Add VerificationMethodException

filip26 · filip26 · commit a9d6a6dac395 · 2025-09-02T09:55:21.000+02:00
diff --git a/src/main/java/com/apicatalog/cid/IdentifierDocumentResolver.java b/src/main/java/com/apicatalog/cid/IdentifierDocumentResolver.java
@@ -4,10 +4,41 @@
 
 import com.apicatalog.cid.document.IdentifierDocument;
 
+/**
+ * Resolves {@link IdentifierDocument} instances for given identifiers.
+ *
+ * <p>
+ * An {@code IdentifierDocumentResolver} provides the mechanism to determine
+ * whether it can handle a specific identifier and, if so, resolve that
+ * identifier to its corresponding {@link IdentifierDocument}.
+ * </p>
+ *
+ * <p>
+ * This abstraction allows multiple resolver implementations to coexist, each
+ * supporting different identifier schemes, persistence layers, or resolution
+ * protocols.
+ * </p>
+ *
+ * @see <a href="https://www.w3.org/TR/cid-1.0/">W3C Controlled Identifiers
+ *      1.0</a>
+ */
 public interface IdentifierDocumentResolver {
 
+    /**
+     * Checks whether this resolver accepts the given identifier.
+     *
+     * @param id the identifier to test (must not be {@code null})
+     * @return {@code true} if this resolver can resolve the identifier,
+     *         {@code false} otherwise
+     */
     boolean isAccepted(URI id);
-    
+
+    /**
+     * Resolves the given identifier into a {@link IdentifierDocument}.
+     *
+     * @param id the identifier to resolve (must not be {@code null})
+     * @return the resolved {@link IdentifierDocument}
+     * @throws IllegalArgumentException if the identifier cannot be resolved
+     */
     IdentifierDocument resolve(URI id);
-    
 }
diff --git a/src/main/java/com/apicatalog/cid/VerificationMethodException.java b/src/main/java/com/apicatalog/cid/VerificationMethodException.java
@@ -0,0 +1,40 @@
+package com.apicatalog.cid;
+
+/**
+ * Thrown when resolution of a verification method fails.
+ *
+ * <p>
+ * The {@link Code} enum indicates the reason for failure, allowing callers to
+ * branch on error conditions.
+ * </p>
+ */
+public class VerificationMethodException extends Exception {
+
+    private static final long serialVersionUID = -9089776596803069731L;
+
+    /** Categorical error code for resolution failures. */
+    public enum Code {
+        INVALID_RELATIONSHIP_FOR_VERIFICATION_METHOD,
+        INVALID_VERIFICATION_METHOD,
+        INVALID_CONTROLLER_DOCUMENT,
+        INVALID_CONTROLLER_DOCUMENT_ID,
+        INVALID_METHOD_ID
+    }
+
+    private final Code code;
+
+    public VerificationMethodException(Code code, String message) {
+        super(message);
+        this.code = code;
+    }
+
+    public VerificationMethodException(Code code, String message, Throwable cause) {
+        super(message, cause);
+        this.code = code;
+    }
+
+    /** @return the error code indicating why resolution failed */
+    public Code getCode() {
+        return code;
+    }
+}
diff --git a/src/main/java/com/apicatalog/cid/VerificationMethodResolver.java b/src/main/java/com/apicatalog/cid/VerificationMethodResolver.java
@@ -5,17 +5,32 @@
 import java.util.Collection;
 import java.util.HashMap;
 import java.util.Map;
+import java.util.Objects;
 import java.util.Set;
 import java.util.function.Function;
 
 import com.apicatalog.cid.document.IdentifierDocument;
 import com.apicatalog.cid.document.VerificationMethod;
 
 /**
- * Retrieves a verification method from {@link IdentifierDocument}.
+ * Resolves a {@link VerificationMethod} referenced from an
+ * {@link IdentifierDocument}, optionally resolving the controller document from
+ * a {@link URI}.
+ *
+ * <p>
+ * Supported verification relationship IRIs:
+ * </p>
+ * <ul>
+ * <li><code>https://w3id.org/security#authentication</code></li>
+ * <li><code>https://w3id.org/security#assertionMethod</code></li>
+ * <li><code>https://w3id.org/security#keyAgreementMethod</code></li>
+ * <li><code>https://w3id.org/security#capabilityInvocationMethod</code></li>
+ * <li><code>https://w3id.org/security#capabilityDelegationMethod</code></li>
+ * </ul>
  */
 public class VerificationMethodResolver {
 
