def test_validate_document_proof_fails_if_invalid_proof(
invalid_doc_invalid_proof):
with pytest.raises(IdentityInvalidDocumentError) as err_wrapper:
is_validator_run_success(
DocumentValidation.validate_new_document_proof,
invalid_doc_invalid_proof)
assert isinstance(err_wrapper.value.__cause__, IdentityInvalidProofError)
def test_validate_proof_with_corrupted_signature_raises_validation_error(
other_key_pair):
corrupted_proof = Proof(issuer=valid_proof,
content=b'a content',
signature='plop not a signature')
with pytest.raises(IdentityInvalidProofError) as err_wrapper:
is_validator_run_success(ProofValidation.validate_proof,
corrupted_proof, other_key_pair.public_base58)
assert isinstance(err_wrapper.value.__cause__, ValueError)
def test_validate_allowed_for_auth_raises_not_allowed_if_resolver_error(
allowed_issuer, allowed_issuer_doc):
# Initialised without the docs so a not found will be raised
resolver_client = ResolverClientTest(docs={})
with pytest.raises(IdentityNotAllowed) as err_wrapper:
is_validator_run_success(
IdentityAuthValidation.validate_allowed_for_auth,
resolver_client,
issuer=allowed_issuer,
subject_id=allowed_issuer_doc.did)
assert isinstance(err_wrapper.value.__cause__, IdentityResolverError)
def test_validate_allowed_for_control_raises_not_allowed_if_not_allowed_for_control(
not_allowed_issuer, doc_delegating_control, allowed_issuer_doc):
resolver_client = ResolverClientTest(
docs={
doc_delegating_control.did: doc_delegating_control,
allowed_issuer_doc.did: allowed_issuer_doc
})
with pytest.raises(IdentityNotAllowed):
is_validator_run_success(
IdentityAuthValidation.validate_allowed_for_control,
resolver_client,
issuer=not_allowed_issuer,
subject_id=doc_delegating_control.did)
def test_can_validate_document_with_delegation_against_resolver(valid_doc):
delegated_doc1, deleg_key1 = get_valid_delegated_doc_and_deleg_proof(
new_seed(),
'#issuer1',
delegating_doc_id=valid_doc.did,
deleg_name='#DelegDoc1')
delegated_doc2, deleg_key2 = get_valid_delegated_doc_and_deleg_proof(
new_seed(),
'#issuer2',
delegating_doc_id=valid_doc.did,
deleg_name='#DelegDoc2')
valid_doc = RegisterDocumentBuilder() \
.add_control_delegation_obj(deleg_key1) \
.add_control_delegation_obj(deleg_key2) \
.add_authentication_delegation(deleg_key1.name + 'auth', deleg_key1.controller, deleg_key1.proof,
deleg_key1.revoked) \
.add_authentication_delegation(deleg_key2.name + 'auth', deleg_key2.controller, deleg_key2.proof,
deleg_key2.revoked) \
.build_from_existing(valid_doc)
resolver_client = ResolverClientTest(
docs={
valid_doc.did: valid_doc,
delegated_doc1.did: delegated_doc1,
delegated_doc2.did: delegated_doc2
})
assert is_validator_run_success(
DocumentValidation.validate_document_against_resolver, resolver_client,
valid_doc)
def test_can_validate_allowed_for_authentication_on_owned_doc(
allowed_issuer, allowed_issuer_doc):
resolver_client = ResolverClientTest(
docs={allowed_issuer_doc.did: allowed_issuer_doc})
assert is_validator_run_success(
IdentityAuthValidation.validate_allowed_for_auth,
resolver_client,
issuer=allowed_issuer,
subject_id=allowed_issuer_doc.did)
def test_validate_document_against_resolver_raises_validation_error_if_resolver_error(
valid_doc):
_, deleg_key = get_valid_delegated_doc_and_deleg_proof(
new_seed(),
'#issuer1',
delegating_doc_id=valid_doc.did,
deleg_name='#DelegDoc1')
valid_doc = RegisterDocumentBuilder() \
