diff --git a/packages/dids/src/bearer-did.ts b/packages/dids/src/bearer-did.ts index 9c3023c12..58a66f0d6 100644 --- a/packages/dids/src/bearer-did.ts +++ b/packages/dids/src/bearer-did.ts @@ -1,42 +1,307 @@ -import type { CryptoApi, Signer } from '@web5/crypto'; +import { LocalKeyManager, type CryptoApi, type EnclosedSignParams, type EnclosedVerifyParams, type Jwk, type KeyIdentifier, type KeyImporterExporter, type KmsExportKeyParams, type KmsImportKeyParams, type Signer } from '@web5/crypto'; -import type { DidMetadata } from './portable-did.js'; import type { DidDocument } from './types/did-core.js'; +import type { DidMetadata, PortableDid } from './types/portable-did.js'; + +import { DidError, DidErrorCode } from './did-error.js'; +import { extractDidFragment, getVerificationMethods } from './utils.js'; + +/** + * A `BearerDidSigner` extends the {@link Signer} interface to include specific properties for + * signing with a Decentralized Identifier (DID). It encapsulates the algorithm and key identifier, + * which are often needed when signing JWTs, JWSs, JWEs, and other data structures. + * + * Typically, the algorithm and key identifier are used to populate the `alg` and `kid` fields of a + * JWT or JWS header. + */ +export interface BearerDidSigner extends Signer { + /** + * The cryptographic algorithm identifier used for signing operations. + * + * Typically, this value is used to populate the `alg` field of a JWT or JWS header. The + * registered algorithm names are defined in the + * {@link https://www.iana.org/assignments/jose/jose.xhtml#web-signature-encryption-algorithms | IANA JSON Web Signature and Encryption Algorithms registry}. + * + * @example + * "ES256" // ECDSA using P-256 and SHA-256 + */ + algorithm: string; + + /** + * The unique identifier of the key within the DID document that is used for signing and + * verification operations. + * + * This identifier must be a DID URI with a fragment (e.g., did:method:123#key-0) that references + * a specific verification method in the DID document. It allows users of a `BearerDidSigner` to + * determine the DID and key that will be used for signing and verification operations. + * + * @example + * "did:dht:123#key-1" // A fragment identifier referring to a key in the DID document + */ + keyId: string; +} /** * Represents a Decentralized Identifier (DID) along with its DID document, key manager, metadata, * and convenience functions. */ -export interface BearerDid { +export class BearerDid { + /** {@inheritDoc Did#uri} */ + uri: string; + /** * The DID document associated with this DID. + * + * @see {@link https://www.w3.org/TR/did-core/#dfn-diddocument | DID Core Specification, ยง DID Document} */ - didDocument: DidDocument; + document: DidDocument; + + /** {@inheritDoc DidMetadata} */ + metadata: DidMetadata; + + /** + * Key Management System (KMS) used to manage the DIDs keys and sign data. + * + * Each DID method requires at least one key be present in the provided `keyManager`. + */ + keyManager: CryptoApi; + + constructor({ uri, document, metadata, keyManager }: { + uri: string, + document: DidDocument, + metadata: DidMetadata, + keyManager: CryptoApi + }) { + this.uri = uri; + this.document = document; + this.metadata = metadata; + this.keyManager = keyManager; + } + + /** + * Converts a `BearerDid` object to a portable format containing the URI and verification methods + * associated with the DID. + * + * This method is useful when you need to represent the key material and metadata associated with + * a DID in format that can be used independently of the specific DID method implementation. It + * extracts both public and private keys from the DID's key manager and organizes them into a + * `PortableDid` structure. + * + * @remarks + * This method requires that the DID's key manager supports the `exportKey` operation. If the DID + * document does not contain any verification methods, or if the key manager does not support key + * export, an error is thrown. + * + * The resulting `PortableDid` will contain the same number of verification methods as the DID + * document, each with its associated public and private keys and the purposes for which the key + * can be used. + * + * @example + * ```ts + * // Assuming `did` is an instance of BearerDid + * const portableDid = await did.export(); + * // portableDid now contains the DID URI, document, metadata, and optionally, private keys. + * ``` + * + * @returns A `PortableDid` containing the URI, DID document, metadata, and optionally private + * keys associated with the `BearerDid`. + * @throws An error if the DID document does not contain any verification methods or the keys for + * any verification method are missing in the key manager. + */ + public async export(): Promise { + // Verify the DID document contains at least one verification method. + if (!(Array.isArray(this.document.verificationMethod) && this.document.verificationMethod.length > 0)) { + throw new Error(`DID document for '${this.uri}' is missing verification methods`); + } + + // Create a new `PortableDid` object to store the exported data. + let portableDid: PortableDid = { + uri : this.uri, + document : this.document, + metadata : this.metadata + }; + + // If the BearerDid's key manager supports exporting private keys, add them to the portable DID. + if ('exportKey' in this.keyManager && typeof this.keyManager.exportKey === 'function') { + const privateKeys: Jwk[] = []; + for (let vm of this.document.verificationMethod) { + if (!vm.publicKeyJwk) { + throw new Error(`Verification method '${vm.id}' does not contain a public key in JWK format`); + } + + // Compute the key URI of the verification method's public key. + const keyUri = await this.keyManager.getKeyUri({ key: vm.publicKeyJwk }); + + // Retrieve the private key from the key manager. + const privateKey = await this.keyManager.exportKey({ keyUri }) as Jwk; + + // Add the verification method to the key set. + privateKeys.push({ ...privateKey }); + } + portableDid.privateKeys = privateKeys; + } + + return portableDid; + } /** - * Returns a {@link @web5/crypto#Signer} that can be used to sign messages, credentials, or - * arbitrary data. + * Return a {@link Signer} that can be used to sign messages, credentials, or arbitrary data. + * + * If given, the `methodId` parameter is used to select a key from the verification methods + * present in the DID Document. * - * If given, the `keyUri` parameter is used to select a key from the verification methods present - * in the DID Document. If `keyUri` is not given, each DID method implementation will select a - * default verification method key from the DID Document. + * If `methodID` is not given, the first verification method intended for signing claims is used. * * @param params - The parameters for the `getSigner` operation. - * @param params.keyUri - Key URI of the key that will be used for sign and verify operations. Optional. + * @param params.methodId - ID of the verification method key that will be used for sign and + * verify operations. Optional. * @returns An instantiated {@link Signer} that can be used to sign and verify data. */ - getSigner: (params?: { keyUri?: string }) => Promise; + public async getSigner(params?: { methodId: string }): Promise { + // Attempt to find a verification method that matches the given method ID, or if not given, + // find the first verification method intended for signing claims. + const verificationMethod = this.document.verificationMethod?.find( + vm => extractDidFragment(vm.id) === (extractDidFragment(params?.methodId) ?? extractDidFragment(this.document.assertionMethod?.[0])) + ); + + if (!(verificationMethod && verificationMethod.publicKeyJwk)) { + throw new DidError(DidErrorCode.InternalError, 'A verification method intended for signing could not be determined from the DID Document'); + } + + // Compute the expected key URI of the signing key. + const keyUri = await this.keyManager.getKeyUri({ key: verificationMethod.publicKeyJwk }); + + // Get the public key to be used for verify operations, which also verifies that the key is + // present in the key manager's store. + const publicKey = await this.keyManager.getPublicKey({ keyUri }); + + // Bind the DID's key manager to the signer. + const keyManager = this.keyManager; + + // Determine the signing algorithm. + const algorithm = BearerDid.getAlgorithmFromPublicKey(publicKey); + + return { + algorithm : algorithm, + keyId : verificationMethod.id, + + async sign({ data }: EnclosedSignParams): Promise { + const signature = await keyManager.sign({ data, keyUri: keyUri! }); // `keyUri` is guaranteed to be defined at this point. + return signature; + }, + + async verify({ data, signature }: EnclosedVerifyParams): Promise { + const isValid = await keyManager.verify({ data, key: publicKey!, signature }); // `publicKey` is guaranteed to be defined at this point. + return isValid; + } + }; + } /** - * Key Management System (KMS) used to manage a DIDs keys and sign data. + * Instantiates a {@link BearerDid} object for the DID DHT method from a given {@link PortableDid}. * - * Each DID method requires at least one key be present in the provided `keyManager`. + * This method allows for the creation of a `BearerDid` object using a previously created DID's + * key material, DID document, and metadata. + * + * @example + * ```ts + * // Export an existing BearerDid to PortableDid format. + * const portableDid = await did.export(); + * // Reconstruct a BearerDid object from the PortableDid. + * const did = await DidDht.import({ portableDid }); + * ``` + * + * @param params - The parameters for the import operation. + * @param params.portableDid - The PortableDid object to import. + * @param params.keyManager - Optionally specify an external Key Management System (KMS) used to + * generate keys and sign data. If not given, a new + * {@link @web5/crypto#LocalKeyManager} instance will be created and + * used. + * @returns A Promise resolving to a `BearerDid` object representing the DID formed from the + * provided PortableDid. + * @throws An error if the PortableDid document does not contain any verification methods or the + * keys for any verification method are missing in the key manager. */ - keyManager: CryptoApi; + public static async import({ portableDid, keyManager = new LocalKeyManager() }: { + keyManager?: CryptoApi & KeyImporterExporter; + portableDid: PortableDid; + }): Promise { + // Get all verification methods from the given DID document, including embedded methods. + const verificationMethods = getVerificationMethods({ didDocument: portableDid.document }); - /** {@inheritDoc DidMetadata} */ - metadata: DidMetadata; + // Validate that the DID document contains at least one verification method. + if (verificationMethods.length === 0) { + throw new DidError(DidErrorCode.InvalidDidDocument, `At least one verification method is required but 0 were given`); + } - /** {@inheritDoc Did#uri} */ - uri: string; + // If given, import the private key material into the key manager. + for (let key of portableDid.privateKeys ?? []) { + await keyManager.importKey({ key }); + } + + // Validate that the key material for every verification method in the DID document is present + // in the key manager. + for (let vm of verificationMethods) { + if (!vm.publicKeyJwk) { + throw new Error(`Verification method '${vm.id}' does not contain a public key in JWK format`); + } + + // Compute the key URI of the verification method's public key. + const keyUri = await keyManager.getKeyUri({ key: vm.publicKeyJwk }); + + // Verify that the key is present in the key manager. If not, an error is thrown. + await keyManager.getPublicKey({ keyUri }); + } + + // Use the given PortableDid to construct the BearerDid object. + const did = new BearerDid({ + uri : portableDid.uri, + document : portableDid.document, + metadata : portableDid.metadata, + keyManager + }); + + return did; + } + + /** + * Determines the name of the algorithm based on the key's curve property. + * + * @remarks + * This method facilitates the identification of the correct algorithm for cryptographic + * operations based on the `alg` or `crv` properties of a {@link Jwk | JWK}. + * + * @example + * ```ts + * const publicKey = { ... }; // Public key in JWK format + * const algorithm = BearerDid.getAlgorithmFromPublicKey({ key: publicKey }); + * ``` + * + * @param publicKey - A JWK containing the `alg` and/or `crv` properties. + * + * @returns The name of the algorithm associated with the key. + * + * @throws Error if the algorithm cannot be determined from the provided input. + */ + private static getAlgorithmFromPublicKey(publicKey: Jwk): string { + const registeredSigningAlgorithms: Record = { + 'Ed25519' : 'EdDSA', + 'P-256' : 'ES256', + 'P-384' : 'ES384', + 'P-521' : 'ES512', + 'secp256k1' : 'ES256K', + }; + + // If the key contains an `alg` property, return its value. + if (publicKey.alg) { + return publicKey.alg; + } + + // If the key contains a `crv` property, return the corresponding algorithm. + if (publicKey.crv && Object.keys(registeredSigningAlgorithms).includes(publicKey.crv)) { + return registeredSigningAlgorithms[publicKey.crv]; + } + + throw new Error(`Unable to determine algorithm based on provided input: alg=${publicKey.alg}, crv=${publicKey.crv}`); + } } \ No newline at end of file diff --git a/packages/dids/src/index.ts b/packages/dids/src/index.ts index 02f63d3fb..f4dc3af74 100644 --- a/packages/dids/src/index.ts +++ b/packages/dids/src/index.ts @@ -1,7 +1,10 @@ +export * from './types/did-core.js'; +export type * from './types/multibase.js'; +export type * from './types/portable-did.js'; + export * from './did.js'; export * from './did-error.js'; export * from './bearer-did.js'; -export * from './portable-did.js'; export * from './methods/did-dht.js'; export * from './methods/did-ion.js'; @@ -14,6 +17,4 @@ export * from './resolver/did-resolver.js'; export * from './resolver/resolver-cache-level.js'; export * from './resolver/resolver-cache-noop.js'; -export * as utils from './utils.js'; - -export * from './types/did-core.js'; \ No newline at end of file +export * as utils from './utils.js'; \ No newline at end of file diff --git a/packages/dids/src/methods/did-dht.ts b/packages/dids/src/methods/did-dht.ts index f377a5ae2..fd4875d31 100644 --- a/packages/dids/src/methods/did-dht.ts +++ b/packages/dids/src/methods/did-dht.ts @@ -15,8 +15,7 @@ import { Convert } from '@web5/common'; import { computeJwkThumbprint, Ed25519, LocalKeyManager, Secp256k1, Secp256r1 } from '@web5/crypto'; import { AUTHORITATIVE_ANSWER, decode as dnsPacketDecode, encode as dnsPacketEncode } from '@dnsquery/dns-packet'; -import type { BearerDid } from '../bearer-did.js'; -import type { DidMetadata, PortableDid } from '../portable-did.js'; +import type { DidMetadata, PortableDid } from '../types/portable-did.js'; import type { DidCreateOptions, DidCreateVerificationMethod, DidRegistrationResult } from './did-method.js'; import type { DidService, @@ -28,6 +27,8 @@ import type { import { Did } from '../did.js'; import { DidMethod } from './did-method.js'; +import { BearerDid } from '../bearer-did.js'; +import { extractDidFragment } from '../utils.js'; import { DidError, DidErrorCode } from '../did-error.js'; import { DidVerificationRelationship } from '../types/did-core.js'; import { EMPTY_DID_RESOLUTION_RESULT } from '../resolver/did-resolver.js'; @@ -435,37 +436,13 @@ const AlgorithmToKeyTypeMap = { * const signature = await signer.sign({ data: new TextEncoder().encode('Message') }); * const isValid = await signer.verify({ data: new TextEncoder().encode('Message'), signature }); * - * // Key Management + * // Import / Export * - * // Instantiate a DID object for a published DID with existing keys in a KMS - * const did = await DidDht.fromKeyManager({ - * didUri: 'did:dht:cf69rrqpanddbhkqecuwia314hfawfua9yr6zx433jmgm39ez57y', - * keyManager - * }); + * // Export a BearerDid object to the PortableDid format. + * const portableDid = await did.export(); * - * // Instantiate a DID object from an existing verification method key - * const did = await DidDht.fromKeys({ - * verificationMethods: [{ - * publicKeyJwk : { - * crv : 'Ed25519', - * kty : 'OKP', - * x : 'VYKm2SCIV9Vz3BRy-v5R9GHz3EOJCPvZ1_gP1e3XiB0' - * }, - * privateKeyJwk: { - * crv : 'Ed25519', - * d : 'hdSIwbQwVD-fNOVEgt-k3mMl44Ip1iPi58Ex6VDGxqY', - * kty : 'OKP', - * x : 'VYKm2SCIV9Vz3BRy-v5R9GHz3EOJCPvZ1_gP1e3XiB0' - * }, - * purposes: ['authentication', 'assertionMethod' ], - * }] - * }); - * - * // Convert a DID object to a portable format - * const portableDid = await DidDht.toKeys({ did }); - * - * // Reconstruct a DID object from a portable format - * const did = await DidDht.fromKeys(portableDid); + * // Reconstruct a BearerDid object from a PortableDid + * const did = await DidDht.import(portableDid); * ``` */ export class DidDht extends DidMethod { @@ -518,20 +495,95 @@ export class DidDht extends DidMethod { throw new Error('One or more verification method algorithms are not supported'); } - // Check 2: Validate that the required properties for any given services are present. + // Check 2: Validate that the ID for any given verification method is unique. + const methodIds = options.verificationMethods?.filter(vm => 'id' in vm).map(vm => vm.id); + if (methodIds && methodIds.length !== new Set(methodIds).size) { + throw new Error('One or more verification method IDs are not unique'); + } + + // Check 3: Validate that the required properties for any given services are present. if (options.services?.some(s => !s.id || !s.type || !s.serviceEndpoint)) { throw new Error('One or more services are missing required properties'); } + // Generate random key material for the Identity Key. + const identityKeyUri = await keyManager.generateKey({ algorithm: 'Ed25519' }); + const identityKey = await keyManager.getPublicKey({ keyUri: identityKeyUri }); + + // Compute the DID URI from the Identity Key. + const didUri = await DidDhtUtils.identityKeyToIdentifier({ identityKey }); + + // Begin constructing the DID Document. + const document: DidDocument = { + id: didUri, + ...options.alsoKnownAs && { alsoKnownAs: options.alsoKnownAs }, + ...options.controllers && { controller: options.controllers } + }; + + // If the given verification methods do not contain an Identity Key, add one. + const verificationMethodsToAdd = [...options.verificationMethods ?? []]; + if (!verificationMethodsToAdd?.some(vm => vm.id?.split('#').pop() === '0')) { + // Add the Identity Key to the beginning of the key set. + verificationMethodsToAdd.unshift({ + algorithm : 'Ed25519' as any, + id : '0', + purposes : ['authentication', 'assertionMethod', 'capabilityDelegation', 'capabilityInvocation'] + }); + } + // Generate random key material for the Identity Key and any additional verification methods. - const keySet = await DidDht.generateKeys({ - keyManager, - verificationMethods: options.verificationMethods ?? [] + // Add verification methods to the DID document. + for (const vm of verificationMethodsToAdd) { + // Generate a random key for the verification method, or if its the Identity Key's + // verification method (`id` is 0) use the key previously generated. + const keyUri = (vm.id && vm.id.split('#').pop() === '0') + ? identityKeyUri + : await keyManager.generateKey({ algorithm: vm.algorithm }); + + const publicKey = await keyManager.getPublicKey({ keyUri }); + + // Use the given ID, the key's ID, or the key's thumbprint as the verification method ID. + let methodId = vm.id ?? publicKey.kid ?? await computeJwkThumbprint({ jwk: publicKey }); + methodId = `${didUri}#${extractDidFragment(methodId)}`; // Remove fragment prefix, if any. + + // Initialize the `verificationMethod` array if it does not already exist. + document.verificationMethod ??= []; + + // Add the verification method to the DID document. + document.verificationMethod.push({ + id : methodId, + type : 'JsonWebKey', + controller : vm.controller ?? didUri, + publicKeyJwk : publicKey, + }); + + // Add the verification method to the specified purpose properties of the DID document. + for (const purpose of vm.purposes ?? []) { + // Initialize the purpose property if it does not already exist. + if (!document[purpose]) document[purpose] = []; + // Add the verification method to the purpose property. + document[purpose]!.push(methodId); + } + } + + // Add services, if any, to the DID document. + options.services?.forEach(service => { + document.service ??