Merge pull request #1977 from dbluhm/fix/public-did-mediator-routing-…

…keys fix: public did mediator routing keys as did keys
openwallet-foundation · Jan 11, 2023 · 4c20dcd · 4c20dcd
2 parents 7b1c457 + 23a8172
commit 4c20dcd
Show file tree

Hide file tree

Showing 9 changed files with 102 additions and 37 deletions.
diff --git a/aries_cloudagent/connections/base_manager.py b/aries_cloudagent/connections/base_manager.py
@@ -269,16 +269,18 @@ async def resolve_invitation(
 
         endpoint = first_didcomm_service.service_endpoint
         recipient_keys: List[VerificationMethod] = [
-            doc.dereference(url) for url in first_didcomm_service.recipient_keys
+            await resolver.dereference(self._profile, url, document=doc)
+            for url in first_didcomm_service.recipient_keys
         ]
         routing_keys: List[VerificationMethod] = [
-            doc.dereference(url) for url in first_didcomm_service.routing_keys
+            await resolver.dereference(self._profile, url, document=doc)
+            for url in first_didcomm_service.routing_keys
         ]
 
         for key in [*recipient_keys, *routing_keys]:
             if not isinstance(key, self.SUPPORTED_KEY_TYPES):
                 raise BaseConnectionManagerError(
-                    f"Key type {key.type} is not supported"
+                    f"Key type {type(key).__name__} is not supported"
                 )
 
         return (

diff --git a/aries_cloudagent/messaging/jsonld/routes.py b/aries_cloudagent/messaging/jsonld/routes.py
@@ -5,7 +5,6 @@
 from marshmallow import INCLUDE, Schema, fields
 from pydid.verification_method import (
     Ed25519VerificationKey2018,
-    KnownVerificationMethods,
 )
 
 from ...admin.request_context import AdminRequestContext
@@ -148,7 +147,6 @@ async def verify(request: web.BaseRequest):
                 vmethod = await resolver.dereference(
                     profile,
                     doc["proof"]["verificationMethod"],
-                    cls=KnownVerificationMethods,
                 )
 
                 if not isinstance(vmethod, SUPPORTED_VERIFICATION_METHOD_TYPES):

diff --git a/aries_cloudagent/messaging/jsonld/tests/test_routes.py b/aries_cloudagent/messaging/jsonld/tests/test_routes.py
@@ -234,22 +234,22 @@ async def test_verify_bad_ver_meth_deref_req_error(
     assert "error" in mock_response.call_args[0][0]
 
 
-@pytest.mark.asyncio
-async def test_verify_bad_ver_meth_not_ver_meth(
-    mock_resolver, mock_verify_request, mock_response, request_body
-):
-    request_body["doc"]["proof"][
-        "verificationMethod"
-    ] = "did:example:1234abcd#did-communication"
-    await test_module.verify(mock_verify_request(request_body))
-    assert "error" in mock_response.call_args[0][0]
-
-
+@pytest.mark.parametrize(
+    "vmethod",
+    [
+        "did:example:1234abcd#key-2",
+        "did:example:1234abcd#did-communication",
+    ],
+)
 @pytest.mark.asyncio
 async def test_verify_bad_vmethod_unsupported(
-    mock_resolver, mock_verify_request, mock_response, request_body
+    mock_resolver,
+    mock_verify_request,
+    mock_response,
+    request_body,
+    vmethod,
 ):
-    request_body["doc"]["proof"]["verificationMethod"] = "did:example:1234abcd#key-2"
+    request_body["doc"]["proof"]["verificationMethod"] = vmethod
     with pytest.raises(web.HTTPBadRequest):
         await test_module.verify(mock_verify_request(request_body))
 

diff --git a/aries_cloudagent/protocols/connections/v1_0/tests/test_manager.py b/aries_cloudagent/protocols/connections/v1_0/tests/test_manager.py
@@ -2068,6 +2068,9 @@ async def test_fetch_connection_targets_conn_invitation_did_resolver(self):
                 return_value=self.test_endpoint
             )
             self.resolver.resolve = async_mock.CoroutineMock(return_value=did_doc)
+            self.resolver.dereference = async_mock.CoroutineMock(
+                return_value=did_doc.verification_method[0]
+            )
             self.context.injector.bind_instance(DIDResolver, self.resolver)
 
