cheqd plugin: new feature /did/import endpoint (openwallet-foundation#1976)

* feat: Add /did/import endpoint

Signed-off-by: Sownak Roy <sownak@cheqd.io>

* Add cheqd did integration test

Signed-off-by: Sownak Roy <sownak@cheqd.io>

* fix: e2e did:cheqd import and verify test

Signed-off-by: Sownak Roy <sownak@cheqd.io>

* fix: add check for keytype

Signed-off-by: Sownak Roy <sownak@cheqd.io>

* updated log levels

Signed-off-by: Sownak Roy <sownak@cheqd.io>

---------

Signed-off-by: Sownak Roy <sownak@cheqd.io>

Author: sownak

cheqd/cheqd/did/base.py

@@ -1,7 +1,7 @@
 """DID Manager Base Classes."""
 
 from abc import ABC, abstractmethod
-from typing import List, Optional, Union, Literal, Dict
+from typing import Dict, List, Literal, Optional, Union
 
 from acapy_agent.core.error import BaseError
 from acapy_agent.core.profile import Profile

cheqd/cheqd/did/helpers.py

@@ -5,8 +5,9 @@
 from typing import Dict, List, Union
 from uuid import uuid4
 
-from acapy_agent.wallet.util import b64_to_bytes, bytes_to_b58, bytes_to_b64
 from acapy_agent.utils.multiformats import multibase, multicodec
+from acapy_agent.wallet.util import b64_to_bytes, bytes_to_b58, bytes_to_b64
+from base58 import b58encode
 
 
 class CheqdNetwork(Enum):
@@ -119,12 +120,14 @@ def create_did_verification_method(
                 }
             )
         elif type_ == VerificationMethods.Ed255192018:
+            public_key_bytes = b64_to_bytes(key["publicKey"])
+            public_key_base58 = b58encode(public_key_bytes).decode()
             methods.append(
                 {
                     "id": key["keyId"],
                     "type": type_.value,
                     "controller": key["didUrl"],
-                    "publicKeyBase58": key["methodSpecificId"][1:],
+                    "publicKeyBase58": public_key_base58,
                 }
             )
         elif type_ == VerificationMethods.JWK:

cheqd/cheqd/did/manager.py

@@ -6,36 +6,39 @@
 from acapy_agent.resolver.base import DIDNotFound
 from acapy_agent.wallet.base import BaseWallet
 from acapy_agent.wallet.crypto import validate_seed
+from acapy_agent.wallet.did_info import DIDInfo
 from acapy_agent.wallet.did_method import DIDMethods
 from acapy_agent.wallet.did_parameters_validation import DIDParametersValidation
 from acapy_agent.wallet.error import WalletError
-from acapy_agent.wallet.key_type import ED25519
+from acapy_agent.wallet.key_type import BLS12381G2, ED25519, P256
+from acapy_agent.wallet.keys.manager import multikey_to_verkey
+from acapy_agent.wallet.routes import format_did_info
 from acapy_agent.wallet.util import b58_to_bytes, bytes_to_b64
 from aiohttp import web
 
-from .base import (
-    DidUpdateRequestOptions,
-    SubmitSignatureOptions,
-    DIDDocumentSchema,
-    DidActionState,
-)
-from .helpers import (
-    create_verification_keys,
-    create_did_verification_method,
-    VerificationMethods,
-    create_did_payload,
-    CheqdNetwork,
-)
 from ..did.base import (
     BaseDIDManager,
     CheqdDIDManagerError,
-    Secret,
-    DidDeactivateRequestOptions,
     DidCreateRequestOptions,
+    DidDeactivateRequestOptions,
     Options,
+    Secret,
 )
 from ..did_method import CHEQD
 from ..resolver.resolver import CheqdDIDResolver
+from .base import (
+    DidActionState,
+    DIDDocumentSchema,
+    DidUpdateRequestOptions,
+    SubmitSignatureOptions,
+)
+from .helpers import (
+    CheqdNetwork,
+    VerificationMethods,
+    create_did_payload,
+    create_did_verification_method,
+    create_verification_keys,
+)
 from .registrar import DIDRegistrar
 