.add_control_delegation_obj(deleg_key) \
.build_from_existing(valid_doc)
# Initialised without the delegation doc so a not found will be raised
resolver_client = ResolverClientTest(docs={valid_doc.did: valid_doc})
with pytest.raises(IdentityInvalidDocumentError) as err_wrapper:
is_validator_run_success(
DocumentValidation.validate_document_against_resolver,
resolver_client, valid_doc)
assert isinstance(err_wrapper.value.__cause__, IdentityResolverError)
def test_can_validate_allowed_for_control_with_allowed_by_auth_delegation(
allowed_issuer, doc_delegating_authentication, allowed_issuer_doc):
resolver_client = ResolverClientTest(
docs={
doc_delegating_authentication.did: doc_delegating_authentication,
allowed_issuer_doc.did: allowed_issuer_doc
})
assert is_validator_run_success(
IdentityAuthValidation.validate_allowed_for_auth,
resolver_client,
allowed_issuer,
subject_id=doc_delegating_authentication.did)
def test_can_reuse_generic_delegation_proof(get_delegation_method):
twin1_secrets, twin1_issuer, twin1_doc = get_new_document('#Twin1')
twin2_secrets, twin2_issuer, twin2_doc = get_new_document('#Twin2')
agent_secrets, agent1_issuer, agent_doc = get_new_document('#Agent1')
resolver_client = ResolverClientTest(
docs={
twin1_doc.did: twin1_doc,
twin2_doc.did: twin2_doc,
agent_doc.did: agent_doc,
})
api = AdvancedIdentityRegisterApi(resolver_client)
# Create an agent generic delegation proof
_, proof = AdvancedIdentityLocalApi.create_generic_delegation_proof(
subject_doc=agent_doc, subject_secrets=agent_secrets)
# Add proof to twin1 document as a delegation proof - the document is valid
get_delegation_method(api)(
proof=proof,
subject_issuer=agent1_issuer,
delegation_name='#Deleg1',
doc_owner_issuer=twin1_issuer,
doc_owner_key_pair=KeyPairSecretsHelper.get_key_pair(twin1_secrets),
)
assert is_validator_run_success(api.validate_register_document,
resolver_client.docs[twin1_doc.did])
# Add proof to twin2 document as a delegation proof - the document is valid
get_delegation_method(api)(
proof=proof,
subject_issuer=agent1_issuer,
delegation_name='#Deleg2',
doc_owner_issuer=twin2_issuer,
doc_owner_key_pair=KeyPairSecretsHelper.get_key_pair(twin2_secrets),
)
assert is_validator_run_success(api.validate_register_document,
resolver_client.docs[twin2_doc.did])
def test_validate_document_against_resolver_raises_validation_error_if_invalid_delegation(
valid_doc, other_key_pair, deleg_type):
wrong_deleg_id = make_identifier(other_key_pair.public_bytes)
delegated_doc1, inconsistent_deleg_key = get_valid_delegated_doc_and_deleg_proof(
new_seed(),
'#issuer1',
delegating_doc_id=wrong_deleg_id,
deleg_name='#DelegDoc1')
builder = RegisterDocumentBuilder()
if deleg_type == 'auth':
builder.add_authentication_delegation_obj(inconsistent_deleg_key)
else:
builder.add_control_delegation_obj(inconsistent_deleg_key)
doc_with_invalid_delegation = builder.build_from_existing(valid_doc)
resolver_client = ResolverClientTest(docs={
valid_doc.did: valid_doc,
delegated_doc1.did: delegated_doc1
})
with pytest.raises(IdentityInvalidDocumentError) as err_wrapper:
is_validator_run_success(
DocumentValidation.validate_document_against_resolver,
resolver_client, doc_with_invalid_delegation)
assert isinstance(err_wrapper.value.__cause__, IdentityInvalidProofError)
def test_can_validate_delegation(doc_did, deleg_doc_did, valid_issuer_key,
