSL::Digest.digest(method, message)
|
|
39
|
+
when "blake2b-16"
|
|
40
|
+
digest = RbNaCl::Hash.blake2b(message, {digest_size: 16})
|
|
41
|
+
when "blake2b-32"
|
|
42
|
+
digest = RbNaCl::Hash.blake2b(message, {digest_size: 32})
|
|
43
|
+
when "blake2b-64"
|
|
44
|
+
digest = RbNaCl::Hash.blake2b(message)
|
|
45
|
+
else
|
|
46
|
+
return [nil, "unsupported digest: '" + method.to_s + "'"]
|
|
47
|
+
end
|
|
48
|
+
encoded = multi_encode(Multihashes.encode(digest, method.to_s), options)
|
|
49
|
+
if encoded.first.nil?
|
|
50
|
+
return [nil, encoded.last]
|
|
51
|
+
else
|
|
52
|
+
return [encoded.first, ""]
|
|
53
|
+
end
|
|
54
|
+
end
|
|
55
|
+
|
|
56
|
+
def self.get_digest(message)
|
|
57
|
+
retVal = Multihashes.decode Oydid.multi_decode(message).first
|
|
58
|
+
if retVal[:hash_function].to_s != ""
|
|
59
|
+
return [retVal[:hash_function].to_s, ""]
|
|
60
|
+
end
|
|
61
|
+
case Oydid.multi_decode(message).first[0..1].to_s
|
|
62
|
+
when "\x02\x10"
|
|
63
|
+
return ["blake2b-16", ""]
|
|
64
|
+
when "\x04 "
|
|
65
|
+
return ["blake2b-32", ""]
|
|
66
|
+
when "\b@"
|
|
67
|
+
return ["blake2b-64", ""]
|
|
68
|
+
else
|
|
69
|
+
return [nil, "unknown digest"]
|
|
70
|
+
end
|
|
71
|
+
end
|
|
72
|
+
|
|
73
|
+
def self.get_encoding(message)
|
|
74
|
+
# from https://github.com/multiformats/multibase/blob/master/multibase.csv
|
|
75
|
+
begin
|
|
76
|
+
[Multibases.unpack(message).encoding, ""]
|
|
77
|
+
rescue => error
|
|
78
|
+
[nil, error.message]
|
|
79
|
+
end
|
|
17
80
|
end
|
|
18
81
|
|
|
19
82
|
def self.canonical(message)
|
|
@@ -25,8 +88,13 @@ class Oydid
|
|
|
25
88
|
message.to_json_c14n
|
|
26
89
|
end
|
|
27
90
|
|
|
91
|
+
def self.percent_encode(did)
|
|
92
|
+
# remove "https://" from string as it is default
|
|
93
|
+
did = did.sub("https://","").sub("@", "%40").sub("http://","http%3A%2F%2F").gsub(":","%3A").sub("did%3Aoyd%3A", "did:oyd:")
|
|
94
|
+
end
|
|
95
|
+
|
|
28
96
|
# key management ----------------------------
|
|
29
|
-
def self.generate_private_key(input, method = "ed25519-priv")
|
|
97
|
+
def self.generate_private_key(input, method = "ed25519-priv", options)
|
|
30
98
|
begin
|
|
31
99
|
omc = Multicodecs[method].code
|
|
32
100
|
rescue
|
|
@@ -44,26 +112,70 @@ class Oydid
|
|
|
44
112
|
return [nil, "unsupported key codec"]
|
|
45
113
|
end
|
|
46
114
|
length = raw_key.bytesize
|
|
47
|
-
|
|
115
|
+
encoded = multi_encode([omc, length, raw_key].pack("SCa#{length}"), options)
|
|
116
|
+
if encoded.first.nil?
