vchain_client 1.0.34 → 1.0.35
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/vchain_client/blockstack_client.rb +60 -11
- data/lib/vchain_client/{signatures.rb → crypto.rb} +237 -67
- data/lib/vchain_client.rb +113 -91
- metadata +4 -4
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: e923e1b7f09ce1695959a48bc2fb935989b4e6fe
|
4
|
+
data.tar.gz: dd38c906da6bff58071e6879af626f0f65c36388
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: a640e3c3a874a8008dfc487c6fb7174ff5828b9726e49bd3c6cc71ae5f89c46f01e71e35a6e0e9cfafe608e69639ce8aecfc8445745895aced391ae236abe8f2
|
7
|
+
data.tar.gz: 3729bd6925665b03666ae2837dde05f6ff1e3f72fedc133f495a000aa42e7e52b6a0e9cde0fb56f6288b37a358f75c9483bf01765a3f271ba69932557f68b2ce
|
@@ -131,10 +131,10 @@ module VChainClient
|
|
131
131
|
return false
|
132
132
|
end
|
133
133
|
|
134
|
-
|
134
|
+
cryptoHelper = VChainClient::Crypto.new(@config)
|
135
135
|
|
136
136
|
if @log.debug?
|
137
|
-
@log.debug("[Blockstack.checkBlockstackRecord]
|
137
|
+
@log.debug("[Blockstack.checkBlockstackRecord] Crypto initialized")
|
138
138
|
end
|
139
139
|
|
140
140
|
if record != nil
|
@@ -238,12 +238,17 @@ module VChainClient
|
|
238
238
|
return false
|
239
239
|
end
|
240
240
|
|
241
|
-
# check client's sig
|
241
|
+
# check client's sig version 1
|
242
|
+
client_sig = record["client_sig"]
|
243
|
+
|
244
|
+
validator_sig = record["validator_sig"]
|
245
|
+
|
242
246
|
client_sig_to_check = record["vchain_id"] + record["vchain_role"] + blockstack_id + record["ecc_pubkey"] + record["sig_version"];
|
243
247
|
|
244
248
|
validator_sig_to_check = record["vchain_id"] + record["vchain_role"] + blockstack_id + record["ecc_pubkey"] + record["sig_version"] + record["validator_vchain_id"] + validator_blockstack_id
|
245
249
|
|
246
|
-
|
250
|
+
# client's sig versions 2 && 3
|
251
|
+
if record["sig_version"] == "2" || record["sig_version"] == "3"
|
247
252
|
|
248
253
|
# need to retrieve RSA key
|
249
254
|
if !record.key?("rsa_pubkey")
|
@@ -256,19 +261,38 @@ module VChainClient
|
|
256
261
|
return false
|
257
262
|
end
|
258
263
|
|
259
|
-
|
264
|
+
if record["sig_version"] == "2"
|
265
|
+
# sig version 2
|
266
|
+
|
267
|
+
client_sig = record["client_sig_v2"]
|
268
|
+
|
269
|
+
validator_sig = record["validator_sig_v2"]
|
270
|
+
|
271
|
+
client_sig_to_check = record["vchain_id"] + record["vchain_role"] + blockstack_id + record["ecc_pubkey"] + record["rsa_pubkey"] + record["sig_version"];
|
272
|
+
|
273
|
+
validator_sig_to_check = record["vchain_id"] + record["vchain_role"] + blockstack_id + record["ecc_pubkey"].gsub(/\n/, "") + record["rsa_pubkey"].gsub(/\n/, "") + record["sig_version"] + record["validator_vchain_id"] + validator_blockstack_id
|
260
274
|
|
261
|
-
|
275
|
+
elsif record["sig_version"] == "3"
|
276
|
+
# sig version 3
|
277
|
+
|
278
|
+
client_sig = record["client_sig_v3"]
|
279
|
+
|
280
|
+
validator_sig = record["validator_sig_v3"]
|
281
|
+
|
282
|
+
client_sig_to_check = record["vchain_id"] + record["vchain_role"] + blockstack_id + record["ecc_pubkey"].gsub(/\n/, "") + record["rsa_pubkey"].gsub(/\n/, "") + record["sig_version"];
|
283
|
+
|
284
|
+
validator_sig_to_check = record["vchain_id"] + record["vchain_role"] + blockstack_id + record["ecc_pubkey"].gsub(/\n/, "") + record["rsa_pubkey"].gsub(/\n/, "") + record["sig_version"] + record["validator_vchain_id"] + validator_blockstack_id
|
285
|
+
end
|
262
286
|
end
|
263
287
|
|
264
288
|
begin
|
265
289
|
|
266
|
-
if
|
290
|
+
if cryptoHelper.verifySignature(client_sig_to_check, client_sig, record["ecc_pubkey"])
|
267
291
|
|
268
292
|
# check validator's sig
|
269
293
|
begin
|
270
294
|
|
271
|
-
if
|
295
|
+
if cryptoHelper.verifySignature(validator_sig_to_check, validator_sig, validator_ecc_pub_key)
|
272
296
|
|
273
297
|
return true;
|
274
298
|
|
@@ -556,7 +580,7 @@ module VChainClient
|
|
556
580
|
recs = line.split(" ")
|
557
581
|
|
558
582
|
if recs.size == 3
|
559
|
-
if recs[0] == "A1" || recs[0] == "A2" || recs[0] == "A3" || recs[0] == "A4" || recs[0] == "A5" || recs[0] == "A6" || recs[0] == "A7" || recs[0] == "A8" || recs[0] == "A9"
|
583
|
+
if recs[0] == "A1" || recs[0] == "A2" || recs[0] == "A3" || recs[0] == "A4" || recs[0] == "A5" || recs[0] == "A6" || recs[0] == "A7" || recs[0] == "A8" || recs[0] == "A9" || recs[0] == "A10" || recs[0] == "A11"
|
560
584
|
fz[recs[0]] = recs[2][1..-2]
|
561
585
|
end
|
562
586
|
end
|
@@ -573,13 +597,13 @@ module VChainClient
|
|
573
597
|
ecc_pubkey = ecc_pubkey_aligned[0..63] +"\n"+ ecc_pubkey_aligned[64..ecc_pubkey_aligned.length]
|
574
598
|
|
575
599
|
rsa_pubkey = nil
|
576
|
-
if fz["A7"]
|
600
|
+
if fz["A7"] == "2" || fz["A7"] == "3"
|
601
|
+
# sig versions 2 && 3
|
577
602
|
|
578
603
|
if !fz.key?("A9")
|
579
604
|
if @log.error?
|
580
605
|
@log.error("[Blockstack.getBlockstackRecord] no 'A9' field, sig ver is >1")
|
581
606
|
@log.error("-> blockstack_id: #{blockstack_id}")
|
582
|
-
@log.error("--> blockstack_id: #{blockstack_id}")
|
583
607
|
end
|
584
608
|
|
585
609
|
return nil
|
@@ -601,6 +625,31 @@ module VChainClient
|
|
601
625
|
"client_sig" => Base64.decode64(fz["A8"])
|
602
626
|
}
|
603
627
|
|
628
|
+
if fz["A7"] == "2" || fz["A7"] == "3"
|
629
|
+
# sig versions 2 && 3
|
630
|
+
|
631
|
+
output["client_sig_v2"] = Base64.decode64(fz["A8"])
|
632
|
+
output["validator_sig_v2"] = Base64.decode64(fz["A3"])
|
633
|
+
|
634
|
+
if fz["A7"] == "3"
|
635
|
+
# sig version 3
|
636
|
+
|
637
|
+
if !fz.key?("A10") || !fz.key?("A11")
|
638
|
+
if @log.error?
|
639
|
+
@log.error("[Blockstack.getBlockstackRecord] no 'A10' or 'A11' fields, sig ver = 3")
|
640
|
+
@log.error("-> blockstack_id: #{blockstack_id}")
|
641
|
+
end
|
642
|
+
|
643
|
+
return nil
|
644
|
+
end
|
645
|
+
|
646
|
+
output["client_sig_v3"] = Base64.decode64(fz["A10"])
|
647
|
+
output["validator_sig_v3"] = Base64.decode64(fz["A11"])
|
648
|
+
|
649
|
+
end
|
650
|
+
|
651
|
+
end
|
652
|
+
|
604
653
|
if @log.debug?
