Merge pull request #344 from hypersign-protocol/update-did-fix

Fix: Single DIDDoc update operation
hypersign-protocol · Mar 18, 2023 · 81de84f · 81de84f
2 parents 12f4a8a + f25acd8
commit 81de84f
Show file tree

Hide file tree

Showing 3 changed files with 135 additions and 17 deletions.
diff --git a/tests/e2e/ssi_tests/e2e_tests.py b/tests/e2e/ssi_tests/e2e_tests.py
@@ -353,6 +353,66 @@ def update_did_test():
     update_tx_cmd = form_did_update_tx_multisig(did_doc_string, signers, DEFAULT_BLOCKCHAIN_ACCOUNT_NAME)
     run_blockchain_command(update_tx_cmd, f"Jenny (controller) attempts to update Tx")
 
+    print("12. FAIL: Jenny creates a DID. She then attempts to update the DIDDoc by adding a new Verification method. She passes signature only for old VM\n")
+    kp_jenny = generate_key_pair()
+    kp_jenny_2 = generate_key_pair()
+
+    signers = []
+    did_doc_string = generate_did_document(kp_jenny)
+    did_doc_jenny = did_doc_string["id"]
+    did_doc_jenny_vm = did_doc_string["verificationMethod"][0]
+    signPair_jenny = {
+        "kp": kp_jenny,
+        "verificationMethodId": did_doc_jenny_vm["id"],
+        "signing_algo": "ed25519"
+    }
+    signers.append(signPair_jenny)
+    create_tx_cmd = form_did_create_tx_multisig(did_doc_string, signers, DEFAULT_BLOCKCHAIN_ACCOUNT_NAME)
+    run_blockchain_command(create_tx_cmd, f"Registering of Jenny's DID with Id: {did_doc_jenny}")
+
+    signers = []
+    did_doc_string_alice = generate_did_document(kp_jenny_2)
+    new_vm = did_doc_string_alice["verificationMethod"][0]
+    new_vm_id = did_doc_string["verificationMethod"][0]["id"] + "news"
+    new_vm["id"] = new_vm_id
+    new_vm["controller"] = did_doc_string["id"]
+
+    did_doc_string["verificationMethod"] = [
+        did_doc_string["verificationMethod"][0],
+        new_vm,
+    ]
+    signPair_jenny_1 = {
+        "kp": kp_jenny,
+        "verificationMethodId": did_doc_jenny_vm["id"],
+        "signing_algo": "ed25519"
+    }
+    signPair_jenny_2 = {
+        "kp": kp_jenny_2,
+        "verificationMethodId": new_vm_id,
+        "signing_algo": "ed25519"
+    }
+    signers.append(signPair_jenny_1)
+    update_tx_cmd = form_did_update_tx_multisig(did_doc_string, signers, DEFAULT_BLOCKCHAIN_ACCOUNT_NAME)
+    run_blockchain_command(update_tx_cmd, f"Jenny attempts to update the DIDDoc with only old VM's signature", True)
+
+    print("13. PASS: Jenny attempts to update the same didDoc by passing signatures for both old and new verification methods\n")
+
+    signers = []
+    signers.append(signPair_jenny_1)
+    signers.append(signPair_jenny_2)
+    update_tx_cmd = form_did_update_tx_multisig(did_doc_string, signers, DEFAULT_BLOCKCHAIN_ACCOUNT_NAME)
+    run_blockchain_command(update_tx_cmd, f"Jenny attempts to update the DIDDoc with both new and old VM's signature")
+
+    print("14. PASS: Jenny removes the inital verification method she had added. She passes only one signature corresponding to the lastest VM")
+
+    did_doc_string["verificationMethod"] = [
+        new_vm,
+    ]
+    signers = []
+    signers.append(signPair_jenny_1)
+    update_tx_cmd = form_did_update_tx_multisig(did_doc_string, signers, DEFAULT_BLOCKCHAIN_ACCOUNT_NAME)
+    run_blockchain_command(update_tx_cmd, f"Jenny attempts to remove Verification Method using signature corresponding to other verification method")
+
     print("--- Test Completed ---\n")
 
 def deactivate_did():

diff --git a/x/ssi/keeper/msg_server.go b/x/ssi/keeper/msg_server.go
@@ -88,6 +88,7 @@ func (k msgServer) formMustControllerVmListMap(ctx sdk.Context,
 				if presentInControllerMap {
 					vmExtended := types.CreateExtendedVerificationMethod(vmMap[vmId], sign)
 					controllerMap[controller] = append(controllerMap[controller], vmExtended)
+					delete(inputSignMap, vmId)
 				}
 				// Check for VM from the respective controller's DID Doc
 			} else {
@@ -99,6 +100,7 @@ func (k msgServer) formMustControllerVmListMap(ctx sdk.Context,
 				if presentInControllerMap {
 					vmExtended := types.CreateExtendedVerificationMethod(vmState, sign)
 					controllerMap[controller] = append(controllerMap[controller], vmExtended)
+					delete(inputSignMap, vmId)
 				}
 			}
 		}

diff --git a/x/ssi/keeper/msg_server_update_did.go b/x/ssi/keeper/msg_server_update_did.go
@@ -57,29 +57,85 @@ func (k msgServer) UpdateDID(goCtx context.Context, msg *types.MsgUpdateDID) (*t
 		return nil, sdkerrors.Wrap(types.ErrUnexpectedDidVersion, errMsg)
 	}
 
