Skip to content

assafshomer/social_verify

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

126 Commits

domain

domain

 
 

networks

networks

 
 

release

release

 
 

shared

shared

 
 

test

test

 
 

.gitignore

.gitignore

 
 

README.md

README.md

 
 

classes.php

classes.php

 
 

json_reader.php

json_reader.php

 
 

release.txt

release.txt

 
 

Repository files navigation

social_verify

php libraries for verifying colored coins asset issuance.

Twitter

Generate API tokens

The helper file twitter_get_tokens.php reaches out to twitter_api for a bearer token and caches it locally on twitter_bearer_token.txt

  • Creat an account and sign in
  • You must add your mobile phone to your Twitter profile before creating an application
  • navigate to https://apps.twitter.com
  • create a new application
  • Website: http://colu.co
  • Callback URL:
  • Navigate to the "Keys and Access Tokens" tab
  • Save the consumer key and consumer secret in a file networks/twitter/twitter_app_secrets.php in the following format:
# networks/twitter/twitter_app_secrets.php
<?php
	define('CONSUMER_KEY', '*****************');
	define('CONSUMER_SECRET', '********************');
?>
  • You don't need to creat an access token
  • The bearer_token files (initially empty) is required
  • Change permissions on the bearer token file
	sudo chmod 777 networks/twitter/twitter_bearer_token.txt

JSON

To verify an asset with e.g. asset id LJEC6Q2h9JKNvZqEC87TbEXvxm4br1uivb2QX the user should

  • Tweet
  • Add something to the asset metadata

Tweet

The user should make a tweet with the following text

	"Verifying issuance of colored coins asset with asset_id: [LJEC6Q2h9JKNvZqEC87TbEXvxm4br1uivb2QX]"

Then go to the tweet as it appears on his feed, click on the "copy link to tweet" on the menu, which looks something like this:

	https://twitter.com/assaf_colu/status/651645990554968064

The information we need is just the numeric id that appears at the end of the link.

Metadata

The asset metadata should include a verifications key with tweet id with the following syntax:

"verifications: {
	"social":{
		"twitter":{
			"pid":"<postID>"
		}
	}
}

In our example this would be

"verifications: {
	"social":{
		"twitter":{
			"pid":"651645990554968064"
		}
	}
}

USE

The function that does the verification is twitter_verify_asset($verifications_json) sitting in verify_tweet.php. It is expecting a verification json input with the following structure:

{
	"social":{
		"twitter":{
			"aid":"<assetID>",
			"pid":"<postID>"
		}
}

In our example this would be

{
	"social":{
		"twitter":{
			"aid":"LJEC6Q2h9JKNvZqEC87TbEXvxm4br1uivb2QX",
			"pid":"651645990554968064"
		}
}

Note that the aid (short for AssetID) is not included in the metadata because the explorer already knows that.

Test

Open test/networks/twitter_test.php in your browser.

Facebook

Generate API token

  • Creat an account and sign in
  • Navigate to https://developers.facebook.com/
  • Click on the My Apps tab
  • Register as a developer
  • Click again on the My Apps tab
  • Create a new application
  • Select the www option and click on the top left skip and create App ID
  • Display Name: coloredcoins
  • Namespace:
  • Category: Finance
  • Answer the kaptcha and create app id
  • Navigate to the Tools & Support tab and select Access Token Tools
  • Copy your app token to the clipboard and save it in a file networks/facebook/fb_app_secrets.php in the following format:
# networks/facebook/fb_app_secrets.txt
<?php
	define('FB_APP_TOKEN', '**************|************');
?>

JSON

To verify an asset the user should

  • Post to the "Colored Coins Asset Verification" page
  • Add something to the asset metadata

POST

  • Log in to facebook
  • Search for the "Colored Coins Asset Verification" page
  • Post the following text to that page
	"Verifying issuance of colored coins asset with asset_id: [<asset ID>]"

For example

	"Verifying issuance of colored coins asset with asset_id: [LJEC6Q2h9JKNvZqEC87TbEXvxm4br1uivb2QX]"
  • After posting you will be redirected to your post
  • Right click on the Timestamp link on the post (right below your user name) and extract the Post ID by selecting "copy link address"

Alt text

  • The link address will look something like:
  https://www.facebook.com/permalink.php?story_fbid=486035954907151&id=486034634907283
  • The Post ID (or Story ID) is the first number 486035954907151
  • Finally, we also need your facebook user ID (or Profile ID). You can get that by visiting this service.