|
|
117
|
+
return [nil, encoded.last]
|
|
118
|
+
else
|
|
119
|
+
return [encoded.first, ""]
|
|
120
|
+
end
|
|
48
121
|
end
|
|
49
122
|
|
|
50
|
-
def self.public_key(private_key)
|
|
51
|
-
code, length, digest =
|
|
123
|
+
def self.public_key(private_key, options, method = "ed25519-pub")
|
|
124
|
+
code, length, digest = multi_decode(private_key).first.unpack('SCa*')
|
|
52
125
|
case Multicodecs[code].name
|
|
53
126
|
when 'ed25519-priv'
|
|
54
|
-
|
|
127
|
+
case method
|
|
128
|
+
when 'ed25519-pub'
|
|
129
|
+
public_key = Ed25519::SigningKey.new(digest).verify_key
|
|
130
|
+
when 'x25519-pub'
|
|
131
|
+
public_key = RbNaCl::PrivateKey.new(digest).public_key
|
|
132
|
+
else
|
|
133
|
+
return [nil, "unsupported key codec"]
|
|
134
|
+
end
|
|
55
135
|
length = public_key.to_bytes.bytesize
|
|
56
|
-
|
|
136
|
+
encoded = multi_encode([Multicodecs[method].code, length, public_key].pack("CCa#{length}"), options)
|
|
137
|
+
if encoded.first.nil?
|
|
138
|
+
return [nil, encoded.last]
|
|
139
|
+
else
|
|
140
|
+
return [encoded.first, ""]
|
|
141
|
+
end
|
|
57
142
|
else
|
|
58
143
|
return [nil, "unsupported key codec"]
|
|
59
144
|
end
|
|
60
145
|
end
|
|
61
146
|
|
|
62
|
-
def self.
|
|
63
|
-
|
|
147
|
+
def self.getPubKeyFromDID(did)
|
|
148
|
+
identifier = did.split(LOCATION_PREFIX).first.split(CGI.escape LOCATION_PREFIX).first rescue did
|
|
149
|
+
identifier = identifier.delete_prefix("did:oyd:")
|
|
150
|
+
|
|
151
|
+
# check if identifier is already PubKey
|
|
152
|
+
if decode_public_key(identifier).first.nil?
|
|
153
|
+
did_document, msg = read(did, {})
|
|
154
|
+
if did_document.nil?
|
|
155
|
+
return [nil, msg]
|
|
156
|
+
exit
|
|
157
|
+
end
|
|
158
|
+
pubKey = did_document["doc"]["key"].split(":").first rescue nil
|
|
159
|
+
if pubKey.nil?
|
|
160
|
+
return [nil, "cannot resolve " + did.to_s]
|
|
161
|
+
else
|
|
162
|
+
return [pubKey, ""]
|
|
163
|
+
end
|
|
164
|
+
else
|
|
165
|
+
return [identifier, ""]
|
|
166
|
+
end
|
|
167
|
+
end
|
|
168
|
+
|
|
169
|
+
def self.sign(message, private_key, options)
|
|
170
|
+
code, length, digest = multi_decode(private_key).first.unpack('SCa*')
|
|
64
171
|
case Multicodecs[code].name
|
|
65
172
|
when 'ed25519-priv'
|
|
66
|
-
|
|
173
|
+
encoded = multi_encode(Ed25519::SigningKey.new(digest).sign(message), options)
|
|
174
|
+
if encoded.first.nil?
|
|
175
|
+
return [nil, encoded.last]
|
|
176
|
+
else
|
|
177
|
+
return [encoded.first, ""]
|
|
178
|
+
end
|
|
67
179
|
else
|
|
68
180
|
return [nil, "unsupported key codec"]
|
|
69
181
|
end
|
|
@@ -71,13 +183,13 @@ class Oydid
|
|
|
71
183
|
|
|
72
184
|
def self.verify(message, signature, public_key)
|
|
73
185
|
begin
|
|
74
|
-
code, length, digest =
|
|
186
|
+
code, length, digest = multi_decode(public_key).first.unpack('CCa*')
|
|
75
187
|
case Multicodecs[code].name
|
|
76
188
|
when 'ed25519-pub'
|
|
77
189
|
verify_key = Ed25519::VerifyKey.new(digest)
|
|
78
190
|
signature_verification = false
|
|
79
191
|
begin
|
|
80
|
-
verify_key.verify(
|
|
192
|
+
verify_key.verify(multi_decode(signature).first, message)
|
|
81
193
|
signature_verification = true
|
|
82
194
|
rescue Ed25519::VerifyError
|
|
83
195
|
signature_verification = false
|
|
@@ -91,7 +203,54 @@ class Oydid
|
|
|
91
203
|
end
|
|
92
204
|
end
|
|
93
205
|
|
|
94
|
-
def self.
