some proof verification fixes

Signed-off-by: PatStLouis <[email protected]>
decentralized-identity · Oct 16, 2024 · d07b30a · d07b30a
1 parent 72ff17c
commit d07b30a
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 12 deletions.
diff --git a/server/app/plugins/askar.py b/server/app/plugins/askar.py
@@ -74,18 +74,23 @@ def create_proof_config(self, did):
     def create_challenge(self, value):
         return str(uuid.uuid5(uuid.NAMESPACE_DNS, settings.SECRET_KEY + value))
 
-    def validate_proof(self, proof, did=None):
+    def validate_challenge(self, proof, did):
         try:
-            if proof.get("expires"):
-                assert datetime.fromisoformat(proof["expires"]) > datetime.now(
-                    timezone.utc
-                ), "Proof expired."
             if proof.get("domain"):
                 assert proof["domain"] == settings.DOMAIN, "Domain mismatch."
             if proof.get("challenge"):
                 assert proof["challenge"] == self.create_challenge(
                     did + proof["expires"]
                 ), "Challenge mismatch."
+        except AssertionError as msg:
+            raise HTTPException(status_code=400, detail=str(msg))
+
+    def validate_proof(self, proof):
+        try:
+            if proof.get("expires"):
+                assert datetime.fromisoformat(proof["expires"]) > datetime.now(
+                    timezone.utc
+                ), "Proof expired."
             assert proof["type"] == self.type, f"Expected {self.type} proof type."
             assert (
                 proof["cryptosuite"] == self.cryptosuite
@@ -97,6 +102,8 @@ def validate_proof(self, proof, did=None):
             raise HTTPException(status_code=400, detail=str(msg))
 
     def verify_proof(self, document, proof):
+        self.validate_proof(proof)
+
         multikey = proof["verificationMethod"].split("#")[-1]
 
         key = Key(LocalKeyHandle()).from_public_bytes(

diff --git a/server/app/routers/identifiers.py b/server/app/routers/identifiers.py
@@ -68,15 +68,12 @@ async def register_did(
 
     if client_proof and endorser_proof:
         # Verify proofs
-        AskarVerifier().validate_proof(client_proof, did_document["id"])
+        AskarVerifier().validate_challenge(client_proof, did_document["id"])
         AskarVerifier().verify_proof(did_document, client_proof)
-        AskarVerifier().validate_proof(endorser_proof, did_document["id"])
+        AskarVerifier().validate_challenge(endorser_proof, did_document["id"])
         AskarVerifier().verify_proof(did_document, endorser_proof)
         authorized_key = client_proof["verificationMethod"].split("#")[-1]
 
-        # TODO implement registration queue
-        # await AskarStorage().store("didRegistration", did, did_document)
-
         # Store document and authorized key
         await AskarStorage().store("didDocument", did, did_document)
         await AskarStorage().store("authorizedKey", did, authorized_key)
@@ -110,7 +107,6 @@ async def initial_log_entry(
     ):
         raise HTTPException(status_code=400, detail="Key unauthorized.")
 
-    AskarVerifier().validate_proof(proof)
     AskarVerifier().verify_proof(log_entry, proof)
     log_entry["proof"] = [proof]
     await AskarStorage().store("logEntries", did, [log_entry])

diff --git a/server/app/routers/resolvers.py b/server/app/routers/resolvers.py
@@ -11,7 +11,7 @@ async def get_did_document(namespace: str, identifier: str):
     did = f"{settings.DID_WEB_BASE}:{namespace}:{identifier}"
     did_doc = await AskarStorage().fetch("didDocument", did)
     if did_doc:
-        return Response(did_doc, media_type="application/ld+json")
+        return Response(json.dumps(did_doc), media_type="application/ld+json")
     raise HTTPException(status_code=404, detail="Ressource not found.")