search

hyperledger-archives / aries-framework-go

Hyperledger Aries Framework Go provides packages for building Agent / DIDComm services.
https://wiki.hyperledger.org/display/ARIES/aries-framework-go
Apache License 2.0
240 stars 161 forks source link

VC wallet: Unable to issue credential #3029

Open jceb opened 3 years ago

jceb commented 3 years ago

What I'm trying to do

I'm trying to issue a credential via the /vcwallet/issue endpoint with a key that I created beforehand via /vcwallet/create-key-pair.

Expected result

Credential with an added proof section.

Actual result

Error:

{
  "code": 12010,
  "message": "failed to issue credential: getKeySet: failed to read json keyset from reader: cannot read data for keysetID z6MksNRMoWkz5UdGgSkpbMS83FvRkKzNN5XAbbF2gLgWCmCe: failed to get DB entry: data not found"
}

Sample code / test case

  1. I created a key pair via the /vcwallet/create-key-pair endpoint
{
  "keyID": "zteLhw3qQMOozGq8ls60AKxBxWBUNl7T1k-ypvWjEIc",
  "publicKey": "v-qOrzVcRfrqXrgy8-JvajJfZotJcsuV1zA54fX7z_s"
}
  1. I computed the DID for the public key
did:key:z6MksNRMoWkz5UdGgSkpbMS83FvRkKzNN5XAbbF2gLgWCmCe
  1. I sent an unsigned VC to the /vcwallet/issue endpoint
{
  "auth": "{{TOKEN}}",
  "credential": {
    "@context": [
      "https://www.w3.org/2018/credentials/v1"
    ],
    "id": "http://example.edu/credentials/58473",
    "issuer": "did:key:z6MksNRMoWkz5UdGgSkpbMS83FvRkKzNN5XAbbF2gLgWCmCe",
    "issuanceDate": "2021-10-25T16:49:57Z",
    "type": [
      "VerifiableCredential"
    ],
    "credentialSubject": {
      "id": "did:example:ebfeb1f712ebc6f1c276e12ec21"
    }
  },
  "proofOptions": {
    "challenge": "test-challenge",
    "controller": "did:key:z6MksNRMoWkz5UdGgSkpbMS83FvRkKzNN5XAbbF2gLgWCmCe",
    "created": "2021-10-20T06:28:12.840Z",
    "domain": "identinet.io",
    "proofRepresentation": 0,
    "proofType": "Ed25519Signature2018",
    "verificationMethod": "did:key:z6MksNRMoWkz5UdGgSkpbMS83FvRkKzNN5XAbbF2gLgWCmCe#z6MksNRMoWkz5UdGgSkpbMS83FvRkKzNN5XAbbF2gLgWCmCe"
  },
  "userID": "user1"
}

It looks like the verification method isn't properly turned into a keyID that can key found by the key manager. Instead the verification method is directly fed to keyManager.Get(): https://github.com/hyperledger/aries-framework-go/blob/main/pkg/wallet/kmsclient.go#L271

Also the test cases only test the error cases but not the happy case: https://github.com/hyperledger/aries-framework-go/blob/main/pkg/wallet/kmsclient_test.go#L587

Furthermore, I'm wondering whether splitting the verification method is enough to find the right key. In my understanding the steps to find the right key are:

  1. resolve the DID document referenced by verificationMethod (split('#')[0]) - this step happens
  2. find the public key with id split('#')[1] - this step seems to be missing
  3. decode the public key and pass it to the key manager - this step seems to be missing
    • instead split('#')[1] is used as public key or key id
fastman61 commented 1 year ago

@jceb I am getting the same error without using this PR, how can I solve this issue? Will the PR be merged? Is there a plan?