(fix) W3C LDP Fixes for alternative VMs (openwallet-foundation#3641)

Author: gmulhearn

acapy_agent/protocols/issue_credential/v2_0/formats/ld_proof/handler.py

@@ -7,6 +7,11 @@
 from pyld import jsonld
 from pyld.jsonld import JsonLdProcessor
 
+from acapy_agent.wallet.default_verification_key_strategy import (
+    BaseVerificationKeyStrategy,
+    VerificationKeyStrategyError,
+)
+
 from ......messaging.decorators.attach_decorator import AttachDecorator
 from ......storage.vc_holder.base import VCHolder
 from ......storage.vc_holder.vc_record import VCRecord
@@ -185,10 +190,16 @@ async def create_offer(
 
         # Make sure we can issue with the did and proof type
         try:
-            await manager.assert_can_issue_with_id_and_proof_type(
-                detail.credential.issuer_id, detail.options.proof_type
+            # Check suitable verification method for signing (fails if none suitable)
+            verkey_id_strategy = self.profile.context.inject(BaseVerificationKeyStrategy)
+            _ = await verkey_id_strategy.get_verification_method_id_for_did(
+                detail.credential.issuer_id,
+                self.profile,
+                proof_type=detail.options.proof_type,
+                proof_purpose="assertionMethod",
+                verification_method_id=detail.options.verification_method,
             )
-        except VcLdpManagerError as err:
+        except VerificationKeyStrategyError as err:
             raise V20CredFormatError(
                 "Checking whether issuance is possible failed"
             ) from err

acapy_agent/protocols/issue_credential/v2_0/formats/ld_proof/tests/fixtures.py

@@ -1,5 +1,6 @@
 TEST_DID_SOV = "did:sov:LjgpST2rjsoxYegQDRm7EL"
-TEST_DID_KEY = "did:key:z6Mkgg342Ycpuk263R9d8Aq6MUaxPn1DDeHyGo38EefXmgDL"
+TEST_DID_KEY_ED25519 = "did:key:z6Mkgg342Ycpuk263R9d8Aq6MUaxPn1DDeHyGo38EefXmgDL"
+TEST_DID_KEY_BLS_G2 = "did:key:zUC74E9UD2W6Q1MgPexCEdpstiCsY1Vbnyqepygk7McZVce38L1tGX7qZ2SgY4Zz2m9FUB4Xb5cEHSujks9XeKDzqe4QzW3CyyJ1cv8iBLNqU61EfkBoW2yEkg6VgqHTDtANYRS"
 
 LD_PROOF_VC_DETAIL = {
     "credential": {
@@ -10,7 +11,7 @@
         "type": ["VerifiableCredential", "UniversityDegreeCredential"],
         "credentialSubject": {"test": "key"},
         "issuanceDate": "2021-04-12",
-        "issuer": TEST_DID_KEY,
+        "issuer": TEST_DID_KEY_ED25519,
     },
     "options": {
         "proofType": "Ed25519Signature2018",
@@ -26,7 +27,7 @@
         "type": ["VerifiableCredential", "UniversityDegreeCredential"],
         "credentialSubject": {"test": "key"},
         "issuanceDate": "2021-04-12",
-        "issuer": TEST_DID_KEY,
+        "issuer": TEST_DID_KEY_BLS_G2,
     },
     "options": {
         "proofType": "BbsBlsSignature2020",
@@ -42,7 +43,7 @@
         "type": ["VerifiableCredential", "UniversityDegreeCredential"],
         "credentialSubject": {"test": "key"},
         "issuanceDate": "2021-04-12",
-        "issuer": TEST_DID_KEY,
+        "issuer": TEST_DID_KEY_ED25519,
     },
     "options": {
         "proofType": "Ed25519Signature2020",
@@ -57,7 +58,7 @@
     "type": ["VerifiableCredential", "UniversityDegreeCredential"],
     "credentialSubject": {"test": "key"},
     "issuanceDate": "2021-04-12",
-    "issuer": TEST_DID_KEY,
+    "issuer": TEST_DID_KEY_ED25519,
     "proof": {
         "proofPurpose": "assertionMethod",
         "created": "2019-12-11T03:50:55",

acapy_agent/protocols/issue_credential/v2_0/formats/ld_proof/tests/test_handler.py

