fix: json ld fixes and aca-py interop fixes

packages/anoncreds/src/utils/w3cAnonCredsUtils.ts

@@ -20,6 +20,7 @@ import {
   isUnqualifiedRevocationRegistryId,
   isIndyDid,
   getUnQualifiedDidIndyDid,
+  isUnqualifiedIndyDid,
 } from './indyIdentifiers'
 import { W3cAnonCredsCredentialMetadataKey } from './metadata'
 
@@ -166,6 +167,14 @@ export function getStoreCredentialOptions(
   return storeCredentialOptions
 }
 
+// The issuer of the schema does not always match the issuer of the credential definition thus the unqualified schema id needs to be derived from both values
+function getUnqualifiedSchemaId(schemaIssuerId: string, schemaId: string) {
+  const schemaDid = schemaIssuerId.split(':')[3]
+  const split = getUnQualifiedDidIndyDid(schemaId).split(':')
+  split[0] = schemaDid
+  return split.join(':')
+}
+
 export function getW3cRecordAnonCredsTags(options: {
   credentialSubject: W3cCredentialSubject
   issuerId: string
@@ -199,10 +208,10 @@ export function getW3cRecordAnonCredsTags(options: {
     anonCredsMethodName: methodName,
     anonCredsRevocationRegistryId: revocationRegistryId,
     anonCredsCredentialRevocationId: credentialRevocationId,
-    ...(isIndyDid(issuerId) && {
+    ...((isIndyDid(issuerId) || isUnqualifiedIndyDid(issuerId)) && {
       anonCredsUnqualifiedIssuerId: getUnQualifiedDidIndyDid(issuerId),
       anonCredsUnqualifiedCredentialDefinitionId: getUnQualifiedDidIndyDid(credentialDefinitionId),
-      anonCredsUnqualifiedSchemaId: getUnQualifiedDidIndyDid(schemaId),
+      anonCredsUnqualifiedSchemaId: getUnqualifiedSchemaId(schema.issuerId, schemaId),
       anonCredsUnqualifiedSchemaIssuerId: getUnQualifiedDidIndyDid(schema.issuerId),
       anonCredsUnqualifiedRevocationRegistryId: revocationRegistryId
         ? getUnQualifiedDidIndyDid(revocationRegistryId)

packages/core/src/modules/connections/DidExchangeProtocol.ts

@@ -523,58 +523,56 @@ export class DidExchangeProtocol {
     if (message instanceof DidExchangeResponseMessage) {
       const didRotateAttachment = message.didRotate
 
-      if (!didRotateAttachment) {
-        throw new DidExchangeProblemReportError('DID Rotate attachment is missing.', {
-          problemCode: DidExchangeProblemReportReason.ResponseNotAccepted,
-        })
-      }
-
-      const jws = didRotateAttachment.data.jws
+      if (didRotateAttachment) {
+        const jws = didRotateAttachment.data.jws
 
-      if (!jws) {
-        throw new DidExchangeProblemReportError('DID Rotate signature is missing.', {
-          problemCode: DidExchangeProblemReportReason.ResponseNotAccepted,
-        })
-      }
+        if (!jws) {
+          throw new DidExchangeProblemReportError('DID Rotate signature is missing.', {
+            problemCode: DidExchangeProblemReportReason.ResponseNotAccepted,
+          })
+        }
 
-      if (!didRotateAttachment.data.base64) {
-        throw new CredoError('DID Rotate attachment is missing base64 property for signed did.')
-      }
+        if (!didRotateAttachment.data.base64) {
+          throw new CredoError('DID Rotate attachment is missing base64 property for signed did.')
+        }
 
-      // JWS payload must be base64url encoded
-      const base64UrlPayload = base64ToBase64URL(didRotateAttachment.data.base64)
-      const signedDid = TypedArrayEncoder.fromBase64(base64UrlPayload).toString()
+        // JWS payload must be base64url encoded
+        const base64UrlPayload = base64ToBase64URL(didRotateAttachment.data.base64)
+        const signedDid = TypedArrayEncoder.fromBase64(base64UrlPayload).toString()
 
-      if (signedDid !== message.did) {
-        throw new CredoError(
-          `DID Rotate attachment's did ${message.did} does not correspond to message did ${message.did}`
-        )
-      }
+        if (signedDid !== message.did) {
+          throw new CredoError(
+            `DID Rotate attachment's did ${message.did} does not correspond to message did ${message.did}`
+          )
+        }
 