|
605
654
|
@log.debug("[Blockstack.getBlockstackRecord] output:")
|
606
655
|
@log.debug(output)
|
@@ -1,12 +1,17 @@
|
|
1
1
|
module VChainClient
|
2
2
|
|
3
|
-
class
|
3
|
+
class Crypto
|
4
4
|
|
5
5
|
@config = nil
|
6
6
|
@log = nil
|
7
7
|
|
8
|
-
@@
|
9
|
-
@@
|
8
|
+
@@ecc_private_key = nil
|
9
|
+
@@ec_ecc_private = nil
|
10
|
+
|
11
|
+
@@rsa_private_key = nil
|
12
|
+
@@ec_rsa_private = nil
|
13
|
+
|
14
|
+
@@vchain_rsa_public_key = nil
|
10
15
|
|
11
16
|
def initialize(config)
|
12
17
|
@config = config
|
@@ -14,28 +19,193 @@ module VChainClient
|
|
14
19
|
@log = Log4r::Logger["vchain_client"]
|
15
20
|
end
|
16
21
|
|
22
|
+
def getVChainPublicKeyRSA()
|
23
|
+
|
24
|
+
if @@vchain_rsa_public_key != nil
|
25
|
+
return @@vchain_rsa_public_key
|
26
|
+
end
|
27
|
+
|
28
|
+
blockstackClient = VChainClient::BlockstackClient.new(@config)
|
29
|
+
|
30
|
+
vchain_public_key_body = nil
|
31
|
+
|
32
|
+
begin
|
33
|
+
|
34
|
+
vchain_public_key_body = blockstackClient.getPublicKeyRSA("vchain_core_01.id")
|
35
|
+
|
36
|
+
rescue => e
|
37
|
+
if @log.error?
|
38
|
+
@log.error("[check] failed to retrieve vchain public RSA key from Blockstack")
|
39
|
+
@log.error("#{e.class}, #{e.message}")
|
40
|
+
end
|
41
|
+
|
42
|
+
raise e
|
43
|
+
end
|
44
|
+
|
45
|
+
if vchain_public_key_body == nil
|
46
|
+
if @log.error?
|
47
|
+
@log.error("[check] failed to retrieve vchain public RSA key from Blockstack")
|
48
|
+
end
|
49
|
+
|
50
|
+
return false
|
51
|
+
end
|
52
|
+
|
53
|
+
vchain_public_key_str = "-----BEGIN PUBLIC KEY-----\n"
|
54
|
+
vchain_public_key_str += vchain_public_key_body
|
55
|
+
vchain_public_key_str += "\n-----END PUBLIC KEY-----"
|
56
|
+
|
57
|
+
@@vchain_rsa_public_key = OpenSSL::PKey::RSA.new(vchain_public_key_str)
|
58
|
+
|
59
|
+
return @@vchain_rsa_public_key
|
60
|
+
end
|
61
|
+
|
62
|
+
def encodeRSA(payload)
|
63
|
+
vchain_public_key = self.getVChainPublicKeyRSA()
|
64
|
+
|
65
|
+
return vchain_public_key.public_encrypt(payload, OpenSSL::PKey::RSA::PKCS1_OAEP_PADDING)
|
66
|
+
end
|
67
|
+
|
68
|
+
def decodeRSA(encoded_data)
|
69
|
+
|
70
|
+
priv_key_path = @config["rsa_private_key_location"]
|
71
|
+
|
72
|
+
if @log.debug?
|
73
|
+
@log.debug("[Crypto.decodeRSA] input:")
|
74
|
+
@log.debug("-> key path: #{priv_key_path}")
|
75
|
+
@log.debug("-> input:")
|
76
|
+
@log.debug(encoded_data)
|
77
|
+
end
|
78
|
+
|
79
|
+
if @@rsa_private_key == nil
|
80
|
+
|
81
|
+
begin
|
82
|
+
|
83
|
+
@@rsa_private_key = File.read(priv_key_path)
|
84
|
+
|
85
|
+
rescue => e
|
86
|
+
if @log.error?
|
87
|
+
@log.error("[Crypto.decodeRSA] File.read raised exception:")
|
88
|
+
@log.error("#{e.class}, #{e.message}")
|
89
|
+
@log.error("--> priv_key_path: #{priv_key_path}")
|
90
|
+
@log.error("-> input:")
|
91
|
+
@log.error(encoded_data)
|
92
|
+
end
|
93
|
+
|
94
|
+
raise e
|
95
|
+
end
|
96
|
+
|
97
|
+
if @log.debug?
|
98
|
+
@log.debug("[Crypto.decodeRSA] priv key is loaded")
|
99
|
+
end
|
100
|
+
|
101
|
+
end
|
102
|
+
|
103
|
+
if @@rsa_private_key == nil
|
104
|
+
if @log.error?
|
105
|
+
@log.error("[Crypto.decodeRSA] failed to load private key")
|
106
|
+
@log.error("--> priv_key_path: #{priv_key_path}")
|
107
|
+
@log.error("-> input:")
|
108
|
+
@log.error(encoded_data)
|
109
|
+
end
|
110
|
+
|
111
|
+
return nil
|
112
|
+
end
|
113
|
+
|
114
|
+
if @@ec_rsa_private == nil
|
115
|
+
|
116
|
+
begin
|
117
|
+
|
118
|
+
@@ec_rsa_private = OpenSSL::PKey::RSA.new(@@rsa_private_key)
|
119
|
+
|
120
|
+
rescue => e
|
121
|
+
if @log.error?
|
122
|
+
@log.error("[Crypto.decodeRSA] OpenSSL::PKey::EC.new raised exception:")
|
123
|
+
@log.error("#{e.class}, #{e.message}")
|
124
|
+
@log.error("--> priv_key_path: #{priv_key_path}")
|
125
|
+
@log.error("-> input:")
|
126
|
+
@log.error(encoded_data)
|
127
|
+
end
|
128
|
+
|
129
|
+
raise e
|
130
|
+
end
|
131
|
+
|
132
|
+
if @log.debug?
|
133
|
+
@log.debug("[Crypto.decodeRSA] key initialized")
|
134
|
+
end
|
135
|
+
|
136
|
+
end
|
137
|
+
|
138
|
+
if @@ec_rsa_private == nil
|
139
|
+
if @log.error?
|
140
|
+
@log.error("[Crypto.decodeRSA] failed init EC key")
|
141
|
+
@log.error("--> priv_key_path: #{priv_key_path}")
|
142
|
+
@log.error("-> input:")
|
143
|
+
@log.error(encoded_data)
|
144
|
+
end
|
145
|
+
|
146
|
+
return nil
|
147
|
+
end
|
148
|
+
|
149
|
+
return @@ec_rsa_private.private_decrypt(encoded_data, OpenSSL::PKey::RSA::PKCS1_OAEP_PADDING)
|
150
|
+
end
|
151
|
+
|
152
|
+
def decodeCypher(encoded_payload, key, iv)
|
153
|
+
|
154
|
+
cifd = OpenSSL::Cipher.new('AES-256-CBC')
|
155
|
+
|
156
|
+
#cifd.padding = 0
|
157
|
+
|
158
|
+
cifd.decrypt
|
159
|
+
|
160
|
+
cifd.key = key
|
161
|
+
cifd.iv = iv
|
162
|
+
|
163
|
+
decoded = ''
|
164
|
+
decoded << cifd.update(encoded_payload)
|
165
|
+
decoded << cifd.final
|
166
|
+
|
167
|
+
return decoded
|
168
|
+
end
|
169
|
+
|
170
|
+
def encodeCypher(document)
|
171
|
+
cif = OpenSSL::Cipher.new('AES-256-CBC')
|
172
|
+
|
173
|
+
cif.encrypt
|
174
|
+
|
175
|
+
cif.key = key = cif.random_key
|
176
|
+
cif.iv = iv = cif.random_iv
|
177
|
+
|
178
|
+
out = {
|
179
|
+
"payload" => (cif.update(document) + cif.final),
|
180
|
+
"key" => key,
|
181
|
+
"iv" => iv
|
182
|
+
}
|
183
|
+
|
184
|
+
return out
|
185
|
+
end
|
186
|
+
|
17
187
|
def signBatchRequest(batch, timestamp)
|
18
188
|
OpenSSL::PKey::EC.send(:alias_method, :private?, :private_key?)
|
19
189
|
|
20
190
|
priv_key_path = @config["ecc_private_key_location"]
|
21
191
|
|
22
192
|
if @log.debug?
