From 521fe5e7d4643e2ac2675792d54ef3d866d8679d Mon Sep 17 00:00:00 2001
From: gruenwaldi <waldemar.gruenwald@ubirch.com>
Date: Wed, 15 Feb 2023 18:11:09 +0100
Subject: [PATCH] this is for testing UbirchWrapper.py

---
 examples/UbirchWrapper.py     | 29 ++++++-------
 ubirch/__init__.py            |  1 +
 ubirch/ubirch_backend_keys.py | 77 +++++++++++++++++++++++++++++++++++
 3 files changed, 93 insertions(+), 14 deletions(-)
 create mode 100644 ubirch/ubirch_backend_keys.py

diff --git a/examples/UbirchWrapper.py b/examples/UbirchWrapper.py
index 27086ea..b6199b3 100644
--- a/examples/UbirchWrapper.py
+++ b/examples/UbirchWrapper.py
@@ -6,7 +6,8 @@
 import ubirch
 from ubirch.ubirch_protocol import UNPACKED_UPP_FIELD_PREV_SIG, UBIRCH_PROTOCOL_TYPE_REG, UBIRCH_PROTOCOL_TYPE_BIN
 
-from ubirch_keys_and_uuids import UBIRCH_UUIDS, UBIRCH_PUBKEYS_EC, UBIRCH_PUBKEYS_ED
+# from ubirch_keys_and_uuids import UBIRCH_UUIDS, UBIRCH_PUBKEYS_EC, UBIRCH_PUBKEYS_ED
+# from ubirch.ubirch_backend_keys import *
 
 ECDSA_TYPE = "ecdsa"
 EDDSA_TYPE = "ed25519"
@@ -28,11 +29,11 @@ def __init__(self, key_store: ubirch.KeyStore, uuid: UUID, env: str, key_type: s
         # check if the device already has keys or generate a new pair
         if not self.__ks.exists_signing_key(uuid):
             # check the key type before creating new keys
-            if key_type == "ed25519":
+            if key_type == EDDSA_TYPE:
                 logger.info("generating new keypair with ed25519 algorithm")
 
                 self.__ks.create_ed25519_keypair(uuid)
-            elif key_type == "ecdsa":
+            elif key_type == ECDSA_TYPE:
                 logger.info("generating new keypair with ecdsa algorithm")
 
                 self.__ks.create_ecdsa_keypair(uuid)
@@ -52,22 +53,22 @@ def __init__(self, key_store: ubirch.KeyStore, uuid: UUID, env: str, key_type: s
                 raise ValueError(f"existing key for {uuid} is not from expected type {key_type}")
 
         # check env
-        if env not in UBIRCH_PUBKEYS_ED.keys():
-            raise ValueError("Invalid ubirch env! Must be one of {}".format(list(UBIRCH_PUBKEYS_ED.keys())))
+        if env not in ubirch.getBackendEnvironemts():
+            raise ValueError("Invalid ubirch env! Must be one of {}".format(list(ubirch.getBackendEnvironemts())))
 
         # check if the keystore has the same key_type for the device UUID and the backend response
-        if temp_key_type == "ecdsa":
-            if self.__ks._ks.entries.get(UBIRCH_UUIDS[env].hex, None) != None:
+        if key_type == ECDSA_TYPE:
+            if self.__ks._ks.entries.get(ubirch.getBackendUuid(env).hex, None) != None:
                 # suffix-less pubkey found, delete it
-                self.__ks._ks.entries.pop(UBIRCH_UUIDS[env].hex)
+                self.__ks._ks.entries.pop(ubirch.getBackendUuid(env).hex)
 
-            self.__ks.insert_ecdsa_verifying_key(UBIRCH_UUIDS[env], UBIRCH_PUBKEYS_EC[env])
-        elif temp_key_type == "ed25519":
-            if self.__ks._ks.entries.get(UBIRCH_UUIDS[env].hex + '_ecd', None) != None:
+            self.__ks.insert_ecdsa_verifying_key(ubirch.getBackendUuid(env), ubirch.getBackendKeys(env,ECDSA_TYPE))
+        elif key_type == EDDSA_TYPE:
+            if self.__ks._ks.entries.get(ubirch.getBackendUuid(env).hex + '_ecd', None) != None:
                 # suffix-less pubkey found, delete it
-                self.__ks._ks.entries.pop(UBIRCH_UUIDS[env].hex + '_ecd')
+                self.__ks._ks.entries.pop(ubirch.getBackendUuid(env).hex + '_ecd')
 
-            self.__ks.insert_ed25519_verifying_key(UBIRCH_UUIDS[env], UBIRCH_PUBKEYS_ED[env])
+            self.__ks.insert_ed25519_verifying_key(ubirch.getBackendUuid(env), ubirch.getBackendKeys(env,EDDSA_TYPE))
 