@@ -192,22 +192,12 @@ async def test_receive_proposal(self):
 
     async def test_create_offer(self):
         with (
-            mock.patch.object(
-                VcLdpManager,
-                "assert_can_issue_with_id_and_proof_type",
-                mock.CoroutineMock(),
-            ) as mock_can_issue,
             patch.object(test_module, "get_properties_without_context", return_value=[]),
         ):
             (cred_format, attachment) = await self.handler.create_offer(
                 self.cred_proposal
             )
 
-            mock_can_issue.assert_called_once_with(
-                LD_PROOF_VC_DETAIL["credential"]["issuer"],
-                LD_PROOF_VC_DETAIL["options"]["proofType"],
-            )
-
         # assert identifier match
         assert cred_format.attach_id == self.handler.format.api == attachment.ident
 
@@ -233,11 +223,6 @@ async def test_create_offer_adds_bbs_context(self):
         )
 
         with (
-            mock.patch.object(
-                VcLdpManager,
-                "assert_can_issue_with_id_and_proof_type",
-                mock.CoroutineMock(),
-            ),
             patch.object(test_module, "get_properties_without_context", return_value=[]),
         ):
             (cred_format, attachment) = await self.handler.create_offer(cred_proposal)
@@ -261,11 +246,6 @@ async def test_create_offer_adds_ed25519_2020_context(self):
         )
 
         with (
-            mock.patch.object(
-                VcLdpManager,
-                "assert_can_issue_with_id_and_proof_type",
-                mock.CoroutineMock(),
-            ),
             patch.object(test_module, "get_properties_without_context", return_value=[]),
         ):
             (cred_format, attachment) = await self.handler.create_offer(cred_proposal)
@@ -286,11 +266,6 @@ async def test_create_offer_x_no_proposal(self):
     async def test_create_offer_x_wrong_attributes(self):
         missing_properties = ["foo"]
         with (
-            mock.patch.object(
-                self.manager,
-                "assert_can_issue_with_id_and_proof_type",
-                mock.CoroutineMock(),
-            ),
             patch.object(
                 test_module,
                 "get_properties_without_context",

acapy_agent/vc/data_integrity/cryptosuites/eddsa_jcs_2022.py

@@ -194,7 +194,7 @@ async def proof_verification(
         """
         multikey = await MultikeyManager(
             self.session
-        ).resolve_multikey_from_verification_method(options.verification_method)
+        ).resolve_multikey_from_verification_method_id(options.verification_method)
         verkey = multikey_to_verkey(multikey)
         key_type = key_type_from_multikey(multikey)
         return await self.wallet.verify_message(

acapy_agent/vc/vc_ld/manager.py

@@ -3,6 +3,7 @@
 from datetime import datetime, timezone
 from typing import Dict, List, Optional, Type, Union, cast
 
+from acapy_agent.wallet.keys.manager import MultikeyManager, multikey_to_verkey
 from pyld import jsonld
 from pyld.jsonld import JsonLdProcessor
 
@@ -16,7 +17,6 @@
 from ...wallet.base import BaseWallet
 from ...wallet.default_verification_key_strategy import BaseVerificationKeyStrategy
 from ...wallet.did_info import DIDInfo
-from ...wallet.error import WalletNotFoundError
 from ...wallet.key_type import BLS12381G2, ED25519, P256, KeyType
 from ..ld_proofs.constants import (
     CREDENTIALS_CONTEXT_V1_URL,
@@ -133,60 +133,6 @@ async def _did_info_for_did(self, did: str) -> DIDInfo:
             # All other methods we can just query
             return await wallet.get_local_did(did)
 