+    /** Supported verification relationships → document accessors. */
     protected final static Map<URI, Function<IdentifierDocument, Set<VerificationMethod>>> RELS;
 
     static {
@@ -34,52 +49,140 @@ public class VerificationMethodResolver {
 
     protected final Collection<IdentifierDocumentResolver> resolvers;
 
-    public VerificationMethodResolver(Collection<IdentifierDocumentResolver> resolvers) {
+    /**
+     * Creates a resolver that can delegate to the given
+     * {@link IdentifierDocumentResolver}s when a controller document must be
+     * fetched.
+     *
+     * @param resolvers non-empty collection of resolvers
+     * @throws NullPointerException     if {@code resolvers} is {@code null}
+     * @throws IllegalArgumentException if {@code resolvers} is empty
+     */
+    public VerificationMethodResolver(final Collection<IdentifierDocumentResolver> resolvers) {
+        Objects.requireNonNull(resolvers, "resolvers must not be null");
+        if (resolvers.isEmpty()) {
+            throw new IllegalArgumentException("resolvers must not be empty");
+        }
         this.resolvers = resolvers;
     }
 
-    public VerificationMethod retrieve(final URI methodId, final URI relation) {
-
-        try {
-            // remove fragment
-            final URI documentUri = new URI(methodId.getScheme(), methodId.getSchemeSpecificPart(), null);
-
-            // resolve controller document
-            final IdentifierDocument document = resolvers.stream()
-                    .filter(r -> r.isAccepted(documentUri))
-                    .findFirst()
-                    .map(r -> r.resolve(documentUri))
-                    .orElseThrow(() -> new IllegalArgumentException("INVALID_CONTROLLER_DOCUMENT"));
-
-            if (!document.id().equals(documentUri)) {
-                throw new IllegalArgumentException("INVALID_CONTROLLER_DOCUMENT_ID");
-            }
-
-            final Function<IdentifierDocument, Set<VerificationMethod>> methodProvider = RELS.get(relation);
-
-            if (methodProvider == null) {
-                throw new IllegalArgumentException("INVALID_RELATIONSHIP_FOR_VERIFICATION_METHOD");
-            }
+    public VerificationMethod resolve(final URI methodId, final Set<VerificationMethod> methods, final IdentifierDocument document) throws VerificationMethodException {
+        final VerificationMethod method = methods.stream()
+                .filter(m -> methodId.equals(m.id()))
+                .findFirst()
+                .orElseThrow(() -> new VerificationMethodException(
+                        VerificationMethodException.Code.INVALID_VERIFICATION_METHOD,
+                        "Verification method not found: " + methodId));
+
+        if (!document.id().equals(method.controller())) {
+            throw new VerificationMethodException(
+                    VerificationMethodException.Code.INVALID_VERIFICATION_METHOD,
+                    "Verification method controller mismatch, expected " + document.id() + " but got " + method.controller());
+        }
 
-            Set<VerificationMethod> methods = methodProvider.apply(document);
+        return method;
+    }
 
-            if (methods == null || methods.isEmpty()) {
-                throw new IllegalArgumentException("INVALID_VERIFICATION_METHOD");
-            }
+    /**
+     * Resolves a verification method by {@code methodId} within the supplied
+     * {@code document}, constrained by the verification {@code relation}.
+     *
+     * @param methodId the verification method identifier (must not be {@code null})
+     * @param relation the verification relationship IRI (must not be {@code null})
+     * @param document the controller document that lists the method (must not be
+     *                 {@code null})
+     * @return the matching {@link VerificationMethod}
+     *
+     * @throws VerificationMethodException with one of:
+     *                                     <ul>
+     *                                     <li>{@code INVALID_RELATIONSHIP_FOR_VERIFICATION_METHOD}</li>
+     *                                     <li>{@code INVALID_VERIFICATION_METHOD}</li>
+     *                                     </ul>
+     * @throws NullPointerException        if any argument is {@code null}
+     */
+    public VerificationMethod resolve(final URI methodId, final URI relation, final IdentifierDocument document) throws VerificationMethodException {
+
+        Objects.requireNonNull(methodId, "methodId must not be null");
+        Objects.requireNonNull(relation, "relation must not be null");
+        Objects.requireNonNull(document, "document must not be null");
+        Objects.requireNonNull(document.id(), "document.id() must not be null");
+
+        final Function<IdentifierDocument, Set<VerificationMethod>> methodProvider = RELS.get(relation);
+
+        if (methodProvider == null) {
+            throw new VerificationMethodException(
+                    VerificationMethodException.Code.INVALID_RELATIONSHIP_FOR_VERIFICATION_METHOD,
+                    "Unsupported verification relationship: " + relation);
+        }
 
