InvalidUrl error during JSON-LD verification is masked as Internal Server Error

[ff137]

When calling the verify method in the jsonld API, we might want to sign a doc that looks as follows:

"doc": {
        "@context": [
            "https://www.w3.org/2018/credentials/v1",
        ],
        "type": ["VerifiableCredential"], 
...
    },

Now, even though the jsonld url is valid, it might occur that this url (https://www.w3.org/2018/credentials/v1) is not resolvable due to some networking issues.

When that happens, we observe the following stack trace:

...
  File "/home/aries/.local/lib/python3.9/site-packages/aries_cloudagent/messaging/jsonld/routes.py", line 158, in verify
    valid = await verify_credential(session, doc, verkey)
  File "/home/aries/.local/lib/python3.9/site-packages/aries_cloudagent/messaging/jsonld/credential.py", line 103, in verify_credential
    framed, verify_data_hex_string = create_verify_data(
  File "/home/aries/.local/lib/python3.9/site-packages/aries_cloudagent/messaging/jsonld/create_verify_data.py", line 70, in create_verify_data
    [expanded] = jsonld.expand(
  File "/home/aries/.local/lib/python3.9/site-packages/pyld/jsonld.py", line 163, in expand
    return JsonLdProcessor().expand(input_, options)
  File "/home/aries/.local/lib/python3.9/site-packages/pyld/jsonld.py", line 870, in expand
    expanded = self._expand(active_ctx, None, document, options,
  File "/home/aries/.local/lib/python3.9/site-packages/pyld/jsonld.py", line 2302, in _expand
    active_ctx = self._process_context(
  File "/home/aries/.local/lib/python3.9/site-packages/pyld/jsonld.py", line 3049, in _process_context
    resolved = options['contextResolver'].resolve(active_ctx, local_ctx, options.get('base', ''))
  File "/home/aries/.local/lib/python3.9/site-packages/pyld/context_resolver.py", line 58, in resolve
    resolved = self._resolve_remote_context(
  File "/home/aries/.local/lib/python3.9/site-packages/pyld/context_resolver.py", line 108, in _resolve_remote_context
    context, remote_doc = self._fetch_context(active_ctx, url, cycles)
  File "/home/aries/.local/lib/python3.9/site-packages/pyld/context_resolver.py", line 148, in _fetch_context
    raise jsonld.JsonLdError(
pyld.jsonld.JsonLdError: ('Dereferencing a URL did not result in a valid JSON-LD object. Possible causes are an inaccessible URL perhaps due to a same-origin policy (ensure the server uses CORS if you are using client-side JavaScript), too many redirects, a non-JSON response, or more than one HTTP Link Header was provided for a remote context.',)
Type: jsonld.InvalidUrl
Code: loading remote context failed
Details: {'url': 'https://www.w3.org/2018/credentials/v1', 'cause': JsonLdError('Could not retrieve a JSON-LD document from the URL.')}

As you can see, a pyld.jsonld.JsonLdError was raised when trying to read the data, with message "Could not retrieve a JSON-LD document from the URL.".

However, the error goes unhandled in ACA-Py, and is reported to the client as a 500: Internal Server Error:

A ClientResponseError was caught while verifying jsonld. The error message is: 'Internal Server Error'.

It would be very helpful if the URL resolution error was instead passed back to the user, so it can be handled appropriately.

[swcurran]

From the discussions I’ve heard in the JSON-LD community, a verifier should not even be resolving the URL at runtime — for security reasons, it should be cached at build time.

Do we instead need a way to do that, and not resolve anything at this time? Or at least, limit the resolution to locally cached URLs?

[swcurran]

This has been resolved with the implementation of code time collection of important contexts. Issue #2581 PR #2587

[ff137]

This has been resolved with the implementation of code time collection of important contexts. Issue #2581 PR #2587

Great news, thanks!