def from_challenge_token(resolver_client: ResolverClient, challenge_token: str) -> 'Proof': """ Build proof from challenge token. :param resolver_client: resolver client to get the registered documents :param challenge_token: jwt challenge token :return: valid proof :raises: IdentityValidationError: if invalid challenge token """ decoded_token = JwtTokenHelper.decode_token(challenge_token) iss = decoded_token.get('iss') aud = decoded_token.get('aud') if not iss or not aud: raise IdentityValidationError( 'Invalid challenge token, missing \'iss\' or \'aud\'') issuer = Issuer.from_string(iss) doc = resolver_client.get_document(issuer.did) get_controller_doc = resolver_client.get_document issuer_key = RegisterDocumentHelper.get_valid_issuer_key_for_control_only( doc, issuer.name, get_controller_doc) if not issuer_key: raise IdentityInvalidRegisterIssuerError( f'Invalid issuer {issuer}') verified_token = JwtTokenHelper.decode_and_verify_token( challenge_token, issuer_key.public_key_base58, aud) return Proof(issuer_key.issuer, aud.encode('ascii'), verified_token['proof'])
def get_valid_doc_from_token( token: str, get_controller_doc: GetControllerDocFunc) -> RegisterDocument: """ Get a valid RegisterDocument from a resolver token. :param token: resolver token :param get_controller_doc: get controller register document function :return: valid register document :raises: IdentityResolverError: if invalid token IdentityResolverError: if invalid document """ try: unverified = JwtTokenHelper.decode_token(token) doc = RegisterDocumentBuilder().build_from_dict(unverified['doc']) issuer = Issuer.from_string(unverified['iss']) issuer_key = RegisterDocumentHelper.get_valid_issuer_key_for_control_only( doc, issuer.name, get_controller_doc) if not issuer_key: raise IdentityInvalidRegisterIssuerError( f'Invalid issuer {issuer}') JwtTokenHelper.decode_and_verify_token( token, issuer_key.public_key_base58, unverified['aud']) return doc except (KeyError, ValueError, IdentityValidationError, IdentityInvalidRegisterIssuerError) as exc: raise IdentityResolverError( f'Can not deserialized invalid resolver token: \'{exc}\'' ) from exc
def test_get_valid_issuer_for_control_only_returns_none_if_not_found( issuer_name, register_doc_and_deleg_doc): def get_ctrl_doc(did: str): assert did.startswith(did) return deleg_doc doc, deleg_doc = register_doc_and_deleg_doc issuer_key = RegisterDocumentHelper.get_valid_issuer_key_for_control_only( doc, issuer_name, get_ctrl_doc) assert not issuer_key
def test_can_get_valid_issuer_for_control_only(issuer_name, register_doc_and_deleg_doc): doc, deleg_doc = register_doc_and_deleg_doc def get_ctrl_doc(did: str): assert did.startswith(did) return deleg_doc assert issuer_name in doc.public_keys or issuer_name in deleg_doc.public_keys issuer_key = RegisterDocumentHelper.get_valid_issuer_key_for_control_only( doc, issuer_name, get_ctrl_doc) assert issuer_key.issuer == Issuer.build(doc.did, issuer_name) expected_base58 = doc.public_keys.get( issuer_name, deleg_doc.public_keys.get(issuer_name)) assert expected_base58, f'test setup error, {issuer_name} should be in one of the docs public keys' assert issuer_key.public_key_base58 == expected_base58.base58