def verify_remote_access(self, job_id, leaf_ddo, algorithm_ddo,
consumer_address, signature):
# 判断该cdt是算法cdt
if algorithm_ddo.services[0].type != 'algorithm':
return False
# 判断该算法cdt的有效性,涉及服务、证明、资源标识符和拥有者
if not self.verify_ddo(algorithm_ddo, consumer_address):
return False
# 判断签名的有效性
original_msg = f'{consumer_address}{job_id}'
if not self.verify_signature(consumer_address, signature,
original_msg):
return False
# 判断该远程计算已在链上存证
if cdt_to_id_bytes(algorithm_ddo.cdt
) != self.keeper.task_market.get_job(job_id)[0]:
return False
# 判断该算法cdt使用到了leaf_cdt资源
if self.get_leaf_index(leaf_ddo.cdt, algorithm_ddo) < 0:
return False
# 判断该算法cdt是否具有操作leaf_cdt资源的权限
_id = cdt_to_id(leaf_ddo.cdt)
_granted = cdt_to_id(algorithm_ddo.cdt)
if not self.keeper.cdt_registry.get_permission(_id, _granted):
return False
return True
def publish_ddo(self, ddo):
ipfs_path = self.ipfs_client.add(ddo.as_dictionary())
_id = cdt_to_id(ddo.cdt)
# 还需调整链上的checksum
w3 = Web3
checksum_test = w3.sha3(text='checksum')
self.keeper.cdt_registry.register(_id, checksum_test, ipfs_path,
self.account)
assert self.keeper.cdt_registry.get_cdt_owner(
add_0x_prefix(_id)) == self.account.address
return
def verify_ddo(self, ddo, owner_address):
service_dict = ddo.services[0].as_dictionary()
checksums = dict()
checksums[str(0)] = checksum(service_dict)
if (checksums != ddo.proof['checksum']) and (CDT.cdt(checksums) !=
ddo.cdt):
return False
original_msg = f'{cdt_to_id_bytes(ddo.cdt)}'
signature = ddo.proof['signatureValue']
if not self.verify_signature(owner_address, signature, original_msg):
return False
if self.keeper.cdt_registry.get_cdt_owner(cdt_to_id(
ddo.cdt)) != owner_address:
return False
return True
def add_job(self, taskid, algorithm_cdt):
_id = cdt_to_id(algorithm_cdt)
job_id = self.keeper.task_market.add_job(_id, taskid, self.account)
assert cdt_to_id_bytes(
algorithm_cdt) == self.keeper.task_market.get_job(job_id)[0]
return job_id
def grant_permission(self, computa_cdt, consumer_cdt):
_id = cdt_to_id(computa_cdt)
_consumer_id = cdt_to_id(consumer_cdt)
self.keeper.cdt_registry.grant_permission(_id, _consumer_id,
self.account)
assert self.keeper.cdt_registry.get_permission(_id, _consumer_id)