touchpass 0.0.8.1 → 0.0.8.16

data/lib/touchpass/client.rb

@@ -11,6 +11,7 @@ require 'base64'
 require 'pp'
 require 'cgi'
 require 'json'
+require 'securerandom'
 
 module Touchpass
 
@@ -103,12 +104,13 @@ module Touchpass
       # Collect attributes of new device
       device_attributes = params.merge({
         :udid            => params[:udid], 
+        :app_id          => params[:app_id],
         :name            => params[:name], 
         :pub_key         => crypt.public_key,
         :messaging_type  => params[:messaging_type], 
-        :messaging_value => params[:messaging_value],
+        :messaging_value => params[:messaging_value]
       })
-      http_options = standard_http_options(device_attributes, %W{udid name pub_key messaging_type messaging_value})
+      http_options = standard_http_options(device_attributes, %W{udid app_id name pub_key messaging_type messaging_value})
 
       # Provision the new device with the Touchpass server
       new_device = submit_request("post", "#{@hostname}/#{params[:username]}/devices.#{@output}", http_options)
@@ -179,77 +181,21 @@ module Touchpass
     end
 
     # Create a new verification
-    # needs: :to_party, :api_key; uses: :message, :address (for LV), :resolution (for LV)
+    # needs: :to_party, :api_key
+    # uses:
+    #  :address (for LV), :resolution (for LV)
+    #  :message, :message_post_verification
     def create_verification(params)
-      http_options = standard_http_options(params, %W{to_party})
-      message = params[:message]
-      address = params[:address]
+      http_options = standard_http_options(params, %W{to_party to_device_id to_app_id})
 
       # Get the list of verifying party devices so we can encrypt data for them using each device's public key
       response = submit_request("get", "#{@hostname}/#{params[:to_party]}/devices.json",
                                 standard_http_options(params))
       vp_devices = response["devices"]
 
-      # Generate token
-      token = Crypt.salt
-      hashed_token = Crypt.encrypt(token)
-      http_options[:body][:claimed_token] = hashed_token
-
-      if !vp_devices.nil? and (vp_devices.is_a? Array and !vp_devices.empty?)
-
-        # Encrypt message using each verifying party's (to_party) device public keys
-        if !message.nil? 
-          vp_devices.each_with_index do |device, index|
-            device_id   = device["id"]
-            pub_key_str = device["pub_key"]
-            public_key  = Crypt.read_key(pub_key_str)
-            crypted_message = Base64.encode64(public_key.public_encrypt(message))
-            http_options[:body]["crypted_messages[#{index}][device_id]"] = device_id
-            http_options[:body]["crypted_messages[#{index}][value]"] = crypted_message
-          end
-        end
-
-        # Encrypt token using each verifying party's (to_party) device public keys
-        crypted_tokens = []
-        vp_devices.each_with_index do |device, index|
-          device_id   = device["id"]
-          pub_key_str = device["pub_key"]
-          public_key  = Crypt.read_key(pub_key_str)
-          crypted_token = Base64.encode64(public_key.public_encrypt(token)) # per-transaction token generated by Crypt.salt above
-          http_options[:body]["crypted_tokens[#{index}][device_id]"] = device_id
-          http_options[:body]["crypted_tokens[#{index}][value]"] = crypted_token
-        end
-      end
-
-      # Encrypt prp-hash using verifying_party (to_party) devices
-      if !address.nil? # For location verification
-        http_options[:body][:location_verification] = true
-
-        # Convert address to PRP      
-        resolution = options[:resolution] || "LOCAL" # Resolution used to calculate PRP
-        http_options[:body][:resolution] = resolution
-        prp = Proximity::PRP.new(:address => params[:address], :resolution => resolution)
-        # puts prp.print_bbox # for debugging
-
-        # Generate random salt
-        salt = Crypt.salt
-        # puts "Using salt: #{salt}" # for debugging
-
-        # Encrypt PRP using salt
-        claimed_prp = prp.encrypt(salt)
-        http_options[:body][:claimed_prp] = claimed_prp
-
-        # Encrypt salt using verifiying_party (to_party) devices
-        crypted_salts = []
-        vp_devices.each_with_index do |device, index|
-          device_id    = device["id"]
-          pub_key_str  = device["pub_key"]
-          public_key   = Crypt.read_key(pub_key_str)
-          crypted_salt = Base64.encode64(public_key.public_encrypt(salt))
-          http_options[:body]["crypted_salts[#{index}][device_id]"] = device_id
-          http_options[:body]["crypted_salts[#{index}][value]"] = crypted_salt
-        end
-      end
+      # create a verification object
+      verification = Touchpass::Verification.new(vp_devices, params)
+      http_options[:body].merge!(verification.http_params)
 
