fix: json ld fixes and aca-py interop fixes

packages/anoncreds/src/utils/w3cAnonCredsUtils.ts

@@ -20,6 +20,7 @@ import {
  isUnqualifiedRevocationRegistryId,
  isIndyDid,
  getUnQualifiedDidIndyDid,
+ isUnqualifiedIndyDid,
 } from './indyIdentifiers'
 import { W3cAnonCredsCredentialMetadataKey } from './metadata'
 
@@ -166,6 +167,14 @@ export function getStoreCredentialOptions(
  return storeCredentialOptions
 }
 
+// The issuer of the schema does not always match the issuer of the credential definition thus the unqualified schema id needs to be derived from both values
+function getUnqualifiedSchemaId(schemaIssuerId: string, schemaId: string) {
+ const schemaDid = schemaIssuerId.split(':')[3]
+ const split = getUnQualifiedDidIndyDid(schemaId).split(':')
+ split[0] = schemaDid
+ return split.join(':')
+}
+
 export function getW3cRecordAnonCredsTags(options: {
  credentialSubject: W3cCredentialSubject
  issuerId: string
@@ -199,10 +208,10 @@ export function getW3cRecordAnonCredsTags(options: {
  anonCredsMethodName: methodName,
  anonCredsRevocationRegistryId: revocationRegistryId,
  anonCredsCredentialRevocationId: credentialRevocationId,
- ...(isIndyDid(issuerId) && {
+ ...((isIndyDid(issuerId) || isUnqualifiedIndyDid(issuerId)) && {
  anonCredsUnqualifiedIssuerId: getUnQualifiedDidIndyDid(issuerId),
  anonCredsUnqualifiedCredentialDefinitionId: getUnQualifiedDidIndyDid(credentialDefinitionId),
- anonCredsUnqualifiedSchemaId: getUnQualifiedDidIndyDid(schemaId),
+ anonCredsUnqualifiedSchemaId: getUnqualifiedSchemaId(schema.issuerId, schemaId),
  anonCredsUnqualifiedSchemaIssuerId: getUnQualifiedDidIndyDid(schema.issuerId),
  anonCredsUnqualifiedRevocationRegistryId: revocationRegistryId
  ? getUnQualifiedDidIndyDid(revocationRegistryId)

packages/core/src/modules/connections/DidExchangeProtocol.ts

@@ -523,58 +523,56 @@ export class DidExchangeProtocol {
  if (message instanceof DidExchangeResponseMessage) {
  const didRotateAttachment = message.didRotate
 
- if (!didRotateAttachment) {
- throw new DidExchangeProblemReportError('DID Rotate attachment is missing.', {
- problemCode: DidExchangeProblemReportReason.ResponseNotAccepted,
- })
- }
-
- const jws = didRotateAttachment.data.jws
+ if (didRotateAttachment) {
+ const jws = didRotateAttachment.data.jws
 
- if (!jws) {
- throw new DidExchangeProblemReportError('DID Rotate signature is missing.', {
- problemCode: DidExchangeProblemReportReason.ResponseNotAccepted,
- })
- }
+  if (!jws) {
+  throw new DidExchangeProblemReportError('DID Rotate signature is missing.', {
+  problemCode: DidExchangeProblemReportReason.ResponseNotAccepted,
+  })
+  }
 
- if (!didRotateAttachment.data.base64) {
- throw new CredoError('DID Rotate attachment is missing base64 property for signed did.')
- }
+  if (!didRotateAttachment.data.base64) {
+  throw new CredoError('DID Rotate attachment is missing base64 property for signed did.')
+  }
 
- // JWS payload must be base64url encoded
- const base64UrlPayload = base64ToBase64URL(didRotateAttachment.data.base64)
- const signedDid = TypedArrayEncoder.fromBase64(base64UrlPayload).toString()
+  // JWS payload must be base64url encoded
+  const base64UrlPayload = base64ToBase64URL(didRotateAttachment.data.base64)
+  const signedDid = TypedArrayEncoder.fromBase64(base64UrlPayload).toString()
 
- if (signedDid !== message.did) {
- throw new CredoError(
- `DID Rotate attachment's did ${message.did} does not correspond to message did ${message.did}`
- )
- }
+  if (signedDid !== message.did) {
+  throw new CredoError(
+  `DID Rotate attachment's did ${message.did} does not correspond to message did ${message.did}`
+  )
+  }
 