-      const { isValid, signerKeys } = await this.jwsService.verifyJws(agentContext, {
-        jws: {
-          ...jws,
-          payload: base64UrlPayload,
-        },
-        jwkResolver: ({ jws: { header } }) => {
-          if (typeof header.kid !== 'string' || !isDid(header.kid, 'key')) {
-            throw new CredoError('JWS header kid must be a did:key DID.')
-          }
+        const { isValid, signerKeys } = await this.jwsService.verifyJws(agentContext, {
+          jws: {
+            ...jws,
+            payload: base64UrlPayload,
+          },
+          jwkResolver: ({ jws: { header } }) => {
+            if (typeof header.kid !== 'string' || !isDid(header.kid, 'key')) {
+              throw new CredoError('JWS header kid must be a did:key DID.')
+            }
 
-          const didKey = DidKey.fromDid(header.kid)
-          return getJwkFromKey(didKey.key)
-        },
-      })
+            const didKey = DidKey.fromDid(header.kid)
+            return getJwkFromKey(didKey.key)
+          },
+        })
 
-      if (!isValid || !signerKeys.every((key) => invitationKeysBase58?.includes(key.publicKeyBase58))) {
-        throw new DidExchangeProblemReportError(
-          `DID Rotate signature is invalid. isValid: ${isValid} signerKeys: ${JSON.stringify(
-            signerKeys
-          )} invitationKeys:${JSON.stringify(invitationKeysBase58)}`,
-          {
-            problemCode: DidExchangeProblemReportReason.ResponseNotAccepted,
-          }
-        )
+        if (!isValid || !signerKeys.every((key) => invitationKeysBase58?.includes(key.publicKeyBase58))) {
+          throw new DidExchangeProblemReportError(
+            `DID Rotate signature is invalid. isValid: ${isValid} signerKeys: ${JSON.stringify(
+              signerKeys
+            )} invitationKeys:${JSON.stringify(invitationKeysBase58)}`,
+            {
+              problemCode: DidExchangeProblemReportReason.ResponseNotAccepted,
+            }
+          )
+        }
+      } else {
+        this.logger.warn(`Document does not contain didRotate`)
       }
     }
 

packages/core/src/modules/credentials/protocol/v2/messages/V2OfferCredentialMessage.ts

@@ -58,6 +58,7 @@ export class V2OfferCredentialMessage extends AgentMessage {
 
   @Expose({ name: 'credential_preview' })
   @Type(() => V2CredentialPreview)
+  @IsOptional()
   @ValidateNested()
   @IsInstance(V2CredentialPreview)
   public credentialPreview?: V2CredentialPreview

packages/core/src/modules/dids/domain/verificationMethod/Bls12381G1Key2020.ts

@@ -32,9 +32,17 @@ export function isBls12381G1Key2020(verificationMethod: VerificationMethod): ver
  * Get a key from a Bls12381G1Key2020 verification method.
  */
 export function getKeyFromBls12381G1Key2020(verificationMethod: Bls12381G1Key2020) {
-  if (!verificationMethod.publicKeyBase58) {
-    throw new CredoError('verification method is missing publicKeyBase58')
+  if (verificationMethod.publicKeyBase58) {
+    return Key.fromPublicKeyBase58(verificationMethod.publicKeyBase58, KeyType.Bls12381g1)
+  }
+  if (verificationMethod.publicKeyMultibase) {
+    const key = Key.fromFingerprint(verificationMethod.publicKeyMultibase)
+    if (key.keyType === KeyType.Bls12381g1) return key
+    else
+      throw new CredoError(
+        `Unexpected key type from resolving multibase encoding, key type was ${key.keyType} but expected ${KeyType.Bls12381g1}}`
+      )
   }
 
-  return Key.fromPublicKeyBase58(verificationMethod.publicKeyBase58, KeyType.Bls12381g1)
+  throw new CredoError('verification method is missing publicKeyBase58 or publicKeyMultibase')
 }

packages/core/src/modules/dids/domain/verificationMethod/Bls12381G2Key2020.ts

@@ -32,9 +32,17 @@ export function isBls12381G2Key2020(verificationMethod: VerificationMethod): ver
  * Get a key from a Bls12381G2Key2020 verification method.
  */
 export function getKeyFromBls12381G2Key2020(verificationMethod: Bls12381G2Key2020) {
-  if (!verificationMethod.publicKeyBase58) {
-    throw new CredoError('verification method is missing publicKeyBase58')
+  if (verificationMethod.publicKeyBase58) {
+    return Key.fromPublicKeyBase58(verificationMethod.publicKeyBase58, KeyType.Bls12381g2)
+  }
+  if (verificationMethod.publicKeyMultibase) {
+    const key = Key.fromFingerprint(verificationMethod.publicKeyMultibase)
+    if (key.keyType === KeyType.Bls12381g2) return key
+    else
+      throw new CredoError(
+        `Unexpected key type from resolving multibase encoding, key type was ${key.keyType} but expected ${KeyType.Bls12381g2}}`
+      )
   }
 
