zolfa
/
pyjod
1
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
Implementazione open-source del protocollo di Strong Customer Authentication di Poste Italiane, (https://posteid.poste.it), lato client.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
3 Commits
1 Branch
657 KiB
Branch: main
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'main'
${ noResults }
pyjod/pyjod/jwe_handler.py

69 lines
2.3 KiB
Raw Permalink Normal View History

Initial commit.
2 years ago
 
  1. import json
  2. from random import randint
  3. from time import time
  4. from uuid import uuid4
  5. 

  6. from jwcrypto.jwe import JWE
  7. from pyotp import HOTP
  8. from requests import Request
  9. 

  10. from .utils import sha256_base64, hmac_sha256
  11. 

  12. 

  13. class JWEHandler:
  14.     def __init__(self, appdata):
  15.         self.appdata = appdata
  16. 

  17.     def new_otp_specs(self):
  18.         generator = HOTP(self.appdata['xkey_seed'], 8, "SHA1")
  19.         counter = randint(0, 99999999)
  20.         otp_specs = {}
  21.         otp_specs['movingFactor'] = counter
  22.         otp_specs['otp'] = generator.generate_otp(counter)
  23.         otp_specs['type'] = "HMAC-SHA1"
  24.         return otp_specs
  25. 

  26.     def encrypt(self, sub, data, auth=False):
  27.         now = int(time())
  28.         claims = {'data': data}
  29.         claims['sub'] = sub
  30.         claims['jti'] = str(uuid4())
  31.         claims['iat'] = now
  32.         claims['nbf'] = now
  33.         claims['exp'] = now + 60
  34.         claims['iss'] = "app-posteid-v3"
  35.         headers = {}
  36.         headers['cty'] = "JWE"
  37.         headers['typ'] = "JWT"
  38.         headers['alg'] = "RSA-OAEP-256"
  39.         headers['enc'] = "A256CBC-HS512"
  40.         if auth:
  41.             app_uuid = self.appdata['xkey_appuuid']
  42.             headers['kid'] = app_uuid
  43.             claims['kid-sha256'] = sha256_base64(app_uuid)
  44.             claims['otp-specs'] = self.new_otp_specs()
  45.         jwe_token = JWE(json.dumps(claims),
  46.                         protected=headers,
  47.                         recipient=self.appdata.serv_pubkey.jwk)
  48.         return jwe_token.serialize(compact=True)
  49. 

  50.     def req_jwe_post(self, url, sub, data, auth=False):
  51.         jwe_token = self.encrypt(sub, data, auth)
  52.         headers = {'Content-Type': "application/json; charset=UTF-8"}
  53.         req = Request('POST', url, headers, data=jwe_token)
  54.         return req
  55. 

  56.     def req_jwe_bearer(self, url, sub, data, auth=False):
  57.         jwe_token = self.encrypt(sub, data, auth)
  58.         headers = {'Content-Type': "",
  59.                    'Authorization': "Bearer " + jwe_token}
  60.         req = Request('GET', url, headers)
  61.         return req
  62. 

  63.     def decrypt(self, serialized_jwe_token):
  64.         if isinstance(serialized_jwe_token, bytes):
  65.             serialized_jwe_token = serialized_jwe_token.decode('utf-8')
  66.         jwe_token = JWE()
  67.         jwe_token.deserialize(serialized_jwe_token)
  68.         jwe_token.decrypt(self.appdata.app_privkey.jwk)
  69.         return json.loads(jwe_token.payload)