peer did 2/3 resolution

.devcontainer/devcontainer.json

@@ -44,6 +44,7 @@
     "remoteUser": "vscode",
 
     "remoteEnv": {
+        "RUST_LOG":"aries-askar::log::target=error"
         //"PATH": "${containerEnv:PATH}:${workspaceRoot}/.venv/bin"
     },
 

aries_cloudagent/connections/base_manager.py

@@ -18,7 +18,6 @@
     Ed25519VerificationKey2020,
     JsonWebKey2020,
 )
-
 from ..cache.base import BaseCache
 from ..config.base import InjectionError
 from ..config.logging import get_logger_inst
@@ -61,7 +60,8 @@ class BaseConnectionManagerError(BaseError):
 class BaseConnectionManager:
     """Class to provide utilities regarding connection_targets."""
 
-    RECORD_TYPE_DID_DOC = "did_doc"
+    RECORD_TYPE_DID_DOC = "did_doc"  # legacy
+    RECORD_TYPE_DID_DOCUMENT = "did_document"  # pydid DIDDocument
     RECORD_TYPE_DID_KEY = "did_key"
 
     def __init__(self, profile: Profile):
@@ -123,6 +123,7 @@ async def create_did_document(
                     f"Router connection not completed: {router_id}"
                 )
             routing_doc, _ = await self.fetch_did_document(router.their_did)
+            assert isinstance(routing_doc, DIDDoc)
             if not routing_doc.service:
                 raise BaseConnectionManagerError(
                     f"No services defined by routing DIDDoc: {router_id}"
@@ -665,12 +666,15 @@ def diddoc_connection_targets(
                 )
         return targets
 
-    async def fetch_did_document(self, did: str) -> Tuple[DIDDoc, StorageRecord]:
+    async def fetch_did_document(
+        self, did: str
+    ) -> Tuple[Union[DIDDoc, ResolvedDocument], StorageRecord]:
         """Retrieve a DID Document for a given DID.
 
         Args:
             did: The DID to search for
         """
+        # legacy documents for unqualified dids
         async with self._profile.session() as session:
             storage = session.inject(BaseStorage)
             record = await storage.find_record(self.RECORD_TYPE_DID_DOC, {"did": did})

aries_cloudagent/resolver/__init__.py

@@ -50,3 +50,15 @@ async def setup(context: InjectionContext):
         ).provide(context.settings, context.injector)
         await universal_resolver.setup(context)
         registry.register_resolver(universal_resolver)
+
+    peer_did_2_resolver = ClassProvider(
+        "aries_cloudagent.resolver.default.peer2.PeerDID2Resolver"
+    ).provide(context.settings, context.injector)
+    await peer_did_2_resolver.setup(context)
+    registry.register_resolver(peer_did_2_resolver)
+
+    peer_did_3_resolver = ClassProvider(
+        "aries_cloudagent.resolver.default.peer3.PeerDID3Resolver"
+    ).provide(context.settings, context.injector)
+    await peer_did_3_resolver.setup(context)
+    registry.register_resolver(peer_did_3_resolver)