-  return Key.fromPublicKeyBase58(verificationMethod.publicKeyBase58, KeyType.Bls12381g2)
+  throw new CredoError('verification method is missing publicKeyBase58 or publicKeyMultibase')
 }

packages/core/src/modules/dids/domain/verificationMethod/EcdsaSecp256k1VerificationKey2019.ts

@@ -43,9 +43,17 @@ export function isEcdsaSecp256k1VerificationKey2019(
  * Get a key from a EcdsaSecp256k1VerificationKey2019 verification method.
  */
 export function getKeyFromEcdsaSecp256k1VerificationKey2019(verificationMethod: EcdsaSecp256k1VerificationKey2019) {
-  if (!verificationMethod.publicKeyBase58) {
-    throw new CredoError('verification method is missing publicKeyBase58')
+  if (verificationMethod.publicKeyBase58) {
+    return Key.fromPublicKeyBase58(verificationMethod.publicKeyBase58, KeyType.K256)
+  }
+  if (verificationMethod.publicKeyMultibase) {
+    const key = Key.fromFingerprint(verificationMethod.publicKeyMultibase)
+    if (key.keyType === KeyType.K256) return key
+    else
+      throw new CredoError(
+        `Unexpected key type from resolving multibase encoding, key type was ${key.keyType} but expected ${KeyType.K256}}`
+      )
   }
 
-  return Key.fromPublicKeyBase58(verificationMethod.publicKeyBase58, KeyType.K256)
+  throw new CredoError('verification method is missing publicKeyBase58 or publicKeyMultibase')
 }

packages/core/src/modules/dids/domain/verificationMethod/Ed25519VerificationKey2018.ts

@@ -34,9 +34,17 @@ export function isEd25519VerificationKey2018(
  * Get a key from a Ed25519VerificationKey2018 verification method.
  */
 export function getKeyFromEd25519VerificationKey2018(verificationMethod: Ed25519VerificationKey2018) {
-  if (!verificationMethod.publicKeyBase58) {
-    throw new CredoError('verification method is missing publicKeyBase58')
+  if (verificationMethod.publicKeyBase58) {
+    return Key.fromPublicKeyBase58(verificationMethod.publicKeyBase58, KeyType.Ed25519)
+  }
+  if (verificationMethod.publicKeyMultibase) {
+    const key = Key.fromFingerprint(verificationMethod.publicKeyMultibase)
+    if (key.keyType === KeyType.Ed25519) return key
+    else
+      throw new CredoError(
+        `Unexpected key type from resolving multibase encoding, key type was ${key.keyType} but expected ${KeyType.Ed25519}`
+      )
   }
 
-  return Key.fromPublicKeyBase58(verificationMethod.publicKeyBase58, KeyType.Ed25519)
+  throw new CredoError('verification method is missing publicKeyBase58 or publicKeyMultibase')
 }

packages/core/src/modules/dids/domain/verificationMethod/X25519KeyAgreementKey2019.ts

@@ -34,9 +34,17 @@ export function isX25519KeyAgreementKey2019(
  * Get a key from a X25519KeyAgreementKey2019 verification method.
  */
 export function getKeyFromX25519KeyAgreementKey2019(verificationMethod: X25519KeyAgreementKey2019) {
-  if (!verificationMethod.publicKeyBase58) {
-    throw new CredoError('verification method is missing publicKeyBase58')
+  if (verificationMethod.publicKeyBase58) {
+    return Key.fromPublicKeyBase58(verificationMethod.publicKeyBase58, KeyType.X25519)
+  }
+  if (verificationMethod.publicKeyMultibase) {
+    const key = Key.fromFingerprint(verificationMethod.publicKeyMultibase)
+    if (key.keyType === KeyType.X25519) return key
+    else
+      throw new CredoError(
+        `Unexpected key type from resolving multibase encoding, key type was ${key.keyType} but expected ${KeyType.X25519}`
+      )
   }
 
