From 95c20c106991c81d91268c8622f69b1415c3003a Mon Sep 17 00:00:00 2001 From: Daniel Bluhm Date: Wed, 9 Oct 2024 16:16:52 -0400 Subject: [PATCH] fix: on sign vp, use auth proof purpose Signed-off-by: Daniel Bluhm --- .../present_proof/dif/pres_exch_handler.py | 12 ++++++--- .../default_verification_key_strategy.py | 27 ++++++++++++------- 2 files changed, 27 insertions(+), 12 deletions(-) diff --git a/acapy_agent/protocols/present_proof/dif/pres_exch_handler.py b/acapy_agent/protocols/present_proof/dif/pres_exch_handler.py index 7072b635bb..3eff6d28f9 100644 --- a/acapy_agent/protocols/present_proof/dif/pres_exch_handler.py +++ b/acapy_agent/protocols/present_proof/dif/pres_exch_handler.py @@ -40,7 +40,10 @@ from ....vc.vc_di.prove import create_signed_anoncreds_presentation from ....vc.vc_ld.prove import create_presentation, derive_credential, sign_presentation from ....wallet.base import BaseWallet, DIDInfo -from ....wallet.default_verification_key_strategy import BaseVerificationKeyStrategy +from ....wallet.default_verification_key_strategy import ( + BaseVerificationKeyStrategy, + ProofPurposeStr, +) from ....wallet.error import WalletError, WalletNotFoundError from ....wallet.key_type import BLS12381G2, ED25519 from .pres_exch import ( @@ -115,15 +118,17 @@ async def _get_issue_suite( self, *, issuer_id: str, + proof_purpose: Optional[ProofPurposeStr] = None, ): """Get signature suite for signing presentation.""" + proof_purpose = proof_purpose or "assertionMethod" did_info = await self._did_info_for_did(issuer_id) vm_id_strategy = self.profile.context.inject(BaseVerificationKeyStrategy) verification_method = await vm_id_strategy.get_verification_method_id_for_did( issuer_id, self.profile, proof_type=self.proof_type, - proof_purpose="assertionMethod", + proof_purpose=proof_purpose, ) # Get signature class based on proof type @@ -1300,8 +1305,9 @@ async def create_vp( ) else: vp = self.__add_dif_fields_to_vp(vp, submission_property) + assert issuer_id issue_suite = await self._get_issue_suite( - issuer_id=issuer_id, + issuer_id=issuer_id, proof_purpose="authentication" ) signed_vp = await sign_presentation( presentation=vp, diff --git a/acapy_agent/wallet/default_verification_key_strategy.py b/acapy_agent/wallet/default_verification_key_strategy.py index 313b9d7520..04f3bd5886 100644 --- a/acapy_agent/wallet/default_verification_key_strategy.py +++ b/acapy_agent/wallet/default_verification_key_strategy.py @@ -2,7 +2,7 @@ from abc import ABC, abstractmethod import logging -from typing import Optional +from typing import Literal, Optional from pydid import DIDDocument @@ -14,6 +14,20 @@ LOGGER = logging.getLogger(__name__) +ProofPurposeStr = Literal[ + "assertionMethod", + "authentication", + "capabilityDelegation", + "capabilityInvocation", +] +PROOF_PURPOSES = ( + "authentication", + "assertionMethod", + "capabilityInvocation", + "capabilityDelegation", +) + + class VerificationKeyStrategyError(BaseError): """Raised on issues with verfication method derivation.""" @@ -28,7 +42,7 @@ async def get_verification_method_id_for_did( profile: Profile, *, proof_type: Optional[str] = None, - proof_purpose: Optional[str] = None, + proof_purpose: Optional[ProofPurposeStr] = None, ) -> Optional[str]: """Given a DID, returns the verification key ID in use. @@ -62,7 +76,7 @@ async def get_verification_method_id_for_did( profile: Profile, *, proof_type: Optional[str] = None, - proof_purpose: Optional[str] = None, + proof_purpose: Optional[ProofPurposeStr] = None, ) -> Optional[str]: """Given a did:key or did:sov, returns the verification key ID in use. @@ -77,12 +91,7 @@ async def get_verification_method_id_for_did( proof_type = proof_type or "Ed25519Signature2018" proof_purpose = proof_purpose or "assertionMethod" - if proof_purpose not in ( - "authentication", - "assertionMethod", - "capabilityInvocation", - "capabilityDelegation", - ): + if proof_purpose not in PROOF_PURPOSES: raise ValueError("Invalid proof purpose") if did.startswith("did:key:"):