blockchain-certificates / cert-issuer Goto Github PK

View Code? Open in Web Editor NEW

405.0 405.0 209.0 1.78 MB

Issues Blockcerts using either the Bitcoin or Ethereum blockchain

License: MIT License

Python 91.09% Shell 2.63% Dockerfile 0.57% HTML 5.71%

cert-issuer's People

Contributors

Stargazers

Watchers

Forkers

tzmartin compumatrix sbepstein qsq-dm neo4reo pasayadaan yixiaoj smatthewenglish michaelkirschbaum zimuxin akiiki mitchk fang1999 chrisabrams zelladoor francisplaza blockchainexperts karask tomkiatcheeranun aditya0711 tonypius padillareyj vijaykonda ra333 cassiehilbig d2l-labs cryptobuks devacurl bradvella fbrinkkemper nunofernandes-plight lydia-gu manicprogrammer vishnu6266 santhoshvanama joeynor ramnath00 henryyu1103 0svaldo glowdb govtechsg yexiaoxing xieqihui mutanov csyk youracclaim mazenovi iain-m devengengan janqliangtsai mdreamfly piyush-avantsoft zuhaili92 sandoche esthereum fisf itassist fuerve ohyoung danishfastian youmark yashbhutwala lparkerlm gsoosg niclausliu acuddeback ginrummie vivekgana kbahtus sravyavoleti fresnostate rifath-shaarook davespx honghu215 ssiwan glfruit ca-code-works blockchain-expert muhzn yancyribbens nguyenthanhtung88 indycerts kyeongd martxalen afolabiolaoluwa alexandru-olteanu c-log hibirdc ppfish45 isidharthrai yunsiong wlbf akodate scz2011 edivad-nai flrntdfr azizur77 faustow urashid64 phurinaix

cert-issuer's Issues

Add configurable amount to spend limit

This would be a useful last resort check if anything went wrong at any phase of certificate issuing, i.e. if the issuer accidentally added more certificates to issue than they expected.

Installing dependencies for ethereum blockchain fails

Hi,

I just cloned the most recent code and tried to install the experimental Ethereum build by running the following command (as per the instructions in the documentation):

python setup.py experimental --blockchain=ethereum

However, I get the following error:

Exception:
Traceback (most recent call last):
File "/home/ehein/miniconda3/lib/python3.6/site-packages/pip/basecommand.py", line 215, in main status = self.run(options, args)
File "/home/ehein/miniconda3/lib/python3.6/site-packages/pip/commands/install.py", line 312, in run
wheel_cache
File "/home/ehein/miniconda3/lib/python3.6/site-packages/pip/basecommand.py", line 276, in populate_requirement_set
wheel_cache=wheel_cache
File "/home/ehein/miniconda3/lib/python3.6/site-packages/pip/req/req_install.py", line 185, in from_line
name = name.strip()
AttributeError: 'list' object has no attribute 'strip'

It seems that the name of a dependency is a list instead of a string? I had a look at the recent commits and I think this is probably a bug introduced by changes in how dependencies are managed.

P.S. I also tried installing the most recent code with the normal Bitcoin blockchain and everything installs fine, so it seems that the problem is only with Ethereum.

Not Able to generate certificate using cert-issuer

Hi,

I am sorry if it comes out as a silly (very basic) question but while using cert-issuer instructions here https://github.com/blockchain-certificates/cert-issuer
in the "Creating issuing address" there is a statement to be executed under bitcoin bash:

sed -i.bak "s/issuing-address/$issuer/g" /etc/cert-issuer/conf.ini

in this what is the difference between issuing-address and $issuer ?
I believe $issuer is what I generated just above this statement ( issuer=bitcoin-cli getnewaddress ), but the what is issuing-address ?

Later when I am trying to execute "bitcoin-cli sendtoaddress $issuer 5"
This isn't working either, and due to this I am not able to generate certificate as it is saying insufficient balance.

Can you please help me with this.

Regards
Aayush

Cert-issuer when Issuing certificate

I am running the commands step by step as mentioned in the Readme. I am facing this exception.
Stack trace below

bash-4.3# cert-issuer -c /etc/cert-issuer/conf.ini
WARNING:root:Your app is configured to skip the wifi check when the USB is plugged in. Read the documentation to ensure this is what you want, since this is less secure
INFO:root:Set cost constants to recommended_tx_fee=0.000600,min_per_output=0.000028,satoshi_per_byte=250
INFO - Set cost constants to recommended_tx_fee=0.000600,min_per_output=0.000028,satoshi_per_byte=250
INFO:root:Processing 1 certificates
INFO - Processing 1 certificates
INFO:root:Processing 1 certificates under work path=/etc/cert-issuer/work
INFO - Processing 1 certificates under work path=/etc/cert-issuer/work
INFO:root:Total cost will be 133500 satoshis
INFO - Total cost will be 133500 satoshis
INFO:root:Starting finalizable signer
INFO - Starting finalizable signer
WARNING:root:app is configured to skip the wifi check when the USB is plugged in. Read the documentation to ensure this is what you want, since this is less secure
WARNING - app is configured to skip the wifi check when the USB is plugged in. Read the documentation to ensure this is what you want, since this is less secure
INFO:root:Stopping finalizable signer
INFO - Stopping finalizable signer
WARNING:root:app is configured to skip the wifi check when the USB is plugged in. Read the documentation to ensure this is what you want, since this is less secure
WARNING - app is configured to skip the wifi check when the USB is plugged in. Read the documentation to ensure this is what you want, since this is less secure
INFO:root:Unsigned hextx=01000000019340a205781240a858d6f9f4d0fdd481e7a2974d4d7a3d09f3eb38d64c7313f40100000000ffffffff02a07acc1d000000001976a9142af2b6b8244f5d26f3f9450540c27eb4cacba37888ac0000000000000000226a20819c418583a11b0d4351a96aba97534db2c758f655220d76a1ad984cf13b10d900000000
INFO - Unsigned hextx=01000000019340a205781240a858d6f9f4d0fdd481e7a2974d4d7a3d09f3eb38d64c7313f40100000000ffffffff02a07acc1d000000001976a9142af2b6b8244f5d26f3f9450540c27eb4cacba37888ac0000000000000000226a20819c418583a11b0d4351a96aba97534db2c758f655220d76a1ad984cf13b10d900000000
INFO:root:Preparing tx for signing
INFO - Preparing tx for signing
INFO:root:Starting finalizable signer
INFO - Starting finalizable signer
WARNING:root:app is configured to skip the wifi check when the USB is plugged in. Read the documentation to ensure this is what you want, since this is less secure
WARNING - app is configured to skip the wifi check when the USB is plugged in. Read the documentation to ensure this is what you want, since this is less secure
ERROR:root:Unable to sign transaction. hextx=01000000019340a205781240a858d6f9f4d0fdd481e7a2974d4d7a3d09f3eb38d64c7313f40100000000ffffffff02a07acc1d000000001976a9142af2b6b8244f5d26f3f9450540c27eb4cacba37888ac0000000000000000226a20819c418583a11b0d4351a96aba97534db2c758f655220d76a1ad984cf13b10d900000000
ERROR - Unable to sign transaction. hextx=01000000019340a205781240a858d6f9f4d0fdd481e7a2974d4d7a3d09f3eb38d64c7313f40100000000ffffffff02a07acc1d000000001976a9142af2b6b8244f5d26f3f9450540c27eb4cacba37888ac0000000000000000226a20819c418583a11b0d4351a96aba97534db2c758f655220d76a1ad984cf13b10d900000000
INFO:root:Stopping finalizable signer
INFO - Stopping finalizable signer
WARNING:root:app is configured to skip the wifi check when the USB is plugged in. Read the documentation to ensure this is what you want, since this is less secure
WARNING - app is configured to skip the wifi check when the USB is plugged in. Read the documentation to ensure this is what you want, since this is less secure
Traceback (most recent call last):
File "/usr/bin/cert-issuer", line 11, in
load_entry_point('cert-issuer==2.0.8', 'console_scripts', 'cert-issuer')()
File "/usr/lib/python3.5/site-packages/cert_issuer/main.py", line 17, in cert_issuer_main
issue_certificates.main(parsed_config)
File "/usr/lib/python3.5/site-packages/cert_issuer/issue_certificates.py", line 56, in main
return issue(app_config, certificate_batch_handler, transaction_handler)
File "/usr/lib/python3.5/site-packages/cert_issuer/issue_certificates.py", line 39, in issue
tx_id = issuer.issue()
File "/usr/lib/python3.5/site-packages/cert_issuer/issuer.py", line 27, in issue
txid = self.transaction_handler.issue_transaction(op_return_bytes)
File "/usr/lib/python3.5/site-packages/cert_issuer/transaction_handler.py", line 82, in issue_transaction
signed_tx = self.sign_transaction(prepared_tx)
File "/usr/lib/python3.5/site-packages/cert_issuer/transaction_handler.py", line 118, in sign_transaction
signed_tx = signer.sign_transaction(prepared_tx)
File "/usr/lib/python3.5/site-packages/cert_issuer/signer.py", line 120, in sign_transaction
return self.signer.sign_transaction(self.wif, transaction_to_sign)
File "/usr/lib/python3.5/site-packages/cert_issuer/signer.py", line 99, in sign_transaction
raise UnableToSignTxError('Unable to sign transaction')
cert_issuer.errors.UnableToSignTxError: Unable to sign transaction

Please let me know whats the issue

Get Docker builds working for all supported blockchains

Right now, the docker build gets the default Bitcoin configuration going, but lacks direct support for building out an Ethereum container. Might be handy to have support for this.

