def _delegate(self, delegating_secrets: KeyPairSecrets, delegating_did: str, subject_secrets: KeyPairSecrets, subject_did: str, delegation_name: str, proof_type: DelegationProofType, delegation_proof_add_method: Callable): delegating_doc = self.get_register_document(delegating_did) subject_doc = self.get_register_document(subject_did) delegating_key_pair = KeyPairSecretsHelper.get_key_pair(delegating_secrets) delegating_issuer = AdvancedIdentityLocalApi.get_issuer_by_public_key(delegating_doc, delegating_key_pair.public_base58) if proof_type == DelegationProofType.GENERIC: subject_issuer, proof = AdvancedIdentityLocalApi.create_generic_delegation_proof(subject_doc, subject_secrets) else: subject_issuer, proof = AdvancedIdentityLocalApi.create_delegation_proof(delegating_issuer, subject_doc, subject_secrets) existing_delegation = RegisterDocumentHelper.get_register_delegation_proof_by_controller(subject_issuer, delegating_doc, True) if existing_delegation and ( not delegation_name or delegation_name == existing_delegation.name ): # Found an existing delegation with matching controller and name. Nothing to do. return if not delegation_name: delegation_name = RegisterDocumentHelper.new_random_name_for_document(subject_doc) delegation_proof_add_method(proof, subject_issuer, delegation_name, delegating_issuer, delegating_key_pair)
def test_get_auth_delegation_by_controller_returns_none_if_not_found( auth_deleg_proof, min_doc_owner_pub_key): doc = get_doc_with_keys(deleg_auth=auth_deleg_proof.values(), public_keys=[min_doc_owner_pub_key]) issuer = Issuer.build('did:iotics:iotHHHHKpPGWyEC4FFo4d6oyzVVk6MXLmEgY', '#DoesNotExist') deleg_proof = RegisterDocumentHelper.get_register_delegation_proof_by_controller( issuer, doc, include_auth=True) assert not deleg_proof
def test_can_get_auth_delegation_by_controller(auth_deleg_proof, min_doc_owner_pub_key): doc = get_doc_with_keys(deleg_auth=auth_deleg_proof.values(), public_keys=[min_doc_owner_pub_key]) delegation_name = '#DelegAuthKey2' expected_deleg_proof = auth_deleg_proof[delegation_name] deleg_proof = RegisterDocumentHelper.get_register_delegation_proof_by_controller( expected_deleg_proof.controller, doc, include_auth=True) assert deleg_proof == expected_deleg_proof
def is_allowed_for(issuer: Issuer, issuer_doc: RegisterDocument, subject_doc: RegisterDocument, include_auth: bool) -> bool: """ Check if the issuer is allowed for control (authentication if include_auth = True) on the subject register document. Issuer is allowed if both the issuer and subject register document are not revoked AND ( ( the issuer is the owner of the subject register document OR if a include_auth=True the issuer is in the authentication public keys of the subject register document ) OR the issuer is delegated for control (authentication if include_auth = True) with a valid delegation proof on the subject registered document ) :param issuer: issuer :param issuer_doc: issuer register document :param subject_doc: subject register document :param include_auth: include authentication keys and delegation proof is set to True :return: True is allowed else False """ if issuer_doc.revoked or subject_doc.revoked: return False if is_same_identifier(issuer.did, subject_doc.did): # it is the same document issuer_key = RegisterDocumentHelper.get_issuer_register_key(issuer.name, subject_doc, include_auth) if issuer_key and not issuer_key.revoked: return True delegation_proof = RegisterDocumentHelper.get_register_delegation_proof_by_controller(issuer, subject_doc, include_auth) if delegation_proof: try: DelegationValidation.validate_delegation_from_doc(subject_doc.did, issuer_doc, delegation_proof) except IdentityInvalidDocumentDelegationError: return False return not delegation_proof.revoked return False