-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathgreen-pass-access.py
executable file
·366 lines (308 loc) · 10.5 KB
/
green-pass-access.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
#!/usr/bin/python3
#sudo apt-get install pcscd
# sudo apt-get install libccid
# sudo apt-get install opensc
#sudo apt-get install swig
#sudo apt-get install python3-pyscard
from smartcard.System import readers
#sudo apt-get install python3-opencv python3-sip libjasper-dev libatlas-base-dev -y
#pip3 install opencv-contrib-python==4.1.0.25
import cv2
from PIL import Image
import beepy as beep
import subprocess
import array
import json
import os
import sys
import time
from datetime import datetime
relay = 17
cfgfile = os.path.abspath(os.path.dirname(sys.argv[0]))+"/green-pass.json"
logfile = os.path.abspath(os.path.dirname(sys.argv[0]))+"/green-pass.log"
try:
import RPi.GPIO as GPIO
GPIO.setmode(GPIO.BCM)
GPIO.setup(relay, GPIO.OUT)
rpi = True
except:
rpi = False
config = {}
reader = None
try:
r = readers()
if len(r) == 0:
print("No card reader found")
sys.exit()
reader = r[0]
#print("Sto usando: "+str(reader))
except:
print("Undefined error loading Smart Card Reader")
pass
def getConfig():
global cfgfile
global config
text_file = open(cfgfile, "r")
mytext = text_file.read()
text_file.close()
config = json.loads(mytext)
def open_door():
global relay
if rpi:
GPIO.output(relay, GPIO.LOW)
time.sleep(0.1)
GPIO.output(relay, GPIO.HIGH)
time.sleep(1)
GPIO.output(relay, GPIO.LOW)
def checkGP_text(gpText):
#Thanks to: https://github.com/panzi/verify-ehc
#process = subprocess.Popen([os.path.abspath(os.path.dirname(sys.argv[0]))+'/verify-ehc/verify_ehc.py', "'gpText'"], stdout=subprocess.PIPE)
#stdout = process.communicate()[0]
#myoutput = stdout.decode('ascii')
tmpfile = '/tmp/greenpass.json'
os.system(os.path.abspath(os.path.dirname(sys.argv[0]))+"/verify-ehc/verify_ehc.py '"+gpText+"' > "+tmpfile)
text_file = open(tmpfile, "r")
myoutput = text_file.read()
text_file.close()
GPdata = {}
GPpayload = ""
payl = False
for line in myoutput.split("\n"):
if "Is Expired" in line:
if "False" in line:
GPdata["expired"] = False
else:
GPdata["expired"] = True
if "Signature Valid" in line:
if "True" in line:
GPdata["signature_valid"] = True
else:
GPdata["signature_valid"] = False
if payl:
GPpayload = GPpayload + line
if "Payload" in line:
payl = True
GPdata["payload"] = json.loads(GPpayload.replace("\n", "").replace("\r", ""))
return GPdata
def getTSdata():
#Thanks to: https://www.mmxforge.net/index.php/sviluppo/python/item/9-lettura-dei-dati-della-tessera-sanitaria-con-python
global reader
try:
connection = reader.createConnection()
connection.connect()
except:
return {}
#Seleziona del MF
#CLS 00, istruzione A4 (seleziona file), P1 = P2 = 0 (seleziona per ID),
#Lc: 2, Data: 3F00 (id del MF)
SELECT_MF = [0x00, 0xA4, 0x00, 0x00, 0x02, 0x3F, 0x00]
data, sw1, sw2 = connection.transmit(SELECT_MF)
#se tutto è andato a buon fine sw1 e sw2 contengono
#rispettivamente i valori 0x90 e 0x00 il corrispettivo del 200 in HTTP
#Seleziona del DF1...vedi sopra
SELECT_DF1 = [0x00, 0xA4, 0x00, 0x00, 0x02, 0x11, 0x00]
data, sw1, sw2 = connection.transmit(SELECT_DF1)
#Seleziona del file EF.Dati_personali... vedi sopra sopra