Error - Permission denied

i am facing this issue where it keeps stating permission denied.

(venv) brendanluke_sf@quest-cert:/venv/cert-issuer$ python issue_certificates.py -c config.ini
WARNING - Your app is configured to skip the wifi check when the USB is plugged in. Read the documentation to ensure this is what you want, since this is less secure
INFO - This run will try to issue on the bitcoin_testnet chain
INFO - Set cost constants to recommended_tx_fee=0.000600,min_per_output=0.000028,satoshi_per_byte=250
INFO - Set cost constants to recommended_tx_fee=0.000600,min_per_output=0.000028,satoshi_per_byte=250
ERROR - [Errno 13] Permission denied: '/etc/cert-issuer'
Traceback (most recent call last):
File "issue_certificates.py", line 60, in
tx_id = main(parsed_config)
File "issue_certificates.py", line 52, in main
return issue(app_config, certificate_batch_handler, transaction_handler)
File "issue_certificates.py", line 21, in issue
blockchain_certificates_dir, work_dir)
File "/home/brendanluke_sf/venv/cert-issuer/cert_issuer/helpers.py", line 45, in prepare_issuance_batch
os.makedirs(work_dir, exist_ok=True)
File "/home/brendanluke_sf/venv/lib/python3.5/os.py", line 231, in makedirs
makedirs(head, mode, exist_ok)
File "/home/brendanluke_sf/venv/lib/python3.5/os.py", line 241, in makedirs
mkdir(name, mode)
PermissionError: [Errno 13] Permission denied: '/etc/cert-issuer'
ERROR - [Errno 13] Permission denied: '/etc/cert-issuer'
Traceback (most recent call last):
File "issue_certificates.py", line 60, in
tx_id = main(parsed_config)
File "issue_certificates.py", line 52, in main
return issue(app_config, certificate_batch_handler, transaction_handler)
File "issue_certificates.py", line 21, in issue
File "/home/brendanluke_sf/venv/cert-issuer/cert_issuer/helpers.py", line 45, in prepare_issuance_batch
blockchain_certificates_dir, work_dir)
File "/home/brendanluke_sf/venv/cert-issuer/cert_issuer/helpers.py", line 45, in prepare_issuance_batch
os.makedirs(work_dir, exist_ok=True)
File "/home/brendanluke_sf/venv/lib/python3.5/os.py", line 231, in makedirs
makedirs(head, mode, exist_ok)
File "/home/brendanluke_sf/venv/lib/python3.5/os.py", line 241, in makedirs
mkdir(name, mode)
PermissionError: [Errno 13] Permission denied: '/etc/cert-issuer'
(venv) brendanluke_sf@quest-cert:/venv/cert-issuer$

I dont have such a folder called etc....
Can someone please help me.

Broadcasting tx on testnet failing after successful batch

Hi,

Whenever I try to issue a second certificate batch on testnet a few minutes after a successful batch, cert-issuer gets stuck on the broadcasting step, as both connectors report the same errors on every retry:

ERROR:root:Error broadcasting the transaction through the Blockr.IO API. Error msg: {"status":"fail","data":"Could not push your transaction!","code":500,"message":"Did you sign your transaction?"}
ERROR - Error broadcasting the transaction through the Blockr.IO API. Error msg: {"status":"fail","data":"Could not push your transaction!","code":500,"message":"Did you sign your transaction?"}
WARNING:root:Caught exception trying provider <bound method BlockrIOBroadcaster.broadcast_tx of <cert_issuer.connectors.BlockrIOBroadcaster object at 0x7f0dae236c88>>. Trying another. Exception={"status":"fail","data":"Could not push your transaction!","code":500,"message":"Did you sign your transaction?"}
WARNING - Caught exception trying provider <bound method BlockrIOBroadcaster.broadcast_tx of <cert_issuer.connectors.BlockrIOBroadcaster object at 0x7f0dae236c88>>. Trying another. Exception={"status":"fail","data":"Could not push your transaction!","code":500,"message":"Did you sign your transaction?"}
ERROR:root:Error broadcasting the transaction through the BlockExplorer API. Error msg: 258: txn-mempool-conflict. Code:-26
ERROR - Error broadcasting the transaction through the BlockExplorer API. Error msg: 258: txn-mempool-conflict. Code:-26
WARNING:root:Caught exception trying provider <bound method BlockExplorerBroadcaster.broadcast_tx of <cert_issuer.connectors.BlockExplorerBroadcaster object at 0x7f0dae236cf8>>. Trying another. Exception=258: txn-mempool-conflict. Code:-26
WARNING - Caught exception trying provider <bound method BlockExplorerBroadcaster.broadcast_tx of <cert_issuer.connectors.BlockExplorerBroadcaster object at 0x7f0dae236cf8>>. Trying another. Exception=258: txn-mempool-conflict. Code:-26
WARNING:root:Broadcasting failed. Waiting before retrying. This is attempt number 0
WARNING - Broadcasting failed. Waiting before retrying. This is attempt number 0

Eventually the transaction does go through after some retries.

I believe this may be due to the first transaction not being confirmed yet when the second transaction is attempted, but that is just my gut feeling at the moment. Is there a way to avoid this long wait?

Thanks.

cert-issuing fails without docker

Hello Kim,

Apology for opening a new issue. Let me know if I should add this to old thread?

I was just setting up everything without docker. I get this error:

ERROR:root:'bytes' object has no attribute 'encode'
Traceback (most recent call last):
File "/home/ubuntu/development/cert-issuer/cert_issuer/issue_certificates.py", line 92, in
tx_id = main(parsed_config, secret_manager)
File "/home/ubuntu/development/cert-issuer/cert_issuer/issue_certificates.py", line 72, in main
tx_id = issuer.issue_certificates()
File "/usr/local/lib/python3.4/dist-packages/cert_issuer/issuer.py", line 132, in issue_certificates
tx_id = self.issue_on_blockchain()
File "/usr/local/lib/python3.4/dist-packages/cert_issuer/issuer.py", line 46, in issue_on_blockchain
op_return_value_bytes = unhexlify(self.tree.get_merkle_root())
File "/usr/local/lib/python3.4/dist-packages/cert_issuer/helpers.py", line 17, in unhexlify
def unhexlify(hex_string): return binascii.unhexlify(hex_string.encode('utf8'))
AttributeError: 'bytes' object has no attribute 'encode'
ERROR - 'bytes' object has no attribute 'encode'
Traceback (most recent call last):
File "/home/ubuntu/development/cert-issuer/cert_issuer/issue_certificates.py", line 92, in
tx_id = main(parsed_config, secret_manager)
File "/home/ubuntu/development/cert-issuer/cert_issuer/issue_certificates.py", line 72, in main
tx_id = issuer.issue_certificates()
File "/usr/local/lib/python3.4/dist-packages/cert_issuer/issuer.py", line 132, in issue_certificates
tx_id = self.issue_on_blockchain()
File "/usr/local/lib/python3.4/dist-packages/cert_issuer/issuer.py", line 46, in issue_on_blockchain
op_return_value_bytes = unhexlify(self.tree.get_merkle_root())
File "/usr/local/lib/python3.4/dist-packages/cert_issuer/helpers.py", line 17, in unhexlify
def unhexlify(hex_string): return binascii.unhexlify(hex_string.encode('utf8'))
AttributeError: 'bytes' object has no attribute 'encode'
=> ""

I am calling the below command from ruby application.
sudo python3 /home/ubuntu/development/cert-issuer/cert_issuer/issue_certificates.py -c /home/ubuntu/development/ruby_blockchain_middleware/conf_updated.ini

I am on the latest master. Now conf_updated.ini looks like this:

issuing_address = random_address
revocation_address = random_address2

bitcoin_chain=testnet

usb_name=/home/ubuntu/development/ruby_blockchain_middleware/
key_file=pk_issuer.txt

unsigned_certificates_dir=/home/ubuntu/development/ruby_blockchain_middleware/unsigned
signed_certificates_dir=/home/ubuntu/development/ruby_blockchain_middleware/signed
blockchain_certificates_dir=/home/ubuntu/development/ruby_blockchain_middleware/blockchain
work_dir=/home/ubuntu/development/ruby_blockchain_middleware/work

no_safe_mode

pk_issuer.txt
random_key2

cert json:
https://s3.amazonaws.com/staging-accredible-blockchain/unsigned/10299954.json

When I use the same conf.ini file address and cert JSON inside docker app. It works fine. So the address is correct and cert JSON also.

Any idea, what I can do to debug this?

