diff --git a/acapy_agent/wallet/jwt.py b/acapy_agent/wallet/jwt.py index caf8b45a4e..9cbb826cec 100644 --- a/acapy_agent/wallet/jwt.py +++ b/acapy_agent/wallet/jwt.py @@ -143,7 +143,7 @@ class Meta: async def resolve_public_key_by_kid_for_verify( profile: Profile, kid: str ) -> Tuple[str, KeyType]: - """Resolve public key material from a kid.""" + """Resolve public key verkey (base58 public key) and key type from a kid.""" resolver = profile.inject(DIDResolver) vmethod: Resource = await resolver.dereference( profile, diff --git a/acapy_agent/wallet/keys/tests/test_key_operations.py b/acapy_agent/wallet/keys/tests/test_key_operations.py index 2390d23d56..6ec4264f66 100644 --- a/acapy_agent/wallet/keys/tests/test_key_operations.py +++ b/acapy_agent/wallet/keys/tests/test_key_operations.py @@ -13,10 +13,14 @@ class TestKeyOperations(IsolatedAsyncioTestCase): seed = "00000000000000000000000000000000" - multikey = "z6MkgKA7yrw5kYSiDuQFcye4bMaJpcfHFry3Bx45pdWh3s8i" - verkey = "2ru5PcgeQzxF7QZYwQgDkG2K13PRqyigVw99zMYg8eML" - alg = "ed25519" - kid = "did:web:example.com#key-01" + + ed25519_multikey = "z6MkgKA7yrw5kYSiDuQFcye4bMaJpcfHFry3Bx45pdWh3s8i" + ed25519_verkey = "2ru5PcgeQzxF7QZYwQgDkG2K13PRqyigVw99zMYg8eML" + ed25519_alg = "ed25519" + + p256_multikey = "zDnaeSd75MAwSRmem34MfZEzSMjQNcpWLmzkbF8Su49AuA9U2" + p256_verkey = "demmi97mhJ7JQu31git4hQz8a1PD1dETJH9TVKaynNQv" + p256_alg = "p256" async def asyncSetUp(self) -> None: self.profile = await create_test_profile() @@ -24,26 +28,40 @@ async def asyncSetUp(self) -> None: async def test_key_creation(self): async with self.profile.session() as session: - key_info = await MultikeyManager(session=session).create(seed=self.seed) - assert key_info["multikey"] == self.multikey - assert key_info["kid"] is None - - key_info = await MultikeyManager(session=session).from_multikey( - multikey=self.multikey - ) - assert key_info["multikey"] == self.multikey - assert key_info["kid"] is None - - key_info = await MultikeyManager(session=session).update( - multikey=self.multikey, kid=self.kid - ) - assert key_info["multikey"] == self.multikey - assert key_info["kid"] == self.kid - - key_info = await MultikeyManager(session=session).from_kid(kid=self.kid) - assert key_info["multikey"] == self.multikey - assert key_info["kid"] == self.kid + for i, (alg, expected_multikey) in enumerate( + [ + (self.ed25519_alg, self.ed25519_multikey), + (self.p256_alg, self.p256_multikey), + ] + ): + kid = f"did:web:example.com#key-0{i}" + + key_info = await MultikeyManager(session=session).create( + seed=self.seed, alg=alg + ) + assert key_info["multikey"] == expected_multikey + assert key_info["kid"] is None + + key_info = await MultikeyManager(session=session).from_multikey( + multikey=expected_multikey + ) + assert key_info["multikey"] == expected_multikey + assert key_info["kid"] is None + + key_info = await MultikeyManager(session=session).update( + multikey=expected_multikey, kid=kid + ) + assert key_info["multikey"] == expected_multikey + assert key_info["kid"] == kid + + key_info = await MultikeyManager(session=session).from_kid(kid=kid) + assert key_info["multikey"] == expected_multikey + assert key_info["kid"] == kid async def test_key_transformations(self): - assert multikey_to_verkey(self.multikey) == self.verkey - assert verkey_to_multikey(self.verkey, alg=self.alg) == self.multikey + for alg, multikey, verkey in [ + (self.ed25519_alg, self.ed25519_multikey, self.ed25519_verkey), + (self.p256_alg, self.p256_multikey, self.p256_verkey), + ]: + assert multikey_to_verkey(multikey) == verkey + assert verkey_to_multikey(verkey, alg=alg) == multikey diff --git a/acapy_agent/wallet/tests/test_did_method.py b/acapy_agent/wallet/tests/test_did_method.py index 9777cef1dc..3e488ab29d 100644 --- a/acapy_agent/wallet/tests/test_did_method.py +++ b/acapy_agent/wallet/tests/test_did_method.py @@ -1,31 +1,50 @@ from unittest import TestCase -from ..key_type import BLS12381G1, BLS12381G1G2, BLS12381G2, ED25519, X25519, KeyTypes +from ..key_type import ( + BLS12381G1, + BLS12381G1G2, + BLS12381G2, + ED25519, + P256, + X25519, + KeyTypes, +) ED25519_PREFIX_BYTES = b"\xed\x01" BLS12381G1_PREFIX_BYTES = b"\xea\x01" BLS12381G1G2_PREFIX_BYTES = b"\xee\x01" BLS12381G2_PREFIX_BYTES = b"\xeb\x01" X25519_PREFIX_BYTES = b"\xec\x01" +P256_PREFIX_BYTES = b"\x80\x24" ED25519_KEY_NAME = "ed25519" X25519_KEY_NAME = "x25519" +P256_KEY_NAME = "p256" BLS12381G1_KEY_NAME = "bls12381g1" BLS12381G2_KEY_NAME = "bls12381g2" BLS12381G1G2_KEY_NAME = "bls12381g1g2" ED25519_MULTICODEC_NAME = "ed25519-pub" X25519_MULTICODEC_NAME = "x25519-pub" +P256_MULTICODEC_NAME = "p256-pub" BLS12381G1_MULTICODEC_NAME = "bls12_381-g1-pub" BLS12381G2_MULTICODEC_NAME = "bls12_381-g2-pub" BLS12381G1G2_MULTICODEC_NAME = "bls12_381-g1g2-pub" +ED25519_JWS_ALG = "EdDSA" +X25519_JWS_ALG = None +P256_JWS_ALG = "ES256" +BLS12381G1_JWS_ALG = None +BLS12381G2_JWS_ALG = None +BLS12381G1G2_JWS_ALG = None + class TestKeyType(TestCase): def test_from_multicodec_name(self): key_types = KeyTypes() assert key_types.from_multicodec_name(ED25519_MULTICODEC_NAME) == ED25519 assert key_types.from_multicodec_name(X25519_MULTICODEC_NAME) == X25519 + assert key_types.from_multicodec_name(P256_MULTICODEC_NAME) == P256 assert key_types.from_multicodec_name(BLS12381G1_MULTICODEC_NAME) == BLS12381G1 assert key_types.from_multicodec_name(BLS12381G2_MULTICODEC_NAME) == BLS12381G2 assert ( @@ -37,6 +56,7 @@ def test_from_key_type(self): key_types = KeyTypes() assert key_types.from_key_type(ED25519_KEY_NAME) == ED25519 assert key_types.from_key_type(X25519_KEY_NAME) == X25519 + assert key_types.from_key_type(P256_KEY_NAME) == P256 assert key_types.from_key_type(BLS12381G1_KEY_NAME) == BLS12381G1 assert key_types.from_key_type(BLS12381G2_KEY_NAME) == BLS12381G2 assert key_types.from_key_type(BLS12381G1G2_KEY_NAME) == BLS12381G1G2 @@ -46,6 +66,7 @@ def test_from_multicodec_prefix(self): key_types = KeyTypes() assert key_types.from_multicodec_prefix(ED25519_PREFIX_BYTES) == ED25519 assert key_types.from_multicodec_prefix(X25519_PREFIX_BYTES) == X25519 + assert key_types.from_multicodec_prefix(P256_PREFIX_BYTES) == P256 assert key_types.from_multicodec_prefix(BLS12381G1_PREFIX_BYTES) == BLS12381G1 assert key_types.from_multicodec_prefix(BLS12381G2_PREFIX_BYTES) == BLS12381G2 assert key_types.from_multicodec_prefix(BLS12381G1G2_PREFIX_BYTES) == BLS12381G1G2 @@ -65,6 +86,10 @@ def test_from_prefixed_bytes(self): ) == X25519 ) + assert ( + key_types.from_prefixed_bytes(b"".join([P256_PREFIX_BYTES, b"random-bytes"])) + == P256 + ) assert ( key_types.from_prefixed_bytes( b"".join([BLS12381G1_PREFIX_BYTES, b"random-bytes"]) @@ -94,3 +119,39 @@ def test_properties(self): assert key_type.key_type == ED25519_KEY_NAME assert key_type.multicodec_name == ED25519_MULTICODEC_NAME assert key_type.multicodec_prefix == ED25519_PREFIX_BYTES + assert key_type.jws_algorithm == ED25519_JWS_ALG + + key_type = X25519 + + assert key_type.key_type == X25519_KEY_NAME + assert key_type.multicodec_name == X25519_MULTICODEC_NAME + assert key_type.multicodec_prefix == X25519_PREFIX_BYTES + assert key_type.jws_algorithm == X25519_JWS_ALG + + key_type = P256 + + assert key_type.key_type == P256_KEY_NAME + assert key_type.multicodec_name == P256_MULTICODEC_NAME + assert key_type.multicodec_prefix == P256_PREFIX_BYTES + assert key_type.jws_algorithm == P256_JWS_ALG + + key_type = BLS12381G1 + + assert key_type.key_type == BLS12381G1_KEY_NAME + assert key_type.multicodec_name == BLS12381G1_MULTICODEC_NAME + assert key_type.multicodec_prefix == BLS12381G1_PREFIX_BYTES + assert key_type.jws_algorithm == BLS12381G1_JWS_ALG + + key_type = BLS12381G2 + + assert key_type.key_type == BLS12381G2_KEY_NAME + assert key_type.multicodec_name == BLS12381G2_MULTICODEC_NAME + assert key_type.multicodec_prefix == BLS12381G2_PREFIX_BYTES + assert key_type.jws_algorithm == BLS12381G2_JWS_ALG + + key_type = BLS12381G1G2 + + assert key_type.key_type == BLS12381G1G2_KEY_NAME + assert key_type.multicodec_name == BLS12381G1G2_MULTICODEC_NAME + assert key_type.multicodec_prefix == BLS12381G1G2_PREFIX_BYTES + assert key_type.jws_algorithm == BLS12381G1G2_JWS_ALG diff --git a/acapy_agent/wallet/tests/test_jwt.py b/acapy_agent/wallet/tests/test_jwt.py index b25f5e1fd2..211acddaee 100644 --- a/acapy_agent/wallet/tests/test_jwt.py +++ b/acapy_agent/wallet/tests/test_jwt.py @@ -1,3 +1,4 @@ +from typing import Tuple from unittest import IsolatedAsyncioTestCase import pytest @@ -6,7 +7,7 @@ from ...resolver.tests.test_did_resolver import MockResolver from ...utils.testing import create_test_profile from ...wallet.did_method import KEY, DIDMethods -from ...wallet.key_type import ED25519, KeyTypes +from ...wallet.key_type import ED25519, P256, KeyType, KeyTypes from ..base import BaseWallet from ..default_verification_key_strategy import ( BaseVerificationKeyStrategy, @@ -19,85 +20,133 @@ class TestJWT(IsolatedAsyncioTestCase): """Tests for JWT sign and verify using dids.""" seed = "testseed000000000000000000000001" + did_key_ed25519_did = "did:key:z6Mkgg342Ycpuk263R9d8Aq6MUaxPn1DDeHyGo38EefXmgDL" + did_key_ed25519_verification_method = "did:key:z6Mkgg342Ycpuk263R9d8Aq6MUaxPn1DDeHyGo38EefXmgDL#z6Mkgg342Ycpuk263R9d8Aq6MUaxPn1DDeHyGo38EefXmgDL" + did_key_ed25519_doc = { + "@context": "https://www.w3.org/ns/did/v1", + "id": "did:key:z6Mkgg342Ycpuk263R9d8Aq6MUaxPn1DDeHyGo38EefXmgDL", + "verificationMethod": [ + { + "id": "did:key:z6Mkgg342Ycpuk263R9d8Aq6MUaxPn1DDeHyGo38EefXmgDL#z6Mkgg342Ycpuk263R9d8Aq6MUaxPn1DDeHyGo38EefXmgDL", + "type": "Ed25519VerificationKey2018", + "controller": "did:key:z6Mkgg342Ycpuk263R9d8Aq6MUaxPn1DDeHyGo38EefXmgDL", + "publicKeyBase58": "3Dn1SJNPaCXcvvJvSbsFWP2xaCjMom3can8CQNhWrTRx", + } + ], + "authentication": [ + "did:key:z6Mkgg342Ycpuk263R9d8Aq6MUaxPn1DDeHyGo38EefXmgDL#z6Mkgg342Ycpuk263R9d8Aq6MUaxPn1DDeHyGo38EefXmgDL" + ], + "assertionMethod": [ + "did:key:z6Mkgg342Ycpuk263R9d8Aq6MUaxPn1DDeHyGo38EefXmgDL#z6Mkgg342Ycpuk263R9d8Aq6MUaxPn1DDeHyGo38EefXmgDL" + ], + "capabilityDelegation": [ + "did:key:z6Mkgg342Ycpuk263R9d8Aq6MUaxPn1DDeHyGo38EefXmgDL#z6Mkgg342Ycpuk263R9d8Aq6MUaxPn1DDeHyGo38EefXmgDL" + ], + "capabilityInvocation": [ + "did:key:z6Mkgg342Ycpuk263R9d8Aq6MUaxPn1DDeHyGo38EefXmgDL#z6Mkgg342Ycpuk263R9d8Aq6MUaxPn1DDeHyGo38EefXmgDL" + ], + "keyAgreement": [ + { + "id": "did:key:z6Mkgg342Ycpuk263R9d8Aq6MUaxPn1DDeHyGo38EefXmgDL#z6LSbkodSr6SU2trs8VUgnrnWtSm7BAPG245ggrBmSrxbv1R", + "type": "X25519KeyAgreementKey2019", + "controller": "did:key:z6Mkgg342Ycpuk263R9d8Aq6MUaxPn1DDeHyGo38EefXmgDL", + "publicKeyBase58": "5dTvYHaNaB7mk7iA9LqCJEHG2dGZQsvoi8WGzDRtYEf", + } + ], + } + did_key_p256_did = "did:key:zDnaehWviigWQQD7bqF3btFquwA5w8DX2sQwkVxnAyJ7oxdjq" + did_key_p256_verification_method = "did:key:zDnaehWviigWQQD7bqF3btFquwA5w8DX2sQwkVxnAyJ7oxdjq#zDnaehWviigWQQD7bqF3btFquwA5w8DX2sQwkVxnAyJ7oxdjq" + did_key_p256_doc = { + "@context": [ + "https://www.w3.org/ns/did/v1", + "https://w3id.org/security/multikey/v1", + ], + "id": "did:key:zDnaehWviigWQQD7bqF3btFquwA5w8DX2sQwkVxnAyJ7oxdjq", + "verificationMethod": [ + { + "id": "did:key:zDnaehWviigWQQD7bqF3btFquwA5w8DX2sQwkVxnAyJ7oxdjq#zDnaehWviigWQQD7bqF3btFquwA5w8DX2sQwkVxnAyJ7oxdjq", + "type": "Multikey", + "controller": "did:key:zDnaehWviigWQQD7bqF3btFquwA5w8DX2sQwkVxnAyJ7oxdjq", + "publicKeyMultibase": "zDnaehWviigWQQD7bqF3btFquwA5w8DX2sQwkVxnAyJ7oxdjq", + } + ], + "authentication": [ + "did:key:zDnaehWviigWQQD7bqF3btFquwA5w8DX2sQwkVxnAyJ7oxdjq#zDnaehWviigWQQD7bqF3btFquwA5w8DX2sQwkVxnAyJ7oxdjq" + ], + "assertionMethod": [ + "did:key:zDnaehWviigWQQD7bqF3btFquwA5w8DX2sQwkVxnAyJ7oxdjq#zDnaehWviigWQQD7bqF3btFquwA5w8DX2sQwkVxnAyJ7oxdjq" + ], + "capabilityDelegation": [ + "did:key:zDnaehWviigWQQD7bqF3btFquwA5w8DX2sQwkVxnAyJ7oxdjq#zDnaehWviigWQQD7bqF3btFquwA5w8DX2sQwkVxnAyJ7oxdjq" + ], + "capabilityInvocation": [ + "did:key:zDnaehWviigWQQD7bqF3btFquwA5w8DX2sQwkVxnAyJ7oxdjq#zDnaehWviigWQQD7bqF3btFquwA5w8DX2sQwkVxnAyJ7oxdjq" + ], + "keyAgreement": [], + } async def asyncSetUp(self): self.profile = await create_test_profile() - self.resolver = DIDResolver() - self.resolver.register_resolver( - MockResolver( - ["key"], - resolved={ - "@context": "https://www.w3.org/ns/did/v1", - "id": "did:key:z6Mkgg342Ycpuk263R9d8Aq6MUaxPn1DDeHyGo38EefXmgDL", - "verificationMethod": [ - { - "id": "did:key:z6Mkgg342Ycpuk263R9d8Aq6MUaxPn1DDeHyGo38EefXmgDL#z6Mkgg342Ycpuk263R9d8Aq6MUaxPn1DDeHyGo38EefXmgDL", - "type": "Ed25519VerificationKey2018", - "controller": "did:key:z6Mkgg342Ycpuk263R9d8Aq6MUaxPn1DDeHyGo38EefXmgDL", - "publicKeyBase58": "3Dn1SJNPaCXcvvJvSbsFWP2xaCjMom3can8CQNhWrTRx", - } - ], - "authentication": [ - "did:key:z6Mkgg342Ycpuk263R9d8Aq6MUaxPn1DDeHyGo38EefXmgDL#z6Mkgg342Ycpuk263R9d8Aq6MUaxPn1DDeHyGo38EefXmgDL" - ], - "assertionMethod": [ - "did:key:z6Mkgg342Ycpuk263R9d8Aq6MUaxPn1DDeHyGo38EefXmgDL#z6Mkgg342Ycpuk263R9d8Aq6MUaxPn1DDeHyGo38EefXmgDL" - ], - "capabilityDelegation": [ - "did:key:z6Mkgg342Ycpuk263R9d8Aq6MUaxPn1DDeHyGo38EefXmgDL#z6Mkgg342Ycpuk263R9d8Aq6MUaxPn1DDeHyGo38EefXmgDL" - ], - "capabilityInvocation": [ - "did:key:z6Mkgg342Ycpuk263R9d8Aq6MUaxPn1DDeHyGo38EefXmgDL#z6Mkgg342Ycpuk263R9d8Aq6MUaxPn1DDeHyGo38EefXmgDL" - ], - "keyAgreement": [ - { - "id": "did:key:z6Mkgg342Ycpuk263R9d8Aq6MUaxPn1DDeHyGo38EefXmgDL#z6LSbkodSr6SU2trs8VUgnrnWtSm7BAPG245ggrBmSrxbv1R", - "type": "X25519KeyAgreementKey2019", - "controller": "did:key:z6Mkgg342Ycpuk263R9d8Aq6MUaxPn1DDeHyGo38EefXmgDL", - "publicKeyBase58": "5dTvYHaNaB7mk7iA9LqCJEHG2dGZQsvoi8WGzDRtYEf", - } - ], - }, - native=True, - ) - ) self.profile.context.injector.bind_instance(DIDMethods, DIDMethods()) self.profile.context.injector.bind_instance( BaseVerificationKeyStrategy, DefaultVerificationKeyStrategy() ) - self.profile.context.injector.bind_instance(DIDResolver, self.resolver) self.profile.context.injector.bind_instance(KeyTypes, KeyTypes()) - async def test_sign_with_did_key_and_verify(self): + async def setUpTestingDid(self, key_type: KeyType) -> Tuple[str, str]: async with self.profile.session() as session: wallet = session.inject(BaseWallet) - did_info = await wallet.create_local_did(KEY, ED25519, self.seed) - did = did_info.did - verification_method = None + await wallet.create_local_did(KEY, key_type, self.seed) + + if key_type == P256: + did = self.did_key_p256_did + vm_id = self.did_key_p256_verification_method + did_doc = self.did_key_p256_doc + elif key_type == ED25519: + did = self.did_key_ed25519_did + vm_id = self.did_key_ed25519_verification_method + did_doc = self.did_key_ed25519_doc + + resolver = DIDResolver() + resolver.register_resolver( + MockResolver( + ["key"], + resolved=did_doc, + native=True, + ) + ) + self.profile.context.injector.bind_instance(DIDResolver, resolver) - headers = {} - payload = {} - signed = await jwt_sign(self.profile, headers, payload, did, verification_method) + return (did, vm_id) - assert signed + async def test_sign_with_did_key_and_verify(self): + for key_type in [ED25519, P256]: + (did, _) = await self.setUpTestingDid(key_type) + verification_method = None + + headers = {} + payload = {} + signed = await jwt_sign( + self.profile, headers, payload, did, verification_method + ) + + assert signed - assert await