def create_identifier(public_bytes: bytes) -> str:
"""
Create a new decentralised identifier.
:param public_bytes: public key as bytes
:return: decentralised identifier
"""
return make_identifier(public_bytes)
def test_register_doc_raises_resolver_error_if_can_not_register(
valid_key_pair_secrets, valid_key_pair):
resolver_client = ResolverClientTestWithError(
register_err=IdentityResolverError('an error'))
api = AdvancedIdentityRegisterApi(resolver_client)
issuer = Issuer.build(make_identifier(valid_key_pair.public_bytes),
'#NewIssuer')
with pytest.raises(IdentityResolverError):
api.register_new_doc(valid_key_pair_secrets, issuer, DIDType.AGENT)
def test_get_owner_public_key_returns_none_if_not_found(
valid_key_pair, other_key_pair):
doc_id = make_identifier(valid_key_pair.public_bytes)
doc = RegisterDocumentBuilder() \
.add_public_key_obj(RegisterPublicKey('#NotOwner', other_key_pair.public_base58, revoked=False)) \
.build(doc_id,
DIDType.TWIN,
proof='a proof, does not matter here',
revoked=False)
key = RegisterDocumentHelper.get_owner_register_public_key(doc)
assert not key
def test_can_register_a_doc(valid_key_pair_secrets, valid_key_pair):
resolver_client = ResolverClientTest(docs={})
api = AdvancedIdentityRegisterApi(resolver_client)
did = make_identifier(valid_key_pair.public_bytes)
issuer = Issuer.build(did, '#NewIssuer')
api.register_new_doc(valid_key_pair_secrets, issuer, DIDType.AGENT)
registered_doc = resolver_client.docs.get(issuer.did)
assert registered_doc
owner_key = registered_doc.public_keys.get(issuer.name)
assert owner_key.name == issuer.name
assert owner_key.base58 == valid_key_pair.public_base58
assert not owner_key.revoked
def test_can_get_issuer_by_public_key(valid_key_pair):
doc_did = make_identifier(valid_key_pair.public_bytes)
key_issuer = Issuer.build(doc_did, '#AnIssuer')
doc = RegisterDocumentBuilder() \
.add_public_key_obj(RegisterPublicKey(key_issuer.name, valid_key_pair.public_base58, revoked=False)) \
.build(key_issuer.did,
DIDType.TWIN,
proof='a proof, does not matter here',
revoked=False)
issuer = RegisterDocumentHelper.get_issuer_from_public_key(
doc, valid_key_pair.public_base58)
assert issuer == key_issuer
def get_owner_register_public_key(doc: RegisterDocument) -> Optional[RegisterPublicKey]:
"""
Get the register document initial owner public key
:param doc: existing register document
:return: RegisterPublicKey if found or None
"""
for key in doc.public_keys.values():
public_bytes = base58.b58decode(key.base58)
key_id = make_identifier(public_bytes)
if key_id == doc.did: # It is the original key
return key
return None
def get_valid_document_from_secret(secrets: KeyPairSecrets,
issuer_name: str,
controller: Issuer = None):
public_base58 = KeyPairSecretsHelper.get_public_key_base58_from_key_pair_secrets(
secrets)
public_bytes = base58.b58decode(public_base58)
doc_id = make_identifier(public_bytes)
proof = Proof.build(secrets,
Issuer.build(doc_id, issuer_name),
content=doc_id.encode())
return RegisterDocumentBuilder() \
.add_public_key_obj(RegisterPublicKey(issuer_name, public_base58, revoked=False)) \
.build(doc_id,
DIDType.TWIN,
proof=proof.signature,
revoked=False,
controller=controller)
def test_can_create_new_registered_identity_will_not_override_doc_if_exists(
valid_key_pair_secrets, valid_key_pair):
existing_doc_did = make_identifier(valid_key_pair.public_bytes)
resolver_client = ResolverClientTest(
docs={
existing_doc_did:
get_valid_document_from_secret(valid_key_pair_secrets,
'#ExistingDoc')
})
api = AdvancedIdentityRegisterApi(resolver_client)
registered_id = api.new_registered_identity(DIDType.AGENT,
valid_key_pair_secrets,
name='#NewDoc')
assert registered_id.issuer.name == '#ExistingDoc'
registered_doc = resolver_client.get_document(registered_id.issuer.did)
assert registered_doc
assert registered_doc.public_keys.get('#ExistingDoc')
assert '#NewDoc' not in registered_doc.public_keys
def get_valid_delegated_doc_and_deleg_proof(seed: bytes, issuer_name: str,
delegating_doc_id: str,
deleg_name: str):
secrets = KeyPairSecrets.build(seed, 'iotics/0/something/twindeleg')
public_base58 = KeyPairSecretsHelper.get_public_key_base58_from_key_pair_secrets(
secrets)
public_bytes = base58.b58decode(public_base58)
doc_id = make_identifier(public_bytes)
issuer = Issuer.build(doc_id, issuer_name)
proof = Proof.build(secrets, issuer, content=doc_id.encode())
deleg_key = get_delegation_register_proof(
subject_key_pair_secrets=secrets,
content=delegating_doc_id.encode(),
p_type=DelegationProofType.DID,
subject_issuer=Issuer.build(doc_id, issuer_name),
deleg_key_name=deleg_name)
delegated_doc = RegisterDocumentBuilder() \
.add_public_key_obj(RegisterPublicKey(issuer_name, public_base58, revoked=False)) \
.build(doc_id, DIDType.TWIN, proof=proof.signature, revoked=False)
return delegated_doc, deleg_key
def test_validate_document_against_resolver_raises_validation_error_if_invalid_delegation(
valid_doc, other_key_pair, deleg_type):
wrong_deleg_id = make_identifier(other_key_pair.public_bytes)
delegated_doc1, inconsistent_deleg_key = get_valid_delegated_doc_and_deleg_proof(
new_seed(),
'#issuer1',
delegating_doc_id=wrong_deleg_id,
deleg_name='#DelegDoc1')
builder = RegisterDocumentBuilder()
if deleg_type == 'auth':
builder.add_authentication_delegation_obj(inconsistent_deleg_key)
else:
builder.add_control_delegation_obj(inconsistent_deleg_key)
doc_with_invalid_delegation = builder.build_from_existing(valid_doc)
resolver_client = ResolverClientTest(docs={
valid_doc.did: valid_doc,
delegated_doc1.did: delegated_doc1
})
with pytest.raises(IdentityInvalidDocumentError) as err_wrapper:
is_validator_run_success(
DocumentValidation.validate_document_against_resolver,
resolver_client, doc_with_invalid_delegation)
assert isinstance(err_wrapper.value.__cause__, IdentityInvalidProofError)
def other_doc_did(other_key_pair):
return make_identifier(other_key_pair.public_bytes)
def test_can_make_identifier(valid_key_pair):
new_id = make_identifier(valid_key_pair.public_bytes)
assert new_id.startswith(IDENTIFIER_PREFIX)
def test_make_identifier_is_idempotent(valid_key_pair):
assert make_identifier(valid_key_pair.public_bytes) == make_identifier(
valid_key_pair.public_bytes)