Metadata

The asset metadata should include a verifications key with postID and userID in the following syntax:

"verifications: {
	"social":{
		"facebook":{
			"uid":"<userID>"
			"pid":"<postID>"
		}
	}
}

In our example this would be

"verifications: {
	"social":{
		"facebook":{
			"uid":"1232952150",
			"pid":"486035954907151"			
		}
	}
}

USE

The function that does the verification is fb_verify_asset($verifications_json) sitting in verify_post.php. It is expecting a verification json input with the following structure:

{
	"social":{
		"twitter":{
			"aid":"<assetID>",
			"uid":"<userID>",
			"pid":"<postID>"
		}
}

In our example this would be

{
	"social":{
		"twitter":{
			"aid":"LJEC6Q2h9JKNvZqEC87TbEXvxm4br1uivb2QX",
			"uid":"1232952150",
			"pid":"486035954907151"	
		}
}

Note that the aid (short for AssetID) is not included in the metadata because the explorer already knows it.

Test

Open test/networks/facebook_test.php in your browser.

Github

Generate API token

  • Create an account on Github
  • In the top right corner of any page, click your profile photo, then click Settings.
  • In the user settings sidebar, click Personal access tokens.
  • Click Generate new token and name it.
  • Use the default scope, this is enough to read gists which is all we need.
  • Copy the token to your clipboard and save it a file networks/github/github_app_secrets.php in the following format:
# networks/twitter/twitter_app_secrets.php
<?php
	define('GITHUB_PERSONAL_TOKEN', '*****************');
?>
  • This token is limited to 5000 calls/hour.

JSON

To verify an asset with e.g. asset id LJEC6Q2h9JKNvZqEC87TbEXvxm4br1uivb2QX the user should

  • Post a public gist
  • Add something to the asset metadata

Create a public gist

The user should create a public gist with the following text

	"Verifying issuance of colored coins asset with asset_id: [<assetID>]"

Alt text

  • You can name the gist however you want.
  • Grab the gist ID 6c704f5759927212e714 either from the name of the gist 
    gist:6c704f5759927212e714
    or the url 
    https://gist.github.com/assafshomer/6c704f5759927212e714

Metadata

The asset metadata should include a verifications key with gist id with the following syntax:

"verifications: {
	"social":{
		"github":{
			"pid":"<gistID>"
		}
	}
}

In our example this would be

"verifications: {
	"social":{
		"github":{
			"pid":"6c704f5759927212e714"
		}
	}
}

USE

The function that does the verification is github_verify_asset($verifications_json) sitting in verify_gist.php. It is expecting a verification json input with the following structure:

{
	"social":{
		"github":{
			"aid":"<assetID>",
			"pid":"<postID>"
		}
}

In our example this would be

{
	"social":{
		"github":{
			"aid":"LJEC6Q2h9JKNvZqEC87TbEXvxm4br1uivb2QX",
			"pid":"6c704f5759927212e714"
		}
}

Note that the aid (short for AssetID) is not included in the metadata because the explorer already knows that.

Test

Open test/networks/github_test.php in your browser.

Domain verification

Domain verification does two things:

  • Verify the SSL certificate of a given domain.
  • Check a mention of an asset ID in a file behind SSL.

Setup

In domain/ssl/verify_ssl.php you define the directory where certificates and auxiliary files will be saved. All this data is public so there is no security issue. By default this is

	define('CDIR','/tmp/verify/certs/')

Make sure to create this directory and give it appropriate permissions

	sudo mkdir /tmp/verify/certs/
	sudo chmod -R 777 /tmp/verify/certs/

Usage

in domain/openssl/verify_ssl.php there are two functions

  • verify_domain_json($json): Verifying SSL certificates
  • verify_asset_json($json): Verifying that a file behind SSL contains a mension of a specific asset ID.

The json format both functions are expecting is:

{
	"social":{
	},
	"domain":{
		"aid":"U9a36XP1UwL5pxaYYiZYJ86sUqWAJ2dGbLaer",
		"url":"https://www.bankofamerica.com",
		"path":"assets.txt"
	}
}

verify_domain_json($json)

  • Fetches the SSL certificate from the url
  • Fetches the full certificate chain up to a CA
  • Verifies all certificates in the chain
  • Checks that the url matches with the one mentioned in the certificate
  • Returns an assoicative array with the following keys:
{ 
 "company_name" => "Bank of America Corporation",
 "company_url" => "www.bankofamerica.com",
 "verification_result" => "PASS|FAIL", 
 "url_matching" => "TRUE|false" 
}

verify_asset_json($json)

  • Returns TRUE or false according to whether the asset id aid appears in the file sitting behind SSL at url/path. For example, in this case we will be looking for a line containing U9a36XP1UwL5pxaYYiZYJ86sUqWAJ2dGbLaer in a file located at https://www.bankofamerica.com/assets.txt

Test

Open test/domain/domain_test.php in your browser.

About

Coloredcoins asset verification through social posts and a file behind SSL

github.com/Colored-Coins/Colored-Coins-Protocol-Specification/wiki/Benefits#issuer-verification-capabilities

Resources

Readme
Activity

Stars

1 star

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages