agent-network-protocol
diff --git a/‎agent_connect/authentication/__init__.py‎
Lines changed: 4 additions & 1 deletion b/‎agent_connect/authentication/__init__.py‎
Lines changed: 4 additions & 1 deletion
diff --git a/‎agent_connect/authentication/did_wba_auth_header.py‎
Lines changed: 248 additions & 0 deletions b/‎agent_connect/authentication/did_wba_auth_header.py‎
Lines changed: 248 additions & 0 deletions
diff --git a/‎examples/did_wba_examples/basic.py‎
Lines changed: 27 additions & 45 deletions b/‎examples/did_wba_examples/basic.py‎
Lines changed: 27 additions & 45 deletions
@@ -8,12 +8,15 @@
     verify_auth_header_signature, \
     extract_auth_header_parts
 
+from .did_wba_auth_header import DIDWbaAuthHeader
+
 # Define what should be exported when using "from agent_connect.authentication import *"
 __all__ = ['DIDAllClient', \
            'create_did_wba_document', \
            'resolve_did_wba_document', \
            'resolve_did_wba_document_sync', \
            'generate_auth_header', \
            'verify_auth_header_signature', \
-           'extract_auth_header_parts']
+           'extract_auth_header_parts', \
+           'DIDWbaAuthHeader']
 
