def test_can_remove_public_key_building_from_existing_doc( doc_did, doc_proof, doc_keys, remove_key_name, get_key_set): existing_doc = RegisterDocumentBuilder() \ .add_public_key_obj(doc_keys['#pub_key1']) \ .add_public_key_obj(doc_keys['#pub_key2']) \ .add_authentication_key_obj(doc_keys['#auth_key1']) \ .add_authentication_key_obj(doc_keys['#auth_key2']) \ .add_control_delegation_obj(doc_keys['#deleg_control_key1']) \ .add_control_delegation_obj(doc_keys['#deleg_control_key2']) \ .add_authentication_delegation_obj(doc_keys['#deleg_auth_key1']) \ .add_authentication_delegation_obj(doc_keys['#deleg_auth_key2']) \ .build(did=doc_did, purpose=DIDType.TWIN, proof=doc_proof, revoked=True) new_doc = RegisterDocumentBuilder() \ .set_keys_from_existing(existing_doc) \ .remove_key(remove_key_name) \ .build_from_existing(existing_doc, populate_with_doc_keys=False) existing_doc_key_set = get_key_set(existing_doc) assert len(existing_doc_key_set) == 2 assert remove_key_name in existing_doc_key_set new_doc_key_set = get_key_set(new_doc) assert len(new_doc_key_set) == 1 assert remove_key_name not in new_doc_key_set existing_doc_key_set.pop(remove_key_name) assert existing_doc_key_set == new_doc_key_set
def add_doc_key(self, doc: RegisterDocument, key: RegisterKeyBase) -> RegisterDocument: """ Add a new register key to the register document :param doc: register document :param key: register key base :raises: IdentityInvalidDocumentError: if invalid document IdentityRegisterDocumentKeyConflictError: if key name is not unique """ builder = RegisterDocumentBuilder() self.add_key_to_builder(builder, key) return builder.build_from_existing(doc)
def test_can_build_a_register_doc_with_min_data(doc_did, doc_proof, min_doc_owner_pub_key): now_before_create = get_unix_time_ms() new_doc = RegisterDocumentBuilder() \ .add_public_key_obj(min_doc_owner_pub_key) \ .build(did=doc_did, purpose=DIDType.USER, proof=doc_proof, revoked=False) assert new_doc.did == doc_did assert new_doc.proof == doc_proof assert new_doc.purpose == DIDType.USER assert not new_doc.revoked # Default values assert new_doc.spec_version == DOCUMENT_VERSION assert new_doc.metadata == Metadata() assert not new_doc.creator assert now_before_create <= new_doc.update_time <= get_unix_time_ms() assert not new_doc.controller assert new_doc.public_keys == { min_doc_owner_pub_key.name: min_doc_owner_pub_key } assert not new_doc.auth_keys assert not new_doc.auth_delegation_proof assert not new_doc.control_delegation_proof
def get_valid_doc_from_token( token: str, get_controller_doc: GetControllerDocFunc) -> RegisterDocument: """ Get a valid RegisterDocument from a resolver token. :param token: resolver token :param get_controller_doc: get controller register document function :return: valid register document :raises: IdentityResolverError: if invalid token IdentityResolverError: if invalid document """ try: unverified = JwtTokenHelper.decode_token(token) doc = RegisterDocumentBuilder().build_from_dict(unverified['doc']) issuer = Issuer.from_string(unverified['iss']) issuer_key = RegisterDocumentHelper.get_valid_issuer_key_for_control_only( doc, issuer.name, get_controller_doc) if not issuer_key: raise IdentityInvalidRegisterIssuerError( f'Invalid issuer {issuer}') JwtTokenHelper.decode_and_verify_token( token, issuer_key.public_key_base58, unverified['aud']) return doc except (KeyError, ValueError, IdentityValidationError, IdentityInvalidRegisterIssuerError) as exc: raise IdentityResolverError( f'Can not deserialized invalid resolver token: \'{exc}\'' ) from exc
