implemented publisher client and example

Author: Ian-Nara

examples/sample_token_generate_refresh.py

@@ -0,0 +1,64 @@
+import sys
+
+from uid2_client import Uid2PublisherClient
+from uid2_client import TokenGenerateResponse
+from uid2_client import TokenGenerateInput
+
+
+def _usage():
+    print('Usage: python3 sample_token_generate_refresh.py <base_url> <auth_key> <secret_key>', file=sys.stderr)
+    sys.exit(1)
+
+
+if len(sys.argv) <= 3:
+    _usage()
+
+base_url = sys.argv[1]
+auth_key = sys.argv[2]
+secret_key = sys.argv[3]
+
+
+
+publisher_client = Uid2PublisherClient(base_url, auth_key, secret_key)
+print("Generating Token")
+token_generate_response = publisher_client.generate_token(TokenGenerateInput.from_email("[email protected]"))
+
+status = token_generate_response.status
+tokens = token_generate_response.get_identity()
+advertising_token = tokens.get_advertising_token()
+refresh_token = tokens.get_refresh_token()
+refresh_response_key = tokens.get_refresh_response_key()
+refresh_from = tokens.get_refresh_from()
+refresh_expires = tokens.get_refresh_expires()
+identity_expires = tokens.get_identity_expires()
+json_string = tokens.get_json_string()
+
+print('Status =', status)
+print('Advertising Token =', advertising_token)
+print('Refresh Token =', refresh_token)
+print('Refresh Response Key =', refresh_response_key)
+print('Refresh From =', refresh_from)
+print('Refresh Expires =', refresh_expires)
+print('Identity Expires =', identity_expires)
+print('As Json String =', json_string, "\n")
+
+print("Refreshing Token")
+token_refresh_response = publisher_client.refresh_token(tokens)
+status = token_refresh_response.status
+tokens = token_refresh_response.get_identity()
+advertising_token = tokens.get_advertising_token()
+refresh_token = tokens.get_refresh_token()
+refresh_response_key = tokens.get_refresh_response_key()
+refresh_from = tokens.get_refresh_from()
+refresh_expires = tokens.get_refresh_expires()
+identity_expires = tokens.get_identity_expires()
+json_string = tokens.get_json_string()
+
+print('Status =', status)
+print('Advertising Token =', advertising_token)
+print('Refresh Token =', refresh_token)
+print('Refresh Response Key =', refresh_response_key)
+print('Refresh From =', refresh_from)
+print('Refresh Expires =', refresh_expires)
+print('Identity Expires =', identity_expires)
+print('As Json String =', json_string, "\n")

uid2_client/__init__.py

@@ -12,5 +12,6 @@
 from .client import *
 from .encryption import *
 from .keys import *
+from .publisher_client import *
 
 

uid2_client/client.py

@@ -17,6 +17,7 @@
 from .encryption import _decrypt_gcm, _encrypt_gcm
 from .keys import EncryptionKey, EncryptionKeysCollection
 from .identity_scope import IdentityScope
+from .request_response_util import *
 
 
 def _make_dt(timestamp):
@@ -31,6 +32,9 @@ class Uid2Client:
 
     Methods:
         refresh_keys: get the latest encryption keys for decrypting advertising tokens
+        refresh_json: parse json to get encryption keys
+        encrypt: encrypt a uid to a token
+        decrypt: decrypt a token to a uid
 
     Examples:
         Connect to the UID2 service and obtain the latest encryption keys:
@@ -47,6 +51,7 @@ def __init__(self, base_url, auth_key, secret_key, identity_scope):
             base_url (str): base URL for all requests to UID2 services (e.g. 'https://prod.uidapi.com')
             auth_key (str): authorization key for consuming the UID2 services
             secret_key (str): secret key for consuming the UID2 services
+            identity_scope (IdentityScope): UID2 or EUID
 
