def _delegate(self, delegating_secrets: KeyPairSecrets, delegating_did: str,
subject_secrets: KeyPairSecrets, subject_did: str, delegation_name: str,
proof_type: DelegationProofType, delegation_proof_add_method: Callable):
delegating_doc = self.get_register_document(delegating_did)
subject_doc = self.get_register_document(subject_did)
delegating_key_pair = KeyPairSecretsHelper.get_key_pair(delegating_secrets)
delegating_issuer = AdvancedIdentityLocalApi.get_issuer_by_public_key(delegating_doc,
delegating_key_pair.public_base58)
if proof_type == DelegationProofType.GENERIC:
subject_issuer, proof = AdvancedIdentityLocalApi.create_generic_delegation_proof(subject_doc,
subject_secrets)
else:
subject_issuer, proof = AdvancedIdentityLocalApi.create_delegation_proof(delegating_issuer,
subject_doc,
subject_secrets)
existing_delegation = RegisterDocumentHelper.get_register_delegation_proof_by_controller(subject_issuer,
delegating_doc,
True)
if existing_delegation and (
not delegation_name or delegation_name == existing_delegation.name
):
# Found an existing delegation with matching controller and name. Nothing to do.
return
if not delegation_name:
delegation_name = RegisterDocumentHelper.new_random_name_for_document(subject_doc)
delegation_proof_add_method(proof, subject_issuer, delegation_name,
delegating_issuer, delegating_key_pair)
def test_get_auth_delegation_by_controller_returns_none_if_not_found(
auth_deleg_proof, min_doc_owner_pub_key):
doc = get_doc_with_keys(deleg_auth=auth_deleg_proof.values(),
public_keys=[min_doc_owner_pub_key])
issuer = Issuer.build('did:iotics:iotHHHHKpPGWyEC4FFo4d6oyzVVk6MXLmEgY',
'#DoesNotExist')
deleg_proof = RegisterDocumentHelper.get_register_delegation_proof_by_controller(
issuer, doc, include_auth=True)
assert not deleg_proof
def test_can_get_auth_delegation_by_controller(auth_deleg_proof,
min_doc_owner_pub_key):
doc = get_doc_with_keys(deleg_auth=auth_deleg_proof.values(),
public_keys=[min_doc_owner_pub_key])
delegation_name = '#DelegAuthKey2'
expected_deleg_proof = auth_deleg_proof[delegation_name]
deleg_proof = RegisterDocumentHelper.get_register_delegation_proof_by_controller(
expected_deleg_proof.controller, doc, include_auth=True)
assert deleg_proof == expected_deleg_proof
def is_allowed_for(issuer: Issuer, issuer_doc: RegisterDocument, subject_doc: RegisterDocument,
include_auth: bool) -> bool:
"""
Check if the issuer is allowed for control (authentication if include_auth = True) on the subject register
document.
Issuer is allowed if both the issuer and subject register document are not revoked
AND (
( the issuer is the owner of the subject register document
OR
if a include_auth=True the issuer is in the authentication public keys of the subject register document
)
OR
the issuer is delegated for control (authentication if include_auth = True) with a valid delegation proof
on the subject registered document
)
:param issuer: issuer
:param issuer_doc: issuer register document
:param subject_doc: subject register document
:param include_auth: include authentication keys and delegation proof is set to True
:return: True is allowed else False
"""
if issuer_doc.revoked or subject_doc.revoked:
return False
if is_same_identifier(issuer.did, subject_doc.did): # it is the same document
issuer_key = RegisterDocumentHelper.get_issuer_register_key(issuer.name, subject_doc, include_auth)
if issuer_key and not issuer_key.revoked:
return True
delegation_proof = RegisterDocumentHelper.get_register_delegation_proof_by_controller(issuer, subject_doc,
include_auth)
if delegation_proof:
try:
DelegationValidation.validate_delegation_from_doc(subject_doc.did, issuer_doc, delegation_proof)
except IdentityInvalidDocumentDelegationError:
return False
return not delegation_proof.revoked
return False
