zolfa
/
pyjod
1
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
Implementazione open-source del protocollo di Strong Customer Authentication di Poste Italiane, (https://posteid.poste.it), lato client.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1 Commit
1 Branch
657 KiB
Tree: 1d9ede9881
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '1d9ede9881'
${ noResults }
pyjod/pyjod/xkey.py

126 lines
5.8 KiB
Raw Normal View History

Initial commit.
2 years ago
 
  1. import logging
  2. from urllib.parse import urljoin
  3. from uuid import uuid4
  4. 

  5. import requests
  6. 

  7. from .appdata import AppData
  8. from .jwe_handler import JWEHandler
  9. from .utils import sha256_base64, RequestFailure
  10. 

  11. logger = logging.getLogger(__name__)
  12. 

  13. 

  14. class XKey:
  15.     REGISTRY_URL = ("https://appregistry-posteid.mobile.poste.it"
  16.                     "/jod-app-registry/")
  17.     APP_NAME = "app-posteid-v3"
  18.     ACTIVITY_ID = "C6050AC80E8B5288A01237"
  19.     DEVICE_SPECS = ("Android", "11",
  20.                     "sdk_gphone_x86_64_arm64", "4.5.204",
  21.                     "true")
  22. 

  23.     def __init__(self, profile_name):
  24.         self.appdata = AppData(profile_name)
  25.         self.s = requests.Session()
  26.         self.s.headers = {'Accept-Encoding': "gzip",
  27.                           'User-Agent': "okhttp/3.12.1",
  28.                           'Connection': "keep-alive"}
  29.         self.jwe_handler = JWEHandler(self.appdata)
  30. 

  31.     def _send_req(self, request):
  32.         prepped = self.s.prepare_request(request)
  33.         return self.s.send(prepped)
  34. 

  35.     def _register_stage_init(self, register_nonce):
  36.         url = urljoin(self.REGISTRY_URL, "v2/registerInit")
  37.         headers = {'Content-Type': "application/json; charset=UTF-8"}
  38.         data = {}
  39.         data['appName'] = "app-posteid-v3"
  40.         data['initCodeChallenge'] = sha256_base64(register_nonce)
  41.         logger.debug(f"Registration(INIT): sending challenge: {data}")
  42.         ans = self.s.post(url, headers=headers, json=data)
  43.         if ans.status_code != 200:
  44.             raise RequestFailure(f"Wrong status code: {ans.status_code}", ans)
  45.         if not ans.headers.get('Content-Type').startswith("application/json"):
  46.             raise RequestFailure("Response not JSON.", ans)
  47.         ans_json = ans.json()
  48.         if 'pubServerKey' not in ans_json:
  49.             raise RequetFailure("Response does not contain 'pubServerKey'",
  50.                                 ans)
  51.         pubkey = ans_json['pubServerKey']
  52.         self.appdata.serv_pubkey = pubkey
  53.         logger.debug(f"Registration(INIT): got server pubkey: {pubkey}.")
  54. 

  55.     def _register_stage_register(self, register_nonce):
  56.         url = urljoin(self.REGISTRY_URL, "v2/register")
  57.         data = {}
  58.         data['initCodeVerifier'] = register_nonce
  59.         data['xdevice'] = self.ACTIVITY_ID + "::" + ":".join(self.DEVICE_SPECS)
  60.         data['pubAppKey'] = self.appdata.app_privkey.pubkey_b64
  61.         logger.debug("Registration(REG): encrypting app data.")
  62.         jwe_req = self.jwe_handler.req_jwe_post(url, "register", data)
  63.         logger.debug("Registration(REG): sending app data.")
  64.         ans = self._send_req(jwe_req)
  65.         if ans.status_code != 200:
  66.             raise RequestFailure(f"Wrong status code: {ans.status_code}", ans)
  67.         logger.debug("Registration(REG): decrypting response.")
  68.         ans_json = self.jwe_handler.decrypt(ans.content)
  69.         logger.debug(f"Registration(REG): decrypted response: {ans_json}")
  70.         if 'data' not in ans_json:
  71.             raise RequestFailure("Malformed request, missing 'data'.", ans)
  72.         if 'app-uuid' not in ans_json['data']:
  73.             raise RequestFailure("Malformed request, missing 'app-uuid'.", ans)
  74.         if 'otpSecretKey' not in ans_json['data']:
  75.             raise RequestFailure("Malformed request, missing 'otpSecretKey'.",
  76.                                  ans)
  77.         self.appdata['xkey_appuuid'] = ans_json['data']['app-uuid']
  78.         self.appdata['xkey_seed'] = ans_json['data']['otpSecretKey']
  79. 

  80.     def _register_stage_activate(self):
  81.         url = urljoin(self.REGISTRY_URL, "v2/activation")
  82.         logger.debug("Registration(ACTIVATE): encrypting request.")
  83.         jwe_req = self.jwe_handler.req_jwe_post(url, "activation", {},
  84.                                                 auth=True)
  85.         logger.debug("Registration(ACTIVATE): sending request.")
  86.         ans = self._send_req(jwe_req)
  87.         if ans.status_code != 200:
  88.             raise RequestFailure(f"Wrong status code: {ans.status_code}", ans)
  89.         self.appdata['activated'] = True
  90.         logger.debug("Registration(ACTIVATE): activated.")
  91. 

  92.     def _register_stage_update(self, register_nonce):
  93.         url = urljoin(self.REGISTRY_URL, "v2/register")
  94.         data = {}
  95.         data['initCodeVerifier'] = register_nonce
  96.         data['xdevice'] = self.ACTIVITY_ID + "::" + ":".join(self.DEVICE_SPECS)
  97.         data['pubAppKey'] = self.appdata.app_privkey.pubkey_b64
  98.         logger.debug("Registration(UPDATE): encrypting app data.")
  99.         jwe_req = self.jwe_handler.req_jwe_post(url, "registerUpdate", data,
  100.                                                 auth=True)
  101.         logger.debug("Registration(UPDATE): sending app data.")
  102.         ans = self._send_req(jwe_req)
  103.         if ans.status_code != 200:
  104.             raise RequestFailure(f"Wrong status code: {ans.status_code}", ans)
  105.         logger.debug("Registration(UPDATE): decrypting response.")
  106.         ans_json = self.jwe_handler.decrypt(ans.content)
  107.         logger.debug(f"Registration(UPDATE): decrypted response: {ans_json}")
  108.         if 'data' not in ans_json:
  109.             raise RequestFailure("Malformed request, missing 'data'.", ans)
  110.         if 'app-uuid' not in ans_json['data']:
  111.             raise RequestFailure("Malformed request, missing 'app-uuid'.", ans)
  112.         if 'otpSecretKey' not in ans_json['data']:
  113.             raise RequestFailure("Malformed request, missing 'otpSecretKey'.",
  114.                                  ans)
  115.         self.appdata['xkey_appuuid'] = ans_json['data']['app-uuid']
  116.         self.appdata['xkey_seed'] = ans_json['data']['otpSecretKey']
  117. 

  118.     def register_xkey(self):
  119.         register_nonce = str(uuid4())
  120.         logger.debug(f"Starting registration (nonce: {register_nonce}).")
  121.         self._register_stage_init(register_nonce)
  122.         if self.appdata['xkey_seed']:
  123.             self._register_stage_update(register_nonce)
  124.         else:
  125.             self._register_stage_register(register_nonce)
  126.         self._register_stage_activate()