aries_cloudagent/resolver/default/peer2.py

@@ -0,0 +1,96 @@
+"""Peer DID Resolver.
+
+Resolution is performed using the peer-did-python library https://github.com/sicpa-dlab/peer-did-python.
+"""
+
+from typing import Optional, Pattern, Sequence, Text, Union
+
+from peerdid.dids import (
+    is_peer_did,
+    PEER_DID_PATTERN,
+    resolve_peer_did,
+    DID,
+    DIDDocument,
+    MalformedPeerDIDError,
+)
+
+from ...config.injection_context import InjectionContext
+from ...core.profile import Profile
+from ..base import BaseDIDResolver, DIDNotFound, ResolverType
+from .peer3 import PeerDID3Resolver, _convert_to_did_peer_3_document
+
+
+class PeerDID2Resolver(BaseDIDResolver):
+    """Peer DID Resolver."""
+
+    def __init__(self):
+        """Initialize Key Resolver."""
+        super().__init__(ResolverType.NATIVE)
+
+    async def setup(self, context: InjectionContext):
+        """Perform required setup for Key DID resolution."""
+
+    @property
+    def supported_did_regex(self) -> Pattern:
+        """Return supported_did_regex of Key DID Resolver."""
+        return PEER_DID_PATTERN
+
+    async def _resolve(
+        self,
+        profile: Profile,
+        did: str,
+        service_accept: Optional[Sequence[Text]] = None,
+    ) -> dict:
+        """Resolve a Key DID."""
+        try:
+            peer_did = is_peer_did(did)
+        except Exception as e:
+            raise DIDNotFound(f"peer_did is not formatted correctly: {did}") from e
+        if peer_did:
+            did_doc = self.resolve_peer_did_with_service_key_reference(did)
+            await PeerDID3Resolver().create_and_store_document(profile, did_doc)
+        else:
+            raise DIDNotFound(f"did is not a peer did: {did}")
+
+        return did_doc.dict()
+
+    def resolve_peer_did_with_service_key_reference(
+        self, peer_did_2: Union[str, DID]
+    ) -> DIDDocument:
+        """Generate a DIDDocument from the did:peer:2 based on peer-did-python library.
+
+        And additional modification to ensure recipient key
+        references verificationmethod in same document.
+        """
+        return _resolve_peer_did_with_service_key_reference(peer_did_2)
+
+
+def _resolve_peer_did_with_service_key_reference(
+    peer_did_2: Union[str, DID]
+) -> DIDDocument:
+    try:
+        doc = resolve_peer_did(peer_did_2)
+        ## WORKAROUND LIBRARY NOT REREFERENCING RECEIPIENT_KEY
+        services = doc.service
+        signing_keys = [
+            vm
+            for vm in doc.verification_method or []
+            if vm.type == "Ed25519VerificationKey2020"
+        ]
+        if services and signing_keys:
+            services[0].__dict__["recipient_keys"] = [signing_keys[0].id]
+        else:
+            raise Exception("no recipient_key signing_key pair")
+    except Exception as e:
+        raise ValueError("pydantic validation error:" + str(e))
+    return doc
+
+
+def convert_to_did_peer_3(peer_did_2: Union[str, DID]) -> DIDDocument:
+    """Generate did:peer:3 and corresponding DIDDocument."""
+    if not peer_did_2.startswith("did:peer:2"):
+        raise MalformedPeerDIDError("did:peer:2 expected")
+
+    doc = _resolve_peer_did_with_service_key_reference(peer_did_2)
+    _convert_to_did_peer_3_document(doc)
+    return doc