def test_can_validate_document_with_delegation_against_resolver(valid_doc): delegated_doc1, deleg_key1 = get_valid_delegated_doc_and_deleg_proof( new_seed(), '#issuer1', delegating_doc_id=valid_doc.did, deleg_name='#DelegDoc1') delegated_doc2, deleg_key2 = get_valid_delegated_doc_and_deleg_proof( new_seed(), '#issuer2', delegating_doc_id=valid_doc.did, deleg_name='#DelegDoc2') valid_doc = RegisterDocumentBuilder() \ .add_control_delegation_obj(deleg_key1) \ .add_control_delegation_obj(deleg_key2) \ .add_authentication_delegation(deleg_key1.name + 'auth', deleg_key1.controller, deleg_key1.proof, deleg_key1.revoked) \ .add_authentication_delegation(deleg_key2.name + 'auth', deleg_key2.controller, deleg_key2.proof, deleg_key2.revoked) \ .build_from_existing(valid_doc) resolver_client = ResolverClientTest( docs={ valid_doc.did: valid_doc, delegated_doc1.did: delegated_doc1, delegated_doc2.did: delegated_doc2 }) assert is_validator_run_success( DocumentValidation.validate_document_against_resolver, resolver_client, valid_doc)
def test_building_a_register_doc_from_dict_raises_a_validation_error_if_invalid_data( full_doc, invalid_data_mutation): doc_as_dict = full_doc.to_dict() invalid_data_mutation(doc_as_dict) with pytest.raises(IdentityValidationError): RegisterDocumentBuilder() \ .build_from_dict(doc_as_dict)
def test_building_a_register_doc_raises_a_validation_error_if_no_controller_and_no_pub_key( doc_did, doc_proof): with pytest.raises(IdentityInvalidDocumentError): RegisterDocumentBuilder() \ .build(did=doc_did, purpose=DIDType.USER, proof=doc_proof, revoked=False)
def register_doc(valid_key_pair_secrets, valid_issuer): proof = Proof.build(valid_key_pair_secrets, valid_issuer, content=valid_issuer.did.encode()) key_pair = KeyPairSecretsHelper.get_key_pair(valid_key_pair_secrets) return RegisterDocumentBuilder() \ .add_public_key(valid_issuer.name, key_pair.public_base58, revoked=False) \ .build(valid_issuer.did, DIDType.USER, proof.signature, revoked=False)
def test_can_remove_not_existing_key_without_error(doc_did, doc_proof, doc_keys, get_key_set): existing_doc = RegisterDocumentBuilder() \ .add_public_key_obj(doc_keys['#pub_key1']) \ .add_authentication_key_obj(doc_keys['#auth_key1']) \ .add_control_delegation_obj(doc_keys['#deleg_control_key1']) \ .add_authentication_delegation_obj(doc_keys['#deleg_auth_key1']) \ .build(did=doc_did, purpose=DIDType.TWIN, proof=doc_proof, revoked=True) new_doc = RegisterDocumentBuilder() \ .set_keys_from_existing(existing_doc) \ .remove_key('#NotExistingKey') \ .build_from_existing(existing_doc, populate_with_doc_keys=False) existing_doc_key_set = get_key_set(existing_doc) new_doc_key_set = get_key_set(new_doc) assert existing_doc_key_set == new_doc_key_set
def test_building_a_register_doc_raises_if_same_key_is_added_twice(doc_keys): duplicate_pub_key1 = RegisterPublicKey( name=doc_keys['#pub_key1'].name, base58=get_public_base_58_key(), revoked=doc_keys['#pub_key1'].revoked) with pytest.raises(IdentityRegisterDocumentKeyConflictError): RegisterDocumentBuilder() \ .add_public_key_obj(doc_keys['#pub_key1']) \ .add_public_key_obj(duplicate_pub_key1)
def test_building_a_register_doc_raises_a_validation_error_if_unsupported_version( doc_did, doc_proof, min_doc_owner_pub_key): with pytest.raises(IdentityInvalidDocumentError): RegisterDocumentBuilder() \ .add_public_key_obj(min_doc_owner_pub_key) \ .build(did=doc_did, purpose=DIDType.USER, proof=doc_proof, revoked=False, spec_version='!!unsupported!!')