@@ -0,0 +1,248 @@
+# AgentConnect: https://github.com/agent-network-protocol/AgentConnect
+# Author: GaoWei Chang
+# Email: chgaowei@gmail.com
+# Website: https://agent-network-protocol.com/
+#
+# This project is open-sourced under the MIT License. For details, please see the LICENSE file.
+
+import os
+import json
+import logging
+import asyncio
+import aiohttp
+from pathlib import Path
+from typing import Dict, Optional
+from cryptography.hazmat.primitives.asymmetric import ec
+from cryptography.hazmat.primitives import serialization
+from cryptography.hazmat.primitives import hashes
+from urllib.parse import urlparse
+
+# Import agent_connect for DID authentication
+from .did_wba import (
+    generate_auth_header
+)
+
+class DIDWbaAuthHeader:
+    """
+    Simplified DID authentication client providing HTTP authentication headers.
+    """
+    
+    def __init__(self, did_document_path: str, private_key_path: str):
+        """
+        Initialize the DID authentication client.
+        
+        Args:
+            did_document_path: Path to the DID document (absolute or relative path)
+            private_key_path: Path to the private key (absolute or relative path)
+        """
+        self.did_document_path = did_document_path
+        self.private_key_path = private_key_path
+        
+        # State variables
+        self.did_document = None
+        self.auth_headers = {}  # Store DID authentication headers by domain
+        self.tokens = {}  # Store tokens by domain
+        
+        logging.info("DIDWbaAuthHeader initialized")
+    
+    def _get_domain(self, server_url: str) -> str:
+        """Extract domain from URL"""
+        parsed_url = urlparse(server_url)
+        domain = parsed_url.netloc.split(':')[0]
+        return domain
+    
+    def _load_did_document(self) -> Dict:
+        """Load DID document"""
+        try:
+            if self.did_document:
+                return self.did_document
+            
+            # Use the provided path directly, without resolving absolute path
+            did_path = self.did_document_path
+            
+            with open(did_path, 'r') as f:
+                did_document = json.load(f)
+            
+            self.did_document = did_document
+            logging.info(f"Loaded DID document: {did_path}")
+            return did_document
+        except Exception as e:
+            logging.error(f"Error loading DID document: {e}")
+            raise
+    
+    def _load_private_key(self) -> ec.EllipticCurvePrivateKey:
+        """Load private key"""
+        try:
+            # Use the provided path directly, without resolving absolute path
+            key_path = self.private_key_path
+            
+            with open(key_path, 'rb') as f:
+                private_key_data = f.read()
+            
+            private_key = serialization.load_pem_private_key(
+                private_key_data,
+                password=None
+            )
+            
+            logging.debug(f"Loaded private key: {key_path}")
+            return private_key
+        except Exception as e:
+            logging.error(f"Error loading private key: {e}")
+            raise
+    
+    def _sign_callback(self, content: bytes, method_fragment: str) -> bytes:
+        """Sign callback function"""
+        try:
+            private_key = self._load_private_key()
+            signature = private_key.sign(
+                content,
+                ec.ECDSA(hashes.SHA256())
+            )
+            
+            logging.debug(f"Signed content with method fragment: {method_fragment}")
+            return signature
+        except Exception as e:
+            logging.error(f"Error signing content: {e}")
+            raise
+    
+    def _generate_auth_header(self, domain: str) -> str:
+        """Generate DID authentication header"""
+        try:
+            did_document = self._load_did_document()
+            
+            auth_header = generate_auth_header(
+                did_document,
+                domain,
+                self._sign_callback
+            )
+            
+            logging.info(f"Generated authentication header for domain {domain}: {auth_header[:30]}...")
+            return auth_header
+        except Exception as e:
+            logging.error(f"Error generating authentication header: {e}")
+            raise
+    
+    def get_auth_header(self, server_url: str, force_new: bool = False) -> Dict[str, str]:
+        """
+        Get authentication header.
+        
+        Args:
+            server_url: Server URL
+            force_new: Whether to force generate a new DID authentication header
+            
+        Returns:
+            Dict[str, str]: HTTP header dictionary
+        """
+        domain = self._get_domain(server_url)
+        
+        # If there is a token and not forcing a new authentication header, return the token
+        if domain in self.tokens and not force_new:
+            token = self.tokens[domain]
+            logging.info(f"Using existing token for domain {domain}")
+            return {"Authorization": f"Bearer {token}"}
+        
+        # Otherwise, generate or use existing DID authentication header
+        if domain not in self.auth_headers or force_new:
+            self.auth_headers[domain] = self._generate_auth_header(domain)
+        
+        logging.info(f"Using DID authentication header for domain {domain}")
+        return {"Authorization": self.auth_headers[domain]}
+    
+    def update_token(self, server_url: str, headers: Dict[str, str]) -> Optional[str]:
+        """
+        Update token from response headers.
+        
+        Args:
+            server_url: Server URL
+            headers: Response header dictionary
+            
+        Returns:
+            Optional[str]: Updated token, or None if no valid token is found
+        """
+        domain = self._get_domain(server_url)
+        auth_header = headers.get("Authorization")
+        
+        if auth_header and auth_header.lower().startswith("bearer "):
+            token = auth_header[7:]  # Remove "Bearer " prefix
+            self.tokens[domain] = token
+            logging.info(f"Updated token for domain {domain}: {token[:30]}...")
+            return token
+        else:
+            logging.debug(f"No valid token found in response headers for domain {domain}")
+            return None
+    
+    def clear_token(self, server_url: str) -> None:
+        """
+        Clear token for the specified domain.
+        
+        Args:
+            server_url: Server URL
+        """
+        domain = self._get_domain(server_url)
+        if domain in self.tokens:
+            del self.tokens[domain]
+            logging.info(f"Cleared token for domain {domain}")
+        else:
+            logging.debug(f"No stored token for domain {domain}")
+    
+    def clear_all_tokens(self) -> None:
+        """Clear all tokens for all domains"""
+        self.tokens.clear()
+        logging.info("Cleared all tokens for all domains")
+
+# # Example usage
+# async def example_usage():
+#     # Get current script directory
+#     current_dir = Path(__file__).parent
+#     # Get project root directory (parent of current directory)
+#     base_dir = current_dir.parent
+    
+#     # Create client with absolute paths
+#     client = DIDWbaAuthHeader(
+#         did_document_path=str(base_dir / "use_did_test_public/did.json"),
+#         private_key_path=str(base_dir / "use_did_test_public/key-1_private.pem")
+#     )
+    
+#     server_url = "http://localhost:9870"
+    
+#     # Get authentication header (first call, returns DID authentication header)
+#     headers = client.get_auth_header(server_url)
+    
+#     # Send request
+#     async with aiohttp.ClientSession() as session:
+#         async with session.get(
+#             f"{server_url}/agents/travel/hotel/ad/ph/12345/ad.json", 
+#             headers=headers
+#         ) as response:
+#             # Check response
+#             print(f"Status code: {response.status}")
+            
+#             # If authentication is successful, update token
+#             if response.status == 200:
+#                 token = client.update_token(server_url, dict(response.headers))
+#                 if token:
+#                     print(f"Received token: {token[:30]}...")
+#                 else:
+#                     print("No token received in response headers")
+            
+#             # If authentication fails and a token was used, clear the token and retry
+#             elif response.status == 401:
+#                 print("Invalid token, clearing and using DID authentication")
+#                 client.clear_token(server_url)
+#                 # Retry request here
+    
+#     # Get authentication header again (if a token was obtained in the previous step, this will return a token authentication header)
+#     headers = client.get_auth_header(server_url)
+#     print(f"Header for second request: {headers}")
+    
+#     # Force use of DID authentication header
+#     headers = client.get_auth_header(server_url, force_new=True)
+#     print(f"Forced use of DID authentication header: {headers}")
+    
+#     # Test different domain
+#     another_server_url = "http://api.example.com"
+#     headers = client.get_auth_header(another_server_url)
+#     print(f"Header for another domain: {headers}")
+
+# if __name__ == "__main__":
+#     asyncio.run(example_usage()) 
@@ -22,10 +22,10 @@
 from cryptography.hazmat.primitives.asymmetric import ec
 from canonicaljson import encode_canonical_json
 