jwt_verify(self.profile, signed) + assert await jwt_verify(self.profile, signed) async def test_sign_with_verification_method_and_verify(self): - async with self.profile.session() as session: - wallet = session.inject(BaseWallet) - await wallet.create_local_did(KEY, ED25519, self.seed) - did = None - verification_method = "did:key:z6Mkgg342Ycpuk263R9d8Aq6MUaxPn1DDeHyGo38EefXmgDL#z6Mkgg342Ycpuk263R9d8Aq6MUaxPn1DDeHyGo38EefXmgDL" - headers = {} - payload = {} - signed: str = await jwt_sign( - self.profile, headers, payload, did, verification_method - ) + for key_type in [ED25519, P256]: + (_, verification_method) = await self.setUpTestingDid(key_type) + did = None + headers = {} + payload = {} + signed: str = await jwt_sign( + self.profile, headers, payload, did, verification_method + ) - assert signed + assert signed - assert await jwt_verify(self.profile, signed) + assert await jwt_verify(self.profile, signed) async def test_sign_x_invalid_did(self): did = "did:key:zzzzgg342Ycpuk263R9d8Aq6MUaxPn1DDeHyGo38EefXmgDL" @@ -118,30 +167,36 @@ async def test_sign_x_invalid_verification_method(self): assert "Unknown DID" in str(e_info) async def test_verify_x_invalid_signed(self): - async with self.profile.session() as session: - wallet = session.inject(BaseWallet) - did_info = await wallet.create_local_did(KEY, ED25519, self.seed) - did = did_info.did - verification_method = None - - headers = {} - payload = {} - signed = await jwt_sign(self.profile, headers, payload, did, verification_method) + for key_type in [ED25519, P256]: + (did, _) = await self.setUpTestingDid(key_type) + verification_method = None + + headers = {} + payload = {} + signed = await jwt_sign( + self.profile, headers, payload, did, verification_method + ) - assert signed - signed = f"{signed[:-2]}2" + assert signed + signed = f"{signed[:-2]}2" - with pytest.raises(Exception): - await jwt_verify(self.profile, signed) + with pytest.raises(Exception): + await jwt_verify(self.profile, signed) - async def test_resolve_public_key_by_kid_for_verify(self): - async with self.profile.session() as session: - wallet = session.inject(BaseWallet) - await wallet.create_local_did(KEY, ED25519, self.seed) - kid = "did:key:z6Mkgg342Ycpuk263R9d8Aq6MUaxPn1DDeHyGo38EefXmgDL#z6Mkgg342Ycpuk263R9d8Aq6MUaxPn1DDeHyGo38EefXmgDL" - (key_material, key_type) = await resolve_public_key_by_kid_for_verify( + async def test_resolve_public_key_by_kid_for_verify_ed25519(self): + (_, kid) = await self.setUpTestingDid(ED25519) + (key_bs58, key_type) = await resolve_public_key_by_kid_for_verify( self.profile, kid ) - assert key_material == "3Dn1SJNPaCXcvvJvSbsFWP2xaCjMom3can8CQNhWrTRx" + assert key_bs58 == "3Dn1SJNPaCXcvvJvSbsFWP2xaCjMom3can8CQNhWrTRx" assert key_type == ED25519 + + async def test_resolve_public_key_by_kid_for_verify_p256(self): + (_, kid) = await self.setUpTestingDid(P256) + (key_bs58, key_type) = await resolve_public_key_by_kid_for_verify( + self.profile, kid + ) + + assert key_bs58 == "tYbR5egjfja9D5ix1jjYGqfh5QPu73RcZ7UjQUXtargj" + assert key_type == P256