Skip to content

Commit

Permalink
Merge pull request #120 from WeBankFinTech/feature/data-auth
Browse files Browse the repository at this point in the history 
* Create/Verify Data Auth Token CredentialPojo
  • Loading branch information
@chaoxinhu
chaoxinhu committed Feb 28, 2020
2 parents 594a8f5 + f69476f commit 2015588
Show file tree
Hide file tree
Showing 10 changed files with 638 additions and 34 deletions.
321 changes: 321 additions & 0 deletions docs/zh_CN/docs/weidentity-java-sdk-doc.rst
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11761,6 +11761,327 @@ com.webank.weid.protocol.base.CredentialPojo
CredentialPojoService-->>调用者: 返回凭证


----

10. createDataAuthToken
~~~~~~~~~~~~~~~~~~~~~~~~

**基本信息**

.. code-block:: text
接口名称:com.webank.weid.rpc.CredentialPojoService.createDataAuthToken
接口定义:ResponseData<CredentialPojo> createCredential(Cpt101 authInfo, WeIdAuthentication weIdAuthentication)
接口描述: 根据传入的授权要求信息,生成符合CPT101格式规范的数据授权凭证。该凭证需要被verify之后和Endpoint Service结合使用。
..note::

注意:使用这个接口的前提是首先需要将CPT 101注册到链上。如果您是新搭了一条WeIdentity 1.6.0+的链,那么搭链过程中这一步已经自动完成了。否则(如您是升级SDK),您需要使用部署WeIdentity合约的私钥(ecdsa_key)去将CPT 101注册到链上。下文的代码范例中我们给出了详细的流程

**接口入参**\ :

com.webank.weid.protocol.cpt.Cpt101

.. list-table::
:header-rows: 1

* - 名称
- 类型
- 非空
- 说明
- 备注
* - fromWeId
- String
- Y
- 发起授权的WeIdentity DID(必须同时是Issuer)
- 必须在链上存在,且需要传入私钥作为Issuer
* - toWeId
- String
- Y
- 接受授权的WeIdentity DID
- 必须在链上存在且和fromWeId不同
* - serviceUrl
- String
- Y
- 所授权内容在Endpoint Service上注册的service URL
- 必须是一个包含主机名,端口号,以及端点地址的标准URL
* - resourceId
- String
- Y
- UUID
- 用于标识资源的符合UUID格式字符串
* - duration
- Long
- Y
- 授权有效时间
- 同时决定了凭证的expirationDate

com.webank.weid.protocol.base.WeIdAuthentication

.. list-table::
:header-rows: 1

* - 名称
- 类型
- 非空
- 说明
- 备注
* - weId
- String
- Y
- WeIdentity DID
- 必须和fromWeId一致
* - weIdPublicKeyId
- String
- N
- 公钥Id
-
* - weIdPrivateKey
- WeIdPrivateKey
- Y
-
- 交易私钥,必须和fromWeId在链上所公开的某个公钥一致

com.webank.weid.protocol.base.WeIdPrivateKey

.. list-table::
:header-rows: 1

* - 名称
- 类型
- 非空
- 说明
- 备注
* - privateKey
- String
- Y
- 私钥
- 使用十进制数字表示

**接口返回**\ : com.webank.weid.protocol.response.ResponseData\<CredentialPojo>;

.. list-table::
:header-rows: 1

* - 名称
- 类型
- 说明
- 备注
* - errorCode
- Integer
- 返回结果码
-
* - errorMessage
- String
- 返回结果描述
-
* - result
- CredentialPojo
- 凭证对象
- 业务数据
* - transactionInfo
- TransactionInfo
- 交易信息
-

com.webank.weid.protocol.base.CredentialPojo

.. list-table::
:header-rows: 1

* - 名称
- 类型
- 说明
- 备注
* - context
- String
-
-
* - type
- List<String>
-
-
* - id
- String
- 证书ID
-
* - cptId
- Integer
- cptId
-
* - issuer
- String
- issuer 的 WeIdentity DID
-
* - issuanceDate
- Long
- 创建日期
-
* - expirationDate
- Long
- 到期日期
-
* - claim
- Map<String, Object>
- Claim数据
-
* - proof
- Map<String, Object>
- 签名数据结构体
-


**此方法返回code**

.. list-table::
:header-rows: 1

* - enum
- code
- desc
* - SUCCESS
- 0
- 成功
* - CPT_ID_ILLEGAL
- 100303
- cptId无效
* - WEID_PRIVATEKEY_DOES_NOT_MATCH
- 100106
- 私钥和weid不匹配
* - CREDENTIAL_ERROR
- 100400
- credential处理未知异常
* - CREDENTIAL_CREATE_DATE_ILLEGAL
- 100408
- 创建日期格式非法
* - CREDENTIAL_EXPIRE_DATE_ILLEGAL
- 100409
- 到期日期无效
* - CREDENTIAL_CLAIM_NOT_EXISTS