 LOGGER = logging.getLogger(__name__)
@@ -86,9 +89,11 @@ async def create(
                 verkey = key.verkey
                 verkey_bytes = b58_to_bytes(verkey)
                 public_key_b64 = bytes_to_b64(verkey_bytes)
-                verification_method = (
-                    options.get("verification_method") or VerificationMethods.Ed255192020
-                )
+                verification_method = VerificationMethods.Ed255192020
+                if options.get("verification_method"):
+                    verification_method = VerificationMethods(
+                        options.get("verification_method")
+                    )
 
                 if did_doc is None:
                     # generate payload
@@ -159,7 +164,7 @@ async def create(
         return {
             "did": did,
             "verkey": verkey,
-            "didDocument": publish_did_state.didDocument.dict(),
+            "didDocument": publish_did_state.didDocument.model_dump(),
         }
 
     async def update(self, did: str, did_doc: dict, options: dict = None) -> dict:
@@ -218,7 +223,7 @@ async def update(self, did: str, did_doc: dict, options: dict = None) -> dict:
             except Exception as ex:
                 raise ex
 
-        return {"did": did, "didDocument": publish_did_state.didDocument.dict()}
+        return {"did": did, "didDocument": publish_did_state.didDocument.model_dump()}
 
     async def deactivate(self, did: str, options: dict = None) -> dict:
         """Deactivate a Cheqd DID."""
@@ -277,6 +282,77 @@ async def deactivate(self, did: str, options: dict = None) -> dict:
                 raise ex
         return {
             "did": did,
-            "didDocument": publish_did_state.didDocument.dict(),
+            "didDocument": publish_did_state.didDocument.model_dump(),
             "didDocumentMetadata": metadata,
         }
+
+    async def import_did(self, did_document: dict, metadata: dict = None) -> dict:
+        """Import a DID."""
+        metadata = metadata or {}
+
+        async with self.profile.session() as session:
+            try:
+                wallet = session.inject(BaseWallet)
+                if not wallet:
+                    raise WalletError(reason="No wallet available")
+
+                did = did_document.get("id")
+                if not did:
+                    raise WalletError(reason="DID document must contain an 'id' field")
+
+                # Extract verification method (assuming first one for simplicity)
+                verification_methods = did_document.get("verificationMethod", [])
+                if not verification_methods:
+                    raise WalletError(
+                        reason="DID document must contain verification methods"
+                    )
+                # Get the first verification method's public key
+                first_vm = verification_methods[0]
+                # Handle both publicKeyBase58 and publicKeyMultibase formats
+                public_key_base58 = first_vm.get("publicKeyBase58")
+                public_key_multibase = first_vm.get("publicKeyMultibase")
+                if public_key_base58:
+                    # If we have publicKeyBase58, use it directly
+                    verkey = public_key_base58
+                elif public_key_multibase:
+                    # If we have publicKeyMultibase, convert it to verkey format
+                    verkey = multikey_to_verkey(public_key_multibase)
+                else:
+                    raise WalletError(
+                        reason=(
+                            "Verification method must contain either "
+                            "'publicKeyBase58' or 'publicKeyMultibase'"
+                        )
+                    )
+                # Determine key type from verification method
+                key_type = ED25519  # Default fallback
+
+                vm_type = first_vm.get("type", "")
+                if "Ed25519" in vm_type:
+                    key_type = ED25519
+                elif "P256" in vm_type or "secp256r1" in vm_type:
+                    key_type = P256
+                elif "BLS" in vm_type:
+                    key_type = BLS12381G2
+                LOGGER.debug("Detected key type %s for DID %s", key_type.key_type, did)
+                # Determine and validate DID method
+                did_methods: DIDMethods = self.profile.inject(DIDMethods)
+                method = did_methods.from_did(did)
+                did_validation = DIDParametersValidation(did_methods)
+                did_validation.validate_key_type(method, key_type)
+
+                # Create DIDInfo object
+                did_info = DIDInfo(
+                    did=did,
+                    verkey=verkey,
+                    metadata=metadata,
+                    method=method,
+                    key_type=key_type,
+                )
+                stored_info = await wallet.store_did(did_info)
+
+                LOGGER.info("Successfully imported DID: %s", did)
+            except Exception as ex:
+                raise ex
+
+        return {"result": format_did_info(stored_info)}

cheqd/cheqd/routes.py

@@ -6,6 +6,7 @@
 from acapy_agent.admin.request_context import AdminRequestContext
 from acapy_agent.messaging.models.openapi import OpenAPISchema
 from acapy_agent.wallet.error import WalletError
+from acapy_agent.wallet.routes import DIDSchema
 from aiohttp import web
 from aiohttp_apispec import docs, request_schema, response_schema
 from marshmallow import Schema, fields
@@ -270,6 +271,41 @@ class UpdateCheqdDIDResponseSchema(OpenAPISchema):
     )
 
