-
Notifications
You must be signed in to change notification settings - Fork 4
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Challenge-response for attestation #162
base: main
Are you sure you want to change the base?
Conversation
…te attestation info to file.
…rror if deserialize fails, but not if file doesn't exist. Improve tests.
…nitiation request.
…quests. Update integration test accordingly.
…p-server Add test http server to CR (#94)
ContentResponseComplete, | ||
} | ||
|
||
// TODO: Impose additional constraints on the nonce type. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ok for this PR, come back to another time.
} | ||
Ok(()) | ||
} | ||
/// Deserializes each field of the struct from a file. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Note deserialize cannot have default implementation as flexible over struct implementing. Add comment?
} | ||
} | ||
/// Returns true if all fields required for the initiation have a non-null value. | ||
/// Note: temp_s_key is optional since only requester has it. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/// Note: temp_s_key is optional since only requester has it. | |
/// Note: `temp_s_key` is optional since only requester has it. |
mut self, | ||
path: &PathBuf, | ||
) -> Result<Option<IdentityCRInitiation>, TrustchainCRError> { | ||
let temp_p_key_path = path.join("temp_p_key.json"); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Consider refactors here to simplify reading from files.
} | ||
} | ||
/// Returns true if all fields required for the challenge have a non-null value. | ||
/// Note: update_s_key is optional since only attestor has it. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/// Note: update_s_key is optional since only attestor has it. | |
/// Note: `update_s_key` is optional since only attestor has it. |
) -> Result<Option<IdentityCRChallenge>, TrustchainCRError> { | ||
// update public key | ||
let mut full_path = path.join("update_p_key.json"); | ||
self.update_p_key = match File::open(&full_path) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Refactor as above with std::fs::read_to_string
payload.set_claim( | ||
"identity_nonce", | ||
Some(Value::from( | ||
value.identity_nonce.as_ref().unwrap().to_string(), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Add a new error variant that is TrustchainCRError::InvalidPayload(String)
where the data is a context. Could also use a anyhow::Error
for the data if the purpose is a general. Will look like:
value.identity_nonce.as_ref().ok_or(TrustchainCRError::InvalidPayload("Missing `identity_nonce` field".to_string()))?.to_string()
payload.set_claim( | ||
"update_p_key", | ||
Some(Value::from( | ||
value.update_p_key.as_ref().unwrap().to_string(), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Use TrustchainCRError::InvalidPayload
error mentioned above.
value | ||
.claim("identity_nonce") | ||
.unwrap() | ||
.as_str() | ||
.unwrap() | ||
.to_string(), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Handle the unwraps as above.
mut self, | ||
path: &PathBuf, | ||
) -> Result<Option<ContentCRInitiation>, TrustchainCRError> { | ||
let requester_details_path = path.join("requester_did.json"); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Refactor as above with std::fs:read_from_string
) -> Result<Option<ContentCRChallenge>, TrustchainCRError> { | ||
// content nonce(s) | ||
let mut full_path = path.join("content_nonce.json"); | ||
self.content_nonce = match File::open(&full_path) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Consider refactor std::fs::read_to_string
content_challenge_response: None, | ||
} | ||
} | ||
/// Returns true if all fields have a non-null value. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
To remove
return Ok(current_state); | ||
} | ||
} | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Up to here in review
While reviewing the CR hackmd I noticed that there was a TODO in Step 2 of Part II, to remember to check that the candidate dDID contains the expected update key (sent by the attestor in Part I). Perhaps this has already been implemented, but just wanted to flag as something to check. |
Good spot. This hasn't been implemented yet. Still a |
Functionality and cli for challenge-response process for attestation.
Closes #94