|
|
206
|
+
def self.encrypt(message, public_key, options)
|
|
207
|
+
begin
|
|
208
|
+
code, length, digest = multi_decode(public_key).first.unpack('CCa*')
|
|
209
|
+
case Multicodecs[code].name
|
|
210
|
+
when 'x25519-pub'
|
|
211
|
+
pubKey = RbNaCl::PublicKey.new(digest)
|
|
212
|
+
authHash = RbNaCl::Hash.sha256('auth'.dup.force_encoding('ASCII-8BIT'))
|
|
213
|
+
authKey = RbNaCl::PrivateKey.new(authHash)
|
|
214
|
+
box = RbNaCl::Box.new(pubKey, authKey)
|
|
215
|
+
nonce = RbNaCl::Random.random_bytes(box.nonce_bytes)
|
|
216
|
+
msg = message.force_encoding('ASCII-8BIT')
|
|
217
|
+
cipher = box.encrypt(nonce, msg)
|
|
218
|
+
return [
|
|
219
|
+
{
|
|
220
|
+
value: cipher.unpack('H*')[0],
|
|
221
|
+
nonce: nonce.unpack('H*')[0]
|
|
222
|
+
}, ""
|
|
223
|
+
]
|
|
224
|
+
else
|
|
225
|
+
return [nil, "unsupported key codec"]
|
|
226
|
+
end
|
|
227
|
+
rescue
|
|
228
|
+
return [nil, "encryption failed"]
|
|
229
|
+
end
|
|
230
|
+
end
|
|
231
|
+
|
|
232
|
+
def self.decrypt(message, private_key, options)
|
|
233
|
+
begin
|
|
234
|
+
cipher = [JSON.parse(message)["value"]].pack('H*')
|
|
235
|
+
nonce = [JSON.parse(message)["nonce"]].pack('H*')
|
|
236
|
+
code, length, digest = multi_decode(private_key).first.unpack('SCa*')
|
|
237
|
+
case Multicodecs[code].name
|
|
238
|
+
when 'ed25519-priv'
|
|
239
|
+
privKey = RbNaCl::PrivateKey.new(digest)
|
|
240
|
+
authHash = RbNaCl::Hash.sha256('auth'.dup.force_encoding('ASCII-8BIT'))
|
|
241
|
+
authKey = RbNaCl::PrivateKey.new(authHash).public_key
|
|
242
|
+
box = RbNaCl::Box.new(authKey, privKey)
|
|
243
|
+
retVal = box.decrypt(nonce, cipher)
|
|
244
|
+
return [retVal, ""]
|
|
245
|
+
else
|
|
246
|
+
return [nil, "unsupported key codec"]
|
|
247
|
+
end
|
|
248
|
+
rescue
|
|
249
|
+
return [nil, "decryption failed"]
|
|
250
|
+
end
|
|
251
|
+
end
|
|
252
|
+
|
|
253
|
+
def self.read_private_key(filename, options)
|
|
95
254
|
begin
|
|
96
255
|
f = File.open(filename)
|
|
97
256
|
key_encoded = f.read
|
|
@@ -99,12 +258,12 @@ class Oydid
|
|
|
99
258
|
rescue
|
|
100
259
|
return [nil, "cannot read file"]
|
|
101
260
|
end
|
|
102
|
-
decode_private_key(key_encoded)
|
|
261
|
+
decode_private_key(key_encoded, options)
|
|
103
262
|
end
|
|
104
263
|
|
|
105
|
-
def self.decode_private_key(key_encoded)
|
|
264
|
+
def self.decode_private_key(key_encoded, options)
|
|
106
265
|
begin
|
|
107
|
-
code, length, digest =
|
|
266
|
+
code, length, digest = multi_decode(key_encoded).first.unpack('SCa*')
|
|
108
267
|
case Multicodecs[code].name
|
|
109
268
|
when 'ed25519-priv'
|
|
110
269
|
private_key = Ed25519::SigningKey.new(digest).to_bytes
|
|
@@ -112,12 +271,27 @@ class Oydid
|
|
|
112
271
|
return [nil, "unsupported key codec"]
|
|
113
272
|
end
|
|
114
273
|
length = private_key.bytesize
|
|
115
|
-
return
|
|
274
|
+
return multi_encode([code, length, private_key].pack("SCa#{length}"), options)
|
|
116
275
|
rescue
|
|
117
276
|
return [nil, "invalid key"]
|
|
118
277
|
end
|
|
119
278
|
end
|
|
120
279
|