= []; + service.id = `${didUri}#${service.id.split('#').pop()}`; // Remove fragment prefix, if any. + document.service.push(service); }); - // Create the DID object from the generated key material, including DID document, metadata, - // signer convenience function, and URI. - const did = await DidDht.fromPublicKeys({ keyManager, options, ...keySet }); + // Create the BearerDid object, including the registered DID types (if any), and specify that + // the DID has not yet been published. + const did = new BearerDid({ + uri : didUri, + document, + metadata : { + published: false, + ...options.types && { types: options.types } + }, + keyManager + }); // By default, publish the DID document to a DHT Gateway unless explicitly disabled. if (options.publish ?? true) { @@ -545,77 +597,47 @@ export class DidDht extends DidMethod { /** * Instantiates a {@link BearerDid} object for the DID DHT method from a given {@link PortableDid}. * - * This method allows for the creation of a `BearerDid` object using pre-existing key material, - * encapsulated within the `verificationMethods` array of the `PortableDid`. This is particularly - * useful when the key material is already available and you want to construct a `BearerDid` - * object based on these keys, instead of generating new keys. - * - * @remarks - * The key material (both public and private keys) should be provided in JWK format. The method - * handles the inclusion of these keys in the DID Document and specified verification - * relationships. + * This method allows for the creation of a `BearerDid` object using a previously created DID's + * key material, DID document, and metadata. * * @example * ```ts - * // Example with an existing key in JWK format. - * const verificationMethods = [{ - * publicKeyJwk: { id: 0, // public key in JWK format }, - * privateKeyJwk: { id: 0, // private key in JWK format }, - * purposes: ['authentication'] - * }]; - * const did = await DidDht.fromKeys({ verificationMethods }); + * // Export an existing BearerDid to PortableDid format. + * const portableDid = await did.export(); + * // Reconstruct a BearerDid object from the PortableDid. + * const did = await DidDht.import({ portableDid }); * ``` * - * @param params - The parameters for the `fromKeys` operation. + * @param params - The parameters for the import operation. + * @param params.portableDid - The PortableDid object to import. * @param params.keyManager - Optionally specify an external Key Management System (KMS) used to * generate keys and sign data. If not given, a new - * {@link @web5/crypto#LocalKeyManager} instance will be created and used. - * @returns A Promise resolving to a `BearerDid` object representing the DID formed from the provided keys. - * @throws An error if the `verificationMethods` array does not contain any keys, lacks an - * Identity Key, or any verification method is missing a public or private key. + * {@link @web5/crypto#LocalKeyManager} instance will be created and + * used. + * @returns A Promise resolving to a `BearerDid` object representing the DID formed from the + * provided PortableDid. + * @throws An error if the PortableDid document does not contain any verification methods, lacks + * an Identity Key, or the keys for any verification method are missing in the key + * manager. */ - public static async fromKeys({ - keyManager = new LocalKeyManager(), - uri, - verificationMethods, - options = {} - }: { + public static async import({ portableDid, keyManager = new LocalKeyManager() }: { keyManager?: CryptoApi & KeyImporterExporter; - options?: DidDhtCreateOptions; - } & PortableDid): Promise { - if (!(verificationMethods && Array.isArray(verificationMethods) && verificationMethods.length > 0)) { - throw new Error(`At least one verification method is required but 0 were given`); - } - - if (!verificationMethods?.some(vm => vm.id?.split('#').pop() === '0')) { - throw new Error(`Given verification methods are missing an Identity Key`); + portableDid: PortableDid; + }): Promise { + // Verify the DID method is supported. + const parsedDid = Did.parse(portableDid.uri); + if (parsedDid?.method !== DidDht.methodName) { + throw new DidError(DidErrorCode.MethodNotSupported, `Method not supported`); } - if (!verificationMethods?.some(vm => vm.privateKeyJwk && vm.publicKeyJwk)) { - throw new Error(`All verification methods must contain a public and private key in JWK format`); - } + const did = await BearerDid.import({ portableDid, keyManager }); - // Import the private key material for every verification method into the key manager. - for (let vm of verificationMethods) { - await keyManager.importKey({ key: vm.privateKeyJwk! }); + // Validate that the given verification methods contain an Identity Key. + if (!did.document.verificationMethod?.some(vm => vm.id?.split('#').pop() === '0')) { + throw new DidError(DidErrorCode.InvalidDidDocument, `DID document must contain an Identity Key`); } - // If the DID URI is provided, resolve the DID document and metadata from the DHT network and - // use it to construct the DID object. - if (uri) { - return await DidDht.fromKeyManager({ didUri: uri, keyManager }); - } else { - // Otherwise, use the given key material and options to construct the DID object. - const did = await DidDht.fromPublicKeys({ keyManager, verificationMethods, options }); - - // By default, the DID document will NOT be published unless explicitly enabled. - if (options.publish) { - const registrationResult = await DidDht.publish({ did, gatewayUri: options.gatewayUri }); - did.metadata = registrationResult.didDocumentMetadata; - } - - return did; - } + return did; } /** @@ -632,14 +654,22 @@ export class DidDht extends DidMethod { public static async getSigningMethod({ didDocument, methodId = '#0' }: { didDocument: DidDocument; methodId?: string; - }): Promise { - + }): Promise { + // Verify the DID method is supported. const parsedDid = Did.parse(didDocument.id); if (parsedDid && parsedDid.method !== this.methodName) { - throw new Error(`Method not supported: ${parsedDid.method}`); + throw new DidError(DidErrorCode.MethodNotSupported, `Method not supported: ${parsedDid.method}`); } - const verificationMethod = didDocument.verificationMethod?.find(vm => vm.id.endsWith(methodId)); + // Attempt to find a verification method that matches the given method ID, or if not given, + // find the first verification method intended for signing claims. + const verificationMethod = didDocument.verificationMethod?.find( + vm => extractDidFragment(vm.id) === (extractDidFragment(methodId) ?? extractDidFragment(didDocument.assertionMethod?.[0])) + ); + + if (!(verificationMethod && verificationMethod.publicKeyJwk)) { + throw new DidError(DidErrorCode.InternalError, 'A verification method intended for signing could not be determined from the DID Document'); + } return verificationMethod; } @@ -739,144 +769,6 @@ export class DidDht extends DidMethod { }; } } - - /** - * Instantiates a `BearerDid` object for the DID DHT method using an array of public keys. - * - * This method is used to create a `BearerDid` object from a set of public keys, typically after - * these keys have been generated or provided. It constructs the DID document, metadata, and - * other necessary components for the DID based on the provided public keys and any additional - * options specified. - * - * @param params - The parameters for the DID object creation. - * @param params.keyManager - The Key Management System to manage keys. - * @param params.options - Additional options for DID creation. - * @returns A Promise resolving to a `BearerDid` object. - */ - private static async fromPublicKeys({ keyManager, verificationMethods, options }: { - keyManager: CryptoApi; - options: DidDhtCreateOptions; - } & PortableDid): Promise { - // Validate that the given verification methods contain an Identity Key. - const identityKey = verificationMethods?.find(vm => vm.id?.split('#').pop() === '0')?.publicKeyJwk; - if (!identityKey) { - throw new Error('Identity Key not found in verification methods'); - } - - // Compute the DID identifier from the Identity Key. - const id = await DidDhtUtils.identityKeyToIdentifier({ identityKey }); - - // Begin constructing the DID Document. - const didDocument: DidDocument = { - id, - ...options.alsoKnownAs && { alsoKnownAs: options.alsoKnownAs }, - ...options.controllers && { controller: options.controllers } - }; - - // Add verification methods to the DID document. - for (const vm of verificationMethods) { - if (!vm.publicKeyJwk) { - throw new Error(`Verification method does not contain a public key in JWK format`); - } - - // Use the given ID, the key's ID, or the key's thumbprint as the verification method ID. - let methodId = vm.id ?? vm.publicKeyJwk.kid ?? await computeJwkThumbprint({ jwk: vm.publicKeyJwk }); - methodId = `${id}#${methodId.split('#').pop()}`; // Remove fragment prefix, if any. - - // Initialize the `verificationMethod` array if it does not already exist. - didDocument.verificationMethod ??= []; - - // Add the verification method to the DID document. - didDocument.verificationMethod.push({ - id : methodId, - type : 'JsonWebKey', - controller : vm.controller ?? id, - publicKeyJwk : vm.publicKeyJwk, - }); - - // Add the verification method to the specified purpose properties of the DID document. - for (const purpose of vm.purposes ?? []) { - // Initialize the purpose property if it does not already exist. - if (!didDocument[purpose]) didDocument[purpose] = []; - // Add the verification method to the purpose property. - didDocument[purpose]!.push(methodId); - } - } - - // Add services, if any, to the DID document. - options.services?.forEach(service => { - didDocument.service ??= []; - service.id = `${id}#${service.id.split('#').pop()}`; // Remove fragment prefix, if any. - didDocument.service.push(service); - }); - - // Define DID Metadata, including the registered DID types (if any) and specify that the DID - // has not yet been published. - const metadata: DidMetadata = { - published: false, - ...options.types && { types: options.types } - }; - - // Define a function that returns a signer for the DID. - const getSigner = async (params?: { keyUri?: string }) => await DidDht.getSigner({ - didDocument, - keyManager, - keyUri: params?.keyUri - }); - - return { didDocument, getSigner, keyManager, metadata, uri: id }; - } - - /** - * Generates a set of keys for use in creating a `BearerDid` object for the `did:dht` method. - * - * This method is responsible for generating the cryptographic keys necessary for the DID. It - * supports generating keys for the specified verification methods. - * - * @param params - The parameters for key generation. - * @param params.keyManager - The Key Management System used for generating keys. - * @param params.verificationMethods - Optional array of methods specifying key generation details. - * @returns A Promise resolving to a `PortableDid` object containing the generated keys. - */ - private static async generateKeys({ - keyManager, - verificationMethods - }: { - keyManager: CryptoApi; - verificationMethods: DidCreateVerificationMethod[]; - }): Promise { - let portableDid: PortableDid = { - verificationMethods: [] - }; - - // If the given verification methods do not contain an Identity Key, add one. - if (!verificationMethods?.some(vm => vm.id?.split('#').pop() === '0')) { - // Add the Identity Key to the beginning of the key set. - verificationMethods.unshift({ - algorithm : 'Ed25519' as any, - id : '0', - purposes : ['authentication', 'assertionMethod', 'capabilityDelegation', 'capabilityInvocation'] - }); - } - - // Generate keys and add verification methods to the key set. - for (const vm of verificationMethods) { - // Generate a random key for the verification method. - const keyUri = await keyManager.generateKey({ algorithm: vm.algorithm }); - const publicKey = await keyManager.getPublicKey({ keyUri }); - - // Add the verification method to the `PortableDid`. - portableDid.verificationMethods.push({ - id : vm.id, - type : 'JsonWebKey', - controller : vm.controller, - publicKeyJwk : publicKey, - purposes : vm.purposes - }); - } - - return portableDid; - } } /** @@ -933,7 +825,7 @@ export class DidDhtDocument { }): Promise { // Convert the DID document and DID metadata (such as DID types) to a DNS packet. const dnsPacket = await DidDhtDocument.toDnsPacket({ - didDocument : did.didDocument, + didDocument : did.document, didMetadata : did.metadata }); @@ -941,15 +833,16 @@ export class DidDhtDocument { const bep44Message = await DidDhtUtils.createBep44PutMessage({ dnsPacket, publicKeyBytes : DidDhtUtils.identifierToIdentityKeyBytes({ didUri: did.uri }), - signer : await did.getSigner() + signer : await did.getSigner({ methodId: '0' }) }); // Publish the DNS packet to the DHT network. const putResult = await DidDhtDocument.pkarrPut({ gatewayUri, bep44Message }); - // Update the DID metadata with the version ID and the publishing result. - const didRegistrationResult: DidRegistrationResult = { - didDocument : did.didDocument, + // Return the result of processing the PUT operation, including the updated DID metadata with + // the version ID and the publishing result. + return { + didDocument : did.document, didDocumentMetadata : { ...did.metadata, published : putResult, @@ -957,8 +850,6 @@ export class DidDhtDocument { }, didRegistrationMetadata: {} }; - - return didRegistrationResult; } /** diff --git a/packages/dids/src/methods/did-ion.ts b/packages/dids/src/methods/did-ion.ts index e58ce448e..ccec73170 100644 --- a/packages/dids/src/methods/did-ion.ts +++ b/packages/dids/src/methods/did-ion.ts @@ -1,4 +1,4 @@ -import type { CryptoApi, Jwk } from '@web5/crypto'; +import type { CryptoApi, Jwk, KeyIdentifier, KeyImporterExporter, KmsExportKeyParams, KmsImportKeyParams } from '@web5/crypto'; import type { JwkEs256k, IonDocumentModel, @@ -9,20 +9,22 @@ import type { import { IonDid, IonRequest } from '@decentralized-identity/ion-sdk'; import { LocalKeyManager, computeJwkThumbprint } from '@web5/crypto'; -import type { BearerDid } from '../bearer-did.js'; -import type { DidCreateOptions, DidCreateVerificationMethod } from '../methods/did-method.js'; -import type { DidMetadata, PortableDid, PortableDidVerificationMethod } from '../portable-did.js'; +import type { PortableDid } from '../types/portable-did.js'; +import type { DidCreateOptions, DidCreateVerificationMethod, DidRegistrationResult } from '../methods/did-method.js'; import type { DidService, DidDocument, DidResolutionResult, DidResolutionOptions, DidVerificationMethod, + DidVerificationRelationship, } from '../types/did-core.js'; import { Did } from '../did.js'; +import { BearerDid } from '../bearer-did.js'; import { DidMethod } from '../methods/did-method.js'; import { DidError, DidErrorCode } from '../did-error.js'; +import { getVerificationRelationshipsById } from '../utils.js'; import { EMPTY_DID_RESOLUTION_RESULT } from '../resolver/did-resolver.js'; /** @@ -141,6 +143,88 @@ export interface DidIonCreateRequest { } } +/** + * Represents a {@link DidVerificationMethod | DID verification method} in the context of DID ION + * create, update, deactivate, and resolve operations. + * + * Unlike the DID Core standard {@link DidVerificationMethod} interface, this type is specific to + * the ION method operations and only includes the `id`, `publicKeyJwk`, and `purposes` properties: + * - The `id` property is optional and specifies the identifier fragment of the verification method. + * - The `publicKeyJwk` property is required and represents the public key in JWK format. + * - The `purposes` property is required and specifies the purposes for which the verification + * method can be used. + * + * @example + * ```ts + * const verificationMethod: DidIonVerificationMethod = { + * id : 'sig', + * publicKeyJwk : { + * kty : 'OKP', + * crv : 'Ed25519', + * x : 'o40shZrsco-CfEqk6mFsXfcP94ly3Az3gm84PzAUsXo', + * kid : 'BDp0xim82GswlxnPV8TPtBdUw80wkGIF8gjFbw1x5iQ', + * }, + * purposes: ['authentication', 'assertionMethod'] + * }; + * ``` + */ +export interface DidIonVerificationMethod { + /** + * Optionally specify the identifier fragment of the verification method. + * + * If not specified, the method's ID will be generated from the key's ID or thumbprint. + * + * @example + * ```ts + * const verificationMethod: DidIonVerificationMethod = { + * id: 'sig', + * ... + * }; + * ``` + */ + id?: string; + + /** + * A public key in JWK format. + * + * A JSON Web Key (JWK) that conforms to {@link https://datatracker.ietf.org/doc/html/rfc7517 | RFC 7517}. + * + * @example + * ```ts + * const verificationMethod: DidIonVerificationMethod = { + * publicKeyJwk: { + * kty : "OKP", + * crv : "X25519", + * x : "7XdJtNmJ9pV_O_3mxWdn6YjiHJ-HhNkdYQARzVU_mwY", + * kid : "xtsuKULPh6VN9fuJMRwj66cDfQyLaxuXHkMlmAe_v6I" + * }, + * ... + * }; + * ``` + */ + publicKeyJwk: Jwk; + + /** + * Specify the purposes for which a verification method is intended to be used in a DID document. + * + * The `purposes` property defines the specific + * {@link DidVerificationRelationship | verification relationships} between the DID subject and + * the verification method. This enables the verification method to be utilized for distinct + * actions such as authentication, assertion, key agreement, capability delegation, and others. It + * is important for verifiers to recognize that a verification method must be associated with the + * relevant purpose in the DID document to be valid for that specific use case. + * + * @example + * ```ts + * const verificationMethod: DidIonVerificationMethod = { + * purposes: ['authentication', 'assertionMethod'], + * ... + * }; + * ``` + */ + purposes: (DidVerificationRelationship | keyof typeof DidVerificationRelationship)[]; +} + /** * `IonPortableDid` interface extends the {@link PortableDid} interface. * @@ -295,26 +379,80 @@ export class DidIon extends DidMethod { throw new Error('One or more verification method algorithms are not supported'); } - // Check 2: Validate that the required properties for any given services are present. + // Check 2: Validate that the ID for any given verification method is unique. + const methodIds = options.verificationMethods?.filter(vm => 'id' in vm).map(vm => vm.id); + if (methodIds && methodIds.length !== new Set(methodIds).size) { + throw new Error('One or more verification method IDs are not unique'); + } + + // Check 3: Validate that the required properties for any given services are present. if (options.services?.some(s => !s.id || !s.type || !s.serviceEndpoint)) { throw new Error('One or more services are missing required properties'); } - // Generate random key material for the ION Recovery Key, ION Update Key, and any additional - // verification methods. - const keySet = await DidIon.generateKeys({ - keyManager, - verificationMethods: options.verificationMethods ?? [] + // If no verification methods were specified, generate a default Ed25519 verification method. + const defaultVerificationMethod: DidCreateVerificationMethod = { + algorithm : 'Ed25519' as any, + purposes : ['authentication', 'assertionMethod', 'capabilityDelegation', 'capabilityInvocation'] + }; + + const verificationMethodsToAdd: DidIonVerificationMethod[] = []; + + // Generate random key material for additional verification methods, if any. + for (const vm of options.verificationMethods ?? [defaultVerificationMethod]) { + // Generate a random key for the verification method. + const keyUri = await keyManager.generateKey({ algorithm: vm.algorithm }); + const publicKey = await keyManager.getPublicKey({ keyUri }); + + // Add the verification method to the DID document. + verificationMethodsToAdd.push({ + id : vm.id, + publicKeyJwk : publicKey, + purposes : vm.purposes ?? ['authentication', 'assertionMethod', 'capabilityDelegation', 'capabilityInvocation'] + }); + } + + // Generate a random key for the ION Recovery Key. Sidetree requires secp256k1 recovery keys. + const recoveryKeyUri = await keyManager.generateKey({ algorithm: DidIonRegisteredKeyType.secp256k1 }); + const recoveryKey = await keyManager.getPublicKey({ keyUri: recoveryKeyUri }); + + // Generate a random key for the ION Update Key. Sidetree requires secp256k1 update keys. + const updateKeyUri = await keyManager.generateKey({ algorithm: DidIonRegisteredKeyType.secp256k1 }); + const updateKey = await keyManager.getPublicKey({ keyUri: updateKeyUri }); + + // Compute the Long Form DID URI from the keys and services, if any. + const longFormDidUri = await DidIonUtils.computeLongFormDidUri({ + recoveryKey, + updateKey, + services : options.services ?? [], + verificationMethods : verificationMethodsToAdd }); - // Create the DID object from the generated key material, including DID document, metadata, - // signer convenience function, and URI. - const did = await DidIon.fromPublicKeys({ keyManager, options, ...keySet }); + // Expand the DID URI string to a DID document. + const { didDocument, didResolutionMetadata } = await DidIon.resolve(longFormDidUri, { gatewayUri: options.gatewayUri }); + if (didDocument === null) { + throw new Error(`Unable to resolve DID during creation: ${didResolutionMetadata?.error}`); + } + + // Create the BearerDid object, including the "Short Form" of the DID URI, the ION update and + // recovery keys, and specifying that the DID has not yet been published. + const did = new BearerDid({ + uri : longFormDidUri, + document : didDocument, + metadata : { + published : false, + canonicalId : longFormDidUri.split(':', 3).join(':'), + recoveryKey, + updateKey + }, + keyManager + }); // By default, publish the DID document to a Sidetree node unless explicitly disabled. - did.metadata.published = options.publish ?? true - ? await this.publish({ did, gatewayUri: options.gatewayUri }) - : false; + if (options.publish ?? true) { + const registrationResult = await DidIon.publish({ did, gatewayUri: options.gatewayUri }); + did.metadata = registrationResult.didDocumentMetadata; + } return did; } @@ -333,24 +471,65 @@ export class DidIon extends DidMethod { public static async getSigningMethod({ didDocument, methodId }: { didDocument: DidDocument; methodId?: string; - }): Promise { + }): Promise { // Verify the DID method is supported. const parsedDid = Did.parse(didDocument.id); if (parsedDid && parsedDid.method !