Shared cache fails on when using different contexts sequentially

[F-Node-Karlsruhe]

Problem

While verifying credentials i observed a strange behavior: At first it all works well and i could verify on credential after another, but as soon as i tried to verify a credential of another type, i.e. with another context, the verification failed with an ambiguous VerificationError. The error persists, no matter which context is used first. As soon as the context is switched, the verification fails.

Tracking down the error

After some hours of digging into the digitalbazaar libraries it turned out that the error is actually a JSON-LD safemode validation error where one key word could not get expanded into an IRI. More digging revealed that this has to do with the ContextResolver.js which is used when processing the context in context.js line 87. When looking into the processed context it turned out that always the first key word was missing in the context mappings, causing dropped property. This must happen in the cache, because investigating the process method in context.js line 113 showed, that the particular key word was never return in on the the cached contexts. Further investigation is on course.

Fixes

1. Just like in a previous caching issue disabling the static cache fixes the issue completely. ContextResolver.js line 76

     const key = JSON.stringify(ctx);
     let resolved = this._get(key);
     if(!resolved) {
       // create a new static `ResolvedContext` and cache it
       resolved = new ResolvedContext({document: ctx});
       this._cacheResolvedContext({key, resolved, tag: 'static'}); // <-- disable static cache here by replacing 'static' with undefined
     }

2. Excluding certain contexts from the shared cache also resolves the issue. I did not try all of them, but disallowing the very basic https://www.w3.org/2018/credentials/v1 already solved the issue.

Used packages: "@digitalbazaar/ed25519-signature-2020": "^5.0.0", "@digitalbazaar/vc": "^5.0.0",

[F-Node-Karlsruhe]

Update: Its not just one property, but entire contexts which are not present in the mapping. If a array like context of the form like below comes first, then both the non-array context and the child context are missing. If a non-array context comes first, the parent context is missing.

I guess the issue is very closely related to the old one https://github.com/digitalbazaar/jsonld.js/issues/500

Array like context with child and parent:

{
  "@context": [
    // parent context
    "https://example.com/parentconetext",
    // child context
    {
      "@import": "https://example.com/examplecontext",
      "example": "https://example.com",
      }
  ]
}

[F-Node-Karlsruhe]

Test credentials for reproducing the issue: https://ssi.eecc.de/api/registry/vc/9f32902a-d71f-4d41-a23a-a2213b8a3b40 https://ssi.eecc.de/api/registry/vc/93e1120a-e6f4-4107-abb2-30af1795ee3c

The credentials can be downloaded in json format on under the provided links with the JSON button under the credential. If you wonder why both credentials get verified when clicking the link: i have disabled the shared cache manually.

[F-Node-Karlsruhe]

I forked a temporary workaround to make it work with inline contexts, but i hope that someone with a deeper understanding of the library will clear the root cause eventually.

https://github.com/european-epc-competence-center/jsonld.js/commit/dd109a0eacfeb6006479683ab58cedd6c8b19284

[F-Node-Karlsruhe]

The issue also occurs with the fix when setting the tag to 'static' in the document loader for both issues. This is kind of obvious, but i wanted to mention it.

https://github.com/digitalbazaar/jsonld.js/issues/500 https://github.com/digitalbazaar/jsonld.js/issues/502

[F-Node-Karlsruhe]

More specific issue https://github.com/digitalbazaar/jsonld.js/issues/537