CD2H gitForager

videntity/python-poetri

Name: python-poetri

Owner: Videntity

Description: POET Reference Implementation

Forked from: TransparentHealth/python-poetri

Created: 2017-05-15 13:52:11.0

Updated: 2017-05-15 13:52:12.0

Pushed: 2017-04-03 15:51:39.0

Homepage:

Size: 31

Language: Python

GitHub Committers

User	Most Recent Commit	# Commits

Other Committers

User	Email	Most Recent Commit	# Commits

README

poetri - Pre OAuth Entity Trust Reference Implementation

JSON Web Tokens (JWTs) are an open, industry standard RFC 7519 method for representing claims securely between two parties.

Pre-OAuth Entity Trust (POET) is a specific JWT designed to facilitate claims about consumer-facing health applications. https://github.com/hhsidealab/poet

This is a reference implemenation for signing and verifing POET JWTs in Python2 and Python3.

It contains both libraries and command line utilities.

To install on Ubuntu Linux first install the prerequisites:

sudo apt-get install libssl-dev

(The above instruction will differ for iOS, Redhat, Windows, etc.)

To install poetri type:

git clone https://github.com/TransparentHealth/python-poetri.git
python python-poetri/setup.py install

The command line tools are verify_poet.py and sign_poet.py. Just type their name for usage info.

The following section illustrates how to use the API for signing JWTs and verifing their information.

Python 3.5.1 (default, Dec 26 2015, 18:11:22) 
[GCC 4.2.1 Compatible Apple LLVM 7.0.2 (clang-700.1.81)] on darwin
Type "help", "copyright", "credits" or "license" for more information.

Import the sign_poet method

>>> from poetri.sign_poet import sign_poet

A private key ready for signing…

>>> test_private_key = """
... -----BEGIN PRIVATE KEY-----
... MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQComk77MDN73N/w
... FphyPbL0uc0jzKvSI8qK/TGvDx+9ygPFzYq6RdsgNE5cOHdtXk6/ukaMt7ssmvRU
... zyqKtx4033MssEvDlmYIrE1dvquiPg2CSIMxCsyny7191rLPN3iANC3a/39OBOg+
... pBev6S+k9hQcV00j0oxfC9Aof8aT1f9P+l6gu3n3y9OTDcrz3hSv4dONDOxnKWiD
... JG26Myuvap0+AP84Qa2WwNWJR0mwXAR5q9RuCG3IoIWuBUTKIDbe79Favy7R15Fc
... B7atsd7KSnpyhSwwWp85OcMpQPSiUNCTNHgLl9WqdZxD1LFCR2WkUbMDtYZx1Yw+
... vP0qE+3ZAgMBAAECggEAS566IetijAFq5zIbOdH2e9EB8zaPMfcfluss54lvAR6k
... RomD2TwPpggPxUkGN6V+yHtxvReC+eSeBZPNTt4GzEwUSkzgDl9ccDNnl843CNOw
... F2kSfmKLnA7DdLdhB5OnlkjQ8FJ79LA6wi2y+hEqb2B3cKavUIvUraSMvj1hAVjV
... hu0Dh6RvpMwDKRk5R74EEbBRfV4kX6qNjOaGFw9siwtp5qSY17eSbBCsBOMQHe9U
... t1nG5Fu/ChgOpUOjCsKtGPgl7H/6BfZjtLiP7xaoxRySfSbnpyu+Sxqofwa8mnjE
... qdQTONkR7GztnaL/+2LHeLrCyDtklwptzeNuVKf6AQKBgQDQX3M/mfh1tCe9pZVi
... +APDRVGw1ofsUQXOAHmY9eEwmIjmkV2HCHue3zwehzeLcmEeeI1Ozxi0JBsCsb+l
... vb4m9AvEJkz6BaUCclqD6lcfcgiQbtSEsdQTS35aZSu8Woa0OGt4zDrSLB4jLrPR
... EFdpA2FxcZMoNqbHMbF0B+9TYQKBgQDPI8krEwZT+mG0PCEIFiBFv5jMvOXd8qZE
... Rq1iDVfI3iHta5fs7D0KzQVQqSFqCEQjPfC+dNAZL0SWHewNdf523TTZK4vOkaIB
... PQEh568xk9EvV6/8QInO+4ljAM9/Kcze08SL0wj2aqa+iuys/6k1Ociz8xoEeEK0
... 4kEhbDileQKBgDYGiXsUELdz3lntdK4UX+VhM60F8nfzCe4/cUeXeKuA4P3m8rjw
... Gh03A/9mT6B4J3YfC4RDbcRHGDm6nFX8vDCdVe+lfo/UptPbklxhhfVBO7c3BSLi
... eHoIONp3IL/VONfBSRwo15dmmOnGUhkCg6dWmQ0wxVbH1LYQzFGpPQQBAoGAYoSA
... r03zGonhYlme1DvByaqgv++v3GoGDj8XQ6VY9R5BQKyFq5eISNTODFkEnWulDKXv
... FIZ2WyQSGNvOY3CVQG9hLVD6w5qcVL5xBXEt8AR/32ZzOyRu5tTXuRCvn6l/2RMb
... Te1nO9vpxoJIotdN4RTEkmGzJCEWiPV7SKwyHPECgYEAwCdBX0pzpgAFbcX44FG8
... Wo1b7C6y2vnAzm/MazBcDm9MH8X1oXdqRjKpY7kHXFYHB/fAxsUVCyOP82JVl5mq
... yld/v0Z19nKV1e+rQz8DhdJtyUOOQ1szetHHvprDSK3KulBcojznIDgrRHqxSJcc
... j1DFK16BeYLj88PTTKLtheE=
... -----END PRIVATE KEY-----"""