- const { isValid, signerKeys } = await this.jwsService.verifyJws(agentContext, {
- jws: {
- ...jws,
- payload: base64UrlPayload,
- },
- jwkResolver: ({ jws: { header } }) => {
- if (typeof header.kid !== 'string' || !isDid(header.kid, 'key')) {
- throw new CredoError('JWS header kid must be a did:key DID.')
- }
+  const { isValid, signerKeys } = await this.jwsService.verifyJws(agentContext, {
+  jws: {
+  ...jws,
+  payload: base64UrlPayload,
+  },
+  jwkResolver: ({ jws: { header } }) => {
+  if (typeof header.kid !== 'string' || !isDid(header.kid, 'key')) {
+  throw new CredoError('JWS header kid must be a did:key DID.')
+  }
 
- const didKey = DidKey.fromDid(header.kid)
- return getJwkFromKey(didKey.key)
- },
- })
+  const didKey = DidKey.fromDid(header.kid)
+  return getJwkFromKey(didKey.key)
+  },
+  })
 
- if (!isValid || !signerKeys.every((key) => invitationKeysBase58?.includes(key.publicKeyBase58))) {
- throw new DidExchangeProblemReportError(
- `DID Rotate signature is invalid. isValid: ${isValid} signerKeys: ${JSON.stringify(
- signerKeys
- )} invitationKeys:${JSON.stringify(invitationKeysBase58)}`,
- {
- problemCode: DidExchangeProblemReportReason.ResponseNotAccepted,
- }
- )
+ if (!isValid || !signerKeys.every((key) => invitationKeysBase58?.includes(key.publicKeyBase58))) {
+ throw new DidExchangeProblemReportError(
+ `DID Rotate signature is invalid. isValid: ${isValid} signerKeys: ${JSON.stringify(
+ signerKeys
+ )} invitationKeys:${JSON.stringify(invitationKeysBase58)}`,
+ {
+ problemCode: DidExchangeProblemReportReason.ResponseNotAccepted,
+ }
+ )
+ }
+ } else {
+ this.logger.warn(`Document does not contain didRotate`)
  }
  }
 

packages/core/src/modules/credentials/protocol/v2/messages/V2OfferCredentialMessage.ts

@@ -58,6 +58,7 @@ export class V2OfferCredentialMessage extends AgentMessage {
 
  @Expose({ name: 'credential_preview' })
  @Type(() => V2CredentialPreview)
+ @IsOptional()
  @ValidateNested()
  @IsInstance(V2CredentialPreview)
  public credentialPreview?: V2CredentialPreview

packages/core/src/modules/dids/domain/verificationMethod/Bls12381G1Key2020.ts

@@ -32,9 +32,17 @@ export function isBls12381G1Key2020(verificationMethod: VerificationMethod): ver
  * Get a key from a Bls12381G1Key2020 verification method.
  */
 export function getKeyFromBls12381G1Key2020(verificationMethod: Bls12381G1Key2020) {
- if (!verificationMethod.publicKeyBase58) {
- throw new CredoError('verification method is missing publicKeyBase58')
+ if (verificationMethod.publicKeyBase58) {
+ return Key.fromPublicKeyBase58(verificationMethod.publicKeyBase58, KeyType.Bls12381g1)
+ }
+ if (verificationMethod.publicKeyMultibase) {
+ const key = Key.fromFingerprint(verificationMethod.publicKeyMultibase)
+ if (key.keyType === KeyType.Bls12381g1) return key
+ else
+ throw new CredoError(
+ `Unexpected key type from resolving multibase encoding, key type was ${key.keyType} but expected ${KeyType.Bls12381g1}}`
+ )
  }
 
- return Key.fromPublicKeyBase58(verificationMethod.publicKeyBase58, KeyType.Bls12381g1)
+ throw new CredoError('verification method is missing publicKeyBase58 or publicKeyMultibase')
 }

packages/core/src/modules/dids/domain/verificationMethod/Bls12381G2Key2020.ts

@@ -32,9 +32,17 @@ export function isBls12381G2Key2020(verificationMethod: VerificationMethod): ver
  * Get a key from a Bls12381G2Key2020 verification method.
  */
 export function getKeyFromBls12381G2Key2020(verificationMethod: Bls12381G2Key2020) {
- if (!verificationMethod.publicKeyBase58) {
- throw new CredoError('verification method is missing publicKeyBase58')
+ if (verificationMethod.publicKeyBase58) {
+ return Key.fromPublicKeyBase58(verificationMethod.publicKeyBase58, KeyType.Bls12381g2)
+ }
+ if (verificationMethod.publicKeyMultibase) {
+ const key = Key.fromFingerprint(verificationMethod.publicKeyMultibase)
+ if (key.keyType === KeyType.Bls12381g2) return key
+ else
+ throw new CredoError(
+ `Unexpected key type from resolving multibase encoding, key type was ${key.keyType} but expected ${KeyType.Bls12381g2}}`
+ )
  }
 
