def test_validate_document_proof_fails_if_invalid_proof( invalid_doc_invalid_proof): with pytest.raises(IdentityInvalidDocumentError) as err_wrapper: is_validator_run_success( DocumentValidation.validate_new_document_proof, invalid_doc_invalid_proof) assert isinstance(err_wrapper.value.__cause__, IdentityInvalidProofError)
def test_validate_proof_with_corrupted_signature_raises_validation_error( other_key_pair): corrupted_proof = Proof(issuer=valid_proof, content=b'a content', signature='plop not a signature') with pytest.raises(IdentityInvalidProofError) as err_wrapper: is_validator_run_success(ProofValidation.validate_proof, corrupted_proof, other_key_pair.public_base58) assert isinstance(err_wrapper.value.__cause__, ValueError)
def test_validate_allowed_for_auth_raises_not_allowed_if_resolver_error( allowed_issuer, allowed_issuer_doc): # Initialised without the docs so a not found will be raised resolver_client = ResolverClientTest(docs={}) with pytest.raises(IdentityNotAllowed) as err_wrapper: is_validator_run_success( IdentityAuthValidation.validate_allowed_for_auth, resolver_client, issuer=allowed_issuer, subject_id=allowed_issuer_doc.did) assert isinstance(err_wrapper.value.__cause__, IdentityResolverError)
def test_validate_allowed_for_control_raises_not_allowed_if_not_allowed_for_control( not_allowed_issuer, doc_delegating_control, allowed_issuer_doc): resolver_client = ResolverClientTest( docs={ doc_delegating_control.did: doc_delegating_control, allowed_issuer_doc.did: allowed_issuer_doc }) with pytest.raises(IdentityNotAllowed): is_validator_run_success( IdentityAuthValidation.validate_allowed_for_control, resolver_client, issuer=not_allowed_issuer, subject_id=doc_delegating_control.did)
def test_can_validate_document_with_delegation_against_resolver(valid_doc): delegated_doc1, deleg_key1 = get_valid_delegated_doc_and_deleg_proof( new_seed(), '#issuer1', delegating_doc_id=valid_doc.did, deleg_name='#DelegDoc1') delegated_doc2, deleg_key2 = get_valid_delegated_doc_and_deleg_proof( new_seed(), '#issuer2', delegating_doc_id=valid_doc.did, deleg_name='#DelegDoc2') valid_doc = RegisterDocumentBuilder() \ .add_control_delegation_obj(deleg_key1) \ .add_control_delegation_obj(deleg_key2) \ .add_authentication_delegation(deleg_key1.name + 'auth', deleg_key1.controller, deleg_key1.proof, deleg_key1.revoked) \ .add_authentication_delegation(deleg_key2.name + 'auth', deleg_key2.controller, deleg_key2.proof, deleg_key2.revoked) \ .build_from_existing(valid_doc) resolver_client = ResolverClientTest( docs={ valid_doc.did: valid_doc, delegated_doc1.did: delegated_doc1, delegated_doc2.did: delegated_doc2 }) assert is_validator_run_success( DocumentValidation.validate_document_against_resolver, resolver_client, valid_doc)
def test_can_validate_allowed_for_authentication_on_owned_doc( allowed_issuer, allowed_issuer_doc): resolver_client = ResolverClientTest( docs={allowed_issuer_doc.did: allowed_issuer_doc}) assert is_validator_run_success( IdentityAuthValidation.validate_allowed_for_auth, resolver_client, issuer=allowed_issuer, subject_id=allowed_issuer_doc.did)
def test_validate_document_against_resolver_raises_validation_error_if_resolver_error( valid_doc): _, deleg_key = get_valid_delegated_doc_and_deleg_proof( new_seed(), '#issuer1', delegating_doc_id=valid_doc.did, deleg_name='#DelegDoc1') valid_doc = RegisterDocumentBuilder() \ .add_control_delegation_obj(deleg_key) \ .build_from_existing(valid_doc) # Initialised without the delegation doc so a not found will be raised resolver_client = ResolverClientTest(docs={valid_doc.did: valid_doc}) with pytest.raises(IdentityInvalidDocumentError) as err_wrapper: is_validator_run_success( DocumentValidation.validate_document_against_resolver, resolver_client, valid_doc) assert isinstance(err_wrapper.value.__cause__, IdentityResolverError)
def test_can_validate_allowed_for_control_with_allowed_by_auth_delegation( allowed_issuer, doc_delegating_authentication, allowed_issuer_doc): resolver_client = ResolverClientTest( docs={ doc_delegating_authentication.did: doc_delegating_authentication, allowed_issuer_doc.did: allowed_issuer_doc }) assert is_validator_run_success( IdentityAuthValidation.validate_allowed_for_auth, resolver_client, allowed_issuer, subject_id=doc_delegating_authentication.did)
def test_can_reuse_generic_delegation_proof(get_delegation_method): twin1_secrets, twin1_issuer, twin1_doc = get_new_document('#Twin1') twin2_secrets, twin2_issuer, twin2_doc = get_new_document('#Twin2') agent_secrets, agent1_issuer, agent_doc = get_new_document('#Agent1') resolver_client = ResolverClientTest( docs={ twin1_doc.did: twin1_doc, twin2_doc.did: twin2_doc, agent_doc.did: agent_doc, }) api = AdvancedIdentityRegisterApi(resolver_client) # Create an agent generic delegation proof _, proof = AdvancedIdentityLocalApi.create_generic_delegation_proof( subject_doc=agent_doc, subject_secrets=agent_secrets) # Add proof to twin1 document as a delegation proof - the document is valid get_delegation_method(api)( proof=proof, subject_issuer=agent1_issuer, delegation_name='#Deleg1', doc_owner_issuer=twin1_issuer, doc_owner_key_pair=KeyPairSecretsHelper.get_key_pair(twin1_secrets), ) assert is_validator_run_success(api.validate_register_document, resolver_client.docs[twin1_doc.did]) # Add proof to twin2 document as a delegation proof - the document is valid get_delegation_method(api)( proof=proof, subject_issuer=agent1_issuer, delegation_name='#Deleg2', doc_owner_issuer=twin2_issuer, doc_owner_key_pair=KeyPairSecretsHelper.get_key_pair(twin2_secrets), ) assert is_validator_run_success(api.validate_register_document, resolver_client.docs[twin2_doc.did])
