feat: more robust vm selection for all did types

dbluhm · dbluhm · commit 9144f76b41ea · 2024-11-12T10:42:30.000-06:00
Signed-off-by: Daniel Bluhm &lt;dbluhm@pm.me&gt;
diff --git a/acapy_agent/protocols/present_proof/dif/pres_exch_handler.py b/acapy_agent/protocols/present_proof/dif/pres_exch_handler.py
@@ -118,21 +118,14 @@ async def _get_issue_suite(
     ):
         """Get signature suite for signing presentation."""
         did_info = await self._did_info_for_did(issuer_id)
-        verkey_id_strategy = self.profile.context.inject(BaseVerificationKeyStrategy)
-        verification_method = (
-            await verkey_id_strategy.get_verification_method_id_for_did(
-                issuer_id,
-                self.profile,
-                proof_type=self.proof_type,
-                proof_purpose="assertionMethod",
-            )
+        vm_id_strategy = self.profile.context.inject(BaseVerificationKeyStrategy)
+        verification_method = await vm_id_strategy.get_verification_method_id_for_did(
+            issuer_id,
+            self.profile,
+            proof_type=self.proof_type,
+            proof_purpose="assertionMethod",
         )
 
-        if verification_method is None:
-            raise DIFPresExchError(
-                f"Unable to get retrieve verification method for did {issuer_id}"
-            )
-
         # Get signature class based on proof type
         SignatureClass = self.PROOF_TYPE_SIGNATURE_SUITE_MAPPING[self.proof_type]
 
diff --git a/acapy_agent/vc/vc_ld/manager.py b/acapy_agent/vc/vc_ld/manager.py
@@ -344,15 +344,13 @@ async def _get_suite_for_document(
         verification_method = (
             options.verification_method
             or await verkey_id_strategy.get_verification_method_id_for_did(
-                issuer_id, self.profile, proof_type, proof_purpose="assertionMethod"
+                issuer_id,
+                self.profile,
+                proof_type=proof_type,
+                proof_purpose="assertionMethod",
             )
         )
 
-        if verification_method is None:
-            raise VcLdpManagerError(
-                f"Unable to get retrieve verification method for did {issuer_id}"
-            )
-
         suite = await self._get_suite(
             proof_type=proof_type,
             verification_method=verification_method,
diff --git a/acapy_agent/wallet/default_verification_key_strategy.py b/acapy_agent/wallet/default_verification_key_strategy.py
@@ -1,14 +1,20 @@
 """Utilities for specifying which verification method is in use for a given DID."""
 
 from abc import ABC, abstractmethod
-from typing import List, Optional
+import logging
+from typing import Optional
 
+from acapy_agent.core.error import BaseError
 from acapy_agent.core.profile import Profile
 from acapy_agent.did.did_key import DIDKey
-from acapy_agent.wallet.key_type import KeyType
-
 from acapy_agent.resolver.did_resolver import DIDResolver
 
+LOGGER = logging.getLogger(__name__)
+
+
+class VerificationKeyStrategyError(BaseError):
+    """Raised on issues with verfication method derivation."""
+
 
 class BaseVerificationKeyStrategy(ABC):
     """Base class for defining which verification method is in use."""
@@ -17,9 +23,9 @@ class BaseVerificationKeyStrategy(ABC):
     async def get_verification_method_id_for_did(
         self,
         did: str,
-        profile: Optional[Profile],
+        profile: Profile,
+        *,
         proof_type: Optional[str] = None,
-        allowed_verification_method_types: Optional[List[KeyType]] = None,
         proof_purpose: Optional[str] = None,
     ) -> Optional[str]:
         """Given a DID, returns the verification key ID in use.
@@ -40,6 +46,7 @@ class DefaultVerificationKeyStrategy(BaseVerificationKeyStrategy):
 
     Supports did:key: and did:sov only.
     """
+
     def __init__(self):
         """Initialize the key types mapping."""
         self.key_types_mapping = {
@@ -50,9 +57,9 @@ def __init__(self):
     async def get_verification_method_id_for_did(
         self,
         did: str,
-        profile: Optional[Profile],
+        profile: Profile,
+        *,
         proof_type: Optional[str] = None,
-        allowed_verification_method_types: Optional[List[KeyType]] = None,
         proof_purpose: Optional[str] = None,
     ) -> Optional[str]:
         """Given a did:key or did:sov, returns the verification key ID in use.
@@ -65,22 +72,45 @@ async def get_verification_method_id_for_did(
         :params proof_purpose: the verkey relationship (assertionMethod, keyAgreement, ..)
         :returns Optional[str]: the current verkey ID
         """
+        proof_type = proof_type or "Ed25519Signature2018"
+        proof_purpose = proof_purpose or "assertionMethod"
+
+        if proof_purpose not in (
+            "authentication",
+            "assertionMethod",
+            "capabilityInvocation",
+            "capabilityDelegation",
+        ):
+            raise ValueError("Invalid proof purpose")
+
         if did.startswith("did:key:"):
             return DIDKey.from_did(did).key_id
         elif did.startswith("did:sov:"):
             # key-1 is what uniresolver uses for key id
             return did + "#key-1"
-        elif did.startswith("did:web:"):
-            did_resolver = profile.inject(DIDResolver)
-            did_document = await did_resolver.resolve(profile=profile, did=did)
-            if proof_type:
-                verification_method_types = self.key_types_mapping[proof_type]
-                verification_method_list = did_document.get("verificationMethod", None)
-                for method in verification_method_list:
-                    if method.get("type") in verification_method_types:
-                        return method.get("id")
-            else:
-                # taking the first verification method from did document
-                verification_method_id = verification_method_list[0].get("id")
-                return verification_method_id
-        return None
+
+        resolver = profile.inject(DIDResolver)
+        did_document = await resolver.resolve(profile=profile, did=did)
+        method_types = self.key_types_mapping[proof_type]
+
+        methods = did_document.get(proof_purpose, [])
+        methods = [vm for vm in methods if vm.get("type") in method_types]
+        if not methods:
+            raise VerificationKeyStrategyError(
+                f"No matching verification method found for did {did} with proof "
+                f"type {proof_type} and purpose {proof_purpose}"
+            )
+
+        if len(methods) > 1:
+            LOGGER.info(
+                (
+                    "More than 1 verification method matched for did %s with proof "
+                    "type %s and purpose %s; returning the first: %s"
+                ),
+                did,
+                proof_type,
+                proof_purpose,
+                methods[0].id,
+            )
+
+        return methods[0].id
diff --git a/acapy_agent/wallet/jwt.py b/acapy_agent/wallet/jwt.py
@@ -61,8 +61,6 @@ async def jwt_sign(
         verification_method = await verkey_strat.get_verification_method_id_for_did(
             did, profile
         )
-        if not verification_method:
-            raise ValueError("Could not determine verification method from DID")
     else:
         # We look up keys by did for now
         did = DIDUrl.parse(verification_method).did

Original file line number	Diff line number	Diff line change
`@@ -61,8 +61,6 @@ async def jwt_sign(`
`61`	`61`	`verification_method = await verkey_strat.get_verification_method_id_for_did(`
`62`	`62`	`did, profile`
`63`	`63`	`)`
`64`		`- if not verification_method:`
`65`		`- raise ValueError("Could not determine verification method from DID")`
`66`	`64`	`else:`
`67`	`65`	`# We look up keys by did for now`
`68`	`66`	`did = DIDUrl.parse(verification_method).did`