-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: add public key fetcher to pd match #19
Conversation
pkg/vdr/panacea_vdr.go
Outdated
var vms []did.VerificationMethod | ||
for _, vm := range doc.VerificationMethod { | ||
var verificationMethod did.VerificationMethod | ||
verificationMethod = vm | ||
if btcec.IsCompressedPubKey(vm.Value) { | ||
pubKey, err := btcec.ParsePubKey(vm.Value, btcec.S256()) | ||
if err != nil { | ||
return nil, fmt.Errorf("invalid secp256k1 public key: %w", err) | ||
} | ||
|
||
verificationMethod.Value = pubKey.SerializeUncompressed() | ||
} | ||
vms = append(vms, verificationMethod) | ||
} | ||
|
||
doc.VerificationMethod = vms |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As we discussed in Slack, currently the public key of DID from Panacea is compressed version, but aries use uncompressed version of public key for proof verification.
Thus I added this converting logic.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
I left a comment that is not important
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm
pkg/vdr/panacea_vdr.go
Outdated
var auths []did.Verification | ||
for _, auth := range doc.Authentication { | ||
if btcec.IsCompressedPubKey(auth.VerificationMethod.Value) { | ||
pubKey, err := btcec.ParsePubKey(auth.VerificationMethod.Value, btcec.S256()) | ||
if err != nil { | ||
return nil, fmt.Errorf("invalid secp256k1 public key of authentication: %w", err) | ||
} | ||
auth.VerificationMethod.Value = pubKey.SerializeUncompressed() | ||
} | ||
auths = append(auths, auth) | ||
} | ||
|
||
doc.Authentication = auths |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I also added this code block as temporal workaround (test completed).
When authentication exists (like panacea DID doc), public key fetcher fetches the public key from authentication.
I figured out how it works while debugging, but I haven't found the right solution yet.
I'll look into it a bit more and if there's a better way, I'll share.
pkg/vdr/panacea_vdr_test.go
Outdated
Document: &didtypes.DIDDocument{ | ||
Id: issuerDID, | ||
Contexts: &didtypes.JSONStringOrStrings{"https://www.w3.org/ns/did/v1"}, | ||
Authentications: []didtypes.VerificationRelationship{didtypes.NewVerificationRelationship(fmt.Sprintf("%s#key1", issuerDID))}, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This Authentications
field is added to make it similar to that of panacea.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM. If you feel it's annoying to iterate/convert all veriMethods such as authentications, you just can alternatively extend the pubkeyFetcher like 28ed1b1, which is an incomplete example. If you want to use this idea, i think you can make it better by mixing this with your code
Thank you for your guides 🙏. I also considered to implement If I understand correctly, the usage of |
I found alternative workaround. When verification relations (such as authentication, assertion, etc.) exist in DID document, corresponding verification methods are found in |
Does that mean We just need to find it in the |
Maybe. |
If it is true, that would be good :) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM!
If we give public key fetcher option to
pd.Match()
, there is no need to verify each credential additionally.When you see
pd.Match()
, VCs are selected.And in the process of selecting, each VC is parsed from bytes using
verifiable.ParseCredential()
with option, which is also used in ourVerifyCredential()
.Thus gave the public key fetcher option to
pd.Match()
and remove duplicated verification.