       submit_request("post", "#{@hostname}/verifications.#{@output}", http_options)
     end
@@ -295,25 +241,19 @@ module Touchpass
     def update_verification(params)
       # Call show verification to get the crypted salts and resolution for the verification
       # Note: crypted salts and resolution are also returned in the list verifications response
-      http_options = standard_http_options(params)
-
-      verification   = submit_request("get", "#{@hostname}/verifications/#{params[:id]}.json", http_options)
-      crypted_tokens = verification["crypted_tokens"]
-      crypted_salts  = verification["crypted_salts"]
-      resolution     = verification["resolution"]
+      http_options = standard_http_options(params, %W{id})
 
-      token = decrypt_salt(crypted_tokens, params[:device_id], self.api_key)
-      hashed_token = Crypt.encrypt(token)
+      verification = get_verification(params)
 
-      http_options = standard_http_options(params, %W{id})
-      http_options[:body][:verified_token] = hashed_token
+      token = decrypt_salt(verification["crypted_tokens"], params[:device_id], self.api_key)
+      http_options[:body][:verified_token] = Crypt.hash(token) unless token.nil?
 
       # Generate verified PRP for location verification
       if !params[:address].nil?
-        prp = Proximity::PRP.new(:address => params[:address], :resolution => resolution)
+        prp = Proximity::PRP.new(:address => params[:address], :resolution => verification["resolution"])
         # puts prp.print_bbox # for debugging
 
-        salt = decrypt_salt(crypted_salts, params[:device_id], self.api_key)
+        salt = decrypt_salt(verification["crypted_salts"], params[:device_id], self.api_key)
         # puts "Using salt: #{salt}"
         verified_prp = prp.encrypt(salt)
 
@@ -327,15 +267,27 @@ module Touchpass
     # Cancel an existing verification
     # needs: :api_key, :id
     def cancel_verification(params)
+      http_options = standard_http_options(params)
+      verification = get_verification(params)
+
+      token = decrypt_salt(verification["crypted_tokens"], params[:device_id], self.api_key)
+      http_options[:body][:verified_token] = Crypt.hash(token) unless token.nil?
+
       submit_request("put", "#{@hostname}/verifications/#{params[:id]}/cancel.#{@output}",
-                     standard_http_options(params))
+                     http_options)
     end
 
     # Reject a verification
-    # needs: :api_keu, :id
+    # needs: :api_key, :id
     def reject_verification(params)
+      http_options = standard_http_options(params)
+      verification = get_verification(params)
+
+      token = decrypt_salt(verification["crypted_tokens"], params[:device_id], self.api_key)
+      http_options[:body][:verified_token] = Crypt.hash(token) unless token.nil?
+
       submit_request("put", "#{@hostname}/verifications/#{params[:id]}/reject.#{@output}",
-                     standard_http_options(params))
+                     http_options)
     end  
     
     private

data/lib/touchpass/crypt.rb

@@ -1,9 +1,9 @@
-
 module Touchpass
   class Crypt
     # Encryption method
     # Options: :md5, :sha1, :sha256, :sha512
-    CRYPTO_PROVIDER = :sha256
+    HASH_CRYPTO_PROVIDER = :sha256
+    ENCRYPTION_ALGORITHM = 'AES-128-CBC'
 
     def self.salt(length=10)
       seeds = ('a'..'z').to_a
@@ -18,9 +18,32 @@ module Touchpass
       salt_string
     end
 
-    def self.encrypt(string)
+    def self.generate_encryption_key
+      crypt = OpenSSL::Cipher.new(ENCRYPTION_ALGORITHM)
+      crypt.encrypt
+      crypt.random_key
+    end
+
+    def self.cipher(mode, data, key)
+      return nil unless data
+      crypt = OpenSSL::Cipher.new(ENCRYPTION_ALGORITHM).send(mode)
+      crypt.key = key
+      crypt.padding = 1
+      crypt.update(data) << crypt.final
+    end
+    
+    def self.encrypt(data, key)
+      cipher(:encrypt, data, key)
+    end
+
+    def self.decrypt(data, key)
+      cipher(:decrypt, data, key)
+    end
+
+    # hex digest
+    def self.hash(string)
       crypto_provider = nil
-      case CRYPTO_PROVIDER
+      case HASH_CRYPTO_PROVIDER
       when :md5
         require 'digest/md5' unless defined?(Digest::MD5)
         crypto_provider = Digest::MD5
@@ -37,11 +60,11 @@ module Touchpass
       return crypto_provider.hexdigest(string)
     end
 