def test_validate_document_against_resolver_raises_validation_error_if_invalid_delegation( valid_doc, other_key_pair, deleg_type): wrong_deleg_id = make_identifier(other_key_pair.public_bytes) delegated_doc1, inconsistent_deleg_key = get_valid_delegated_doc_and_deleg_proof( new_seed(), '#issuer1', delegating_doc_id=wrong_deleg_id, deleg_name='#DelegDoc1') builder = RegisterDocumentBuilder() if deleg_type == 'auth': builder.add_authentication_delegation_obj(inconsistent_deleg_key) else: builder.add_control_delegation_obj(inconsistent_deleg_key) doc_with_invalid_delegation = builder.build_from_existing(valid_doc) resolver_client = ResolverClientTest(docs={ valid_doc.did: valid_doc, delegated_doc1.did: delegated_doc1 }) with pytest.raises(IdentityInvalidDocumentError) as err_wrapper: is_validator_run_success( DocumentValidation.validate_document_against_resolver, resolver_client, doc_with_invalid_delegation) assert isinstance(err_wrapper.value.__cause__, IdentityInvalidProofError)
def test_can_validate_delegation(doc_did, deleg_doc_did, valid_issuer_key, valid_key_pair_secrets, proof_type, get_content): controller_name = '#AController' deleg_proof = get_delegation_register_proof( subject_key_pair_secrets=valid_key_pair_secrets, content=get_content(doc_did), p_type=proof_type, subject_issuer=Issuer.build(deleg_doc_did, controller_name)) deleg_doc = get_delegation_doc_for( controller_name=controller_name, doc_id=deleg_doc_did, public_base58=valid_issuer_key.public_key_base58) resolver_client = ResolverClientTest(docs={deleg_doc_did: deleg_doc}) assert is_validator_run_success(DelegationValidation.validate_delegation, resolver_client, doc_id=doc_did, deleg_proof=deleg_proof)
def test_can_validate_allowed_for_auth_with_controller_doc( allowed_issuer, allowed_issuer_doc): controller_issuer_doc = allowed_issuer_doc controller_issuer = Issuer.build(controller_issuer_doc.did, '#Plop') a_doc_with_controller_allowed_for_auth = get_valid_document( new_seed(), '#ASubject', controller=controller_issuer) resolver_docs = { controller_issuer.did: controller_issuer_doc, a_doc_with_controller_allowed_for_auth.did: a_doc_with_controller_allowed_for_auth } resolver_client = ResolverClientTest(docs=resolver_docs) assert is_validator_run_success( IdentityAuthValidation.validate_allowed_for_auth, resolver_client, allowed_issuer, subject_id=a_doc_with_controller_allowed_for_auth.did)
def test_validate_proof_with_an_other_key_raises_validation_error( valid_proof, other_key_pair): with pytest.raises(IdentityInvalidProofError) as err_wrapper: is_validator_run_success(ProofValidation.validate_proof, valid_proof, other_key_pair.public_base58) assert isinstance(err_wrapper.value.__cause__, InvalidSignature)
def test_can_validate_proof(valid_proof, valid_key_pair): assert is_validator_run_success(ProofValidation.validate_proof, valid_proof, valid_key_pair.public_base58)
def test_validate_identifier_do_not_raises_if_valid_identifier(an_identifier): assert is_validator_run_success(IdentityValidation.validate_identifier, an_identifier)
def test_can_validate_document_without_delegation_against_resolver(valid_doc): resolver_client = ResolverClientTest(docs={}) assert is_validator_run_success( DocumentValidation.validate_document_against_resolver, resolver_client, valid_doc)
def test_validate_key_name_do_not_raises_if_valid_identifier(key_name): assert is_validator_run_success(IdentityValidation.validate_key_name, key_name)
def test_validate_document_proof_fails_if_no_owner_key( invalid_doc_no_owner_key): with pytest.raises(IdentityInvalidDocumentError): is_validator_run_success( DocumentValidation.validate_new_document_proof, invalid_doc_no_owner_key)
def test_can_validate_document_proof(valid_doc): assert is_validator_run_success( DocumentValidation.validate_new_document_proof, valid_doc)
def test_validate_issuer_string_raises_validation_error_if_invalid_identifier(invalid_issuer): with pytest.raises(IdentityValidationError): is_validator_run_success(IdentityValidation.validate_identifier, invalid_issuer)
def test_validate_issuer_string_do_not_raises_if_valid_issuer(an_identifier): assert is_validator_run_success(IdentityValidation.validate_issuer_string, f'{an_identifier}#AName')
def test_validate_key_name_raises_validation_error_if_invalid_identifier(invalid_key_name): with pytest.raises(IdentityValidationError): is_validator_run_success(IdentityValidation.validate_key_name, invalid_key_name)