fix: Coordinated #put to signature match in case of external controllers present

Author: Eengineer1

cjs/src/modules/did.ts

@@ -257,6 +257,13 @@ export class DIDModule extends AbstractCheqdSDKModule {
 			throw new Error(`DID payload is not spec compliant: ${error}`);
 		}
 
+		const { valid: authenticationValid, error: authenticationError } =
+			await DIDModule.validateAuthenticationAgainstSignatures(didPayload, signInputs as SignInfo[], this.querier);
+
+		if (!authenticationValid) {
+			throw new Error(`DID authentication is not valid: ${authenticationError}`);
+		}
+
 		const payload = MsgCreateDidDocPayload.fromPartial({
 			context: <string[]>didPayload?.['@context'],
 			id: didPayload.id,
@@ -328,6 +335,17 @@ export class DIDModule extends AbstractCheqdSDKModule {
 			throw new Error(`DID payload is not spec compliant: ${error}`);
 		}
 
+		const { valid: authenticationValid, error: authenticationError } =
+			await DIDModule.validateAuthenticationAgainstSignaturesKeyRotation(
+				didPayload,
+				signInputs as SignInfo[],
+				this.querier
+			);
+
+		if (!authenticationValid) {
+			throw new Error(`DID authentication is not valid: ${authenticationError}`);
+		}
+
 		const payload = MsgUpdateDidDocPayload.fromPartial({
 			context: <string[]>didPayload?.['@context'],
 			id: didPayload.id,
@@ -342,9 +360,27 @@ export class DIDModule extends AbstractCheqdSDKModule {
 			alsoKnownAs: <string[]>didPayload.alsoKnownAs,
 			versionId: versionId,
 		});
+
+		// check whether external controller or not
+		const externalController = (didPayload.controller as string[]).some((c) => c !== didPayload.id);
+
+		// get external controllers' documents, if any
+		const externalControllersDocuments = externalController
+			? (
+					await Promise.all(
+						(didPayload.controller as string[])
+							.filter((c) => c !== didPayload.id)
+							.map(async (c) => {
+								const { didDoc } = await this.querier[defaultDidExtensionKey].didDoc(c);
+								return didDoc;
+							})
+					)
+				).filter((d) => d !== undefined) || []
+			: [];
+
 		let signatures: SignInfo[];
 		if (ISignInputs.isSignInput(signInputs)) {
-			signatures = await this._signer.#dateDidDocTx(signInputs, payload);
+			signatures = await this._signer.#dateDidDocTx(signInputs, payload, externalControllersDocuments);
 		} else {
 			signatures = signInputs;
 		}
@@ -393,14 +429,21 @@ export class DIDModule extends AbstractCheqdSDKModule {
 			throw new Error(`DID payload is not spec compliant: ${error}`);
 		}
 
+		const { valid: authenticationValid, error: authenticationError } =
+			await DIDModule.validateAuthenticationAgainstSignatures(didPayload, signInputs as SignInfo[], this.querier);
+
+		if (!authenticationValid) {
+			throw new Error(`DID authentication is not valid: ${authenticationError}`);
+		}
+
 		const payload = MsgDeactivateDidDocPayload.fromPartial({
 			id: didPayload.id,
 			versionId: versionId,
 		});
 
 		let signatures: SignInfo[];
 		if (ISignInputs.isSignInput(signInputs)) {
-			signatures = await this._signer.signdeactivateDidDocTx(signInputs, payload, protobufVerificationMethod!);
+			signatures = await this._signer.signDeactivateDidDocTx(signInputs, payload, protobufVerificationMethod!);
 		} else {
 			signatures = signInputs;
 		}

cjs/src/signer.ts

@@ -23,6 +23,7 @@ import {
 	MsgUpdateDidDocPayload,
 	MsgDeactivateDidDocPayload,
 	VerificationMethod,
+	DidDoc,
 } from '@cheqd/ts-proto-cjs/cheqd/did/v2';
 import { DidStdFee, ISignInputs, TSignerAlgo, VerificationMethods } from './types';
 import { base64ToBytes, EdDSASigner, hexToBytes, Signer, ES256Signer, ES256KSigner } from 'did-jwt-cjs';
@@ -235,7 +236,11 @@ export class CheqdSigningStargateClient extends SigningStargateClient {
 		return signInfos;
 	}
 