Sign the payload and build the JWT. The issuer is transparenthealth.org

>>> sign_poet({"sub":"someapp.foo.com"}, test_private_key, "tranparenthealth.org", 3600)

The result of sign_poet is just a string contining the JWT.

'eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJpYXQiOjE0ODcyNjA1NzEsImV4cCI6MTQ4NzI2NDE3MSwiaXNzIjoidHJhbnBhcmVudGhlYWx0aC5vcmciLCJzdWIiOiJzb21lYXBwLmZvby5jb20ifQ.aoAgaYruGDOvaMp1tzC3GRcS6GU0bnkoM9tcMthSRrTN6yfLxozbXASkgbveNnrGkBoXCwZNNySetTIrjX8hnFAzNVmWlHBwieUykoYCRwLrD5gBe5Fpa0fy1XO3YqqQbGY29eb8ix-gvH0cM0crWCAGnAu56AhqJcqAjd2VgHdrgS5ipEE-gfvoSLISWFOeWt54kclPsHh7WSYMm0WnuntGRHcQnHSSany_96M8t4LlGMhpPO3nJo_0G2r6e634aggYxB9aGs4ErrFG4GhFWZieve3Kia9R6ihzZCIgc0mNUOMD5xl44vDiTU9eZFA8DGknZ1ohGlaXKWHtSgh3FA'

Now let's verify the signature on the JWT. Let's import the library

    >>> from poetri.verify_poet import verify_poet

A public key to verify the signature.