== this.methodName) { throw new DidError(DidErrorCode.MethodNotSupported, `Method not supported: ${parsedDid.method}`); } - // Get the ID of the first verification method intended for signing. - const [ firstAuthMethodId ] = didDocument.authentication || []; - - // Get the verification method with either the specified ID or the first authentication method. + // Get the verification method with either the specified ID or the first assertion method. const verificationMethod = didDocument.verificationMethod?.find( - vm => vm.id === (methodId ?? firstAuthMethodId) + vm => vm.id === (methodId ?? didDocument.assertionMethod?.[0]) ); + if (!(verificationMethod && verificationMethod.publicKeyJwk)) { + throw new DidError(DidErrorCode.InternalError, 'A verification method intended for signing could not be determined from the DID Document'); + } + return verificationMethod; } + /** + * Instantiates a {@link BearerDid} object for the DID ION method from a given {@link PortableDid}. + * + * This method allows for the creation of a `BearerDid` object using a previously created DID's + * key material, DID document, and metadata. + * + * @example + * ```ts + * // Export an existing BearerDid to PortableDid format. + * const portableDid = await did.export(); + * // Reconstruct a BearerDid object from the PortableDid. + * const did = await DidIon.import({ portableDid }); + * ``` + * + * @param params - The parameters for the import operation. + * @param params.portableDid - The PortableDid object to import. + * @param params.keyManager - Optionally specify an external Key Management System (KMS) used to + * generate keys and sign data. If not given, a new + * {@link @web5/crypto#LocalKeyManager} instance will be created and + * used. + * @returns A Promise resolving to a `BearerDid` object representing the DID formed from the + * provided PortableDid. + * @throws An error if the DID document does not contain any verification methods or the keys for + * any verification method are missing in the key manager. + */ + public static async import({ portableDid, keyManager = new LocalKeyManager() }: { + keyManager?: CryptoApi & KeyImporterExporter; + portableDid: PortableDid; + }): Promise { + // Verify the DID method is supported. + const parsedDid = Did.parse(portableDid.uri); + if (parsedDid?.method !== DidIon.methodName) { + throw new DidError(DidErrorCode.MethodNotSupported, `Method not supported`); + } + + const did = await BearerDid.import({ portableDid, keyManager }); + + return did; + } + /** * Publishes a DID to a Sidetree node, making it publicly discoverable and resolvable. * @@ -383,11 +562,21 @@ export class DidIon extends DidMethod { public static async publish({ did, gatewayUri = DEFAULT_GATEWAY_URI }: { did: BearerDid; gatewayUri?: string; - }): Promise { + }): Promise { + // Construct an ION verification method made up of the id, public key, and purposes from each + // verification method in the DID document. + const verificationMethods: DidIonVerificationMethod[] = did.document.verificationMethod?.map( + vm => ({ + id : vm.id, + publicKeyJwk : vm.publicKeyJwk!, + purposes : getVerificationRelationshipsById({ didDocument: did.document, methodId: vm.id }) + }) + ) ?? []; + // Create the ION document. const ionDocument = await DidIonUtils.createIonDocument({ - services : did.didDocument.service ?? [], - verificationMethods : did.didDocument.verificationMethod ?? [] + services: did.document.service ?? [], + verificationMethods }); // Construct the ION Create Operation request. @@ -412,11 +601,28 @@ export class DidIon extends DidMethod { body : JSON.stringify(createOperation) }); - // Return true if the Create Operation was processed successfully; false otherwise. - return response.ok; + // Return the result of processing the Create operation, including the updated DID metadata + // with the publishing result. + return { + didDocument : did.document, + didDocumentMetadata : { + ...did.metadata, + published: response.ok, + }, + didRegistrationMetadata: {} + }; } catch (error: any) { - throw new DidError(DidErrorCode.InternalError, `Failed to publish DID document for: ${did.uri}`); + return { + didDocument : null, + didDocumentMetadata : { + published: false, + }, + didRegistrationMetadata: { + error : DidErrorCode.InternalError, + errorMessage : `Failed to publish DID document for: ${did.uri}` + } + }; } } @@ -505,122 +711,6 @@ export class DidIon extends DidMethod { }; } } - - /** - * Instantiates a `BearerDid` object for the DID ION method using an array of public keys. - * - * This method is used to create a `BearerDid` object from a set of public keys, typically after - * these keys have been generated or provided. It constructs the DID document, metadata, and - * other necessary components for the DID based on the provided public keys and any additional - * options specified. - * - * @param params - The parameters for the DID object creation. - * @param params.keyManager - The Key Management System to manage keys. - * @param params.options - Additional options for DID creation. - * @returns A Promise resolving to a `BearerDid` object. - */ - private static async fromPublicKeys({ keyManager, recoveryKey, updateKey, verificationMethods, options }: { - keyManager: CryptoApi; - options: DidIonCreateOptions; - } & IonPortableDid): Promise { - // Validate an ION Recovery Key was generated or provided. - if (!recoveryKey) { - throw new Error('Missing required input: ION Recovery Key'); - } - - // Validate an ION Update Key was generated or provided. - if (!updateKey) { - throw new Error('Missing required input: ION Update Key'); - } - - // Compute the Long Form DID URI from the keys and services, if any. - const id = await DidIonUtils.computeLongFormDidUri({ - recoveryKey, - updateKey, - verificationMethods, - services: options.services ?? [] - }); - - // Expand the DID URI string to a DID document. - const { didDocument, didResolutionMetadata } = await DidIon.resolve(id, { gatewayUri: options.gatewayUri }); - if (didDocument === null) { - throw new Error(`Unable to resolve DID during creation: ${didResolutionMetadata?.error}`); - } - - // Define DID Metadata, including the "Short Form" of the DID URI. - const metadata: DidMetadata = { - canonicalId: id.split(':', 3).join(':'), - recoveryKey, - updateKey - }; - - // Define a function that returns a signer for the DID. - const getSigner = async (params?: { keyUri?: string }) => await DidIon.getSigner({ - didDocument, - keyManager, - keyUri: params?.keyUri - }); - - return { didDocument, getSigner, keyManager, metadata, uri: id }; - } - - /** - * Generates a set of keys for use in creating a `BearerDid` object for the DID ION method. - * - * This method is responsible for generating the cryptographic keys necessary for the DID, - * including the ION Update and Recovery keys and any verification methods specified in the - * `verificationMethods` parameter. - * - * @param params - The parameters for key generation. - * @param params.keyManager - The Key Management System used for generating keys. - * @param params.verificationMethods - Optional array of methods specifying key generation details. - * @returns A Promise resolving to a `PortableDid` object containing the generated keys. - */ - private static async generateKeys({ - keyManager, - verificationMethods - }: { - keyManager: CryptoApi; - verificationMethods: DidCreateVerificationMethod[]; - }): Promise { - let portableDid: PortableDid = { - verificationMethods: [] - }; - - // If no verification methods were specified, generate a default Ed25519 verification method. - if (verificationMethods.length === 0) { - verificationMethods = [{ - algorithm : 'Ed25519', - purposes : ['authentication', 'assertionMethod'] - }]; - } - - // Generate keys and add verification methods to the key set. - for (const vm of verificationMethods) { - // Generate a random key for the verification method. - const keyUri = await keyManager.generateKey({ algorithm: vm.algorithm }); - const publicKey = await keyManager.getPublicKey({ keyUri }); - - // Add the verification method to the `PortableDid`. - portableDid.verificationMethods.push({ - id : vm.id, - type : 'JsonWebKey', - controller : vm.controller, - publicKeyJwk : publicKey, - purposes : vm.purposes - }); - } - - // Generate a random key for the ION Recovery Key. Sidetree requires secp256k1 recovery keys. - const recoveryKeyUri = await keyManager.generateKey({ algorithm: DidIonRegisteredKeyType.secp256k1 }); - const recoveryKey = await keyManager.getPublicKey({ keyUri: recoveryKeyUri }); - - // Generate a random key for the ION Update Key. Sidetree requires secp256k1 update keys. - const updateKeyUri = await keyManager.generateKey({ algorithm: DidIonRegisteredKeyType.secp256k1 }); - const updateKey = await keyManager.getPublicKey({ keyUri: updateKeyUri }); - - return { ...portableDid, recoveryKey, updateKey }; - } } /** @@ -663,9 +753,9 @@ export class DidIonUtils { */ public static async computeLongFormDidUri({ recoveryKey, updateKey, services, verificationMethods }: { recoveryKey: Jwk; - services: DidService[]; updateKey: Jwk; - verificationMethods: PortableDidVerificationMethod[]; + services: DidService[]; + verificationMethods: DidIonVerificationMethod[]; }): Promise { // Create the ION document. const ionDocument = await DidIonUtils.createIonDocument({ services, verificationMethods }); @@ -727,7 +817,7 @@ export class DidIonUtils { */ public static async createIonDocument({ services, verificationMethods }: { services: DidService[]; - verificationMethods: PortableDidVerificationMethod[] + verificationMethods: DidIonVerificationMethod[] }): Promise { /** * STEP 1: Convert verification methods to ION SDK format. @@ -735,10 +825,6 @@ export class DidIonUtils { const ionPublicKeys: IonPublicKeyModel[] = []; for (const vm of verificationMethods) { - if (!vm.publicKeyJwk) { - throw new Error(`Verification method does not contain a public key in JWK format`); - } - // Use the given ID, the key's ID, or the key's thumbprint as the verification method ID. let methodId = vm.id ?? vm.publicKeyJwk.kid ?? await computeJwkThumbprint({ jwk: vm.publicKeyJwk }); methodId = `${methodId.split('#').pop()}`; // Remove fragment prefix, if any. diff --git a/packages/dids/src/methods/did-jwk.ts b/packages/dids/src/methods/did-jwk.ts index 27848f7c7..4f521f6f7 100644 --- a/packages/dids/src/methods/did-jwk.ts +++ b/packages/dids/src/methods/did-jwk.ts @@ -11,13 +11,13 @@ import type { import { Convert } from '@web5/common'; import { LocalKeyManager } from '@web5/crypto'; -import type { BearerDid } from '../bearer-did.js'; -import type { DidMetadata, PortableDid } from '../portable-did.js'; +import type { PortableDid } from '../types/portable-did.js'; import type { DidCreateOptions, DidCreateVerificationMethod } from './did-method.js'; import type { DidDocument, DidResolutionOptions, DidResolutionResult, DidVerificationMethod } from '../types/did-core.js'; import { Did } from '../did.js'; import { DidMethod } from './did-method.js'; +import { BearerDid } from '../bearer-did.js'; import { DidError, DidErrorCode } from '../did-error.js'; import { EMPTY_DID_RESOLUTION_RESULT } from '../resolver/did-resolver.js'; @@ -34,7 +34,9 @@ import { EMPTY_DID_RESOLUTION_RESULT } from '../resolver/did-resolver.js'; * * @example * ```ts - * // By default, when no options are given, a new Ed25519 key will be generated. + * // DID Creation + * + * // By default, when no options are given, a new Ed25519 key will be generated. * const did = await DidJwk.create(); * * // The algorithm to use for key generation can be specified as a top-level option. @@ -48,6 +50,26 @@ import { EMPTY_DID_RESOLUTION_RESULT } from '../resolver/did-resolver.js'; * verificationMethods: [{ algorithm = 'ES256K' }] * } * }); + * + * // DID Creation with a KMS + * const keyManager = new LocalKeyManager(); + * const did = await DidJwk.create({ keyManager }); + * + * // DID Resolution + * const resolutionResult = await DidJwk.resolve({ did: did.uri }); + * + * // Signature Operations + * const signer = await did.getSigner(); + * const signature = await signer.sign({ data: new TextEncoder().encode('Message') }); + * const isValid = await signer.verify({ data: new TextEncoder().encode('Message'), signature }); + * + * // Import / Export + * + * // Export a BearerDid object to the PortableDid format. + * const portableDid = await did.export(); + * + * // Reconstruct a BearerDid object from a PortableDid + * const did = await DidJwk.import(portableDid); * ``` */ export interface DidJwkCreateOptions extends DidCreateOptions { @@ -178,10 +200,20 @@ export class DidJwk extends DidMethod { keyManager?: TKms; options?: DidJwkCreateOptions; } = {}): Promise { + // Before processing the create operation, validate DID-method-specific requirements to prevent + // keys from being generated unnecessarily. + + // Check 1: Validate that `algorithm` or `verificationMethods` options are not both given. if (options.algorithm && options.verificationMethods) { throw new Error(`The 'algorithm' and 'verificationMethods' options are mutually exclusive`); } + // Check 2: If `verificationMethods` is given, it must contain exactly one entry since DID JWK + // only supports a single verification method. + if (options.verificationMethods && options.verificationMethods.length !== 1) { + throw new Error(`The 'verificationMethods' option must contain exactly one entry`); + } + // Default to Ed25519 key generation if an algorithm is not given. const algorithm = options.algorithm ?? options.verificationMethods?.[0]?.algorithm ?? 'Ed25519'; @@ -189,70 +221,23 @@ export class DidJwk extends DidMethod { const keyUri = await keyManager.generateKey({ algorithm }); const publicKey = await keyManager.getPublicKey({ keyUri }); - // Create the DID object from the generated key material, including DID document, metadata, - // signer convenience function, and URI. - const did = await DidJwk.fromPublicKey({ keyManager, publicKey }); - - return did; - } + // Compute the DID identifier from the public key by serializing the JWK to a UTF-8 string and + // encoding in Base64URL format. + const identifier = Convert.object(publicKey).toBase64Url(); - /** - * Instantiates a {@link BearerDid} object for the `did:jwk` method from a given - * {@link PortableDid}. - * - * This method allows for the creation of a `BearerDid` object using pre-existing key material, - * encapsulated within the `verificationMethods` array of the `PortableDid`. This is particularly - * useful when the key material is already available and you want to construct a `BearerDid` - * object based on these keys, instead of generating new keys. - * - * @remarks - * The `verificationMethods` array must contain exactly one key since the `did:jwk` method only - * supports a single verification method. - * - * The key material (both public and private keys) should be provided in JWK format. The method - * handles the inclusion of these keys in the DID Document and sets up the necessary verification - * relationships. - * - * @example - * ```ts - * // Example with an existing key in JWK format. - * const verificationMethods = [{ - * publicKeyJwk: { // public key in JWK format }, - * privateKeyJwk: { // private key in JWK format } - * }]; - * const did = await DidJwk.fromKeys({ verificationMethods }); - * ``` - * - * @param params - The parameters for the `fromKeys` operation. - * @param params.keyManager - Optionally specify an external Key Management System (KMS) used to - * generate keys and sign data. If not given, a new - * {@link @web5/crypto#LocalKeyManager} instance will be created and used. - * @returns A Promise resolving to a `BearerDid` object representing the DID formed from the provided keys. - * @throws An error if the `verificationMethods` array does not contain exactly one entry. - */ - public static async fromKeys({ - keyManager = new LocalKeyManager(), - verificationMethods - }: { - keyManager?: CryptoApi & KeyImporterExporter; - options?: unknown; - } & PortableDid): Promise { - if (!verificationMethods || verificationMethods.length !== 1) { - throw new Error(`Only one verification method can be specified but ${verificationMethods?.length ?? 0} were given`); - } - - if (!(verificationMethods[0].privateKeyJwk && verificationMethods[0].publicKeyJwk)) { - throw new Error(`Verification method does not contain a public and private key in JWK format`); - } - - // Store the private key in the key manager. - await keyManager.importKey({ key: verificationMethods[0].privateKeyJwk }); + // Attach the prefix `did:jwk` to form the complete DID URI. + const didUri = `did:${DidJwk.methodName}:${identifier}`; - // Create the DID object from the given key material, including DID document, metadata, - // signer convenience function, and URI. - const did = await DidJwk.fromPublicKey({ - keyManager, - publicKey: verificationMethods[0].publicKeyJwk + // Expand the DID URI string to a DID document. + const didResolutionResult = await DidJwk.resolve(didUri); + const document = didResolutionResult.didDocument as DidDocument; + + // Create the BearerDid object from the generated key material. + const did = new BearerDid({ + uri : didUri, + document, + metadata : {}, + keyManager }); return did; @@ -272,10 +257,10 @@ export class DidJwk extends DidMethod { * @param params.methodId - ID of the verification method to use for signing. * @returns Verification method to use for signing. */ - public static async getSigningMethod({ didDocument, methodId = '#0' }: { + public static async getSigningMethod({ didDocument }: { didDocument: DidDocument; methodId?: string; - }): Promise { + }): Promise { // Verify the DID method is supported. const parsedDid = Did.parse(didDocument.id); if (parsedDid && parsedDid.method !== this.methodName) { @@ -283,11 +268,65 @@ export class DidJwk extends DidMethod { } // Attempt to find the verification method in the DID Document. - const verificationMethod = didDocument.verificationMethod?.find(vm => vm.id.endsWith(methodId)); + const [ verificationMethod ] = didDocument.verificationMethod ?? []; + + if (!(verificationMethod && verificationMethod.publicKeyJwk)) { + throw new DidError(DidErrorCode.InternalError, 'A verification method intended for signing could not be determined from the DID Document'); + } return verificationMethod; } + /** + * Instantiates a {@link BearerDid} object for the DID JWK method from a given {@link PortableDid}. + * + * This method allows for the creation of a `BearerDid` object using a previously created DID's + * key material, DID document, and metadata. + * + * @remarks + * The `verificationMethod` array of the DID document must contain exactly one key since the + * `did:jwk` method only supports a single verification method. + * + * @example + * ```ts + * // Export an existing BearerDid to PortableDid format. + * const portableDid = await did.export(); + * // Reconstruct a BearerDid object from the PortableDid. + * const did = await DidJwk.import({ portableDid }); + * ``` + * + * @param params - The parameters for the import operation. + * @param params.portableDid - The PortableDid object to import. + * @param params.keyManager - Optionally specify an external Key Management System (KMS) used to + * generate keys and sign data. If not given, a new + * {@link @web5/crypto#LocalKeyManager} instance will be created and + * used. + * @returns A Promise resolving to a `BearerDid` object representing the DID formed from the provided keys. + * @throws An error if the DID document does not contain exactly one verification method. + */ + public static async import({ portableDid, keyManager = new LocalKeyManager() }: { + keyManager?: CryptoApi & KeyImporterExporter; + portableDid: PortableDid; + }): Promise { + // Verify the DID method is supported. + const parsedDid = Did.parse(portableDid.uri); + if (parsedDid?.method !== DidJwk.methodName) { + throw new DidError(DidErrorCode.MethodNotSupported, `Method not supported`); + } + + // Use the given PortableDid to construct the BearerDid object. + const did = await BearerDid.import({ portableDid, keyManager }); + + // Validate that the given DID document contains exactly one verification method. + // Note: The non-undefined assertion is necessary because the type system cannot infer that + // the `verificationMethod` property is defined -- which is checked by `BearerDid.import()`. + if (did.document.verificationMethod!.length !