         Note:
             Your authorization key will determine which UID2 services you are allowed to use.
@@ -66,9 +71,9 @@ def refresh_keys(self):
         Returns:
             EncryptionKeysCollection containing the keys
         """
-        req, nonce = self._make_v2_request(dt.datetime.now(tz=timezone.utc))
-        resp = self._post('/v2/key/sharing', headers=self._auth_headers(), data=req)
-        resp_body = json.loads(self._parse_v2_response(resp.read(), nonce)).get('body')
+        req, nonce = make_v2_request(self._secret_key, dt.datetime.now(tz=timezone.utc))
+        resp = post(self._base_url, '/v2/key/sharing', headers=auth_headers(self._auth_key), data=req)
+        resp_body = json.loads(parse_v2_response(self._secret_key, resp.read(), nonce)).get('body')
         return self._parse_keys_json(resp_body)
 
     def refresh_json(self, json_str):
@@ -124,33 +129,6 @@ def _parse_keys_json(self, resp_body):
         return EncryptionKeysCollection(keys, resp_body["caller_site_id"], resp_body["master_keyset_id"],
                                         resp_body.get("default_keyset_id", None), resp_body["token_expiry_seconds"])
 
-    def _make_url(self, path):
-        return self._base_url + path
-
-    def _auth_headers(self):
-        return {'Authorization': 'Bearer ' + self._auth_key,
-                "X-UID2-Client-Version": "uid2-client-python-" + pkg_resources.get_distribution("uid2_client").version}
-
-    def _make_v2_request(self, now):
-        payload = int.to_bytes(int(now.timestamp() * 1000), 8, 'big')
-        nonce = os.urandom(8)
-        payload += nonce
-
-        envelope = int.to_bytes(1, 1, 'big')
-        envelope += _encrypt_gcm(payload, None, self._secret_key)
-
-        return base64.b64encode(envelope), nonce
-
-    def _parse_v2_response(self, encrypted, nonce):
-        payload = _decrypt_gcm(base64.b64decode(encrypted), self._secret_key)
-        if nonce != payload[8:16]:
-            raise ValueError("nonce mismatch")
-        return payload[16:]
-
-    def _post(self, path, headers, data):
-        req = request.Request(self._make_url(path), headers=headers, method='POST', data=data)
-        return request.urlopen(req)
-
 
 class Uid2ClientError(Exception):
     """Raised for problems encountered while interacting with UID2 services."""

uid2_client/identity_tokens.py

@@ -0,0 +1,78 @@
+import datetime
+import json
+
+
+class IdentityTokens:
+    def __init__(self, advertising_token, refresh_token, refresh_response_key, identity_expires,
+                 refresh_expires, refresh_from, json_string):
+        self.advertising_token = advertising_token
+        self.refresh_token = refresh_token
+        self.refresh_response_key = refresh_response_key
+        self.identity_expires = identity_expires
+        self.refresh_expires = refresh_expires
+        self.refresh_from = refresh_from
+        self.json_string = json_string
+
+    @staticmethod
+    def from_json_string(json_string):
+        assert json_string is not None, "jsonString must not be null"
+
+        try:
+            return IdentityTokens.from_json(json.loads(json_string))
+        except json.JSONDecodeError:
+            print("Invalid json string")
+            return None
+        except KeyError:
+            print("Missing field in json string")
+            return None
+
+    @staticmethod
+    def from_json(json_obj):
+        return IdentityTokens(
+            json_obj.get("advertising_token"),
+            json_obj.get("refresh_token"),
+            json_obj.get("refresh_response_key"),
+            json_obj.get("identity_expires"),
+            json_obj.get("refresh_expires"),
+            json_obj.get("refresh_from"),
+            json.dumps(json_obj)
+        )
+
+    def is_due_for_refresh(self):
+        return self.is_due_for_refresh_impl(datetime.datetime.now())
+
+    def get_advertising_token(self):
+        return self.advertising_token
+
+    def get_refresh_token(self):
+        return self.refresh_token
+
+    def get_json_string(self):
+        return self.json_string
+
+    def is_refreshable(self):
+        return self.is_refreshable_impl(datetime.datetime.now())
+
+    def is_refreshable_impl(self, timestamp):
+        refresh_expires = self.refresh_expires
+        if refresh_expires is None or timestamp.timestamp() > refresh_expires:
+            return False
+        return self.refresh_token is not None
+
+    def is_due_for_refresh_impl(self, timestamp):
+        return timestamp.timestamp() > self.refresh_from or self.has_identity_expired(timestamp)
+
+    def has_identity_expired(self, timestamp):
+        return timestamp.timestamp() > self.identity_expires
+
+    def get_refresh_response_key(self):
+        return self.refresh_response_key
+
+    def get_identity_expires(self):
+        return self.identity_expires
+
+    def get_refresh_expires(self):
+        return self.refresh_expires
+
+    def get_refresh_from(self):
+        return self.refresh_from