Support Decentralized identifiers

From @kimdhamilton on September 27, 2017 20:5

Instead of relying on public keys, we want to use Decentralized Identifiers (DIDs), since these enable longer-lived Blockcert ownership.

Note that the decentralized identifier spec is still being finalized in the W3C Credentials CG. There are 2 known (at this time) mostly compliant (i.e. the spec still isn't finalized) method specs -- Veres 1 and BTCR. Other popular method specs such as Sovrin and uPort are expected to comply shortly after spec finalization.

Blockcerts won't tie to any specific DID provider. Rather it only knows about DIDs. We may, for purposes of prototypes, show examples with the simplest DID method, i.e. BTCR.

DIDs enable more user-friendly means of recovery, e.g. social recovery in the case that you lose your device, or in some way make your private keys unrecoverable.

The schema change is super simple: we will simply use Verifiable Claims conventions enabling id, entity, and owner to be DIDs.

Changes to the Blockcerts ecosystem could be interesting:

wallet could understand and integrate with DID providers
if the DID provider supports service-based DID verification, the Blockcerts verifier could incorporate this notion

In general, this nicely decouples Blockcerts from key management.

Copied from original issue: blockchain-certificates/cert-schema#41

no module named "requests" error

Hi, I'm trying to install this, but when I run docker build command, it's always return errors below:

    Traceback (most recent call last):
      File "<string>", line 1, in <module>
      File "/tmp/pip-build-o_d_2zxh/pyld/setup.py", line 17, in <module>
        from pyld import jsonld
      File "/tmp/pip-build-o_d_2zxh/pyld/lib/pyld/__init__.py", line 2, in <module>
        from . import jsonld
      File "/tmp/pip-build-o_d_2zxh/pyld/lib/pyld/jsonld.py", line 19, in <module>
        import requests
    ImportError: No module named 'requests'

    ----------------------------------------
Command "python setup.py egg_info" failed with error code 1 in /tmp/pip-build-o_d_2zxh/pyld/

unless I append 'requests' in Dockerfile's pip3 install, can you help me with that ?

include design documentation for library consumption

Docker error in Step 1/6 : FROM seegno/bitcoind:0.13-alpine

I am getting below error after running docker build -t bc/cert-issuer:1.0 . in step 1

C:\Users\Hafsah\Documents\Python_Scripts\cert-issuer>docker build -t bc/cert-issuer:1.0 .
Sending build context to Docker daemon  2.855MB
Step 1/6 : FROM seegno/bitcoind:0.13-alpine
0.13-alpine: Pulling from seegno/bitcoind
image operating system "linux" cannot be used on this platform

#18

Setup CI builds

for this repo and all missing in digital-certificates.
See #9

GDPR regulations

Hi, I am a student doing my thesis from TU Delft. I came acros blockerts via the article in medium and I found it very interesting. I have a question though, with the GDPR regulations in Europe you cannot store personal information on the chain, how did you manage to negate it or is that currently not your domain or research.

MerkleSignatureSuite change

Update issuer to use types and chains per #40

Rework USB dependency

new/naive

hi, I am trying to understand this prj. in particular I am interested in the backend. as far as I understand you are making use of existing bitcoin blockchain? so you are mostly a client of this bitcoin blockchain? From your description:

The cert-issuer project issues blockchain certificates by creating a transaction from the issuing institution to the recipient on the Bitcoin blockchain that includes the hash of the certificate itself.

if I wanted to recreate the prj then I would have to do the same as you do, reuse the bitcoin blockchain? how could I rebuild this using hyperledger?

Ethereum testnet issuing mode fails

There is no connector configured for Ethereum testnet issuing mode. What is the correct behavior?

This errror was reported:

Traceback (most recent call last):
  File "/home/ludo/.local/bin/cert-issuer", line 11, in <module>
    sys.exit(cert_issuer_main())
  File "/home/ludo/.local/lib/python3.5/site-packages/cert_issuer/__main__.py", line 17, in cert_issuer_main
    issue_certificates.main(parsed_config)
  File "/home/ludo/.local/lib/python3.5/site-packages/cert_issuer/issue_certificates.py", line 68, in main
    return issue(app_config, certificate_batch_handler, transaction_handler)
  File "/home/ludo/.local/lib/python3.5/site-packages/cert_issuer/issue_certificates.py", line 35, in issue
    transaction_handler.ensure_balance()
  File "/home/ludo/.local/lib/python3.5/site-packages/cert_issuer/transaction_handler.py", line 167, in ensure_balance
    self.balance = self.connector.get_balance(self.issuing_address)
  File "/home/ludo/.local/lib/python3.5/site-packages/cert_issuer/connectors.py", line 205, in get_balance
    for m in get_providers_for_chain(self.ethereum_chain, self.local_node):
  File "/home/ludo/.local/lib/python3.5/site-packages/cert_issuer/connectors.py", line 374, in get_providers_for_chain
    return connectors[chain]
KeyError: <Chain.ethereum_testnet: 6>

Separate signing step from issuing step

The OBI signing step makes sense as a separate step from the blockchain issuing process. Separate out mains so these can be called independently

Insufficient Funds Error

I am getting the following error when I try to issue certificates either in bitcoin testnet or using docker and regtest. My bitcoin testnet wallet has 3.5 btcs and for the docker app, I am just following the steps in cert-issuer for the bitcoin-cli. Could you please post more detailed steps on how to make sure there are sufficient funds for both?

Thanks!

Error:

WARNING - Your app is configured to skip the wifi check when the USB is plugged in. Read the documentation to ensure this is what you want, since this is less secure
INFO - This run will try to issue on the bitcoin_regtest chain
INFO - Set cost constants to recommended_tx_fee=0.000600,min_per_output=0.000028,satoshi_per_byte=250
INFO - Set cost constants to recommended_tx_fee=0.000600,min_per_output=0.000028,satoshi_per_byte=250
INFO - Processing 2 certificates
INFO - Processing 2 certificates
INFO - Processing 2 certificates under work path=/Users/itinawi/superurop/cert-issuer/data/work
INFO - Processing 2 certificates under work path=/Users/itinawi/superurop/cert-issuer/data/work
WARNING - [Errno 2] No such file or directory: '/Users/itinawi/Library/Application Support/Bitcoin/bitcoin.conf'
WARNING - [Errno 2] No such file or directory: '/Users/itinawi/Library/Application Support/Bitcoin/bitcoin.conf'
WARNING - address mt8vRAdRifBTrCsA4Ja1SK2DwNLknbsqVZ has a balance of 0
WARNING - address mt8vRAdRifBTrCsA4Ja1SK2DwNLknbsqVZ has a balance of 0
INFO - Total cost will be 133500 satoshis
INFO - Total cost will be 133500 satoshis
ERROR - Please add 133500 satoshis to the address mt8vRAdRifBTrCsA4Ja1SK2DwNLknbsqVZ
ERROR - Please add 133500 satoshis to the address mt8vRAdRifBTrCsA4Ja1SK2DwNLknbsqVZ
Traceback (most recent call last):
File "/Users/itinawi/superurop/cert-issuer/venv/bin/cert-issuer", line 11, in
load_entry_point('cert-issuer==2.0.11', 'console_scripts', 'cert-issuer')()
File "/Users/itinawi/superurop/cert-issuer/venv/lib/python3.6/site-packages/cert_issuer-2.0.11-py3.6.egg/cert_issuer/main.py", line 17, in cert_issuer_main
issue_certificates.main(parsed_config)
File "/Users/itinawi/superurop/cert-issuer/venv/lib/python3.6/site-packages/cert_issuer-2.0.11-py3.6.egg/cert_issuer/issue_certificates.py", line 52, in main
return issue(app_config, certificate_batch_handler, transaction_handler)
File "/Users/itinawi/superurop/cert-issuer/venv/lib/python3.6/site-packages/cert_issuer-2.0.11-py3.6.egg/cert_issuer/issue_certificates.py", line 30, in issue
transaction_handler.ensure_balance()
File "/Users/itinawi/superurop/cert-issuer/venv/lib/python3.6/site-packages/cert_issuer-2.0.11-py3.6.egg/cert_issuer/bitcoin/transaction_handlers.py", line 51, in ensure_balance
raise InsufficientFundsError(error_message)
cert_issuer.errors.InsufficientFundsError: Please add 133500 satoshis to the address mt8vRAdRifBTrCsA4Ja1SK2DwNLknbsqVZ

Merge v2 issuer

Refactor blockchain connectors into a separate library

There is some duplication between this and other libraries like cert-verifier. Refactor this for reuse.

Switch docs so they can be seen in wiki and mkdocs/readthedocs

Cert-issuer Ethereum testnet setup failing

I followed the steps here to build the docker container for cert-issuer, and also replacing libressl-dev for openssl-dev to overcome the errors I got, as shown here.