-	// Look for any change in Controller array
-	mandatoryControllers, anyControllers := getControllersForUpdateDID(existingDidDocument, msgDidDocument)
-	if err := k.checkControllerPresenceInState(ctx, mandatoryControllers, msgDidDocument.Id); err != nil {
-		return nil, sdkerrors.Wrap(types.ErrInvalidDidDoc, err.Error())
+	signMap := makeSignatureMap(msgSignatures)
+
+	// Check if there is any change in controllers
+	var optionalVmMap map[string][]*types.ExtendedVerificationMethod
+	var requiredVmMap map[string][]*types.ExtendedVerificationMethod
+	var vmMapErr error
+
+	existingDidDocumentControllers := existingDidDocument.Controller
+	incomingDidDocumentControllers := msgDidDocument.Controller
+
+	// Assume DID Subject as controller if the controller array is empty
+	if len(existingDidDocumentControllers) == 0 {
+		existingDidDocumentControllers = append(existingDidDocumentControllers, existingDidDocument.Id)
 	}
-	if err := k.checkControllerPresenceInState(ctx, anyControllers, msgDidDocument.Id); err != nil {
-		return nil, sdkerrors.Wrap(types.ErrInvalidDidDoc, err.Error())
+	if len(incomingDidDocumentControllers) == 0 {
+		incomingDidDocumentControllers = append(incomingDidDocumentControllers, msgDidDocument.Id)
 	}
 
-	// Gather Verification Methods
-	updatedVms := getVerificationMethodsForUpdateDID(existingDidDocument.VerificationMethod, msgDidDocument.VerificationMethod)
+	// check if both controller arrays are equal
+	if reflect.DeepEqual(existingDidDocumentControllers, incomingDidDocumentControllers) {
+		commonController := existingDidDocumentControllers
+		if err := k.checkControllerPresenceInState(ctx, commonController, msgDidDocument.Id); err != nil {
+			return nil, sdkerrors.Wrap(types.ErrInvalidDidDoc, err.Error())
+		}
 
-	signMap := makeSignatureMap(msgSignatures)
+		// Check if verification Methods are similar
+		if reflect.DeepEqual(existingDidDocument.VerificationMethod, msgDidDocument.VerificationMethod) {
+			optionalVmMap, vmMapErr = k.formAnyControllerVmListMap(ctx, commonController, existingDidDocument.VerificationMethod, signMap)
+			if vmMapErr != nil {
+				return nil, sdkerrors.Wrap(types.ErrInvalidDidDoc, vmMapErr.Error())
+			}
+		} else {
+			// if Vms are not similar
+			// Get the distinct VMs (new)
+			updatedVms := getVerificationMethodsForUpdateDID(existingDidDocument.VerificationMethod, msgDidDocument.VerificationMethod)
 
-	requiredVmMap, err := k.formMustControllerVmListMap(ctx, mandatoryControllers, updatedVms, signMap)
-	if err != nil {
-		return nil, sdkerrors.Wrap(types.ErrInvalidDidDoc, err.Error())
-	}
+			for _, vm := range updatedVms {
+				if _, signInfoProvided := signMap[vm.Id]; !signInfoProvided {
+					return nil, sdkerrors.Wrapf(
+						types.ErrInvalidSignature,
+						"signature must be provided for verification method id %v",
+						vm.Id,
+					)
+				}
+				vmExtended := types.CreateExtendedVerificationMethod(vm, signMap[vm.Id])
+				if requiredVmMap == nil {
+					requiredVmMap = map[string][]*types.ExtendedVerificationMethod{}
+				}
+				requiredVmMap[vm.Controller] = append(requiredVmMap[vm.Controller], vmExtended)
+				delete(signMap, vm.Id)
+			}
 
-	optionalVmMap, err := k.formAnyControllerVmListMap(ctx,
-		anyControllers, existingDidDocument.VerificationMethod, signMap)
-	if err != nil {
-		return nil, sdkerrors.Wrap(types.ErrInvalidDidDoc, err.Error())
+			optionalVmMap, vmMapErr = k.formAnyControllerVmListMap(ctx, commonController, existingDidDocument.VerificationMethod, signMap)
+			if err != vmMapErr {
+				return nil, sdkerrors.Wrap(types.ErrInvalidDidDoc, vmMapErr.Error())
+			}
+		}
+	} else {
+		// Look for any change in Controller array
+		mandatoryControllers, anyControllers := getControllersForUpdateDID(existingDidDocument, msgDidDocument)
+		if err := k.checkControllerPresenceInState(ctx, mandatoryControllers, msgDidDocument.Id); err != nil {
+			return nil, sdkerrors.Wrap(types.ErrInvalidDidDoc, err.Error())
+		}
+		if err := k.checkControllerPresenceInState(ctx, anyControllers, msgDidDocument.Id); err != nil {
+			return nil, sdkerrors.Wrap(types.ErrInvalidDidDoc, err.Error())
+		}
+
+		// Gather Verification Methods
+		updatedVms := getVerificationMethodsForUpdateDID(existingDidDocument.VerificationMethod, msgDidDocument.VerificationMethod)
+
+		requiredVmMap, vmMapErr = k.formMustControllerVmListMap(ctx, mandatoryControllers, updatedVms, signMap)
+		if vmMapErr != nil {
+			return nil, sdkerrors.Wrap(types.ErrInvalidDidDoc, vmMapErr.Error())
+		}
+
+		optionalVmMap, vmMapErr = k.formAnyControllerVmListMap(ctx, anyControllers, existingDidDocument.VerificationMethod, signMap)
+		if err != vmMapErr {
+			return nil, sdkerrors.Wrap(types.ErrInvalidDidDoc, vmMapErr.Error())
+		}
 	}
 
 	// Signature Verification