-            final VerificationMethod method = methods.stream()
-                    .filter(m -> methodId.equals(m.id()))
-                    .findFirst()
-                    .orElseThrow(() -> new IllegalArgumentException("INVALID_VERIFICATION_METHOD"));
+        final Set<VerificationMethod> methods = methodProvider.apply(document);
+        if (methods == null || methods.isEmpty()) {
+            throw new VerificationMethodException(
+                    VerificationMethodException.Code.INVALID_VERIFICATION_METHOD,
+                    "No verification methods for relation: " + relation);
+        }
 
-            if (!documentUri.equals(method.controller())) {
-                throw new IllegalArgumentException("INVALID_VERIFICATION_METHOD");
-            }
+        return resolve(methodId, methods, document);
+    }
 
-            return method;
+    /**
+     * Resolves a verification method by {@code methodId} and {@code relation},
+     * fetching the controller document using the first
+     * {@link IdentifierDocumentResolver} that
+     * {@link IdentifierDocumentResolver#isAccepted(URI) accepts} the derived
+     * document URI.
+     *
+     * <p>
+     * The document URI is derived from {@code methodId} by removing its fragment.
+     * If no resolver accepts the URI, or the resolved document’s {@code id} does
+     * not equal the derived URI, resolution fails.
+     * </p>
+     *
+     * @param methodId the verification method identifier (must not be {@code null})
+     * @param relation the verification relationship IRI (must not be {@code null})
+     * @return the matching {@link VerificationMethod}
+     *
+     * @throws VerificationMethodException with one of:
+     *                                     <ul>
+     *                                     <li>{@code INVALID_METHOD_ID}</li>
+     *                                     <li>{@code INVALID_CONTROLLER_DOCUMENT}</li>
+     *                                     <li>{@code INVALID_CONTROLLER_DOCUMENT_ID}</li>
+     *                                     <li>{@code INVALID_RELATIONSHIP_FOR_VERIFICATION_METHOD}</li>
+     *                                     <li>{@code INVALID_VERIFICATION_METHOD}</li>
+     *                                     </ul>
+     * @throws NullPointerException        if any argument is {@code null}
+     */
+    public VerificationMethod resolve(final URI methodId, final URI relation) throws VerificationMethodException {
+
+        Objects.requireNonNull(methodId, "methodId must not be null");
+        Objects.requireNonNull(relation, "relation must not be null");
+
+        final URI documentUri;
+        try {
+            // Strip fragment to obtain the controller document identifier
+            documentUri = new URI(methodId.getScheme(), methodId.getSchemeSpecificPart(), null);
 
         } catch (URISyntaxException e) {
-            throw new IllegalArgumentException(e);
+            throw new VerificationMethodException(
+                    VerificationMethodException.Code.INVALID_METHOD_ID,
+                    "Invalid methodId, failed to derive controller document URI",
+                    e);
+        }
+
+        final IdentifierDocument document = resolvers.stream()
+                .filter(r -> r.isAccepted(documentUri))
+                .findFirst()
+                .map(r -> r.resolve(documentUri))
+                .orElseThrow(() -> new VerificationMethodException(
+                        VerificationMethodException.Code.INVALID_CONTROLLER_DOCUMENT,
+                        "No resolver accepted controller document: " + documentUri));
+
+        if (!documentUri.equals(document.id())) {
+            throw new VerificationMethodException(
+                    VerificationMethodException.Code.INVALID_CONTROLLER_DOCUMENT_ID,
+                    "Controller document id mismatch, expected " + documentUri + " but got " + document.id());
         }
+
+        return resolve(methodId, relation, document);
     }
 }
