This repo contains an implementation of an eIDAS Bridge Library in Python with a demo and unit tests.
An eIDAS Bridge links the european Trust and Legal Framework, named eIDAS (electronic IDentification, Authentication and trust Services), with the Self-Sovereign Identification (SSI) global trust framework, based on Decentralized IDentifers, or DIDs.
Move to the base directory (example: test-eidas-bridge
)
$ cd test-eidas-bridge
Clone the repository and move to the project directory
$ git clone https://github.com/validatedid/eidas-bridge
$ cd eidas-bridge
Execute a script to build and run the dockerized eIDAS Bridge library:
$ ./scripts/build_and_run_docker
PS ~\eidas-bridge> bash .\scripts\build_and_run_docker
This docker demo exposes a web server to run web demo and also another server to work directly with the eIDAS Bridge Swagger API:
http://localhost:8080/university_backend/
http://localhost:5002/
Open your browser and access to http://localhost:8080/university_backend/
to interact with eIDAS Bridge Web Demo.
Or open your browser and access to http://localhost:5002/
to interact with the eIDAS Bridge Swagger API.
To stop the demo and docker container, just press Ctrl^C
on the same terminal your executed the script.
In case you want to use the demo again, there is no need to rebuild the docker, just execute another script to start the already built docker:
$ ./scripts/start_docker
Move to the base directory (example: test-eidas-bridge
)
$ cd test-eidas-bridge
Clone the repository and move to the project directory
$ git clone https://github.com/validatedid/eidas-bridge
$ cd eidas-bridge
Create and activate python virtual environment:
$ python3 -m venv env
$ source env/bin/activate
Install dependencies and the library into the virtual environment:
$ pip install -e .
If you want to test the demo, install required requests
library and execute eidas_demo.py
:
$ pip install requests
$ python demo/eidas_demo.py
Following previous instructions, we should have the project github repo and be placed on eidas-bridge
directory.
$ pip install pytest requests
$ pytest
Implementation of a demo that exposes a RESTFUL Open API / Swagger style to call eIDAS Bridge Library in Python.
Following previous instructions, we should have the project github repo and be placed on eidas-bridge
directory.
This demo launches two localhost servers:
http://localhost:8000
http://localhost:5002/
$ pip install install flask flask-restplus
Execute eidas_bridge_api.py
:
$ python demo/eidas_bridge_api.py
SWAGGER API calls will be located at http://localhost:5002
and will expose:
/eidas/load-qec
/eidas/service-endpoint
/eidas/get-pubkey
/eidas/sign-credential
/eidas/verify-credential
def eidas_load_qec(did, qec, password = none):
Imports an eIDAS Qualified Electronic Certificate (QEC) with its correspondent private key to be used in further digital signature operations.
QEC currently supported format is only Secp256k1.
def eidas_get_service_endpoint(did, service_endpoint) -> str:
Contructs the JSON structure that needs to be added to the Issuer's DID Document Service Endpoint Section.
Receives a did and a service endpoint where it is stored the issuer's eIDAS Certificate.
Returns the correspondent JSON to be added to the Service Endpoint Section of the Issuer's DID Document.
{
"id": "did:sov:55GkHamhTU1ZbTbV2ab9DE#eidas",
"type": "EidasService",
"serviceEndpoint": "http://service_endpoint.sample/did:sov:55GkHamhTU1ZbTbV2ab9DE/eidas"
}
def eidas_get_pubkey(did) -> str:
From a given DID, returns the correspondent public key in a json struct.
Cryptographic keys currently supported format are only Secp256k1.
{
"publicKeyPem" : "-----BEGIN PUBLIC KEY...END PUBLIC KEY-----\n"
}
def eidas_sign_credential(credential) -> str:
Adds a digital signature to the given credential, generated with an eIDAS private key.
Returns the correspondent Verifiable Credential.
Cryptographic keys currently supported format are only Secp256k1.
def eidas_verify_credential(credential, json_did_document):
Verifies that the credential issuer had a valid eIDAS certificate at the moment of issuing the passed credential.
Throws EIDASProofException
on signarure not valid.
The current implementation does NOT support for DID resolution.
The algorithm executes the following procedure:
credential
and from did_document
and check they are the sameEidasService
service endpoint from did_document
to be able to access the Issuer's Identity HubVALID
or throw EIDASProofException
on signature not valid