- return Key.fromPublicKeyBase58(verificationMethod.publicKeyBase58, KeyType.Bls12381g2)
+ throw new CredoError('verification method is missing publicKeyBase58 or publicKeyMultibase')
 }

packages/core/src/modules/dids/domain/verificationMethod/EcdsaSecp256k1VerificationKey2019.ts

@@ -43,9 +43,17 @@ export function isEcdsaSecp256k1VerificationKey2019(
  * Get a key from a EcdsaSecp256k1VerificationKey2019 verification method.
  */
 export function getKeyFromEcdsaSecp256k1VerificationKey2019(verificationMethod: EcdsaSecp256k1VerificationKey2019) {
- if (!verificationMethod.publicKeyBase58) {
- throw new CredoError('verification method is missing publicKeyBase58')
+ if (verificationMethod.publicKeyBase58) {
+ return Key.fromPublicKeyBase58(verificationMethod.publicKeyBase58, KeyType.K256)
+ }
+ if (verificationMethod.publicKeyMultibase) {
+ const key = Key.fromFingerprint(verificationMethod.publicKeyMultibase)
+ if (key.keyType === KeyType.K256) return key
+ else
+ throw new CredoError(
+ `Unexpected key type from resolving multibase encoding, key type was ${key.keyType} but expected ${KeyType.K256}}`
+ )
  }
 
- return Key.fromPublicKeyBase58(verificationMethod.publicKeyBase58, KeyType.K256)
+ throw new CredoError('verification method is missing publicKeyBase58 or publicKeyMultibase')
 }

packages/core/src/modules/dids/domain/verificationMethod/Ed25519VerificationKey2018.ts

@@ -34,9 +34,17 @@ export function isEd25519VerificationKey2018(
  * Get a key from a Ed25519VerificationKey2018 verification method.
  */
 export function getKeyFromEd25519VerificationKey2018(verificationMethod: Ed25519VerificationKey2018) {
- if (!verificationMethod.publicKeyBase58) {
- throw new CredoError('verification method is missing publicKeyBase58')
+ if (verificationMethod.publicKeyBase58) {
+ return Key.fromPublicKeyBase58(verificationMethod.publicKeyBase58, KeyType.Ed25519)
+ }
+ if (verificationMethod.publicKeyMultibase) {
+ const key = Key.fromFingerprint(verificationMethod.publicKeyMultibase)
+ if (key.keyType === KeyType.Ed25519) return key
+ else
+ throw new CredoError(
+ `Unexpected key type from resolving multibase encoding, key type was ${key.keyType} but expected ${KeyType.Ed25519}`
+ )
  }
 
- return Key.fromPublicKeyBase58(verificationMethod.publicKeyBase58, KeyType.Ed25519)
+ throw new CredoError('verification method is missing publicKeyBase58 or publicKeyMultibase')
 }

packages/core/src/modules/dids/domain/verificationMethod/X25519KeyAgreementKey2019.ts

@@ -34,9 +34,17 @@ export function isX25519KeyAgreementKey2019(
  * Get a key from a X25519KeyAgreementKey2019 verification method.
  */
 export function getKeyFromX25519KeyAgreementKey2019(verificationMethod: X25519KeyAgreementKey2019) {
- if (!verificationMethod.publicKeyBase58) {
- throw new CredoError('verification method is missing publicKeyBase58')
+ if (verificationMethod.publicKeyBase58) {
+ return Key.fromPublicKeyBase58(verificationMethod.publicKeyBase58, KeyType.X25519)
+ }
+ if (verificationMethod.publicKeyMultibase) {
+ const key = Key.fromFingerprint(verificationMethod.publicKeyMultibase)
+ if (key.keyType === KeyType.X25519) return key
+ else
+ throw new CredoError(
+ `Unexpected key type from resolving multibase encoding, key type was ${key.keyType} but expected ${KeyType.X25519}`
+ )
  }
 
