def test_can_validate_document_with_delegation_against_resolver(valid_doc):
delegated_doc1, deleg_key1 = get_valid_delegated_doc_and_deleg_proof(
new_seed(),
'#issuer1',
delegating_doc_id=valid_doc.did,
deleg_name='#DelegDoc1')
delegated_doc2, deleg_key2 = get_valid_delegated_doc_and_deleg_proof(
new_seed(),
'#issuer2',
delegating_doc_id=valid_doc.did,
deleg_name='#DelegDoc2')
valid_doc = RegisterDocumentBuilder() \
.add_control_delegation_obj(deleg_key1) \
.add_control_delegation_obj(deleg_key2) \
.add_authentication_delegation(deleg_key1.name + 'auth', deleg_key1.controller, deleg_key1.proof,
deleg_key1.revoked) \
.add_authentication_delegation(deleg_key2.name + 'auth', deleg_key2.controller, deleg_key2.proof,
deleg_key2.revoked) \
.build_from_existing(valid_doc)
resolver_client = ResolverClientTest(
docs={
valid_doc.did: valid_doc,
delegated_doc1.did: delegated_doc1,
delegated_doc2.did: delegated_doc2
})
assert is_validator_run_success(
DocumentValidation.validate_document_against_resolver, resolver_client,
valid_doc)
def test_validate_document_against_resolver_raises_validation_error_if_resolver_error(
valid_doc):
_, deleg_key = get_valid_delegated_doc_and_deleg_proof(
new_seed(),
'#issuer1',
delegating_doc_id=valid_doc.did,
deleg_name='#DelegDoc1')
valid_doc = RegisterDocumentBuilder() \
.add_control_delegation_obj(deleg_key) \
.build_from_existing(valid_doc)
# Initialised without the delegation doc so a not found will be raised
resolver_client = ResolverClientTest(docs={valid_doc.did: valid_doc})
with pytest.raises(IdentityInvalidDocumentError) as err_wrapper:
is_validator_run_success(
DocumentValidation.validate_document_against_resolver,
resolver_client, valid_doc)
assert isinstance(err_wrapper.value.__cause__, IdentityResolverError)
def test_can_validate_allowed_for_auth_with_controller_doc(
allowed_issuer, allowed_issuer_doc):
controller_issuer_doc = allowed_issuer_doc
controller_issuer = Issuer.build(controller_issuer_doc.did, '#Plop')
a_doc_with_controller_allowed_for_auth = get_valid_document(
new_seed(), '#ASubject', controller=controller_issuer)
resolver_docs = {
controller_issuer.did:
controller_issuer_doc,
a_doc_with_controller_allowed_for_auth.did:
a_doc_with_controller_allowed_for_auth
}
resolver_client = ResolverClientTest(docs=resolver_docs)
assert is_validator_run_success(
IdentityAuthValidation.validate_allowed_for_auth,
resolver_client,
allowed_issuer,
subject_id=a_doc_with_controller_allowed_for_auth.did)
def test_verify_authentication_raises_auth_error_if_token_not_allowed(
authentication_subject_doc, allowed_issuer, valid_private_key):
other_doc_with_auth_or_delegation_link = get_valid_document(
new_seed(), '#OtherDoc')
token_signed_with_an_other_private_key = JwtTokenHelper.create_auth_token(
iss=str(allowed_issuer),
sub=other_doc_with_auth_or_delegation_link.did,
aud='http://audience/',
duration=360,
private_key=valid_private_key)
resolver_docs = {
authentication_subject_doc.did:
authentication_subject_doc,
other_doc_with_auth_or_delegation_link.did:
other_doc_with_auth_or_delegation_link
}
resolver_client = ResolverClientTest(docs=resolver_docs)
with pytest.raises(IdentityAuthenticationFailed) as err_wrapper:
IdentityAuthValidation.verify_authentication(
resolver_client, token=token_signed_with_an_other_private_key)
assert isinstance(err_wrapper.value.__cause__, IdentityNotAllowed)
def test_validate_document_against_resolver_raises_validation_error_if_invalid_delegation(
valid_doc, other_key_pair, deleg_type):
wrong_deleg_id = make_identifier(other_key_pair.public_bytes)
delegated_doc1, inconsistent_deleg_key = get_valid_delegated_doc_and_deleg_proof(
new_seed(),
'#issuer1',
delegating_doc_id=wrong_deleg_id,
deleg_name='#DelegDoc1')
builder = RegisterDocumentBuilder()
if deleg_type == 'auth':
builder.add_authentication_delegation_obj(inconsistent_deleg_key)
else:
builder.add_control_delegation_obj(inconsistent_deleg_key)
doc_with_invalid_delegation = builder.build_from_existing(valid_doc)
resolver_client = ResolverClientTest(docs={
valid_doc.did: valid_doc,
delegated_doc1.did: delegated_doc1
})
with pytest.raises(IdentityInvalidDocumentError) as err_wrapper:
is_validator_run_success(
DocumentValidation.validate_document_against_resolver,
resolver_client, doc_with_invalid_delegation)
assert isinstance(err_wrapper.value.__cause__, IdentityInvalidProofError)