    >>> test_public_key = """
    ... -----BEGIN CERTIFICATE-----
    ... MIIEozCCA4ugAwIBAgICAU4wDQYJKoZIhvcNAQELBQAwcTELMAkGA1UEBhMCVVMx
    ... CzAJBgNVBAgMAk5DMQ8wDQYDVQQHDAZEdXJoYW0xEjAQBgNVBAoMCVZpZGVudGl0
    ... eTEUMBIGA1UEAwwLZXhhbXBsZS5vcmcxGjAYBgkqhkiG9w0BCQEWC2V4YW1wbGUu
    ... b3JnMB4XDTE2MDUwMjE0NTczNVoXDTE4MDUwMjE0NTczNVowgYwxCzAJBgNVBAYT
    ... AlVTMQswCQYDVQQIDAJOQzEPMA0GA1UEBwwGRHVyaGFtMRkwFwYDVQQKDBBTb21l
    ... IHNpZ25pbmcgb3JnMR4wHAYDVQQDDBV0cmFuc3BhcmVudGhlYWx0aC5vcmcxJDAi
    ... BgkqhkiG9w0BCQEWFXRyYW5zcGFyZW50aGVhbHRoLm9yZzCCASIwDQYJKoZIhvcN
    ... AQEBBQADggEPADCCAQoCggEBAKiaTvswM3vc3/AWmHI9svS5zSPMq9Ijyor9Ma8P
    ... H73KA8XNirpF2yA0Tlw4d21eTr+6Roy3uyya9FTPKoq3HjTfcyywS8OWZgisTV2+
    ... q6I+DYJIgzEKzKfLvX3Wss83eIA0Ldr/f04E6D6kF6/pL6T2FBxXTSPSjF8L0Ch/
    ... xpPV/0/6XqC7effL05MNyvPeFK/h040M7GcpaIMkbbozK69qnT4A/zhBrZbA1YlH
    ... SbBcBHmr1G4Ibcigha4FRMogNt7v0Vq/LtHXkVwHtq2x3spKenKFLDBanzk5wylA
    ... 9KJQ0JM0eAuX1ap1nEPUsUJHZaRRswO1hnHVjD68/SoT7dkCAwEAAaOCAScwggEj
    ... MAkGA1UdEwQCMAAwIAYDVR0RBBkwF4IVdHJhbnNwYXJlbnRoZWFsdGgub3JnMB0G
    ... A1UdDgQWBBS5pG89q+k0QWti8nbH46RghZNPYjAfBgNVHSMEGDAWgBSXucht5NOZ
    ... 8X/6PdQlCtDYZHHwdjALBgNVHQ8EBAMCBaAwXwYDVR0fBFgwVjAwoC6gLIYqaHR0
    ... cDovL2NhLmRpcmVjdGNhLm9yZy9jcmwvZXhhbXBsZS5vcmcuY3JsMCKgIKAehhxo
    ... dHRwOi8vbXlvdGhlcmZmLmNvbS9jcmwuY3JsMEYGCCsGAQUFBwEBBDowODA2Bggr
    ... BgEFBQcwAoYqaHR0cDovL2NhLmRpcmVjdGNhLm9yZy9haWEvZXhhbXBsZS5vcmcu
    ... ZGVyMA0GCSqGSIb3DQEBCwUAA4IBAQB5AIGpYWvA8CJ/ipMu2f0DEYlgj+sECzpU
    ... U/KYYZZ/Ra/6ffFo2BFfhozztPAv5PXCeNk0vV8loE3KbgNjw/FBAk27t+gyysTC
    ... en4ZDNgi8lt2X9mzULX4qdPIOfP96S0JVXcClcdNJ2FwSDuuUwXpgfkf1nlNYB8n
    ... jd0QMN4v73uZkouFYhN+YWxyqASD/9AOVULUZbYAIf2Rv1L7TSnYJZwZ3vjC002p
    ... gJDEwf1x7ojkmlMaLHJd0rSB7vO7jbTuvkaz6oWnoNRERLHaqf4YqX8pQbvHcX1T
    ... y1AaA1AqLNz7WJgwfjMPciyGofFDRJT/Cp0Jyf8VvYq55a0Y+tBg
    ... -----END CERTIFICATE-----
    ... """

A JWT to verify

    >>> encoded_jwt ="""eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ0cmFuc3BhcmVudGhlYWx0aC5vcmciLCJpYXQiOjE0NjIyOTM3OTAsImhlbGxvIjoid29ybGQiLCJleHAiOjE0OTM4Mjk3OTB9.kPGNV5R0G5PQPB9aCW6hTHZPMKsRcc-YmJqj9oCibdKtPM5cofSivSXX0waa1CQUU8VoPdQTOyry7ShldsWURN8ZNpXHBMXnamUiR1Phvjw93_awsbZCjAh4pK29gexNRX5oHjQ15kDv4Xd6bY2BA9pzueTN1jLnK1P2s3SDu-DtMhXcIUz-5_H_vq6VbaL6DAMeOePxEUevnGIIhkCtQdktUfTep55k7f8ujCDa52k-x8cEktXZmuACogyth-SeCd_I9GXrhYTN13jGqI02jAk8XiP8nzFMaT-bCkTWcFUzh8i3s0G0OLyVw07I6YC7yRJXMmNSEdPo30wM7EeB3Q
    ... """

Verify the POET JWTs signature

    >>> verify_poet(encoded_jwt, test_public_key) 
    {'hello': 'world', 'exp': 1493829790, 'iss': 'transparenthealth.org', 'iat': 1462293790}
    >>>

If verified, the payload is returned. (Keep in mind the payload is accesible without signature verification using standard JWT libraries.)

This work is supported by the National Institutes of Health's National Center for Advancing Translational Sciences, Grant Number U24TR002306. This work is solely the responsibility of the creators and does not necessarily represent the official views of the National Institutes of Health.