Then after running this (using python3.6 with virtualenv):

(venv) bash-4.3# python setup.py experimental --blockchain=ethereum

I got this error:

ethereum 2.3.2 has requirement rlp<2.0.0,>=1.0.1, but you'll have rlp 0.6.0 which is incompatible.
Installing collected packages: rlp
  Found existing installation: rlp 1.0.2
    Uninstalling rlp-1.0.2:
      Successfully uninstalled rlp-1.0.2
Successfully installed rlp-0.6.0

I found this which suggests adding rlp<1 to "ethereum_requirements.txt", but it is already added, so I changed "rlp<1" to "rlp>=1" and the setup seemed to complete successfully.

Then I get this error, after running:

(venv) bash-4.3# cert-issuer -c /etc/cert-issuer/conf.ini

...

Traceback (most recent call last):
  File "/usr/bin/cert-issuer", line 11, in <module>
    load_entry_point('cert-issuer==2.0.15', 'console_scripts', 'cert-issuer')()
  File "/usr/lib/python3.6/site-packages/cert_issuer/__main__.py", line 17, in cert_issuer_main
    issue_certificates.main(parsed_config)
  File "/usr/lib/python3.6/site-packages/cert_issuer/issue_certificates.py", line 36, in main
    return issue(app_config, certificate_batch_handler, transaction_handler)
  File "/usr/lib/python3.6/site-packages/cert_issuer/issue_certificates.py", line 22, in issue
    tx_id = issuer.issue(app_config.chain)
  File "/usr/lib/python3.6/site-packages/cert_issuer/issuer.py", line 27, in issue
    txid = self.transaction_handler.issue_transaction(blockchain_bytes)
  File "/usr/lib/python3.6/site-packages/cert_issuer/blockchain_handlers/ethereum/transaction_handlers.py", line 61, in issue_transaction
    self.verify_transaction(signed_tx, eth_data_field)
  File "/usr/lib/python3.6/site-packages/cert_issuer/blockchain_handlers/ethereum/transaction_handlers.py", line 92, in verify_transaction
    tx_utils.verify_eth_transaction(signed_tx, eth_data_field)
  File "/usr/lib/python3.6/site-packages/cert_issuer/blockchain_handlers/ethereum/tx_utils.py", line 24, in verify_eth_transaction
    for s in signed_hextx.split('80a0'):
  AttributeError: 'dict' object has no attribute 'split'

Previously reported this in the Community forum in this post and posting it here as requested.

Thanks.

Add documentation around other setups

e.g. testnet bitcoind configurations. This is currently in an old docs repo and they need to be updated before adding.

Fix setup.py and Dockerfile

The environment setup in the Docker image isn't correct -- the main issuer module can't be found without performing additional steps. I've added steps to the docs to work around this, but I want to automate away the manual steps

RLP update breaks PyEthereum

Error:

Traceback (most recent call last):
File “/usr/bin/cert-issuer”, line 11, in 
load_entry_point(‘cert-issuer==2.0.12’, ‘console_scripts’, ‘cert-issuer’)()
File “/usr/lib/python3.6/site-packages/cert_issuer/main.py”, line 17, in cert_issuer_main
issue_certificates.main(parsed_config)
File “/usr/lib/python3.6/site-packages/cert_issuer/issue_certificates.py”, line 32, in main
from cert_issuer import ethereum
File “/usr/lib/python3.6/site-packages/cert_issuer/ethereum/init.py”, line 9, in 
from cert_issuer.ethereum.signer import EthereumSigner
File “/usr/lib/python3.6/site-packages/cert_issuer/ethereum/signer.py”, line 2, in 
from ethereum import transactions
File “/usr/lib/python3.6/site-packages/ethereum/init.py”, line 11, in 
from . import slogging # noqa
File “/usr/lib/python3.6/site-packages/ethereum/slogging.py”, line 6, in 
from ethereum.utils import bcolors, is_numeric
File “/usr/lib/python3.6/site-packages/ethereum/utils.py”, line 13, in 
from rlp.utils import decode_hex, encode_hex, ascii_chr, str_to_bytes
ImportError: cannot import name ‘decode_hex’

ethereum/pyethereum#870

Solution for the time being is to force RLP below 1. Once the recent pyethereum ticket is closed, we can try uping the version again.

installation issue while executing 'docker build -t bc/cert-issuer:1.0 .'

Hi, during the installation of cert-issuer, as I execute the following command inside python 3 environment, everything runs smoothly until step (41/41), as it shows error in Running setup.py install for cryptography: finished with status 'error' line;

(PS ; NOTE : already installed 'pip install pyopenssl ndg-httpsclient pyasn1' and 'pip install cryptography'):

(myvenv) dj@home:~/cert-tools/cert-issuer$ docker build -t bc/cert-issuer:1.0 .
Step 1/6 : FROM seegno/bitcoind:0.13-alpine
 ---> 73b9b57b4bd1
Step 2/6 : MAINTAINER Kim Duffy "[email protected]"
 ---> Using cache
 ---> 27cd852f5081
Step 3/6 : COPY . /cert-issuer
 ---> 798eb9b98c8c
Step 4/6 : COPY conf_regtest.ini /etc/cert-issuer/conf.ini
 ---> 5f1780b93c44
Step 5/6 : RUN apk add --update         bash         ca-certificates         curl         gcc         gmp-dev         libffi-dev      
.
.
.

(39/41) Installing python3 (3.6.1-r3)
(40/41) Installing python3-dev (3.6.1-r3)
(41/41) Installing tar (1.29-r1)
Executing busybox-1.26.2-r5.trigger
Executing ca-certificates-20161130-r2.trigger
OK: 249 MiB in 61 packages
Requirement already satisfied: setuptools in /usr/lib/python3.6/site-packages
Requirement already satisfied: pip in /usr/lib/python3.6/site-packages
.
.
.


merkletools 1.0.2 has requirement pysha3==1.0b1, but you'll have pysha3 1.0.2 which is incompatible.
Installing collected packages: urllib3, certifi, chardet, idna, asn1crypto, six, pycparser, cffi, cryptography, pyOpenSSL, requests, pyld, jsonschema, py, pluggy, virtualenv, tox, decorator, validators, cert-schema, configargparse, inflection, click, PyYAML, clickclick, Werkzeug, MarkupSafe, Jinja2, itsdangerous, flask, swagger-spec-validator, connexion, PyMongo, Flask-PyMongo, python-dateutil, pytz, simplekv, cert-core, pysha3, merkletools, chainpoint, glob2, pbr, mock, pycoin, python-bitcoinlib, cert-issuer
  Running setup.py install for pycparser: started
    Running setup.py install for pycparser: finished with status 'done'
  Running setup.py install for cffi: started
    Running setup.py install for cffi: finished with status 'done'
  Running setup.py install for cryptography: started