-    def self.read_key(pem)
+    def self.read_rsa_key(pem)
       begin
         return OpenSSL::PKey::RSA.new(pem)
       rescue
-        puts "Unable to read key."
+        warn "Unable to read key."
       end
       return nil
     end

data/lib/touchpass/prp.rb

@@ -144,11 +144,14 @@ module Touchpass
 
       # Returns the hashed representation of the bounding coordinates
       def encrypt(salt=nil)
-        crypted_1 = encrypt_point(@bounding_coordinates[:top_left], salt)
-        crypted_2 = encrypt_point(@bounding_coordinates[:top_right], salt)
-        crypted_3 = encrypt_point(@bounding_coordinates[:bottom_right], salt)
-        crypted_4 = encrypt_point(@bounding_coordinates[:bottom_left], salt)
-        @crypted_coordinates = crypted_1 + crypted_2 + crypted_3 + crypted_4
+        if @bounding_coordinates
+          crypted_1 = encrypt_point(@bounding_coordinates[:top_left], salt)
+          crypted_2 = encrypt_point(@bounding_coordinates[:top_right], salt)
+          crypted_3 = encrypt_point(@bounding_coordinates[:bottom_right], salt)
+          crypted_4 = encrypt_point(@bounding_coordinates[:bottom_left], salt)
+          @crypted_coordinates = crypted_1 + crypted_2 + crypted_3 + crypted_4
+        end
+
         return @crypted_coordinates
       end
 
@@ -170,7 +173,7 @@ module Touchpass
         # that are coming from 3,240,000 values (ie 1,800*1,800) as opposed to 2 hashes derived from a set of 1,800
         # possible values.
         str_to_encrypt = (lat.to_s) + "," + (lng.to_s) + salt.to_s
-        return Touchpass::Crypt.encrypt(str_to_encrypt)
+        return Touchpass::Crypt.hash(str_to_encrypt)
       end
 
       def self.truncate_size(resolution)

data/lib/touchpass/{device.rb → rp/device.rb}

@@ -11,8 +11,11 @@ module Touchpass
       def get_all(user)
         http_options = { :body => {}, :headers => { Touchpass::Client::API_KEY_HEADER => Touchpass.api_key } }
         response = self.class.get("/#{user}/devices.json", http_options)
-        return response.parsed_response["devices"]
+
+        tp_response = Touchpass::Rp::Response.new(response)
+        tp_response.response = tp_response['devices'] || []
+        tp_response
       end
     end
   end
-end
+end

data/lib/touchpass/rp/response.rb

@@ -0,0 +1,34 @@
+module Touchpass
+  module Rp
+    class Response
+
+      attr_accessor :http_status_code, :response
+
+      def initialize(http_party_response = nil)
+        if http_party_response
+          @http_status_code = http_party_response.code
+          @response = http_party_response.parsed_response
+        end
+      end
+
+      def to_h
+        if @response.kind_of?(Hash)
+          @response.merge(:http_status_code => @http_status_code)
+        elsif @http_status_code != 200
+          { :error => @response, :http_status_code => @http_status_code }
+        else
+          { :text => @response, :http_status_code => @http_status_code }
+        end
+      end
+
+      def [](key)
+        @response.kind_of?(Hash) ? @response[key] : nil
+      end
+
+      def to_json(options = {})
+        to_h.to_json(options)
+      end
+
+    end
+  end
+end

