def did_auth(self, host, user_did, app_did):
# sign_in
doc = lib.DIDStore_LoadDID(app_did.store, app_did.did)
doc_str = ffi.string(lib.DIDDocument_ToJson(doc, True)).decode()
logging.getLogger("test_auth_common").debug(f"\ndoc_str: {doc_str}")
doc = json.loads(doc_str)
param = {"document": doc}
r = requests.post(host + '/api/v1/did/sign_in',
json=param,
headers=self.json_header())
self.assert200(r.status_code)
rt = r.json()
jwt = rt["challenge"]
# print(jwt)
jws = lib.DefaultJWSParser_Parse(jwt.encode())
# if not jws:
# print(ffi.string(lib.DIDError_GetLastErrorMessage()).decode())
aud = ffi.string(lib.JWT_GetAudience(jws)).decode()
self.assertEqual(aud, app_did.get_did_string())
nonce = ffi.string(lib.JWT_GetClaim(jws, "nonce".encode())).decode()
hive_did = ffi.string(lib.JWT_GetIssuer(jws)).decode()
lib.JWT_Destroy(jws)
# auth
vc = user_did.issue_auth(app_did)
vp_json = app_did.create_presentation(vc, nonce, hive_did)
auth_token = app_did.create_vp_token(vp_json, "DIDAuthResponse",
hive_did, 60)
# print(auth_token)
logging.getLogger("test_auth_common").debug(
f"\nauth_token: {auth_token}")
param = {
"jwt": auth_token,
}
r = requests.post(host + '/api/v1/did/auth',
json=param,
headers=self.json_header())
self.assert200(r.status_code)
rt = r.json()
token = rt["access_token"]
jws = lib.DefaultJWSParser_Parse(token.encode())
aud = ffi.string(lib.JWT_GetAudience(jws)).decode()
self.assertEqual(aud, app_did.get_did_string())
issuer = ffi.string(lib.JWT_GetIssuer(jws)).decode()
lib.JWT_Destroy(jws)
# print(token)
logging.getLogger("test_auth_common").debug(f"\ntoken: {token}")
app_did.set_access_token(token)
# auth_check
# token = test_common.get_auth_token()
r = requests.post(host + '/api/v1/did/check_token',
json=param,
headers=self.auth_header(token))
self.assert200(r.status_code)
return token, hive_did
def get_backup_auth_from_node(self, base_url, auth_token, hive_did):
rt, status_code, err = self.post(base_url + '/api/v1/did/backup_auth',
{"jwt": auth_token})
if err != None:
return None, "Post backup_auth error: " + err
token = rt["backup_token"]
if token is None:
return None, "Token is none."
jws = lib.DefaultJWSParser_Parse(token.encode())
if not jws:
return None, "Backup token DefaultJWSParser_Parse error: " + ffi.string(
lib.DIDError_GetLastErrorMessage()).decode()
aud = ffi.string(lib.JWT_GetAudience(jws)).decode()
if aud != self.get_did_string():
lib.JWT_Destroy(jws)
return None, "Audience is error."
issuer = ffi.string(lib.JWT_GetIssuer(jws)).decode()
lib.JWT_Destroy(jws)
if issuer is None:
return None, "Issuer is none."
if issuer != hive_did:
return None, "Issuer is error."
return token, None
def get_info_from_token(self, token):
if token is None:
return None, "Then token is none!"
token_splits = token.split(".")
if token_splits is None:
return None, "Then token is invalid!"
if (len(token_splits) != 3) or token_splits[2] == "":
return None, "Then token is invalid!"
jws = lib.DefaultJWSParser_Parse(token.encode())
if not jws:
return None, self.get_error_message("JWS parser")
issuer = lib.JWT_GetIssuer(jws)
if not issuer:
lib.JWT_Destroy(jws)
return None, self.get_error_message("JWT getIssuer")
issuer = ffi.string(issuer).decode()
if issuer != self.get_did_string():
lib.JWT_Destroy(jws)
return None, "Then issuer is invalid!"
expired = lib.JWT_GetExpiration(jws)
now = (int)(datetime.now().timestamp())
if now > expired:
lib.JWT_Destroy(jws)
return None, "Then token is expired!"
props = lib.JWT_GetClaim(jws, "props".encode())
if not props:
lib.JWT_Destroy(jws)
return None, "Then props is none!"
props_str = ffi.string(props).decode()
props_json = json.loads(props_str)
app_instance_did = ffi.string(lib.JWT_GetAudience(jws)).decode()
if not app_instance_did:
lib.JWT_Destroy(jws)
return None, "Then app instance id is none!"
props_json[APP_INSTANCE_DID] = app_instance_did
lib.JWT_Destroy(jws)
# print(props_json)
return props_json, None
def get_auth_token_by_sign_in(self, base_url, vc_str, subject):
vc = lib.Credential_FromJson(vc_str.encode(), ffi.NULL)
if not vc:
return None, None, "The credential string is error, unable to rebuild to a credential object."
