def test_can_get_issuer_from_auth_keys(auth_keys, min_doc_owner_pub_key):
doc = get_doc_with_keys(auth_keys=auth_keys.values(),
public_keys=[min_doc_owner_pub_key])
issuer_name = '#AuthKey2'
issuer_key = RegisterDocumentHelper.get_issuer_register_key(
issuer_name, doc, include_auth=True)
assert issuer_key == auth_keys[issuer_name]
def test_get_issuer_from_auth_keys_returns_none_if_not_found(
auth_keys, min_doc_owner_pub_key):
doc = get_doc_with_keys(auth_keys=auth_keys.values(),
public_keys=[min_doc_owner_pub_key])
issuer_name = '#DoesNotExist'
issuer_key = RegisterDocumentHelper.get_issuer_register_key(
issuer_name, doc, include_auth=True)
assert not issuer_key
def test_get_issuer_from_auth_keys_returns_none_if_in_auth_keys_but_auth_not_included(
auth_keys, min_doc_owner_pub_key):
doc = get_doc_with_keys(auth_keys=auth_keys.values(),
public_keys=[min_doc_owner_pub_key])
issuer_name = '#AuthKey2'
assert issuer_name in doc.auth_keys
issuer_key = RegisterDocumentHelper.get_issuer_register_key(
issuer_name, doc, include_auth=False)
assert not issuer_key
def is_allowed_for(issuer: Issuer, issuer_doc: RegisterDocument, subject_doc: RegisterDocument,
include_auth: bool) -> bool:
"""
Check if the issuer is allowed for control (authentication if include_auth = True) on the subject register
document.
Issuer is allowed if both the issuer and subject register document are not revoked
AND (
( the issuer is the owner of the subject register document
OR
if a include_auth=True the issuer is in the authentication public keys of the subject register document
)
OR
the issuer is delegated for control (authentication if include_auth = True) with a valid delegation proof
on the subject registered document
)
:param issuer: issuer
:param issuer_doc: issuer register document
:param subject_doc: subject register document
:param include_auth: include authentication keys and delegation proof is set to True
:return: True is allowed else False
"""
if issuer_doc.revoked or subject_doc.revoked:
return False
if is_same_identifier(issuer.did, subject_doc.did): # it is the same document
issuer_key = RegisterDocumentHelper.get_issuer_register_key(issuer.name, subject_doc, include_auth)
if issuer_key and not issuer_key.revoked:
return True
delegation_proof = RegisterDocumentHelper.get_register_delegation_proof_by_controller(issuer, subject_doc,
include_auth)
if delegation_proof:
try:
DelegationValidation.validate_delegation_from_doc(subject_doc.did, issuer_doc, delegation_proof)
except IdentityInvalidDocumentDelegationError:
return False
return not delegation_proof.revoked
return False
def test_get_issuer_from_public_keys_returns_none_if_not_found(public_keys):
doc = get_doc_with_keys(public_keys=public_keys.values())
issuer_name = '#DoesNotExist'
issuer_key = RegisterDocumentHelper.get_issuer_register_key(
issuer_name, doc, include_auth=False)
assert not issuer_key
def test_can_get_issuer_from_public_keys(public_keys):
doc = get_doc_with_keys(public_keys=public_keys.values())
issuer_name = '#Key2'
issuer_key = RegisterDocumentHelper.get_issuer_register_key(
issuer_name, doc, include_auth=False)
assert issuer_key == public_keys[issuer_name]