|
|
280
|
+
def self.decode_public_key(key_encoded)
|
|
281
|
+
begin
|
|
282
|
+
code, length, digest = multi_decode(key_encoded).first.unpack('CCa*')
|
|
283
|
+
case Multicodecs[code].name
|
|
284
|
+
when 'ed25519-pub'
|
|
285
|
+
verify_key = Ed25519::VerifyKey.new(digest)
|
|
286
|
+
return [verify_key, ""]
|
|
287
|
+
else
|
|
288
|
+
return [nil, "unsupported key codec"]
|
|
289
|
+
end
|
|
290
|
+
rescue
|
|
291
|
+
return [nil, "unknown key codec"]
|
|
292
|
+
end
|
|
293
|
+
end
|
|
294
|
+
|
|
121
295
|
# storage functions -----------------------------
|
|
122
296
|
def self.write_private_storage(payload, filename)
|
|
123
297
|
File.open(filename, 'w') {|f| f.write(payload)}
|
|
@@ -145,7 +319,7 @@ class Oydid
|
|
|
145
319
|
end
|
|
146
320
|
end
|
|
147
321
|
|
|
148
|
-
def self.retrieve_document(
|
|
322
|
+
def self.retrieve_document(doc_identifier, doc_file, doc_location, options)
|
|
149
323
|
if doc_location == ""
|
|
150
324
|
doc_location = DEFAULT_LOCATION
|
|
151
325
|
end
|
|
@@ -154,17 +328,17 @@ class Oydid
|
|
|
154
328
|
doc_location = "https://" + doc_location
|
|
155
329
|
end
|
|
156
330
|
end
|
|
157
|
-
|
|
158
331
|
case doc_location
|
|
159
332
|
when /^http/
|
|
160
|
-
|
|
333
|
+
doc_location = doc_location.sub("%3A%2F%2F","://").sub("%3A", ":")
|
|
334
|
+
retVal = HTTParty.get(doc_location + "/doc/" + doc_identifier)
|
|
161
335
|
if retVal.code != 200
|
|
162
|
-
msg = retVal.parsed_response("error").to_s rescue "invalid response from " + doc_location.to_s + "/doc/" +
|
|
336
|
+
msg = retVal.parsed_response("error").to_s rescue "invalid response from " + doc_location.to_s + "/doc/" + doc_identifier.to_s
|
|
163
337
|
return [nil, msg]
|
|
164
338
|
end
|
|
165
339
|
if options.transform_keys(&:to_s)["trace"]
|
|
166
340
|
if options[:silent].nil? || !options[:silent]
|
|
167
|
-
puts "GET " +
|
|
341
|
+
puts "GET " + doc_identifier + " from " + doc_location
|
|
168
342
|
end
|
|
169
343
|
end
|
|
170
344
|
return [retVal.parsed_response, ""]
|
|
@@ -179,6 +353,9 @@ class Oydid
|
|
|
179
353
|
end
|
|
180
354
|
|
|
181
355
|
def self.retrieve_document_raw(doc_hash, doc_file, doc_location, options)
|
|
356
|
+
doc_hash = doc_hash.split(LOCATION_PREFIX).first.split(CGI.escape LOCATION_PREFIX).first rescue doc_hash
|
|
357
|
+
doc_hash = doc_hash.delete_prefix("did:oyd:")
|
|
358
|
+
|
|
182
359
|
if doc_location == ""
|
|
183
360
|
doc_location = DEFAULT_LOCATION
|
|
184
361
|
end
|
|
@@ -190,6 +367,7 @@ class Oydid
|
|
|
190
367
|
|
|
191
368
|
case doc_location
|
|
192
369
|
when /^http/
|
|
370
|
+
doc_location = doc_location.sub("%3A%2F%2F","://").sub("%3A", ":")
|
|
193
371
|
retVal = HTTParty.get(doc_location + "/doc_raw/" + doc_hash)
|
|
194
372
|
if retVal.code != 200
|
|
195
373
|
msg = retVal.parsed_response("error").to_s rescue "invalid response from " + doc_location.to_s + "/doc/" + doc_hash.to_s
|
data/lib/oydid/didcomm.rb
CHANGED
|
@@ -21,7 +21,7 @@ class Oydid
|
|
|
21
21
|
# DIDComm Signed Message --------------------
|
|
22
