211 lines
7.8 KiB
Python
211 lines
7.8 KiB
Python
import asyncio
|
|
from typing import Callable, Any
|
|
import didkit
|
|
import json
|
|
from jinja2 import Environment, FileSystemLoader, select_autoescape
|
|
import idhub_ssikit
|
|
from ast import literal_eval
|
|
import copy
|
|
|
|
|
|
def deep_merge_dict_inplace(d1: dict, d2: dict):
|
|
"""
|
|
Implements d1 |= d2, but recursively.
|
|
Merges d1 and d2, giving preference to keys in d2.
|
|
Keys in d1 but not in d2 are left as-is.
|
|
"""
|
|
for key, val in d2.items():
|
|
if isinstance(d1.get(key, None), dict) and isinstance(val, dict):
|
|
deep_merge_dict_inplace(d1[key], val)
|
|
continue
|
|
d1[key] = val
|
|
|
|
|
|
def deep_merge_dict(d1: dict, d2: dict) -> dict:
|
|
"""
|
|
Implements d1 | d2, but recursively.
|
|
Merges d1 and d2, giving preference to keys in d2.
|
|
Keys in d1 but not in d2 are left as-is.
|
|
"""
|
|
d1 = copy.deepcopy(d1)
|
|
deep_merge_dict_inplace(d1, d2)
|
|
return d1
|
|
|
|
|
|
def deep_filter_dict(f: Callable[[Any], bool], d: dict):
|
|
"""
|
|
Implements builtin filter(), but recursively.
|
|
Applies f to all k,v pairs in d. If some v is a dict, recurse into v instead of applying f(v) directly.
|
|
"""
|
|
for key, val in d.items():
|
|
if isinstance(val, dict):
|
|
yield key, dict(deep_filter_dict(f, val))
|
|
elif f(val):
|
|
yield key, val
|
|
|
|
|
|
def test_all_vcs(use_webdid=False):
|
|
vcs = [
|
|
'membership-card',
|
|
'financial-vulnerability',
|
|
'course-credential',
|
|
'federation-membership',
|
|
'e-operator-claim'
|
|
]
|
|
for vc in vcs:
|
|
print(f"trying {vc}... ", end="")
|
|
try:
|
|
if use_webdid:
|
|
signed_cred = did_web_issue_vc_test_newstyle(vc)
|
|
else:
|
|
signed_cred = issue_vc_test_newstyle(vc)
|
|
ok, err = idhub_ssikit.verify_credential(signed_cred)
|
|
if ok:
|
|
print("OK")
|
|
else:
|
|
print("FAILED!", err)
|
|
open(f'/tmp/{vc}', mode='w').write(signed_cred)
|
|
except Exception as e:
|
|
print("FAILED! With exception:")
|
|
print(e)
|
|
|
|
|
|
def did_web_issue_vc_and_check_revocation(vc_name, revoked=True):
|
|
jwk_issuer = '{"kty":"OKP","crv":"Ed25519","x":"piojLFIHQ4Z6heRuPI87nrfMJKdet1dJIPG15iGjmDE","d":"zpOBTDrp_iNQTY5nZlIxLA34Sl7FXWXNGehFktznxTM"}'
|
|
jwk_subject = '{"kty":"OKP","crv":"Ed25519","x":"BuKyt44QKYSX6kmAt771ai37lIFNwYlhugWXPiqcyYU","d":"qbvMhSCPKvQ-vSkqNr3q8gWY5zPUj7ry0t2YnmT7agc"}'
|
|
|
|
did_issuer = "did:web:idhub.pangea.org:did-registry:allRevoked" if revoked else "did:web:idhub.pangea.org:did-registry:noneRevoked"
|
|
did_subject = didkit.key_to_did("key", jwk_subject)
|
|
|
|
vc_template = json.load(open(f'../../schemas/vc_templates/{vc_name}.json'))
|
|
data_base = json.load(open(f'../../schemas/vc_examples/base--data.json'))
|
|
data_base["issuer"]["id"] = did_issuer
|
|
data_base["credentialSubject"]["id"] = did_subject
|
|
data_specific = json.load(open(f'../../schemas/vc_examples/{vc_name}--data.json'))
|
|
data = deep_merge_dict(data_base, data_specific)
|
|
vc_rendered_unsigned = deep_merge_dict(vc_template, data)
|
|
|
|
signed_credential = idhub_ssikit.render_and_sign_credential(
|
|
vc_rendered_unsigned,
|
|
jwk_issuer,
|
|
)
|
|
|
|
ok, reason = idhub_ssikit.verify_credential(signed_credential)
|
|
print(ok)
|
|
print(reason)
|
|
|
|
|
|
def did_web_issue_vc_test_newstyle(vc_name):
|
|
jwk_issuer = '{"kty":"OKP","crv":"Ed25519","x":"piojLFIHQ4Z6heRuPI87nrfMJKdet1dJIPG15iGjmDE","d":"zpOBTDrp_iNQTY5nZlIxLA34Sl7FXWXNGehFktznxTM"}'
|
|
jwk_subject = '{"kty":"OKP","crv":"Ed25519","x":"BuKyt44QKYSX6kmAt771ai37lIFNwYlhugWXPiqcyYU","d":"qbvMhSCPKvQ-vSkqNr3q8gWY5zPUj7ry0t2YnmT7agc"}'
|
|
|
|
did_issuer = "did:web:idhub.pangea.org"
|
|
did_subject = didkit.key_to_did("key", jwk_subject)
|
|
|
|
vc_template = json.load(open(f'../../schemas/vc_templates/{vc_name}.json'))
|
|
data_base = json.load(open(f'../../schemas/vc_examples/base--data.json'))
|
|
data_base["issuer"]["id"] = did_issuer
|
|
