From 64d6699dd654e3e0d5f8b0d606411a77a8f38185 Mon Sep 17 00:00:00 2001
From: "github-actions[bot]" <action@github.com>
Date: Wed, 18 Jan 2023 13:14:15 +0800
Subject: [PATCH] fix didVerify will always return false when hash multiple
 signer keys and not sign with the first

---
 packages/verify/src/didVerify.ts | 30 ++++++++++++++++++------------
 1 file changed, 18 insertions(+), 12 deletions(-)

diff --git a/packages/verify/src/didVerify.ts b/packages/verify/src/didVerify.ts
index eadbb1a..babbd7b 100644
--- a/packages/verify/src/didVerify.ts
+++ b/packages/verify/src/didVerify.ts
@@ -2,14 +2,24 @@
 // SPDX-License-Identifier: Apache-2.0
 
 import type { HexString } from '@zcloak/crypto/types';
-import type { DidDocument, DidUrl } from '@zcloak/did-resolver/types';
+import type { DidDocument, DidUrl, VerificationMethodType } from '@zcloak/did-resolver/types';
 
 import { u8aToU8a } from '@polkadot/util';
 
-import { decodeMultibase, ed25519Verify, secp256k1Verify } from '@zcloak/crypto';
+import { ed25519Verify, secp256k1Verify } from '@zcloak/crypto';
+import { helpers } from '@zcloak/did';
 import { DidResolver } from '@zcloak/did-resolver';
 import { defaultResolver } from '@zcloak/did-resolver/defaults';
 
+const VERIFIERS: Record<
+  VerificationMethodType,
+  (message: Uint8Array, signature: HexString | Uint8Array, publicKey: Uint8Array) => boolean
+> = {
+  EcdsaSecp256k1VerificationKey2019: secp256k1Verify,
+  Ed25519VerificationKey2020: ed25519Verify,
+  X25519KeyAgreementKey2019: () => false
+};
+
 /**
  * @name didVerify
  * @summary Verifies the signature on the supplied message.
@@ -58,18 +68,14 @@ export async function didVerify(
       ? await resolverOrDidDocument.resolve(didUrl)
       : resolverOrDidDocument;
 
-  const finded = document.verificationMethod?.find((method) => {
-    return method.id;
-  });
-
-  if (!finded) return false;
+  const did = helpers.fromDidDocument(document);
 
-  const publicKey = decodeMultibase(finded.publicKeyMultibase);
+  for (const [, { publicKey, type }] of did.keyRelationship) {
+    const isTrue = VERIFIERS[type](messageU8a, signature, publicKey);
 
-  if (finded.type === 'EcdsaSecp256k1VerificationKey2019') {
-    return secp256k1Verify(messageU8a, signature, publicKey);
-  } else if (finded.type === 'Ed25519VerificationKey2020') {
-    return ed25519Verify(messageU8a, signature, publicKey);
+    if (isTrue) {
+      return isTrue;
+    }
   }
 
   return false;