def test_can_decode_doc_token(valid_issuer, valid_private_key, register_doc): audience = 'http://somehting' token = JwtTokenHelper.create_doc_token(issuer=valid_issuer, audience=audience, doc=register_doc, private_key=valid_private_key) decoded = JwtTokenHelper.decode_token(token) assert decoded['iss'] == str(valid_issuer) assert decoded['aud'] == audience decoded_doc = RegisterDocumentBuilder().build_from_dict(decoded['doc']) compare_doc(register_doc, decoded_doc)
def test_can_build_a_register_doc_with_full_data(doc_keys, doc_did, doc_proof, doc_controller): now_before_create = get_unix_time_ms() metadata = Metadata.build('a label', 'a comment', 'http://a/url') spec_version = SUPPORTED_VERSIONS[0] creator = 'did:iotics:iotHHHHKpPGWyEC4FFo4d6oyzVVk6MEEEEgY' new_doc = RegisterDocumentBuilder() \ .add_public_key(doc_keys['#pub_key1'].name, doc_keys['#pub_key1'].base58, doc_keys['#pub_key1'].revoked) \ .add_public_key_obj(doc_keys['#pub_key2']) \ .add_authentication_key(doc_keys['#auth_key1'].name, doc_keys['#auth_key1'].base58, doc_keys['#auth_key1'].revoked) \ .add_authentication_key_obj(doc_keys['#auth_key2']) \ .add_control_delegation(doc_keys['#deleg_control_key1'].name, doc_keys['#deleg_control_key1'].controller, doc_keys['#deleg_control_key1'].proof, doc_keys['#deleg_control_key1'].revoked) \ .add_control_delegation_obj(doc_keys['#deleg_control_key2']) \ .add_authentication_delegation(doc_keys['#deleg_auth_key1'].name, doc_keys['#deleg_auth_key1'].controller, doc_keys['#deleg_auth_key1'].proof, doc_keys['#deleg_auth_key1'].revoked) \ .add_authentication_delegation_obj(doc_keys['#deleg_auth_key2']) \ .build(did=doc_did, purpose=DIDType.TWIN, proof=doc_proof, revoked=True, metadata=metadata, creator=creator, spec_version=spec_version, controller=doc_controller) assert new_doc.did == doc_did assert new_doc.proof == doc_proof assert new_doc.purpose == DIDType.TWIN assert new_doc.revoked assert new_doc.spec_version == spec_version assert new_doc.metadata == metadata assert new_doc.creator == creator assert now_before_create <= new_doc.update_time <= get_unix_time_ms() assert new_doc.controller == doc_controller assert len(new_doc.public_keys) == 2 compare_key(doc_keys['#pub_key1'], new_doc.public_keys['#pub_key1']) compare_key(doc_keys['#pub_key2'], new_doc.public_keys['#pub_key2']) assert len(new_doc.auth_keys) == 2 compare_key(doc_keys['#auth_key1'], new_doc.auth_keys['#auth_key1']) compare_key(doc_keys['#auth_key2'], new_doc.auth_keys['#auth_key2']) assert len(new_doc.control_delegation_proof) == 2 compare_delegation(doc_keys['#deleg_control_key1'], new_doc.control_delegation_proof['#deleg_control_key1']) compare_delegation(doc_keys['#deleg_control_key2'], new_doc.control_delegation_proof['#deleg_control_key2']) assert len(new_doc.public_keys) == 2 compare_delegation(doc_keys['#deleg_auth_key1'], new_doc.auth_delegation_proof['#deleg_auth_key1']) compare_delegation(doc_keys['#deleg_auth_key2'], new_doc.auth_delegation_proof['#deleg_auth_key2'])
def invalid_doc_invalid_proof(valid_doc, doc_invalid_proof, valid_key_pair_secrets): public_base58 = KeyPairSecretsHelper.get_public_key_base58_from_key_pair_secrets( valid_key_pair_secrets) doc_id = valid_doc.did return RegisterDocumentBuilder() \ .add_public_key_obj(RegisterPublicKey('#Owner', public_base58, revoked=False)) \ .build(doc_id, DIDType.TWIN, proof=doc_invalid_proof.signature, revoked=False)
def test_can_build_a_register_doc_with_controller_and_not_owner_public_key( doc_did, doc_proof): controller = 'did:iotics:iotHHHHKpPGWWWC4FFo4d6oyzVVk6MXLmEgY#AController' new_doc = RegisterDocumentBuilder() \ .build(did=doc_did, purpose=DIDType.USER, proof=doc_proof, revoked=False, controller=controller) assert not new_doc.public_keys assert new_doc.controller == controller
def test_get_owner_public_key_returns_none_if_not_found( valid_key_pair, other_key_pair): doc_id = make_identifier(valid_key_pair.public_bytes) doc = RegisterDocumentBuilder() \ .add_public_key_obj(RegisterPublicKey('#NotOwner', other_key_pair.public_base58, revoked=False)) \ .build(doc_id, DIDType.TWIN, proof='a proof, does not matter here', revoked=False) key = RegisterDocumentHelper.get_owner_register_public_key(doc) assert not key
