def test_can_revoke_delegation_proof(base_doc_issuer, valid_key_pair,
get_api_call, doc_deleg_set,
deleg_doc_did, deleg_name):
doc = get_doc_with_keys(deleg_control=[
RegisterDelegationProof.build('#Deleg1',
controller=Issuer(
deleg_doc_did, '#plop2'),
proof='proof',
revoked=False)
],
deleg_auth=[
RegisterDelegationProof.build(
'#Deleg2',
controller=Issuer(deleg_doc_did, '#plop2'),
proof='proof',
revoked=False)
],
public_keys=[
RegisterPublicKey.build('#MandatoryKey',
'base58Key1',
revoked=False)
],
did=base_doc_issuer.did)
resolver_client = ResolverClientTest(docs={base_doc_issuer.did: doc})
assert not doc_deleg_set(doc)[deleg_name].revoked
api = AdvancedIdentityRegisterApi(resolver_client)
get_api_call(api)(deleg_name,
revoked=True,
doc_owner_issuer=base_doc_issuer,
doc_owner_key_pair=valid_key_pair)
updated_doc = resolver_client.docs[base_doc_issuer.did]
assert doc_deleg_set(updated_doc)[deleg_name].revoked
def test_can_get_issuer_from_auth_keys(auth_keys, min_doc_owner_pub_key):
doc = get_doc_with_keys(auth_keys=auth_keys.values(),
public_keys=[min_doc_owner_pub_key])
issuer_name = '#AuthKey2'
issuer_key = RegisterDocumentHelper.get_issuer_register_key(
issuer_name, doc, include_auth=True)
assert issuer_key == auth_keys[issuer_name]
def test_get_issuer_from_auth_keys_returns_none_if_not_found(
auth_keys, min_doc_owner_pub_key):
doc = get_doc_with_keys(auth_keys=auth_keys.values(),
public_keys=[min_doc_owner_pub_key])
issuer_name = '#DoesNotExist'
issuer_key = RegisterDocumentHelper.get_issuer_register_key(
issuer_name, doc, include_auth=True)
assert not issuer_key
def test_can_get_issuer_from_auth_delegation(auth_deleg_proof,
min_doc_owner_pub_key):
doc = get_doc_with_keys(deleg_auth=auth_deleg_proof.values(),
public_keys=[min_doc_owner_pub_key])
issuer_name = '#DelegAuthKey2'
issuer_key = RegisterDocumentHelper.get_issuer_register_delegation_proof(
issuer_name, doc, include_auth=True)
assert issuer_key == auth_deleg_proof[issuer_name]
def test_get_issuer_from_control_delegation_returns_none_if_not_found(
control_deleg_proof, min_doc_owner_pub_key):
doc = get_doc_with_keys(deleg_control=control_deleg_proof.values(),
public_keys=[min_doc_owner_pub_key])
issuer_name = '#DoesNotExist'
issuer_key = RegisterDocumentHelper.get_issuer_register_delegation_proof(
issuer_name, doc, include_auth=False)
assert not issuer_key
def invalid_doc(doc_did, valid_issuer_key):
return get_doc_with_keys(did=doc_did,
public_keys=[
RegisterPublicKey.build(
'#Key1',
valid_issuer_key.public_key_base58,
revoked=False),
])
def get_delegation_doc_for(controller_name: str, doc_id: str,
public_base58: str) -> RegisterDocument:
return get_doc_with_keys(did=doc_id,
public_keys=[
RegisterPublicKey.build(controller_name,
public_base58,
revoked=False),
])
def get_docs_for_issuer_key_from_public_keys(
doc_did: str, issuer: Issuer) -> Dict[str, RegisterDocument]:
"""
The issuer is directly in the current doc public keys
"""
doc = get_doc_with_keys(public_keys=[
RegisterPublicKey.build(issuer.name, 'base58Key1', revoked=False)
])
return {doc_did: doc}
def test_get_auth_delegation_by_controller_returns_none_if_not_found(
auth_deleg_proof, min_doc_owner_pub_key):
doc = get_doc_with_keys(deleg_auth=auth_deleg_proof.values(),
public_keys=[min_doc_owner_pub_key])
issuer = Issuer.build('did:iotics:iotHHHHKpPGWyEC4FFo4d6oyzVVk6MXLmEgY',
