Skip to content

Commit

Permalink
🎨 Updated docstrings
Browse files Browse the repository at this point in the history
  • Loading branch information
@ff137
ff137 committed Nov 20, 2024
1 parent 4efafa3 commit 5dd0e98
Show file tree
Hide file tree
Showing 2 changed files with 142 additions and 158 deletions.
93 changes: 44 additions & 49 deletions app/routes/wallet/jws.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,70 +29,65 @@ async def sign_jws(
auth: AcaPyAuth = Depends(acapy_auth_from_header),
) -> JWSCreateResponse:
"""
Sign JSON Web Signature (JWS)
Sign a JSON Web Signature (JWS).
---
This endpoint allows the user to sign a json payload into a Json Web Signature (JWS)
using a DID or a verification method.
This endpoint allows users to sign a JSON payload, creating a JWS,
using either a DID or a specific verification method.
When populating the the body of the request, the user must populate either the `did`
or the `verification_method` field.
**Usage:**
If an issuer sings a JWS with a `did:sov` DID, the did should be public.
- **DID-Based Signing:** Provide the `did` field with a valid DID.
The Aries agent will automatically select the appropriate verification key associated with the DID.
The difference between the did and verification_method fields is
that if the `did` field is used, the Aries agent will make an educated guess
about which key associated with the did to use to sign the jwt, i.e. the did with the verkey to use.
- **Verification Method-Based Signing:** Provide the `verification_method` field with a specific verification method
(DID with a verkey) to explicitly specify which key to use for signing.
While with the `verification_method` field, the user is explicitly
specifying which verkey to use to sign the jwt.
**Notes:**
The `header` field is optional and can be used to specify the header of the JWS.
The `typ`, `alg`, and `kid` fields, in the header, are automatically populated by the Aries agent.
See https://www.rfc-editor.org/rfc/rfc7515.html for the JWS spec.
- If the issuer uses a `did:sov` DID, ensure that the DID is public.
- The `header` field is optional. While you can specify custom headers, the `typ`, `alg`,
and `kid` fields are automatically populated by the Aries agent based on the signing method.
Example request body:
---
```
```json
{
"did": "did:sov:WWMjrBJkUzz9suEtwKxmiY", <-- Public did of issuer
"did": "did:sov:WWMjrBJkUzz9suEtwKxmiY",
"payload": {
"credential_subject":"reference_to_holder",
"name":"Alice",
"surname":"Demo"
"credential_subject": "reference_to_holder",
"name": "Alice",
"surname": "Demo"
}
}
```
OR
```
**OR**
```json
{
"payload": {
"subject":"reference_to_holder",
"name":"Alice",
"surname":"Demo"
"subject": "reference_to_holder",
"name": "Alice",
"surname": "Demo"
},
"verification_method": "did:key:z6Mkprf81ujG1n48n5LMD...M6S3#z6Mkprf81ujG1n48n5LMDaxyCLLFrnqCRBPhkTWsPfA8M6S3"
}
```
Request Body:
Request body:
---
JWSCreateRequest:
did: str:
The DID to sign the JWS with.
headers: Optional(dict):
The header of the JWS.
payload: dict:
The payload of the JWS.
verification_method: str:
The verification (did with verkey) method to use.
- JWSCreateRequest:
- `did` (str, optional): The DID to sign the JWS with.
- `verification_method` (str, optional): The verification method (DID with verkey) to use for signing.
- `payload` (dict): The JSON payload to be signed.
- `headers` (dict, optional): Custom headers for the JWS. The `typ`, `alg`, and `kid` fields are auto-populated.
Returns:
---
JWSCreateResponse:
The signed JWS string representing the signed JSON Web Signature.
Response:
- **JWSCreateResponse:**
- `jws` (str): The resulting JWS string representing the signed JSON Web Signature.
References:
- [JSON Web Signature (JWS) Specification](https://www.rfc-editor.org/rfc/rfc7515.html)
"""
bound_logger = logger.bind(
# Do not log payload:
Expand Down Expand Up @@ -132,17 +127,13 @@ async def verify_jws(
auth: AcaPyAuth = Depends(acapy_auth_from_header),
) -> JWSVerifyResponse:
"""
Verify JSON Web Signature (JWS)
Verify a JSON Web Signature (JWS)
---
This endpoint allows the user to verify and decode the JWS string produced by the sign endpoint.
Passing the JWS string to this endpoint will return the payload and headers of the JWS.
This endpoint allows users to verify the authenticity and integrity of a JWS string previously generated by the /sign endpoint.