== 1) { + throw new DidError(DidErrorCode.InvalidDidDocument, `DID document must contain exactly one verification method`); + } + + return did; + } + /** * Resolves a `did:jwk` identifier to a DID Document. * @@ -369,40 +408,4 @@ export class DidJwk extends DidMethod { didDocument, }; } - - /** - * Instantiates a {@link BearerDid} object for the DID JWK method from a given public key. - * - * @param params - The parameters for the operation. - * @param params.keyManager - A Key Management System (KMS) instance for managing keys and - * performing cryptographic operations. - * @param params.publicKey - The public key of the DID in JWK format. - * @returns A Promise resolving to a `BearerDid` object representing the DID formed from the provided public key. - */ - private static async fromPublicKey({ keyManager, publicKey }: { - keyManager: CryptoApi; - publicKey: Jwk; - }): Promise { - // Serialize the public key JWK to a UTF-8 string and encode to Base64URL format. - const base64UrlEncoded = Convert.object(publicKey).toBase64Url(); - - // Attach the prefix `did:jwk` to form the complete DID URI. - const didUri = `did:${DidJwk.methodName}:${base64UrlEncoded}`; - - // Expand the DID URI string to a DID document. - const didResolutionResult = await DidJwk.resolve(didUri); - const didDocument = didResolutionResult.didDocument as DidDocument; - - // DID Metadata is initially empty for this DID method. - const metadata: DidMetadata = {}; - - // Define a function that returns a signer for the DID. - const getSigner = async (params?: { keyUri?: string }) => await DidJwk.getSigner({ - didDocument, - keyManager, - keyUri: params?.keyUri - }); - - return { didDocument, getSigner, keyManager, metadata, uri: didUri }; - } } \ No newline at end of file diff --git a/packages/dids/src/methods/did-key.ts b/packages/dids/src/methods/did-key.ts index a42ca67b2..889828ba6 100644 --- a/packages/dids/src/methods/did-key.ts +++ b/packages/dids/src/methods/did-key.ts @@ -11,7 +11,7 @@ import type { InferKeyGeneratorAlgorithm, } from '@web5/crypto'; -import { Convert, Multicodec, universalTypeOf } from '@web5/common'; +import { Multicodec, universalTypeOf } from '@web5/common'; import { X25519, Ed25519, @@ -20,46 +20,22 @@ import { LocalKeyManager, } from '@web5/crypto'; -import type { BearerDid } from '../bearer-did.js'; -import type { DidMetadata, PortableDid } from '../portable-did.js'; +import type { PortableDid } from '../types/portable-did.js'; import type { DidCreateOptions, DidCreateVerificationMethod } from './did-method.js'; -import type { DidDocument, DidResolutionOptions, DidResolutionResult, DidVerificationMethod } from '../types/did-core.js'; +import type { + DidDocument, + DidResolutionOptions, + DidResolutionResult, + DidVerificationMethod, +} from '../types/did-core.js'; import { Did } from '../did.js'; import { DidMethod } from './did-method.js'; +import { BearerDid } from '../bearer-did.js'; import { DidError, DidErrorCode } from '../did-error.js'; -import { getVerificationMethodTypes } from '../utils.js'; +import { KeyWithMulticodec } from '../types/multibase.js'; import { EMPTY_DID_RESOLUTION_RESULT } from '../resolver/did-resolver.js'; - -/** - * Represents a cryptographic key with associated multicodec metadata. - * - * The `KeyWithMulticodec` type encapsulates a cryptographic key along with optional multicodec - * information. It is primarily used in functions that convert between cryptographic keys and their - * string representations, ensuring that the key's format and encoding are preserved and understood - * across different systems and applications. - */ -export type KeyWithMulticodec = { - /** - * A `Uint8Array` representing the raw bytes of the cryptographic key. This is the primary data of - * the type and is essential for cryptographic operations. - */ - keyBytes: Uint8Array, - - /** - * An optional number representing the multicodec code. This code uniquely identifies the encoding - * format or protocol associated with the key. The presence of this code is crucial for decoding - * the key correctly in different contexts. - */ - multicodecCode?: number, - - /** - * An optional string representing the human-readable name of the multicodec. This name provides - * an easier way to identify the encoding format or protocol of the key, especially when the - * numerical code is not immediately recognizable. - */ - multicodecName?: string -}; +import { getVerificationMethodTypes, keyBytesToMultibaseId, multibaseIdToKeyBytes } from '../utils.js'; /** * Defines the set of options available when creating a new Decentralized Identifier (DID) with the @@ -88,6 +64,26 @@ export type KeyWithMulticodec = { * verificationMethods: [{ algorithm = 'secp256k1' }] * } * }); + * + * // DID Creation with a KMS + * const keyManager = new LocalKeyManager(); + * const did = await DidJwk.create({ keyManager }); + * + * // DID Resolution + * const resolutionResult = await DidJwk.resolve({ did: did.uri }); + * + * // Signature Operations + * const signer = await did.getSigner(); + * const signature = await signer.sign({ data: new TextEncoder().encode('Message') }); + * const isValid = await signer.verify({ data: new TextEncoder().encode('Message'), signature }); + * + * // Import / Export + * + * // Export a BearerDid object to the PortableDid format. + * const portableDid = await did.export(); + * + * // Reconstruct a BearerDid object from a PortableDid + * const did = await DidJwk.import(portableDid); * ``` */ export interface DidKeyCreateOptions extends DidCreateOptions { @@ -347,10 +343,20 @@ export class DidKey extends DidMethod { keyManager?: TKms; options?: DidKeyCreateOptions; } = {}): Promise { + // Before processing the create operation, validate DID-method-specific requirements to prevent + // keys from being generated unnecessarily. + + // Check 1: Validate that `algorithm` or `verificationMethods` options are not both given. if (options.algorithm && options.verificationMethods) { throw new Error(`The 'algorithm' and 'verificationMethods' options are mutually exclusive`); } + // Check 2: If `verificationMethods` is given, it must contain exactly one entry since DID JWK + // only supports a single verification method. + if (options.verificationMethods && options.verificationMethods.length !== 1) { + throw new Error(`The 'verificationMethods' option must contain exactly one entry`); + } + // Default to Ed25519 key generation if an algorithm is not given. const algorithm = options.algorithm ?? options.verificationMethods?.[0]?.algorithm ?? 'Ed25519'; @@ -358,72 +364,23 @@ export class DidKey extends DidMethod { const keyUri = await keyManager.generateKey({ algorithm }); const publicKey = await keyManager.getPublicKey({ keyUri }); - // Create the DID object from the generated key material, including DID document, metadata, - // signer convenience function, and URI. - const did = await DidKey.fromPublicKey({ keyManager, publicKey, options }); + // Compute the DID identifier from the public key by converting the JWK to a multibase-encoded + // multicodec value. + const identifier = await DidKeyUtils.publicKeyToMultibaseId({ publicKey }); - return did; - } + // Attach the prefix `did:key` to form the complete DID URI. + const didUri = `did:${DidKey.methodName}:${identifier}`; - /** - * Instantiates a {@link BearerDid} object for the `did:jwk` method from a given - * {@link PortableDid}. - * - * This method allows for the creation of a `BearerDid` object using pre-existing key material, - * encapsulated within the `verificationMethods` array of the `PortableDid`. This is particularly - * useful when the key material is already available and you want to construct a `BearerDid` - * object based on these keys, instead of generating new keys. - * - * @remarks - * The `verificationMethods` array must contain exactly one key since the `did:jwk` method only - * supports a single verification method. - * - * The key material (both public and private keys) should be provided in JWK format. The method - * handles the inclusion of these keys in the DID Document and sets up the necessary verification - * relationships. - * - * @example - * ```ts - * // Example with an existing key in JWK format. - * const verificationMethods = [{ - * publicKeyJwk: { // public key in JWK format }, - * privateKeyJwk: { // private key in JWK format } - * }]; - * const did = await DidKey.fromKeys({ verificationMethods }); - * ``` - * - * @param params - The parameters for the `fromKeys` operation. - * @param params.keyManager - Optionally specify an external Key Management System (KMS) used to - * generate keys and sign data. If not given, a new - * {@link @web5/crypto#LocalKeyManager} instance will be created and used. - * @returns A Promise resolving to a `BearerDid` object representing the DID formed from the provided keys. - * @throws An error if the `verificationMethods` array does not contain exactly one entry. - */ - public static async fromKeys({ - keyManager = new LocalKeyManager(), - verificationMethods, - options = {} - }: { - keyManager?: CryptoApi & KeyImporterExporter; - options?: DidKeyCreateOptions; - } & PortableDid): Promise { - if (!verificationMethods || verificationMethods.length !== 1) { - throw new Error(`Only one verification method can be specified but ${verificationMethods?.length ?? 0} were given`); - } - - if (!(verificationMethods[0].privateKeyJwk && verificationMethods[0].publicKeyJwk)) { - throw new Error(`Verification method does not contain a public and private key in JWK format`); - } - - // Store the private key in the key manager. - await keyManager.importKey({ key: verificationMethods[0].privateKeyJwk }); - - // Create the DID object from the given key material, including DID document, metadata, - // signer convenience function, and URI. - const did = await DidKey.fromPublicKey({ - keyManager, - publicKey: verificationMethods[0].publicKeyJwk, - options + // Expand the DID URI string to a DID document. + const didResolutionResult = await DidKey.resolve(didUri, options); + const document = didResolutionResult.didDocument as DidDocument; + + // Create the BearerDid object from the generated key material. + const did = new BearerDid({ + uri : didUri, + document, + metadata : {}, + keyManager }); return did; @@ -446,22 +403,74 @@ export class DidKey extends DidMethod { public static async getSigningMethod({ didDocument }: { didDocument: DidDocument; methodId?: string; - }): Promise { + }): Promise { // Verify the DID method is supported. const parsedDid = Did.parse(didDocument.id); if (parsedDid && parsedDid.method !== this.methodName) { throw new DidError(DidErrorCode.MethodNotSupported, `Method not supported: ${parsedDid.method}`); } - // Get the ID of the first verification method intended for signing. - const [ methodId ] = didDocument.authentication || []; - - // Get the verification method with the specified ID. + // Attempt to ge the first verification method intended for signing claims. + const [ methodId ] = didDocument.assertionMethod || []; const verificationMethod = didDocument.verificationMethod?.find(vm => vm.id === methodId); + if (!(verificationMethod && verificationMethod.publicKeyJwk)) { + throw new DidError(DidErrorCode.InternalError, 'A verification method intended for signing could not be determined from the DID Document'); + } + return verificationMethod; } + /** + * Instantiates a {@link BearerDid} object for the DID Key method from a given {@link PortableDid}. + * + * This method allows for the creation of a `BearerDid` object using a previously created DID's + * key material, DID document, and metadata. + * + * @remarks + * The `verificationMethod` array of the DID document must contain exactly one key since the + * `did:key` method only supports a single verification method. + * + * @example + * ```ts + * // Export an existing BearerDid to PortableDid format. + * const portableDid = await did.export(); + * // Reconstruct a BearerDid object from the PortableDid. + * const did = await DidKey.import({ portableDid }); + * ``` + * + * @param params - The parameters for the import operation. + * @param params.portableDid - The PortableDid object to import. + * @param params.keyManager - Optionally specify an external Key Management System (KMS) used to + * generate keys and sign data. If not given, a new + * {@link @web5/crypto#LocalKeyManager} instance will be created and + * used. + * @returns A Promise resolving to a `BearerDid` object representing the DID formed from the provided keys. + * @throws An error if the DID document does not contain exactly one verification method. + */ + public static async import({ portableDid, keyManager = new LocalKeyManager() }: { + keyManager?: CryptoApi & KeyImporterExporter; + portableDid: PortableDid; + }): Promise { + // Verify the DID method is supported. + const parsedDid = Did.parse(portableDid.uri); + if (parsedDid?.method !== DidKey.methodName) { + throw new DidError(DidErrorCode.MethodNotSupported, `Method not supported`); + } + + // Use the given PortableDid to construct the BearerDid object. + const did = await BearerDid.import({ portableDid, keyManager }); + + // Validate that the given DID document contains exactly one verification method. + // Note: The non-undefined assertion is necessary because the type system cannot infer that + // the `verificationMethod` property is defined -- which is checked by `BearerDid.import()`. + if (did.document.verificationMethod!.length !== 1) { + throw new DidError(DidErrorCode.InvalidDidDocument, `DID document must contain exactly one verification method`); + } + + return did; + } + /** * Resolves a `did:key` identifier to a DID Document. * @@ -696,7 +705,7 @@ export class DidKey extends DidMethod { * base58-btc encoding of the concatenation of the multicodecValue and * the raw publicKeyBytes. */ - const kemMultibaseValue = DidKeyUtils.keyBytesToMultibaseId({ + const kemMultibaseValue = keyBytesToMultibaseId({ keyBytes : publicKeyBytes, multicodecCode : multicodecValue }); @@ -795,7 +804,7 @@ export class DidKey extends DidMethod { keyBytes: publicKeyBytes, multicodecCode: multicodecValue, multicodecName - } = DidKeyUtils.multibaseIdToKeyBytes({ multibaseKeyId: multibaseValue }); + } = multibaseIdToKeyBytes({ multibaseKeyId: multibaseValue }); /** * 3. Ensure the proper key length of publicKeyBytes based on the multicodecValue @@ -931,7 +940,7 @@ export class DidKey extends DidMethod { const { keyBytes: publicKeyBytes, multicodecCode: multicodecValue - } = DidKeyUtils.multibaseIdToKeyBytes({ multibaseKeyId: multibaseValue }); + } = multibaseIdToKeyBytes({ multibaseKeyId: multibaseValue }); /** * 4. If the multicodecValue is 0xed (Ed25519 public key), derive a public X25519 encryption key @@ -967,38 +976,6 @@ export class DidKey extends DidMethod { return publicEncryptionKey; } - /** - * Creates a new DID using the DID Key method formed from a public key. - * - */ - private static async fromPublicKey({ keyManager, publicKey, options }: { - keyManager: CryptoApi; - publicKey: Jwk; - options: DidKeyCreateOptions; - }): Promise { - // Convert the public key to a byte array and encode to Base64URL format. - const multibaseId = await DidKeyUtils.publicKeyToMultibaseId({ publicKey }); - - // Attach the prefix `did:jwk` to form the complete DID URI. - const didUri = `did:${DidKey.methodName}:${multibaseId}`; - - // Expand the DID URI string to a DID document. - const didResolutionResult = await DidKey.resolve(didUri, options); - const didDocument = didResolutionResult.didDocument as DidDocument; - - // DID Metadata is initially empty for this DID method. - const metadata: DidMetadata = {}; - - // Define a function that returns a signer for the DID. - const getSigner = async (params?: { keyUri?: string }) => await DidKey.getSigner({ - didDocument, - keyManager, - keyUri: params?.keyUri - }); - - return { didDocument, getSigner, keyManager, metadata, uri: didUri }; - } - /** * Validates the structure and components of a DID URI against the `did:key` method specification. * @@ -1103,7 +1080,7 @@ export class DidKeyUtils { * @example * ```ts * const jwk: Jwk = { crv: 'Ed25519', kty: 'OKP', x: '...' }; - * const { code, name } = await Jose.jwkToMulticodec({ jwk }); + * const { code, name } = await DidKeyUtils.jwkToMulticodec({ jwk }); * ``` * * @param params - The parameters for the conversion. @@ -1136,38 +1113,6 @@ export class DidKeyUtils { return { code, name }; } - /** - * Converts a cryptographic key to a multibase identifier. - * - * @remarks - * This method provides a way to represent a cryptographic key as a multibase identifier. - * It takes a `Uint8Array` representing the key, and either the multicodec code or multicodec name - * as input. The method first adds the multicodec prefix to the key, then encodes it into Base58 - * format. Finally, it converts the Base58 encoded key into a multibase identifier. - * - * @example - * ```ts - * const key = new Uint8Array([...]); // Cryptographic key as Uint8Array - * const multibaseId = keyBytesToMultibaseId({ key, multicodecName: 'ed25519-pub' }); - * ``` - * - * @param params - The parameters for the conversion. - * @returns The multibase identifier as a string. - */ - public static keyBytesToMultibaseId({ keyBytes, multicodecCode, multicodecName }: - RequireOnly - ): string { - const prefixedKey = Multicodec.addPrefix({ - code : multicodecCode, - data : keyBytes, - name : multicodecName - }); - const prefixedKeyB58 = Convert.uint8Array(prefixedKey).toBase58Btc(); - const multibaseKeyId = Convert.base58Btc(prefixedKeyB58).toMultibase(); - - return multibaseKeyId; - } - /** * Returns the appropriate public key compressor for the specified cryptographic curve. * @@ -1211,46 +1156,12 @@ export class DidKeyUtils { return converter; } - /** - * Converts a multibase identifier to a cryptographic key. - * - * @remarks - * This function decodes a multibase identifier back into a cryptographic key. It first decodes the - * identifier from multibase format into Base58 format, and then converts it into a `Uint8Array`. - * Afterward, it removes the multicodec prefix, extracting the raw key data along with the - * multicodec code and name. - * - * @example - * ```ts - * const multibaseKeyId = '...'; // Multibase identifier of the key - * const { key, multicodecCode, multicodecName } = multibaseIdToKey({ multibaseKeyId }); - * ``` - * - * @param params - The parameters for the conversion. - * @param params.multibaseKeyId - The multibase identifier string of the key. - * @returns An object containing the key as a `Uint8Array` and its multicodec code and name. - * @throws `DidError` if the multibase identifier is invalid. - */ - public static multibaseIdToKeyBytes({ multibaseKeyId }: { - multibaseKeyId: string - }): Required { - try { - const prefixedKeyB58 = Convert.multibase(multibaseKeyId).toBase58Btc(); - const prefixedKey = Convert.base58Btc(prefixedKeyB58).toUint8Array(); - const { code, data, name } = Multicodec.removePrefix({ prefixedData: prefixedKey }); - - return { keyBytes: data, multicodecCode: code, multicodecName: name }; - } catch (error: any) { - throw new DidError(DidErrorCode.InvalidDid, `Invalid multibase identifier: ${multibaseKeyId}`); - } - } - /** * Converts a Multicodec code or name to parial JWK (JSON Web Key). * * @example * ```ts - * const partialJwk = await Jose.multicodecToJwk({ name: 'ed25519-pub' }); + * const partialJwk = await DidKeyUtils.multicodecToJwk({ name: 'ed25519-pub' }); * ``` * * @param params - The parameters for the conversion. @@ -1301,7 +1212,7 @@ export class DidKeyUtils { * @example * ```ts * const publicKey = { crv: 'Ed25519', kty: 'OKP', x: '...' }; - * const multibaseId = await Jose.publicKeyToMultibaseId({ publicKey }); + * const multibaseId = await DidKeyUtils.publicKeyToMultibaseId({ publicKey }); * ``` * * @param params - The parameters for the conversion. @@ -1327,7 +1238,7 @@ export class DidKeyUtils { const { name: multicodecName } = await DidKeyUtils.jwkToMulticodec({ jwk: publicKey }); // Compute the multibase identifier based on the provided key. - const multibaseId = DidKeyUtils.keyBytesToMultibaseId({ + const multibaseId = keyBytesToMultibaseId({ keyBytes: publicKeyBytes, multicodecName }); diff --git a/packages/dids/src/methods/did-method.ts b/packages/dids/src/methods/did-method.ts index 3699635d4..1418965ac 100644 --- a/packages/dids/src/methods/did-method.ts +++ b/packages/dids/src/methods/did-method.ts @@ -1,15 +1,11 @@ import type { - Jwk, - Signer, CryptoApi, LocalKeyManager, - EnclosedSignParams, - EnclosedVerifyParams, InferKeyGeneratorAlgorithm, } from '@web5/crypto'; import type { BearerDid } from '../bearer-did.js'; -import type { DidMetadata, PortableDid } from '../portable-did.js'; +import type { DidMetadata } from '../types/portable-did.js'; import type { DidDocument, DidResolutionResult, @@ -17,8 +13,6 @@ import type { DidVerificationMethod, } from '../types/did-core.js'; -import { getVerificationMethodByKey } from '../utils.js'; -import { DidError, DidErrorCode } from '../did-error.js'; import { DidVerificationRelationship } from '../types/did-core.js'; /** @@ -227,139 +221,6 @@ export type DidRegistrationMetadata = { * respective DID method specifications. */ export class DidMethod { - /** - * Instantiates a `BearerDid` object from an existing DID using keys in an external Key Management - * System (KMS). - * - * This method returns a `BearerDid` object by resolving an existing DID URI and verifying that - * all associated keys are present in the provided key manager. - * - * @remarks - * The method verifies the presence of key material for every verification method in the DID - * document within the given KMS. If any key is missing, an error is thrown. - * - * This approach ensures that the resulting `BearerDid` object is fully operational with the - * provided key manager and that all cryptographic operations related to the DID can be performed. - * - * @param params - The parameters for the `fromKeyManager` operation. - * @param params.didUri - The URI of the DID to be instantiated. - * @param params.keyManager - The Key Management System to be used for key management operations. - * @returns A Promise resolving to the instantiated `BearerDid` object. - * @throws An error if any key in the DID document is not present in the provided KMS. - * - * @example - * ```ts - * // Assuming keyManager already contains the key material for the DID. - * const didUri = 'did:method:example'; - * const did = await DidMethod.fromKeyManager({ didUri, keyManager }); - * // The 'did' is now an instance of BearerDid, linked with the provided keyManager. - * ``` - */ - public static async fromKeyManager({ didUri, keyManager }: { - didUri: string; - keyManager: CryptoApi; - }): Promise { - // Resolve the DID URI to a DID document and document metadata. - const { didDocument, didDocumentMetadata, didResolutionMetadata } = await this.resolve(didUri); - - // Verify the DID method is supported. - if (didResolutionMetadata.error === DidErrorCode.MethodNotSupported) { - throw new DidError(DidErrorCode.MethodNotSupported, `Method not supported`); - } - - // Verify the DID Resolution Result includes a DID document containing verification methods. - if (!