|
23
|
-
@log.debug("[
|
193
|
+
@log.debug("[Crypto.signBatchRequest] input:")
|
24
194
|
@log.debug("-> timestamp: "+ timestamp.to_s)
|
25
195
|
@log.debug("-> key path: #{priv_key_path}")
|
26
196
|
@log.debug("-> input:")
|
27
197
|
@log.debug(batch)
|
28
198
|
end
|
29
199
|
|
30
|
-
if @@
|
200
|
+
if @@ecc_private_key == nil
|
31
201
|
|
32
202
|
begin
|
33
203
|
|
34
|
-
@@
|
204
|
+
@@ecc_private_key = File.read(priv_key_path)
|
35
205
|
|
36
206
|
rescue => e
|
37
207
|
if @log.error?
|
38
|
-
@log.error("[
|
208
|
+
@log.error("[Crypto.signBatchRequest] File.read raised exception:")
|
39
209
|
@log.error("#{e.class}, #{e.message}")
|
40
210
|
@log.error("-> timestamp: "+ timestamp.to_s)
|
41
211
|
@log.error("--> priv_key_path: #{priv_key_path}")
|
@@ -47,14 +217,14 @@ module VChainClient
|
|
47
217
|
end
|
48
218
|
|
49
219
|
if @log.debug?
|
50
|
-
@log.debug("[
|
220
|
+
@log.debug("[Crypto.signBatchRequest] priv key is loaded")
|
51
221
|
end
|
52
222
|
|
53
223
|
end
|
54
224
|
|
55
|
-
if @@
|
225
|
+
if @@ecc_private_key == nil
|
56
226
|
if @log.error?
|
57
|
-
@log.error("[
|
227
|
+
@log.error("[Crypto.signBatchRequest] failed to load private key")
|
58
228
|
@log.error("-> timestamp: "+ timestamp.to_s)
|
59
229
|
@log.error("--> priv_key_path: #{priv_key_path}")
|
60
230
|
@log.error("-> input:")
|
@@ -64,15 +234,15 @@ module VChainClient
|
|
64
234
|
return nil
|
65
235
|
end
|
66
236
|
|
67
|
-
if @@
|
237
|
+
if @@ec_ecc_private == nil
|
68
238
|
|
69
239
|
begin
|
70
240
|
|
71
|
-
@@
|
241
|
+
@@ec_ecc_private = OpenSSL::PKey::EC.new(@@ecc_private_key)
|
72
242
|
|
73
243
|
rescue => e
|
74
244
|
if @log.error?
|
75
|
-
@log.error("[
|
245
|
+
@log.error("[Crypto.signBatchRequest] OpenSSL::PKey::EC.new raised exception:")
|
76
246
|
@log.error("#{e.class}, #{e.message}")
|
77
247
|
@log.error("-> timestamp: "+ timestamp.to_s)
|
78
248
|
@log.error("--> priv_key_path: #{priv_key_path}")
|
@@ -84,14 +254,14 @@ module VChainClient
|
|
84
254
|
end
|
85
255
|
|
86
256
|
if @log.debug?
|
87
|
-
@log.debug("[
|
257
|
+
@log.debug("[Crypto.signBatchRequest] key initialized")
|
88
258
|
end
|
89
259
|
|
90
260
|
end
|
91
261
|
|
92
|
-
if @@
|
262
|
+
if @@ec_ecc_private == nil
|
93
263
|
if @log.error?
|
94
|
-
@log.error("[
|
264
|
+
@log.error("[Crypto.signBatchRequest] failed init EC key")
|
95
265
|
@log.error("-> timestamp: "+ timestamp.to_s)
|
96
266
|
@log.error("--> priv_key_path: #{priv_key_path}")
|
97
267
|
@log.error("-> input:")
|
@@ -113,18 +283,18 @@ module VChainClient
|
|
113
283
|
}
|
114
284
|
|
115
285
|
if @log.debug?
|
116
|
-
@log.debug("[
|
286
|
+
@log.debug("[Crypto.signBatchRequest] whole_to_sign: "+ whole_sign)
|
117
287
|
end
|
118
288
|
|
119
289
|
whole_signature = nil
|
120
290
|
|
121
291
|
begin
|
122
292
|
|
123
|
-
whole_signature = @@
|
293
|
+
whole_signature = @@ec_ecc_private.sign(digest, whole_sign)
|
124
294
|
|
125
295
|
rescue => e
|
126
296
|
if @log.error?
|
127
|
-
@log.error("[
|
297
|
+
@log.error("[Crypto.signBatchRequest] ec.sign raised exception:")
|
128
298
|
@log.error("#{e.class}, #{e.message}")
|
129
299
|
@log.error("-> timestamp: "+ timestamp.to_s)
|
130
300
|
@log.error("--> priv_key_path: #{priv_key_path}")
|
@@ -138,7 +308,7 @@ module VChainClient
|
|
138
308
|
|
139
309
|
if whole_signature == nil
|
140
310
|
if @log.error?
|
141
|
-
@log.error("[
|
311
|
+
@log.error("[Crypto.signBatchRequest] failed to sign")
|
142
312
|
@log.error("-> timestamp: "+ timestamp.to_s)
|
143
313
|
@log.error("--> priv_key_path: #{priv_key_path}")
|
144
314
|
@log.error("--> whole_sign: #{whole_sign}")
|
@@ -150,7 +320,7 @@ module VChainClient
|
|
150
320
|
end
|
151
321
|
|
152
322
|
if @log.debug?
|
153
|
-
@log.debug("[
|
323
|
+
@log.debug("[Crypto.signBatchRequest] whole_signature raw: "+ Base64.encode64(whole_signature))
|
154
324
|
end
|
155
325
|
|
156
326
|
return Base64.encode64(whole_signature).gsub(/\n/, "")
|
@@ -163,7 +333,7 @@ module VChainClient
|
|
163
333
|
priv_key_path = @config["ecc_private_key_location"]
|
164
334
|
|
165
335
|
if @log.debug?
|
166
|
-
@log.debug("[
|
336
|
+
@log.debug("[Crypto.signRequest] input:")
|
167
337
|
@log.debug("-> point_type: "+ point_type)
|
168
338
|
@log.debug("-> weight: "+ weight.to_s)
|
169
339
|
@log.debug("-> timestamp: "+ timestamp.to_s)
|
@@ -172,15 +342,15 @@ module VChainClient
|
|
172
342
|
@log.debug(document)
|
173
343
|
end
|
174
344
|
|
175
|
-
if @@
|
345
|
+
if @@ecc_private_key == nil
|
176
346
|
|
177
347
|
begin
|
178
348
|
|
179
|
-
@@
|
349
|
+
@@ecc_private_key = File.read(priv_key_path)
|
180
350
|
|
181
351
|
rescue => e
|
182
352
|
if @log.error?
|
183
|
-
@log.error("[
|
353
|
+
@log.error("[Crypto.signRequest] File.read raised exception:")
|
184
354
|
@log.error("#{e.class}, #{e.message}")
|
185
355
|
@log.error("-> point_type: "+ point_type)
|
186
356
|
@log.error("-> weight: "+ weight.to_s)
|
@@ -194,14 +364,14 @@ module VChainClient
|
|
194
364
|
end
|
195
365
|
|
196
366
|
if @log.debug?
|
197
|
-
@log.debug("[
|
367
|
+
@log.debug("[Crypto.signRequest] priv key is loaded")
|
198
368
|
end
|
199
369
|
|
200
370
|
end
|
201
371
|
|
202
|
-
if @@
|
372
|
+
if @@ecc_private_key == nil
|
203
373
|
if @log.error?
|
204
|
-
@log.error("[
|
374
|
+
@log.error("[Crypto.signRequest] failed to load private key")
|
205
375
|
@log.error("-> point_type: "+ point_type)
|
206
376
|
@log.error("-> weight: "+ weight.to_s)
|
207
377
|
@log.error("-> timestamp: "+ timestamp.to_s)
|
@@ -213,15 +383,15 @@ module VChainClient
|
|
213
383
|
return nil
|
214
384
|
end
|
215
385
|
|
216
|
-
if @@
|
386
|
+
if @@ec_ecc_private == nil
|
217
387
|
|
218
388
|
begin
|
219
389
|
|
220
|
-
@@
|
390
|
+
@@ec_ecc_private = OpenSSL::PKey::EC.new(@@ecc_private_key)
|
221
391
|
|
222
392
|
rescue => e
|
223
393
|
if @log.error?
|
224
|
-
@log.error("[
|
394
|
+
@log.error("[Crypto.signRequest] OpenSSL::PKey::EC.new raised exception:")
|
225
395
|
@log.error("#{e.class}, #{e.message}")
|
226
396
|
@log.error("-> point_type: "+ point_type)
|
227
397
|
@log.error("-> weight: "+ weight.to_s)
|
@@ -235,14 +405,14 @@ module VChainClient
|
|
235
405
|
end
|
236
406
|
|
237
407
|
if @log.debug?