- 100410
- Claim数据不能为空
* - CREDENTIAL_CLAIM_DATA_ILLEGAL
- 100411
- Claim非法
* - CREDENTIAL_ISSUER_INVALID
- 100418
- WeIdentity DID无效
* - AUTHORIZATION_FROM_TO_MUST_BE_DIFFERENT
- 100450
- fromWeId和toWeId必须不同
* - AUTHORIZATION_CANNOT_AUTHORIZE_OTHER_WEID_RESOURCE
- 100451
- fromWeId必须和Issuer相同
* - ILLEGAL_INPUT
- 160004
- 参数非法

**调用示例**

.. code-block:: java
// Enforce a Register/Update system CPT first
WeIdAuthentication sdkAuthen = new WeIdAuthentication();
ECKeyPair keyPair = ECKeyPair.create(new BigInteger(privateKey));
String keyWeId = WeIdUtils
.convertAddressToWeId(new Address(Keys.getAddress(keyPair)).toString());
sdkAuthen.setWeId(keyWeId);
WeIdPrivateKey weIdPrivateKey = new WeIdPrivateKey();
weIdPrivateKey.setPrivateKey(privateKey);
sdkAuthen.setWeIdPrivateKey(weIdPrivateKey);
if (!weIdService.isWeIdExist(keyWeId).getResult()) {
CreateWeIdArgs wargs = new CreateWeIdArgs();
wargs.setWeIdPrivateKey(weIdPrivateKey);
wargs.setPublicKey(keyPair.getPublicKey().toString(10));
weIdService.createWeId(wargs);
}
String cptJsonSchema = DataToolUtils
.generateDefaultCptJsonSchema(Class.forName("com.webank.weid.protocol.cpt.Cpt101"));
CptStringArgs args = new CptStringArgs();
args.setCptJsonSchema(cptJsonSchema);
args.setWeIdAuthentication(sdkAuthen);
if (cptService.queryCpt(CredentialConstant.AUTHORIZATION_CPT).getResult() == null) {
cptService.registerCpt(args, CredentialConstant.AUTHORIZATION_CPT);
} else {
cptService.updateCpt(args, CredentialConstant.AUTHORIZATION_CPT);
}
// Init params
Cpt101 authInfo = new Cpt101();
authInfo.setFromWeId(createWeIdResultWithSetAttr.getWeId());
String toWeId = this.createWeIdWithSetAttr().getWeId();
authInfo.setToWeId(toWeId);
authInfo.setDuration(360000L);
authInfo.setResourceId(UUID.randomUUID().toString());
authInfo.setServiceUrl("http://127.0.0.1:6011/fetch-data");
WeIdAuthentication weIdAuthentication = new WeIdAuthentication();
weIdAuthentication.setWeId(createWeIdResultWithSetAttr.getWeId());
weIdAuthentication.setWeIdPrivateKey(createWeIdResultWithSetAttr.getUserWeIdPrivateKey());
weIdAuthentication.setWeIdPublicKeyId(createWeIdResultWithSetAttr.getWeId() + "#keys-0");
// Create and check
ResponseData<CredentialPojo> authTokenCredResp = credentialPojoService
.createDataAuthToken(authInfo, weIdAuthentication);
System.out.println(DataToolUtils.deserialize(authTokenCredResp.getResult()));
.. code-block:: text
返回结果如:
result:(com.webank.weid.protocol.base.CredentialPojo)
{
"claim": {
"duration": 360000,
"fromWeId": "did:weid:101:0x69cd071e4be5fd878e1519ff476563dc2f4c6168",
"resourceId": "4b077c17-9612-42ee-9e36-3a3d46b27e81",
"serviceUrl": "http://10.35.25.183:6010/fetch-data",
"toWeId": "did:weid:101:0x68bedb2cbe55b4c8e3473faa63f121c278f6dba9"
},
"context": "https://github.com/WeBankFinTech/WeIdentity/blob/master/context/v1",
"cptId": 101,
"expirationDate": 1581347039,
"id": "48b75424-9411-4d22-b925-4e730b445a31",
"issuanceDate": 1580987039,
"issuer": "did:weid:101:0x69cd071e4be5fd878e1519ff476563dc2f4c6168",
"proof": {
"created": 1580987039,
"creator": "did:weid:101:0x69cd071e4be5fd878e1519ff476563dc2f4c6168#keys-0",
"salt": {
"duration": "fmk5A",