22
|
def self.dcsm(payload, private_key_encoded, options)
|
|
23
23
|
error = ""
|
|
24
|
-
code, length, digest =
|
|
24
|
+
code, length, digest = multi_decode(private_key_encoded).first.unpack('SCa*')
|
|
25
25
|
case Multicodecs[code].name
|
|
26
26
|
when 'ed25519-priv'
|
|
27
27
|
private_key = RbNaCl::Signatures::Ed25519::SigningKey.new(digest)
|
|
@@ -40,7 +40,7 @@ class Oydid
|
|
|
40
40
|
result, msg = Oydid.read(pubkey_did, options)
|
|
41
41
|
public_key_encoded = Oydid.w3c(result, options)["authentication"].first["publicKeyMultibase"]
|
|
42
42
|
begin
|
|
43
|
-
code, length, digest =
|
|
43
|
+
code, length, digest = multi_decode(public_key_encoded).first.unpack('CCa*')
|
|
44
44
|
case Multicodecs[code].name
|
|
45
45
|
when 'ed25519-pub'
|
|
46
46
|
public_key = RbNaCl::Signatures::Ed25519::VerifyKey.new(digest)
|
|
@@ -56,9 +56,9 @@ class Oydid
|
|
|
56
56
|
end
|
|
57
57
|
|
|
58
58
|
# encryption -----------------------------------
|
|
59
|
-
def self.msg_encrypt(payload, private_key_encoded, did)
|
|
59
|
+
def self.msg_encrypt(payload, private_key_encoded, did, options)
|
|
60
60
|
error = ""
|
|
61
|
-
code, length, digest =
|
|
61
|
+
code, length, digest = multi_decode(private_key_encoded).first.unpack('SCa*')
|
|
62
62
|
case Multicodecs[code].name
|
|
63
63
|
when 'ed25519-priv'
|
|
64
64
|
private_key = RbNaCl::Signatures::Ed25519::SigningKey.new(digest)
|
|
@@ -70,9 +70,9 @@ class Oydid
|
|
|
70
70
|
return [token, error]
|
|
71
71
|
end
|
|
72
72
|
|
|
73
|
-
def self.msg_decrypt(token, public_key_encoded)
|
|
73
|
+
def self.msg_decrypt(token, public_key_encoded, options)
|
|
74
74
|
error = ""
|
|
75
|
-
code, length, digest = Oydid.
|
|
75
|
+
code, length, digest = Oydid.multi_decode(public_key_encoded).first.unpack('CCa*')
|
|
76
76
|
case Multicodecs[code].name
|
|
77
77
|
when 'ed25519-pub'
|
|
78
78
|
public_key = RbNaCl::Signatures::Ed25519::VerifyKey.new(digest)
|
|
@@ -98,4 +98,23 @@ class Oydid
|
|
|
98
98
|
return [nil, "verification failed"]
|
|
99
99
|
end
|
|
100
100
|
end
|
|
101
|
+
|
|
102
|
+
# DID Auth for data container with challenge ---
|
|
103
|
+
def self.token_from_challenge(host, pwd, options = {})
|
|
104
|
+
sid = SecureRandom.hex(20).to_s
|
|
105
|
+
retVal = HTTParty.post(host + "/oydid/init",
|
|
106
|
+
headers: { 'Content-Type' => 'application/json' },
|
|
107
|
+
body: { "session_id": sid }.to_json )
|
|
108
|
+
challenge = retVal.parsed_response["challenge"]
|
|
109
|
+
signed_challenge = sign(challenge, Oydid.generate_private_key(pwd, options).first, options).first
|
|
110
|
+
public_key = public_key(generate_private_key(pwd, options).first, options).first
|
|
111
|
+
retVal = HTTParty.post(host + "/oydid/token",
|
|
112
|
+
headers: { 'Content-Type' => 'application/json' },
|
|
113
|
+
body: {
|
|
114
|
+
"session_id": sid,
|
|
115
|
+
"signed_challenge": signed_challenge,
|
|
116
|
+
"public_key": public_key
|
|
117
|
+
}.to_json)
|
|
118
|
+
return retVal.parsed_response["access_token"]
|
|
119
|
+
end
|
|
101
