From eff18638b81610f26dcc0df88c3708dc77ac0ade Mon Sep 17 00:00:00 2001
From: arnold <arnold@jasny.net>
Date: Thu, 20 Jul 2023 14:15:04 -0400
Subject: [PATCH] Use `keyRef` if supplied to pick signing key in
 `createVerifiablePresentation` and `createVerifiableCredential`

---
 packages/credential-w3c/src/action-handler.ts | 22 ++++++++++++++-----
 1 file changed, 16 insertions(+), 6 deletions(-)

diff --git a/packages/credential-w3c/src/action-handler.ts b/packages/credential-w3c/src/action-handler.ts
index 80c0e85421..40769ffedd 100644
--- a/packages/credential-w3c/src/action-handler.ts
+++ b/packages/credential-w3c/src/action-handler.ts
@@ -129,9 +129,7 @@ export class CredentialPlugin implements IAgentPlugin {
     } catch (e) {
       throw new Error('invalid_argument: presentation.holder must be a DID managed by this agent')
     }
-    //FIXME: `args` should allow picking a key or key type
-    const key = identifier.keys.find((k) => k.type === 'Secp256k1' || k.type === 'Ed25519' || k.type === 'Secp256r1')
-    if (!key) throw Error('key_not_found: No signing key for ' + identifier.did)
+    const key = pickSigningKey(identifier, keyRef)
 
     let verifiablePresentation: VerifiablePresentation
 
@@ -237,9 +235,7 @@ export class CredentialPlugin implements IAgentPlugin {
           )
         }
       } else {
-        //FIXME: `args` should allow picking a key or key type
-        const key = identifier.keys.find((k) => k.type === 'Secp256k1' || k.type === 'Ed25519' || k.type === 'Secp256r1')
-        if (!key) throw Error('No signing key for ' + identifier.did)
+        const key = pickSigningKey(identifier, keyRef)
 
         debug('Signing VC with', identifier.did)
         let alg = 'ES256K'
@@ -480,6 +476,20 @@ export class CredentialPlugin implements IAgentPlugin {
   }
 }
 
+function pickSigningKey(identifier: IIdentifier, keyRef?: string): IKey {
+  let key: IKey
+
+  if (!keyRef) {
+    key = identifier.keys.find((k) => k.type === 'Secp256k1' || k.type === 'Ed25519' || k.type === 'Secp256r1')
+    if (!key) throw Error('key_not_found: No signing key for ' + identifier.did)
+  } else {
+    key = identifier.keys.find((k) => k.kid === keyRef)
+    if (!key) throw Error('key_not_found: No signing key for ' + identifier.did + ' with kid ' + keyRef)
+  }
+
+  return key
+}
+
 function wrapSigner(
   context: IAgentContext<Pick<IKeyManager, 'keyManagerSign'>>,
   key: IKey,