 
+class DIDImportSchema(OpenAPISchema):
+    """Request schema for importing a DID."""
+
+    did_document = fields.Raw(
+        required=True,
+        metadata={
+            "description": "The DID document to import",
+            "example": {
+                "id": "did:example:123456789",
+                "verificationMethod": [
+                    {
+                        "id": "did:example:123456789#key-1",
+                        "type": "Ed25519VerificationKey2018",
+                        "controller": "did:example:123456789",
+                        "publicKeyBase58": "H3C2AVvLMv6gmMNam3uVAjZpfkcJCwDwnZn6z3wXmqPV",
+                    }
+                ],
+            },
+        },
+    )
+
+    metadata = fields.Dict(
+        required=False,
+        metadata={
+            "description": "Additional metadata to associate with the imported DID"
+        },
+    )
+
+
+class DIDImportResponseSchema(OpenAPISchema):
+    """Response schema for DID import."""
+
+    result = fields.Nested(DIDSchema())
+
+
 @docs(tags=["did"], summary="Create a did:cheqd")
 @request_schema(CreateCheqdDIDRequestSchema())
 @response_schema(CreateCheqdDIDResponseSchema, HTTPStatus.OK)
@@ -363,13 +399,58 @@ async def deactivate_cheqd_did(request: web.BaseRequest):
         raise web.HTTPBadRequest(reason=err.roll_up)
 
 
+@docs(
+    tags=["did"],
+    summary="Import an existing DID into the wallet",
+)
+@request_schema(DIDImportSchema)
+@response_schema(DIDImportResponseSchema(), description="")
+@tenant_authentication
+async def import_did(request: web.BaseRequest):
+    """Request handler for importing a DID into the wallet.
+
+    Args:
+        request: aiohttp request object
+
+    Returns:
+        The imported DID information
+
+    """
+    context: AdminRequestContext = request["context"]
+    config = context.settings.get("plugin_config")
+    resolver_url = None
+    registrar_url = None
+    if config:
+        registrar_url = config.get("registrar_url")
+        resolver_url = config.get("resolver_url")
+    try:
+        body = await request.json()
+    except Exception:
+        body = {}
+
+    try:
+        result = await CheqdDIDManager(
+            context.profile, registrar_url, resolver_url
+        ).import_did(
+            body.get("did_document"),
+            body.get("metadata"),
+        )
+    except CheqdDIDManagerError as err:
+        raise web.HTTPInternalServerError(reason=err.roll_up)
+    except WalletError as err:
+        raise web.HTTPBadRequest(reason=err.roll_up)
+
+    return web.json_response(result)
+
+
 async def register(app: web.Application):
     """Register routes."""
     app.add_routes(
         [
             web.post("/did/cheqd/create", create_cheqd_did),
             web.post("/did/cheqd/update", update_cheqd_did),
             web.post("/did/cheqd/deactivate", deactivate_cheqd_did),
+            web.post("/did/import", import_did),
         ]
     )
 

cheqd/docker/default.yml

@@ -52,3 +52,4 @@ wallet-key: "cheq-1"
 wallet-storage-type: postgres_storage
 wallet-storage-creds: '{"account":"postgres","password":"postgres","admin_account":"postgres","admin_password":"postgres"}'
 wallet-storage-config: '{"url":"localhost:5432","max_connections":5}'
+wallet-allow-insecure-seed: true

cheqd/docker/integration.yml

@@ -50,3 +50,4 @@ wallet-key: "cheq-1"
 wallet-storage-type: postgres_storage
 wallet-storage-creds: '{"account":"postgres","password":"postgres","admin_account":"postgres","admin_password":"postgres"}'
 wallet-storage-config: '{"url":"host.docker.internal:5432","max_connections":5}'
+wallet-allow-insecure-seed: true

cheqd/integration/docker-compose.yml

@@ -32,6 +32,7 @@ services:
       --wallet-type askar-anoncreds
       --wallet-name agency
       --wallet-key insecure
+      --wallet-allow-insecure-seed
       --auto-provision
       --log-level info
       --debug-webhooks
@@ -96,6 +97,7 @@ services:
       - "9089:3000"
     restart: on-failure
     environment:
+      - NPM_CONFIG_LOGLEVEL=warn
       - FEE_PAYER_TESTNET_MNEMONIC=${FEE_PAYER_TESTNET_MNEMONIC}
       - FEE_PAYER_MAINNET_MNEMONIC=${FEE_PAYER_MAINNET_MNEMONIC}