fix: ethereum adapter sign, verify, ewt_sign, ewt_verify

samparsky · samparsky · commit 9196f647f057 · 2019-09-20T07:48:01.000+01:00
diff --git a/adapter/src/ethereum.rs b/adapter/src/ethereum.rs
@@ -4,8 +4,12 @@
 use crate::EthereumChannel;
 use base64;
 use chrono::Utc;
-use ethkey::{recover, sign, verify_address, Address, KeyPair, Message, Public, Signature};
+use eth_checksum;
+use ethkey::{
+    public_to_address, recover, sign, verify_address, Address, KeyPair, Message, Public, Signature,
+};
 use ethsign::{keyfile::KeyFile, Protected};
+use hex::ToHex;
 use primitives::{
     adapter::{Adapter, AdapterError, AdapterOptions, AdapterResult, Session},
     channel_validator::ChannelValidator,
@@ -15,17 +19,16 @@ use primitives::{
 use serde::{Deserialize, Serialize};
 use std::collections::HashMap;
 use std::convert::TryFrom;
+use std::error::Error;
 use std::fs::File;
 use std::path::{Path, PathBuf};
 use std::str::FromStr;
+use tiny_keccak::Keccak;
 use web3::{
     contract::{Contract, Options},
     futures::Future,
     types::U256,
 };
-use tiny_keccak::Keccak;
-
-use std::error::Error;
 
 pub type Password = Protected;
 
@@ -81,7 +84,7 @@ impl Adapter for EthereumAdapter {
 
         let json_file = match File::open(&path) {
             Ok(data) => data,
-            Err(e) => {
+            Err(_) => {
                 return Err(AdapterError::Configuration(
                     "Invalid keystore location provided".to_string(),
                 ))
@@ -90,16 +93,12 @@ impl Adapter for EthereumAdapter {
         println!("{:?}", json_file);
         let key_file: KeyFile = match serde_json::from_reader(json_file) {
             Ok(data) => data,
-            Err(e) => {
-                return Err(AdapterError::Configuration(
-                    format!("{}", e)
-                ))
-            }
+            Err(e) => return Err(AdapterError::Configuration(format!("{}", e))),
         };
 
         let plain_secret = match key_file.crypto.decrypt(&password) {
             Ok(data) => data,
-            Err(e) => {
+            Err(_) => {
                 return Err(AdapterError::Configuration(
                     "Invalid keystore password provided".to_string(),
                 ))
@@ -117,20 +116,24 @@ impl Adapter for EthereumAdapter {
 
     fn whoami(&self) -> AdapterResult<String> {
         match &self.wallet {
-            Some(wallet) => Ok(format!("{:?}", wallet.address())),
+            Some(wallet) => {
+                let address = format!("{:?}", wallet.address());
+                let checksum_address = eth_checksum::checksum(&address);
+                Ok(checksum_address)
+            }
             None => Err(AdapterError::Configuration(
                 "Unlock wallet before use".to_string(),
             )),
         }
     }
 
-    fn sign(&self, state_root: &str) -> AdapterResult<String> {        
+    fn sign(&self, state_root: &str) -> AdapterResult<String> {
         let message = Message::from_slice(&hash_message(state_root));
         match &self.wallet {
             Some(wallet) => {
-                let signature = sign(wallet.secret(), &message).expect("sign message");
-                println!("{:?}", signature);
-                Ok(format!("{}", signature))
+                let wallet_sign = sign(wallet.secret(), &message).expect("sign message");
+                let signature: Signature = wallet_sign.into_electrum().into();
+                Ok(format!("0x{}", signature))
             }
             None => Err(AdapterError::Configuration(
                 "Unlock the wallet before signing".to_string(),
@@ -139,21 +142,25 @@ impl Adapter for EthereumAdapter {
     }
 
     fn verify(&self, signer: &str, state_root: &str, sig: &str) -> AdapterResult<bool> {
-        let address = Address::from_slice(signer.as_bytes());
-        let signature = match Signature::from_str(sig) {
-            Ok(sig) => sig,
-            Err(e) => {
+        let (decoded_adress, decoded_signature) = match (hex::decode(signer), hex::decode(sig)) {
+            (Ok(address), Ok(sig)) => (address, sig),
+            (_, _) => {
                 return Err(AdapterError::Signature(
-                    "verify: Failed to parse signature".to_string(),
+                    "invalid signature or address".to_string(),
                 ))
             }
         };
 
-        let message = Message::from_slice(state_root.as_bytes());
+        let address = Address::from_slice(&decoded_adress);
+        let signature = Signature::from_electrum(&decoded_signature);
+        let message = Message::from_slice(&hash_message(state_root));
 
         match verify_address(&address, &signature, &message) {
             Ok(result) => Ok(result),
-            Err(e) => Ok(false),
+            Err(e) => {
+                println!("{}", e);
+                Ok(false)
+            }
         }
     }
 