   Running setup.py install for cryptography: finished with status 'error'
    Complete output from command /usr/bin/python3.6 -u -c "import setuptools, tokenize;__file__='/tmp/pip-install-bns48t_5/cryptography/setup.py';f=getattr(tokenize, 'open', open)(__file__);code=f.read().replace('\r\n', '\n');f.close();exec(compile(code, __file__, 'exec'))" install --record /tmp/pip-record-2xx703v_/install-record.txt --single-version-externally-managed --compile:
    running install
    running build
    running build_py
    creating build
    creating build/lib.linux-x86_64-3.6
    creating build/lib.linux-x86_64-3.6/cryptography
    copying src/cryptography/exceptions.py -> build/lib.linux-x86_64-3.6/cryptography
    copying src/cryptography/utils.py -> build/lib.linux-x86_64-3.6/cryptography
.
.
.
    copying src/cryptography/hazmat/backends/openssl/aead.py -> build/lib.linux-x86_64-3.6/cryptography/hazmat/backends/openssl
    running egg_info
    writing src/cryptography.egg-info/PKG-INFO
    writing dependency_links to src/cryptography.egg-info/dependency_links.txt
    writing requirements to src/cryptography.egg-info/requires.txt
    writing top-level names to src/cryptography.egg-info/top_level.txt
    reading manifest file 'src/cryptography.egg-info/SOURCES.txt'
    reading manifest template 'MANIFEST.in'
    no previously-included directories found matching 'docs/_build'
    warning: no previously-included files matching '*' found under directory 'vectors'
    writing manifest file 'src/cryptography.egg-info/SOURCES.txt'
    running build_ext
    generating cffi module 'build/temp.linux-x86_64-3.6/_padding.c'
    creating build/temp.linux-x86_64-3.6
    generating cffi module 'build/temp.linux-x86_64-3.6/_constant_time.c'
    generating cffi module 'build/temp.linux-x86_64-3.6/_openssl.c'
    building '_openssl' extension
    creating build/temp.linux-x86_64-3.6/build
    creating build/temp.linux-x86_64-3.6/build/temp.linux-x86_64-3.6
    **gcc -Wno-unused-result -Wsign-compare -DNDEBUG -g -fwrapv -O3 -Wall -Wstrict-prototypes -Os -fomit-frame-pointer -Os -fomit-frame-pointer -Os -fomit-frame-pointer -fPIC -I/usr/include/python3.6m -c build/temp.linux-x86_64-3.6/_openssl.c -o build/temp.linux-x86_64-3.6/build/temp.linux-x86_64-3.6/_openssl.o -Wconversion -Wno-error=sign-conversion**
    build/temp.linux-x86_64-3.6/_openssl.c: In function 'dev_urandom_read':
    build/temp.linux-x86_64-3.6/_openssl.c:1540:17: warning: conversion to 'int' from 'ssize_t {aka long int}' may alter its value [-Wconversion]
             size -= n;
                     ^
    build/temp.linux-x86_64-3.6/_openssl.c: In function 'osrandom_rand_bytes':
    build/temp.linux-x86_64-3.6/_openssl.c:1732:21: warning: conversion to 'int' from 'long int' may alter its value [-Wconversion]
                 size -= n;
                         ^
    build/temp.linux-x86_64-3.6/_openssl.c: In function 'SSL_SESSION_get_master_key':
    build/temp.linux-x86_64-3.6/_openssl.c:2155:23: warning: conversion to 'size_t {aka long unsigned int}' from 'int' may change the sign of the result [-Wsign-conversion]
             return session->master_key_length;
                    ~~~~~~~^~~~~~~~~~~~~~~~~~~
    build/temp.linux-x86_64-3.6/_openssl.c:2157:18: warning: conversion to 'size_t {aka long unsigned int}' from 'int' may change the sign of the result [-Wsign-conversion]
             outlen = session->master_key_length;
                      ^~~~~~~
    build/temp.linux-x86_64-3.6/_openssl.c: At top level:
    build/temp.linux-x86_64-3.6/_openssl.c:2269:38: warning: initialization makes integer from pointer without a cast [-Wint-conversion]
     static const long SSL_OP_NO_DTLSv1 = NULL;
                                          ^~~~
    build/temp.linux-x86_64-3.6/_openssl.c:2270:40: warning: initialization makes integer from pointer without a cast [-Wint-conversion]
     static const long SSL_OP_NO_DTLSv1_2 = NULL;
                                            ^~~~
    build/temp.linux-x86_64-3.6/_openssl.c:2472:7: error: 'X509_VERIFY_PARAM_set1_host' redeclared as different kind of symbol
     int (*X509_VERIFY_PARAM_set1_host)(X509_VERIFY_PARAM *, const char *,
           ^~~~~~~~~~~~~~~~~~~~~~~~~~~
    In file included from /usr/include/openssl/x509.h:595:0,
                     from /usr/include/openssl/engine.h:96,
                     from build/temp.linux-x86_64-3.6/_openssl.c:572:
    /usr/include/openssl/x509_vfy.h:545:5: note: previous declaration of 'X509_VERIFY_PARAM_set1_host' was here
     int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param, const char *name,
         ^~~~~~~~~~~~~~~~~~~~~~~~~~~
    build/temp.linux-x86_64-3.6/_openssl.c:2478:7: error: 'X509_VERIFY_PARAM_set1_ip_asc' redeclared as different kind of symbol
     int (*X509_VERIFY_PARAM_set1_ip_asc)(X509_VERIFY_PARAM *, const char *) = NULL;
           ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    In file included from /usr/include/openssl/x509.h:595:0,
                     from /usr/include/openssl/engine.h:96,
                     from build/temp.linux-x86_64-3.6/_openssl.c:572:
    /usr/include/openssl/x509_vfy.h:547:5: note: previous declaration of 'X509_VERIFY_PARAM_set1_ip_asc' was here
     int X509_VERIFY_PARAM_set1_ip_asc(X509_VERIFY_PARAM *param, const char *ipasc);
         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    build/temp.linux-x86_64-3.6/_openssl.c: In function 'init_mutexes':
    build/temp.linux-x86_64-3.6/_openssl.c:2607:19: warning: comparison between signed and unsigned integer expressions [-Wsign-compare]
         for (i = 0; i < _ssl_locks_count; i++) {
                       ^
    build/temp.linux-x86_64-3.6/_openssl.c: In function '_setup_ssl_threads':
    build/temp.linux-x86_64-3.6/_openssl.c:2615:28: warning: conversion to 'unsigned int' from 'int' may change the sign of the result [-Wsign-conversion]
             _ssl_locks_count = CRYPTO_num_locks();
                                ^~~~~~~~~~~~~~~~
    build/temp.linux-x86_64-3.6/_openssl.c: In function 'Cryptography_pem_password_cb':
    build/temp.linux-x86_64-3.6/_openssl.c:2648:35: warning: conversion to 'size_t {aka long unsigned int}' from 'int' may change the sign of the result [-Wsign-conversion]
             memcpy(buf, st->password, st->length);
                                       ^~
    build/temp.linux-x86_64-3.6/_openssl.c: In function '_cffi_d_DTLS_get_link_min_mtu':
    build/temp.linux-x86_64-3.6/_openssl.c:22451:10: warning: return makes integer from pointer without a cast [-Wint-conversion]
       return DTLS_get_link_min_mtu(x0);
              ^~~~~~~~~~~~~~~~~~~~~~~~~
    build/temp.linux-x86_64-3.6/_openssl.c: In function '_cffi_f_DTLS_get_link_min_mtu':
    build/temp.linux-x86_64-3.6/_openssl.c:22474:12: warning: assignment makes integer from pointer without a cast [-Wint-conversion]
       { result = DTLS_get_link_min_mtu(x0); }
                ^
    build/temp.linux-x86_64-3.6/_openssl.c: In function '_cffi_d_DTLS_set_link_mtu':
    build/temp.linux-x86_64-3.6/_openssl.c:22535:10: warning: return makes integer from pointer without a cast [-Wint-conversion]
       return DTLS_set_link_mtu(x0, x1);
              ^~~~~~~~~~~~~~~~~~~~~~~~~
    build/temp.linux-x86_64-3.6/_openssl.c: In function '_cffi_f_DTLS_set_link_mtu':
    build/temp.linux-x86_64-3.6/_openssl.c:22568:12: warning: assignment makes integer from pointer without a cast [-Wint-conversion]
       { result = DTLS_set_link_mtu(x0, x1); }
                ^
    build/temp.linux-x86_64-3.6/_openssl.c: In function '_cffi_d_SSL_CTX_add_extra_chain_cert':
    build/temp.linux-x86_64-3.6/_openssl.c:46134:10: warning: conversion to 'long unsigned int' from 'long int' may change the sign of the result [-Wsign-conversion]
       return SSL_CTX_add_extra_chain_cert(x0, x1);
              ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
    build/temp.linux-x86_64-3.6/_openssl.c: In function '_cffi_f_SSL_CTX_add_extra_chain_cert':
    build/temp.linux-x86_64-3.6/_openssl.c:46174:14: warning: conversion to 'long unsigned int' from 'long int' may change the sign of the result [-Wsign-conversion]
       { result = SSL_CTX_add_extra_chain_cert(x0, x1); }
                  ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
    build/temp.linux-x86_64-3.6/_openssl.c: In function '_cffi_d_SSL_CTX_clear_options':
    build/temp.linux-x86_64-3.6/_openssl.c:46223:10: warning: conversion to 'long int' from 'long unsigned int' may change the sign of the result [-Wsign-conversion]
       return SSL_CTX_clear_options(x0, x1);
              ^~~~~~~~~~~~~~~~~~~~~
    build/temp.linux-x86_64-3.6/_openssl.c:46223:10: warning: conversion to 'long unsigned int' from 'long int' may change the sign of the result [-Wsign-conversion]
    build/temp.linux-x86_64-3.6/_openssl.c: In function '_cffi_f_SSL_CTX_clear_options':
    build/temp.linux-x86_64-3.6/_openssl.c:46256:14: warning: conversion to 'long int' from 'long unsigned int' may change the sign of the result [-Wsign-conversion]
       { result = SSL_CTX_clear_options(x0, x1); }
                  ^~~~~~~~~~~~~~~~~~~~~
    build/temp.linux-x86_64-3.6/_openssl.c:46256:14: warning: conversion to 'long unsigned int' from 'long int' may change the sign of the result [-Wsign-conversion]
    build/temp.linux-x86_64-3.6/_openssl.c: In function '_cffi_d_SSL_CTX_get_mode':
    build/temp.linux-x86_64-3.6/_openssl.c:46508:10: warning: conversion to 'long unsigned int' from 'long int' may change the sign of the result [-Wsign-conversion]
       return SSL_CTX_get_mode(x0);
              ^~~~~~~~~~~~~~~~
    build/temp.linux-x86_64-3.6/_openssl.c: In function '_cffi_f_SSL_CTX_get_mode':
    build/temp.linux-x86_64-3.6/_openssl.c:46531:14: warning: conversion to 'long unsigned int' from 'long int' may change the sign of the result [-Wsign-conversion]
       { result = SSL_CTX_get_mode(x0); }
                  ^~~~~~~~~~~~~~~~
    build/temp.linux-x86_64-3.6/_openssl.c: In function '_cffi_d_SSL_CTX_get_options':
    build/temp.linux-x86_64-3.6/_openssl.c:46544:10: warning: conversion to 'long unsigned int' from 'long int' may change the sign of the result [-Wsign-conversion]
       return SSL_CTX_get_options(x0);
              ^~~~~~~~~~~~~~~~~~~
    build/temp.linux-x86_64-3.6/_openssl.c: In function '_cffi_f_SSL_CTX_get_options':
    build/temp.linux-x86_64-3.6/_openssl.c:46567:14: warning: conversion to 'long unsigned int' from 'long int' may change the sign of the result [-Wsign-conversion]
       { result = SSL_CTX_get_options(x0); }
                  ^~~~~~~~~~~~~~~~~~~
    build/temp.linux-x86_64-3.6/_openssl.c: In function '_cffi_d_SSL_CTX_get_session_cache_mode':
    build/temp.linux-x86_64-3.6/_openssl.c:46616:10: warning: conversion to 'long unsigned int' from 'long int' may change the sign of the result [-Wsign-conversion]
       return SSL_CTX_get_session_cache_mode(x0);
              ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    build/temp.linux-x86_64-3.6/_openssl.c: In function '_cffi_f_SSL_CTX_get_session_cache_mode':
    build/temp.linux-x86_64-3.6/_openssl.c:46639:14: warning: conversion to 'long unsigned int' from 'long int' may change the sign of the result [-Wsign-conversion]
       { result = SSL_CTX_get_session_cache_mode(x0); }
                  ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    build/temp.linux-x86_64-3.6/_openssl.c: In function '_cffi_d_SSL_CTX_set_cookie_verify_cb':
    build/temp.linux-x86_64-3.6/_openssl.c:47913:36: warning: passing argument 2 of 'SSL_CTX_set_cookie_verify_cb' from incompatible pointer type [-Wincompatible-pointer-types]
       SSL_CTX_set_cookie_verify_cb(x0, x1);
                                        ^~
    In file included from build/temp.linux-x86_64-3.6/_openssl.c:712:0:
    /usr/include/openssl/ssl.h:760:6: note: expected 'int (*)(SSL *, unsigned char *, unsigned int) {aka int (*)(struct ssl_st *, unsigned char *, unsigned int)}' but argument is of type 'int (*)(SSL *, const unsigned char *, unsigned int) {aka int (*)(struct ssl_st *, const unsigned char *, unsigned int)}'
     void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx,
          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
    build/temp.linux-x86_64-3.6/_openssl.c: In function '_cffi_f_SSL_CTX_set_cookie_verify_cb':
    build/temp.linux-x86_64-3.6/_openssl.c:47945:38: warning: passing argument 2 of 'SSL_CTX_set_cookie_verify_cb' from incompatible pointer type [-Wincompatible-pointer-types]
       { SSL_CTX_set_cookie_verify_cb(x0, x1); }
                                          ^~
    In file included from build/temp.linux-x86_64-3.6/_openssl.c:712:0:
    /usr/include/openssl/ssl.h:760:6: note: expected 'int (*)(SSL *, unsigned char *, unsigned int) {aka int (*)(struct ssl_st *, unsigned char *, unsigned int)}' but argument is of type 'int (*)(SSL *, const unsigned char *, unsigned int) {aka int (*)(struct ssl_st *, const unsigned char *, unsigned int)}'
     void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx,
          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
    build/temp.linux-x86_64-3.6/_openssl.c: In function '_cffi_d_SSL_CTX_set_mode':
    build/temp.linux-x86_64-3.6/_openssl.c:48245:10: warning: conversion to 'long int' from 'long unsigned int' may change the sign of the result [-Wsign-conversion]
       return SSL_CTX_set_mode(x0, x1);
              ^~~~~~~~~~~~~~~~
    build/temp.linux-x86_64-3.6/_openssl.c:48245:10: warning: conversion to 'long unsigned int' from 'long int' may change the sign of the result [-Wsign-conversion]
    build/temp.linux-x86_64-3.6/_openssl.c: In function '_cffi_f_SSL_CTX_set_mode':
    build/temp.linux-x86_64-3.6/_openssl.c:48278:14: warning: conversion to 'long int' from 'long unsigned int' may change the sign of the result [-Wsign-conversion]
       { result = SSL_CTX_set_mode(x0, x1); }
                  ^~~~~~~~~~~~~~~~
    build/temp.linux-x86_64-3.6/_openssl.c:48278:14: warning: conversion to 'long unsigned int' from 'long int' may change the sign of the result [-Wsign-conversion]
    build/temp.linux-x86_64-3.6/_openssl.c: In function '_cffi_d_SSL_CTX_set_options':
    build/temp.linux-x86_64-3.6/_openssl.c:48409:10: warning: conversion to 'long int' from 'long unsigned int' may change the sign of the result [-Wsign-conversion]
       return SSL_CTX_set_options(x0, x1);
              ^~~~~~~~~~~~~~~~~~~
    build/temp.linux-x86_64-3.6/_openssl.c:48409:10: warning: conversion to 'long unsigned int' from 'long int' may change the sign of the result [-Wsign-conversion]
    build/temp.linux-x86_64-3.6/_openssl.c: In function '_cffi_f_SSL_CTX_set_options':
    build/temp.linux-x86_64-3.6/_openssl.c:48442:14: warning: conversion to 'long int' from 'long unsigned int' may change the sign of the result [-Wsign-conversion]
       { result = SSL_CTX_set_options(x0, x1); }
                  ^~~~~~~~~~~~~~~~~~~
    build/temp.linux-x86_64-3.6/_openssl.c:48442:14: warning: conversion to 'long unsigned int' from 'long int' may change the sign of the result [-Wsign-conversion]
    In file included from build/temp.linux-x86_64-3.6/_openssl.c:712:0:
    build/temp.linux-x86_64-3.6/_openssl.c: In function '_cffi_d_SSL_CTX_set_session_cache_mode':
    build/temp.linux-x86_64-3.6/_openssl.c:48593:45: warning: conversion to 'long int' from 'long unsigned int' may change the sign of the result [-Wsign-conversion]
       return SSL_CTX_set_session_cache_mode(x0, x1);
                                                 ^
    build/temp.linux-x86_64-3.6/_openssl.c:48593:10: warning: conversion to 'long unsigned int' from 'long int' may change the sign of the result [-Wsign-conversion]
       return SSL_CTX_set_session_cache_mode(x0, x1);
              ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    In file included from build/temp.linux-x86_64-3.6/_openssl.c:712:0:
    build/temp.linux-x86_64-3.6/_openssl.c: In function '_cffi_f_SSL_CTX_set_session_cache_mode':
    build/temp.linux-x86_64-3.6/_openssl.c:48626:49: warning: conversion to 'long int' from 'long unsigned int' may change the sign of the result [-Wsign-conversion]
       { result = SSL_CTX_set_session_cache_mode(x0, x1); }
                                                     ^
    build/temp.linux-x86_64-3.6/_openssl.c:48626:14: warning: conversion to 'long unsigned int' from 'long int' may change the sign of the result [-Wsign-conversion]
       { result = SSL_CTX_set_session_cache_mode(x0, x1); }
                  ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    build/temp.linux-x86_64-3.6/_openssl.c: In function '_cffi_d_SSL_CTX_set_tmp_dh':
    build/temp.linux-x86_64-3.6/_openssl.c:48995:10: warning: conversion to 'long unsigned int' from 'long int' may change the sign of the result [-Wsign-conversion]
       return SSL_CTX_set_tmp_dh(x0, x1);
              ^~~~~~~~~~~~~~~~~~
    build/temp.linux-x86_64-3.6/_openssl.c: In function '_cffi_f_SSL_CTX_set_tmp_dh':
    build/temp.linux-x86_64-3.6/_openssl.c:49035:14: warning: conversion to 'long unsigned int' from 'long int' may change the sign of the result [-Wsign-conversion]
       { result = SSL_CTX_set_tmp_dh(x0, x1); }
                  ^~~~~~~~~~~~~~~~~~
    build/temp.linux-x86_64-3.6/_openssl.c: In function '_cffi_d_SSL_CTX_set_tmp_ecdh':
    build/temp.linux-x86_64-3.6/_openssl.c:49048:10: warning: conversion to 'long unsigned int' from 'long int' may change the sign of the result [-Wsign-conversion]
       return SSL_CTX_set_tmp_ecdh(x0, x1);
              ^~~~~~~~~~~~~~~~~~~~
    build/temp.linux-x86_64-3.6/_openssl.c: In function '_cffi_f_SSL_CTX_set_tmp_ecdh':
    build/temp.linux-x86_64-3.6/_openssl.c:49088:14: warning: conversion to 'long unsigned int' from 'long int' may change the sign of the result [-Wsign-conversion]
       { result = SSL_CTX_set_tmp_ecdh(x0, x1); }
                  ^~~~~~~~~~~~~~~~~~~~
    build/temp.linux-x86_64-3.6/_openssl.c: In function '_cffi_d_SSL_get_mode':
    build/temp.linux-x86_64-3.6/_openssl.c:50981:10: warning: conversion to 'long unsigned int' from 'long int' may change the sign of the result [-Wsign-conversion]
       return SSL_get_mode(x0);
              ^~~~~~~~~~~~
    build/temp.linux-x86_64-3.6/_openssl.c: In function '_cffi_f_SSL_get_mode':
    build/temp.linux-x86_64-3.6/_openssl.c:51004:14: warning: conversion to 'long unsigned int' from 'long int' may change the sign of the result [-Wsign-conversion]
       { result = SSL_get_mode(x0); }
                  ^~~~~~~~~~~~
    build/temp.linux-x86_64-3.6/_openssl.c: In function '_cffi_d_SSL_get_options':
    build/temp.linux-x86_64-3.6/_openssl.c:51017:10: warning: conversion to 'long unsigned int' from 'long int' may change the sign of the result [-Wsign-conversion]
       return SSL_get_options(x0);
              ^~~~~~~~~~~~~~~
    build/temp.linux-x86_64-3.6/_openssl.c: In function '_cffi_f_SSL_get_options':
    build/temp.linux-x86_64-3.6/_openssl.c:51040:14: warning: conversion to 'long unsigned int' from 'long int' may change the sign of the result [-Wsign-conversion]
       { result = SSL_get_options(x0); }
                  ^~~~~~~~~~~~~~~
    build/temp.linux-x86_64-3.6/_openssl.c: In function '_cffi_d_SSL_set_mode':
    build/temp.linux-x86_64-3.6/_openssl.c:52816:10: warning: conversion to 'long int' from 'long unsigned int' may change the sign of the result [-Wsign-conversion]
       return SSL_set_mode(x0, x1);
              ^~~~~~~~~~~~
    build/temp.linux-x86_64-3.6/_openssl.c:52816:10: warning: conversion to 'long unsigned int' from 'long int' may change the sign of the result [-Wsign-conversion]
    build/temp.linux-x86_64-3.6/_openssl.c: In function '_cffi_f_SSL_set_mode':
    build/temp.linux-x86_64-3.6/_openssl.c:52849:14: warning: conversion to 'long int' from 'long unsigned int' may change the sign of the result [-Wsign-conversion]
       { result = SSL_set_mode(x0, x1); }
                  ^~~~~~~~~~~~
    build/temp.linux-x86_64-3.6/_openssl.c:52849:14: warning: conversion to 'long unsigned int' from 'long int' may change the sign of the result [-Wsign-conversion]
    build/temp.linux-x86_64-3.6/_openssl.c: In function '_cffi_d_SSL_set_options':
    build/temp.linux-x86_64-3.6/_openssl.c:52862:10: warning: conversion to 'long int' from 'long unsigned int' may change the sign of the result [-Wsign-conversion]
       return SSL_set_options(x0, x1);
              ^~~~~~~~~~~~~~~
    build/temp.linux-x86_64-3.6/_openssl.c:52862:10: warning: conversion to 'long unsigned int' from 'long int' may change the sign of the result [-Wsign-conversion]
    build/temp.linux-x86_64-3.6/_openssl.c: In function '_cffi_f_SSL_set_options':
    build/temp.linux-x86_64-3.6/_openssl.c:52895:14: warning: conversion to 'long int' from 'long unsigned int' may change the sign of the result [-Wsign-conversion]
       { result = SSL_set_options(x0, x1); }
                  ^~~~~~~~~~~~~~~
    build/temp.linux-x86_64-3.6/_openssl.c:52895:14: warning: conversion to 'long unsigned int' from 'long int' may change the sign of the result [-Wsign-conversion]
    error: command 'gcc' failed with exit status 1
    
