__wip__ Check DID Identifier checksum in validation

Iotic-Labs · Jun 3, 2021 · ee54b88 · ee54b88
1 parent 7080e59
commit ee54b88
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 3 deletions.
diff --git a/iotics/lib/identity/crypto/identity.py b/iotics/lib/identity/crypto/identity.py
@@ -37,4 +37,5 @@ def make_identifier(public_bytes: bytes) -> str:
     checksum = bytearray.fromhex(cl2.hexdigest())[:4]
 
     return IDENTIFIER_PREFIX + base58.b58encode(bytes([IDENTIFIER_METHOD, IDENTIFIER_VERSION, IDENTIFIER_PAD])
-                                                + pk_digest + checksum).decode('ascii')
+                                                + pk_digest + checksum,
+                                                alphabet=base58.BITCOIN_ALPHABET).decode('ascii')
diff --git a/iotics/lib/identity/validation/identity.py b/iotics/lib/identity/validation/identity.py
@@ -1,14 +1,17 @@
 # Copyright (c) IOTIC LABS LIMITED. All rights reserved. Licensed under the Apache License, Version 2.0.
 
 import re
+from hashlib import blake2b
 
-from iotics.lib.identity.const import IDENTIFIER_ID_PATTERN, IDENTIFIER_NAME_PATTERN, ISSUER_PATTERN
+import base58
+
+from iotics.lib.identity.const import IDENTIFIER_ID_PATTERN, IDENTIFIER_NAME_PATTERN, ISSUER_PATTERN, IDENTIFIER_PREFIX
 from iotics.lib.identity.error import IdentityValidationError
 
 
 class IdentityValidation:
     @staticmethod
-    def validate_identifier(did: str):
+    def validate_identifier(did: str, checksum=False):
         """
         Validate decentralised identifier.
         :param did: decentralised identifier
@@ -20,6 +23,18 @@ def validate_identifier(did: str):
         if result is None:
             raise IdentityValidationError(f'Identifier does not match pattern {did} - {IDENTIFIER_ID_PATTERN}')
 
+        if checksum:
+            did_bytes = base58.b58decode(did[len(IDENTIFIER_PREFIX):], alphabet=base58.BITCOIN_ALPHABET)
+            did_digest = did_bytes[3:23]
+            did_checksum = did_bytes[-4:].hex()
+
+            cl2 = blake2b(digest_size=20)
+            cl2.update(did_digest)
+            checksum = cl2.hexdigest()[:8]
+
+            if did_checksum != checksum:
+                raise IdentityValidationError(f'Identifier checksum does not match {did_checksum} != {checksum}')
+
     @staticmethod
     def validate_issuer_string(issuer: str):
         """