data/lib/touchpass/rp/verification.rb

@@ -0,0 +1,53 @@
+module Touchpass
+  module Rp
+    class Verification
+      include HTTParty
+      #debug_output
+
+      def initialize
+        self.class.base_uri Touchpass.base_uri
+      end
+
+      def create(to_party, options={})
+        http_options = { :body => { :to_party => to_party }, :headers => api_key_header }
+
+        # Defines which application will be used to handle the verification
+        # (the default is to use the standalone app, or the first app registered)
+        http_options[:body][:to_app_id] = Touchpass.app_id if Touchpass.app_id
+        # puts "Touchpass.app_id: #{Touchpass.app_id}"
+
+        # Get the verifying party devices so we can encrypt message/prp using the devices public key
+        device = Touchpass::Rp::Device.new
+        vp_devices = device.get_all(to_party).response
+        # TODO: vp_devices can be empty here, in which case verification creation will fail.
+
+        # Create verification object
+        verification = Touchpass::Verification.new(vp_devices, options)
+        http_options[:body].merge!(verification.http_params)
+
+        response = self.class.post("/verifications.json", http_options)
+
+        return Touchpass::Rp::Response.new(response)
+      end
+
+      def cancel(id)
+        http_options = { :body => {}, :headers => api_key_header }
+        response = self.class.put("/verifications/#{id}/cancel.json", http_options)
+        return Touchpass::Rp::Response.new(response)
+      end
+
+      def show(id)
+        http_options = { :body => {}, :headers => api_key_header }
+        response = self.class.get("/verifications/#{id}.json", http_options)
+        return Touchpass::Rp::Response.new(response)
+      end
+
+      private
+
+      def api_key_header
+        { Touchpass::Client::API_KEY_HEADER => Touchpass.api_key }
+      end
+
+    end
+  end
+end

data/lib/touchpass/verification.rb

@@ -1,112 +1,145 @@
 module Touchpass
-  module Rp
-    class Verification
-      include HTTParty
-      #debug_output
+  class Verification
 
-      def initialize
-        self.class.base_uri Touchpass.base_uri
-      end
-
-      def create(to_party, options={})
-        http_options = { :body => {:to_party => to_party}, :headers => api_key_header }
-
-        # Get the verifying party devices so we can encrypt message/prp using the devices public key
-        device = Touchpass::Rp::Device.new
-        vp_devices = device.get_all(to_party)
-
-        # Generate token
-        token = Touchpass::Crypt.salt
-        hashed_token = Touchpass::Crypt.encrypt(token)
-        http_options[:body][:claimed_token] = hashed_token
-
-        # Encrypt token using verifying_party (to_party) devices
-        create_crypted_tokens(token, vp_devices, http_options)
-
-        # Generate Claimed PRP (for Location Verification)
-        create_prp(options[:address], vp_devices, http_options)
-
-        # Generate Claimed PRP (for Location Verification)
-        create_crypted_messages(options[:message], vp_devices, http_options)
+    attr_reader :crypted_salts, :crypted_tokens, :crypted_messages
+    attr_reader :claimed_token
+    attr_reader :location_verification, :claimed_prp, :resolution
 
-        response = self.class.post("/verifications.json", http_options)
-        return response.parsed_response
-      end
-
-      def cancel(id)
-        http_options = { :body => {}, :headers => api_key_header }
-        response = self.class.put("/verifications/#{id}/cancel.json", http_options)
-        return response.parsed_response
+    def initialize(vp_devices, options = {})
+      
+      # Generate token
+      token = Crypt.salt
+      hashed_token = Crypt.hash(token)
+      @claimed_token = hashed_token
+      @vp_devices = vp_devices
+      @crypted_messages = []
+
+      # Encrypt message using each verifying party's (to_party) device public keys
+      add_message(options[:message]) if !options[:message].nil? 
+
+      # Encrypt post-verification message, if present
+      if !options[:message_post_verification].nil?
+        add_message(options[:message_post_verification], 
+                    :requires_verification => true,
+                    :scratch_to_reveal => options[:scratch_to_reveal])
       end
 
-      def show(id)
-        http_options = { :body => {}, :headers => api_key_header }
-        response = self.class.get("/verifications/#{id}.json", http_options)
-        return response.parsed_response
+      # Encrypt post-verification location message, if present
+      if !options[:message_post_verification_location].nil?
+        add_message(options[:message_post_verification_location], 
+                    :requires_verification => true,
+                    :requires_location_verification => true,
+                    :scratch_to_reveal => options[:scratch_to_reveal])
       end
 
