diff --git a/packages/credential-w3c/src/__tests__/action-handler.test.ts b/packages/credential-w3c/src/__tests__/action-handler.test.ts index c43feedbd..dde7a6e64 100644 --- a/packages/credential-w3c/src/__tests__/action-handler.test.ts +++ b/packages/credential-w3c/src/__tests__/action-handler.test.ts @@ -45,7 +45,13 @@ const mockIdentifiers: IIdentifier[] = [ controllerKeyId: 'kid2', keys: [ { - kid: 'kid2', + kid: 'kid2a', + publicKeyHex: 'pub', + type: 'Ed25519', + kms: 'mock', + }, + { + kid: 'kid2b', publicKeyHex: 'pub', type: 'Secp256k1', kms: 'mock', @@ -98,8 +104,18 @@ let agent = { } as any as TAgent describe('@veramo/credential-w3c', () => { + const keyManagerSign = agent.keyManagerSign as + | jest.Mock<(args: { algorithm: string; keyRef: string}) => Promise> + + beforeEach(() => { + keyManagerSign.mockClear() + }); + test.each(mockIdentifiers)('handles createVerifiableCredential', async (mockIdentifier) => { - expect.assertions(3) + expect.assertions(6) + + const keyRef = mockIdentifier.keys[1]?.kid // Second key or undefined + const expectedKey = mockIdentifier.keys[mockIdentifier.keys.length - 1] agent.didManagerGet = jest.fn(async (args): Promise => mockIdentifier) const context = { agent } @@ -126,6 +142,7 @@ describe('@veramo/credential-w3c', () => { credential, save: false, proofFormat: 'jwt', + keyRef, }, context, ) @@ -133,6 +150,10 @@ describe('@veramo/credential-w3c', () => { expect(context.agent.didManagerGet).toBeCalledWith({ did: mockIdentifier.did }) expect(context.agent.dataStoreSaveVerifiableCredential).not.toBeCalled() expect(vc.id).toEqual('vc1') + + expect(keyManagerSign).toBeCalled() + expect(keyManagerSign.mock.calls[0][0].keyRef).toEqual(expectedKey.kid) + expect(keyManagerSign.mock.calls[0][0].algorithm).toEqual(expectedKey.type === 'Ed25519' ? 'EdDSA' : 'ES256K') }) test.each(mockIdentifiers)('handles createVerifiablePresentation', async (mockIdentifier) => { diff --git a/packages/credential-w3c/src/action-handler.ts b/packages/credential-w3c/src/action-handler.ts index 80c0e8542..ec5a7f2de 100644 --- a/packages/credential-w3c/src/action-handler.ts +++ b/packages/credential-w3c/src/action-handler.ts @@ -129,9 +129,7 @@ export class CredentialPlugin implements IAgentPlugin { } catch (e) { throw new Error('invalid_argument: presentation.holder must be a DID managed by this agent') } - //FIXME: `args` should allow picking a key or key type - const key = identifier.keys.find((k) => k.type === 'Secp256k1' || k.type === 'Ed25519' || k.type === 'Secp256r1') - if (!key) throw Error('key_not_found: No signing key for ' + identifier.did) + const key = pickSigningKey(identifier, keyRef) let verifiablePresentation: VerifiablePresentation @@ -237,9 +235,7 @@ export class CredentialPlugin implements IAgentPlugin { ) } } else { - //FIXME: `args` should allow picking a key or key type - const key = identifier.keys.find((k) => k.type === 'Secp256k1' || k.type === 'Ed25519' || k.type === 'Secp256r1') - if (!key) throw Error('No signing key for ' + identifier.did) + const key = pickSigningKey(identifier, keyRef) debug('Signing VC with', identifier.did) let alg = 'ES256K' @@ -480,6 +476,20 @@ export class CredentialPlugin implements IAgentPlugin { } } +function pickSigningKey(identifier: IIdentifier, keyRef?: string): IKey { + let key: IKey | undefined + + if (!keyRef) { + key = identifier.keys.find((k) => k.type === 'Secp256k1' || k.type === 'Ed25519' || k.type === 'Secp256r1') + if (!key) throw Error('key_not_found: No signing key for ' + identifier.did) + } else { + key = identifier.keys.find((k) => k.kid === keyRef) + if (!key) throw Error('key_not_found: No signing key for ' + identifier.did + ' with kid ' + keyRef) + } + + return key as IKey +} + function wrapSigner( context: IAgentContext>, key: IKey,