"fromWeId": "DEvFy",
"resourceId": "ugVeN",
"serviceUrl": "nVdeE",
"toWeId": "93Z1E"
},
"signatureValue": "HCZwyTzGst87cjCDaUEzPrO8QRlsPvCYXvRTUVBUTDKRSoGDgu4h4HLrMZ+emDacRnmQ/yke38u1jBnilNnCh6c=",
"type": "Secp256k1"
},
"type": ["VerifiableCredential", "hashTree"]
}
errorCode: 0
errorMessage: success
transactionInfo:null
**时序图**

.. mermaid::

sequenceDiagram
participant 调用者
participant CredentialPojoService
调用者->>CredentialPojoService: 调用createDataAuthToken()
CredentialPojoService->>CredentialPojoService: 入参非空、格式及合法性检查
opt 入参校验失败
CredentialPojoService-->>调用者: 报错,提示参数不合法并退出
end
CredentialPojoService->>CredentialPojoService: 组装符合格式的CPT101的Claim
CredentialPojoService->>CredentialPojoService: 生成签发日期、生成数字签名
CredentialPojoService-->>调用者: 返回数据授权凭证

----


AmopService
^^^^^^^^^^^^^^^^^

Expand Down
14 changes: 14 additions & 0 deletions src/main/java/com/webank/weid/constant/ErrorCode.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -280,6 +280,20 @@ public enum ErrorCode {
"presentation from pdf transportation, please use verifyPresentationFromPDF function"),


/**
* Authorization WeIDs: from and to must be different.
*/
AUTHORIZATION_FROM_TO_MUST_BE_DIFFERENT(100450,
"authorization's fromWeId and toWeId must be different"
),

/**
* Authorization: cannot authorize other WeID's resource.
*/
AUTHORIZATION_CANNOT_AUTHORIZE_OTHER_WEID_RESOURCE(100451,
"cannot authorize other WeID's resource"
),

/**
* The credential evidence contract failure: illegal input.
*/
Expand Down
27 changes: 15 additions & 12 deletions src/main/java/com/webank/weid/protocol/cpt/Cpt101.java
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright© (2019) WeBank Co., Ltd.
* Copyright© (2019-2020) WeBank Co., Ltd.
*
* This file is part of weid-java-sdk.
*
Expand All @@ -19,24 +19,27 @@

package com.webank.weid.protocol.cpt;

import java.util.List;

import com.github.reinert.jjschema.Attributes;
import lombok.Data;

/**
* CPT for authorization.
* CPT for data authorization.
*
* @author chaoxinhu 2019.5
* @author chaoxinhu 2020.2
*/
@Data
@Attributes(title = "Authorization token", description = "Basic Authorization Token Template")
@Attributes(title = "Data Authorization Token",
description = "Authorize data between WeIDs via the exposed Service Endpoint")
public class Cpt101 {

@Attributes(required = true, description = "The one granting authorization")
private String id;
@Attributes(required = true, description = "The one receiving authorization")
private String receiver;
@Attributes(required = true, description = "Subjects to be authorized", minItems = 1)
private List<String> subjects;
@Attributes(required = true, description = "Authorize from this WeID")
private String fromWeId;
@Attributes(required = true, description = "Authorize to this WeID")
private String toWeId;
@Attributes(required = true, description = "Service Endpoint URL")
private String serviceUrl;
@Attributes(required = true, description = "Authorized Resource ID")
private String resourceId;
@Attributes(required = true, description = "Duration of Validity in seconds")
private Long duration;
}

0 comments on commit 2015588

Please sign in to comment.