         # load last signature for device
         self.load(uuid)
@@ -224,7 +225,7 @@ def handleMessageResponse(self, response: Response):
 
     def verifyResponseSender(self, response: Response):
         """! Verify that the response came from the backend """
-        if self.protocol.verify_signature(UBIRCH_UUIDS[self.env], response.content) == True:
+        if self.protocol.verify_signature(ubirch.getBackendUuid(self.env), response.content) == True:
             logger.info("Backend response signature successfully verified!")
         else:
             logger.error("Backend response signature verification FAILED!")
diff --git a/ubirch/__init__.py b/ubirch/__init__.py
index 56aca79..f9ecabe 100644
--- a/ubirch/__init__.py
+++ b/ubirch/__init__.py
@@ -17,3 +17,4 @@
 from .ubirch_ks import KeyStore
 from .ubirch_protocol import Protocol
 from .ubirch_api import API
+from .ubirch_backend_keys import getBackendKeys, getBackendUuid, getBackendEnvironemts
diff --git a/ubirch/ubirch_backend_keys.py b/ubirch/ubirch_backend_keys.py
new file mode 100644
index 0000000..ccf0c8c
--- /dev/null
+++ b/ubirch/ubirch_backend_keys.py
@@ -0,0 +1,77 @@
+
+##
+# @file ubirch_backen_keys.py
+# ubirch backend keys getter functions
+#
+# @author Waldemar Gruenwald
+#
+# @copyright Copyright (c) 2023 ubirch GmbH.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import hashlib, binascii, ecdsa, ed25519
+from uuid import UUID
+
+ECDSA_TYPE = "ecdsa"
+EDDSA_TYPE = "ed25519"
+
+KEYS = {
+    "dev":{
+        "uuid":"9d3c78ff-22f3-4441-a5d1-85c636d486ff",
+        "vk":{
+            "ed25519":"39ff77632b034d0eba6d219c2ff192e9f24916c9a02672acb49fd05118aad251",
+            "ecdsa":"2e753c064bc671940fcb98165542fe3c70340cff5d53ad47f0304ef2166f4f223b9572251b5fe8aee54c4fb812da79590caf501beba0911b7fcd3add2eb0180c"    
+        }
+    },
+    "demo":{
+        "uuid":"07104235-1892-4020-9042-00003c94b60b",
+        "vk":{
+            "ed25519":"a2403b92bc9add365b3cd12ff120d020647f84ea6983f98bc4c87e0f4be8cd66",
+            "ecdsa":"c66fa222898146347741dbcb26b184d4e06cddb01ff04238f457e006b891937ea7e115185fed2c9ab60af2d66497a2e1aedf65ce38941ab5c68a3468544f948c"    
+        }
+    },
+    "prod":{
+        "uuid":"10b2e1a4-56b3-4fff-9ada-cc8c20f93016",
+        "vk":{
+            "ed25519":"ef8048ad06c0285af0177009381830c46cec025d01d86085e75a4f0041c2e690",
+            "ecdsa":"a49758a0937437741314c0558d955089ed61860ba64154f2da45fd23b9178d2ca8225e3410e6bd317db848100004157bc55d88162d4a58c9c2d5a2ce22f3908d"    
+        }
+    }
+}
+
+def getBackendEnvironemts() -> list:
+    """!
+    Getter to list the available backend environments.
+    @return available Environments
+    """
+    return KEYS.keys()
+
+def getBackendUuid(env: str = "demo") -> UUID:
+    """!
+    Getter function for environment (`env`) specific backend UUID
+    @param env Environment of the backend, can be `"dev"`, `"demo"`, or `"prod"`. Default is `"demo"`
+    @return the UUID of the backend
+    """
+    return UUID(hex=KEYS[env]["uuid"])
+
+def getBackendKeys(env: str = "demo", key_type: str = EDDSA_TYPE) -> ed25519.VerifyingKey or ecdsa.VerifyingKey:
+    """!
+    Getter function for environment (`env`) specific backend verification key
+    @param env Environment of the backend, can be `"dev"`, `"demo"`, or `"prod"`. Default is `"demo"`
+    @param key_type is the cryptographic algorithm for the requested key, can be `"ed25519"` of `"ecdsa"`
+    @return the key_type/algorithm specific public key
+    """
+    if key_type == EDDSA_TYPE:
+        return ed25519.VerifyingKey(KEYS[env]["vk"][EDDSA_TYPE], encoding="hex")
+    elif key_type == ECDSA_TYPE:
+        return ecdsa.VerifyingKey.from_string(binascii.unhexlify(KEYS[env]["vk"][ECDSA_TYPE]), curve=ecdsa.NIST256p, hashfunc=hashlib.sha256)