-      private
-      def create_crypted_tokens(token, devices, http_options)
-        return if devices.nil? or (devices.is_a? Array and devices.empty?)
-        devices.each_with_index do |device, index|
-          device_id = device["id"]
-          pub_key = device["pub_key"]
-          public_key = Touchpass::Crypt.read_key(pub_key)
-          crypted_token = Base64.encode64(public_key.public_encrypt(token))
-          http_options[:body]["crypted_tokens[#{index}][device_id]"] = device_id
-          http_options[:body]["crypted_tokens[#{index}][value]"] = crypted_token
-        end
+      # allow adding messages from array of hashes (containing message and options)
+      messages = options[:messages]
+      messages = messages.values if messages.kind_of?(Hash)
+      if messages.kind_of?(Array)
+        messages.each { |i| add_message(i[:message], i) }
       end
 
-      def create_prp(address, devices, http_options)
-        return unless address.present?
+      # Encrypt token using each verifying party's (to_party) device public keys
+      # (only use RSA encryption for the token)
+      @crypted_tokens = crypted_values("crypted_tokens", token, :rsa_only => true)
 
-        http_options[:body][:location_verification] = true
+      # Encrypt prp-hash using verifying_party (to_party) devices
+      if !options[:address].nil? # For location verification
+        @location_verification = true
 
-        # Convert address to PRP      
-        http_options[:body][:resolution] = Touchpass.resolution # Resolution used to calculate PRP
-        prp = Touchpass::Proximity::PRP.new(:address => address, :resolution => Touchpass.resolution)
+        # Convert address to PRP
+        @resolution = options[:resolution] || "LOCAL" # Resolution used to calculate PRP
+        prp = Proximity::PRP.new(:address => options[:address], :resolution => @resolution)
+        # puts prp.print_bbox # for debugging
 
         # Generate random salt
-        salt = Touchpass::Crypt.salt
+        salt = Crypt.salt
+        # puts "Using salt: #{salt}" # for debugging
 
         # Encrypt PRP using salt
         claimed_prp = prp.encrypt(salt)
-        http_options[:body][:claimed_prp] = claimed_prp
+        @claimed_prp = claimed_prp
 
         # Encrypt salt using verifiying_party (to_party) devices
-        if !devices.nil? and (devices.is_a? Array and !devices.empty?)
-          devices.each_with_index do |device, index|
-            device_id = device["id"]
-            pub_key = device["pub_key"]
-            public_key = Touchpass::Crypt.read_key(pub_key)
-            crypted_salt = Base64.encode64(public_key.public_encrypt(salt))
-            http_options[:body]["crypted_salts[#{index}][device_id]"] = device_id
-            http_options[:body]["crypted_salts[#{index}][value]"] = crypted_salt
-          end
-        end
+        @crypted_salts = crypted_values("crypted_salts", salt, :rsa_only => true)
       end
+      
+    end
+
+    def add_message(message, options = {})
+      @crypted_messages ||= []
+      @crypted_messages += crypted_values("crypted_messages", message, options)
+    end
 
-      def create_crypted_messages(message, devices, http_options)
-        return if message.blank?
-        return if devices.nil? or (devices.is_a? Array and devices.empty?)
-
-        # Encrypt message using verifying party devices public key
-        devices.each_with_index do |device, index|
-          device_id = device["id"]
-          pub_key = device["pub_key"]
-          public_key = Touchpass::Crypt.read_key(pub_key)
-          crypted_message = Base64.encode64(public_key.public_encrypt(message))
-          http_options[:body]["crypted_messages[#{index}][device_id]"] = device_id
-          http_options[:body]["crypted_messages[#{index}][value]"] = crypted_message
+    # create http parameters
+    def http_params
+      params = {}
+
+      params[:claimed_token] = @claimed_token
+      params[:crypted_messages] = param_hash(@crypted_messages)
+      params[:crypted_tokens] = param_hash(@crypted_tokens)
+      params[:crypted_salts] = param_hash(@crypted_salts)
+      params[:location_verification] = @location_verification
+      params[:resolution] = @resolution
+      params[:claimed_prp] = @claimed_prp
+      
+      params
+    end
+    
+    private
+
+    def param_hash(values)
+      ret = {}
+      if values.kind_of?(Array)
+        values.each_with_index do |value, i|
+          ret["#{i}"] = value
         end
       end
+      ret
+    end
+
+    # generate crypted value attributes for all devices
+    # used for messages and tokens
+    # returns array of hashes, hashes contain :device_id, :value, :key
+    def crypted_values(name, plaintext, options = {})
+      ret = []
+
+      return ret unless @vp_devices && @vp_devices.kind_of?(Array)
       
