DCKA-5494 normalize cheqd DID documents from universal resolver so BBS+ keys are verifiable (#538)

The universal resolver fallback returns cheqd offchain (BBS+) keys as
JSON-stringified blobs in assertionMethod instead of proper objects in
verificationMethod, leaving publicKeyBase58 unreachable for BBS+ verification.
Normalize resolved documents before caching to lift these inline keys into
verificationMethod, matching the on-chain resolver behaviour.

Author: maycon-mello

integration-tests/did-resolution.test.ts

@@ -1,4 +1,5 @@
 import {blockchainService} from '@docknetwork/wallet-sdk-wasm/src/services/blockchain';
+import {BLOCKCHAIN_NETWORKS} from '@docknetwork/wallet-sdk-wasm/src/modules/network-manager';
 import {
   getWallet,
   getDIDProvider,
@@ -47,3 +48,57 @@ describe('DID resolution', () => {
     expect(cachedEntry.id).toEqual('did:cheqd:testnet:c0890f1c-c7bb-4ea6-be7a-8c31404743b7');
   });
 });
+
+describe('BBS+ assertion keys in resolved DID document', () => {
+  const did = 'did:cheqd:testnet:c0890f1c-c7bb-4ea6-be7a-8c31404743b7';
+  const bbsKeyId = `${did}#keys-2`;
+
+  afterAll(async () => {
+    await blockchainService.disconnect();
+  });
+
+  // BBS+ key must be a proper verificationMethod object (so jsonld.frame can
+  // read publicKeyBase58), and assertionMethod must hold only string refs.
+  function expectBBSKeyReachable(doc) {
+    const bbsMethod = (doc.verificationMethod ?? []).find(
+      method => method?.id === bbsKeyId,
+    );
+
+    expect(bbsMethod).toBeDefined();
+    expect(bbsMethod.type).toEqual('Bls12381BBSVerificationKeyDock2023');
+    expect(typeof bbsMethod.publicKeyBase58).toEqual('string');
+
+    for (const entry of doc.assertionMethod ?? []) {
+      expect(typeof entry).toEqual('string');
+      expect(() => JSON.parse(entry)).toThrow();
+    }
+  }
+
+  it('should expose BBS+ assertion keys via the fallback (universal) resolver', async () => {
+    // No blockchain: the router falls back to the universal resolver.
+    const fallbackResolver = blockchainService.createDIDResolver(false);
+
+    await fallbackResolver.clearCache(did);
+
+    const doc = await fallbackResolver.resolve(did);
+
+    expectBBSKeyReachable(doc);
+  });
+
+  it('should expose BBS+ assertion keys via the on-chain (blockchain) resolver', async () => {
+    // Control: the on-chain path normalises BBS+ keys, so it should pass for
+    // the same DID. Connect inline (not beforeAll) to avoid a stray teardown
+    // from another describe block disconnecting between setup and resolve.
+    await blockchainService.init({
+      cheqdApiUrl: BLOCKCHAIN_NETWORKS.testnet.cheqdApiUrl,
+      networkId: 'testnet',
+    });
+
+    const onChainResolver = blockchainService.createDIDResolver(true);
+    await onChainResolver.clearCache(did);
+
+    const doc = await onChainResolver.resolve(did);
+
+    expectBBSKeyReachable(doc);
+  }, 30000);
+});

packages/wasm/src/services/blockchain/cached-did-resolver.ts

@@ -1,4 +1,5 @@
 import { storageService } from '../storage';
+import { normalizeDIDDocument } from './normalize-did-document';
 
 interface CacheEntry {
   value: any;
@@ -76,7 +77,7 @@ export class CachedDIDResolver {
     }
 
     console.log('Cache miss, resolving:', did);
-    const result = await this.router.resolve(did);
+    const result = normalizeDIDDocument(await this.router.resolve(did));
 
     await this.setCacheEntry(result.id, {
       value: result,
@@ -90,8 +91,8 @@ export class CachedDIDResolver {
   private async refreshInBackground(did: string): Promise<void> {
     try {
       console.log('Refreshing cache in background for:', did);
-      const result = await this.router.resolve(did);
-      
+      const result = normalizeDIDDocument(await this.router.resolve(did));
+
       await this.setCacheEntry(did, {
         value: result,
         id: did,

packages/wasm/src/services/blockchain/normalize-did-document.ts

@@ -0,0 +1,73 @@
+// The universal resolver returns cheqd offchain (BBS+) keys as stringified
+// blobs in the relationship arrays instead of objects in verificationMethod,
+// leaving publicKeyBase58 unreachable. Lift them out, matching the on-chain
+// resolver's CheqdDIDDocument.toDIDDocument behaviour.
+
+const RELATIONSHIP_PROPS = [
+  'assertionMethod',
+  'authentication',
+  'capabilityInvocation',
+  'capabilityDelegation',
+  'keyAgreement',
+] as const;
+
+function parseInlineVerificationMethod(entry: string): any | null {
+  let parsed: unknown = entry;
+
+  // cheqd offchain keys are double-JSON-stringified, so unwrap up to twice.
+  for (let i = 0; i < 2 && typeof parsed === 'string'; i++) {
+    try {
+      parsed = JSON.parse(parsed);
+    } catch {
+      return null;
+    }
+  }
+
+  if (parsed && typeof parsed === 'object' && typeof (parsed as any).id === 'string') {
+    return parsed;
+  }
+
+  return null;
+}
+
+export function normalizeDIDDocument(doc: any): any {
+  if (!doc || typeof doc !== 'object') {
+    return doc;
+  }
+
+  const liftedMethods: any[] = [];
+
+  for (const prop of RELATIONSHIP_PROPS) {
+    if (!Array.isArray(doc[prop])) {
+      continue;
+    }
+
+    doc[prop] = doc[prop].map((entry: any) => {
+      if (typeof entry !== 'string') {
+        return entry;
+      }
+
+      const method = parseInlineVerificationMethod(entry);
+      if (!method) {
+        return entry;
+      }
+
+      liftedMethods.push(method);
+      return method.id;
+    });
+  }
+
+  if (liftedMethods.length) {
+    const existing = Array.isArray(doc.verificationMethod)
+      ? doc.verificationMethod
+      : [];
+    const existingIds = new Set(existing.map((method: any) => method?.id));
+    const newMethods = liftedMethods.filter(
+      method => !existingIds.has(method.id),
+    );
+
+    doc.verificationMethod = [...existing, ...newMethods];
+  }
+
+  return doc;
+}