Check warning

Code scanning / Pylintpython3 (reported by Codacy)

Line too long (131/120) Warning

Line too long (131/120)
It decodes the JWS to retrieve the payload and headers and assesses its validity.
It will also return the validity of the JWS (verify the JWS).
See https://www.rfc-editor.org/rfc/rfc7515.html for the JWS spec.
Request body:
Request Body:
---
JWSVerifyRequest: The JWS to verify.
jws: str
Expand All @@ -160,6 +151,10 @@ async def verify_jws(
Whether the JWS is valid.
error: str:
The error message if the JWS is invalid.
References:
- [JSON Web Signature (JWS) Specification](https://www.rfc-editor.org/rfc/rfc7515.html)
"""
bound_logger = logger.bind(body=body)
bound_logger.debug("POST request received: Verify JWS")
Expand Down
207 changes: 98 additions & 109 deletions app/routes/wallet/sd_jws.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,112 +29,83 @@ async def sign_sd_jws(
auth: AcaPyAuth = Depends(acapy_auth_from_header),
) -> SDJWSCreateResponse:
"""
Sign Selective Disclosure for JWS (SD-JWS)
Sign a Selective Disclosure JSON Web Signature (SD-JWS).
---
This endpoint allows the user to sign a Selective Disclosure for JWS (SD-JWS).
The endpoint returns an SD-JWS that can be used to selectively disclose attributes
to a verifier.
When populating the body of the request, the user must provide either the
did or the verification_method field.
If an issuer signs a JWS with a did:sov DID, the DID must be public.
The difference between the did and verification_method fields is:
- If the did field is used, the Aries agent will make an educated guess about
which verkey associated with the DID to use for signing the JWT.
- If the verification_method field is used, the user explicitly specifies which
verkey to use for signing the JWT, i.e., the DID with the associated key.
The header field is optional and can be used to specify the header of the JWS.
The typ, alg, and kid fields in the header are automatically populated by the Aries agent.
The non_sd_list field is a list of non-selective disclosure attributes.
These attributes are not included in the selective disclosure; i.e., they are always disclosed.
If an attribute is a list or a dictionary, the attribute name should be included
in the non_sd_list.
In such cases, the attribute itself will be disclosed in the SD-JWS, but not
the values in the list or the key-value pairs in the dictionary.
Values in a list can be added to the non_sd_list by including the attribute
name and the range of the list in the following format:
"<attribute_name>[start:end]"
- start is the start of the range as a int.
- end is the end of the range (exclusive).
Values in a dictionary can be added to the non_sd_list by specifying the
dictionary name followed by the attribute name in the following format:
"<dictionary_name>.<attribute_name>"
- <dictionary_name> is the name of the dictionary.
- <attribute_name> is the attribute name within the dictionary.
The endpoint will return the signed SD-JWS along with the disclosures needed
to reveal the attributes in the SD-JWS:
<Issuer-signed JWS>~<Disclosure 1>~<Disclosure 2>~...~<Disclosure N>
It is the holder’s responsibility to identify which disclosure corresponds to
which attributes in the SD-JWS.
The holder must provide the SD-JWS with the appropriate disclosures to the
verifier upon request.
See https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-07.html
for the SD-JWT / SD-JWS spec.
Example request body:
---
```
{
"did": "did:sov:39TXHazGAYif5FUFCjQhYX", < --- Public did of issuer
"payload": {
""credential_subject": "reference_to_holder",
"given_name": "John",
"family_name": "Doe",
"email": "[email protected]",
"phone_number": "+1-202-555-0101",
"nationalities": ["a","b","c","d"],
"address": {
"street_address": "123 Main St",
"locality": "Anytown",
"region": "Anystate",
"country": "US"
},
"birthdate": "1940-01-01"
},
"non_sd_list": [
This endpoint allows users to create a Selective Disclosure JSON Web Signature (SD-JWS).
The SD-JWS enables the selective disclosure of specific attributes to a verifier while keeping others confidential.
**Usage:**
- **DID-Based Signing:** Provide the `did` field with a valid DID.
The Aries agent will automatically select the appropriate verification key associated with the DID.
- **Verification Method-Based Signing:** Provide the `verification_method` field with a specific verification method
(DID with verkey) to explicitly specify which key to use for signing.
**Notes:**
- If the issuer uses a `did:sov` DID, ensure that the DID is public.
- The `headers` field is optional. Custom headers can be specified, but the `typ`, `alg`,
and `kid` fields are automatically populated by the Aries agent based on the signing method.
- The `non_sd_list` field specifies attributes that are **not** selectively disclosed.
Attributes listed here will always be included in the SD-JWS.
**Non-Selective Disclosure (`non_sd_list`):**
- To exclude list elements:
- Use the format `"<attribute_name>[start:end]"` where `start` and `end` define the range
