Unable to verify Signed Badge for Issuer with multiple Public Keys

[chibiegg]

In cases where there are multiple publicKeys in the Issuer's JSON, an error occurs at the point of JSON format validation.

The actual verification logic in verify_key_ownership() does account for publicKey being an array.

openbadges-validator-core/openbadges/verifier/tasks/crypto.py

Lines 85 to 90 in 6fe7402

	issuer_keys = list_of(issuer_node.get('publicKey'))
	if key_id not in issuer_keys:
	return task_result(
	False,
	"Assertion signed by a key {} other than those authorized by issuer profile".format(key_id),
	actions)

However, in the schema validation, many=True is not specified. (OBClasses.Profile or OBClasses.Issuer)

openbadges-validator-core/openbadges/verifier/tasks/validation.py

Lines 484 to 485 in 6fe7402

	{'prop_name': 'publicKey', 'prop_type': ValueTypes.ID,
	'expected_class': OBClasses.CryptographicKey, 'fetch': True, 'required': False},

In the OBClasses.ExpectedRecipientProfile class, many=True is specified.

openbadges-validator-core/openbadges/verifier/tasks/validation.py

Lines 503 to 504 in 6fe7402

	{'prop_name': 'publicKey', 'prop_type': ValueTypes.ID, 'many': True,
	'expected_class': OBClasses.CryptographicKey, 'fetch': False, 'required': False},

Issuer

{
	"@context": "https://w3id.org/openbadges/v2",
	"type": "Issuer",
	"id": "https://badge-dev.elab.sakura.ad.jp/issuer/89528831-5717-4976-b930-dc6afc49f19e.json",
	"name": "Issuer Name",
	"url": "https://www.examle.com/",
	"email": "info@examle.com",
	"image": "https://badge-dev.elab.sakura.ad.jp/issuer/89528831-5717-4976-b930-dc6afc49f19e.png",
	"publicKey": [
		"https://badge-dev.elab.sakura.ad.jp/issuer/89528831-5717-4976-b930-dc6afc49f19e/public_keys/3403c48e-5c64-4a4f-bccd-936757e9a97b.json",
		"https://badge-dev.elab.sakura.ad.jp/issuer/89528831-5717-4976-b930-dc6afc49f19e/public_keys/f4996c92-cc37-479f-bdeb-ddda1859d7a0.json"
	],
	"description": "Description"
}

Paylaod in JWS

        {
            "badge": "https://badge-dev.elab.sakura.ad.jp/badge/9ac6cd86-5ab9-4132-8733-c8d23c7e4c7d/signed/badge_class.json",
            "id": "urn:uuid:23b053a6-5adc-46b4-a8a1-88f468184ced",
            "verification": {
                "type": "SignedBadge",
                "creator": "https://badge-dev.elab.sakura.ad.jp/issuer/89528831-5717-4976-b930-dc6afc49f19e/public_keys/3403c48e-5c64-4a4f-bccd-936757e9a97b.json"
            },
            "recipient": {
                "type": "email",
                "hashed": false,
                "identity": "user@example.com"
            },
            "@context": "https://w3id.org/openbadges/v2",
            "issuedOn": "2024-09-04T00:00:00+09:00",
            "type": "Assertion"
        }

Report

    "report": {
        "validationSubject": "urn:uuid:23b053a6-5adc-46b4-a8a1-88f468184ced",
        "valid": false,
        "messages": [
            {
                "result": "Property publicKey in unknown type node https://badge-dev.elab.sakura.ad.jp/issuer/89528831-5717-4976-b930-dc6afc49f19e.json has more than the single allowed value.",
                "success": false,
                "name": "VALIDATE_PROPERTY",
                "messageLevel": "ERROR",
                "node_id": "https://badge-dev.elab.sakura.ad.jp/issuer/89528831-5717-4976-b930-dc6afc49f19e.json",
                "prop_name": "publicKey"
            }
        ],
        "openBadgesVersion": "2.0",
        "errorCount": 1,
        "warningCount": 0
    }