|
238
|
-
@log.debug("[
|
408
|
+
@log.debug("[Crypto.signRequest] key initialized")
|
239
409
|
end
|
240
410
|
|
241
411
|
end
|
242
412
|
|
243
|
-
if @@
|
413
|
+
if @@ec_ecc_private == nil
|
244
414
|
if @log.error?
|
245
|
-
@log.error("[
|
415
|
+
@log.error("[Crypto.signRequest] failed init EC key")
|
246
416
|
@log.error("-> point_type: "+ point_type)
|
247
417
|
@log.error("-> weight: "+ weight.to_s)
|
248
418
|
@log.error("-> timestamp: "+ timestamp.to_s)
|
@@ -259,18 +429,18 @@ module VChainClient
|
|
259
429
|
whole_sign = document.to_json + point_type + weight.to_s + timestamp.to_s
|
260
430
|
|
261
431
|
if @log.debug?
|
262
|
-
@log.debug("[
|
432
|
+
@log.debug("[Crypto.signRequest] whole_to_sign: "+ whole_sign)
|
263
433
|
end
|
264
434
|
|
265
435
|
whole_signature = nil
|
266
436
|
|
267
437
|
begin
|
268
438
|
|
269
|
-
whole_signature = @@
|
439
|
+
whole_signature = @@ec_ecc_private.sign(digest, whole_sign)
|
270
440
|
|
271
441
|
rescue => e
|
272
442
|
if @log.error?
|
273
|
-
@log.error("[
|
443
|
+
@log.error("[Crypto.signRequest] ec.sign raised exception:")
|
274
444
|
@log.error("#{e.class}, #{e.message}")
|
275
445
|
@log.error("-> point_type: "+ point_type)
|
276
446
|
@log.error("-> weight: "+ weight.to_s)
|
@@ -286,7 +456,7 @@ module VChainClient
|
|
286
456
|
|
287
457
|
if whole_signature == nil
|
288
458
|
if @log.error?
|
289
|
-
@log.error("[
|
459
|
+
@log.error("[Crypto.signRequest] failed to sign")
|
290
460
|
@log.error("-> point_type: "+ point_type)
|
291
461
|
@log.error("-> weight: "+ weight.to_s)
|
292
462
|
@log.error("-> timestamp: "+ timestamp.to_s)
|
@@ -300,7 +470,7 @@ module VChainClient
|
|
300
470
|
end
|
301
471
|
|
302
472
|
if @log.debug?
|
303
|
-
@log.debug("[
|
473
|
+
@log.debug("[Crypto.signRequest] whole_signature raw: "+ Base64.encode64(whole_signature))
|
304
474
|
end
|
305
475
|
|
306
476
|
return Base64.encode64(whole_signature).gsub(/\n/, "")
|
@@ -319,7 +489,7 @@ module VChainClient
|
|
319
489
|
|
320
490
|
rescue => e
|
321
491
|
if @log.error?
|
322
|
-
@log.error("[
|
492
|
+
@log.error("[Crypto.verifySignature] OpenSSL::PKey::EC.new raised exception:")
|
323
493
|
@log.error("#{e.class}, #{e.message}")
|
324
494
|
@log.error("-> what_to_check: #{what_to_check}")
|
325
495
|
@log.error("-> signature: "+ Base64.encode64(signature))
|
@@ -333,7 +503,7 @@ module VChainClient
|
|
333
503
|
|
334
504
|
if ec == nil
|
335
505
|
if @log.error?
|
336
|
-
@log.error("[
|
506
|
+
@log.error("[Crypto.verifySignature] failed init EC key")
|
337
507
|
@log.error("-> what_to_check: #{what_to_check}")
|
338
508
|
@log.error("-> signature: "+ Base64.encode64(signature))
|
339
509
|
@log.error("-> public_key: "+ pub_key)
|
@@ -351,7 +521,7 @@ module VChainClient
|
|
351
521
|
|
352
522
|
rescue => e
|
353
523
|
if @log.error?
|
354
|
-
@log.error("[
|
524
|
+
@log.error("[Crypto.verifySignature] ec.verify raised exception:")
|
355
525
|
@log.error("#{e.class}, #{e.message}")
|
356
526
|
@log.error("-> what_to_check: #{what_to_check}")
|
357
527
|
@log.error("-> signature: "+ Base64.encode64(signature))
|
@@ -373,7 +543,7 @@ module VChainClient
|
|
373
543
|
priv_key_path = @config["ecc_private_key_location"]
|
374
544
|
|
375
545
|
if @log.debug?
|
376
|
-
@log.debug("[
|
546
|
+
@log.debug("[Crypto.signDataPoint] input:")
|
377
547
|
@log.debug("-> this_client_id: #{this_client_id}")
|
378
548
|
@log.debug("-> doc_hash: #{doc_hash}")
|
379
549
|
@log.debug("-> credentials_hash: #{credentials_hash}")
|
@@ -385,15 +555,15 @@ module VChainClient
|
|
385
555
|
@log.debug(data)
|
386
556
|
end
|
387
557
|
|
388
|
-
if @@
|
558
|
+
if @@ecc_private_key == nil
|
389
559
|
|
390
560
|
begin
|
391
561
|
|
392
|
-
@@
|
562
|
+
@@ecc_private_key = File.read(priv_key_path)
|
393
563
|
|
394
564
|
rescue => e
|
395
565
|
if @log.error?
|
396
|
-
@log.error("[
|
566
|
+
@log.error("[Crypto.signDataPoint] File.read raised exception:")
|
397
567
|
@log.error("#{e.class}, #{e.message}")
|
398
568
|
@log.error("-> this_client_id: #{this_client_id}")
|
399
569
|
@log.error("-> doc_hash: #{doc_hash}")
|
@@ -410,14 +580,14 @@ module VChainClient
|
|
410
580
|
end
|
411
581
|
|
412
582
|
if @log.debug?
|
413
|
-
@log.debug("[
|
583
|
+
@log.debug("[Crypto.signDataPoint] priv key loaded")
|
414
584
|
end
|
415
585
|
|
416
586
|
end
|
417
587
|
|
418
|
-
if @@
|
588
|
+
if @@ecc_private_key == nil
|
419
589
|
if @log.error?
|
420
|
-
@log.error("[
|
590
|
+
@log.error("[Crypto.signDataPoint] failed to load private key")
|
421
591
|
@log.error("-> this_client_id: #{this_client_id}")
|
422
592
|
@log.error("-> doc_hash: #{doc_hash}")
|
423
593
|
@log.error("-> credentials_hash: #{credentials_hash}")
|
@@ -432,15 +602,15 @@ module VChainClient
|
|
432
602
|
return nil
|
433
603
|
end
|
434
604
|
|
435
|
-
if @@
|
605
|
+
if @@ec_ecc_private == nil
|
436
606
|
|
437
607
|
begin
|
438
608
|
|
439
|
-
@@
|
609
|
+
@@ec_ecc_private = OpenSSL::PKey::EC.new(@@ecc_private_key)
|
440
610
|
|
441
611
|
rescue => e
|
442
612
|
if @log.error?
|
443
|
-
@log.error("[
|
613
|
+
@log.error("[Crypto.signDataPoint] OpenSSL::PKey::EC.new raised exception:")
|
444
614
|
@log.error("#{e.class}, #{e.message}")
|
445
615
|
@log.error("-> this_client_id: #{this_client_id}")
|
446
616
|
@log.error("-> doc_hash: #{doc_hash}")
|
@@ -458,14 +628,14 @@ module VChainClient
|
|
458
628
|
end
|
459
629
|
|
460
630
|
if @log.debug?
|
461
|
-
@log.debug("[
|
631
|
+
@log.debug("[Crypto.signDataPoint] key created")
|
462
632
|
end
|
463
633
|
|
464
634
|
end
|
465
635
|
|
466
|
-
if @@
|
636
|
+
if @@ec_ecc_private == nil
|
467
637
|
if @log.error?
|
468
|
-
@log.error("[
|
638
|
+
@log.error("[Crypto.signDataPoint] failed init EC key")
|
469
639
|
@log.error("-> this_client_id: #{this_client_id}")
|
470
640
|
@log.error("-> doc_hash: #{doc_hash}")
|
471
641
|
@log.error("-> credentials_hash: #{credentials_hash}")
|
@@ -490,7 +660,7 @@ module VChainClient
|
|
490
660
|
value = rec[1]
|
491
661
|
|
492
662
|
if @log.debug?