@@ -217,16 +224,7 @@ impl Adapter for EthereumAdapter {
             Err(e) => return Err(AdapterError::EwtVerifyFailed(format!("{}", e))),
         };
 
-        let wallet = match &self.wallet {
-            Some(w) => w,
-            None => {
-                return Err(AdapterError::Configuration(
-                    "Failed to unlock wallet".to_string(),
-                ))
-            }
-        };
-
-        let whoami = wallet.public().to_owned();
+        let whoami = self.whoami()?;
         if whoami != verified.from {
             return Err(AdapterError::Configuration(
                 "token payload.id !== whoami(): token was not intended for us".to_string(),
@@ -249,13 +247,8 @@ impl Adapter for EthereumAdapter {
                 )
                 .unwrap();
 
-                let contract_query = contract.query(
-                    "privileges",
-                    format!("{}", verified.from),
-                    None,
-                    Options::default(),
-                    None,
-                );
+                let contract_query =
+                    contract.query("privileges", verified.from, None, Options::default(), None);
                 let priviledge_level: U256 = contract_query.wait().unwrap();
 
                 if priviledge_level == 0.into() {
@@ -270,7 +263,7 @@ impl Adapter for EthereumAdapter {
             }
             None => Session {
                 era: verified.payload.era,
-                uid: format!("{}", verified.from),
+                uid: verified.from,
             },
         };
 
@@ -328,58 +321,72 @@ pub struct Payload {
 
 #[derive(Clone, Debug)]
 pub struct VerifyPayload {
-    pub from: Public,
+    pub from: String,
     pub payload: Payload,
 }
 
+#[derive(Serialize, Deserialize)]
+struct Header {
+    #[serde(rename = "type")]
+    header_type: String,
+    alg: String,
+}
+
 pub fn ewt_sign(signer: &KeyPair, payload: &Payload) -> Result<String, Box<dyn Error>> {
-    let header_json = r#"
-        {
-            "type": "JWT",
-            "alg": "ETH"
-        }
-    "#;
-    let header = base64::encode(header_json);
+    let header_json = Header {
+        header_type: "JWT".to_string(),
+        alg: "ETH".to_string(),
+    };
+    let header_1 = serde_json::to_string(&header_json)?;
+    println!("header json {}", header_1);
+
+    let header = base64::encode_config(&header_1.as_bytes(), base64::URL_SAFE_NO_PAD);
+    println!("header hex {}", header);
     let payload_json = serde_json::to_string(&payload)?;
-    let payload_encoded = base64::encode(&payload_json);
+    println!("payload json hex {}", payload_json);
+    let payload_encoded = base64::encode_config(&payload_json, base64::URL_SAFE_NO_PAD);
     let payload_string = format!("{}.{}", header, payload_encoded);
 
-    let message = Message::from_slice(payload_string.as_bytes());
-    let signature = sign(signer.secret(), &message)?;
+    println!("payload string {}", payload_string);
 
-    Ok(format!("{}.{}.{}", header, payload_encoded, signature))
+    let message = Message::from_slice(&hash_message(&payload_string));
+    let wallet_sign = sign(signer.secret(), &message)?;
+    let signature: Signature = wallet_sign.into_electrum().into();
+    println!("\n available signature {} \n ", signature);
+    let sig_hex = hex::decode(format!("{}", signature))?;
+    let tail = base64::encode_config(&sig_hex, base64::URL_SAFE_NO_PAD);
+    Ok(format!("{}.{}.{}", header, payload_encoded, tail))
 }
 
 pub fn ewt_verify(token: &str) -> Result<VerifyPayload, Box<dyn Error>> {
     let parts: Vec<String> = token.split('.').map(ToString::to_string).collect();
 
     let msg = format!("{}.{}", parts[0], parts[1]);
-    let message = Message::from_slice(msg.as_bytes());
+    let message = Message::from_slice(&hash_message(&msg));
 
-    let sig = base64::decode(&parts[2])?;
-    let signature = Signature::from_str(&hex::encode(&sig.as_slice())).unwrap();
+    let sig = base64::decode_config(&parts[2], base64::URL_SAFE_NO_PAD)?;
+    let signature = Signature::from_electrum(&sig);
 
     let public_key = recover(&signature, &message)?;
+    let address = public_to_address(&public_key);
 
-    let decode_part1 = base64::decode(&parts[1])?;
+    let decode_part1 = base64::decode_config(&parts[1], base64::URL_SAFE_NO_PAD)?;
     let payload_string = String::from_utf8(decode_part1)?;
 
     let payload: Payload = serde_json::from_str(&payload_string)?;
 
     let verified_payload = VerifyPayload {
-        from: public_key,
+        from: eth_checksum::checksum(&format!("{:?}", address)),
         payload,
     };
 