'#DoesNotExist')
deleg_proof = RegisterDocumentHelper.get_register_delegation_proof_by_controller(
issuer, doc, include_auth=True)
assert not deleg_proof
def test_can_get_auth_delegation_by_controller(auth_deleg_proof,
min_doc_owner_pub_key):
doc = get_doc_with_keys(deleg_auth=auth_deleg_proof.values(),
public_keys=[min_doc_owner_pub_key])
delegation_name = '#DelegAuthKey2'
expected_deleg_proof = auth_deleg_proof[delegation_name]
deleg_proof = RegisterDocumentHelper.get_register_delegation_proof_by_controller(
expected_deleg_proof.controller, doc, include_auth=True)
assert deleg_proof == expected_deleg_proof
def test_get_issuer_from_auth_delegation_returns_none_if_in_auth_keys_but_auth_not_included(
auth_deleg_proof, min_doc_owner_pub_key):
doc = get_doc_with_keys(deleg_auth=auth_deleg_proof.values(),
public_keys=[min_doc_owner_pub_key])
issuer_name = '#DelegAuthKey2'
assert issuer_name in doc.auth_delegation_proof
issuer_key = RegisterDocumentHelper.get_issuer_register_delegation_proof(
issuer_name, doc, include_auth=False)
assert not issuer_key
def simple_doc(doc_did, valid_issuer_key):
return get_doc_with_keys(
did=doc_did,
public_keys=[
RegisterPublicKey.build(valid_issuer_key.issuer.name,
valid_issuer_key.public_key_base58,
revoked=False)
],
)
def test_get_issuer_from_auth_keys_returns_none_if_in_auth_keys_but_auth_not_included(
auth_keys, min_doc_owner_pub_key):
doc = get_doc_with_keys(auth_keys=auth_keys.values(),
public_keys=[min_doc_owner_pub_key])
issuer_name = '#AuthKey2'
assert issuer_name in doc.auth_keys
issuer_key = RegisterDocumentHelper.get_issuer_register_key(
issuer_name, doc, include_auth=False)
assert not issuer_key
def get_docs_for_issuer_key_from_auth_delegation(
doc_did: str, deleg_doc_did: str,
issuer: Issuer) -> Dict[str, RegisterDocument]:
"""
The issuer is in the auth delegation of the provided doc
And the issuer is in the auth keys of the delegation doc
"""
doc = get_doc_with_keys(deleg_control=[
RegisterDelegationProof.build(issuer.name,
controller=Issuer(
'deleg_doc_did', '#plop'),
proof='proof',
revoked=False),
])
deleg_doc = get_doc_with_keys(public_keys=[
RegisterPublicKey.build(issuer.name, 'base58Key1', revoked=False)
])
return {doc_did: doc, deleg_doc_did: deleg_doc}
def doc_with_doc_deleg(valid_issuer_key, doc_did, deleg_doc_did):
doc = get_doc_with_keys(
did=doc_did,
public_keys=[
RegisterPublicKey.build('#Key1', 'base58Key1', revoked=False)
],
deleg_control=[
RegisterDelegationProof.build(valid_issuer_key.issuer.name,
controller=Issuer.build(
deleg_doc_did, '#plop1'),
proof='aproof',
revoked=False),
],
)
deleg_doc = get_doc_with_keys(did=deleg_doc_did,
public_keys=[
RegisterPublicKey.build(
valid_issuer_key.issuer.name,
valid_issuer_key.public_key_base58,
revoked=False),
])
return doc, deleg_doc
def test_validate_delegation_raises_validation_error_if_public_key_not_in_deleg_controller_doc(
doc_did, deleg_doc_did, valid_issuer_key, valid_key_pair_secrets):
controller_name = '#AController'
deleg_proof = get_delegation_register_proof(
subject_key_pair_secrets=valid_key_pair_secrets,
content=doc_did.encode(),
p_type=DelegationProofType.DID,
subject_issuer=Issuer.build(deleg_doc_did, controller_name))
deleg_doc = get_doc_with_keys(did=doc_did,
public_keys=[
RegisterPublicKey.build(
'#NotMatchingTheController',
valid_issuer_key.public_key_base58,
revoked=False),
])