             local_did = await session.wallet.create_local_did(
@@ -2137,6 +2140,9 @@ async def test_fetch_connection_targets_conn_invitation_btcr_resolver(self):
                 return_value=self.test_endpoint
             )
             self.resolver.resolve = async_mock.CoroutineMock(return_value=did_doc)
+            self.resolver.dereference = async_mock.CoroutineMock(
+                return_value=did_doc.verification_method[0]
+            )
             self.context.injector.bind_instance(DIDResolver, self.resolver)
             local_did = await session.wallet.create_local_did(
                 method=SOV,
@@ -2288,6 +2294,9 @@ async def test_fetch_connection_targets_conn_invitation_unsupported_key_type(sel
                 return_value=self.test_endpoint
             )
             self.resolver.resolve = async_mock.CoroutineMock(return_value=did_doc)
+            self.resolver.dereference = async_mock.CoroutineMock(
+                return_value=did_doc.verification_method[0]
+            )
             self.context.injector.bind_instance(DIDResolver, self.resolver)
             local_did = await session.wallet.create_local_did(
                 method=SOV,
@@ -2357,6 +2366,9 @@ async def test_fetch_connection_targets_oob_invitation_svc_did_resolver(self):
 
             self.resolver = async_mock.MagicMock()
             self.resolver.resolve = async_mock.CoroutineMock(return_value=did_doc)
+            self.resolver.dereference = async_mock.CoroutineMock(
+                return_value=did_doc.verification_method[0]
+            )
             self.context.injector.bind_instance(DIDResolver, self.resolver)
 
             local_did = await session.wallet.create_local_did(

diff --git a/aries_cloudagent/protocols/out_of_band/v1_0/manager.py b/aries_cloudagent/protocols/out_of_band/v1_0/manager.py
@@ -223,6 +223,7 @@ async def create_invitation(
             async with self.profile.session() as session:
                 wallet = session.inject(BaseWallet)
                 public_did = await wallet.get_public_did()
+
             if not public_did:
                 raise OutOfBandManagerError(
                     "Cannot create public invitation with no public DID"

diff --git a/aries_cloudagent/resolver/default/indy.py b/aries_cloudagent/resolver/default/indy.py
@@ -11,6 +11,7 @@
 
 from ...config.injection_context import InjectionContext
 from ...core.profile import Profile
+from ...did.did_key import DIDKey
 from ...ledger.endpoint_type import EndpointType
 from ...ledger.error import LedgerError
 from ...ledger.multiple_ledger.ledger_requests_executor import (
@@ -19,7 +20,7 @@
 )
 from ...messaging.valid import IndyDID
 from ...multitenant.base import BaseMultitenantManager
-
+from ...wallet.key_type import ED25519
 from ..base import BaseDIDResolver, DIDNotFound, ResolverError, ResolverType
 
 LOGGER = logging.getLogger(__name__)
@@ -29,6 +30,26 @@ class NoIndyLedger(ResolverError):
     """Raised when there is no Indy ledger instance configured."""
 
 
+def _routing_keys_as_did_key_urls(routing_keys: Sequence[str]) -> Sequence[str]:
+    """Convert raw base58 keys to did:key values.
+
+    If a did:key is passed in, convert to a did:key URL.
+    """
+
+    did_key_urls = []
+    for routing_key in routing_keys:
+        if not routing_key.startswith("did:key:"):
+            did_key_urls.append(DIDKey.from_public_key_b58(routing_key, ED25519).key_id)
+        else:
+            if "#" not in routing_key:
+                did_key_urls.append(
+                    f"{routing_key}#{DIDKey.from_did(routing_key).fingerprint}"
+                )
+            else:
+                return routing_keys
+    return did_key_urls
+
+
 class IndyDIDResolver(BaseDIDResolver):
     """Indy DID Resolver."""
 
@@ -101,7 +122,7 @@ def add_services(
                     type_=self.SERVICE_TYPE_DID_COMMUNICATION,
                     service_endpoint=endpoint,
                     priority=1,
-                    routing_keys=routing_keys,
+                    routing_keys=_routing_keys_as_did_key_urls(routing_keys),
                     recipient_keys=[recipient_key.id],
                     accept=(
                         service_accept if service_accept else ["didcomm/aip2;env=rfc19"]
@@ -114,7 +135,7 @@ def add_services(
                     type_=self.SERVICE_TYPE_DIDCOMM,
                     service_endpoint=endpoint,
                     recipient_keys=[recipient_key.id],
-                    routing_keys=routing_keys,
+                    routing_keys=_routing_keys_as_did_key_urls(routing_keys),
                     # CHECKME
                     # accept=(service_accept if service_accept else ["didcomm/v2"]),
                     accept=["didcomm/v2"],

diff --git a/aries_cloudagent/resolver/default/tests/test_indy.py b/aries_cloudagent/resolver/default/tests/test_indy.py
@@ -17,7 +17,7 @@
 from ....multitenant.manager import MultitenantManager
 
 from ...base import DIDNotFound, ResolverError
-from ..indy import IndyDIDResolver
+from ..indy import IndyDIDResolver, _routing_keys_as_did_key_urls
 
