def test_create_request_with_content(
client: Client,
endorser: PrivateIdentity,
mocked_requests_200: respx.MockTransport,
entity: Entity,
) -> None:
"""Create endorsement request provided by a 3rd party endorser."""
claims = [b"claim-1", b"claim-2"]
# Create endorsement request with authorisation of endorser
content, authorisation = endorser.endorse(entity, claims)
# This will also add the subject holders authorisation
client.put(
entity,
claims=claims,
content=content,
authorisations=[authorisation],
# endorse=True # TODO - provide test that this does not have any effect
)
http_request, _ = mocked_requests_200["create_entity"].calls[0]
request_id = json.loads(content.decode())["requestId"]
assert http_request.url.path.rsplit("/", 1)[1] == request_id
claims_header = json.loads(
iov42_decode(http_request.headers["x-iov42-claims"]))
assert claims_header == {}
authorisations = json.loads(
iov42_decode(http_request.headers["x-iov42-authorisations"].encode()))
expected_identities = [a["identityId"] for a in authorisations]
assert client.identity.identity_id in expected_identities
assert endorser.identity_id in expected_identities
def test_create_request_with_content_claims(
client: Client,
endorser: PrivateIdentity,
mocked_requests_200: respx.MockTransport,
entity: Entity,
) -> None:
"""Create endorsement request provided by a 3rd party endorser."""
claims = [b"claim-1", b"claim-2"]
# Create endorsement request with authorisation of endorser
content, authorisation = endorser.endorse(entity, claims)
# This will also add the subject holders authorisation
client.put(
entity,
claims=claims,
content=content,
authorisations=[authorisation],
create_claims=True
# endorse=True # TODO - provide test that this does not have any effect
)
http_request, _ = mocked_requests_200["create_entity"].calls[0]
claims_header = json.loads(
iov42_decode(http_request.headers["x-iov42-claims"]))
assert claims_header == {hashed_claim(c): c.decode() for c in claims}
def test_authentication_header_signature(
client: Client, mocked_requests_200: respx.MockTransport,
entity: Entity) -> None:
"""Signature of x-iov42-authentication header is the signed authorisations header."""
_ = client.put(entity)
http_request, _ = mocked_requests_200["create_entity"].calls[0]
authorisations_signatures = ";".join([
s["signature"] for s in json.loads(
iov42_decode(
http_request.headers["x-iov42-authorisations"].encode()))
]).encode()
authentication = json.loads(
iov42_decode(http_request.headers["x-iov42-authentication"].encode()))
try:
client.identity.verify_signature(authentication["signature"],
authorisations_signatures)
except InvalidSignature:
pytest.fail("Signature verification failed")
def test_empty_claims_header(
client: Client,
mocked_requests_200: respx.MockTransport,
entity: Entity,
) -> None:
"""Request to create endorsements against an entity contains empty 'x-iov42-claims' header."""
claims = [b"claim-1"]
_ = client.put(entity, claims=claims, endorse=True)
http_request, _ = mocked_requests_200["create_entity"].calls[0]
claims_header = json.loads(
iov42_decode(http_request.headers["x-iov42-claims"]))
assert claims_header == {}
def test_authentication_header(client: Client,
mocked_requests_200: respx.MockTransport,
entity: Entity) -> None:
"""x-iov42-authentication header is signed by the client's identity."""
_ = client.put(entity)
http_request, _ = mocked_requests_200["create_entity"].calls[0]
authentication = json.loads(
iov42_decode(http_request.headers["x-iov42-authentication"].encode()))
assert authentication["identityId"] == client.identity.identity_id
assert authentication[
"protocolId"] == client.identity.private_key.protocol.name
def test_authorisations_signature(client: Client,
mocked_requests_200: respx.MockTransport,
entity: Entity) -> None:
"""Signature of x-iov42-authorisations header is the signed request content."""
_ = client.put(entity)
http_request, _ = mocked_requests_200["create_entity"].calls[0]
authorisations = json.loads(
iov42_decode(http_request.headers["x-iov42-authorisations"].encode()))
try:
content = http_request.read()
client.identity.verify_signature(authorisations[0]["signature"],
content)
except InvalidSignature:
pytest.fail("Signature verification failed")
def test_authentication_header(
client: Client,
endorser: PublicIdentity,
mocked_requests_200: respx.MockTransport,
) -> None:
"""The x-iov42-authentication header is signed by the identity."""
asset = Asset(asset_type_id="1234567")
client.get(asset, claim=b"claim-1", endorser_id=endorser.identity_id)
http_request, _ = mocked_requests_200["read_asset_endorsement"].calls[0]
authentication = json.loads(
iov42_decode(http_request.headers["x-iov42-authentication"].encode()))
assert len(authentication) == 3
assert authentication["identityId"] == client.identity.identity_id
assert authentication[
"protocolId"] == client.identity.private_key.protocol.name
def test_authentication_header_signature(
client: Client,
endorser: PublicIdentity,
mocked_requests_200: respx.MockTransport,
) -> None:
"""Signature of x-iov42-authentication header is the signed request URL."""
asset = Asset(asset_type_id="1234567")
client.get(asset, claim=b"claim-1", endorser_id=endorser.identity_id)
http_request, _ = mocked_requests_200["read_asset_endorsement"].calls[0]
authentication = json.loads(
iov42_decode(http_request.headers["x-iov42-authentication"].encode()))
try:
content = http_request.url.raw_path
client.identity.verify_signature(authentication["signature"], content)
except InvalidSignature:
pytest.fail("Signature verification failed")
def test_claims_header(
client: Client,
mocked_requests_200: respx.MockTransport,
entity: Entity,
endorse: bool,
create_claims: bool,
) -> None:
"""Request to create claims/endorsements against an entity contains 'x-iov42-claims' header."""
claims = [b"claim-1"]
_ = client.put(entity,
claims=claims,
endorse=endorse,
create_claims=create_claims)
http_request, _ = mocked_requests_200["create_entity"].calls[0]
claims_header = json.loads(
iov42_decode(http_request.headers["x-iov42-claims"]))
assert claims_header == {hashed_claim(c): c.decode() for c in claims}