(didDocument && Array.isArray(didDocument.verificationMethod) && didDocument.verificationMethod.length > 0)) { - throw new Error(`DID document for '${didUri}' is missing verification methods`); - } - - // Validate that the key material for every verification method in the DID document is present - // in the provided key manager. - for (let vm of didDocument.verificationMethod) { - if (!vm.publicKeyJwk) { - throw new Error(`Verification method '${vm.id}' does not contain a public key in JWK format`); - } - - // Compute the key URI of the verification method's public key. - const keyUri = await keyManager.getKeyUri({ key: vm.publicKeyJwk }); - - // Verify that the key is present in the key manager. If not, an error is thrown. - await keyManager.getPublicKey({ keyUri }); - } - - const metadata: DidMetadata = didDocumentMetadata; - - // Define a function that returns a signer for the DID. - const getSigner = async (params?: { keyUri?: string }) => await this.getSigner({ - didDocument, - keyManager, - keyUri: params?.keyUri - }); - - return { didDocument, getSigner, keyManager, metadata, uri: didUri }; - } - - /** - * Given a W3C DID Document, return a {@link Signer} that can be used to sign messages, - * credentials, or arbitrary data. - * - * If given, the `keyUri` parameter is used to select a key from the verification methods present - * in the DID Document. - * - * If `keyUri` is not given, the first (or DID method specific default) verification method in the - * DID document is used. - * - * @param params - The parameters for the `getSigner` operation. - * @param params.didDocument - DID Document of the DID whose keys will be used to construct the {@link Signer}. - * @param params.keyManager - Web5 Crypto API used to sign and verify data. - * @param params.keyUri - Key URI of the key that will be used for sign and verify operations. Optional. - * @returns An instantiated {@link Signer} that can be used to sign and verify data. - */ - public static async getSigner({ didDocument, keyManager, keyUri }: { - didDocument: DidDocument; - keyManager: CryptoApi; - keyUri?: string; - }): Promise { - let publicKey: Jwk | undefined; - - // If a key URI is given use the referenced key for sign and verify operations. - if (keyUri) { - // Get the public key from the key store, which also verifies that the key is present. - publicKey = await keyManager.getPublicKey({ keyUri }); - // Verify the public key exists in the DID Document. - if (!(await getVerificationMethodByKey({ didDocument, publicKeyJwk: publicKey }))) { - throw new Error(`Key referenced by '${keyUri}' is not present in the provided DID Document for '${didDocument.id}'`); - } - - } else { - // If a key URI is not given, use the key associated with the verification method that is used - // by default for sign and verify operations. The default verification method is determined by - // the DID method implementation. - ({ publicKeyJwk: publicKey } = await this.getSigningMethod({ didDocument }) ?? {}); - if (publicKey === undefined) { - throw new Error(`No verification methods found in the provided DID Document for '${didDocument.id}'`); - } - // Compute the expected key URI of the signing key. - keyUri = await keyManager.getKeyUri({ key: publicKey }); - } - - // Both the `keyUri` and `publicKey` must be known before returning a signer. - if (!(keyUri && publicKey)) { - throw new Error(`Failed to determine the keys needed to create a signer`); - } - - return { - async sign({ data }: EnclosedSignParams): Promise { - const signature = await keyManager.sign({ data, keyUri: keyUri! }); // `keyUri` is guaranteed to be defined at this point. - return signature; - }, - - async verify({ data, signature }: EnclosedVerifyParams): Promise { - const isValid = await keyManager.verify({ data, key: publicKey!, signature }); // `publicKey` is guaranteed to be defined at this point. - return isValid; - } - }; - } - /** * MUST be implemented by all DID method implementations that extend {@link DidMethod}. * @@ -392,80 +253,4 @@ export class DidMethod { public static async resolve(_didUri: string, _options?: DidResolutionOptions): Promise { throw new Error(`Not implemented: Classes extending DidMethod must implement resolve()`); } - - /** - * Converts a `BearerDid` object to a portable format containing the URI and verification methods - * associated with the DID. - * - * This method is useful when you need to represent the key material and metadata associated with - * a DID in format that can be used independently of the specific DID method implementation. It - * extracts both public and private keys from the DID's key manager and organizes them into a - * `PortableDid` structure. - * - * @remarks - * This method requires that the DID's key manager supports the `exportKey` operation. If the DID - * document does not contain any verification methods, or if the key manager does not support key - * export, an error is thrown. - * - * The resulting `PortableDid` will contain the same number of verification methods as the DID - * document, each with its associated public and private keys and the purposes for which the key - * can be used. - * - * @example - * ```ts - * // Assuming `did` is an instance of BearerDid - * const portableDid = await DidMethod.toKeys({ did }); - * // portableDid now contains the verification methods and their associated keys. - * ``` - * - * @param params - The parameters for the convert operation. - * @param params.did - The `BearerDid` object to convert to a portable format. - * @returns A `PortableDid` containing the URI and verification methods associated with the DID. - * @throws An error if the key manager does not support key export or if the DID document - * is missing verification methods. - */ - public static async toKeys({ did }: { did: BearerDid }): Promise { - // First, confirm that the DID's key manager supports exporting keys. - if (!('exportKey' in did.keyManager && typeof did.keyManager.exportKey === 'function')) { - throw new Error(`The key manager of the given DID does not support exporting keys`); - } - - // Verify the DID document contains at least one verification method. - if (!(Array.isArray(did.didDocument.verificationMethod) && did.didDocument.verificationMethod.length > 0)) { - throw new Error(`DID document for '${did.uri}' is missing verification methods`); - } - - let portableDid: PortableDid = { - uri : did.uri, - verificationMethods : [] - }; - - // Retrieve the key material for every verification method in the DID document from the key - // manager. - for (let vm of did.didDocument.verificationMethod) { - if (!vm.publicKeyJwk) { - throw new Error(`Verification method '${vm.id}' does not contain a public key in JWK format`); - } - - // Compute the key URI of the verification method's public key. - const keyUri = await did.keyManager.getKeyUri({ key: vm.publicKeyJwk }); - - // Retrieve the public and private keys from the key manager. - const privateKey = await did.keyManager.exportKey({ keyUri }); - - // Collect the purposes associated with this verification method from the DID document. - const purposes = Object - .keys(DidVerificationRelationship) - .filter((purpose) => (did.didDocument[purpose as keyof DidDocument] as any[])?.includes(vm.id)) as DidVerificationRelationship[]; - - // Add the verification method to the key set. - portableDid.verificationMethods.push({ - ...vm, - privateKeyJwk: privateKey, - purposes - }); - } - - return portableDid; - } } \ No newline at end of file diff --git a/packages/dids/src/portable-did.ts b/packages/dids/src/portable-did.ts deleted file mode 100644 index b01a11c64..000000000 --- a/packages/dids/src/portable-did.ts +++ /dev/null @@ -1,106 +0,0 @@ -import type { Jwk } from '@web5/crypto'; - -import type { DidDocumentMetadata, DidVerificationMethod, DidVerificationRelationship } from './types/did-core.js'; - -/** - * Represents metadata about a DID resulting from create, update, or deactivate operations. - */ -export interface DidMetadata extends DidDocumentMetadata { - /** - * For DID methods that support publishing, the `published` property indicates whether the DID - * document has been published to the respective network. - * - * A `true` value signifies that the DID document is publicly accessible on the network (e.g., - * Mainline DHT), allowing it to be resolved by others. A `false` value implies the DID document - * is not published, limiting its visibility to public resolution. Absence of this property - * indicates that the DID method does not support publishing. - */ - published?: boolean; -} - -/** - * Format to document a DID identifier, along with its associated data, which can be exported, - * saved to a file, or imported. The intent is bundle all of the necessary metadata to enable usage - * of the DID in different contexts. - */ -/** - * Format that documents the key material and metadata of a Decentralized Identifier (DID) to enable - * usage of the DID in different contexts. - * - * This format is useful for exporting, saving to a file, or importing a DID across process - * boundaries or between different DID method implementations. - * - * @example - * ```ts - * // Generate a new DID. - * const did = await DidExample.create(); - * - * // Export the DID to a PortableDid. - * const portableDid = await DidExample.toKeys({ did }); - * - * // Instantiate a BearerDid object from a PortableDid. - * const didFromKeys = await DidExample.fromKeys({ ...portableDid }); - * // The `didFromKeys` object should be equivalent to the original `did` object. - * ``` - */ -export interface PortableDid { - /** {@inheritDoc Did#uri} */ - uri?: string; - - /** - * An array of verification methods, including the key material and key purpose, which are - * included in the DID document. - * - * @see {@link https://www.w3.org/TR/did-core/#verification-methods | DID Core Specification, ยง Verification Methods} - */ - verificationMethods: PortableDidVerificationMethod[]; -} - -/** - * Represents a verification method within a {@link PortableDid}, including the private key and - * the purposes for which the verification method can be used. - * - * This interface extends {@link DidVerificationMethod}, providing a structure to document the key - * material and metadata associated with a DID's verification methods. - */ -export interface PortableDidVerificationMethod extends Partial { - /** - * Express the private key in JWK format. - * - * (Optional) A JSON Web Key that conforms to {@link https://datatracker.ietf.org/doc/html/rfc7517 | RFC 7517}. - */ - privateKeyJwk?: Jwk; - - /** - * Optionally specify the purposes for which a verification method is intended to be used in a DID - * document. - * - * The `purposes` property defines the specific - * {@link DidVerificationRelationship | verification relationships} between the DID subject and - * the verification method. This enables the verification method to be utilized for distinct - * actions such as authentication, assertion, key agreement, capability delegation, and others. It - * is important for verifiers to recognize that a verification method must be associated with the - * relevant purpose in the DID document to be valid for that specific use case. - * - * @example - * ```ts - * const verificationMethod: PortableDidVerificationMethod = { - * publicKeyJwk: { - * kty: "OKP", - * crv: "X25519", - * x: "7XdJtNmJ9pV_O_3mxWdn6YjiHJ-HhNkdYQARzVU_mwY", - * kid: "xtsuKULPh6VN9fuJMRwj66cDfQyLaxuXHkMlmAe_v6I" - * }, - * privateKeyJwk: { - * kty: "OKP", - * crv: "X25519", - * d: "qM1E646TMZwFcLwRAFwOAYnTT_AvbBd3NBGtGRKTyU8", - * x: "7XdJtNmJ9pV_O_3mxWdn6YjiHJ-HhNkdYQARzVU_mwY", - * kid: "xtsuKULPh6VN9fuJMRwj66cDfQyLaxuXHkMlmAe_v6I" - * }, - * purposes: ['authentication', 'assertionMethod'] - * }; - * ``` - */ - purposes?: (DidVerificationRelationship | keyof typeof DidVerificationRelationship)[]; -} \ No newline at end of file diff --git a/packages/dids/src/types/did-core.ts b/packages/dids/src/types/did-core.ts index ae719605e..1e82db6c7 100644 --- a/packages/dids/src/types/did-core.ts +++ b/packages/dids/src/types/did-core.ts @@ -510,19 +510,18 @@ export interface DidVerificationMethod { controller: string; /** - * Express the public key in JWK format. + * (Optional) A public key in JWK format. * - * (Optional) A JSON Web Key that conforms to {@link https://datatracker.ietf.org/doc/html/rfc7517 | RFC 7517}. + * A JSON Web Key (JWK) that conforms to {@link https://datatracker.ietf.org/doc/html/rfc7517 | RFC 7517}. */ publicKeyJwk?: Jwk; /** - * (Optional) A public key encoded with a Multibase-prefix, conforming to the draft Multibase - * specification (https://datatracker.ietf.org/doc/draft-multiformats-multibase/). Typically used - * for expressing keys in formats like base58. + * (Optional) A public key in Multibase format. + * + * A multibase key that conforms to the draft + * {@link https://datatracker.ietf.org/doc/draft-multiformats-multibase/ | Multibase specification}. */ - // an encoded (e.g, base58) key with a Multibase-prefix that conforms to - // https://datatracker.ietf.org/doc/draft-multiformats-multibase/ publicKeyMultibase?: string; } diff --git a/packages/dids/src/types/multibase.ts b/packages/dids/src/types/multibase.ts new file mode 100644 index 000000000..2d1198358 --- /dev/null +++ b/packages/dids/src/types/multibase.ts @@ -0,0 +1,29 @@ +/** + * Represents a cryptographic key with associated multicodec metadata. + * + * The `KeyWithMulticodec` type encapsulates a cryptographic key along with optional multicodec + * information. It is primarily used in functions that convert between cryptographic keys and their + * string representations, ensuring that the key's format and encoding are preserved and understood + * across different systems and applications. + */ +export type KeyWithMulticodec = { + /** + * A `Uint8Array` representing the raw bytes of the cryptographic key. This is the primary data of + * the type and is essential for cryptographic operations. + */ + keyBytes: Uint8Array, + + /** + * An optional number representing the multicodec code. This code uniquely identifies the encoding + * format or protocol associated with the key. The presence of this code is crucial for decoding + * the key correctly in different contexts. + */ + multicodecCode?: number, + + /** + * An optional string representing the human-readable name of the multicodec. This name provides + * an easier way to identify the encoding format or protocol of the key, especially when the + * numerical code is not immediately recognizable. + */ + multicodecName?: string +}; \ No newline at end of file diff --git a/packages/dids/src/types/portable-did.ts b/packages/dids/src/types/portable-did.ts new file mode 100644 index 000000000..e65b19fa6 --- /dev/null +++ b/packages/dids/src/types/portable-did.ts @@ -0,0 +1,64 @@ +import type { Jwk } from '@web5/crypto'; + +import type { DidDocument, DidDocumentMetadata } from './did-core.js'; + +/** + * Represents metadata about a DID resulting from create, update, or deactivate operations. + */ +export interface DidMetadata extends DidDocumentMetadata { + /** + * For DID methods that support publishing, the `published` property indicates whether the DID + * document has been published to the respective network. + * + * A `true` value signifies that the DID document is publicly accessible on the network (e.g., + * Mainline DHT), allowing it to be resolved by others. A `false` value implies the DID document + * is not published, limiting its visibility to public resolution. Absence of this property + * indicates that the DID method does not support publishing. + */ + published?: boolean; +} + +/** + * Format to document a DID identifier, along with its associated data, which can be exported, + * saved to a file, or imported. The intent is bundle all of the necessary metadata to enable usage + * of the DID in different contexts. + */ +/** + * Format that documents the key material and metadata of a Decentralized Identifier (DID) to enable + * usage of the DID in different contexts. + * + * This format is useful for exporting, saving to a file, or importing a DID across process + * boundaries or between different DID method implementations. + * + * @example + * ```ts + * // Generate a new DID. + * const did = await DidExample.create(); + * + * // Export to a PortableDid. + * const portableDid = await did.export(); + * + * // Instantiate a BearerDid object from a PortableDid. + * const importedDid = await DidExample.import(portableDid); + * // The `importedDid` object should be equivalent to the original `did` object. + * ``` + */ +export interface PortableDid { + /** {@inheritDoc Did#uri} */ + uri: string; + + /** + * The DID document associated with this DID. + * + * @see {@link https://www.w3.org/TR/did-core/#dfn-diddocument | DID Core Specification, ยง DID Document} + */ + document: DidDocument; + + /** {@inheritDoc DidMetadata} */ + metadata: DidMetadata; + + /** + * An optional array of private keys associated with the DID document's verification methods. + */ + privateKeys?: Jwk[]; +} \ No newline at end of file diff --git a/packages/dids/src/utils.ts b/packages/dids/src/utils.ts index fb9f3f54d..a73b67761 100644 --- a/packages/dids/src/utils.ts +++ b/packages/dids/src/utils.ts @@ -1,7 +1,12 @@ import type { Jwk } from '@web5/crypto'; +import type { RequireOnly } from '@web5/common'; +import { Convert, Multicodec } from '@web5/common'; import { computeJwkThumbprint } from '@web5/crypto'; +import type { KeyWithMulticodec } from './types/multibase.js'; + +import { DidError, DidErrorCode } from './did-error.js'; import { DidService, DidDocument, @@ -47,6 +52,35 @@ export interface DwnDidService extends DidService { sig: string | string[]; } +/** + * Extracts the fragment part of a Decentralized Identifier (DID) verification method identifier. + * + * This function takes any input and aims to return only the fragment of a DID identifier, + * which comes after the '#' symbol in a DID string. It's designed specifically for handling + * DID verification method identifiers. The function returns undefined for non-string inputs, inputs + * that do not contain a '#', or complex data structures like objects or arrays, ensuring that only + * the fragment part of a DID string is extracted when present. + * + * @example + * ```ts + * console.log(extractDidFragment("did:example:123#key-1")); // Output: "key-1" + * console.log(extractDidFragment("did:example:123")); // Output: undefined + * console.log(extractDidFragment({ id: "did:example:123#0", type: "JsonWebKey" })); // Output: undefined + * console.log(extractDidFragment(undefined)); // Output: undefined + * ``` + * + * @param input - The input to be processed. Can be of any type, but the function is designed + * to work with strings that represent DID verification method identifiers. + * @returns The fragment part of the DID identifier if the input is a string containing a '#'. + * Returns an empty string for all other inputs, including non-string types, strings + * without a '#', and complex data structures. + */ +export function extractDidFragment(input: unknown): string | undefined { + if (typeof input !