- return Key.fromPublicKeyBase58(verificationMethod.publicKeyBase58, KeyType.X25519)
+ throw new CredoError('verification method is missing publicKeyBase58 or publicKeyMultibase')
 }

packages/core/src/modules/dids/methods/peer/didPeer.ts

@@ -3,7 +3,7 @@ import { CredoError } from '../../../../error'
 import { getAlternativeDidsForNumAlgo4Did } from './peerDidNumAlgo4'
 
 const PEER_DID_REGEX = new RegExp(
- '^did:peer:(([01](z)([1-9a-km-zA-HJ-NP-Z]{5,200}))|(2((.[AEVID](z)([1-9a-km-zA-HJ-NP-Z]{5,200}))+(.(S)[0-9a-zA-Z=]*)?))|([4](z[1-9a-km-zA-HJ-NP-Z]{46})(:z[1-9a-km-zA-HJ-NP-Z]{6,}){0,1}))$'
+ '^did:peer:(([01](z)([1-9a-km-zA-HJ-NP-Z]{5,200}))|(2((.[AEVID](z)([1-9a-km-zA-HJ-NP-Z]{5,200}))+(.(S)[0-9a-zA-Z=]*)*))|([4](z[1-9a-km-zA-HJ-NP-Z]{46})(:z[1-9a-km-zA-HJ-NP-Z]{6,}){0,1}))$'
 )
 
 export function isValidPeerDid(did: string): boolean {

packages/core/src/modules/dids/methods/peer/peerDidNumAlgo2.ts

@@ -69,9 +69,7 @@ export function didToNumAlgo2DidDocument(did: string) {
  for (let service of services) {
  // Expand abbreviations used for service key/values
  service = expandServiceAbbreviations(service)
-
  service.id = `${did}#${service.type.toLowerCase()}-${serviceIndex++}`
-
  didDocument.addService(JsonTransformer.fromJSON(service, DidDocumentService))
  }
  }

packages/core/src/modules/dif-presentation-exchange/DifPresentationExchangeService.ts

@@ -592,7 +592,7 @@ export class DifPresentationExchangeService {
  for (const inputDescriptor of pd.input_descriptors) {
  for (const schema of inputDescriptor.schema) {
  w3cQuery.push({
- $or: [{ expandedType: [schema.uri] }, { contexts: [schema.uri] }, { type: [schema.uri] }],
+ $or: [{ expandedTypes: [schema.uri] }, { contexts: [schema.uri] }, { types: [schema.uri] }],
  })
  }
  }

packages/core/src/modules/vc/data-integrity/W3cJsonLdCredentialService.ts

@@ -15,7 +15,7 @@ import { createWalletKeyPairClass } from '../../../crypto/WalletKeyPair'
 import { CredoError } from '../../../error'
 import { injectable } from '../../../plugins'
 import { asArray, JsonTransformer } from '../../../utils'
-import { VerificationMethod } from '../../dids'
+import { DidsApi, VerificationMethod } from '../../dids'
 import { getKeyFromVerificationMethod } from '../../dids/domain/key-type'
 import { W3cCredentialsModuleConfig } from '../W3cCredentialsModuleConfig'
 import { w3cDate } from '../util'
@@ -339,12 +339,23 @@ export class W3cJsonLdCredentialService {
  agentContext: AgentContext,
  verificationMethod: string
  ): Promise<Key> {
- const documentLoader = this.w3cCredentialsModuleConfig.documentLoader(agentContext)
- const verificationMethodObject = await documentLoader(verificationMethod)
- const verificationMethodClass = JsonTransformer.fromJSON(verificationMethodObject.document, VerificationMethod)
-
- const key = getKeyFromVerificationMethod(verificationMethodClass)
- return key
+ if (!verificationMethod.startsWith('did:')) {
+ const documentLoader = this.w3cCredentialsModuleConfig.documentLoader(agentContext)
+ const verificationMethodObject = await documentLoader(verificationMethod)
+ const verificationMethodClass = JsonTransformer.fromJSON(verificationMethodObject.document, VerificationMethod)
+
+ const key = getKeyFromVerificationMethod(verificationMethodClass)
+ return key
+ } else {
+ const [did, keyid] = verificationMethod.split('#')
+ const didsApi = agentContext.dependencyManager.resolve(DidsApi)
+ const doc = await didsApi.resolve(did)
+ if (doc.didDocument) {
+ const verificationMethodClass = doc.didDocument.dereferenceKey(keyid)
+ return getKeyFromVerificationMethod(verificationMethodClass)
+ }
+ throw new CredoError(`Could not resolve verification method with id ${verificationMethod}`)
+ }
  }
 
  private getSignatureSuitesForCredential(agentContext: AgentContext, credential: W3cJsonLdVerifiableCredential) {