SELECT_EF_PERS = [0x00, 0xA4, 0x00, 0x00, 0x02, 0x11, 0x02]
data, sw1, sw2 = connection.transmit(SELECT_EF_PERS)
#leggiamo i dati
#CLS 00, istruzione B0 (leggi i dati binari contenuti nel file
READ_BIN = [0x00, 0xB0, 0x00, 0x00, 0x00, 0x00]
data, sw1, sw2 = connection.transmit(READ_BIN)
#Note:
#https://www.agid.gov.it/sites/default/files/repository_files/documentazione/filesystemcns_20160610.pdf
#https://www.agid.gov.it/sites/default/files/repository_files/documentazione_trasparenza/lineeguidacnsv3.0.pdf
#data contiene i dati anagrafici in formato binario
#trasformiamo il tutto in una stringa
stringa_dati_personali = array.array('B', data).tobytes()
dimensione = int(stringa_dati_personali[0:6],16)
dati_TS = {}
prox_field_size = int(stringa_dati_personali[6:8], base=16)
da = 8
a = da + prox_field_size
if prox_field_size > 0:
codice_emettitore = stringa_dati_personali[da:a]
dati_TS["emettitore"] = str(codice_emettitore.decode("ascii"))
da = a
a +=2
prox_field_size = int(stringa_dati_personali[da:a], base=16)
da=a
a += prox_field_size
if prox_field_size > 0:
data_rilascio_tessera = stringa_dati_personali[da:a]
dati_TS["rilascio"] = str(data_rilascio_tessera[0:2].decode("ascii"))+"/"+str(data_rilascio_tessera[2:4].decode("ascii"))+"/"+str(data_rilascio_tessera[-4:].decode("ascii"))
da = a
a +=2
prox_field_size = int(stringa_dati_personali[da:a], 16)
da=a
a += prox_field_size
if prox_field_size > 0:
data_scadenza_tessera = stringa_dati_personali[da:a]
dati_TS["scadenza"] = str(data_scadenza_tessera[0:2].decode("ascii"))+"/"+str(data_scadenza_tessera[2:4].decode("ascii"))+"/"+str(data_scadenza_tessera[-4:].decode("ascii"))
da = a
a +=2
prox_field_size = int(stringa_dati_personali[da:a], 16)
da=a
a += prox_field_size
if prox_field_size > 0:
cognome = stringa_dati_personali[da:a]
dati_TS["cognome"] = str(cognome.decode("ascii"))
da = a
a +=2
prox_field_size = int(stringa_dati_personali[da:a], 16)
da=a
a += prox_field_size
if prox_field_size > 0:
nome = stringa_dati_personali[da:a]
dati_TS["nome"] = str(nome.decode("ascii"))
da = a
a +=2
prox_field_size = int(stringa_dati_personali[da:a], 16)
da=a
a += prox_field_size
if prox_field_size > 0:
data_nascita = stringa_dati_personali[da:a]
dati_TS["nato"] = str(data_nascita[0:2].decode("ascii"))+"/"+str(data_nascita[2:4].decode("ascii"))+"/"+str(data_nascita[-4:].decode("ascii"))
da = a
a +=2
prox_field_size = int(stringa_dati_personali[da:a], 16)
da=a
a += prox_field_size
if prox_field_size > 0:
sesso = stringa_dati_personali[da:a]
dati_TS["sesso"] = str(sesso.decode("ascii"))
da = a
a +=2
prox_field_size = int(stringa_dati_personali[da:a], 16)
da=a
a += prox_field_size
if prox_field_size > 0:
statura = stringa_dati_personali[da:a]
dati_TS["statura"] = str(statura.decode("ascii"))
da = a
a +=2
prox_field_size = int(stringa_dati_personali[da:a], 16)
da=a
a += prox_field_size
if prox_field_size > 0:
CF = stringa_dati_personali[da:a]
dati_TS["CF"] = str(CF.decode("ascii"))
da = a
a +=2
prox_field_size = int(stringa_dati_personali[da:a], 16)
da=a
a += prox_field_size
if prox_field_size > 0:
cittadinanza = stringa_dati_personali[da:a]
dati_TS["cittadinanza"] = str(cittadinanza.decode("ascii"))
da = a
a +=2
prox_field_size = int(stringa_dati_personali[da:a], 16)
da=a