    ----------------------------------------
Command "/usr/bin/python3.6 -u -c "import setuptools, tokenize;__file__='/tmp/pip-install-bns48t_5/cryptography/setup.py';f=getattr(tokenize, 'open', open)(__file__);code=f.read().replace('\r\n', '\n');f.close();exec(compile(code, __file__, 'exec'))" install --record /tmp/pip-record-2xx703v_/install-record.txt --single-version-externally-managed --compile" failed with error code 1 in /tmp/pip-install-bns48t_5/cryptography/
The command '/bin/sh -c apk add --update         bash         ca-certificates         curl         gcc         gmp-dev         libffi-dev         libressl-dev         linux-headers         make         musl-dev         python         python3         python3-dev         tar     && python3 -m ensurepip     && pip3 install --upgrade pip setuptools     && mkdir -p /etc/cert-issuer/data/unsigned_certificates     && mkdir /etc/cert-issuer/data/blockchain_certificates     && mkdir ~/.bitcoin     && echo $'rpcuser=foo\nrpcpassword=bar\nrpcport=8332\nregtest=1\nrelaypriority=0\nrpcallowip=127.0.0.1\nrpcconnect=127.0.0.1\n' > /root/.bitcoin/bitcoin.conf     && pip3 install /cert-issuer/.     && rm -r /usr/lib/python*/ensurepip     && rm -rf /var/cache/apk/*     && rm -rf /root/.cache     && sed -i.bak s/==1\.0b1/\>=1\.0b1/g /usr/lib/python3.*/site-packages/merkletools-1.0.2-py3.*.egg-info/requires.txt' returned a non-zero code: 1

