Full challenge-response verification. Verifies: 1. Challenge exists, not expired, and not already used 2. Agent's signature over the nonce is valid 3. Certificate is ACTIVE and not expired
(
response: ChallengeResponse,
db: Annotated[AsyncSession, Depends(get_db)],
)
| 309 | description="Step 5-6: verify agent's signed challenge to confirm key possession.", |
| 310 | ) |
| 311 | async def verify_challenge( |
| 312 | response: ChallengeResponse, |
| 313 | db: Annotated[AsyncSession, Depends(get_db)], |
| 314 | ) -> ChallengeVerificationResult: |
| 315 | """ |
| 316 | Full challenge-response verification. |
| 317 | |
| 318 | Verifies: |
| 319 | 1. Challenge exists, not expired, and not already used |
| 320 | 2. Agent's signature over the nonce is valid |
| 321 | 3. Certificate is ACTIVE and not expired |
| 322 | """ |
| 323 | svc = AgentIdentityService(db) |
| 324 | return await svc.verify_challenge(response) |
| 325 | |
| 326 | |
| 327 | @_identity.post( |
nothing calls this directly
no test coverage detected