feat: ensure that issuer and verification method match the did

In specific, make sure that the fragment is included in the verification method.

package.json

@@ -1,7 +1,7 @@
 {
   "name": "@fabianscheidt/did-document-solution",
   "description": "Signs DID documents, stores them and makes them available through did:web.",
-  "version": "1.2.0",
+  "version": "1.3.0",
   "main": "index.ts",
   "license": "MIT",
   "scripts": {
@@ -10,7 +10,7 @@
     "lint": "eslint ."
   },
   "dependencies": {
-    "@fabianscheidt/did-web-verification-method-server": "1.3.1",
+    "@fabianscheidt/did-web-verification-method-server": "1.4.0",
     "@fabianscheidt/verifiable-credential-signer": "1.3.1",
     "express": "^4.18.2",
     "ts-node": "^10.9.1",

src/did-storage.ts

@@ -8,11 +8,12 @@ export abstract class DidStorage {
     body: JsonLdObj,
     hostname: string,
     didPath: string,
+    issuer: string,
+    verificationMethod: string,
     options?: { flavour?: "Specification" | "Gaia-X"; created?: string },
   ) {
-    // Determine verification method and did subject
-    const verificationMethod = `did:web:${hostname}`;
-    const didSubject = `${verificationMethod}:${didPath}`;
+    // Determine DID subject
+    const didSubject = `did:web:${hostname}:${didPath}`;
 
     // Do not sign again, if signature is already present
     if ("issuer" in body && "issuanceDate" in body && "proof" in body) {
@@ -26,7 +27,7 @@ export abstract class DidStorage {
     }
 
     // Set issuer and issuance date
-    body["issuer"] = verificationMethod;
+    body["issuer"] = issuer;
     body["issuanceDate"] = new Date().toISOString();
 
     // Determine and set the did subject. Ensure that there is no conflicting @id.

src/main.ts

@@ -4,6 +4,7 @@ import * as express from "express";
 import {
   getDidDocumentHandler as verificationMethodDid,
   getCertificateChainHandler as verificationMethodChain,
+  getDidDocument,
 } from "@fabianscheidt/did-web-verification-method-server";
 import { FileBasedDidStorage } from "./file-based-did-storage";
 
@@ -31,7 +32,8 @@ app.set("trust proxy", true);
 app.use(express.json());
 
 // Serve verification Method
-app.get("/.well-known/did.json", verificationMethodDid(CERT));
+const verificationMethodPath = "/.well-known/did.json";
+app.get(verificationMethodPath, verificationMethodDid(CERT));
 app.get(
   "/.well-known/certificate-chain.pem",
   verificationMethodChain(CERT, ADD_ROOT_CERT),
@@ -60,10 +62,17 @@ app.post("/:didPath/did.json", async (req, res) => {
   }
 
   try {
+    const verificationMethodDid = await getDidDocument(CERT, {
+      protocol: req.protocol,
+      hostname: req.hostname,
+      path: verificationMethodPath,
+    });
     const doc = await didStorage.signAndStoreDidDocument(
       req.body,
       req.hostname,
       req.params["didPath"],
+      verificationMethodDid.id,
+      verificationMethodDid.verificationMethod[0].id,
       { flavour },
     );
     res.status(201).send(doc);

yarn.lock

@@ -55,10 +55,10 @@
   resolved "https://registry.yarnpkg.com/@eslint/js/-/js-8.57.0.tgz#a5417ae8427873f1dd08b70b3574b453e67b5f7f"
   integrity sha512-Ys+3g2TaW7gADOJzPt83SJtCDhMjndcDMFVQ/Tj9iA1BfJzFKD9mAUXT3OenpuPHbI6P/myECxRJrofUsDx/5g==
 
-"@fabianscheidt/did-web-verification-method-server@1.3.1":
-  version "1.3.1"
-  resolved "https://registry.yarnpkg.com/@fabianscheidt/did-web-verification-method-server/-/did-web-verification-method-server-1.3.1.tgz#fc6bcfa2e413ed78d1fcf1ba6e3d45626ad07008"
-  integrity sha512-IjYjrqJlPr3HfGCLoHSnblxuyIUfRjaPYkVoP3BPrdTkNU7HIRv1eq3b6o0GyDk7IkR7aeUGfLXqr5vEoLOAWQ==
+"@fabianscheidt/did-web-verification-method-server@1.4.0":
+  version "1.4.0"
+  resolved "https://registry.yarnpkg.com/@fabianscheidt/did-web-verification-method-server/-/did-web-verification-method-server-1.4.0.tgz#a763667bda68d75bac2accbb9908862b0f5d12d2"
+  integrity sha512-s49WExcsfrhM5Z4t48T2P9XIVXtBFy96eFjpoh0+WRRjqSHSJtCstvKIOaTznaUEY9R56kzQTdTbo5RLaI3w1A==
   dependencies:
     express "^4.18.2"
     node-forge "^1.3.1"