-
Notifications
You must be signed in to change notification settings - Fork 26
/
api_verified_credentials.go
121 lines (97 loc) · 3.38 KB
/
api_verified_credentials.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
package weshnet
import (
"bytes"
"context"
stdcrypto "crypto"
"fmt"
"io"
"strings"
"time"
libp2p_ci "github.com/libp2p/go-libp2p/core/crypto"
"berty.tech/weshnet/pkg/bertyvcissuer"
"berty.tech/weshnet/pkg/errcode"
"berty.tech/weshnet/pkg/protocoltypes"
)
type signerWrapper struct {
libp2p_ci.PrivKey
}
func (s *signerWrapper) Public() stdcrypto.PublicKey {
return s.PrivKey.GetPublic()
}
func (s *signerWrapper) Sign(_ io.Reader, digest []byte, _ stdcrypto.SignerOpts) (signature []byte, err error) {
return s.PrivKey.Sign(digest)
}
func (s *service) CredentialVerificationServiceInitFlow(ctx context.Context, request *protocoltypes.CredentialVerificationServiceInitFlow_Request) (*protocoltypes.CredentialVerificationServiceInitFlow_Reply, error) {
s.lock.Lock()
s.vcClient = bertyvcissuer.NewClient(request.ServiceURL)
client := s.vcClient
s.lock.Unlock()
ctx, cancel := context.WithTimeout(ctx, time.Second*10)
defer cancel()
// TODO: allow selection of alt-scoped keys
sk, err := s.deviceKeystore.AccountPrivKey()
if err != nil {
return nil, errcode.ErrInvalidInput
}
pkRaw, err := sk.GetPublic().Raw()
if err != nil {
return nil, errcode.ErrInvalidInput
}
if !bytes.Equal(pkRaw, request.PublicKey) {
return nil, errcode.ErrInvalidInput
}
url, err := client.Init(ctx, request.Link, &signerWrapper{sk})
if err != nil {
return nil, errcode.ErrInternal.Wrap(err)
}
return &protocoltypes.CredentialVerificationServiceInitFlow_Reply{
URL: url,
SecureURL: strings.HasPrefix(url, "https://"),
}, nil
}
func (s *service) CredentialVerificationServiceCompleteFlow(ctx context.Context, request *protocoltypes.CredentialVerificationServiceCompleteFlow_Request) (*protocoltypes.CredentialVerificationServiceCompleteFlow_Reply, error) {
s.lock.Lock()
client := s.vcClient
s.lock.Unlock()
if client == nil {
return nil, errcode.ErrInvalidInput.Wrap(fmt.Errorf("a verification flow needs to be started first"))
}
credentials, identifier, parsedCredential, err := client.Complete(request.CallbackURI)
if err != nil {
return nil, errcode.ErrInternal.Wrap(err)
}
_, err = s.accountGroup.metadataStore.SendAccountVerifiedCredentialAdded(ctx, &protocoltypes.AccountVerifiedCredentialRegistered{
VerifiedCredential: credentials,
RegistrationDate: parsedCredential.Issued.UnixNano(),
ExpirationDate: parsedCredential.Expired.UnixNano(),
Identifier: identifier,
Issuer: parsedCredential.Issuer.ID,
})
if err != nil {
return nil, errcode.ErrInternal.Wrap(err)
}
return &protocoltypes.CredentialVerificationServiceCompleteFlow_Reply{
Identifier: identifier,
}, nil
}
func (s *service) VerifiedCredentialsList(request *protocoltypes.VerifiedCredentialsList_Request, server protocoltypes.ProtocolService_VerifiedCredentialsListServer) error {
now := time.Now().UnixNano()
credentials := s.accountGroup.metadataStore.ListVerifiedCredentials()
for _, credential := range credentials {
if request.FilterIdentifier != "" && credential.Identifier != request.FilterIdentifier {
continue
}
if request.ExcludeExpired && credential.ExpirationDate < now {
continue
}
if request.FilterIssuer != "" && credential.Issuer != request.FilterIssuer {
continue
}
if err := server.Send(&protocoltypes.VerifiedCredentialsList_Reply{
Credential: credential,
}); err != nil {
return errcode.ErrStreamWrite.Wrap(err)
}
}
return nil
}