예제 #1
0
def test_can_validate_document_with_delegation_against_resolver(valid_doc):
    delegated_doc1, deleg_key1 = get_valid_delegated_doc_and_deleg_proof(
        new_seed(),
        '#issuer1',
        delegating_doc_id=valid_doc.did,
        deleg_name='#DelegDoc1')
    delegated_doc2, deleg_key2 = get_valid_delegated_doc_and_deleg_proof(
        new_seed(),
        '#issuer2',
        delegating_doc_id=valid_doc.did,
        deleg_name='#DelegDoc2')

    valid_doc = RegisterDocumentBuilder() \
        .add_control_delegation_obj(deleg_key1) \
        .add_control_delegation_obj(deleg_key2) \
        .add_authentication_delegation(deleg_key1.name + 'auth', deleg_key1.controller, deleg_key1.proof,
                                       deleg_key1.revoked) \
        .add_authentication_delegation(deleg_key2.name + 'auth', deleg_key2.controller, deleg_key2.proof,
                                       deleg_key2.revoked) \
        .build_from_existing(valid_doc)
    resolver_client = ResolverClientTest(
        docs={
            valid_doc.did: valid_doc,
            delegated_doc1.did: delegated_doc1,
            delegated_doc2.did: delegated_doc2
        })
    assert is_validator_run_success(
        DocumentValidation.validate_document_against_resolver, resolver_client,
        valid_doc)
예제 #2
0
def test_validate_document_against_resolver_raises_validation_error_if_resolver_error(
        valid_doc):
    _, deleg_key = get_valid_delegated_doc_and_deleg_proof(
        new_seed(),
        '#issuer1',
        delegating_doc_id=valid_doc.did,
        deleg_name='#DelegDoc1')

    valid_doc = RegisterDocumentBuilder() \
        .add_control_delegation_obj(deleg_key) \
        .build_from_existing(valid_doc)

    # Initialised without the delegation doc so a not found will be raised
    resolver_client = ResolverClientTest(docs={valid_doc.did: valid_doc})
    with pytest.raises(IdentityInvalidDocumentError) as err_wrapper:
        is_validator_run_success(
            DocumentValidation.validate_document_against_resolver,
            resolver_client, valid_doc)
    assert isinstance(err_wrapper.value.__cause__, IdentityResolverError)
예제 #3
0
def test_can_validate_allowed_for_auth_with_controller_doc(
        allowed_issuer, allowed_issuer_doc):
    controller_issuer_doc = allowed_issuer_doc
    controller_issuer = Issuer.build(controller_issuer_doc.did, '#Plop')
    a_doc_with_controller_allowed_for_auth = get_valid_document(
        new_seed(), '#ASubject', controller=controller_issuer)
    resolver_docs = {
        controller_issuer.did:
        controller_issuer_doc,
        a_doc_with_controller_allowed_for_auth.did:
        a_doc_with_controller_allowed_for_auth
    }
    resolver_client = ResolverClientTest(docs=resolver_docs)

    assert is_validator_run_success(
        IdentityAuthValidation.validate_allowed_for_auth,
        resolver_client,
        allowed_issuer,
        subject_id=a_doc_with_controller_allowed_for_auth.did)
예제 #4
0
def test_verify_authentication_raises_auth_error_if_token_not_allowed(
        authentication_subject_doc, allowed_issuer, valid_private_key):
    other_doc_with_auth_or_delegation_link = get_valid_document(
        new_seed(), '#OtherDoc')
    token_signed_with_an_other_private_key = JwtTokenHelper.create_auth_token(
        iss=str(allowed_issuer),
        sub=other_doc_with_auth_or_delegation_link.did,
        aud='http://audience/',
        duration=360,
        private_key=valid_private_key)
    resolver_docs = {
        authentication_subject_doc.did:
        authentication_subject_doc,
        other_doc_with_auth_or_delegation_link.did:
        other_doc_with_auth_or_delegation_link
    }
    resolver_client = ResolverClientTest(docs=resolver_docs)
    with pytest.raises(IdentityAuthenticationFailed) as err_wrapper:
        IdentityAuthValidation.verify_authentication(
            resolver_client, token=token_signed_with_an_other_private_key)
    assert isinstance(err_wrapper.value.__cause__, IdentityNotAllowed)
예제 #5
0
def test_validate_document_against_resolver_raises_validation_error_if_invalid_delegation(
        valid_doc, other_key_pair, deleg_type):
    wrong_deleg_id = make_identifier(other_key_pair.public_bytes)
    delegated_doc1, inconsistent_deleg_key = get_valid_delegated_doc_and_deleg_proof(
        new_seed(),
        '#issuer1',
        delegating_doc_id=wrong_deleg_id,
        deleg_name='#DelegDoc1')

    builder = RegisterDocumentBuilder()
    if deleg_type == 'auth':
        builder.add_authentication_delegation_obj(inconsistent_deleg_key)
    else:
        builder.add_control_delegation_obj(inconsistent_deleg_key)
    doc_with_invalid_delegation = builder.build_from_existing(valid_doc)
    resolver_client = ResolverClientTest(docs={
        valid_doc.did: valid_doc,
        delegated_doc1.did: delegated_doc1
    })
    with pytest.raises(IdentityInvalidDocumentError) as err_wrapper:
        is_validator_run_success(
            DocumentValidation.validate_document_against_resolver,
            resolver_client, doc_with_invalid_delegation)
    assert isinstance(err_wrapper.value.__cause__, IdentityInvalidProofError)