def from_challenge_token(resolver_client: ResolverClient,
challenge_token: str) -> 'Proof':
"""
Build proof from challenge token.
:param resolver_client: resolver client to get the registered documents
:param challenge_token: jwt challenge token
:return: valid proof
:raises:
IdentityValidationError: if invalid challenge token
"""
decoded_token = JwtTokenHelper.decode_token(challenge_token)
iss = decoded_token.get('iss')
aud = decoded_token.get('aud')
if not iss or not aud:
raise IdentityValidationError(
'Invalid challenge token, missing \'iss\' or \'aud\'')
issuer = Issuer.from_string(iss)
doc = resolver_client.get_document(issuer.did)
get_controller_doc = resolver_client.get_document
issuer_key = RegisterDocumentHelper.get_valid_issuer_key_for_control_only(
doc, issuer.name, get_controller_doc)
if not issuer_key:
raise IdentityInvalidRegisterIssuerError(
f'Invalid issuer {issuer}')
verified_token = JwtTokenHelper.decode_and_verify_token(
challenge_token, issuer_key.public_key_base58, aud)
return Proof(issuer_key.issuer, aud.encode('ascii'),
verified_token['proof'])
def get_valid_doc_from_token(
token: str,
get_controller_doc: GetControllerDocFunc) -> RegisterDocument:
"""
Get a valid RegisterDocument from a resolver token.
:param token: resolver token
:param get_controller_doc: get controller register document function
:return: valid register document
:raises:
IdentityResolverError: if invalid token
IdentityResolverError: if invalid document
"""
try:
unverified = JwtTokenHelper.decode_token(token)
doc = RegisterDocumentBuilder().build_from_dict(unverified['doc'])
issuer = Issuer.from_string(unverified['iss'])
issuer_key = RegisterDocumentHelper.get_valid_issuer_key_for_control_only(
doc, issuer.name, get_controller_doc)
if not issuer_key:
raise IdentityInvalidRegisterIssuerError(
f'Invalid issuer {issuer}')
JwtTokenHelper.decode_and_verify_token(
token, issuer_key.public_key_base58, unverified['aud'])
return doc
except (KeyError, ValueError, IdentityValidationError,
IdentityInvalidRegisterIssuerError) as exc:
raise IdentityResolverError(
f'Can not deserialized invalid resolver token: \'{exc}\''
) from exc
def test_get_valid_issuer_for_control_only_returns_none_if_not_found(
issuer_name, register_doc_and_deleg_doc):
def get_ctrl_doc(did: str):
assert did.startswith(did)
return deleg_doc
doc, deleg_doc = register_doc_and_deleg_doc
issuer_key = RegisterDocumentHelper.get_valid_issuer_key_for_control_only(
doc, issuer_name, get_ctrl_doc)
assert not issuer_key
def test_can_get_valid_issuer_for_control_only(issuer_name,
register_doc_and_deleg_doc):
doc, deleg_doc = register_doc_and_deleg_doc
def get_ctrl_doc(did: str):
assert did.startswith(did)
return deleg_doc
assert issuer_name in doc.public_keys or issuer_name in deleg_doc.public_keys
issuer_key = RegisterDocumentHelper.get_valid_issuer_key_for_control_only(
doc, issuer_name, get_ctrl_doc)
assert issuer_key.issuer == Issuer.build(doc.did, issuer_name)
expected_base58 = doc.public_keys.get(
issuer_name, deleg_doc.public_keys.get(issuer_name))
assert expected_base58, f'test setup error, {issuer_name} should be in one of the docs public keys'
assert issuer_key.public_key_base58 == expected_base58.base58
