From 34f0b99797d954444ef287c62b2cbddcc15b665f Mon Sep 17 00:00:00 2001
From: Tim Churchard <tim.churchard@iotics.com>
Date: Wed, 2 Jun 2021 15:59:31 +0100
Subject: [PATCH] __wip__ Check DID Identifier checksum in validation

---
 iotics/lib/identity/crypto/identity.py     |  3 ++-
 iotics/lib/identity/validation/identity.py | 19 +++++++++++++++++--
 2 files changed, 19 insertions(+), 3 deletions(-)

diff --git a/iotics/lib/identity/crypto/identity.py b/iotics/lib/identity/crypto/identity.py
index d00f767..d781712 100644
--- a/iotics/lib/identity/crypto/identity.py
+++ b/iotics/lib/identity/crypto/identity.py
@@ -37,4 +37,5 @@ def make_identifier(public_bytes: bytes) -> str:
     checksum = bytearray.fromhex(cl2.hexdigest())[:4]
 
     return IDENTIFIER_PREFIX + base58.b58encode(bytes([IDENTIFIER_METHOD, IDENTIFIER_VERSION, IDENTIFIER_PAD])
-                                                + pk_digest + checksum).decode('ascii')
+                                                + pk_digest + checksum,
+                                                alphabet=base58.BITCOIN_ALPHABET).decode('ascii')
diff --git a/iotics/lib/identity/validation/identity.py b/iotics/lib/identity/validation/identity.py
index 9eac63d..a8b5fb1 100644
--- a/iotics/lib/identity/validation/identity.py
+++ b/iotics/lib/identity/validation/identity.py
@@ -1,14 +1,17 @@
 # Copyright (c) IOTIC LABS LIMITED. All rights reserved. Licensed under the Apache License, Version 2.0.
 
 import re
+from hashlib import blake2b
 
-from iotics.lib.identity.const import IDENTIFIER_ID_PATTERN, IDENTIFIER_NAME_PATTERN, ISSUER_PATTERN
+import base58
+
+from iotics.lib.identity.const import IDENTIFIER_ID_PATTERN, IDENTIFIER_NAME_PATTERN, ISSUER_PATTERN, IDENTIFIER_PREFIX
 from iotics.lib.identity.error import IdentityValidationError
 
 
 class IdentityValidation:
     @staticmethod
-    def validate_identifier(did: str):
+    def validate_identifier(did: str, checksum=False):
         """
         Validate decentralised identifier.
         :param did: decentralised identifier
@@ -20,6 +23,18 @@ def validate_identifier(did: str):
         if result is None:
             raise IdentityValidationError(f'Identifier does not match pattern {did} - {IDENTIFIER_ID_PATTERN}')
 
+        if checksum:
+            did_bytes = base58.b58decode(did[len(IDENTIFIER_PREFIX):], alphabet=base58.BITCOIN_ALPHABET)
+            did_digest = did_bytes[3:23]
+            did_checksum = did_bytes[-4:].hex()
+
+            cl2 = blake2b(digest_size=20)
+            cl2.update(did_digest)
+            checksum = cl2.hexdigest()[:8]
+
+            if did_checksum != checksum:
+                raise IdentityValidationError(f'Identifier checksum does not match {did_checksum} != {checksum}')
+
     @staticmethod
     def validate_issuer_string(issuer: str):
         """