-from agent_connect.authentication.did_wba import (
+from agent_connect.authentication import (
     create_did_wba_document,
     resolve_did_wba_document,
-    generate_auth_header
+    DIDWbaAuthHeader
 )
 from agent_connect.utils.log_base import set_log_color_level
 
@@ -76,21 +76,23 @@ async def download_did_document(url: str) -> dict:
         logging.error("Failed to download DID document: %s", e)
         return None
 
-async def test_did_auth(url: str, auth_header: str) -> tuple[bool, str]:
+async def test_did_auth(url: str, auth_client: DIDWbaAuthHeader) -> tuple[bool, str]:
     """Test DID authentication and get token"""
     try:
         local_url = convert_url_for_local_testing(url)
         logging.info("Converting URL from %s to %s", url, local_url)
 
+        # 获取认证头
+        auth_headers = auth_client.get_auth_header(local_url)
+        
         async with aiohttp.ClientSession() as session:
             async with session.get(
                 local_url,
-                headers={'Authorization': auth_header}
+                headers=auth_headers
             ) as response:
-                token = response.headers.get('Authorization', '')
-                if token.startswith('Bearer '):
-                    token = token[7:]  # Remove 'Bearer ' prefix
-                return response.status == 200, token
+                # 更新令牌
+                token = auth_client.update_token(local_url, dict(response.headers))
+                return response.status == 200, token or ''
     except Exception as e:
         logging.error("DID authentication test failed: %s", e)
         return False, ''
@@ -117,31 +119,6 @@ def save_private_key(unique_id: str, keys: dict, did_document: dict) -> str:
 
     return str(user_dir)
 
-def load_private_key(private_key_dir: str, method_fragment: str) -> ec.EllipticCurvePrivateKey:
-    """Load private key from file"""
-    key_dir = Path(private_key_dir)
-    key_path = key_dir / f"{method_fragment}_private.pem"
-    
-    logging.info("Loading private key from %s", key_path)
-    with open(key_path, 'rb') as f:
-        private_key_bytes = f.read()
-    return serialization.load_pem_private_key(
-        private_key_bytes,
-        password=None
-    )
-
-def sign_callback(content: bytes, method_fragment: str) -> bytes:
-    """Sign content using private key"""
-    # Load private key using the global variable
-    private_key = load_private_key(sign_callback.private_key_dir, method_fragment)
-    
-    # Sign the content
-    signature = private_key.sign(
-        content,
-        ec.ECDSA(hashes.SHA256())
-    )
-    return signature
-
 async def main(unique_id: str = None, agent_description_url: str = None):
     """
     Main function to demonstrate DID WBA authentication
@@ -167,9 +144,10 @@ async def main(unique_id: str = None, agent_description_url: str = None):
         agent_description_url=agent_description_url
     )
 
-    # 4. Save private keys, DID document and set path for sign_callback
+    # 4. Save private keys and DID document
     user_dir = save_private_key(unique_id, keys, did_document)
-    sign_callback.private_key_dir = user_dir
+    did_document_path = str(Path(user_dir) / "did.json")
+    private_key_path = str(Path(user_dir) / "key-1_private.pem")
 
     # 5. Upload DID document (This should be stored on your server)
     document_url = f"https://{server_domain}{did_path}"
@@ -180,24 +158,28 @@ async def main(unique_id: str = None, agent_description_url: str = None):
         return
     logging.info("DID document uploaded successfully")
 
-    # 7. Generate authentication header
-    logging.info("Generating authentication header...")
-    auth_header = generate_auth_header(
-        did_document,
-        server_domain,
-        sign_callback
+    # 6. 创建 DIDWbaAuthHeader 实例
+    logging.info("Creating DIDWbaAuthHeader instance...")
+    auth_client = DIDWbaAuthHeader(
+        did_document_path=did_document_path,
+        private_key_path=private_key_path
     )
 
-    # 8. Test DID authentication and get token
+    # 7. Test DID authentication and get token
     test_url = f"https://{server_domain}/wba/test"
     logging.info("Testing DID authentication at %s", test_url)
-    auth_success, token = await test_did_auth(test_url, auth_header)
+    auth_success, token = await test_did_auth(test_url, auth_client)
 
-    if not auth_success or not token:
-        logging.error(f"DID authentication test failed. auth_success: {auth_success}, token: {token}")
+    if not auth_success:
+        logging.error("DID authentication test failed")
         return
 
     logging.info("DID authentication test successful")
+    
+    if token:
+        logging.info(f"Received token: {token}")
+    else:
+        logging.info("No token received from server")
 
 if __name__ == "__main__":
     set_log_color_level(logging.INFO)