(e.g., `"nationalities[1:3]"`).
- To exclude specific dictionary attributes:
- Use the format `"<dictionary_name>.<attribute_name>"` (e.g., `"address.street_address"`).
**Example Request Body:**
```json
{
"did": "did:sov:39TXHazGAYif5FUFCjQhYX",
"payload": {
"credential_subject": "reference_to_holder",
"given_name": "John",
"family_name": "Doe",
"email": "[email protected]",
"phone_number": "+27-123-4567",
"nationalities": ["a","b","c","d"],
"address": {
"street_address": "123 Main St",
"locality": "Anytown",
"region": "Anywhere",
"country": "ZA"
},
"birthdate": "1940-01-01"
},
"non_sd_list": [
"given_name",
"address",
"address.street_address",
"nationalities",
"nationalities[1:3]"
]
}
]
}
```
Request body:
Request Body:
---
SDJWSCreateRequest: The SD-JWS to sign.
did: str:
The DID to sign the SD-JWS with.
headers: dict:
The header of the SD-JWS.
payload: dict:
The payload of the SD-JWS.
verification_method:
str: The verification method (did with verkey) to use.
non_sd_list: Optional(list):
List of non-selective disclosure attributes.
Returns:
SDJWSCreateRequest:
`did` (str, optional): The DID to sign the SD-JWS with.
`verification_method` (str, optional): The verification method (DID with verkey) to use for signing.
`payload` (dict): The JSON payload to be signed.
`headers` (dict, optional): Custom headers for the SD-JWS. The `typ`, `alg`, and `kid` fields are auto-populated.

Check warning

Code scanning / Pylintpython3 (reported by Codacy)

Line too long (125/120) Warning

Line too long (125/120)
`non_sd_list` (List[str], optional): List of attributes excluded from selective disclosure.
Response:
---
SDJWSCreateResponse:
The signed SD-JWS followed by the disclosures.
`sd_jws` (str): The resulting SD-JWS string concatenated with the necessary disclosures in the format
`<Issuer-signed JWS>~<Disclosure 1>~<Disclosure 2>~...~<Disclosure N>`.
References:
- [Selective Disclosure JSON Web Token (SD-JWT) Specification](https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-07.html)

Check warning

Code scanning / Pylintpython3 (reported by Codacy)

Line too long (149/120) Warning

Line too long (149/120)
"""
bound_logger = logger.bind(
# Do not log payload:
Expand Down Expand Up @@ -174,31 +145,49 @@ async def verify_sd_jws(
auth: AcaPyAuth = Depends(acapy_auth_from_header),
) -> SDJWSVerifyResponse:
"""
Verify Selective Disclosure JWS (SD-JWS)
Verify a Selective Disclosure JSON Web Signature (SD-JWS).
---
This endpoint allows the user to verify a Selective Disclosure JWS (SD-JWS).
The validity of the SD-JWS is checked and the disclosures are returned.
This endpoint allows users to verify the authenticity and integrity of a Selective Disclosure
JSON Web Signature (SD-JWS). It decodes the SD-JWS to retrieve the payload and headers,
assesses its validity, and processes the disclosures.
The SD-JWS followed by the disclosures are passed to this endpoint and should be in the format:
`<Issuer-signed JWS>~<Disclosure 1>~<Disclosure 2>~...~<Disclosure N>~`
Where each disclosure will reveal its associated attribute.
The holder only needs to reveal the disclosures that the verifier requests,
and can keep the rest of the disclosures secret.
**Usage:**
See https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-07.html
for the SD-JWT / SD-JWS spec.
- Submit the SD-JWS string concatenated with the necessary disclosures to this endpoint.
- The format should be: `<Issuer-signed JWS>~<Disclosure 1>~<Disclosure 2>~...~<Disclosure N>`.
- The holder provides the SD-JWS along with the required disclosures based on the verifier's request.
Request body:
**Notes:**
- Only the disclosures relevant to the verifier's request needs to be provided.
Other disclosures can remain confidential.
**Example Request Body:**
```json
{
"sd_jws": "<Issuer-signed JWS>~<Disclosure 1>~<Disclosure 2>~...~<Disclosure N>"
}
```
Request Body:
---
SDJWSVerifyRequest:
sd_jws: str:
The SD-JWS and disclosures to verify and reveal.
`sd_jws` (str): The concatenated SD-JWS and disclosures to verify and reveal.
Returns:
Response:
---
SDJWSVerifyResponse:
The validity of the SD-JWS and the selectively disclosed attributes.
`valid` (bool): Indicates whether the SD-JWS is valid.
`payload` (dict): The decoded payload of the SD-JWS.
`headers` (dict): The headers extracted from the SD-JWS.
`kid` (str): The Key ID of the signer.
`disclosed_attributes` (dict): The selectively disclosed attributes based on the provided disclosures.
`error` (str, optional): Error message if the SD-JWS verification fails.
**References:**
- [Selective Disclosure JSON Web Token (SD-JWT) Specification](https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-07.html)

Check warning

Code scanning / Pylintpython3 (reported by Codacy)

Line too long (149/120) Warning

Line too long (149/120)
"""
bound_logger = logger.bind(body=body)
bound_logger.debug("POST request received: Verify SD-JWS")
Expand Down

0 comments on commit 5dd0e98

Please sign in to comment.