Request indicate issue. Host OS is Ubuntu 16.04 (on VM) and performed "python3 -m venv myvenv" for my virtual environment.

Regards

Blockcerts as Verifiable Claims

From @kimdhamilton on September 27, 2017 19:35

We want to use the Verifiable Claims schema, but in an Open Badges compatible way; ideally by "integrating" Open Badges with Verifiable Claims directly

Copied from original issue: blockchain-certificates/cert-schema#39

Not working when certificate contains "displayHtml"

I updated the json template with a displayHtml part to work with the android wallet, but I get this error when trying to sign it:

WARNING - Caught exception trying provider <bound method BlockrIOBroadcaster.broadcast_tx of <cert_issuer.bitcoin.connectors.BlockrIOBroadcaster object at 0x7fbecc918e80>>. Trying another. Exception=Expecting value: line 1 column 1 (char 0)

Here is the json that gives this error: https://api.myjson.com/bins/bwvt3

Add exceptions to etherscan errors

Our ethereum connector code throws an error if the response status code is not 200.

Unfortunately, etherscan gives a 200 back even if there's an error on there end. The following is an example of an error being returned back from etherscan:

{‘jsonrpc’: ‘2.0’, ‘error’: {‘code’: -32010, ‘message’: ‘Insufficient funds. The account you tried to send transaction from does not have enough funds. Required 500000000000000 and got: 0.’}, ‘id’: 1}

Would be nice if we could throw and return the message. Otherwise, a INFO - Transaction ID obtained from broadcast through Etherscan: None gets returned.

Some discussion on that here: https://community.blockcerts.org/t/no-transaction-occuring/1142

Merkletools/pysha dependency conflict due to PyChainpoint

Because of the consistent issues popping up on the blockcerts forum over dependency conflicts (such as https://community.blockcerts.org/t/merkletools-pysha-dependency-conflict/1107), I've narrowed down the issue to PyChainpoint requiring a specific version of Merkletools that requires a specific pysha version that classes with other dependencies.

I've opened a ticket with PyChainpoint to use the latest version of Merkletools that would fix this dependency hell for us, but no response (lontivero/PyChainpoint#2)

We have a dockerfile script handle this for us automatically, but when people are running cert-issuer locally, across different environments, it's a pain to try to troubleshoot and deal with as a consumer.

I believe the only course of action to fix this dependency hell is to fork PyChainpoint and upload to pypi with a Requires.txt that has the latest version of Merkletools in it.

Running the dockerfile gives the error

CMD - docker build -t bc/cert-issuer:1.0 .

Expected Result -
successful build...

Actual result -
Error response from daemon: Get https://registry-1.docker.io/v2/seegno/bitcoind/manifests/0.13-alpine: unauthorized: incorrect username or password

Env -
Os - MacOS X
Docker version - Docker version 18.03.1-ce
Python - 3.6

Fix class diagrams to reflect new package structure

Update Ethereum / RLP Dependencies

We first had to demote RLP to <1 since there was problems with the latest version of pyethereum.

However, pyethereum was updated and required a newer version of RLP to be compatible. I haven't had time to play around with which combination of dependencies work, but if we could investigate that and get the most up to date of both working again, that would be great. Currently we forced ethereum and RLP to be a specific version that we know works (issue #107).

Essentially, update dependencies, verify ethereum ropsten/mainnet certs still issue without exception. If not, then play around with combinations or leave as is until they are both cooperative again.

Merkle tree in version 2

Hello,
By reading the MIT blog in https://medium.com/mit-media-lab/what-we-learned-from-designing-an-academic-certificates-system-on-the-blockchain-34ba5874f196, you mention that in version 2 you would use a Merkle for storage of certificates.
Since this tree would be a single transaction in the blockchain, how do you proceed when the user wants to add a new certificate? A new node is created with the existing node content plus the new data? How is the old node exluded from further validations?
Regards,
Cláudio Ramos

Issue to Ethereum blockchain

This assumes we're using the current style of Merkle tree batch issuance. Requires updating

cert-issuer
cert-schema
cert-verifier-js (and cert-verifier, but lower priority)

This can be broken into several issues.

