Merge pull request #13 from IdentityPython/feat/MdocCbor_disclosure_map

[Presentation] Mdoc Cbor disclosure map

Author: peppelinux

pymdoccbor/mdoc/issuer.py

@@ -2,15 +2,15 @@
 import binascii
 import cbor2
 import logging
-import datetime
+from datetime import datetime, timezone
 from cryptography.hazmat.primitives import serialization
 from cryptography.hazmat.primitives.asymmetric.ec import EllipticCurvePublicKey
 from pycose.keys import CoseKey, EC2Key
 from typing import Union
 
 from pymdoccbor.mso.issuer import MsoIssuer
 
-from cbor_diag import *
+from cbor_diag import cbor2diag
 
 
 logger = logging.getLogger("pymdoccbor")
@@ -159,7 +159,7 @@ def new(
                 revocation=revocation
             )
 
-        mso = msoi.sign(doctype=doctype, device_key=devicekeyinfo,valid_from=datetime.datetime.now(datetime.UTC))
+        mso = msoi.sign(doctype=doctype, device_key=devicekeyinfo,valid_from=datetime.now(timezone.utc))
 
         mso_cbor = mso.encode(
             tag=False,

pymdoccbor/mdoc/verifier.py

@@ -104,6 +104,7 @@ def __init__(self) -> None:
 
         self.documents: List[MobileDocument] = []
         self.documents_invalid: list = []
+        self.disclosure_map: dict = {}
 
     def loads(self, data: str) -> None:
         """
@@ -134,6 +135,33 @@ def dumps(self) -> bytes:
     @property
     def data_as_string(self) -> str:
         return self.dumps().decode()
+    
+    def _decode_claims(self, claims: list[dict]) -> dict:
+        decoded_claims = {}
+
+        for claim in claims:
+            decoded = cbor2.loads(claim.value)
+
+            if isinstance(decoded['elementValue'], cbor2.CBORTag):
+                decoded_claims[decoded['elementIdentifier']] = decoded['elementValue'].value
+            elif isinstance(decoded['elementValue'], list):
+                claims_list = []
+
+                for element in decoded['elementValue']:
+                    claims_dict = {}
+                    for key, value in element.items():
+                        if isinstance(value, cbor2.CBORTag):
+                            claims_dict[key] = value.value
+                        else:
+                            claims_dict[key] = value
+                    claims_list.append(claims_dict)
+
+                decoded_claims[decoded['elementIdentifier']] = claims_list
+            else:
+                decoded_claims[decoded['elementIdentifier']] = decoded['elementValue']
+
+        return decoded_claims
+
 
     def verify(self) -> bool:
         """"
@@ -160,6 +188,9 @@ def verify(self) -> bool:
                 else:
                     self.documents_invalid.append(mso)
 
+                for namespace, claims in mso.issuersigned.namespaces.items():
+                    self.disclosure_map[namespace] = self._decode_claims(claims)
+
             except Exception as e:
                 logger.error(
                     f"COSE Sign1 validation failed to the document number #{doc_cnt}. "

pymdoccbor/tests/test_08_mdoc_cbor.py

@@ -26,4 +26,6 @@ def test_mdoc_cbor_creation():
     mdocp.loads(data)
     mdocp.verify()
 
-    assert mdoc
+    assert mdoc
+    assert 'org.micov.medical.1' in mdocp.disclosure_map
+    assert mdocp.disclosure_map == MICOV_DATA

pymdoccbor/x509.py

@@ -1,6 +1,3 @@
-import datetime
-import os
-
 from cwt import COSEKey
 from typing import Union