resolver_client = ResolverClientTest({deleg_doc_did: deleg_doc})
with pytest.raises(IdentityInvalidDocumentDelegationError) as err_wrapper:
DelegationValidation.validate_delegation(resolver_client,
doc_id=doc_did,
deleg_proof=deleg_proof)
assert isinstance(err_wrapper.value.__cause__, IdentityValidationError)
def register_doc_and_deleg_doc(
doc_did: str,
deleg_doc_did: str) -> Tuple[RegisterDocument, RegisterDocument]:
"""
Creates a document and a delegation document with all the key combinations (See KEY_NAMES)
for the "get issuer from" tests with and without delegation and with and without included authentication
"""
doc = get_doc_with_keys(
did=doc_did,
public_keys=[
RegisterPublicKey.build(KEYS_NAMES.key_only_in_doc_pub_keys,
'base58Key1',
revoked=False)
],
auth_keys=[
RegisterAuthenticationPublicKey.build(
KEYS_NAMES.key_only_in_doc_auth_keys,
'base58Key2',
revoked=False)
],
deleg_control=[
RegisterDelegationProof.build(
KEYS_NAMES.key_in_doc_control_deleg_and_deleg_doc_pub_keys,
controller=Issuer('deleg_doc_did', '#plop1'),
proof='aproof',
revoked=False),
RegisterDelegationProof.build(
KEYS_NAMES.key_in_doc_control_deleg_and_deleg_doc_auth_keys,
controller=Issuer('deleg_doc_did', '#plop2'),
proof='aproof',
revoked=False),
RegisterDelegationProof.build(
KEYS_NAMES.key_in_doc_control_deleg_and_not_in_deleg_doc,
controller=Issuer('deleg_doc_did', '#plop3'),
proof='aproof',
revoked=False),
],
deleg_auth=[
RegisterDelegationProof.build(
KEYS_NAMES.key_in_doc_auth_deleg_and_deleg_doc_pub_keys,
controller=Issuer('deleg_doc_did', '#plop4'),
proof='aproof',
revoked=False),
RegisterDelegationProof.build(
KEYS_NAMES.key_in_doc_auth_deleg_and_deleg_doc_auth_keys,
controller=Issuer('deleg_doc_did', '#plop5'),
proof='aproof',
revoked=False),
RegisterDelegationProof.build(
KEYS_NAMES.key_in_doc_auth_deleg_and_not_in_deleg_doc,
controller=Issuer('deleg_doc_did', '#plop6'),
proof='aproof',
revoked=False),
],
)
deleg_doc = get_doc_with_keys(
did=deleg_doc_did,
public_keys=[
RegisterPublicKey.build(
KEYS_NAMES.key_in_doc_control_deleg_and_deleg_doc_pub_keys,
'base58K11',
revoked=False),
RegisterPublicKey.build(
KEYS_NAMES.key_in_doc_auth_deleg_and_deleg_doc_pub_keys,
'base58K12',
revoked=False)
],
auth_keys=[
RegisterAuthenticationPublicKey.build(
KEYS_NAMES.key_in_doc_control_deleg_and_deleg_doc_auth_keys,
'base58K13',
revoked=False),
RegisterAuthenticationPublicKey.build(
KEYS_NAMES.key_in_doc_auth_deleg_and_deleg_doc_auth_keys,
'base58K14',
revoked=False)
])
return doc, deleg_doc
def test_is_issuer_in_keys_returns_true_if_issuer_in_auth_keys(
public_keys, auth_keys, issuer_name, include_auth, expected_res):
doc = get_doc_with_keys(public_keys.values(), auth_keys.values())
assert RegisterDocumentHelper.is_issuer_in_keys(
issuer_name, doc, include_auth) == expected_res
def test_can_get_issuer_from_public_keys(public_keys):
doc = get_doc_with_keys(public_keys=public_keys.values())
issuer_name = '#Key2'
issuer_key = RegisterDocumentHelper.get_issuer_register_key(
issuer_name, doc, include_auth=False)
assert issuer_key == public_keys[issuer_name]
def test_get_issuer_from_public_keys_returns_none_if_not_found(public_keys):
doc = get_doc_with_keys(public_keys=public_keys.values())
issuer_name = '#DoesNotExist'
issuer_key = RegisterDocumentHelper.get_issuer_register_key(
issuer_name, doc, include_auth=False)
assert not issuer_key