|
493
|
-
@log.debug("[
|
663
|
+
@log.debug("[Crypto.signDataPoint] field: #{field}, value: #{value}")
|
494
664
|
end
|
495
665
|
|
496
666
|
if field != 'client_id'
|
@@ -510,19 +680,19 @@ module VChainClient
|
|
510
680
|
what_to_sign += VChainClient::Client::DATA_POINT_VERSION
|
511
681
|
|
512
682
|
if @log.debug?
|
513
|
-
@log.debug("[
|
514
|
-
@log.debug("[
|
683
|
+
@log.debug("[Crypto.signDataPoint] field_hash: #{field_hash}")
|
684
|
+
@log.debug("[Crypto.signDataPoint] value_hash: #{value_hash}")
|
515
685
|
end
|
516
686
|
|
517
687
|
signature = nil
|
518
688
|
|
519
689
|
begin
|
520
690
|
|
521
|
-
signature = @@
|
691
|
+
signature = @@ec_ecc_private.sign(digest, what_to_sign)
|
522
692
|
|
523
693
|
rescue => e
|
524
694
|
if @log.error?
|
525
|
-
@log.error("[
|
695
|
+
@log.error("[Crypto.signDataPoint] ec.sign raised exception:")
|
526
696
|
@log.error("#{e.class}, #{e.message}")
|
527
697
|
@log.error("-> this_client_id: #{this_client_id}")
|
528
698
|
@log.error("-> doc_hash: #{doc_hash}")
|
@@ -542,7 +712,7 @@ module VChainClient
|
|
542
712
|
|
543
713
|
if signature == nil
|
544
714
|
if @log.error?
|
545
|
-
@log.error("[
|
715
|
+
@log.error("[Crypto.signDataPoint] failed to sign")
|
546
716
|
@log.error("-> this_client_id: #{this_client_id}")
|
547
717
|
@log.error("-> doc_hash: #{doc_hash}")
|
548
718
|
@log.error("-> credentials_hash: #{credentials_hash}")
|
@@ -560,7 +730,7 @@ module VChainClient
|
|
560
730
|
end
|
561
731
|
|
562
732
|
if @log.debug?
|
563
|
-
@log.debug("[
|
733
|
+
@log.debug("[Crypto.signDataPoint] signature raw: "+ Base64.encode64(signature))
|
564
734
|
end
|
565
735
|
|
566
736
|
output[field] = Base64.encode64(signature).gsub(/\n/, "")
|
@@ -569,7 +739,7 @@ module VChainClient
|
|
569
739
|
}
|
570
740
|
|
571
741
|
if @log.debug?
|
572
|
-
@log.debug("[
|
742
|
+
@log.debug("[Crypto.signDataPoint] output:")
|
573
743
|
@log.debug(output)
|
574
744
|
end
|
575
745
|
|
@@ -586,7 +756,7 @@ module VChainClient
|
|
586
756
|
what_to_check += sig_version
|
587
757
|
|
588
758
|
if @log.debug?
|
589
|
-
@log.debug("[
|
759
|
+
@log.debug("[Crypto.checkTreeSignature] input:")
|
590
760
|
@log.debug("-> tree_root_hash: #{tree_root_hash}")
|
591
761
|
@log.debug("-> blockchain_txid: #{blockchain_txid}")
|
592
762
|
@log.debug("-> blockchain_block_hash: #{blockchain_block_hash}")
|
@@ -603,7 +773,7 @@ module VChainClient
|
|
603
773
|
|
604
774
|
rescue => e
|
605
775
|
if @log.error?
|
606
|
-
@log.error("[
|
776
|
+
@log.error("[Crypto.checkTreeSignature] verifySignature raised exception:")
|
607
777
|
@log.error("#{e.class}, #{e.message}")
|
608
778
|
@log.error("-> tree_root_hash: #{tree_root_hash}")
|
609
779
|
@log.error("-> blockchain_txid: #{blockchain_txid}")
|
@@ -625,7 +795,7 @@ module VChainClient
|
|
625
795
|
def checkVerificationSignature(field_hash, data_hash, doc_hash, credentials_hash, verification_type, weight, timestamp, blockstack_client_id, pubkey, signature, version)
|
626
796
|
|
627
797
|
if @log.debug?
|
628
|
-
@log.debug("[
|
798
|
+
@log.debug("[Crypto.checkVerificationSignature] input:")
|
629
799
|
@log.debug("-> field_hash: #{field_hash}")
|
630
800
|
@log.debug("-> data_hash: #{data_hash}")
|
631
801
|
@log.debug("-> doc_hash: #{doc_hash}")
|
@@ -654,7 +824,7 @@ module VChainClient
|
|
654
824
|
|
655
825
|
rescue => e
|
656
826
|
if @log.error?
|
657
|
-
@log.error("[
|
827
|
+
@log.error("[Crypto.checkVerificationSignature] verifySignature raised exception:")
|
658
828
|
@log.error("#{e.class}, #{e.message}")
|
659
829
|
@log.error("-> field_hash: #{field_hash}")
|
660
830
|
@log.error("-> data_hash: #{data_hash}")
|
data/lib/vchain_client.rb
CHANGED
@@ -13,7 +13,7 @@ module VChainClient
|
|
13
13
|
require 'vchain_client/blockcypher_blockchain_adapter'
|
14
14
|
require 'vchain_client/blockchain_adapter_factory'
|
15
15
|
require 'vchain_client/blockchain_connection'
|
16
|
-
require 'vchain_client/
|
16
|
+
require 'vchain_client/crypto'
|
17
17
|
require 'vchain_client/blockstack_client'
|
18
18
|
require 'vchain_client/decision_algos/decision_algorithm.rb'
|
19
19
|
require 'vchain_client/decision_algos/vector_based_decision_algorithm.rb'
|
@@ -26,7 +26,7 @@ module VChainClient
|
|
26
26
|
|
27
27
|
DATA_POINT_VERSION = "1"
|
28
28
|
|
29
|
-
CLIENT_LIB_VERSION = "1.0.
|
29
|
+
CLIENT_LIB_VERSION = "1.0.35"
|
30
30
|
|
31
31
|
@config = nil
|
32
32
|
@log = nil
|
@@ -176,6 +176,7 @@ module VChainClient
|
|
176
176
|
end
|
177
177
|
|
178
178
|
def self.get_credentials_hash(document)
|
179
|
+
|
179
180
|
if document["type"] == FIELD_TYPE_TRAVEL_DOCUMENT_HASHED
|
180
181
|
what_to_hash = document["type"] + document["number"] + document["given_names"] + document["surname"] + document["birthdate"]
|
181
182
|
|
@@ -320,7 +321,7 @@ module VChainClient
|
|
320
321
|
|
321
322
|
def add_batch_data_points(input_arr)
|
322
323
|
|
323
|
-
|
324
|
+
cryptoHelper = VChainClient::Crypto.new(@config)
|
324
325
|
|
325
326
|
time = Time.now.getutc
|
326
327
|
timestamp = time.to_i
|
@@ -382,11 +383,11 @@ module VChainClient
|
|
382
383
|
|
383
384
|
begin
|
384
385
|
|
385
|
-
point_signatures =
|
386
|
+
point_signatures = cryptoHelper.signDataPoint(point_type, hashed_document, doc_hash, credentials_hash, weight, timestamp)
|
386
387
|
|
387
388
|
rescue => e
|
388
389
|
if @log.error?
|
389
|
-
@log.error("[add_batch_data_points]
|
390
|
+
@log.error("[add_batch_data_points] Crypto.signDataPoint raised exception")
|
390
391
|
@log.error("#{e.class}, #{e.message}")
|
391
392
|
@log.error("-> point_type: "+ point_type)
|
392
393
|
@log.error("-> weight: "+ weight.to_s)
|
@@ -400,7 +401,7 @@ module VChainClient
|
|
400
401
|
|
401
402
|
if point_signatures == nil
|
402
403
|
if @log.error?
|
403
|
-
@log.error("[add_batch_data_points] failed to
|
404
|
+
@log.error("[add_batch_data_points] failed to Crypto.signDataPoint")
|
404
405
|
@log.error("-> point_type: "+ point_type)
|
405
406
|
@log.error("-> weight: "+ weight.to_s)
|
406
407
|
@log.error("-> timestamp: "+ timestamp.to_s)
|
@@ -429,18 +430,18 @@ module VChainClient
|
|
429
430
|
}
|
430
431
|
|
431
432
|
client_id = @config["client_id"]
|
432
|
-
api_url = @config["api"]["url"] + "v0.