-      private
-      def api_key_header
-        { Touchpass::Client::API_KEY_HEADER => Touchpass.api_key }
-      end
+      @vp_devices.each do |device|
+        device_id   = device["id"]
+        
+        # get the RSA public key
+        pub_key_str = device["pub_key"]
+        next unless pub_key_str && pub_key_str.length > 0
+        public_key  = Crypt.read_rsa_key(pub_key_str)
+
+        next unless public_key  # skip invalid keys
+
+        if options[:rsa_only]
+          # encrypt plaintext using rsa
+          encrypted_data = public_key.public_encrypt(plaintext)
+        else
+          # encrypt using AES
+          # generate a random key, encrypt plaintext and key
+          key = Touchpass::Crypt.generate_encryption_key
+          encrypted_data = Touchpass::Crypt.encrypt(plaintext, key)
+          encrypted_key = public_key.public_encrypt(key)
+        end
 
+        # Note: some parts of the server code expect keys here to be strings (not symbols)
+        ret.push( {
+                    "device_id" => device_id,
+                    "value" => Base64.strict_encode64(encrypted_data),
+                    "key" => encrypted_key ? Base64.strict_encode64(encrypted_key) : nil,
+                    "requires_verification" => options[:requires_verification] ? true : false,
+                    "requires_location_verification" => options[:requires_location_verification] ? true : false,
+                    "scratch_to_reveal" => options[:scratch_to_reveal] ? true : false,
+                    "do_not_keep" => options[:do_not_keep] ? true : false
+                  })
+      end
+      ret
     end
+
   end
-end
+end

data/lib/touchpass/version.rb

@@ -1,3 +1,3 @@
 module Touchpass
-  VERSION = "0.0.8.1"
+  VERSION = "0.0.8.16"
 end

data/lib/touchpass.rb

@@ -1,16 +1,27 @@
 # -*- coding: utf-8 -*-
+
 require "touchpass/version"
 require 'touchpass/prp'
 require 'touchpass/client'
 require 'touchpass/crypt'
 require 'touchpass/key_file_creator'
 require 'touchpass/verification'
-require 'touchpass/device'
+require 'touchpass/rp/response'
+require 'touchpass/rp/verification'
+require 'touchpass/rp/device'
 
 module Touchpass
-  require 'engine' if defined?(Rails) && Rails::VERSION::MAJOR == 3
+  if defined?(Rails) && Rails::VERSION::MAJOR == 3
+    require 'engine'
+    class Engine < Rails::Engine
+    end
+  end
+
+  DEFAULT_HOST = "localhost"
+  DEFAULT_PORT = "3000"
+  DEFAULT_USE_HTTPS = true
 
-  config = [:username, :api_key, :use_https, :host, :port, :resolution, :location_verification, :verified_message, :unverified_message]
+  config = [:username, :api_key, :use_https, :host, :port, :resolution, :location_verification, :verified_message, :unverified_message, :app_id]
 
   # define getter and setter methods for each config
   # normally we can use mattr_accessor :key for shortcut, but this only available in Rails environment
@@ -20,6 +31,13 @@ module Touchpass
     module_eval( "def self.#{symbol.to_s}=(val) @@#{symbol.to_s} = val; end" )
   end
 
+  begin
+    self.host = DEFAULT_HOST
+    self.port = DEFAULT_PORT
+    self.use_https = DEFAULT_USE_HTTPS
+    self.api_key = ""  # prevents weird bug with HTTParty 'undefined method 'strip' for nil:NilClass'
+  end
+
   # Default way to setup Touchpass. Run rails generate touchpass_install to create
   # a fresh initializer with all configuration values.
   def self.setup
@@ -28,16 +46,20 @@ module Touchpass
   
   def self.base_uri
     tp_base_uri = Touchpass.host
-    if Touchpass.port.present?
-      tp_base_uri += ":#{Touchpass.port}"
+    port = Touchpass.port.to_s
+    unless port.empty?  # .present? is a rails add-on
+      tp_base_uri += ":#{port}"
     end
     protocol = Touchpass.use_https ? "https://" : "http://"
     tp_base_uri = protocol + tp_base_uri
   end  
   
   module Role
+    ADMIN = "admin"
     RELYING_PARTY   = "relying_party"
     VERIFYING_PARTY = "verifying_party"
+
+    ROLES = [ADMIN, VERIFYING_PARTY, RELYING_PARTY]
   end
 
   module MessagingType