def remove_doc_key(doc: RegisterDocument, key_name: str) -> RegisterDocument: """ Remove a register key from a register document :param doc: register document :param key_name: register key name :return: """ return RegisterDocumentBuilder() \ .set_keys_from_existing(doc) \ .remove_key(key_name) \ .build_from_existing(doc, populate_with_doc_keys=False)
def invalid_doc_no_owner_key(valid_doc, valid_issuer, valid_key_pair_secrets, other_key_pair_secrets): public_base58 = KeyPairSecretsHelper.get_public_key_base58_from_key_pair_secrets( other_key_pair_secrets) doc_id = valid_doc.did return RegisterDocumentBuilder() \ .add_public_key_obj(RegisterPublicKey('#KeyNotFromOwner', public_base58, revoked=False)) \ .build(doc_id, DIDType.TWIN, proof=Proof.build(valid_key_pair_secrets, valid_issuer, content=doc_id.encode()).signature, revoked=False)
def revoke_doc_key(self, doc: RegisterDocument, key_name: str, revoked: bool) -> RegisterDocument: """ Create a new document setting revoked to the key associated to the key name :param doc: a register document :param key_name: a key name :param revoked: is the key revoked :return: a register document :raises: - IdentityRegisterDocumentKeyNotFoundError: if the key to revoke is not found """ key = self.get_key_from_doc(doc, key_name) if not key: raise IdentityRegisterDocumentKeyNotFoundError(f'Can mot revoke key {key_name} fron document {doc.did}:' f'key not found') builder = RegisterDocumentBuilder() \ .set_keys_from_existing(doc) \ .remove_key(key_name) self.add_key_to_builder(builder, key.get_new_key(revoked)) return builder.build_from_existing(doc, populate_with_doc_keys=False)
def test_building_a_register_doc_raises_if_same_delegation_is_added_twice( doc_keys): duplicate_deleg_control_key1 = RegisterDelegationProof( name=doc_keys['#deleg_control_key1'].name, controller=Issuer('did:iotics:iotHjrmKpPGWyEC4FFo4d6oyzVVk6MXFFFFF', '#AController'), proof=doc_keys['#deleg_control_key1'].proof, revoked=doc_keys['#deleg_control_key1'].revoked) with pytest.raises(IdentityRegisterDocumentKeyConflictError): RegisterDocumentBuilder() \ .add_control_delegation_obj(doc_keys['#deleg_control_key1']) \ .add_control_delegation_obj(duplicate_deleg_control_key1)
def test_can_get_issuer_by_public_key(valid_key_pair): doc_did = make_identifier(valid_key_pair.public_bytes) key_issuer = Issuer.build(doc_did, '#AnIssuer') doc = RegisterDocumentBuilder() \ .add_public_key_obj(RegisterPublicKey(key_issuer.name, valid_key_pair.public_base58, revoked=False)) \ .build(key_issuer.did, DIDType.TWIN, proof='a proof, does not matter here', revoked=False) issuer = RegisterDocumentHelper.get_issuer_from_public_key( doc, valid_key_pair.public_base58) assert issuer == key_issuer
def doc_delegating_authentication(delegating_issuer_name, delegating_secrets, allowed_issuer_secrets, allowed_issuer): doc = get_valid_document_from_secret(delegating_secrets, delegating_issuer_name) delegating_issuer = Issuer.build(doc.did, delegating_issuer_name) proof = Proof.build(allowed_issuer_secrets, allowed_issuer, content=delegating_issuer.did.encode()) return RegisterDocumentBuilder() \ .add_authentication_delegation_obj(RegisterDelegationProof.build('#ADeleg', controller=allowed_issuer, proof=proof.signature)) \ .build_from_existing(doc)
def set_document_controller(self, doc_owner_key_pair: KeyPair, doc_owner_issuer: Issuer, controller: Issuer): """ Set register document controller issuer. :param controller: register document controller issuer :param doc_owner_key_pair: register document owner key pair :param doc_owner_issuer: register document owner issuer :raises: IdentityInvalidDocumentError: if invalid register document IdentityResolverError: if resolver error """ self._update_doc(doc_owner_key_pair, doc_owner_issuer, get_updated_doc=RegisterDocumentBuilder().build_from_existing, controller=controller)
def set_document_revoked(self, doc_owner_key_pair: KeyPair, doc_owner_issuer: Issuer, revoked: bool): """ Set register document revoke field. :param revoked: is register document revoked :param doc_owner_key_pair: register document owner key pair :param doc_owner_issuer: register document owner issuer :raises: IdentityInvalidDocumentError: if invalid register document IdentityResolverError: if resolver error """ self._update_doc(doc_owner_key_pair, doc_owner_issuer, get_updated_doc=RegisterDocumentBuilder().build_from_existing, revoked=revoked)