-    async def assert_can_issue_with_id_and_proof_type(
-        self, issuer_id: Optional[str], proof_type: Optional[str]
-    ):
-        """Assert that it is possible to issue using the specified id and proof type.
-
-        Args:
-            issuer_id (str): The issuer id
-            proof_type (str): the signature suite proof type
-
-        Raises:
-            VcLdpManagerError:
-                - If the proof type is not supported
-                - If the issuer id is not a did
-                - If the did is not found in th wallet
-                - If the did does not support to create signatures for the proof type
-
-        """
-        if not issuer_id or not proof_type:
-            raise VcLdpManagerError(
-                "Issuer id and proof type are required to issue a credential."
-            )
-
-        try:
-            # Check if it is a proof type we can issue with
-            if proof_type not in PROOF_TYPE_SIGNATURE_SUITE_MAPPING.keys():
-                raise VcLdpManagerError(
-                    f"Unable to sign credential with unsupported proof type {proof_type}."
-                    f" Supported proof types: {PROOF_TYPE_SIGNATURE_SUITE_MAPPING.keys()}"
-                )
-
-            if not issuer_id.startswith("did:"):
-                raise VcLdpManagerError(
-                    f"Unable to issue credential with issuer id: {issuer_id}."
-                    " Only issuance with DIDs is supported"
-                )
-
-            # Retrieve did from wallet. Will throw if not found
-            did = await self._did_info_for_did(issuer_id)
-
-            # Raise error if we cannot issue a credential with this proof type
-            # using this DID from
-            did_proof_types = KEY_TYPE_SIGNATURE_TYPE_MAPPING[did.key_type]
-            if proof_type not in did_proof_types:
-                raise VcLdpManagerError(
-                    f"Unable to issue credential with issuer id {issuer_id} and proof "
-                    f"type {proof_type}. DID only supports proof types {did_proof_types}"
-                )
-
-        except WalletNotFoundError:
-            raise VcLdpManagerError(
-                f"Issuer did {issuer_id} not found."
-                " Unable to issue credential with this DID."
-            )
-
     async def _get_suite(
         self,
         *,
@@ -210,6 +156,11 @@ async def _get_suite(
                 "using external provider."
             ) from error
 
+        async with self.profile.session() as session:
+            key_manager = MultikeyManager(session)
+            key_info = await key_manager.resolve_and_bind_kid(verification_method)
+            multikey = key_info["multikey"]
+
         # Get signature class based on proof type
         SignatureClass = PROOF_TYPE_SIGNATURE_SUITE_MAPPING[proof_type]
 
@@ -220,7 +171,7 @@ async def _get_suite(
             key_pair=WalletKeyPair(
                 profile=self.profile,
                 key_type=SIGNATURE_SUITE_KEY_TYPE_MAPPING[SignatureClass],
-                public_key_base58=did_info.verkey if did_info else None,
+                public_key_base58=multikey_to_verkey(multikey),
             ),
         )
 
@@ -360,9 +311,6 @@ async def _get_suite_for_document(
         if not proof_type:
             raise VcLdpManagerError("Proof type is required")
 
-        # Assert we can issue the credential based on issuer + proof_type
-        await self.assert_can_issue_with_id_and_proof_type(issuer_id, proof_type)
-
         # Create base proof object with options
         proof = LDProof(
             created=options.created,
@@ -371,20 +319,22 @@ async def _get_suite_for_document(
         )
 
         did_info = await self._did_info_for_did(issuer_id)
+
+        # Determine/check suitable verification method for signing. fails if none suitable
         verkey_id_strategy = self.profile.context.inject(BaseVerificationKeyStrategy)
-        verification_method = (
-            options.verification_method
-            or await verkey_id_strategy.get_verification_method_id_for_did(
+        verification_method_id = (
+            await verkey_id_strategy.get_verification_method_id_for_did(
                 issuer_id,
                 self.profile,
                 proof_type=proof_type,
                 proof_purpose="assertionMethod",
+                verification_method_id=options.verification_method,
             )
         )
 
         suite = await self._get_suite(
             proof_type=proof_type,
-            verification_method=verification_method,
+            verification_method=verification_method_id,
             proof=proof.serialize(),
             did_info=did_info,
         )