uid2_client/input_util.py

@@ -0,0 +1,106 @@
+import hashlib
+import base64
+from enum import Enum
+
+
+def is_phone_number_normalized(phone_number):
+    MIN_PHONENUMBER_DIGITS = 10
+    MAX_PHONENUMBER_DIGITS = 15
+
+    if phone_number is None or len(phone_number) < MIN_PHONENUMBER_DIGITS:
+        return False
+
+    if phone_number[0] != '+':
+        return False
+
+    total_digits = sum(char.isdigit() for char in phone_number[1:])
+
+    return MIN_PHONENUMBER_DIGITS <= total_digits <= MAX_PHONENUMBER_DIGITS
+
+
+def normalize_email_string(email):
+    pre_sb = []
+    pre_sb_specialized = []
+    sb = []
+    ws_buffer = []
+
+    class EmailParsingState:
+        Starting = 1
+        Pre = 2
+        SubDomain = 3
+
+    parsing_state = EmailParsingState.Starting
+
+    in_extension = False
+
+    for i in range(len(email)):
+        c_given = email[i]
+        if 'A' <= c_given <= 'Z':
+            c = chr(ord(c_given) + 32)
+        else:
+            c = c_given
+
+        if parsing_state == EmailParsingState.Starting:
+            if c == ' ':
+                continue
+            else:
+                parsing_state = EmailParsingState.Pre
+
+        if parsing_state == EmailParsingState.Pre:
+            if c == '@':
+                parsing_state = EmailParsingState.SubDomain
+            elif c == '.':
+                pre_sb.append(c)
+            elif c == '+':
+                pre_sb.append(c)
+                in_extension = True
+            else:
+                pre_sb.append(c)
+                if not in_extension:
+                    pre_sb_specialized.append(c)
+        elif parsing_state == EmailParsingState.SubDomain:
+            if c == '@':
+                return None
+            elif c == ' ':
+                ws_buffer.append(c)
+                continue
+            if len(ws_buffer) > 0:
+                sb.extend(ws_buffer)
+                ws_buffer = []
+            sb.append(c)
+
+    if len(sb) == 0:
+        return None
+    domain_part = ''.join(sb)
+
+    GMAIL_DOMAIN = "gmail.com"
+    if GMAIL_DOMAIN == domain_part:
+        address_part_to_use = pre_sb_specialized
+    else:
+        address_part_to_use = pre_sb
+
+    if len(address_part_to_use) == 0:
+        return None
+
+    return ''.join(address_part_to_use + ['@'] + [domain_part])
+
+
+def is_ascii_digit(d):
+    return '0' <= d <= '9'
+
+
+def base64_to_byte_array(str):
+    return base64.b64decode(str)
+
+
+def byte_array_to_base64(b):
+    return base64.b64encode(b).decode()
+
+
+def get_base64_encoded_hash(input):
+    return byte_array_to_base64(get_sha256_bytes(input))
+
+
+def get_sha256_bytes(input):
+    return hashlib.sha256(input.encode()).digest()
+