|
433
|
+
api_url = @config["api"]["url"] + "v0.4/batchAddDataPoint/"
|
433
434
|
|
434
435
|
whole_signature = nil
|
435
436
|
|
436
437
|
begin
|
437
438
|
|
438
|
-
whole_signature =
|
439
|
+
whole_signature = cryptoHelper.signBatchRequest(batch, timestamp)
|
439
440
|
|
440
441
|
rescue => e
|
441
442
|
|
442
443
|
if @log.error?
|
443
|
-
@log.error("[add_batch_data_points]
|
444
|
+
@log.error("[add_batch_data_points] Crypto.signRequest raised exception:")
|
444
445
|
@log.error("#{e.class}: #{e.message}")
|
445
446
|
end
|
446
447
|
|
@@ -458,12 +459,11 @@ module VChainClient
|
|
458
459
|
end
|
459
460
|
|
460
461
|
if @log.debug?
|
461
|
-
@log.debug("[add_batch_data_points]
|
462
|
+
@log.debug("[add_batch_data_points] Crypto.signRequest went well, whole_signature:")
|
462
463
|
@log.debug(whole_signature)
|
463
464
|
end
|
464
465
|
|
465
466
|
send_data = {}
|
466
|
-
send_data["client_id"] = client_id
|
467
467
|
send_data["signature"] = whole_signature
|
468
468
|
send_data["timestamp"] = timestamp.to_s
|
469
469
|
|
@@ -479,17 +479,32 @@ module VChainClient
|
|
479
479
|
|
480
480
|
send_data["data"].push(send_doc)
|
481
481
|
}
|
482
|
+
|
483
|
+
cyphered_data = cryptoHelper.encodeCypher(send_data.to_json)
|
484
|
+
|
485
|
+
encoded_key = cryptoHelper.encodeRSA(cyphered_data["key"])
|
486
|
+
|
487
|
+
encoded_iv = cryptoHelper.encodeRSA(cyphered_data["iv"])
|
488
|
+
|
489
|
+
doc_to_send = {
|
490
|
+
"key" => Base64.encode64(encoded_key),
|
491
|
+
"iv" => Base64.encode64(encoded_iv),
|
492
|
+
"payload" => Base64.encode64(cyphered_data["payload"]),
|
493
|
+
"client_id" => client_id
|
494
|
+
}
|
482
495
|
|
483
496
|
if @log.debug?
|
484
|
-
@log.debug("[add_batch_data_points]
|
485
|
-
@log.debug(send_data)
|
497
|
+
@log.debug("[add_batch_data_points] raw sent data:")
|
498
|
+
@log.debug(send_data.to_json)
|
499
|
+
@log.debug("[add_batch_data_points] sent data:")
|
500
|
+
@log.debug(doc_to_send)
|
486
501
|
end
|
487
502
|
|
488
503
|
begin
|
489
504
|
|
490
505
|
res = RestClient::Resource.new api_url, :timeout => nil, :open_timeout => nil
|
491
506
|
|
492
|
-
req = res.post
|
507
|
+
req = res.post doc_to_send.to_json, :content_type => 'application/json'
|
493
508
|
|
494
509
|
if req.code != 200
|
495
510
|
|
@@ -498,8 +513,10 @@ module VChainClient
|
|
498
513
|
@log.error("-> client_id: #{client_id}")
|
499
514
|
@log.error("-> api_url: #{api_url}")
|
500
515
|
@log.error("-> timestamp: "+ timestamp.to_s)
|
501
|
-
@log.error("->
|
516
|
+
@log.error("-> raw sent data:")
|
502
517
|
@log.error(send_data)
|
518
|
+
@log.error("-> sent data:")
|
519
|
+
@log.error(doc_to_send)
|
503
520
|
end
|
504
521
|
|
505
522
|
return false
|
@@ -519,8 +536,10 @@ module VChainClient
|
|
519
536
|
@log.error("-> client_id: #{client_id}")
|
520
537
|
@log.error("-> api_url: #{api_url}")
|
521
538
|
@log.error("-> timestamp: "+ timestamp.to_s)
|
522
|
-
@log.error("->
|
539
|
+
@log.error("-> raw sent data:")
|
523
540
|
@log.error(send_data)
|
541
|
+
@log.error("-> sent data:")
|
542
|
+
@log.error(doc_to_send)
|
524
543
|
end
|
525
544
|
|
526
545
|
raise e
|
@@ -533,7 +552,7 @@ module VChainClient
|
|
533
552
|
def add_data_point(point_type, input, weight = 1)
|
534
553
|
|
535
554
|
client_id = @config["client_id"]
|
536
|
-
api_url = @config["api"]["url"] + "v0.
|
555
|
+
api_url = @config["api"]["url"] + "v0.4/addDataPoint/"
|
537
556
|
|
538
557
|
time = Time.now.getutc
|
539
558
|
timestamp = time.to_i
|
@@ -603,17 +622,17 @@ module VChainClient
|
|
603
622
|
@log.debug(document)
|
604
623
|
end
|
605
624
|
|
606
|
-
|
625
|
+
cryptoHelper = VChainClient::Crypto.new(@config)
|
607
626
|
|
608
627
|
point_signatures = nil
|
609
628
|
|
610
629
|
begin
|
611
630
|
|
612
|
-
point_signatures =
|
631
|
+
point_signatures = cryptoHelper.signDataPoint(point_type, document, doc_hash, credentials_hash, weight, timestamp)
|
613
632
|
|
614
633
|
rescue => e
|
615
634
|
if @log.error?
|
616
|
-
@log.error("[verify]
|
635
|
+
@log.error("[verify] Crypto.signDataPoint raised exception")
|
617
636
|
@log.error("#{e.class}, #{e.message}")
|
618
637
|
@log.error("-> point_type: "+ point_type)
|
619
638
|
@log.error("-> weight: "+ weight.to_s)
|
@@ -629,7 +648,7 @@ module VChainClient
|
|
629
648
|
|
630
649
|
if point_signatures == nil
|
631
650
|
if @log.error?
|
632
|
-
@log.error("[verify] failed to
|
651
|
+
@log.error("[verify] failed to Crypto.signDataPoint")
|
633
652
|
@log.error("-> point_type: "+ point_type)
|
634
653
|
@log.error("-> weight: "+ weight.to_s)
|
635
654
|
@log.error("-> timestamp: "+ timestamp.to_s)
|
@@ -658,12 +677,12 @@ module VChainClient
|
|
658
677
|
|
659
678
|
begin
|
660
679
|
|
661
|
-
whole_signature =
|
680
|
+
whole_signature = cryptoHelper.signRequest(document, point_type, weight, timestamp)
|
662
681
|
|
663
682
|
rescue => e
|
664
683
|
|
665
684
|
if @log.error?
|
666
|
-
@log.error("[verify]
|
685
|
+
@log.error("[verify] Crypto.signRequest raised exception:")
|
667
686
|
@log.error("#{e.class}: #{e.message}")
|
668
687
|
@log.error("-> point_type: #{point_type}")
|
669
688
|
@log.error("-> weight: "+ weight.to_s)
|
@@ -695,14 +714,13 @@ module VChainClient
|
|
695
714
|
end
|
696
715
|
|
697
716
|
if @log.debug?
|
698
|
-
@log.debug("[verify]
|
717
|
+
@log.debug("[verify] Crypto.signRequest went well, whole_signature:")
|
699
718
|
@log.debug(whole_signature)
|
700
719
|
end
|
701
720
|
|
702
721
|
end
|
703
722
|
|
704
723
|
send_data = {}
|
705
|
-
send_data["client_id"] = client_id
|
706
724
|
send_data["data"] = document
|
707
725
|
send_data["weight"] = weight.to_s
|
708
726
|
send_data["timestamp"] = timestamp.to_s
|
@@ -710,14 +728,27 @@ module VChainClient
|
|
710
728
|
send_data["point_signatures"] = point_signatures
|
711
729
|
send_data["signature"] = whole_signature
|
712
730
|
|
731
|
+
cyphered_data = cryptoHelper.encodeCypher(send_data.to_json)
|
732
|
+
|
733
|
+
encoded_key = cryptoHelper.encodeRSA(cyphered_data["key"])
|
734
|
+
|
735
|
+
encoded_iv = cryptoHelper.encodeRSA(cyphered_data["iv"])
|
736
|
+
|
737
|
+
doc_to_send = {
|
738
|
+
"key" => Base64.encode64(encoded_key),
|
739
|
+
"iv" => Base64.encode64(encoded_iv),
|
740
|
+
"payload" => Base64.encode64(cyphered_data["payload"]),
|
741
|
+
"client_id" => client_id
|
742
|
+
}
|
743
|
+
|
713
744
|
if @log.debug?