 # pylint: disable=W0621
 TEST_DID0 = "did:sov:WgWxqztrNooG92RXvxSTWv"
@@ -127,7 +127,7 @@ async def test_supports_updated_did_sov_rules(
         """Test that new attrib structure is supported."""
         example = {
             "endpoint": "https://example.com/endpoint",
-            "routingKeys": ["a-routing-key"],
+            "routingKeys": ["HQhjaj4mcaS3Xci27a9QhnBrNpS91VNFUU4TDrtMxa9j"],
             "types": ["DIDComm", "did-communication", "endpoint"],
             "profile": "https://example.com",
             "linked_domains": "https://example.com",
@@ -177,3 +177,18 @@ async def test_supports_updated_did_sov_rules_no_endpoint_url(
     )
     def test_process_endpoint_types(self, resolver: IndyDIDResolver, types, result):
         assert resolver.process_endpoint_types(types) == result
+
+    @pytest.mark.parametrize(
+        "keys",
+        [
+            ["3YJCx3TqotDWFGv7JMR5erEvrmgu5y4FDqjR7sKWxgXn"],
+            ["did:key:z6MkgzZFYHiH9RhyMmkoyvNvVwnvgLxkVrJbureLx9HXsuKA"],
+            [
+                "did:key:z6MkgzZFYHiH9RhyMmkoyvNvVwnvgLxkVrJbureLx9HXsuKA#z6MkgzZFYHiH9RhyMmkoyvNvVwnvgLxkVrJbureLx9HXsuKA"
+            ],
+        ],
+    )
+    def test_routing_keys_as_did_key_urls(self, keys):
+        for key in _routing_keys_as_did_key_urls(keys):
+            assert key.startswith("did:key:")
+            assert "#" in key
diff --git a/aries_cloudagent/resolver/did_resolver.py b/aries_cloudagent/resolver/did_resolver.py
@@ -8,10 +8,11 @@
 from datetime import datetime
 from itertools import chain
 import logging
-from typing import Optional, List, Sequence, Tuple, Text, Type, TypeVar, Union
+from typing import List, Optional, Sequence, Text, Tuple, Union
 
-from pydid import DID, DIDError, DIDUrl, Resource, NonconformantDocument
-from pydid.doc.doc import IDNotFoundError
+from pydid import DID, DIDError, DIDUrl, Resource
+import pydid
+from pydid.doc.doc import BaseDIDDocument, IDNotFoundError
 
 from ..core.profile import Profile
 from .base import (
@@ -26,9 +27,6 @@
 LOGGER = logging.getLogger(__name__)
 
 
-ResourceType = TypeVar("ResourceType", bound=Resource)
-
-
 class DIDResolver:
     """did resolver singleton."""
 
@@ -115,8 +113,12 @@ async def _match_did_to_resolver(
         return resolvers
 
     async def dereference(
-        self, profile: Profile, did_url: str, *, cls: Type[ResourceType] = Resource
-    ) -> ResourceType:
+        self,
+        profile: Profile,
+        did_url: str,
+        *,
+        document: Optional[BaseDIDDocument] = None,
+    ) -> Resource:
         """Dereference a DID URL to its corresponding DID Doc object."""
         # TODO Use cached DID Docs when possible
         try:
@@ -128,12 +130,15 @@ async def dereference(
                 "Failed to parse DID URL from {}".format(did_url)
             ) from err
 
-        doc_dict = await self.resolve(profile, parsed.did)
-        # Use non-conformant doc as the "least common denominator"
+        if document and parsed.did != document.id:
+            document = None
+
+        if not document:
+            doc_dict = await self.resolve(profile, parsed.did)
+            document = pydid.deserialize_document(doc_dict)
+
         try:
-            return NonconformantDocument.deserialize(doc_dict).dereference_as(
-                cls, parsed
-            )
+            return document.dereference(parsed)
         except IDNotFoundError as error:
             raise ResolverError(
                 "Failed to dereference DID URL: {}".format(error)

diff --git a/aries_cloudagent/resolver/tests/test_did_resolver.py b/aries_cloudagent/resolver/tests/test_did_resolver.py
@@ -7,7 +7,7 @@
 import pytest
 
 from asynctest import mock as async_mock
-from pydid import DID, DIDDocument, VerificationMethod
+from pydid import DID, DIDDocument, VerificationMethod, BasicDIDDocument
 
 from ..base import (
     BaseDIDResolver,
@@ -153,6 +153,17 @@ async def test_dereference(resolver, profile):
     assert expected == actual.serialize()
 
 
+@pytest.mark.asyncio
+async def test_dereference_diddoc(resolver, profile):
+    url = "did:example:1234abcd#4"
+    doc = BasicDIDDocument(
+        id="did:example:z6Mkmpe2DyE4NsDiAb58d75hpi1BjqbH6wYMschUkjWDEEuR"
+    )
+    result = await resolver.dereference(profile, url, document=doc)
+    assert isinstance(result, VerificationMethod)
+    assert result.id == url
+
+
 @pytest.mark.asyncio
 async def test_dereference_x(resolver, profile):
     url = "non-did"