Merge pull request #168 from alan-turing-institute/94-cr-cli-demo

Revise update key handling during challenge-response

Author: pwochner

trustchain-cli/src/bin/main.rs

@@ -3,7 +3,7 @@ use clap::{arg, ArgAction, Command};
 use core::panic;
 use did_ion::sidetree::PublicKeyJwk;
 use serde_json::to_string_pretty;
-use ssi::{jsonld::ContextLoader, jwk::JWK, ldp::LinkedDataDocument, vc::Credential};
+use ssi::{jsonld::ContextLoader, ldp::LinkedDataDocument, vc::Credential};
 use std::{
     fs::File,
     io::{self, stdin, BufReader},
@@ -52,7 +52,7 @@ fn cli() -> Command {
                         .arg(arg!(-v - -verbose).action(ArgAction::SetTrue))
                         .arg(arg!(-m - -mnemonic).action(ArgAction::SetTrue))
                         .arg(arg!(-f --file_path <FILE_PATH>).required(false))
-                        .arg(arg!(-f --update_p_key_file_path <FILE_PATH_TO_UPDATE_P_KEY>).required(false)),
+                        .arg(arg!(-u --update_p_key_file_path <FILE_PATH_TO_UPDATE_P_KEY>).required(false)),
                 )
                 .subcommand(
                     Command::new("attest")

trustchain-http/src/attestor.rs

@@ -185,7 +185,7 @@ impl TrustchainAttestorHTTPHandler {
         let content_initiation = ContentCRInitiation {
             requester_did: Some(ddid),
         };
-        content_initiation.elementwise_serialize(&path);
+        content_initiation.elementwise_serialize(&path).unwrap();
         // extract map of keys from candidate document and generate a nonce per key
         let requester_keys = extract_key_ids_and_jwk(&candidate_doc).unwrap();
         let attestor = Entity {};
@@ -343,7 +343,7 @@ pub fn present_identity_challenge(
         identity_response_signature: None,
     };
 
-    // make payload
+    // make payload (only nonce and update_p_key are included)
     let payload = JwtPayload::try_from(&identity_challenge).unwrap();
 
     // get signing key from ION attestor

trustchain-http/src/requester.rs

@@ -133,8 +133,14 @@ pub async fn identity_response(
         .as_str()
         .unwrap();
     let nonce = Nonce::from(String::from(nonce_str));
-    // update struct
-    identity_challenge.update_p_key = Some(attestor_p_key.clone());
+    let update_p_key_str = decrypted_verified_payload
+        .claim("update_p_key")
+        .unwrap()
+        .as_str()
+        .unwrap();
+    let update_p_key: Jwk = serde_json::from_str(update_p_key_str).unwrap();
+    // update struct: add nonce and update_p_key
+    identity_challenge.update_p_key = Some(update_p_key);
     identity_challenge.identity_nonce = Some(nonce);
     identity_challenge.identity_response_signature = Some(signed_encrypted_response);
 

trustchain-http/tests/attestation.rs

@@ -17,9 +17,7 @@ use trustchain_ion::{trustchain_resolver, verifier::TrustchainVerifier};
 const ROOT_EVENT_TIME_1: u64 = 1666265405;
 
 use mockall::automock;
-use std::fs;
-use std::path::PathBuf;
-use trustchain_core::utils::{extract_keys, init};
+use trustchain_core::utils::extract_keys;
 
 #[automock]
 pub trait AttestationUtils {
@@ -133,6 +131,20 @@ async fn attestation_challenge_response() {
     let result = identity_response(&requester_path, &services, &attestor_public_key).await;
     assert!(result.is_ok());
     let identity_challenge_requester = result.unwrap();
+    assert_eq!(
+        identity_challenge_requester.update_p_key,
+        identity_challenge_attestor.update_p_key
+    );
+    assert_eq!(
+        identity_challenge_attestor
+            .update_s_key
+            .unwrap()
+            .to_public_key()
+            .ok(),
+        identity_challenge_attestor.update_p_key
+    );
+    assert_eq!(identity_challenge_requester.update_s_key, None);
+
     identity_challenge_requester
         .elementwise_serialize(&requester_path)
         .unwrap();