fix: add public key fetcher to pd match #19
Conversation
pkg/vdr/panacea_vdr.go
Outdated
| var vms []did.VerificationMethod | ||
| for _, vm := range doc.VerificationMethod { | ||
| var verificationMethod did.VerificationMethod | ||
| verificationMethod = vm | ||
| if btcec.IsCompressedPubKey(vm.Value) { | ||
| pubKey, err := btcec.ParsePubKey(vm.Value, btcec.S256()) | ||
| if err != nil { | ||
| return nil, fmt.Errorf("invalid secp256k1 public key: %w", err) | ||
| } | ||
|
|
||
| verificationMethod.Value = pubKey.SerializeUncompressed() | ||
| } | ||
| vms = append(vms, verificationMethod) | ||
| } | ||
|
|
||
| doc.VerificationMethod = vms |
There was a problem hiding this comment.
As we discussed in Slack, currently the public key of DID from Panacea is compressed version, but aries use uncompressed version of public key for proof verification.
Thus I added this converting logic.
0xHansLee
requested review from
youngjoon-lee,
gyuguen,
audtlr24 and
inchori
as code owners
pkg/vdr/panacea_vdr.go
Outdated
| var auths []did.Verification | ||
| for _, auth := range doc.Authentication { | ||
| if btcec.IsCompressedPubKey(auth.VerificationMethod.Value) { | ||
| pubKey, err := btcec.ParsePubKey(auth.VerificationMethod.Value, btcec.S256()) | ||
| if err != nil { | ||
| return nil, fmt.Errorf("invalid secp256k1 public key of authentication: %w", err) | ||
| } | ||
| auth.VerificationMethod.Value = pubKey.SerializeUncompressed() | ||
| } | ||
| auths = append(auths, auth) | ||
| } | ||
|
|
||
| doc.Authentication = auths |
There was a problem hiding this comment.
I also added this code block as temporal workaround (test completed).
When authentication exists (like panacea DID doc), public key fetcher fetches the public key from authentication.
I figured out how it works while debugging, but I haven't found the right solution yet.
I'll look into it a bit more and if there's a better way, I'll share.
pkg/vdr/panacea_vdr_test.go
Outdated
| Document: &didtypes.DIDDocument{ | ||
| Id: issuerDID, | ||
| Contexts: &didtypes.JSONStringOrStrings{"https://www.w3.org/ns/did/v1"}, | ||
| Authentications: []didtypes.VerificationRelationship{didtypes.NewVerificationRelationship(fmt.Sprintf("%s#key1", issuerDID))}, |
There was a problem hiding this comment.
This Authentications field is added to make it similar to that of panacea.
There was a problem hiding this comment.
LGTM. If you feel it's annoying to iterate/convert all veriMethods such as authentications, you just can alternatively extend the pubkeyFetcher like 28ed1b1, which is an incomplete example. If you want to use this idea, i think you can make it better by mixing this with your code
Thank you for your guides 🙏. I also considered to implement If I understand correctly, the usage of |
|
I found alternative workaround. When verification relations (such as authentication, assertion, etc.) exist in DID document, corresponding verification methods are found in |
Does that mean We just need to find it in the |
Maybe. |
If it is true, that would be good :) |
If we give public key fetcher option to
pd.Match(), there is no need to verify each credential additionally.When you see
pd.Match(), VCs are selected.And in the process of selecting, each VC is parsed from bytes using
verifiable.ParseCredential()with option, which is also used in ourVerifyCredential().Thus gave the public key fetcher option to
pd.Match()and remove duplicated verification.