120
|
end
|
data/lib/oydid/log.rb
CHANGED
|
@@ -7,9 +7,9 @@ class Oydid
|
|
|
7
7
|
log.map do |item|
|
|
8
8
|
i = item.dup
|
|
9
9
|
i.delete("previous")
|
|
10
|
-
item["entry-hash"] =
|
|
10
|
+
item["entry-hash"] = multi_hash(canonical(item), LOG_HASH_OPTIONS).first
|
|
11
11
|
if item.transform_keys(&:to_s)["op"] == 1
|
|
12
|
-
item["sub-entry-hash"] =
|
|
12
|
+
item["sub-entry-hash"] = multi_hash(canonical(i), LOG_HASH_OPTIONS).first
|
|
13
13
|
end
|
|
14
14
|
item
|
|
15
15
|
end
|
|
@@ -37,6 +37,7 @@ class Oydid
|
|
|
37
37
|
|
|
38
38
|
case log_location
|
|
39
39
|
when /^http/
|
|
40
|
+
log_location = log_location.sub("%3A%2F%2F","://")
|
|
40
41
|
retVal = HTTParty.get(log_location + "/log/" + did_hash)
|
|
41
42
|
if retVal.code != 200
|
|
42
43
|
msg = retVal.parsed_response("error").to_s rescue
|
|
@@ -78,11 +79,14 @@ class Oydid
|
|
|
78
79
|
if el["op"].to_i == 0
|
|
79
80
|
terminate_indices << i
|
|
80
81
|
end
|
|
81
|
-
|
|
82
|
+
log_options = options.dup
|
|
83
|
+
el_hash = el["doc"].split(LOCATION_PREFIX).first.split(CGI.escape LOCATION_PREFIX).first
|
|
84
|
+
log_options[:digest] = Oydid.get_digest(el_hash).first
|
|
85
|
+
log_options[:encode] = Oydid.get_encoding(el_hash).first
|
|
86
|
+
log_hash << Oydid.multi_hash(Oydid.canonical(el), LOG_HASH_OPTIONS).first
|
|
82
87
|
dag_log << dag.add_vertex(id: i)
|
|
83
88
|
i += 1
|
|
84
89
|
end unless logs.nil?
|
|
85
|
-
|
|
86
90
|
if create_entries != 1
|
|
87
91
|
return [nil, nil, nil, "wrong number of CREATE entries (" + create_entries.to_s + ") in log" ]
|
|
88
92
|
end
|
|
@@ -237,7 +241,11 @@ class Oydid
|
|
|
237
241
|
log_location = DEFAULT_LOCATION
|
|
238
242
|
end
|
|
239
243
|
term = term.split(LOCATION_PREFIX).first
|
|
240
|
-
|
|
244
|
+
log_options = options.dup
|
|
245
|
+
el_hash = el["doc"].split(LOCATION_PREFIX).first.split(CGI.escape LOCATION_PREFIX).first
|
|
246
|
+
log_options[:digest] = Oydid.get_digest(el_hash).first
|
|
247
|
+
log_options[:encode] = Oydid.get_encoding(el_hash).first
|
|
248
|
+
if multi_hash(canonical(el), log_options).first != term
|
|
241
249
|
currentDID["error"] = 1
|
|
242
250
|
currentDID["message"] = "Log reference and record don't match"
|
|
243
251
|
if verification_output
|
|
@@ -266,7 +274,7 @@ class Oydid
|
|
|
266
274
|
if log_el["op"].to_i == 1 # TERMINATE
|
|
267
275
|
log_el_structure.delete("previous")
|
|
268
276
|
end
|
|
269
|
-
if
|
|
277
|
+
if multi_hash(canonical(log_el_structure), log_options).first == revoc_term
|
|
270
278
|
revoc_term_found = true
|
|
271
279
|
revocation_record = log_el.dup
|
|
272
280
|
if verification_output
|
|
@@ -306,7 +314,7 @@ class Oydid
|
|
|
306
314
|
update_term_found = false
|
|
307
315
|
log_array.each do |log_el|
|
|
308
316
|
if log_el["op"].to_i == 3
|
|
309
|
-
if log_el["previous"].include?(
|
|
317
|
+
if log_el["previous"].include?(multi_hash(canonical(revocation_record), LOG_HASH_OPTIONS).first)
|
|
310
318
|
update_term_found = true
|
|
311
319
|
message = log_el["doc"].to_s
|
|
312
320
|
|