valid_key_pair_secrets, proof_type,
get_content):
controller_name = '#AController'
deleg_proof = get_delegation_register_proof(
subject_key_pair_secrets=valid_key_pair_secrets,
content=get_content(doc_did),
p_type=proof_type,
subject_issuer=Issuer.build(deleg_doc_did, controller_name))
deleg_doc = get_delegation_doc_for(
controller_name=controller_name,
doc_id=deleg_doc_did,
public_base58=valid_issuer_key.public_key_base58)
resolver_client = ResolverClientTest(docs={deleg_doc_did: deleg_doc})
assert is_validator_run_success(DelegationValidation.validate_delegation,
resolver_client,
doc_id=doc_did,
deleg_proof=deleg_proof)
def test_can_validate_allowed_for_auth_with_controller_doc(
allowed_issuer, allowed_issuer_doc):
controller_issuer_doc = allowed_issuer_doc
controller_issuer = Issuer.build(controller_issuer_doc.did, '#Plop')
a_doc_with_controller_allowed_for_auth = get_valid_document(
new_seed(), '#ASubject', controller=controller_issuer)
resolver_docs = {
controller_issuer.did:
controller_issuer_doc,
a_doc_with_controller_allowed_for_auth.did:
a_doc_with_controller_allowed_for_auth
}
resolver_client = ResolverClientTest(docs=resolver_docs)
assert is_validator_run_success(
IdentityAuthValidation.validate_allowed_for_auth,
resolver_client,
allowed_issuer,
subject_id=a_doc_with_controller_allowed_for_auth.did)
def test_validate_proof_with_an_other_key_raises_validation_error(
valid_proof, other_key_pair):
with pytest.raises(IdentityInvalidProofError) as err_wrapper:
is_validator_run_success(ProofValidation.validate_proof, valid_proof,
other_key_pair.public_base58)
assert isinstance(err_wrapper.value.__cause__, InvalidSignature)
def test_can_validate_proof(valid_proof, valid_key_pair):
assert is_validator_run_success(ProofValidation.validate_proof,
valid_proof, valid_key_pair.public_base58)
def test_validate_identifier_do_not_raises_if_valid_identifier(an_identifier):
assert is_validator_run_success(IdentityValidation.validate_identifier, an_identifier)
def test_can_validate_document_without_delegation_against_resolver(valid_doc):
resolver_client = ResolverClientTest(docs={})
assert is_validator_run_success(
DocumentValidation.validate_document_against_resolver, resolver_client,
valid_doc)
def test_validate_key_name_do_not_raises_if_valid_identifier(key_name):
assert is_validator_run_success(IdentityValidation.validate_key_name, key_name)
def test_validate_document_proof_fails_if_no_owner_key(
invalid_doc_no_owner_key):
with pytest.raises(IdentityInvalidDocumentError):
is_validator_run_success(
DocumentValidation.validate_new_document_proof,
invalid_doc_no_owner_key)
def test_can_validate_document_proof(valid_doc):
assert is_validator_run_success(
DocumentValidation.validate_new_document_proof, valid_doc)
def test_validate_issuer_string_raises_validation_error_if_invalid_identifier(invalid_issuer):
with pytest.raises(IdentityValidationError):
is_validator_run_success(IdentityValidation.validate_identifier, invalid_issuer)
def test_validate_issuer_string_do_not_raises_if_valid_issuer(an_identifier):
assert is_validator_run_success(IdentityValidation.validate_issuer_string, f'{an_identifier}#AName')
def test_validate_key_name_raises_validation_error_if_invalid_identifier(invalid_key_name):
with pytest.raises(IdentityValidationError):
is_validator_run_success(IdentityValidation.validate_key_name, invalid_key_name)