#sign_in
doc = lib.DIDStore_LoadDID(self.store, self.did)
doc_str = ffi.string(lib.DIDDocument_ToJson(doc, True)).decode()
doc = json.loads(doc_str)
rt, status_code, err = self.post(base_url + '/api/v1/did/sign_in',
{"document": doc})
if err != None:
return None, None, "Post sign_in error: " + err
jwt = rt["challenge"]
if jwt is None:
return None, None, "Challenge is none."
# print(jwt)
jws = lib.DefaultJWSParser_Parse(jwt.encode())
if not jws:
return None, None, "Challenge DefaultJWSParser_Parse error: " + ffi.string(
lib.DIDError_GetLastErrorMessage()).decode()
aud = ffi.string(lib.JWT_GetAudience(jws)).decode()
if aud != self.get_did_string():
lib.JWT_Destroy(jws)
return None, None, "Audience is error."
nonce = ffi.string(lib.JWT_GetClaim(jws, "nonce".encode())).decode()
if nonce is None:
lib.JWT_Destroy(jws)
return None, None, "Nonce is none."
hive_did = ffi.string(lib.JWT_GetIssuer(jws)).decode()
lib.JWT_Destroy(jws)
if hive_did is None:
return None, None, "Issuer is none."
#auth_token
vp_json = self.create_presentation(vc, nonce, hive_did)
if vp_json is None:
return None, None, "create_presentation error."
auth_token = self.create_vp_token(vp_json, subject, hive_did,
hive_setting.AUTH_CHALLENGE_EXPIRED)
if auth_token is None:
return None, None, "create_vp_token error."
return auth_token, hive_did, None
def test_auth_common(self, user_did, app_did):
# sign_in
doc = lib.DIDStore_LoadDID(app_did.store, app_did.did)
doc_str = ffi.string(lib.DIDDocument_ToJson(doc, True)).decode()
logging.getLogger("test_auth_common").debug(f"\ndoc_str: {doc_str}")
doc = json.loads(doc_str)
rt, s = self.parse_response(
self.test_client.post('/api/v1/did/sign_in',
data=json.dumps({
"document": doc,
}),
headers=self.json_header))
self.assert200(s)
self.assertEqual(rt["_status"], "OK")
jwt = rt["challenge"]
# print(jwt)
jws = lib.DefaultJWSParser_Parse(jwt.encode())
# if not jws:
# print(ffi.string(lib.DIDError_GetMessage()).decode())
aud = ffi.string(lib.JWT_GetAudience(jws)).decode()
self.assertEqual(aud, app_did.get_did_string())
nonce = ffi.string(lib.JWT_GetClaim(jws, "nonce".encode())).decode()
hive_did = ffi.string(lib.JWT_GetIssuer(jws)).decode()
lib.JWT_Destroy(jws)
# auth
vc = user_did.issue_auth(app_did)
vp_json = app_did.create_presentation(vc, nonce, hive_did)
auth_token = app_did.create_vp_token(vp_json, "DIDAuthResponse", hive_did,
60)
# print(auth_token)
logging.getLogger("test_auth_common").debug(f"\nauth_token: {auth_token}")
rt, s = self.parse_response(
self.test_client.post('/api/v1/did/auth',
data=json.dumps({
"jwt": auth_token,
}),
headers=self.json_header))
self.assert200(s)
self.assertEqual(rt["_status"], "OK")
token = rt["access_token"]
jws = lib.DefaultJWSParser_Parse(token.encode())
aud = ffi.string(lib.JWT_GetAudience(jws)).decode()
self.assertEqual(aud, app_did.get_did_string())
issuer = ffi.string(lib.JWT_GetIssuer(jws)).decode()
lib.JWT_Destroy(jws)
# print(token)
logging.getLogger("test_auth_common").debug(f"\ntoken: {token}")
app_did.set_access_token(token)
# auth_check
# token = test_common.get_auth_token()
self.json_header = [
("Authorization", "token " + token),
self.content_type,
]
rt, s = self.parse_response(
self.test_client.post('/api/v1/did/check_token',
headers=self.json_header))
self.assert200(s)
self.assertEqual(rt["_status"], "OK")
return token, hive_did