|
714
745
|
@log.debug("[verify] send_data:")
|
715
|
-
@log.debug(
|
746
|
+
@log.debug(doc_to_send)
|
716
747
|
end
|
717
748
|
|
718
749
|
begin
|
719
750
|
req = RestClient.post(api_url,
|
720
|
-
|
751
|
+
doc_to_send.to_json,
|
721
752
|
{'Content-Type' => 'application/json'})
|
722
753
|
|
723
754
|
if req.code != 200
|
@@ -729,8 +760,10 @@ module VChainClient
|
|
729
760
|
@log.error("-> point_type: #{point_type}")
|
730
761
|
@log.error("-> weight: "+ weight.to_s)
|
731
762
|
@log.error("-> timestamp: "+ timestamp.to_s)
|
732
|
-
@log.error("->
|
763
|
+
@log.error("-> raw sent data:")
|
733
764
|
@log.error(send_data)
|
765
|
+
@log.error("-> sent data:")
|
766
|
+
@log.error(doc_to_send)
|
734
767
|
end
|
735
768
|
|
736
769
|
return false
|
@@ -752,8 +785,10 @@ module VChainClient
|
|
752
785
|
@log.error("-> point_type: #{point_type}")
|
753
786
|
@log.error("-> weight: "+ weight.to_s)
|
754
787
|
@log.error("-> timestamp: "+ timestamp.to_s)
|
755
|
-
@log.error("->
|
788
|
+
@log.error("-> raw sent data:")
|
756
789
|
@log.error(send_data)
|
790
|
+
@log.error("-> sent data:")
|
791
|
+
@log.error(doc_to_send)
|
757
792
|
end
|
758
793
|
|
759
794
|
raise e
|
@@ -804,11 +839,11 @@ module VChainClient
|
|
804
839
|
|
805
840
|
def check(input, is_already_hashed = false, preffered_decision_algo = nil)
|
806
841
|
|
807
|
-
|
842
|
+
cryptoHelper = VChainClient::Crypto.new(@config)
|
808
843
|
|
809
844
|
client_id = @config["client_id"]
|
810
845
|
|
811
|
-
api_url = @config["api"]["url"] + "v0.
|
846
|
+
api_url = @config["api"]["url"] + "v0.4/check/";
|
812
847
|
|
813
848
|
document = input
|
814
849
|
|
@@ -840,53 +875,16 @@ module VChainClient
|
|
840
875
|
|
841
876
|
sent_document = document.clone
|
842
877
|
|
843
|
-
|
844
|
-
|
845
|
-
begin
|
846
|
-
|
847
|
-
vchain_public_key_body = blockstackClient.getPublicKeyRSA("vchain_core_01.id")
|
848
|
-
|
849
|
-
rescue => e
|
850
|
-
if @log.error?
|
851
|
-
@log.error("[check] failed to retrieve vchain public RSA key from Blockstack")
|
852
|
-
@log.error("#{e.class}, #{e.message}")
|
853
|
-
end
|
854
|
-
|
855
|
-
raise e
|
856
|
-
end
|
857
|
-
|
858
|
-
if vchain_public_key_body == nil
|
859
|
-
if @log.error?
|
860
|
-
@log.error("[check] failed to retrieve vchain public RSA key from Blockstack")
|
861
|
-
end
|
862
|
-
|
863
|
-
return false
|
864
|
-
end
|
865
|
-
|
866
|
-
vchain_public_key_str = "-----BEGIN PUBLIC KEY-----\n"
|
867
|
-
vchain_public_key_str += vchain_public_key_body
|
868
|
-
vchain_public_key_str += "\n-----END PUBLIC KEY-----"
|
869
|
-
|
870
|
-
vchain_public_key = OpenSSL::PKey::RSA.new(vchain_public_key_str)
|
871
|
-
|
872
|
-
cif = OpenSSL::Cipher.new('AES-256-CBC')
|
873
|
-
|
874
|
-
cif.encrypt
|
878
|
+
cyphered_data = cryptoHelper.encodeCypher(document.to_json)
|
875
879
|
|
876
|
-
|
877
|
-
cif.iv = iv = cif.random_iv
|
880
|
+
encoded_key = cryptoHelper.encodeRSA(cyphered_data["key"])
|
878
881
|
|
879
|
-
|
880
|
-
cif.final
|
881
|
-
|
882
|
-
encoded_key = vchain_public_key.public_encrypt(key, OpenSSL::PKey::RSA::PKCS1_OAEP_PADDING)
|
883
|
-
|
884
|
-
encoded_iv = vchain_public_key.public_encrypt(iv, OpenSSL::PKey::RSA::PKCS1_OAEP_PADDING)
|
882
|
+
encoded_iv = cryptoHelper.encodeRSA(cyphered_data["iv"])
|
885
883
|
|
886
884
|
doc_to_send = {
|
887
885
|
"key" => Base64.encode64(encoded_key),
|
888
886
|
"iv" => Base64.encode64(encoded_iv),
|
889
|
-
"payload" => Base64.encode64(
|
887
|
+
"payload" => Base64.encode64(cyphered_data["payload"]),
|
890
888
|
"client_id" => client_id
|
891
889
|
}
|
892
890
|
|
@@ -960,6 +958,22 @@ module VChainClient
|
|
960
958
|
|
961
959
|
# success result
|
962
960
|
|
961
|
+
res_key = cryptoHelper.decodeRSA(Base64.decode64(res["key"]))
|
962
|
+
|
963
|
+
res_iv = cryptoHelper.decodeRSA(Base64.decode64(res["iv"]))
|
964
|
+
|
965
|
+
res_docs = cryptoHelper.decodeCypher(Base64.decode64(res["docs"]), res_key, res_iv)
|
966
|
+
|
967
|
+
res_data_points = cryptoHelper.decodeCypher(Base64.decode64(res["data_points"]), res_key, res_iv)
|
968
|
+
|
969
|
+
res_names = cryptoHelper.decodeCypher(Base64.decode64(res["names"]), res_key, res_iv)
|
970
|
+
|
971
|
+
res = {
|
972
|
+
"docs" => JSON.parse(res_docs),
|
973
|
+
"data_points" => JSON.parse(res_data_points),
|
974
|
+
"names" => JSON.parse(res_names)
|
975
|
+
}
|
976
|
+
|
963
977
|
validated_data_points = self.validate_data_points(res["data_points"], res["docs"])
|
964
978
|
|
965
979
|
if validated_data_points.length == 0
|
@@ -1013,7 +1027,7 @@ module VChainClient
|
|
1013
1027
|
|
1014
1028
|
blockstackClient = VChainClient::BlockstackClient.new(@config)
|
1015
1029
|
|
1016
|
-
|
1030
|
+
cryptoHelper = VChainClient::Crypto.new(@config)
|
1017
1031
|
|
1018
1032
|
documents_index = {}
|
1019
1033
|
|
@@ -1298,7 +1312,7 @@ module VChainClient
|
|
1298
1312
|
|
1299
1313
|
begin
|
1300
1314
|
|
1301
|
-
if !
|
1315
|
+
if !cryptoHelper.checkTreeSignature(computed_tree_root_hash, blockchain_txid, blockchain_block_hash, blockchain_timestamp, reciept["federative_server_id"], reciept["federative_server_version"], Base64.decode64(reciept["tree_signature"]), federative_server_pubkey)
|
1302
1316
|
if @log.error?
|
1303
1317
|
@log.error("[check] not a valid blockchain reciept - failed to verify tree signature")
|
1304
1318
|
@log.error(reciept)
|
@@ -1428,7 +1442,7 @@ module VChainClient
|
|
1428
1442
|
|
1429
1443
|
begin
|
1430
1444
|
|
1431
|
-
if !
|
1445
|
+
if !cryptoHelper.checkVerificationSignature(data_point["field_hash"], data_point["data_hash"], data_point["doc_hash"], data_point["credentials_hash"], data_point["type"], data_point["weight"], data_point["timestamp"], data_point["issuer_id"], verificator_pubkey, Base64.decode64(data_point["issuer_sig"]), data_point["version"])
|
1432
1446
|
if @log.error?
|
1433
1447
|
@log.error("[check] not a valid verification - failed to check verificator signature")
|
1434
1448
|
@log.error("--> field_hash: "+ data_point["field_hash"])
|
@@ -1448,7 +1462,7 @@ module VChainClient
|
|
1448
1462
|
|
1449
1463
|
rescue => e
|
1450
1464
|
if @log.error?
