forked from berty/weshnet
-
Notifications
You must be signed in to change notification settings - Fork 5
/
api_verified_credentials.go
102 lines (83 loc) · 3.19 KB
/
api_verified_credentials.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
package weshnet
import (
"bytes"
"context"
"fmt"
"strings"
"time"
"berty.tech/weshnet/v2/pkg/bertyvcissuer"
"berty.tech/weshnet/v2/pkg/cryptoutil"
"berty.tech/weshnet/v2/pkg/errcode"
"berty.tech/weshnet/v2/pkg/protocoltypes"
)
func (s *service) CredentialVerificationServiceInitFlow(ctx context.Context, request *protocoltypes.CredentialVerificationServiceInitFlow_Request) (*protocoltypes.CredentialVerificationServiceInitFlow_Reply, error) {
s.lock.Lock()
s.vcClient = bertyvcissuer.NewClient(request.ServiceUrl)
client := s.vcClient
s.lock.Unlock()
ctx, cancel := context.WithTimeout(ctx, time.Second*10)
defer cancel()
// TODO: allow selection of alt-scoped keys
// TODO: avoid exporting account keys
pkRaw, err := s.accountGroupCtx.ownMemberDevice.Member().Raw()
if err != nil {
return nil, errcode.ErrCode_ErrInvalidInput
}
if !bytes.Equal(pkRaw, request.PublicKey) {
return nil, errcode.ErrCode_ErrInvalidInput
}
url, err := client.Init(ctx, request.Link, cryptoutil.NewFuncSigner(s.accountGroupCtx.ownMemberDevice.Member(), s.accountGroupCtx.ownMemberDevice.MemberSign))
if err != nil {
return nil, errcode.ErrCode_ErrInternal.Wrap(err)
}
return &protocoltypes.CredentialVerificationServiceInitFlow_Reply{
Url: url,
SecureUrl: strings.HasPrefix(url, "https://"),
}, nil
}
func (s *service) CredentialVerificationServiceCompleteFlow(ctx context.Context, request *protocoltypes.CredentialVerificationServiceCompleteFlow_Request) (*protocoltypes.CredentialVerificationServiceCompleteFlow_Reply, error) {
s.lock.Lock()
client := s.vcClient
s.lock.Unlock()
if client == nil {
return nil, errcode.ErrCode_ErrInvalidInput.Wrap(fmt.Errorf("a verification flow needs to be started first"))
}
credentials, identifier, parsedCredential, err := client.Complete(request.CallbackUri)
if err != nil {
return nil, errcode.ErrCode_ErrInternal.Wrap(err)
}
_, err = s.accountGroupCtx.metadataStore.SendAccountVerifiedCredentialAdded(ctx, &protocoltypes.AccountVerifiedCredentialRegistered{
VerifiedCredential: credentials,
RegistrationDate: parsedCredential.Issued.UnixNano(),
ExpirationDate: parsedCredential.Expired.UnixNano(),
Identifier: identifier,
Issuer: parsedCredential.Issuer.ID,
})
if err != nil {
return nil, errcode.ErrCode_ErrInternal.Wrap(err)
}
return &protocoltypes.CredentialVerificationServiceCompleteFlow_Reply{
Identifier: identifier,
}, nil
}
func (s *service) VerifiedCredentialsList(request *protocoltypes.VerifiedCredentialsList_Request, server protocoltypes.ProtocolService_VerifiedCredentialsListServer) error {
now := time.Now().UnixNano()
credentials := s.accountGroupCtx.metadataStore.ListVerifiedCredentials()
for _, credential := range credentials {
if request.FilterIdentifier != "" && credential.Identifier != request.FilterIdentifier {
continue
}
if request.ExcludeExpired && credential.ExpirationDate < now {
continue
}
if request.FilterIssuer != "" && credential.Issuer != request.FilterIssuer {
continue
}
if err := server.Send(&protocoltypes.VerifiedCredentialsList_Reply{
Credential: credential,
}); err != nil {
return errcode.ErrCode_ErrStreamWrite.Wrap(err)
}
}
return nil
}