-  return Key.fromPublicKeyBase58(verificationMethod.publicKeyBase58, KeyType.X25519)
+  throw new CredoError('verification method is missing publicKeyBase58 or publicKeyMultibase')
 }

packages/core/src/modules/dids/methods/peer/didPeer.ts

@@ -3,7 +3,7 @@ import { CredoError } from '../../../../error'
 import { getAlternativeDidsForNumAlgo4Did } from './peerDidNumAlgo4'
 
 const PEER_DID_REGEX = new RegExp(
-  '^did:peer:(([01](z)([1-9a-km-zA-HJ-NP-Z]{5,200}))|(2((.[AEVID](z)([1-9a-km-zA-HJ-NP-Z]{5,200}))+(.(S)[0-9a-zA-Z=]*)?))|([4](z[1-9a-km-zA-HJ-NP-Z]{46})(:z[1-9a-km-zA-HJ-NP-Z]{6,}){0,1}))$'
+  '^did:peer:(([01](z)([1-9a-km-zA-HJ-NP-Z]{5,200}))|(2((.[AEVID](z)([1-9a-km-zA-HJ-NP-Z]{5,200}))+(.(S)[0-9a-zA-Z=]*)*))|([4](z[1-9a-km-zA-HJ-NP-Z]{46})(:z[1-9a-km-zA-HJ-NP-Z]{6,}){0,1}))$'
 )
 
 export function isValidPeerDid(did: string): boolean {

packages/core/src/modules/dids/methods/peer/peerDidNumAlgo2.ts

@@ -69,9 +69,7 @@ export function didToNumAlgo2DidDocument(did: string) {
       for (let service of services) {
         // Expand abbreviations used for service key/values
         service = expandServiceAbbreviations(service)
-
         service.id = `${did}#${service.type.toLowerCase()}-${serviceIndex++}`
-
         didDocument.addService(JsonTransformer.fromJSON(service, DidDocumentService))
       }
     }

packages/core/src/modules/dif-presentation-exchange/DifPresentationExchangeService.ts

@@ -592,7 +592,7 @@ export class DifPresentationExchangeService {
       for (const inputDescriptor of pd.input_descriptors) {
         for (const schema of inputDescriptor.schema) {
           w3cQuery.push({
-            $or: [{ expandedType: [schema.uri] }, { contexts: [schema.uri] }, { type: [schema.uri] }],
+            $or: [{ expandedTypes: [schema.uri] }, { contexts: [schema.uri] }, { types: [schema.uri] }],
           })
         }
       }

packages/core/src/modules/vc/data-integrity/W3cJsonLdCredentialService.ts

@@ -15,7 +15,7 @@ import { createWalletKeyPairClass } from '../../../crypto/WalletKeyPair'
 import { CredoError } from '../../../error'
 import { injectable } from '../../../plugins'
 import { asArray, JsonTransformer } from '../../../utils'
-import { VerificationMethod } from '../../dids'
+import { DidsApi, VerificationMethod } from '../../dids'
 import { getKeyFromVerificationMethod } from '../../dids/domain/key-type'
 import { W3cCredentialsModuleConfig } from '../W3cCredentialsModuleConfig'
 import { w3cDate } from '../util'
@@ -339,12 +339,23 @@ export class W3cJsonLdCredentialService {
     agentContext: AgentContext,
     verificationMethod: string
   ): Promise<Key> {
-    const documentLoader = this.w3cCredentialsModuleConfig.documentLoader(agentContext)
-    const verificationMethodObject = await documentLoader(verificationMethod)
-    const verificationMethodClass = JsonTransformer.fromJSON(verificationMethodObject.document, VerificationMethod)
-
-    const key = getKeyFromVerificationMethod(verificationMethodClass)
-    return key
+    if (!verificationMethod.startsWith('did:')) {
+      const documentLoader = this.w3cCredentialsModuleConfig.documentLoader(agentContext)
+      const verificationMethodObject = await documentLoader(verificationMethod)
+      const verificationMethodClass = JsonTransformer.fromJSON(verificationMethodObject.document, VerificationMethod)
+
+      const key = getKeyFromVerificationMethod(verificationMethodClass)
+      return key
+    } else {
+      const [did, keyid] = verificationMethod.split('#')
+      const didsApi = agentContext.dependencyManager.resolve(DidsApi)
+      const doc = await didsApi.resolve(did)
+      if (doc.didDocument) {
+        const verificationMethodClass = doc.didDocument.dereferenceKey(keyid)
+        return getKeyFromVerificationMethod(verificationMethodClass)
+      }
+      throw new CredoError(`Could not resolve verification method with id ${verificationMethod}`)
+    }
   }
 
   private getSignatureSuitesForCredential(agentContext: AgentContext, credential: W3cJsonLdVerifiableCredential) {