Expose configuration option for batch revoke and/or per-recipient revoke output

Update v2 issuing to use chainpoint v2

certificate not being able to be issued

when i am executing the command :
cert-issuer -c /etc/cert-issuer/conf.ini

I am getting following errors:

WARNING:root:Your app is configured to skip the wifi check when the USB is plugged in. Read the documentation to ensure this is what you want, since this is less secure
INFO:root:Processing 0 certificates
INFO - Processing 0 certificates
INFO:root:Processing 0 certificates under work path=/etc/cert-issuer/work
INFO - Processing 0 certificates under work path=/etc/cert-issuer/work
INFO:root:Signing certificates...
INFO - Signing certificates...
INFO:root:Set cost constants to recommended_tx_fee=0.000600,min_per_output=0.000028,satoshi_per_byte=250
INFO - Set cost constants to recommended_tx_fee=0.000600,min_per_output=0.000028,satoshi_per_byte=250
INFO:root:Total cost will be 84250 satoshis
INFO - Total cost will be 84250 satoshis
INFO:root:Preparing certificate batch
INFO - Preparing certificate batch
INFO:root:Signing certificates
INFO - Signing certificates
INFO:root:Starting finalizable transaction signer
INFO - Starting finalizable transaction signer
WARNING:root:app is configured to skip the wifi check when the USB is plugged in. Read the documentation to ensure this is what you want, since this is less secure
WARNING - app is configured to skip the wifi check when the USB is plugged in. Read the documentation to ensure this is what you want, since this is less secure
INFO:root:Stopping finalizable transaction signer
INFO - Stopping finalizable transaction signer
WARNING:root:app is configured to skip the wifi check when the USB is plugged in. Read the documentation to ensure this is what you want, since this is less secure
WARNING - app is configured to skip the wifi check when the USB is plugged in. Read the documentation to ensure this is what you want, since this is less secure
INFO:root:Preparing certificate batch
INFO - Preparing certificate batch
INFO:root:Issuing the certificates on the blockchain
INFO - Issuing the certificates on the blockchain
Traceback (most recent call last):
File "/usr/bin/cert-issuer", line 11, in
load_entry_point('cert-issuer==0.0.7', 'console_scripts', 'cert-issuer')()
File "/usr/lib/python3.5/site-packages/cert_issuer/main.py", line 17, in cert_issuer_main
issue_certificates.main(parsed_config)
File "/usr/lib/python3.5/site-packages/cert_issuer/issue_certificates.py", line 67, in main
tx_id = issuer.issue_certificates()
File "/usr/lib/python3.5/site-packages/cert_issuer/issuer.py", line 114, in issue_certificates
tx_id = self.issue_on_blockchain()
File "/usr/lib/python3.5/site-packages/cert_issuer/issuer.py", line 43, in issue_on_blockchain
op_return_value_bytes = unhexlify(self.tree.get_merkle_root())
File "/usr/lib/python3.5/site-packages/cert_issuer/helpers.py", line 17, in unhexlify
def unhexlify(hex_string): return binascii.unhexlify(hex_string.encode('utf8'))
AttributeError: 'NoneType' object has no attribute 'encode'

Running from source code

I have followed the directions to setup the cert-issuer from source code and got to the step when I need to actually run 'python cert-issuer -c conf_ethtest.ini'. I get this error:

/usr/local/Cellar/python/3.6.5/Frameworks/Python.framework/Versions/3.6/Resources/Python.app/Contents/MacOS/Python: can't open file 'cert-issuer': [Errno 2] No such file or directory

I tried running form the root folder (cert-issuer) and from one folder up, same error. What am I missing?

Broadcast through multiple sources

When pushing a transaction to the bitcoin network, it's better to push through as many broadcasters as possible. The results are the same, and it can reduce the time to get a confirmation. Also, it will avoid failure in the issuing process if a single broadcaster is experiencing issues.

unable to request new issue

I requested digital certificate using cert-viewer repository but Im unable to issue the certificate, and it returns "Unhandled exception: localhost:27017: [Errno 111] Connection refused" on http://localhost:5000/request .
Suggest me what change I need to correct it.

Missing input for broadcasting

I am trying to issue certificate on bitcoin testnet. I have created cert template based on https://github.com/blockchain-certificates/cert-tools.

When i try to run “cert-issuer -c conf.ini” these warning are shown after some hex values:

`WARNING - Caught exception trying provider <bound method BlockrIOBroadcaster.broadcast_tx of <cert_issuer.blockchain_handlers.bitcoin.connectors.BlockrIOBroadcaster object at 0x7fea30293cc0>>. Trying another. Exception=Expecting value: line 1 column 1 (char 0)

ERROR - Error broadcasting the transaction through the BlockExplorer API. Error msg: Missing inputs. Code:-25`

It seems like I am missing the input for the API but I am not sure which input and how do I change it. Any suggestion on how to solve this error?Thanks

Ensure Blockcerts LD context is up to date with all vocab

e.g. ETHData

Getting error when I created certificates using testnet address.

Getting this error: Not a valid certificate. Transaction occurred at time when issuing address was not considered valid.

@vocab is not working

@vocab works during template creation and certificate batch creation but fails the schema check during issuing.

Cert-Issuer through MainNet

Hello,

First off, thanks for the great work on the project. I started integrating with the system a week back and till now it has worked like charm.
I have few question before using it on mainnet:

a) For issuing on mainNet, link suggested method is to use USB. Any way I can overwrite this? What if I give a path to a cert-issuer directory like in regtest, will it still work?

b) Is the instruction given [here]((https://github.com/blockchain-certificates/cert-issuer/blob/master/docs/bitcoin_options.md) are latest? Asking this because first advanced docs link (Overview of issuing options) from Readme returns 404.

c) Can I just update docker generated conf.ini at /etc/cert-issuer/work to have mainnet as bitcoin_chain and other accounts id accordingly. Will it then make a transaction on mainnet? Because this doc suggest python cert-issuer -c conf.ini if i have installed package. which method is more recommended docker or package installation?

Please let me know if this is not a right place to ask above question. I will delete it and post it where you will recommend.

Best,
Deep

install of Ethereum version fails on requests[security]

Hi,

When running python setup.py experimental --blockchain=ethereum I'm stuck here, any idea ?

Installing collected packages: idna, urllib3, chardet, certifi, six, pycparser, cffi, enum34, asn1crypto, ipaddress, cryptography, pyOpenSSL, requests
Traceback (most recent call last):
  File "setup.py", line 70, in <module>
    packages=find_packages()
  File "/usr/lib/python2.7/distutils/core.py", line 151, in setup
    dist.run_commands()
  File "/usr/lib/python2.7/distutils/dist.py", line 953, in run_commands
    self.run_command(cmd)
  File "/usr/lib/python2.7/distutils/dist.py", line 972, in run_command
    cmd_obj.run()
  File "setup.py", line 44, in run
    install(reqs)
  File "setup.py", line 48, in install
    subprocess.check_call([sys.executable, '-m', 'pip', 'install', package])
  File "/usr/lib/python2.7/subprocess.py", line 186, in check_call
    raise CalledProcessError(retcode, cmd)
subprocess.CalledProcessError: Command '['/usr/bin/python', '-m', 'pip', 'install', 'requests[security]>=2.18.4\n']' returned non-zero exit status -11

If of any help, running python -m requests.help gives me:

{
  "chardet": {
    "version": "3.0.4"
  }, 
  "cryptography": {
    "version": "2.2.2"
  }, 
  "idna": {
    "version": "2.7"
  }, 
  "implementation": {
    "name": "CPython", 
    "version": "2.7.13"
  }, 
  "platform": {
    "release": "4.9.0-6-amd64", 
    "system": "Linux"
  }, 
  "pyOpenSSL": {
    "openssl_version": "1010008f", 
    "version": "18.0.0"
  }, 
  "requests": {
    "version": "2.19.1"
  }, 
  "system_ssl": {
    "version": "1010006f"
  }, 
  "urllib3": {
    "version": "1.23"
  }, 
  "using_pyopenssl": true
}

Namespace and dependency conflicts when running cert-issuer in a local environment

When running cert-issuer in a local environment (virtual or otherwise) or an IDE, the error Module not found: bitcoin.rpc is a frequent occurrence. This does not happen in the Docker build. This also happens with Ethereum libraries.

The reason for this is that we have a couple of submodules named bitcoin and ethereum, the purpose of which is to act as drivers for our interoperation with existing third-party libraries. Whenever they are referenced from within the module context, they are called cert_issuer.bitcoin and cert_issuer.ethereum, which yields no collision. However, when running from an IDE, the cert_issuer prefix gets stripped off, resulting in the submodules being referenced as root-level modules named bitcoin and ethereum. The result is a namespace conflict and in the case of Python's module resolution, the first on the PYTHONPATH wins.

blockchain-certificates / cert-issuer Goto Github PK

cert-issuer's People

Contributors

Stargazers

Watchers

Forkers

cert-issuer's Issues

Recommend Projects

Recommend Topics

Recommend Org

Jobs