-	async #dateDidDocTx(signInputs: ISignInputs[], payload: MsgUpdateDidDocPayload): Promise<SignInfo[]> {
+	async #dateDidDocTx(
+		signInputs: ISignInputs[],
+		payload: MsgUpdateDidDocPayload,
+		externalControllers?: DidDoc[]
+	): Promise<SignInfo[]> {
 		await this.checkDidSigners(payload?.verificationMethod);
 
 		const signBytes = MsgUpdateDidDocPayload.encode(payload).finish();
@@ -245,7 +250,12 @@ export class CheqdSigningStargateClient extends SigningStargateClient {
 					verificationMethodId: signInput.verificationMethodId,
 					signature: base64ToBytes(
 						(await (
-							await this.getDidSigner(signInput.verificationMethodId, payload.verificationMethod)
+							await this.getDidSigner(
+								signInput.verificationMethodId,
+								payload.verificationMethod.concat(
+									externalControllers?.flatMap((controller) => controller.verificationMethod) ?? []
+								)
+							)
 						)(hexToBytes(signInput.privateKeyHex))(signBytes)) as string
 					),
 				};
@@ -255,7 +265,7 @@ export class CheqdSigningStargateClient extends SigningStargateClient {
 		return signInfos;
 	}
 
-	async signdeactivateDidDocTx(
+	async signDeactivateDidDocTx(
 		signInputs: ISignInputs[],
 		payload: MsgDeactivateDidDocPayload,
 		verificationMethod: VerificationMethod[]

esm/src/modules/did.ts

@@ -348,9 +348,27 @@ export class DIDModule extends AbstractCheqdSDKModule {
 			alsoKnownAs: <string[]>didPayload.alsoKnownAs,
 			versionId: versionId,
 		});
+
+		// check whether external controller or not
+		const externalController = (didPayload.controller as string[]).some((c) => c !== didPayload.id);
+
+		// get external controllers' documents, if any
+		const externalControllersDocuments = externalController
+			? (
+					await Promise.all(
+						(didPayload.controller as string[])
+							.filter((c) => c !== didPayload.id)
+							.map(async (c) => {
+								const { didDoc } = await this.querier[defaultDidExtensionKey].didDoc(c);
+								return didDoc;
+							})
+					)
+				).filter((d) => d !== undefined) || []
+			: [];
+
 		let signatures: SignInfo[];
 		if (ISignInputs.isSignInput(signInputs)) {
-			signatures = await this._signer.#dateDidDocTx(signInputs, payload);
+			signatures = await this._signer.#dateDidDocTx(signInputs, payload, externalControllersDocuments);
 		} else {
 			signatures = signInputs;
 		}
@@ -413,7 +431,7 @@ export class DIDModule extends AbstractCheqdSDKModule {
 
 		let signatures: SignInfo[];
 		if (ISignInputs.isSignInput(signInputs)) {
-			signatures = await this._signer.signdeactivateDidDocTx(signInputs, payload, protobufVerificationMethod!);
+			signatures = await this._signer.signDeactivateDidDocTx(signInputs, payload, protobufVerificationMethod!);
 		} else {
 			signatures = signInputs;
 		}

esm/src/signer.ts

@@ -23,6 +23,7 @@ import {
 	MsgUpdateDidDocPayload,
 	MsgDeactivateDidDocPayload,
 	VerificationMethod,
+	DidDoc,
 } from '@cheqd/ts-proto/cheqd/did/v2/index.js';
 import { DidStdFee, ISignInputs, TSignerAlgo, VerificationMethods } from './types.js';
 import { base64ToBytes, EdDSASigner, hexToBytes, Signer, ES256Signer, ES256KSigner } from 'did-jwt';
@@ -230,7 +231,11 @@ export class CheqdSigningStargateClient extends SigningStargateClient {
 		return signInfos;
 	}
 
-	async #dateDidDocTx(signInputs: ISignInputs[], payload: MsgUpdateDidDocPayload): Promise<SignInfo[]> {
+	async #dateDidDocTx(
+		signInputs: ISignInputs[],
+		payload: MsgUpdateDidDocPayload,
+		externalControllers?: DidDoc[]
+	): Promise<SignInfo[]> {
 		await this.checkDidSigners(payload?.verificationMethod);
 
 		const signBytes = MsgUpdateDidDocPayload.encode(payload).finish();
@@ -240,7 +245,12 @@ export class CheqdSigningStargateClient extends SigningStargateClient {
 					verificationMethodId: signInput.verificationMethodId,
 					signature: base64ToBytes(
 						(await (
-							await this.getDidSigner(signInput.verificationMethodId, payload.verificationMethod)
+							await this.getDidSigner(
+								signInput.verificationMethodId,
+								payload.verificationMethod.concat(
+									externalControllers?.flatMap((controller) => controller.verificationMethod) ?? []
+								)
+							)
 						)(hexToBytes(signInput.privateKeyHex))(signBytes)) as string
 					),
 				};
@@ -250,7 +260,7 @@ export class CheqdSigningStargateClient extends SigningStargateClient {
 		return signInfos;
 	}
 
-	async signdeactivateDidDocTx(
+	async signDeactivateDidDocTx(
 		signInputs: ISignInputs[],
 		payload: MsgDeactivateDidDocPayload,
 		verificationMethod: VerificationMethod[]