a += prox_field_size
if prox_field_size > 0:
comune_nascita = stringa_dati_personali[da:a]
dati_TS["comune_nascita"] = str(comune_nascita.decode("ascii"))
da = a
a +=2
prox_field_size = int(stringa_dati_personali[da:a], 16)
da=a
a += prox_field_size
if prox_field_size > 0:
stato_nascita = stringa_dati_personali[da:a]
dati_TS["stato_nascita"] = str(stato_nascita.decode("ascii"))
return dati_TS
def isCertValid(GPdata,TSdata):
global config
valid = True
err = ""
if GPdata["expired"]:
valid = False
err = "Il certificato è scaduto"
if not GPdata["signature_valid"]:
valid = False
err = "Il certificato non è firmato da una autorità sanitaria"
if len(TSdata) > 1:
try:
TSdob = TSdata["nato"].split("/")[2] + "-" + TSdata["nato"].split("/")[1] + "-" + TSdata["nato"].split("/")[0]
except:
TSdob = ""
if GPdata["payload"]["nam"]["fn"].lower() != TSdata["cognome"].lower() or GPdata["payload"]["nam"]["gn"].lower() != TSdata["nome"].lower() or GPdata["payload"]["dob"].lower() != TSdob.lower():
valid = False
err = "Il certificato non appartiene alla persona identificata dalla tessera sanitaria"
else:
valid = False
err = "Certificato valido per "+str(GPdata["payload"]["nam"]["gn"])+ " "+GPdata["payload"]["nam"]["fn"]+" ma nessuna tessera sanitaria rilevata."
if config["interactive"]:
print(err+" Confermi che il certificato appartiene a questa persona?")
ch = input()
if "y" in ch.lower() or "s" in ch.lower():
valid = True
return valid, err
def getQRfromCamera():
global config
# set up camera object
cap = cv2.VideoCapture(0)
# QR code detection object
detector = cv2.QRCodeDetector()
print("Waiting for QR code")
while True:
# get the image
_, img = cap.read()
#qrtools is not available for python3 on buster
cv2.imwrite('/tmp/qrimage.png',img)
process = subprocess.Popen([os.path.abspath(os.path.dirname(sys.argv[0]))+'/qrcodereader-py2.py', '/tmp/qrimage.png'], stdout=subprocess.PIPE)
stdout = process.communicate()[0]
data = stdout.decode('ascii')
## apt install python3-qrtools
#from qrtools.qrtools import QR
#myQR = QR(filename = '/tmp/qrimage.png')
#myQR.decode()
#data = str(myQR.data)
if len(data) > 0 and "NULL" not in data:
break
# display the image preview only if we have Xorg available
xorg = False
if 'DISPLAY' in os.environ and config["screen"]:
if os.environ['DISPLAY'] != None and os.environ['DISPLAY'] != "":
xorg = True
if xorg:
cv2.imshow("code detector", img)
if(cv2.waitKey(1) == ord("q")):
break
time.sleep(0.1)
# free camera object and exit
cap.release()
cv2.destroyAllWindows()
return data
getConfig()
active = True
while active:
beep.beep(4)
gpText = getQRfromCamera()
print("QRcode:"+gpText)
GPdata = checkGP_text(gpText)
#print(GPdata)
TSdata = getTSdata()
#print(TSdata)
val,err = isCertValid(GPdata,TSdata)
msg = ""
status = "ERROR"
if val:
msg = "OK: certificato valido e documento corrispondente per "+str(GPdata["payload"]["nam"]["gn"])+" "+str(GPdata["payload"]["nam"]["fn"])+", puoi entrare."
status = "OK"
beep.beep(5)
open_door()
else:
msg = "ERRORE: "+err
beep.beep(3)
print(msg)
if config["log"]:
try:
cf = TSdata["CF"]
except:
cf = ""
logline = str(datetime.now()) + "," + status + "," + str(cf) +"," + msg
with open(logfile, "a", encoding='utf-8') as myfile:
myfile.write(logline+"\n")
time.sleep(1)