data_base["credentialSubject"]["id"] = did_subject
|
|
data_specific = json.load(open(f'../../schemas/vc_examples/{vc_name}--data.json'))
|
|
data = deep_merge_dict(data_base, data_specific)
|
|
vc_rendered_unsigned = deep_merge_dict(vc_template, data)
|
|
|
|
signed_credential = idhub_ssikit.render_and_sign_credential(
|
|
vc_rendered_unsigned,
|
|
jwk_issuer,
|
|
)
|
|
return signed_credential
|
|
|
|
|
|
def issue_vc_test_newstyle(vc_name):
|
|
jwk_issuer = didkit.generate_ed25519_key()
|
|
jwk_subject = didkit.generate_ed25519_key()
|
|
|
|
did_issuer = didkit.key_to_did("key", jwk_issuer)
|
|
did_subject = didkit.key_to_did("key", jwk_subject)
|
|
|
|
vc_template = json.load(open(f'../../schemas/vc_templates/{vc_name}.json'))
|
|
data_base = json.load(open(f'../../schemas/vc_examples/base--data.json'))
|
|
data_base["issuer"]["id"] = did_issuer
|
|
data_base["credentialSubject"]["id"] = did_subject
|
|
data_specific = json.load(open(f'../../schemas/vc_examples/{vc_name}--data.json'))
|
|
data = deep_merge_dict(data_base, data_specific)
|
|
vc_rendered_unsigned = deep_merge_dict(vc_template, data)
|
|
|
|
signed_credential = idhub_ssikit.render_and_sign_credential(
|
|
vc_rendered_unsigned,
|
|
jwk_issuer,
|
|
)
|
|
return signed_credential
|
|
|
|
|
|
def issue_vc_test_and_fail_verification(vc_name):
|
|
signed_credential = issue_vc_test_newstyle(vc_name)
|
|
verification_result = idhub_ssikit.verify_credential(signed_credential)
|
|
print(verification_result)
|
|
|
|
def replace(s, position, character):
|
|
return s[:position] + character + s[position+1:]
|
|
signed_credential = replace(signed_credential, (len(signed_credential)//4)*3, ".")
|
|
verification_result = idhub_ssikit.verify_credential(signed_credential)
|
|
print(verification_result)
|
|
|
|
|
|
def issue_and_sign_vp_test():
|
|
"""
|
|
In this example execution two Verifiable Credentials associated with a single Holder are issued and then
|
|
combined into a single Verifiable Presentation.
|
|
The Verifiable Credentials are of two different models. The use-case is meant to mimic
|
|
- Holder being a physical person,
|
|
- Issuer A being "Pare Manel" foundation,
|
|
- Issuer B being "EXO" foundation,
|
|
- Verifier (not pictured) being "Som Connexio", which wants verifiable data of the Holder from both Issuers.
|
|
"""
|
|
jwk_issuer = didkit.generate_ed25519_key()
|
|
jwk_issuer2 = didkit.generate_ed25519_key()
|
|
jwk_subject = didkit.generate_ed25519_key()
|
|
|
|
did_issuer = didkit.key_to_did("key", jwk_issuer)
|
|
did_issuer2 = didkit.key_to_did("key", jwk_issuer2)
|
|
did_subject = didkit.key_to_did("key", jwk_subject)
|
|
print(did_issuer)
|
|
print(did_issuer2)
|
|
print(did_subject)
|
|
|
|
# TODO: WE'RE NO LONGER USING JINJA2
|
|
env = Environment(
|
|
loader=FileSystemLoader("vc_templates"),
|
|
autoescape=select_autoescape()
|
|
)
|
|
unsigned_vc_template = env.get_template("member.json")
|
|
data = {
|
|
"vc_id": "http://example.org/credentials/3731",
|
|
"issuer_did": did_issuer,
|
|
"subject_did": did_subject,
|
|
"issuance_date": "2020-08-19T21:41:50Z",
|
|
"subject_is_member_of": "Pangea"
|
|
}
|
|
signed_credential = idhub_ssikit.render_and_sign_credential(
|
|
unsigned_vc_template,
|
|
jwk_issuer,
|
|
data
|
|
)
|
|
data2 = data
|
|
data2["issuer_did"] = did_issuer2
|
|
signed_credential2 = idhub_ssikit.render_and_sign_credential(
|
|
unsigned_vc_template,
|
|
jwk_issuer2,
|
|
data2
|
|
)
|
|
signed_presentation = idhub_ssikit.issue_verifiable_presentation([signed_credential, signed_credential2], jwk_subject, did_subject)
|
|
print("##############--- SIGNED PRESENTATION ---##############")
|
|
print(signed_presentation)
|
|
print("##############--- ------------------- ---##############")
|
|
|
|
res = idhub_ssikit.verify_presentation(signed_presentation)
|
|
print(res)
|
|
|
|
|
|
def scratch():
|
|
jwk_issuer = didkit.generate_ed25519_key()
|
|
did_issuer = didkit.key_to_did("key", jwk_issuer) |