aries_cloudagent/resolver/default/peer3.py

@@ -0,0 +1,193 @@
+"""Peer DID Resolver.
+
+Resolution is performed by converting did:peer:2 to did:peer:3 according to 
+https://identity.foundation/peer-did-method-spec/#generation-method:~:text=Method%203%3A%20DID%20Shortening%20with%20SHA%2D256%20Hash
+DID Document is just a did:peer:2 document (resolved by peer-did-python) where 
+the did:peer:2 has been replaced with the did:peer:3.
+"""
+
+import re
+from copy import deepcopy
+from hashlib import sha256
+from typing import Optional, Pattern, Sequence, Text, List
+from multiformats import multibase, multicodec
+
+from peerdid.dids import (
+    DID,
+    MalformedPeerDIDError,
+    DIDDocument,
+    DIDUrl,
+)
+from peerdid.keys import to_multibase, MultibaseFormat
+from ...wallet.util import bytes_to_b58
+
+from ...connections.base_manager import BaseConnectionManager
+from ...config.injection_context import InjectionContext
+from ...core.profile import Profile
+from ...storage.base import BaseStorage
+from ...storage.error import StorageDuplicateError, StorageNotFoundError
+from ...storage.record import StorageRecord
+
+from ..base import BaseDIDResolver, DIDNotFound, ResolverType
+
+
+class PeerDID3Resolver(BaseDIDResolver):
+    """Peer DID Resolver."""
+
+    def __init__(self):
+        """Initialize Key Resolver."""
+        super().__init__(ResolverType.NATIVE)
+
+    async def setup(self, context: InjectionContext):
+        """Perform required setup for Key DID resolution."""
+
+    @property
+    def supported_did_regex(self) -> Pattern:
+        """Return supported_did_regex of Key DID Resolver."""
+        return re.compile(r"^did:peer:3(.*)")
+
+    async def _resolve(
+        self,
+        profile: Profile,
+        did: str,
+        service_accept: Optional[Sequence[Text]] = None,
+    ) -> dict:
+        """Resolve a Key DID."""
+        if did.startswith("did:peer:3"):
+            # retrieve did_doc from storage using did:peer:3
+            async with profile.session() as session:
+                storage = session.inject(BaseStorage)
+                record = await storage.find_record(
+                    BaseConnectionManager.RECORD_TYPE_DID_DOCUMENT, {"did": did}
+                )
+                did_doc = DIDDocument.from_json(record.value)
+        else:
+            raise DIDNotFound(f"did is not a did:peer:3 {did}")
+
+        return did_doc.dict()
+
+    async def create_and_store_document(
+        self, profile: Profile, peer_did_2_doc: DIDDocument
+    ):
+        """Injest did:peer:2 document create did:peer:3 and store document."""
+        if not peer_did_2_doc.id.startswith("did:peer:2"):
+            raise MalformedPeerDIDError("did:peer:2 expected")
+
+        dp3_doc = deepcopy(peer_did_2_doc)
+        _convert_to_did_peer_3_document(dp3_doc)
+        try:
+            async with profile.session() as session:
+                storage = session.inject(BaseStorage)
+                record = await storage.find_record(
+                    BaseConnectionManager.RECORD_TYPE_DID_DOCUMENT, {"did": dp3_doc.id}
+                )
+        except StorageNotFoundError:
+            record = StorageRecord(
+                BaseConnectionManager.RECORD_TYPE_DID_DOCUMENT,
+                dp3_doc.to_json(),
+                {"did": dp3_doc.id},
+            )
+            async with profile.session() as session:
+                storage: BaseStorage = session.inject(BaseStorage)
+                await storage.add_record(record)
+        else:
+            async with profile.session() as session:
+                storage: BaseStorage = session.inject(BaseStorage)
+                await storage.update_record(
+                    record, dp3_doc.to_json(), {"did": dp3_doc.id}
+                )
+        await _reset_keys_from_did_doc(profile, dp3_doc)
+
+        return dp3_doc
+
+
+async def _reset_keys_from_did_doc(profile, did_doc):
+    async with profile.session() as session:
+        storage: BaseStorage = session.inject(BaseStorage)
+        await storage.delete_all_records(
+            BaseConnectionManager.RECORD_TYPE_DID_KEY, {"did": did_doc.id}
+        )
+
+    for vm in did_doc.verification_method or []:
+        if vm.controller == did_doc.id:
+            if vm.public_key_base58:
+                await _add_key_for_did(profile, did_doc.id, vm.public_key_base58)
+            if vm.public_key_multibase:
+                pk = multibase.decode(vm.public_key_multibase)
+                if len(pk) == 32:  # No multicodec prefix
+                    pk = bytes_to_b58(pk)
+                else:
+                    codec, key = multicodec.unwrap(pk)
+                    if codec == multicodec.multicodec("ed25519-pub"):
+                        pk = bytes_to_b58(key)
+                    else:
+                        continue
+                await _add_key_for_did(profile, did_doc.id, pk)
+
+
+async def _add_key_for_did(profile, did: str, key: str):
+    """Store a verkey for lookup against a DID.
+
+    Args:
+        did: The DID to associate with this key
+        key: The verkey to be added
+    """
+    record = StorageRecord(
+        BaseConnectionManager.RECORD_TYPE_DID_KEY, key, {"did": did, "key": key}
+    )
+    async with profile.session() as session:
+        storage: BaseStorage = session.inject(BaseStorage)
+        try:
+            await storage.find_record(
+                BaseConnectionManager.RECORD_TYPE_DID_KEY, {"key": key}
+            )
+        except StorageNotFoundError:
+            await storage.add_record(record)
+        except StorageDuplicateError:
+            pass
+            # "Key already associated with DID: %s; this is likely caused by "
+            # "routing keys being erroneously stored in the past",
+
+
+def _replace_all_values(input, org, new):
+    for k, v in input.items():
+        if isinstance(v, type(dict)):
+            _replace_all_values(v, org, new)
+        if isinstance(v, List):
+            for i, item in enumerate(v):
+                if isinstance(item, type(dict)):
+                    _replace_all_values(item, org, new)
+                elif (
+                    isinstance(item, str)
+                    or isinstance(item, DID)
+                    or isinstance(item, DIDUrl)
+                ):
+                    v.pop(i)
+                    v.append(item.replace(org, new, 1))
+                elif hasattr(item, "__dict__"):
+                    _replace_all_values(item.__dict__, org, new)
+                else:
+                    pass
+
+        elif isinstance(v, str) or isinstance(v, DID) or isinstance(v, DIDUrl):
+            input[k] = v.replace(org, new, 1)
+        else:
+            pass
+
+
+def _convert_to_did_peer_3_document(dp2_document: DIDDocument) -> DIDDocument:
+    content = to_multibase(
+        sha256(dp2_document.id.lstrip("did:peer:2").encode()).digest(),
+        MultibaseFormat.BASE58,
+    )
+    dp3 = DID("did:peer:3" + content)
+    dp2 = dp2_document.id
+    _replace_all_values(dp2_document.__dict__, dp2, dp3)
+
+    # update document indexes
+    new_indexes = {}
+    for ind, val in dp2_document._index.items():
+        new_indexes[ind.replace(dp2, dp3)] = val
+
+    dp2_document._index = new_indexes
+    return dp2_document