|
1451
|
-
@log.error("[check]
|
1465
|
+
@log.error("[check] Crypto.checkVerificationSignature raised exception:")
|
1452
1466
|
@log.error("#{e.class}, #{e.message}")
|
1453
1467
|
@log.error("--> field_hash: "+ data_point["field_hash"])
|
1454
1468
|
@log.error("--> data_hash: "+ data_point["data_hash"])
|
@@ -1498,7 +1512,7 @@ module VChainClient
|
|
1498
1512
|
|
1499
1513
|
begin
|
1500
1514
|
|
1501
|
-
if !
|
1515
|
+
if !cryptoHelper.checkVerificationSignature(data_point["field_hash"], data_point["data_hash"], data_point["doc_hash"], data_point["credentials_hash"], data_point["type"], data_point["weight"], data_point["timestamp"], data_point["validator_id"], validator_pubkey, Base64.decode64(data_point["validator_sig"]), data_point["version"])
|
1502
1516
|
if @log.error?
|
1503
1517
|
@log.error("[check] not a valid verification - failed to check validator signature")
|
1504
1518
|
@log.error("--> field_hash: "+ data_point["field_hash"])
|
@@ -1518,7 +1532,7 @@ module VChainClient
|
|
1518
1532
|
|
1519
1533
|
rescue => e
|
1520
1534
|
if @log.error?
|
1521
|
-
@log.error("[check]
|
1535
|
+
@log.error("[check] Crypto.checkVerificationSignature raised exception:")
|
1522
1536
|
@log.error("#{e.class}, #{e.message}")
|
1523
1537
|
@log.error("--> field_hash: "+ data_point["field_hash"])
|
1524
1538
|
@log.error("--> data_hash: "+ data_point["data_hash"])
|
@@ -1552,7 +1566,7 @@ module VChainClient
|
|
1552
1566
|
return output
|
1553
1567
|
end
|
1554
1568
|
|
1555
|
-
def self.generateBlockstackCommand(config, role,
|
1569
|
+
def self.generateBlockstackCommand(config, role = "verificator", validator_sig_v2 = nil, validator_sig_v3 = nil)
|
1556
1570
|
|
1557
1571
|
OpenSSL::PKey::EC.send(:alias_method, :private?, :private_key?)
|
1558
1572
|
|
@@ -1570,20 +1584,17 @@ module VChainClient
|
|
1570
1584
|
|
1571
1585
|
#A4 validator_vchain_id
|
1572
1586
|
validator_vchain_id = "da93b5f7-2295-4435-a67a-4fc226eca3ac"
|
1573
|
-
#validator_vchain_id = "35645858-630d-4873-9a2d-1ea7ec3b6d10"
|
1574
1587
|
|
1575
1588
|
#A5 validator_blockstack_id
|
1576
1589
|
validator_blockstack_id = "vchain_core_01.id"
|
1577
|
-
#validator_blockstack_id = "master"
|
1578
1590
|
|
1579
1591
|
#A6 vchain_role
|
1580
1592
|
vchain_role = role
|
1581
1593
|
|
1582
1594
|
#A7 sig_version
|
1583
|
-
sig_version = "
|
1595
|
+
sig_version = "3"
|
1596
|
+
|
1584
1597
|
|
1585
|
-
#A8 client_sig
|
1586
|
-
client_sig = nil
|
1587
1598
|
priv_key_path = config["ecc_private_key_location"]
|
1588
1599
|
priv_key = File.read(priv_key_path)
|
1589
1600
|
|
@@ -1594,16 +1605,24 @@ module VChainClient
|
|
1594
1605
|
rsa_pub_key.slice! "\n-----END PUBLIC KEY-----\n"
|
1595
1606
|
rsa_pub_key_aligned = rsa_pub_key.gsub(/\n/, "")
|
1596
1607
|
|
1597
|
-
|
1608
|
+
whole_sign_v2 = vchain_client_id + vchain_role + blockstack_id + ecc_pub_key + rsa_pub_key + "2"
|
1609
|
+
|
1610
|
+
whole_sign_v3 = vchain_client_id + vchain_role + blockstack_id + ecc_pub_key_aligned + rsa_pub_key_aligned + sig_version
|
1598
1611
|
|
1599
1612
|
ec = OpenSSL::PKey::EC.new(priv_key)
|
1600
1613
|
digest = OpenSSL::Digest::SHA256.new
|
1601
1614
|
|
1602
|
-
|
1615
|
+
whole_signature_v2 = ec.sign(digest, whole_sign_v2)
|
1616
|
+
|
1617
|
+
whole_signature_v3 = ec.sign(digest, whole_sign_v3)
|
1603
1618
|
|
1604
|
-
client_sig
|
1619
|
+
#A8 client_sig v2
|
1620
|
+
client_sig_v2 = Base64.encode64(whole_signature_v2).gsub(/\n/, "")
|
1621
|
+
|
1622
|
+
#A10 client_sig v3
|
1623
|
+
client_sig_v3 = Base64.encode64(whole_signature_v3).gsub(/\n/, "")
|
1605
1624
|
|
1606
|
-
if
|
1625
|
+
if validator_sig_v2 == nil || validator_sig_v3 == nil
|
1607
1626
|
|
1608
1627
|
puts "blockstack_id = " + blockstack_id
|
1609
1628
|
puts "vchain_client_id = " + vchain_client_id
|
@@ -1611,20 +1630,23 @@ module VChainClient
|
|
1611
1630
|
puts "rsa_pub_key = "+ rsa_pub_key_aligned
|
1612
1631
|
puts "validator_vchain_id = "+ validator_vchain_id
|
1613
1632
|
puts "vchain_role = " + vchain_role
|
1614
|
-
puts "
|
1633
|
+
puts "client_sig_v2 = " + client_sig_v2
|
1634
|
+
puts "client_sig_v3 = " + client_sig_v3
|
1615
1635
|
|
1616
1636
|
else
|
1617
1637
|
puts "BLOCKSTACK_DEBUG=1 blockstack update "+ blockstack_id +" '$ORIGIN "+ blockstack_id +"
|
1618
1638
|
$TTL 3600
|
1619
1639
|
A1 TXT \""+ ecc_pub_key_aligned +"\"
|
1620
1640
|
A2 TXT \""+ vchain_client_id +"\"
|
1621
|
-
A3 TXT \""+
|
1641
|
+
A3 TXT \""+ validator_sig_v2 +"\"
|
1622
1642
|
A4 TXT \""+ validator_vchain_id +"\"
|
1623
1643
|
A5 TXT \""+ validator_blockstack_id +"\"
|
1624
1644
|
A6 TXT \""+ vchain_role +"\"
|
1625
1645
|
A7 TXT \""+ sig_version +"\"
|
1626
|
-
A8 TXT \""+
|
1646
|
+
A8 TXT \""+ client_sig_v2 +"\"
|
1627
1647
|
A9 TXT \""+ rsa_pub_key_aligned +"\"
|
1648
|
+
A10 TXT \""+ client_sig_v3 +"\"
|
1649
|
+
A11 TXT \""+ validator_sig_v3 +"\"
|
1628
1650
|
_tcp._http URI 10 1 \"http://example.com\"
|
1629
1651
|
'"
|
1630
1652
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: vchain_client
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.0.
|
4
|
+
version: 1.0.35
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Aleksandr Gorelik
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2017-
|
11
|
+
date: 2017-04-10 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: log4r
|
@@ -84,9 +84,9 @@ files:
|
|
84
84
|
- lib/vchain_client/blockchain_connection.rb
|
85
85
|
- lib/vchain_client/blockcypher_blockchain_adapter.rb
|
86
86
|
- lib/vchain_client/blockstack_client.rb
|
87
|
+
- lib/vchain_client/crypto.rb
|
87
88
|
- lib/vchain_client/decision_algos/decision_algorithm.rb
|
88
89
|
- lib/vchain_client/decision_algos/vector_based_decision_algorithm.rb
|
89
|
-
- lib/vchain_client/signatures.rb
|
90
90
|
homepage: http://rubygems.org/gems/vchain_client
|
91
91
|
licenses:
|
92
92
|
- MIT
|
@@ -107,7 +107,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
107
107
|
version: '0'
|
108
108
|
requirements: []
|
109
109
|
rubyforge_project:
|
110
|
-
rubygems_version: 2.6.
|
110
|
+
rubygems_version: 2.6.11
|
111
111
|
signing_key:
|
112
112
|
specification_version: 4
|
113
113
|
summary: VChain Platform client written on Ruby
|