def test_can_create_new_registered_identity_with_default_issuer_name(
valid_key_pair_secrets, purpose, expected_default_name):
resolver_client = ResolverClientTest(docs={})
api = AdvancedIdentityRegisterApi(resolver_client)
registered_id = api.new_registered_identity(purpose,
valid_key_pair_secrets)
assert registered_id.issuer.name == expected_default_name
def test_register_doc_raises_resolver_error_if_can_not_register(
valid_key_pair_secrets, valid_key_pair):
resolver_client = ResolverClientTestWithError(
register_err=IdentityResolverError('an error'))
api = AdvancedIdentityRegisterApi(resolver_client)
issuer = Issuer.build(make_identifier(valid_key_pair.public_bytes),
'#NewIssuer')
with pytest.raises(IdentityResolverError):
api.register_new_doc(valid_key_pair_secrets, issuer, DIDType.AGENT)
def test_can_register_a_doc(valid_key_pair_secrets, valid_key_pair):
resolver_client = ResolverClientTest(docs={})
api = AdvancedIdentityRegisterApi(resolver_client)
did = make_identifier(valid_key_pair.public_bytes)
issuer = Issuer.build(did, '#NewIssuer')
api.register_new_doc(valid_key_pair_secrets, issuer, DIDType.AGENT)
registered_doc = resolver_client.docs.get(issuer.did)
assert registered_doc
owner_key = registered_doc.public_keys.get(issuer.name)
assert owner_key.name == issuer.name
assert owner_key.base58 == valid_key_pair.public_base58
assert not owner_key.revoked
def test_can_create_new_registered_identity(valid_key_pair_secrets, purpose):
resolver_client = ResolverClientTest(docs={})
api = AdvancedIdentityRegisterApi(resolver_client)
registered_id = api.new_registered_identity(purpose,
valid_key_pair_secrets,
name='#NewId')
assert registered_id.issuer
assert registered_id.issuer.name == '#NewId'
assert registered_id.key_pair_secrets == valid_key_pair_secrets
registered_doc = resolver_client.docs.get(registered_id.issuer.did)
assert registered_doc
assert registered_doc.public_keys.get(registered_id.issuer.name)
def test_can_revoke_delegation_proof(base_doc_issuer, valid_key_pair,
get_api_call, doc_deleg_set,
deleg_doc_did, deleg_name):
doc = get_doc_with_keys(deleg_control=[
RegisterDelegationProof.build('#Deleg1',
controller=Issuer(
deleg_doc_did, '#plop2'),
proof='proof',
revoked=False)
],
deleg_auth=[
RegisterDelegationProof.build(
'#Deleg2',
controller=Issuer(deleg_doc_did, '#plop2'),
proof='proof',
revoked=False)
],
public_keys=[
RegisterPublicKey.build('#MandatoryKey',
'base58Key1',
revoked=False)
],
did=base_doc_issuer.did)
resolver_client = ResolverClientTest(docs={base_doc_issuer.did: doc})
assert not doc_deleg_set(doc)[deleg_name].revoked
api = AdvancedIdentityRegisterApi(resolver_client)
get_api_call(api)(deleg_name,
revoked=True,
doc_owner_issuer=base_doc_issuer,
doc_owner_key_pair=valid_key_pair)
updated_doc = resolver_client.docs[base_doc_issuer.did]
assert doc_deleg_set(updated_doc)[deleg_name].revoked
def test_can_add_auth_key_to_a_document(base_doc, base_doc_issuer,
valid_key_pair, other_key_pair):
resolver_client = ResolverClientTest(docs={base_doc.did: base_doc})
api = AdvancedIdentityRegisterApi(resolver_client)
assert len(resolver_client.docs[base_doc.did].auth_keys) == 0
api.add_authentication_key_to_document(
name='#NewKey',
new_public_key_base58=other_key_pair.public_base58,
doc_owner_key_pair=valid_key_pair,
doc_owner_issuer=base_doc_issuer)
assert len(resolver_client.docs[base_doc.did].public_keys) == 1
new_pub_key = resolver_client.docs[base_doc.did].auth_keys.get('#NewKey')
assert new_pub_key
assert new_pub_key.name == '#NewKey'
assert new_pub_key.base58 == other_key_pair.public_base58
assert not new_pub_key.revoked
def test_can_create_new_registered_identity_will_not_override_doc_if_exists(
valid_key_pair_secrets, valid_key_pair):
existing_doc_did = make_identifier(valid_key_pair.public_bytes)
resolver_client = ResolverClientTest(
docs={
existing_doc_did:
get_valid_document_from_secret(valid_key_pair_secrets,
'#ExistingDoc')
})
api = AdvancedIdentityRegisterApi(resolver_client)
registered_id = api.new_registered_identity(DIDType.AGENT,
valid_key_pair_secrets,
name='#NewDoc')
assert registered_id.issuer.name == '#ExistingDoc'
registered_doc = resolver_client.get_document(registered_id.issuer.did)
assert registered_doc
assert registered_doc.public_keys.get('#ExistingDoc')
assert '#NewDoc' not in registered_doc.public_keys
def get_rest_high_level_identity_api(
resolver_url,
timeout: Optional[Union[int, float]] = None) -> HighLevelIdentityApi:
"""
Get a REST high level identity api.