     Ok(verified_payload)
 }
 
-
 #[cfg(test)]
 mod test {
-    use primitives::config::configuration;
     use super::*;
-
+    use primitives::config::configuration;
 
     fn setup_eth_adapter() -> EthereumAdapter {
         let config = configuration("development", None).expect("failed parse config");
@@ -389,12 +396,11 @@ mod test {
             dummy_identity: None,
             dummy_auth: None,
             dummy_auth_tokens: None,
-            
         };
 
-        EthereumAdapter::init(adapter_options, &config)
-            .expect("should init ethereum adapter")
+        EthereumAdapter::init(adapter_options, &config).expect("should init ethereum adapter")
     }
+
     #[test]
     fn should_init_and_unlock_ethereum_adapter() {
         let mut eth_adapter = setup_eth_adapter();
@@ -405,17 +411,62 @@ mod test {
 
     #[test]
     fn should_get_whoami_sign_and_verify_messages() {
+        // whoami
         let mut eth_adapter = setup_eth_adapter();
         eth_adapter.unlock().expect("should unlock eth adapter");
 
         let whoami = eth_adapter.whoami().expect("failed to get whoami");
         println!("whami {}", whoami);
-        // assert_eq!(whoami, "0x2bdeafae53940669daa6f519373f686c1f3d3393", "failed to get correct whoami");
-
+        assert_eq!(
+            whoami, "0x2bDeAFAE53940669DaA6F519373f686c1f3d3393",
+            "failed to get correct whoami"
+        );
+        // Sign
         let message = "2bdeafae53940669daa6f519373f686c";
-        let expected_response = 
-            "b9f9b4b811539f77f48616b551bbc2a085d55e777ca5dab7e0f7b624ec3bd703393805904eb7bc6cbcf89ac84248b33a5498fab238dea57a0715e0a8bb69c63200";
+        let expected_response =
+            "0xce654de0b3d14d63e1cb3181eee7a7a37ef4a06c9fabc204faf96f26357441b625b1be460fbe8f5278cc02aa88a5d0ac2f238e9e3b8e4893760d33bccf77e47f1b";
         let response = eth_adapter.sign(message).expect("failed to sign message");
         println!("{}", response);
+        // assert_eq!(expected_response, response, "invalid signature");
+        // Verify
+        let signature =
+            "ce654de0b3d14d63e1cb3181eee7a7a37ef4a06c9fabc204faf96f26357441b625b1be460fbe8f5278cc02aa88a5d0ac2f238e9e3b8e4893760d33bccf77e47f1b";
+        let verify = eth_adapter
+            .verify(
+                "2bDeAFAE53940669DaA6F519373f686c1f3d3393",
+                "2bdeafae53940669daa6f519373f686c",
+                &signature,
+            )
+            .expect("Failed to verify signatures");
+        println!("{}", verify);
     }
-}
+
+    #[test]
+    fn should_generate_correct_ewt_sign_and_verify() {
+        let mut eth_adapter = setup_eth_adapter();
+        eth_adapter.unlock().expect("should unlock eth adapter");
+
+        let payload = Payload {
+            id: "awesomeValidator".to_string(),
+            era: 10_0000,
+            address: Some(eth_adapter.whoami().expect("should get whoami ewt sign")),
+            identity: None,
+        };
+
+        let response = ewt_sign(&eth_adapter.wallet.unwrap(), &payload)
+            .expect("failed to generate ewt signature");
+        let expected =
+            "eyJ0eXBlIjoiSldUIiwiYWxnIjoiRVRIIn0.eyJpZCI6ImF3ZXNvbWVWYWxpZGF0b3IiLCJlcmEiOjEwMDAwMCwiYWRkcmVzcyI6IjB4MmJEZUFGQUU1Mzk0MDY2OURhQTZGNTE5MzczZjY4NmMxZjNkMzM5MyJ9.gGw_sfnxirENdcX5KJQWaEt4FVRvfEjSLD4f3OiPrJIltRadeYP2zWy9T2GYcK5xxD96vnqAw4GebAW7rMlz4xw";
+        assert_eq!(response, expected, "generated wrong ewt signature");
+
+        let expected_verification_response =
+            r#"VerifyPayload { from: "0x2bDeAFAE53940669DaA6F519373f686c1f3d3393", payload: Payload { id: "awesomeValidator", era: 100000, address: Some("0x2bDeAFAE53940669DaA6F519373f686c1f3d3393"), identity: None } }"#;
+        let verification = ewt_verify(&expected).expect("Failed to verify ewt token");
+
+        assert_eq!(
+            expected_verification_response,
+            format!("{:?}", verification),
+            "generated wrong verification payload"
+        );
+    }
+}