def set_document_creator(self, doc_owner_key_pair: KeyPair, doc_owner_issuer: Issuer, creator: str): """ Set register document creator. :param creator: register document creator decentralised identifier :param doc_owner_key_pair: register document owner key pair :param doc_owner_issuer: register document owner issuer :raises: IdentityValidationError: if invalid creator decentralised identifier IdentityInvalidDocumentError: if invalid register document IdentityResolverError: if resolver error """ self._update_doc(doc_owner_key_pair, doc_owner_issuer, get_updated_doc=RegisterDocumentBuilder().build_from_existing, creator=creator)
def test_can_build_a_register_doc_from_minimal_dict(minimal_doc): doc_as_dict = minimal_doc.to_dict() doc_as_dict.pop('authentication') doc_as_dict.pop('delegateControl') doc_as_dict.pop('delegateAuthentication') new_doc = RegisterDocumentBuilder().build_from_dict(doc_as_dict) assert new_doc.did == minimal_doc.did assert new_doc.purpose == minimal_doc.purpose assert new_doc.proof == minimal_doc.proof assert new_doc.revoked == minimal_doc.revoked assert new_doc.spec_version == minimal_doc.spec_version assert new_doc.metadata == minimal_doc.metadata assert new_doc.public_keys == minimal_doc.public_keys assert not new_doc.auth_keys assert not new_doc.control_delegation_proof assert not new_doc.auth_delegation_proof
def get_valid_document_from_secret(secrets: KeyPairSecrets, issuer_name: str, controller: Issuer = None): public_base58 = KeyPairSecretsHelper.get_public_key_base58_from_key_pair_secrets( secrets) public_bytes = base58.b58decode(public_base58) doc_id = make_identifier(public_bytes) proof = Proof.build(secrets, Issuer.build(doc_id, issuer_name), content=doc_id.encode()) return RegisterDocumentBuilder() \ .add_public_key_obj(RegisterPublicKey(issuer_name, public_base58, revoked=False)) \ .build(doc_id, DIDType.TWIN, proof=proof.signature, revoked=False, controller=controller)
def test_can_build_a_register_doc_from_an_other_doc(minimal_doc, full_doc, is_minimal): doc = minimal_doc if is_minimal else full_doc new_doc = RegisterDocumentBuilder().build_from_existing(doc) assert new_doc.did == doc.did assert new_doc.purpose == doc.purpose assert new_doc.proof == doc.proof assert new_doc.revoked == doc.revoked assert new_doc.spec_version == doc.spec_version assert new_doc.metadata == doc.metadata assert new_doc.creator == doc.creator assert new_doc.controller == doc.controller assert new_doc.public_keys == doc.public_keys assert new_doc.auth_keys == doc.auth_keys assert new_doc.control_delegation_proof == doc.control_delegation_proof assert new_doc.auth_delegation_proof == doc.auth_delegation_proof assert new_doc.update_time >= doc.update_time
def get_doc_with_keys(public_keys: Iterable[RegisterPublicKey] = None, auth_keys: Iterable[RegisterAuthenticationPublicKey] = None, deleg_control: Iterable[RegisterDelegationProof] = None, deleg_auth: Iterable[RegisterDelegationProof] = None, controller: str = None, did: str = None) -> RegisterDocument: builder = RegisterDocumentBuilder() _ = [builder.add_public_key_obj(k) for k in (public_keys or ())] _ = [builder.add_authentication_key_obj(k) for k in (auth_keys or ())] _ = [builder.add_control_delegation_obj(k) for k in (deleg_control or ())] _ = [builder.add_authentication_delegation_obj(k) for k in (deleg_auth or ())] return builder.build(did=did or 'did:iotics:iotHHHHKpPGWyEC4FFo4d6oyzVVk6MXLmEgY', purpose=DIDType.TWIN, proof='a proof', revoked=True, controller=controller)
def test_validate_document_against_resolver_raises_validation_error_if_resolver_error( valid_doc): _, deleg_key = get_valid_delegated_doc_and_deleg_proof( new_seed(), '#issuer1', delegating_doc_id=valid_doc.did, deleg_name='#DelegDoc1') valid_doc = RegisterDocumentBuilder() \ .add_control_delegation_obj(deleg_key) \ .build_from_existing(valid_doc) # Initialised without the delegation doc so a not found will be raised resolver_client = ResolverClientTest(docs={valid_doc.did: valid_doc}) with pytest.raises(IdentityInvalidDocumentError) as err_wrapper: is_validator_run_success( DocumentValidation.validate_document_against_resolver, resolver_client, valid_doc) assert isinstance(err_wrapper.value.__cause__, IdentityResolverError)