:param resolver_url: resolver url
:param timeout: optional timeout seconds. Default=60s. If set to 0, requests will have no timeout.
:return: high level identity api
"""
resolver_client = get_rest_resolver_client(resolver_url, timeout)
return HighLevelIdentityApi(AdvancedIdentityRegisterApi(resolver_client))
def test_cannot_reuse_did_delegation_proof(get_delegation_method):
twin1_secrets, twin1_issuer, twin1_doc = get_new_document('#Twin1')
twin2_secrets, twin2_issuer, twin2_doc = get_new_document('#Twin2')
agent_secrets, agent1_issuer, agent_doc = get_new_document('#Agent1')
resolver_client = ResolverClientTest(
docs={
twin1_doc.did: twin1_doc,
twin2_doc.did: twin2_doc,
agent_doc.did: agent_doc,
})
api = AdvancedIdentityRegisterApi(resolver_client)
# Create an agent did delegation proof (targeting a single delegating document: twin1)
_, proof = AdvancedIdentityLocalApi.create_delegation_proof(
delegating_issuer=twin1_issuer,
subject_doc=agent_doc,
subject_secrets=agent_secrets)
# Add proof to twin1 document as a delegation proof - the document is valid
get_delegation_method(api)(
proof=proof,
subject_issuer=agent1_issuer,
delegation_name='#Deleg1',
doc_owner_issuer=twin1_issuer,
doc_owner_key_pair=KeyPairSecretsHelper.get_key_pair(twin1_secrets),
)
assert is_validator_run_success(api.validate_register_document,
resolver_client.docs[twin1_doc.did])
# Add proof to twin2 document as a delegation proof - the document is invalid
get_delegation_method(api)(
proof=proof,
subject_issuer=agent1_issuer,
delegation_name='#Deleg2',
doc_owner_issuer=twin2_issuer,
doc_owner_key_pair=KeyPairSecretsHelper.get_key_pair(twin2_secrets),
)
with pytest.raises(IdentityInvalidDocumentDelegationError):
api.validate_register_document(resolver_client.docs[twin2_doc.did])
def test_can_delegate_control(base_doc, valid_key_pair_secrets,
other_key_pair_secrets):
subject_doc = get_valid_document_from_secret(other_key_pair_secrets,
'#DelegatedDoc')
resolver_client = ResolverClientTest(docs={
base_doc.did: base_doc,
subject_doc.did: subject_doc
})
api = AdvancedIdentityRegisterApi(resolver_client)
assert not resolver_client.docs[base_doc.did].control_delegation_proof
api.delegate_control(delegating_secrets=valid_key_pair_secrets,
delegating_did=base_doc.did,
subject_secrets=other_key_pair_secrets,
subject_did=subject_doc.did,
delegation_name='#NewControlDeleg')
control_deleg = resolver_client.docs[
base_doc.did].control_delegation_proof.get('#NewControlDeleg')
assert control_deleg
assert control_deleg.name == '#NewControlDeleg'
assert not control_deleg.revoked
assert control_deleg.proof
assert control_deleg.controller == Issuer.build(subject_doc.did,
'#DelegatedDoc')
def test_can_add_delegation_proof(base_doc, base_doc_issuer, valid_key_pair,
other_key_pair_secrets, get_api_call,
doc_deleg_set, other_doc_issuer):
resolver_client = ResolverClientTest(docs={base_doc_issuer.did: base_doc})
assert not doc_deleg_set(base_doc)
api = AdvancedIdentityRegisterApi(resolver_client)
proof = get_delegation_proof(other_doc_issuer, other_key_pair_secrets,
base_doc.did)
delegation_name = '#CtrlDeleg'
get_api_call(api)(proof, other_doc_issuer, delegation_name,
base_doc_issuer, valid_key_pair)
updated_doc = resolver_client.docs[base_doc_issuer.did]
deleg_proof = doc_deleg_set(updated_doc).get(delegation_name)
assert deleg_proof
assert deleg_proof.proof == proof.signature
assert deleg_proof.controller == other_doc_issuer
assert not deleg_proof.revoked
def test_can_get_document_if_exists(base_doc):
resolver_client = ResolverClientTest(docs={base_doc.did: base_doc})
api = AdvancedIdentityRegisterApi(resolver_client)
doc = api.get_document_if_exists(base_doc.did)
assert doc.to_dict() == base_doc.to_dict()