== 'string') return undefined; + if (input.length === 0) return undefined; + return input.split('#').pop(); +} + /** * Retrieves services from a given DID document, optionally filtered by `id` or `type`. * @@ -231,6 +265,70 @@ export function getVerificationMethodTypes({ didDocument }: { return [...new Set(types)]; // Return only unique types. } +/** + * Retrieves a list of DID verification relationships by a specific method ID from a DID document. + * + * This function examines the specified DID document to identify any verification relationships + * (e.g., `authentication`, `assertionMethod`) that reference a verification method by its method ID + * or contain an embedded verification method matching the method ID. The method ID is typically a + * fragment of a DID (e.g., `did:example:123#key-1`) that uniquely identifies a verification method + * within the DID document. + * + * The search considers both direct references to verification methods by their IDs and verification + * methods embedded within the verification relationship arrays. It returns an array of + * `DidVerificationRelationship` enums corresponding to the verification relationships that contain + * the specified method ID. + * + * @param params - An object containing input parameters for retrieving verification relationships. + * @param params.didDocument - The DID document to search for verification relationships. + * @param params.methodId - The method ID to search for within the verification relationships. + * @returns An array of `DidVerificationRelationship` enums representing the types of verification + * relationships that reference the specified method ID. + * + * @example + * ```ts + * const didDocument: DidDocument = { + * // ...contents of a DID document... + * }; + * + * const relationships = getVerificationRelationshipsById({ + * didDocument, + * methodId: 'key-1' + * }); + * console.log(relationships); + * // Output might include ['authentication', 'assertionMethod'] if those relationships + * // reference or contain the specified method ID. + * ``` + */ +export function getVerificationRelationshipsById({ didDocument, methodId }: { + didDocument: DidDocument; + methodId: string; +}): DidVerificationRelationship[] { + const relationships: DidVerificationRelationship[] = []; + + Object.keys(DidVerificationRelationship).forEach((relationship) => { + if (Array.isArray(didDocument[relationship as keyof DidDocument])) { + const relationshipMethods = didDocument[relationship as keyof DidDocument] as (string | DidVerificationMethod)[]; + + const methodIdFragment = extractDidFragment(methodId); + + // Check if the verification relationship property contains a matching method ID either + // directly referenced or as an embedded verification method. + const containsMethodId = relationshipMethods.some(method => { + const isByReferenceMatch = extractDidFragment(method) === methodIdFragment; + const isEmbeddedMethodMatch = isDidVerificationMethod(method) && extractDidFragment(method.id) === methodIdFragment; + return isByReferenceMatch || isEmbeddedMethodMatch; + }); + + if (containsMethodId) { + relationships.push(relationship as DidVerificationRelationship); + } + } + }); + + return relationships; +} + /** * Checks if a given object is a {@link DidService}. * @@ -365,4 +463,70 @@ export function isDidVerificationMethod(obj: unknown): obj is DidVerificationMet if (typeof obj.controller !== 'string') return false; return true; +} + +/** + * Converts a cryptographic key to a multibase identifier. + * + * @remarks + * This method provides a way to represent a cryptographic key as a multibase identifier. + * It takes a `Uint8Array` representing the key, and either the multicodec code or multicodec name + * as input. The method first adds the multicodec prefix to the key, then encodes it into Base58 + * format. Finally, it converts the Base58 encoded key into a multibase identifier. + * + * @example + * ```ts + * const key = new Uint8Array([...]); // Cryptographic key as Uint8Array + * const multibaseId = keyBytesToMultibaseId({ key, multicodecName: 'ed25519-pub' }); + * ``` + * + * @param params - The parameters for the conversion. + * @returns The multibase identifier as a string. + */ +export function keyBytesToMultibaseId({ keyBytes, multicodecCode, multicodecName }: + RequireOnly +): string { + const prefixedKey = Multicodec.addPrefix({ + code : multicodecCode, + data : keyBytes, + name : multicodecName + }); + const prefixedKeyB58 = Convert.uint8Array(prefixedKey).toBase58Btc(); + const multibaseKeyId = Convert.base58Btc(prefixedKeyB58).toMultibase(); + + return multibaseKeyId; +} + +/** + * Converts a multibase identifier to a cryptographic key. + * + * @remarks + * This function decodes a multibase identifier back into a cryptographic key. It first decodes the + * identifier from multibase format into Base58 format, and then converts it into a `Uint8Array`. + * Afterward, it removes the multicodec prefix, extracting the raw key data along with the + * multicodec code and name. + * + * @example + * ```ts + * const multibaseKeyId = '...'; // Multibase identifier of the key + * const { key, multicodecCode, multicodecName } = multibaseIdToKey({ multibaseKeyId }); + * ``` + * + * @param params - The parameters for the conversion. + * @param params.multibaseKeyId - The multibase identifier string of the key. + * @returns An object containing the key as a `Uint8Array` and its multicodec code and name. + * @throws `DidError` if the multibase identifier is invalid. + */ +export function multibaseIdToKeyBytes({ multibaseKeyId }: { + multibaseKeyId: string +}): Required { + try { + const prefixedKeyB58 = Convert.multibase(multibaseKeyId).toBase58Btc(); + const prefixedKey = Convert.base58Btc(prefixedKeyB58).toUint8Array(); + const { code, data, name } = Multicodec.removePrefix({ prefixedData: prefixedKey }); + + return { keyBytes: data, multicodecCode: code, multicodecName: name }; + } catch (error: any) { + throw new DidError(DidErrorCode.InvalidDid, `Invalid multibase identifier: ${multibaseKeyId}`); + } } \ No newline at end of file diff --git a/packages/dids/tests/bearer-did.spec.ts b/packages/dids/tests/bearer-did.spec.ts new file mode 100644 index 000000000..01b914ee0 --- /dev/null +++ b/packages/dids/tests/bearer-did.spec.ts @@ -0,0 +1,447 @@ +import type { CryptoApi } from '@web5/crypto'; + +import sinon from 'sinon'; +import { expect } from 'chai'; +import { LocalKeyManager } from '@web5/crypto'; + +import type { PortableDid } from '../src/types/portable-did.js'; + +import { BearerDid } from '../src/bearer-did.js'; + +describe('BearerDid', () => { + let portableDid: PortableDid; + + beforeEach(() => { + portableDid = { + uri : 'did:jwk:eyJjcnYiOiJFZDI1NTE5Iiwia3R5IjoiT0tQIiwieCI6Im80MHNoWnJzY28tQ2ZFcWs2bUZzWGZjUDk0bHkzQXozZ204NFB6QVVzWG8iLCJraWQiOiJCRHAweGltODJHc3dseG5QVjhUUHRCZFV3ODB3a0dJRjhnakZidzF4NWlRIiwiYWxnIjoiRWREU0EifQ', + document : { + '@context': [ + 'https://www.w3.org/ns/did/v1', + 'https://w3id.org/security/suites/jws-2020/v1', + ], + id : 'did:jwk:eyJjcnYiOiJFZDI1NTE5Iiwia3R5IjoiT0tQIiwieCI6Im80MHNoWnJzY28tQ2ZFcWs2bUZzWGZjUDk0bHkzQXozZ204NFB6QVVzWG8iLCJraWQiOiJCRHAweGltODJHc3dseG5QVjhUUHRCZFV3ODB3a0dJRjhnakZidzF4NWlRIiwiYWxnIjoiRWREU0EifQ', + verificationMethod : [ + { + id : 'did:jwk:eyJjcnYiOiJFZDI1NTE5Iiwia3R5IjoiT0tQIiwieCI6Im80MHNoWnJzY28tQ2ZFcWs2bUZzWGZjUDk0bHkzQXozZ204NFB6QVVzWG8iLCJraWQiOiJCRHAweGltODJHc3dseG5QVjhUUHRCZFV3ODB3a0dJRjhnakZidzF4NWlRIiwiYWxnIjoiRWREU0EifQ#0', + type : 'JsonWebKey2020', + controller : 'did:jwk:eyJjcnYiOiJFZDI1NTE5Iiwia3R5IjoiT0tQIiwieCI6Im80MHNoWnJzY28tQ2ZFcWs2bUZzWGZjUDk0bHkzQXozZ204NFB6QVVzWG8iLCJraWQiOiJCRHAweGltODJHc3dseG5QVjhUUHRCZFV3ODB3a0dJRjhnakZidzF4NWlRIiwiYWxnIjoiRWREU0EifQ', + publicKeyJwk : { + crv : 'Ed25519', + kty : 'OKP', + x : 'o40shZrsco-CfEqk6mFsXfcP94ly3Az3gm84PzAUsXo', + kid : 'BDp0xim82GswlxnPV8TPtBdUw80wkGIF8gjFbw1x5iQ', + alg : 'EdDSA', + }, + }, + ], + authentication: [ + 'did:jwk:eyJjcnYiOiJFZDI1NTE5Iiwia3R5IjoiT0tQIiwieCI6Im80MHNoWnJzY28tQ2ZFcWs2bUZzWGZjUDk0bHkzQXozZ204NFB6QVVzWG8iLCJraWQiOiJCRHAweGltODJHc3dseG5QVjhUUHRCZFV3ODB3a0dJRjhnakZidzF4NWlRIiwiYWxnIjoiRWREU0EifQ#0', + ], + assertionMethod: [ + 'did:jwk:eyJjcnYiOiJFZDI1NTE5Iiwia3R5IjoiT0tQIiwieCI6Im80MHNoWnJzY28tQ2ZFcWs2bUZzWGZjUDk0bHkzQXozZ204NFB6QVVzWG8iLCJraWQiOiJCRHAweGltODJHc3dseG5QVjhUUHRCZFV3ODB3a0dJRjhnakZidzF4NWlRIiwiYWxnIjoiRWREU0EifQ#0', + ], + capabilityInvocation: [ + 'did:jwk:eyJjcnYiOiJFZDI1NTE5Iiwia3R5IjoiT0tQIiwieCI6Im80MHNoWnJzY28tQ2ZFcWs2bUZzWGZjUDk0bHkzQXozZ204NFB6QVVzWG8iLCJraWQiOiJCRHAweGltODJHc3dseG5QVjhUUHRCZFV3ODB3a0dJRjhnakZidzF4NWlRIiwiYWxnIjoiRWREU0EifQ#0', + ], + capabilityDelegation: [ + 'did:jwk:eyJjcnYiOiJFZDI1NTE5Iiwia3R5IjoiT0tQIiwieCI6Im80MHNoWnJzY28tQ2ZFcWs2bUZzWGZjUDk0bHkzQXozZ204NFB6QVVzWG8iLCJraWQiOiJCRHAweGltODJHc3dseG5QVjhUUHRCZFV3ODB3a0dJRjhnakZidzF4NWlRIiwiYWxnIjoiRWREU0EifQ#0', + ], + keyAgreement: [ + 'did:jwk:eyJjcnYiOiJFZDI1NTE5Iiwia3R5IjoiT0tQIiwieCI6Im80MHNoWnJzY28tQ2ZFcWs2bUZzWGZjUDk0bHkzQXozZ204NFB6QVVzWG8iLCJraWQiOiJCRHAweGltODJHc3dseG5QVjhUUHRCZFV3ODB3a0dJRjhnakZidzF4NWlRIiwiYWxnIjoiRWREU0EifQ#0', + ], + }, + metadata: { + }, + privateKeys: [ + { + crv : 'Ed25519', + d : '628WwXicdWc0BULN1JG_ybSrhwWWnz9NFwxbG09Ecr0', + kty : 'OKP', + x : 'o40shZrsco-CfEqk6mFsXfcP94ly3Az3gm84PzAUsXo', + kid : 'BDp0xim82GswlxnPV8TPtBdUw80wkGIF8gjFbw1x5iQ', + alg : 'EdDSA', + }, + ], + }; + }); + + describe('export()', () => { + it('returns a PortableDid', async () => { + // Create a DID to use for the test. + const did = await BearerDid.import({ portableDid }); + + const exportedPortableDid = await did.export(); + + expect(exportedPortableDid).to.have.property('uri', portableDid.uri); + expect(exportedPortableDid).to.have.property('document'); + expect(exportedPortableDid).to.have.property('metadata'); + expect(exportedPortableDid).to.have.property('privateKeys'); + + expect(exportedPortableDid.document.verificationMethod).to.have.length(1); + expect(exportedPortableDid.document).to.deep.equal(portableDid.document); + }); + + it('exported PortableDid does not include private keys if the key manager does not support exporting keys', async () => { + // Create a key manager that does not support exporting keys. + const keyManagerWithoutExport: CryptoApi = { + digest : sinon.stub(), + generateKey : sinon.stub(), + getKeyUri : sinon.stub(), + getPublicKey : sinon.stub(), + sign : sinon.stub(), + verify : sinon.stub(), + }; + + const did = await BearerDid.import({ portableDid }); + did.keyManager = keyManagerWithoutExport; + + const exportedPortableDid = await did.export(); + + expect(exportedPortableDid).to.not.have.property('privateKeys'); + }); + + it('throws an error if the DID document lacks any verification methods', async () => { + const did = await BearerDid.import({ portableDid }); + + // Delete the verification method property from the DID document. + delete did.document.verificationMethod; + + try { + await did.export(); + expect.fail('Error should have been thrown'); + } catch (error: any) { + expect(error.message).to.include('is missing verification methods'); + } + }); + + it('throws an error if verification methods lack a public key', async () => { + const did = await BearerDid.import({ portableDid }); + + // Delete the verification method property from the DID document. + delete did.document.verificationMethod![0].publicKeyJwk; + + try { + await did.export(); + expect.fail('Error should have been thrown'); + } catch (error: any) { + expect(error.message).to.include('does not contain a public key'); + } + }); + }); + + describe('getSigner()', () => { + let keyManagerMock: any; + + beforeEach(() => { + // Mock for CryptoApi + keyManagerMock = { + digest : sinon.stub(), + generateKey : sinon.stub(), + getKeyUri : sinon.stub(), + getPublicKey : sinon.stub(), + importKey : sinon.stub(), + sign : sinon.stub(), + verify : sinon.stub(), + }; + + keyManagerMock.getKeyUri.resolves(`urn:jwk${portableDid.document.verificationMethod![0].publicKeyJwk!.kid}`); // Mock key URI retrieval + keyManagerMock.getPublicKey.resolves(portableDid.document.verificationMethod![0].publicKeyJwk!); // Mock public key retrieval + keyManagerMock.importKey.resolves(`urn:jwk${portableDid.document.verificationMethod![0].publicKeyJwk!.kid}`); // Mock import key + keyManagerMock.sign.resolves(new Uint8Array(64).fill(0)); // Mock signature creation + keyManagerMock.verify.resolves(true); // Mock verification result + }); + + it('returns a signer with sign and verify functions', async () => { + const did = await BearerDid.import({ + portableDid, + keyManager: keyManagerMock + }); + const signer = await did.getSigner(); + + expect(signer).to.be.an('object'); + expect(signer).to.have.property('sign').that.is.a('function'); + expect(signer).to.have.property('verify').that.is.a('function'); + }); + + it('handles public keys that do not contain an "alg" property', async () => { + const did = await BearerDid.import({ + portableDid, + keyManager: keyManagerMock + }); + + const { alg, ...publicKeyWithoutAlg } = portableDid.document.verificationMethod![0].publicKeyJwk!; + keyManagerMock.getPublicKey.resolves(publicKeyWithoutAlg); + + const signer = await did.getSigner(); + + expect(signer).to.be.have.property('algorithm', 'EdDSA'); + }); + + it('sign function should call keyManager.sign with correct parameters', async () => { + const did = await BearerDid.import({ + portableDid, + keyManager: keyManagerMock + }); + const signer = await did.getSigner(); + const dataToSign = new Uint8Array([0x00, 0x01]); + + await signer.sign({ data: dataToSign }); + + expect(keyManagerMock.sign.calledOnce).to.be.true; + expect(keyManagerMock.sign.calledWith(sinon.match({ data: dataToSign }))).to.be.true; + }); + + it('verify function should call keyManager.verify with correct parameters', async () => { + const did = await BearerDid.import({ + portableDid, + keyManager: keyManagerMock + }); + const signer = await did.getSigner(); + const dataToVerify = new Uint8Array([0x00, 0x01]); + const signature = new Uint8Array([0x01, 0x02]); + + await signer.verify({ data: dataToVerify, signature }); + + expect(keyManagerMock.verify.calledOnce).to.be.true; + expect(keyManagerMock.verify.calledWith(sinon.match({ data: dataToVerify, signature }))).to.be.true; + }); + + it('uses the provided methodId to fetch the public key', async () => { + const methodId = '0'; + const publicKey = portableDid.document.verificationMethod![0].publicKeyJwk!; + keyManagerMock.getKeyUri.withArgs({ key: publicKey }).resolves(publicKey); + + const did = await BearerDid.import({ + portableDid, + keyManager: keyManagerMock + }); + const signer = await did.getSigner({ methodId }); + + expect(signer).to.be.an('object'); + expect(keyManagerMock.getKeyUri.calledWith({ key: publicKey })).to.be.true; + }); + + it('handles undefined params', async function () { + const did = await BearerDid.import({ + portableDid, + keyManager: keyManagerMock + }); + + // Simulate the creation of a signer with undefined params + // @ts-expect-error - Testing the method with undefined params + const signer = await did.getSigner({ }); + + // Note: Since this test does not interact with an actual keyManager, it primarily ensures + // that the method doesn't break with undefined params. + expect(signer).to.have.property('sign'); + expect(signer).to.have.property('verify'); + }); + + it('throws an error if the public key contains an unknown "crv" property', async () => { + const did = await BearerDid.import({ + portableDid, + keyManager: keyManagerMock + }); + + const { alg, ...publicKeyWithoutAlg } = portableDid.document.verificationMethod![0].publicKeyJwk!; + publicKeyWithoutAlg.crv = 'unknown-crv'; + keyManagerMock.getPublicKey.resolves(publicKeyWithoutAlg); + + try { + await did.getSigner(); + expect.fail('Error should have been thrown'); + } catch (error: any) { + expect(error.message).to.include('crv=unknown-crv'); + expect(error.message).to.include('Unable to determine algorithm'); + } + }); + + it('throws an error if the methodId does not match any verification method in the DID Document', async () => { + const methodId = 'nonexistent-id'; + + const did = await BearerDid.import({ + portableDid, + keyManager: keyManagerMock + }); + + try { + await did.getSigner({ methodId }); + expect.fail('Error should have been thrown'); + } catch (error: any) { + expect(error.message).to.include('method intended for signing could not be determined'); + } + }); + + it('throws an error if the DID Document does not contain an assertionMethod property', async () => { + delete portableDid.document.assertionMethod; + + const did = await BearerDid.import({ + portableDid, + keyManager: keyManagerMock + }); + + try { + await did.getSigner(); + expect.fail('Error should have been thrown'); + } catch (error: any) { + expect(error.message).to.include('method intended for signing could not be determined'); + } + }); + + it('throws an error if the DID Document does not any verification methods', async () => { + const did = await BearerDid.import({ + portableDid, + keyManager: keyManagerMock + }); + + did.document.verificationMethod = undefined; + + try { + await did.getSigner(); + expect.fail('Error should have been thrown'); + } catch (error: any) { + expect(error.message).to.include('method intended for signing could not be determined'); + } + }); + + it('throws an error if the DID Document contains an embedded assertionMethod verification method', async () => { + portableDid.document.assertionMethod = [ + { + 'type' : 'JsonWebKey2020', + 'id' : 'did:jwk:eyJrdHkiOiJFQyIsInVzZSI6InNpZyIsImNydiI6InNlY3AyNTZrMSIsImtpZCI6ImkzU1BSQnRKS292SEZzQmFxTTkydGk2eFFDSkxYM0U3WUNld2lIVjJDU2ciLCJ4IjoidmRyYnoyRU96dmJMRFZfLWtMNGVKdDdWSS04VEZaTm1BOVlnV3p2aGg3VSIsInkiOiJWTEZxUU1aUF9Bc3B1Y1hvV1gyLWJHWHBBTzFmUTVMbjE5VjVSQXhyZ3ZVIiwiYWxnIjoiRVMyNTZLIn0#0', + 'controller' : 'did:jwk:eyJrdHkiOiJFQyIsInVzZSI6InNpZyIsImNydiI6InNlY3AyNTZrMSIsImtpZCI6ImkzU1BSQnRKS292SEZzQmFxTTkydGk2eFFDSkxYM0U3WUNld2lIVjJDU2ciLCJ4IjoidmRyYnoyRU96dmJMRFZfLWtMNGVKdDdWSS04VEZaTm1BOVlnV3p2aGg3VSIsInkiOiJWTEZxUU1aUF9Bc3B1Y1hvV1gyLWJHWHBBTzFmUTVMbjE5VjVSQXhyZ3ZVIiwiYWxnIjoiRVMyNTZLIn0', + 'publicKeyJwk' : { + 'kty' : 'EC', + 'use' : 'sig', + 'crv' : 'secp256k1', + 'kid' : 'i3SPRBtJKovHFsBaqM92ti6xQCJLX3E7YCewiHV2CSg', + 'x' : 'vdrbz2EOzvbLDV_-kL4eJt7VI-8TFZNmA9YgWzvhh7U', + 'y' : 'VLFqQMZP_AspucXoWX2-bGXpAO1fQ5Ln19V5RAxrgvU', + 'alg' : 'ES256K' + } + } + ]; + + const did = await BearerDid.import({ + portableDid, + keyManager: keyManagerMock + }); + + try { + await did.getSigner(); + expect.fail('Error should have been thrown'); + } catch (error: any) { + expect(error.message).to.include('method intended for signing could not be determined'); + } + }); + + it('throws an error if the key is missing in the key manager', async function () { + const did = await BearerDid.import({ portableDid }); + + // Replace the key manager with one that does not contain the keys for the DID. + did.keyManager = new LocalKeyManager(); + + try { + await did.getSigner(); + expect.fail('Error should have been thrown'); + } catch (error: any) { + expect(error.message).to.include('Key not found'); + } + }); + }); + + describe('import()', () => { + let portableDid: PortableDid; + + beforeEach(() => { + // Define a DID to use for the test. + portableDid = { + uri : 'did:jwk:eyJjcnYiOiJFZDI1NTE5Iiwia3R5IjoiT0tQIiwieCI6Im80MHNoWnJzY28tQ2ZFcWs2bUZzWGZjUDk0bHkzQXozZ204NFB6QVVzWG8iLCJraWQiOiJCRHAweGltODJHc3dseG5QVjhUUHRCZFV3ODB3a0dJRjhnakZidzF4NWlRIiwiYWxnIjoiRWREU0EifQ', + document : { + '@context': [ + 'https://www.w3.org/ns/did/v1', + 'https://w3id.org/security/suites/jws-2020/v1', + ], + id : 'did:jwk:eyJjcnYiOiJFZDI1NTE5Iiwia3R5IjoiT0tQIiwieCI6Im80MHNoWnJzY28tQ2ZFcWs2bUZzWGZjUDk0bHkzQXozZ204NFB6QVVzWG8iLCJraWQiOiJCRHAweGltODJHc3dseG5QVjhUUHRCZFV3ODB3a0dJRjhnakZidzF4NWlRIiwiYWxnIjoiRWREU0EifQ', + verificationMethod : [ + { + id : 'did:jwk:eyJjcnYiOiJFZDI1NTE5Iiwia3R5IjoiT0tQIiwieCI6Im80MHNoWnJzY28tQ2ZFcWs2bUZzWGZjUDk0bHkzQXozZ204NFB6QVVzWG8iLCJraWQiOiJCRHAweGltODJHc3dseG5QVjhUUHRCZFV3ODB3a0dJRjhnakZidzF4NWlRIiwiYWxnIjoiRWREU0EifQ#0', + type : 'JsonWebKey2020', + controller : 'did:jwk:eyJjcnYiOiJFZDI1NTE5Iiwia3R5IjoiT0tQIiwieCI6Im80MHNoWnJzY28tQ2ZFcWs2bUZzWGZjUDk0bHkzQXozZ204NFB6QVVzWG8iLCJraWQiOiJCRHAweGltODJHc3dseG5QVjhUUHRCZFV3ODB3a0dJRjhnakZidzF4NWlRIiwiYWxnIjoiRWREU0EifQ', + publicKeyJwk : { + crv : 'Ed25519', + kty : 'OKP', + x : 'o40shZrsco-CfEqk6mFsXfcP94ly3Az3gm84PzAUsXo', + kid : 'BDp0xim82GswlxnPV8TPtBdUw80wkGIF8gjFbw1x5iQ', + alg : 'EdDSA', + }, + }, + ], + authentication: [ + 'did:jwk:eyJjcnYiOiJFZDI1NTE5Iiwia3R5IjoiT0tQIiwieCI6Im80MHNoWnJzY28tQ2ZFcWs2bUZzWGZjUDk0bHkzQXozZ204NFB6QVVzWG8iLCJraWQiOiJCRHAweGltODJHc3dseG5QVjhUUHRCZFV3ODB3a0dJRjhnakZidzF4NWlRIiwiYWxnIjoiRWREU0EifQ#0', + ], + assertionMethod: [ + 'did:jwk:eyJjcnYiOiJFZDI1NTE5Iiwia3R5IjoiT0tQIiwieCI6Im80MHNoWnJzY28tQ2ZFcWs2bUZzWGZjUDk0bHkzQXozZ204NFB6QVVzWG8iLCJraWQiOiJCRHAweGltODJHc3dseG5QVjhUUHRCZFV3ODB3a0dJRjhnakZidzF4NWlRIiwiYWxnIjoiRWREU0EifQ#0', + ], + capabilityInvocation: [ + 'did:jwk:eyJjcnYiOiJFZDI1NTE5Iiwia3R5IjoiT0tQIiwieCI6Im80MHNoWnJzY28tQ2ZFcWs2bUZzWGZjUDk0bHkzQXozZ204NFB6QVVzWG8iLCJraWQiOiJCRHAweGltODJHc3dseG5QVjhUUHRCZFV3ODB3a0dJRjhnakZidzF4NWlRIiwiYWxnIjoiRWREU0EifQ#0', + ], + capabilityDelegation: [ + 'did:jwk:eyJjcnYiOiJFZDI1NTE5Iiwia3R5IjoiT0tQIiwieCI6Im80MHNoWnJzY28tQ2ZFcWs2bUZzWGZjUDk0bHkzQXozZ204NFB6QVVzWG8iLCJraWQiOiJCRHAweGltODJHc3dseG5QVjhUUHRCZFV3ODB3a0dJRjhnakZidzF4NWlRIiwiYWxnIjoiRWREU0EifQ#0', + ], + keyAgreement: [ + 'did:jwk:eyJjcnYiOiJFZDI1NTE5Iiwia3R5IjoiT0tQIiwieCI6Im80MHNoWnJzY28tQ2ZFcWs2bUZzWGZjUDk0bHkzQXozZ204NFB6QVVzWG8iLCJraWQiOiJCRHAweGltODJHc3dseG5QVjhUUHRCZFV3ODB3a0dJRjhnakZidzF4NWlRIiwiYWxnIjoiRWREU0EifQ#0', + ], + }, + metadata: { + }, + privateKeys: [ + { + crv : 'Ed25519', + d : '628WwXicdWc0BULN1JG_ybSrhwWWnz9NFwxbG09Ecr0', + kty : 'OKP', + x : 'o40shZrsco-CfEqk6mFsXfcP94ly3Az3gm84PzAUsXo', + kid : 'BDp0xim82GswlxnPV8TPtBdUw80wkGIF8gjFbw1x5iQ', + alg : 'EdDSA', + }, + ], + }; + }); + + it('throws an error if the DID document lacks any verification methods', async () => { + // Delete the verification method property from the DID document. + delete portableDid.document.verificationMethod; + + try { + await BearerDid.import({ portableDid }); + expect.fail('Error should have been thrown'); + } catch (error: any) { + expect(error.message).to.include('verification method is required but 0 were given'); + } + }); + + it('throws an error if the DID document does not contain a public key', async () => { + // Delete the public key from the DID document. + delete portableDid.document.verificationMethod![0].publicKeyJwk; + + try { + await BearerDid.import({ portableDid }); + expect.fail('Error should have been thrown'); + } catch (error: any) { + expect(error.message).to.include('does not contain a public key'); + } + }); + + it('throws an error if no private keys are given and the key manager does not contain the keys', async () => { + // Delete the private keys from the portable DID to trigger the error. + delete portableDid.privateKeys; + + try { + await BearerDid.import({ portableDid }); + expect.fail('Expected an error to be thrown.'); + } catch (error: any) { + expect(error.message).to.include('Key not found'); + } + }); + }); +}); \ No newline at end of file diff --git a/packages/dids/tests/fixtures/test-vectors/did-ion/to-keys.ts b/packages/dids/tests/fixtures/test-vectors/did-ion/to-keys.ts deleted file mode 100644 index c33bac414..000000000 --- a/packages/dids/tests/fixtures/test-vectors/did-ion/to-keys.ts +++ /dev/null @@ -1,81 +0,0 @@ -import type { Jwk, LocalKeyManager } from '@web5/crypto'; - -import sinon from 'sinon'; - -import type { BearerDid } from '../../../../src/bearer-did.js'; - -type TestVector = { - [key: string]: { - did: BearerDid; - privateKey: Jwk[]; - }; -}; - -export const vectors: TestVector = { - oneMethodNoServices: { - did: { - didDocument: { - id : 'did:ion:EiAXe1c857XIc7F3tvrxV_tsmn2zMqrgILwvrMkEgfuuSQ:eyJkZWx0YSI6eyJwYXRjaGVzIjpbeyJhY3Rpb24iOiJyZXBsYWNlIiwiZG9jdW1lbnQiOnsicHVibGljS2V5cyI6W3siaWQiOiJyV3hhU2ZWWlVfZWJsWjAzRFk1RXo4TkxkRlA4c200cFVYenJNRjR2d0xVIiwicHVibGljS2V5SndrIjp7ImNydiI6IkVkMjU1MTkiLCJrdHkiOiJPS1AiLCJ4Ijoid0t6MUg3SnNqbmlhV0dka1I0akcxT19pWVlnWDFyV29TRVZSXy1sS1VZRSJ9LCJwdXJwb3NlcyI6WyJhdXRoZW50aWNhdGlvbiIsImFzc2VydGlvbk1ldGhvZCJdLCJ0eXBlIjoiSnNvbldlYktleTIwMjAifV0sInNlcnZpY2VzIjpbXX19XSwidXBkYXRlQ29tbWl0bWVudCI6IkVpQ1IwcDk3UGZHYW9LMV9fdlV4ZlhLcW0xN29RY0RtSEM4dk1WeFFZWUhzTlEifSwic3VmZml4RGF0YSI6eyJkZWx0YUhhc2giOiJFaUNxSjlyMEtTUmVsUHFNTXE2Q0gwRm13SUtiWkVEUjhuWmVzNGllTW03X1J3IiwicmVjb3ZlcnlDb21taXRtZW50IjoiRWlELVUyRDh1bE1VUjVkSWduWkY3YnJCNUpvWkdlY29HS2FpNGNuQ1gzSnNlZyJ9fQ', - '@context' : [ - 'https://www.w3.org/ns/did/v1', - { - '@base': 'did:ion:EiAXe1c857XIc7F3tvrxV_tsmn2zMqrgILwvrMkEgfuuSQ:eyJkZWx0YSI6eyJwYXRjaGVzIjpbeyJhY3Rpb24iOiJyZXBsYWNlIiwiZG9jdW1lbnQiOnsicHVibGljS2V5cyI6W3siaWQiOiJyV3hhU2ZWWlVfZWJsWjAzRFk1RXo4TkxkRlA4c200cFVYenJNRjR2d0xVIiwicHVibGljS2V5SndrIjp7ImNydiI6IkVkMjU1MTkiLCJrdHkiOiJPS1AiLCJ4Ijoid0t6MUg3SnNqbmlhV0dka1I0akcxT19pWVlnWDFyV29TRVZSXy1sS1VZRSJ9LCJwdXJwb3NlcyI6WyJhdXRoZW50aWNhdGlvbiIsImFzc2VydGlvbk1ldGhvZCJdLCJ0eXBlIjoiSnNvbldlYktleTIwMjAifV0sInNlcnZpY2VzIjpbXX19XSwidXBkYXRlQ29tbWl0bWVudCI6IkVpQ1IwcDk3UGZHYW9LMV9fdlV4ZlhLcW0xN29RY0RtSEM4dk1WeFFZWUhzTlEifSwic3VmZml4RGF0YSI6eyJkZWx0YUhhc2giOiJFaUNxSjlyMEtTUmVsUHFNTXE2Q0gwRm13SUtiWkVEUjhuWmVzNGllTW03X1J3IiwicmVjb3ZlcnlDb21taXRtZW50IjoiRWlELVUyRDh1bE1VUjVkSWduWkY3YnJCNUpvWkdlY29HS2FpNGNuQ1gzSnNlZyJ9fQ', - }, - ], - service: [ - ], - verificationMethod: [ - { - id : '#rWxaSfVZU_eblZ03DY5Ez8NLdFP8sm4pUXzrMF4vwLU', - controller : 'did:ion:EiAXe1c857XIc7F3tvrxV_tsmn2zMqrgILwvrMkEgfuuSQ:eyJkZWx0YSI6eyJwYXRjaGVzIjpbeyJhY3Rpb24iOiJyZXBsYWNlIiwiZG9jdW1lbnQiOnsicHVibGljS2V5cyI6W3siaWQiOiJyV3hhU2ZWWlVfZWJsWjAzRFk1RXo4TkxkRlA4c200cFVYenJNRjR2d0xVIiwicHVibGljS2V5SndrIjp7ImNydiI6IkVkMjU1MTkiLCJrdHkiOiJPS1AiLCJ4Ijoid0t6MUg3SnNqbmlhV0dka1I0akcxT19pWVlnWDFyV29TRVZSXy1sS1VZRSJ9LCJwdXJwb3NlcyI6WyJhdXRoZW50aWNhdGlvbiIsImFzc2VydGlvbk1ldGhvZCJdLCJ0eXBlIjoiSnNvbldlYktleTIwMjAifV0sInNlcnZpY2VzIjpbXX19XSwidXBkYXRlQ29tbWl0bWVudCI6IkVpQ1IwcDk3UGZHYW9LMV9fdlV4ZlhLcW0xN29RY0RtSEM4dk1WeFFZWUhzTlEifSwic3VmZml4RGF0YSI6eyJkZWx0YUhhc2giOiJFaUNxSjlyMEtTUmVsUHFNTXE2Q0gwRm13SUtiWkVEUjhuWmVzNGllTW03X1J3IiwicmVjb3ZlcnlDb21taXRtZW50IjoiRWlELVUyRDh1bE1VUjVkSWduWkY3YnJCNUpvWkdlY29HS2FpNGNuQ1gzSnNlZyJ9fQ', - type : 'JsonWebKey2020', - publicKeyJwk : { - crv : 'Ed25519', - kty : 'OKP', - x : 'wKz1H7JsjniaWGdkR4jG1O_iYYgX1rWoSEVR_-lKUYE', - }, - }, - ], - authentication: [ - '#rWxaSfVZU_eblZ03DY5Ez8NLdFP8sm4pUXzrMF4vwLU', - ], - assertionMethod: [ - '#rWxaSfVZU_eblZ03DY5Ez8NLdFP8sm4pUXzrMF4vwLU', - ], - }, - getSigner : sinon.stub(), - keyManager : sinon.stub() as unknown as LocalKeyManager, - metadata : { - canonicalId : 'did:ion:EiAXe1c857XIc7F3tvrxV_tsmn2zMqrgILwvrMkEgfuuSQ', - recoveryKey : { - kty : 'EC', - crv : 'secp256k1', - x : 'EdmqCQJjJycUhxz52kCxLR7v1cIpWnbgVOVXDn73sMI', - y : 'a4kbkoG7t5yYYzUqSuSLv9gp8Rumw4wPmCDsQWaLKQQ', - kid : 'cv5f7CxO3H8FVqDuU5b48WP1Y8vfhkcmjOAOFhQDByU', - alg : 'ES256K', - }, - updateKey: { - kty : 'EC', - crv : 'secp256k1', - x : 'p1edwKgrvFZ4XxXcqM8j_ZStWZ0DuWzdhr8JUI42BmA', - y : 'KK_s4WG6vyDeJ4kMyDaAygU3G-Fiixi6Hf7cgFe-HcM', - kid : 'mKJbR4wHIJIeyUITRhddkPFqL-jbpGtSnu4MB6WrYzg', - alg : 'ES256K', - }, - published: true, - }, - uri: 'did:ion:EiAXe1c857XIc7F3tvrxV_tsmn2zMqrgILwvrMkEgfuuSQ:eyJkZWx0YSI6eyJwYXRjaGVzIjpbeyJhY3Rpb24iOiJyZXBsYWNlIiwiZG9jdW1lbnQiOnsicHVibGljS2V5cyI6W3siaWQiOiJyV3hhU2ZWWlVfZWJsWjAzRFk1RXo4TkxkRlA4c200cFVYenJNRjR2d0xVIiwicHVibGljS2V5SndrIjp7ImNydiI6IkVkMjU1MTkiLCJrdHkiOiJPS1AiLCJ4Ijoid0t6MUg3SnNqbmlhV0dka1I0akcxT19pWVlnWDFyV29TRVZSXy1sS1VZRSJ9LCJwdXJwb3NlcyI6WyJhdXRoZW50aWNhdGlvbiIsImFzc2VydGlvbk1ldGhvZCJdLCJ0eXBlIjoiSnNvbldlYktleTIwMjAifV0sInNlcnZpY2VzIjpbXX19XSwidXBkYXRlQ29tbWl0bWVudCI6IkVpQ1IwcDk3UGZHYW9LMV9fdlV4ZlhLcW0xN29RY0RtSEM4dk1WeFFZWUhzTlEifSwic3VmZml4RGF0YSI6eyJkZWx0YUhhc2giOiJFaUNxSjlyMEtTUmVsUHFNTXE2Q0gwRm13SUtiWkVEUjhuWmVzNGllTW03X1J3IiwicmVjb3ZlcnlDb21taXRtZW50IjoiRWlELVUyRDh1bE1VUjVkSWduWkY3YnJCNUpvWkdlY29HS2FpNGNuQ1gzSnNlZyJ9fQ', - }, - privateKey: [ - { - crv : 'Ed25519', - d : 'tMxiGuJDL1dukJT8xfMwanLHv3ScDTVJH1jtS01Xm-g', - kty : 'OKP', - x : 'wKz1H7JsjniaWGdkR4jG1O_iYYgX1rWoSEVR_-lKUYE', - kid : 'rWxaSfVZU_eblZ03DY5Ez8NLdFP8sm4pUXzrMF4vwLU', - alg : 'EdDSA', - } - ], - }, -}; \ No newline at end of file diff --git a/packages/dids/tests/methods/did-dht.spec.ts b/packages/dids/tests/methods/did-dht.spec.ts index aa1f3e0c1..d8e7ec967 100644 --- a/packages/dids/tests/methods/did-dht.spec.ts +++ b/packages/dids/tests/methods/did-dht.spec.ts @@ -1,12 +1,8 @@ -import type { Jwk } from '@web5/crypto'; - import sinon from 'sinon'; import { expect } from 'chai'; import { Convert } from '@web5/common'; -import { LocalKeyManager } from '@web5/crypto'; -import type { PortableDid } from '../../src/portable-did.js'; -import type { DidResolutionResult } from '../../src/index.js'; +import type { PortableDid } from '../../src/types/portable-did.js'; import { DidErrorCode } from '../../src/did-error.js'; import { DidDht, DidDhtRegisteredDidType } from '../../src/methods/did-dht.js'; @@ -42,18 +38,18 @@ describe('DidDht', () => { fetchStub.restore(); }); - describe('create', () => { + describe('create()', () => { it('creates a DID with a single verification method, by default', async () => { const did = await DidDht.create(); - expect(did).to.have.property('didDocument'); + expect(did).to.have.property('document'); expect(did).to.have.property('getSigner'); expect(did).to.have.property('keyManager'); expect(did).to.have.property('metadata'); expect(did).to.have.property('uri'); - expect(did.didDocument).to.have.property('verificationMethod'); - expect(did.didDocument.verificationMethod).to.have.length(1); + expect(did.document).to.have.property('verificationMethod'); + expect(did.document.verificationMethod).to.have.length(1); }); it('handles creating DIDs with additional Ed25519 verification methods', async () => { @@ -68,8 +64,8 @@ describe('DidDht', () => { } }); - expect(did.didDocument.verificationMethod).to.have.length(2); - expect(did.didDocument.verificationMethod?.[1].publicKeyJwk).to.have.property('crv', 'Ed25519'); + expect(did.document.verificationMethod).to.have.length(2); + expect(did.document.verificationMethod?.[1].publicKeyJwk).to.have.property('crv', 'Ed25519'); }); it('handles creating DIDs with additional secp256k1 verification methods', async () => { @@ -84,8 +80,8 @@ describe('DidDht', () => { } }); - expect(did.didDocument.verificationMethod).to.have.length(2); - expect(did.didDocument.verificationMethod?.[1].publicKeyJwk).to.have.property('crv', 'secp256k1'); + expect(did.document.verificationMethod).to.have.length(2); + expect(did.document.verificationMethod?.[1].publicKeyJwk).to.have.property('crv', 'secp256k1'); }); it('handles creating DIDs with additional secp256r1 verification methods', async () => { @@ -100,8 +96,8 @@ describe('DidDht', () => { } }); - expect(did.didDocument.verificationMethod).to.have.length(2); - expect(did.didDocument.verificationMethod?.[1].publicKeyJwk).to.have.property('crv', 'P-256'); + expect(did.document.verificationMethod).to.have.length(2); + expect(did.document.verificationMethod?.[1].publicKeyJwk).to.have.property('crv', 'P-256'); }); it('allows one or more DID controller identifiers to be specified', async () => { @@ -111,7 +107,7 @@ describe('DidDht', () => { } }); - expect(did.didDocument).to.have.property('controller', 'did:example:1234'); + expect(did.document).to.have.property('controller', 'did:example:1234'); did = await DidDht.create({ options: { @@ -119,7 +115,7 @@ describe('DidDht', () => { } }); - expect(did.didDocument.controller).to.deep.equal(['did:example:1234', 'did:example:5678']); + expect(did.document.controller).to.deep.equal(['did:example:1234', 'did:example:5678']); }); it('allows one or more Also Known As identifiers to be specified', async () => { @@ -129,7 +125,7 @@ describe('DidDht', () => { } }); - expect(did.didDocument.alsoKnownAs).to.deep.equal(['did:example:1234']); + expect(did.document.alsoKnownAs).to.deep.equal(['did:example:1234']); did = await DidDht.create({ options: { @@ -137,7 +133,7 @@ describe('DidDht', () => { } }); - expect(did.didDocument.alsoKnownAs).to.deep.equal(['did:example:1234', 'did:example:5678']); + expect(did.document.alsoKnownAs).to.deep.equal(['did:example:1234', 'did:example:5678']); }); it('handles creating DIDs with additional verification methods', async () => { @@ -152,13 +148,13 @@ describe('DidDht', () => { } }); - expect(did.didDocument.verificationMethod).to.have.length(2); + expect(did.document.verificationMethod).to.have.length(2); }); it('assigns 0 as the ID of the Identity Key verification method ', async () => { const did = await DidDht.create(); - expect(did.didDocument.verificationMethod?.[0].id).to.include('#0'); + expect(did.document.verificationMethod?.[0].id).to.include('#0'); }); it('uses the JWK thumbprint as the ID for additional verification methods, by default', async () => { @@ -173,7 +169,7 @@ describe('DidDht', () => { } }); - expect(did.didDocument.verificationMethod?.[1].id).to.include(`#${did?.didDocument?.verificationMethod?.[1]?.publicKeyJwk?.kid}`); + expect(did.document.verificationMethod?.[1].id).to.include(`#${did?.document?.verificationMethod?.[1]?.publicKeyJwk?.kid}`); }); it('allows a custom ID to be specified for additional verification methods', async () => { @@ -189,7 +185,7 @@ describe('DidDht', () => { } }); - expect(did.didDocument.verificationMethod?.[1]).to.have.property('id', `${did.uri}#1`); + expect(did.document.verificationMethod?.[1]).to.have.property('id', `${did.uri}#1`); }); it('handles creating DIDs with one service', async () => { @@ -205,10 +201,10 @@ describe('DidDht', () => { } }); - expect(did.didDocument.service).to.have.length(1); - expect(did.didDocument.service?.[0]).to.have.property('id', `${did.uri}#dwn`); - expect(did.didDocument.service?.[0]).to.have.property('type', 'DecentralizedWebNode'); - expect(did.didDocument.service?.[0]).to.have.property('serviceEndpoint', 'https://example.com/dwn'); + expect(did.document.service).to.have.length(1); + expect(did.document.service?.[0]).to.have.property('id', `${did.uri}#dwn`); + expect(did.document.service?.[0]).to.have.property('type', 'DecentralizedWebNode'); + expect(did.document.service?.[0]).to.have.property('serviceEndpoint', 'https://example.com/dwn'); }); it('handles creating DIDs with multiple services', async () => { @@ -229,9 +225,9 @@ describe('DidDht', () => { } }); - expect(did.didDocument.service).to.have.length(2); - expect(did.didDocument.service?.[0]).to.have.property('id', `${did.uri}#dwn`); - expect(did.didDocument.service?.[1]).to.have.property('id', `${did.uri}#oid4vci`); + expect(did.document.service).to.have.length(2); + expect(did.document.service?.[0]).to.have.property('id', `${did.uri}#dwn`); + expect(did.document.service?.[1]).to.have.property('id', `${did.uri}#oid4vci`); }); it('accepts a custom controller for the Identity Key verification method', async () => { @@ -247,7 +243,7 @@ describe('DidDht', () => { } }); - const identityKeyVerificationMethod = did.didDocument?.verificationMethod?.find( + const identityKeyVerificationMethod = did.document?.verificationMethod?.find( (method) => method.id.endsWith('#0') ); expect(identityKeyVerificationMethod).to.have.property('controller', 'did:example:1234'); @@ -280,15 +276,15 @@ describe('DidDht', () => { } }); - expect(did.didDocument.verificationMethod).to.have.length(3); - expect(did.didDocument.verificationMethod?.[1]).to.have.property('id', `${did.uri}#sig`); - expect(did.didDocument.verificationMethod?.[2]).to.have.property('id', `${did.uri}#enc`); - expect(did.didDocument.service).to.have.length(1); - expect(did.didDocument.service?.[0]).to.have.property('id', `${did.uri}#dwn`); - expect(did.didDocument.service?.[0]).to.have.property('type', 'DecentralizedWebNode'); - expect(did.didDocument.service?.[0]).to.have.property('serviceEndpoint', 'https://example.com/dwn'); - expect(did.didDocument.service?.[0]).to.have.property('enc', '#enc'); - expect(did.didDocument.service?.[0]).to.have.property('sig', '#sig'); + expect(did.document.verificationMethod).to.have.length(3); + expect(did.document.verificationMethod?.[1]).to.have.property('id', `${did.uri}#sig`); + expect(did.document.verificationMethod?.[2]).to.have.property('id', `${did.uri}#enc`); + expect(did.document.service).to.have.length(1); + expect(did.document.service?.[0]).to.have.property('id', `${did.uri}#dwn`); + expect(did.document.service?.[0]).to.have.property('type', 'DecentralizedWebNode'); + expect(did.document.service?.[0]).to.have.property('serviceEndpoint', 'https://example.com/dwn'); + expect(did.document.service?.[0]).to.have.property('enc', '#enc'); + expect(did.document.service?.[0]).to.have.property('sig', '#sig'); }); it('accepts one or more DID DHT registered types', async () => { @@ -341,6 +337,31 @@ describe('DidDht', () => { expect(isValid).to.be.true; }); + it('throws an error if duplicate verification method IDs are given', async () => { + try { + await DidDht.create({ + options: { + verificationMethods: [ + { + algorithm : 'Ed25519', + id : '0', + purposes : ['authentication', 'assertionMethod'] + }, + { + algorithm : 'secp256k1', + id : '0', + purposes : ['keyAgreement'] + } + ] + } + }); + + expect.fail('Expected an error to be thrown.'); + } catch (error: any) { + expect(error.message).to.include('verification method IDs are not unique'); + } + }); + it('throws an error if publishing fails', async () => { // Simulate a network error when attempting to publish the DID. fetchStub.rejects(new Error('Network error')); @@ -428,308 +449,40 @@ describe('DidDht', () => { }); }); - describe('fromKeyManager()', () => { - let didUri: string; - let keyManager: LocalKeyManager; - let privateKey: Jwk; - - before(() => { - keyManager = new LocalKeyManager(); - }); - - beforeEach(() => { - didUri = 'did:dht:cf69rrqpanddbhkqecuwia314hfawfua9yr6zx433jmgm39ez57y'; - - privateKey = { - crv : 'Ed25519', - d : 'PISwJgl1nOlURuaqo144O1eXuGDWggYo7XX1X8oxPJs', - kty : 'OKP', - x : 'YX3yEc3AhjDxTkMnSuMy1wuKFnj4Ceu_WcpWZefovvo', - kid : 'un6C53LHsjSmjFmZsEKZKwrz0gO_LBg2nSV3a54CNoo' - }; - }); - - it('returns a DID from existing keys present in a key manager', async () => { - // Mock the response from the Pkarr relay rather than calling over the network. - fetchStub.resolves(fetchOkResponse( - Convert.hex('28a37dbbf9692e2930696ade738f85a757a508442a9a454946e9a6e11a4ccd6d47e4f1839791' + - 'e7085d836e343d71726ed77fbad48760128e8a749cd61fcf3d0d0000000065b14cbe00008400' + - '0000000200000000035f6b30045f646964346366363972727170616e646462686b7165637577' + - '696133313468666177667561397972367a783433336a6d676d3339657a353779000010000100' + - '001c2000373669643d303b743d303b6b3d5958337945633341686a4478546b4d6e53754d7931' + - '77754b466e6a344365755f576370575a65666f76766f045f646964346366363972727170616e' + - '646462686b7165637577696133313468666177667561397972367a783433336a6d676d333965' + - '7a353779000010000100001c20002726763d303b766d3d6b303b617574683d6b303b61736d3d' + - '6b303b64656c3d6b303b696e763d6b30').toArrayBuffer() - )); - - // Import the test DID's keys into the key manager. - await keyManager.importKey({ key: privateKey }); - - const did = await DidDht.fromKeyManager({ didUri, keyManager }); - - expect(did).to.have.property('didDocument'); - expect(did).to.have.property('getSigner'); - expect(did).to.have.property('keyManager'); - expect(did).to.have.property('metadata'); - expect(did).to.have.property('uri', 'did:dht:cf69rrqpanddbhkqecuwia314hfawfua9yr6zx433jmgm39ez57y'); - }); - - it('returns a DID from existing keys present in a key manager, with types', async () => { - const portableDid: PortableDid = { - uri : 'did:dht:ksbkpsjytbm7kh6hnt3xi91t6to98zndtrrxzsqz9y87m5qztyqo', - verificationMethods : [ - { - id : 'did:dht:ksbkpsjytbm7kh6hnt3xi91t6to98zndtrrxzsqz9y87m5qztyqo#0', - type : 'JsonWebKey', - controller : 'did:dht:ksbkpsjytbm7kh6hnt3xi91t6to98zndtrrxzsqz9y87m5qztyqo', - publicKeyJwk : { - crv : 'Ed25519', - kty : 'OKP', - x : 'VYKm2SCIV9Vz3BRy-v5R9GHz3EOJCPvZ1_gP1e3XiB0', - kid : 'cyvOypa6k-4ffsRWcza37s5XVOh1kO9ICUeo1ZxHVM8', - alg : 'EdDSA', - }, - privateKeyJwk: { - crv : 'Ed25519', - d : 'hdSIwbQwVD-fNOVEgt-k3mMl44Ip1iPi58Ex6VDGxqY', - kty : 'OKP', - x : 'VYKm2SCIV9Vz3BRy-v5R9GHz3EOJCPvZ1_gP1e3XiB0', - kid : 'cyvOypa6k-4ffsRWcza37s5XVOh1kO9ICUeo1ZxHVM8', - alg : 'EdDSA', - }, - purposes: [ - 'authentication', - 'assertionMethod', - 'capabilityDelegation', - 'capabilityInvocation', - ], - }, - ], - }; - - const mockDidResolutionResult: DidResolutionResult = { - didDocument: { - id : 'did:dht:ksbkpsjytbm7kh6hnt3xi91t6to98zndtrrxzsqz9y87m5qztyqo', - verificationMethod : [ - { - id : 'did:dht:ksbkpsjytbm7kh6hnt3xi91t6to98zndtrrxzsqz9y87m5qztyqo#0', - type : 'JsonWebKey', - controller : 'did:dht:ksbkpsjytbm7kh6hnt3xi91t6to98zndtrrxzsqz9y87m5qztyqo', - publicKeyJwk : { - crv : 'Ed25519', - kty : 'OKP', - x : 'VYKm2SCIV9Vz3BRy-v5R9GHz3EOJCPvZ1_gP1e3XiB0', - kid : 'cyvOypa6k-4ffsRWcza37s5XVOh1kO9ICUeo1ZxHVM8', - alg : 'EdDSA' - }, - }, - ], - authentication: [ - 'did:dht:ksbkpsjytbm7kh6hnt3xi91t6to98zndtrrxzsqz9y87m5qztyqo#0' - ], - assertionMethod: [ - 'did:dht:ksbkpsjytbm7kh6hnt3xi91t6to98zndtrrxzsqz9y87m5qztyqo#0' - ], - capabilityDelegation: [ - 'did:dht:ksbkpsjytbm7kh6hnt3xi91t6to98zndtrrxzsqz9y87m5qztyqo#0' - ], - capabilityInvocation: [ - 'did:dht:ksbkpsjytbm7kh6hnt3xi91t6to98zndtrrxzsqz9y87m5qztyqo#0' - ], - }, - didDocumentMetadata: { - types: [6, 7] - }, - didResolutionMetadata: {} - }; - - // Stub the DID resolve method to return the expected DID document and metadata. - const resolveStub = sinon.stub(DidDht, 'resolve').returns(Promise.resolve(mockDidResolutionResult)); - - // Import the test DID's keys into the key manager. - await keyManager.importKey({ key: portableDid.verificationMethods![0].privateKeyJwk! }); - - const did = await DidDht.fromKeyManager({ didUri: portableDid.uri!, keyManager }); - - expect(did.uri).to.equal(portableDid.uri); - expect(did.didDocument).to.deep.equal(mockDidResolutionResult.didDocument); - expect(did.metadata).to.have.property('types'); - expect(did.metadata.types).to.deep.equal([6, 7]); - - resolveStub.restore(); - }); - - it('returns a DID with a getSigner function that can sign and verify data', async () => { - const keyManager = new LocalKeyManager(); - - // Create a DID to use for the test. - const testDid = await DidDht.create({ keyManager }); - - // Stub the DID resolve method to return the expected DID document and metadata. - const resolveStub = sinon.stub(DidDht, 'resolve').returns(Promise.resolve({ - didDocument : testDid.didDocument, - didDocumentMetadata : testDid.metadata, - didResolutionMetadata : {} - })); - - const did = await DidDht.fromKeyManager({ didUri: testDid.uri, keyManager }); - - const signer = await did.getSigner(); - const data = new Uint8Array([1, 2, 3]); - const signature = await signer.sign({ data }); - const isValid = await signer.verify({ data, signature }); - - expect(signature).to.have.length(64); - expect(isValid).to.be.true; - - resolveStub.restore(); - }); - - it('returns a DID with a getSigner function that accepts a specific keyUri', async () => { - const keyManager = new LocalKeyManager(); - - // Create a DID to use for the test. - const testDid = await DidDht.create({ keyManager }); - - // Stub the DID resolve method to return the expected DID document and metadata. - const resolveStub = sinon.stub(DidDht, 'resolve').returns(Promise.resolve({ - didDocument : testDid.didDocument, - didDocumentMetadata : testDid.metadata, - didResolutionMetadata : {} - })); - - const did = await DidDht.fromKeyManager({ didUri: testDid.uri, keyManager }); - - // Retrieve the key URI of the verification method's public key. - const keyUri = await did.keyManager.getKeyUri({ - key: testDid.didDocument.verificationMethod![0].publicKeyJwk! - }); - - const signer = await did.getSigner({ keyUri }); - const data = new Uint8Array([1, 2, 3]); - const signature = await signer.sign({ data }); - const isValid = await signer.verify({ data, signature }); - - expect(signature).to.have.length(64); - expect(isValid).to.be.true; - - resolveStub.restore(); - }); - - it('throws an error if an unsupported DID method is given', async () => { + describe('getSigningMethod()', () => { + it('returns an error if the DID method is not supported', async () => { try { - await DidDht.fromKeyManager({ didUri: 'did:example:1234', keyManager }); + await DidDht.getSigningMethod({ didDocument: { id: 'did:method:123' } }); expect.fail('Expected an error to be thrown.'); } catch (error: any) { - expect(error.message).to.include('Method not supported'); expect(error.code).to.equal(DidErrorCode.MethodNotSupported); + expect(error.message).to.include('Method not supported'); } }); - it('throws an error if the resolved DID document lacks any verification methods', async () => { - // Stub the DID resolve method to return a DID document without a verificationMethod property. - sinon.stub(DidDht, 'resolve').returns(Promise.resolve({ - didDocument : { id: 'did:dht:...' }, - didDocumentMetadata : {}, - didResolutionMetadata : {} - })); - - const didUri = 'did:dht:...'; - try { - await DidDht.fromKeyManager({ didUri, keyManager }); - expect.fail('Expected an error to be thrown.'); - } catch (error: any) { - expect(error.message).to.include('missing verification methods'); - } finally { - sinon.restore(); - } - - // Stub the DID resolve method to return a DID document an empty verificationMethod property. - sinon.stub(DidDht, 'resolve').returns(Promise.resolve({ - didDocument : { id: 'did:dht:...', verificationMethod: [] }, - didDocumentMetadata : {}, - didResolutionMetadata : {} - })); - - try { - await DidDht.fromKeyManager({ didUri, keyManager }); - expect.fail('Expected an error to be thrown.'); - } catch (error: any) { - expect(error.message).to.include('missing verification methods'); - } finally { - sinon.restore(); - } - }); - - it('throws an error if the resolved DID document is missing a public key', async () => { - // Stub the DID resolution method to return a DID document with no verification methods. - sinon.stub(DidDht, 'resolve').returns(Promise.resolve({ - didDocument: { - id : 'did:dht:...', - verificationMethod : [{ - id : 'did:dht:...#0', - type : 'JsonWebKey', - controller : 'did:dht:...' - }], - }, - didDocumentMetadata : {}, - didResolutionMetadata : {} - })); - - const didUri = 'did:dht:...'; + it('throws an error if the DID Document does not any verification methods', async () => { try { - await DidDht.fromKeyManager({ didUri, keyManager }); - expect.fail('Expected an error to be thrown.'); + await DidDht.getSigningMethod({ + didDocument: { + id : 'did:dht:123', + verificationMethod : [] + } + }); + expect.fail('Error should have been thrown'); } catch (error: any) { - expect(error.message).to.include('does not contain a public key'); - } finally { - sinon.restore(); + expect(error.message).to.include('method intended for signing could not be determined'); } }); }); - describe('fromKeys', () => { + describe('import()', () => { let portableDid: PortableDid; beforeEach(() => { // Define a DID to use for the test. portableDid = { - uri : 'did:dht:urex8kbn3ewbdrjq36obf3rpg8joomzpu1gb4cfkhj3ey4y9fqgo', - verificationMethods : [ - { - id : 'did:dht:urex8kbn3ewbdrjq36obf3rpg8joomzpu1gb4cfkhj3ey4y9fqgo#0', - type : 'JsonWebKey', - controller : 'did:dht:urex8kbn3ewbdrjq36obf3rpg8joomzpu1gb4cfkhj3ey4y9fqgo', - publicKeyJwk : { - crv : 'Ed25519', - kty : 'OKP', - x : 'mRDzqCLKKBGRLs-gEuSNMdMILu2cjB0wquJygGgfK40', - kid : 'FuIkkMgnsq-XRX8gWp3HJpqwoIbyNNsx4Uk-tdDSqbE', - alg : 'EdDSA' - }, - privateKeyJwk: { - crv : 'Ed25519', - d : '3OQkejC7rNiGQSPAugN8CFrIjHGemZh5hbtgD8GXUVw', - kty : 'OKP', - x : 'mRDzqCLKKBGRLs-gEuSNMdMILu2cjB0wquJygGgfK40', - kid : 'FuIkkMgnsq-XRX8gWp3HJpqwoIbyNNsx4Uk-tdDSqbE', - alg : 'EdDSA' - }, - purposes: [ - 'authentication', - 'assertionMethod', - 'capabilityDelegation', - 'capabilityInvocation' - ], - }, - ], - }; - }); - - it('returns a previously created DID from the URI and imported key material', async () => { - const mockDidResolutionResult: DidResolutionResult = { - didDocument: { + uri : 'did:dht:urex8kbn3ewbdrjq36obf3rpg8joomzpu1gb4cfkhj3ey4y9fqgo', + document : { id : 'did:dht:urex8kbn3ewbdrjq36obf3rpg8joomzpu1gb4cfkhj3ey4y9fqgo', verificationMethod : [ { @@ -758,59 +511,34 @@ describe('DidDht', () => { 'did:dht:urex8kbn3ewbdrjq36obf3rpg8joomzpu1gb4cfkhj3ey4y9fqgo#0', ], }, - didDocumentMetadata : {}, - didResolutionMetadata : {} + metadata : {}, + privateKeys : [ + { + crv : 'Ed25519', + d : '3OQkejC7rNiGQSPAugN8CFrIjHGemZh5hbtgD8GXUVw', + kty : 'OKP', + x : 'mRDzqCLKKBGRLs-gEuSNMdMILu2cjB0wquJygGgfK40', + kid : 'FuIkkMgnsq-XRX8gWp3HJpqwoIbyNNsx4Uk-tdDSqbE', + alg : 'EdDSA' + } + ] }; + }); - // Stub the DID resolve method to return the expected DID document and metadata. - const resolveStub = sinon.stub(DidDht, 'resolve').returns(Promise.resolve(mockDidResolutionResult)); - - const did = await DidDht.fromKeys(portableDid); + it('returns a previously created DID from the URI and imported key material', async () => { + const did = await DidDht.import({ portableDid }); - expect(did).to.have.property('didDocument'); + expect(did).to.have.property('document'); expect(did).to.have.property('getSigner'); expect(did).to.have.property('keyManager'); expect(did).to.have.property('metadata'); expect(did).to.have.property('uri', portableDid.uri); - - resolveStub.restore(); }); it('returns a previously created DID from the URI and imported key material, with types', async () => { portableDid = { - uri : 'did:dht:ksbkpsjytbm7kh6hnt3xi91t6to98zndtrrxzsqz9y87m5qztyqo', - verificationMethods : [ - { - id : 'did:dht:ksbkpsjytbm7kh6hnt3xi91t6to98zndtrrxzsqz9y87m5qztyqo#0', - type : 'JsonWebKey', - controller : 'did:dht:ksbkpsjytbm7kh6hnt3xi91t6to98zndtrrxzsqz9y87m5qztyqo', - publicKeyJwk : { - crv : 'Ed25519', - kty : 'OKP', - x : 'VYKm2SCIV9Vz3BRy-v5R9GHz3EOJCPvZ1_gP1e3XiB0', - kid : 'cyvOypa6k-4ffsRWcza37s5XVOh1kO9ICUeo1ZxHVM8', - alg : 'EdDSA', - }, - privateKeyJwk: { - crv : 'Ed25519', - d : 'hdSIwbQwVD-fNOVEgt-k3mMl44Ip1iPi58Ex6VDGxqY', - kty : 'OKP', - x : 'VYKm2SCIV9Vz3BRy-v5R9GHz3EOJCPvZ1_gP1e3XiB0', - kid : 'cyvOypa6k-4ffsRWcza37s5XVOh1kO9ICUeo1ZxHVM8', - alg : 'EdDSA', - }, - purposes: [ - 'authentication', - 'assertionMethod', - 'capabilityDelegation', - 'capabilityInvocation', - ], - }, - ], - }; - - const mockDidResolutionResult: DidResolutionResult = { - didDocument: { + uri : 'did:dht:ksbkpsjytbm7kh6hnt3xi91t6to98zndtrrxzsqz9y87m5qztyqo', + document : { id : 'did:dht:ksbkpsjytbm7kh6hnt3xi91t6to98zndtrrxzsqz9y87m5qztyqo', verificationMethod : [ { @@ -839,91 +567,67 @@ describe('DidDht', () => { 'did:dht:ksbkpsjytbm7kh6hnt3xi91t6to98zndtrrxzsqz9y87m5qztyqo#0' ], }, - didDocumentMetadata: { + metadata: { types: [6, 7] }, - didResolutionMetadata: {} + privateKeys: [ + { + crv : 'Ed25519', + d : 'hdSIwbQwVD-fNOVEgt-k3mMl44Ip1iPi58Ex6VDGxqY', + kty : 'OKP', + x : 'VYKm2SCIV9Vz3BRy-v5R9GHz3EOJCPvZ1_gP1e3XiB0', + kid : 'cyvOypa6k-4ffsRWcza37s5XVOh1kO9ICUeo1ZxHVM8', + alg : 'EdDSA', + } + ] }; - // Stub the DID resolve method to return the expected DID document and metadata. - const resolveStub = sinon.stub(DidDht, 'resolve').returns(Promise.resolve(mockDidResolutionResult)); - - const did = await DidDht.fromKeys(portableDid); + const did = await DidDht.import({ portableDid }); expect(did.metadata).to.deep.equal({ types: [6, 7] }); - - resolveStub.restore(); }); - it('returns a new DID created from the given verification material', async () => { - // Remove the URI from the test portable DID so that fromKeys() creates the DID object - // using only the key material. - const { uri, ...didWithOnlyKeys } = portableDid; - - const did = await DidDht.fromKeys(didWithOnlyKeys); - - expect(did).to.have.property('didDocument'); - expect(did).to.have.property('getSigner'); - expect(did).to.have.property('keyManager'); - expect(did).to.have.property('metadata'); - expect(did).to.have.property('uri', uri); - }); - - it('throws an error if no verification methods are given', async () => { - try { - // @ts-expect-error - Testing invalid argument. - await DidDht.fromKeys({}); - expect.fail('Expected an error to be thrown.'); - } catch (error: any) { - expect(error.message).to.include('one verification method'); - } - }); + it('can import exported PortableDid', async () => { + // Create a DID to use for the test. + const did = await DidDht.create(); - it('throws an error if the given key set is empty', async () => { - try { - await DidDht.fromKeys({ verificationMethods: [] }); - expect.fail('Expected an error to be thrown.'); - } catch (error: any) { - expect(error.message).to.include('one verification method'); - } - }); + // Export the BearerDid to a portable format. + const portableDid = await did.export(); - it('throws an error if the given key set is missing a public key', async () => { - delete portableDid.verificationMethods![0].publicKeyJwk; + // Create a DID object from the portable format. + const didFromPortable = await DidDht.import({ portableDid }); - try { - await DidDht.fromKeys(portableDid); - expect.fail('Expected an error to be thrown.'); - } catch (error: any) { - expect(error.message).to.include('must contain a public and private key'); - } + expect(didFromPortable.document).to.deep.equal(did.document); + expect(didFromPortable.metadata).to.deep.equal(did.metadata); }); - it('throws an error if the given key set is missing a private key', async () => { - delete portableDid.verificationMethods![0].privateKeyJwk; + it('throws an error if the DID method is not supported', async () => { + // Change the method to something other than 'dht'. + portableDid.uri = 'did:unknown:abc123'; try { - await DidDht.fromKeys(portableDid); + await DidDht.import({ portableDid }); expect.fail('Expected an error to be thrown.'); } catch (error: any) { - expect(error.message).to.include('must contain a public and private key'); + expect(error.code).to.equal(DidErrorCode.MethodNotSupported); + expect(error.message).to.include('Method not supported'); } }); it('throws an error if an Identity Key is not included in the given verification methods', async () => { // Change the ID of the verification method to something other than 0. - portableDid.verificationMethods![0].id = 'did:dht:urex8kbn3ewbdrjq36obf3rpg8joomzpu1gb4cfkhj3ey4y9fqgo#1'; + portableDid.document.verificationMethod![0].id = 'did:dht:urex8kbn3ewbdrjq36obf3rpg8joomzpu1gb4cfkhj3ey4y9fqgo#1'; try { - await DidDht.fromKeys(portableDid); + await DidDht.import({ portableDid }); expect.fail('Expected an error to be thrown.'); } catch (error: any) { - expect(error.message).to.include('missing an Identity Key'); + expect(error.message).to.include('must contain an Identity Key'); } }); }); - describe('resolve', () => { + describe('resolve()', () => { it('resolves a published DID with a single verification method', async () => { // Mock the response from the Pkarr relay rather than calling over the network. fetchStub.resolves(fetchOkResponse( @@ -1098,45 +802,4 @@ describe('DidDht', () => { expect(didResolutionResult.didResolutionMetadata).to.have.property('error', 'invalidDidDocumentLength'); }); }); - - describe('toKeys()', () => { - it('returns a single verification method for a DID, by default', async () => { - // Create a DID to use for the test. - const did = await DidDht.create(); - - const portableDid = await DidDht.toKeys({ did }); - - expect(portableDid).to.have.property('verificationMethods'); - expect(portableDid.verificationMethods).to.have.length(1); - expect(portableDid.verificationMethods[0]).to.have.property('publicKeyJwk'); - expect(portableDid.verificationMethods[0]).to.have.property('privateKeyJwk'); - expect(portableDid.verificationMethods[0]).to.have.property('purposes'); - expect(portableDid.verificationMethods[0]).to.have.property('type'); - expect(portableDid.verificationMethods[0]).to.have.property('id'); - expect(portableDid.verificationMethods[0]).to.have.property('controller'); - }); - - it('output can be used to instantiate a DID object', async () => { - // Create a DID to use for the test. - const did = await DidDht.create(); - - // Convert the DID to a portable format. - const portableDid = await DidDht.toKeys({ did }); - - // Stub the DID resolve method to return the expected DID document and metadata. - const resolveStub = sinon.stub(DidDht, 'resolve').returns(Promise.resolve({ - didDocument : did.didDocument, - didDocumentMetadata : did.metadata, - didResolutionMetadata : {} - })); - - // Create a DID object from the portable format. - const didFromPortable = await DidDht.fromKeys(portableDid); - - expect(didFromPortable.didDocument).to.deep.equal(did.didDocument); - expect(didFromPortable.metadata).to.deep.equal(did.metadata); - - resolveStub.restore(); - }); - }); }); \ No newline at end of file diff --git a/packages/dids/tests/methods/did-ion.spec.ts b/packages/dids/tests/methods/did-ion.spec.ts index e1f73dc9b..ffcdf5574 100644 --- a/packages/dids/tests/methods/did-ion.spec.ts +++ b/packages/dids/tests/methods/did-ion.spec.ts @@ -2,13 +2,13 @@ import type { Jwk } from '@web5/crypto'; import sinon from 'sinon'; import { expect } from 'chai'; -import { LocalKeyManager, computeJwkThumbprint } from '@web5/crypto'; +import { computeJwkThumbprint } from '@web5/crypto'; import type { DidDocument } from '../../src/types/did-core.js'; +import type { PortableDid } from '../../src/types/portable-did.js'; import { DidIon } from '../../src/methods/did-ion.js'; import { vectors as CreateTestVector } from '../fixtures/test-vectors/did-ion/create.js'; -import { vectors as ToKeysTestVector } from '../fixtures/test-vectors/did-ion/to-keys.js'; import { vectors as ResolveTestVector } from '../fixtures/test-vectors/did-ion/resolve.js'; // Helper function to create a mocked fetch response that fails and returns a 404 Not Found. @@ -54,7 +54,7 @@ describe('DidIon', () => { const did = await DidIon.create(); - expect(did).to.have.property('didDocument'); + expect(did).to.have.property('document'); expect(did).to.have.property('getSigner'); expect(did).to.have.property('keyManager'); expect(did).to.have.property('metadata'); @@ -62,8 +62,8 @@ describe('DidIon', () => { expect(fetchStub.calledTwice).to.be.true; - expect(did.didDocument).to.have.property('verificationMethod'); - expect(did.didDocument.verificationMethod).to.have.length(1); + expect(did.document).to.have.property('verificationMethod'); + expect(did.document.verificationMethod).to.have.length(1); expect(did.metadata).to.have.property('canonicalId'); }); @@ -91,9 +91,9 @@ describe('DidIon', () => { } }); - expect(did.didDocument.verificationMethod).to.have.length(2); - expect(did.didDocument.verificationMethod?.[0].publicKeyJwk).to.have.property('crv', 'Ed25519'); - expect(did.didDocument.verificationMethod?.[1].publicKeyJwk).to.have.property('crv', 'secp256k1'); + expect(did.document.verificationMethod).to.have.length(2); + expect(did.document.verificationMethod?.[0].publicKeyJwk).to.have.property('crv', 'Ed25519'); + expect(did.document.verificationMethod?.[1].publicKeyJwk).to.have.property('crv', 'secp256k1'); }); it('uses the JWK thumbprint as the ID for verification methods, by default', async () => { @@ -107,8 +107,8 @@ describe('DidIon', () => { const did = await DidIon.create(); - const expectedKeyId = await computeJwkThumbprint({ jwk: did.didDocument.verificationMethod![0]!.publicKeyJwk! }); - expect(did.didDocument.verificationMethod?.[0].id).to.include(expectedKeyId); + const expectedKeyId = await computeJwkThumbprint({ jwk: did.document.verificationMethod![0]!.publicKeyJwk! }); + expect(did.document.verificationMethod?.[0].id).to.include(expectedKeyId); }); it('allows a custom ID to be specified for additional verification methods', async () => { @@ -132,7 +132,7 @@ describe('DidIon', () => { } }); - expect(did.didDocument.verificationMethod?.[0]).to.have.property('id', '#1'); + expect(did.document.verificationMethod?.[0]).to.have.property('id', '#1'); }); it('retains only the ID fragment if verification method IDs contain a prefix before the hash symbol (#)', async () => { @@ -156,7 +156,7 @@ describe('DidIon', () => { } }); - expect(did.didDocument.verificationMethod?.[0]).to.have.property('id', '#1'); + expect(did.document.verificationMethod?.[0]).to.have.property('id', '#1'); }); it('handles creating DIDs with one service', async () => { @@ -180,10 +180,10 @@ describe('DidIon', () => { } }); - expect(did.didDocument.service).to.have.length(1); - expect(did.didDocument.service?.[0]).to.have.property('id', `#dwn`); - expect(did.didDocument.service?.[0]).to.have.property('type', 'DecentralizedWebNode'); - expect(did.didDocument.service?.[0]).to.have.property('serviceEndpoint', 'https://example.com/dwn'); + expect(did.document.service).to.have.length(1); + expect(did.document.service?.[0]).to.have.property('id', `#dwn`); + expect(did.document.service?.[0]).to.have.property('type', 'DecentralizedWebNode'); + expect(did.document.service?.[0]).to.have.property('serviceEndpoint', 'https://example.com/dwn'); }); it('handles creating DIDs with multiple services', async () => { @@ -212,9 +212,9 @@ describe('DidIon', () => { } }); - expect(did.didDocument.service).to.have.length(2); - expect(did.didDocument.service?.[0]).to.have.property('id', `#dwn`); - expect(did.didDocument.service?.[1]).to.have.property('id', `#oid4vci`); + expect(did.document.service).to.have.length(2); + expect(did.document.service?.[0]).to.have.property('id', `#dwn`); + expect(did.document.service?.[1]).to.have.property('id', `#oid4vci`); }); it('given service IDs are automatically prefixed with hash symbol (#) in DID document', async () => { @@ -238,8 +238,8 @@ describe('DidIon', () => { } }); - expect(did.didDocument.service).to.have.length(1); - expect(did.didDocument.service?.[0]).to.have.property('id', `#dwn`); + expect(did.document.service).to.have.length(1); + expect(did.document.service?.[0]).to.have.property('id', `#dwn`); }); it('accepts service IDs that start with a hash symbol (#)', async () => { @@ -263,8 +263,8 @@ describe('DidIon', () => { } }); - expect(did.didDocument.service).to.have.length(1); - expect(did.didDocument.service?.[0]).to.have.property('id', `#dwn`); + expect(did.document.service).to.have.length(1); + expect(did.document.service?.[0]).to.have.property('id', `#dwn`); }); it('retains only the ID fragment if service IDs contain a prefix before the hash symbol (#)', async () => { @@ -288,8 +288,8 @@ describe('DidIon', () => { } }); - expect(did.didDocument.service).to.have.length(1); - expect(did.didDocument.service?.[0]).to.have.property('id', `#dwn`); + expect(did.document.service).to.have.length(1); + expect(did.document.service?.[0]).to.have.property('id', `#dwn`); }); it('accepts custom properties for services', async () => { @@ -329,16 +329,16 @@ describe('DidIon', () => { } }); - expect(did.didDocument.verificationMethod).to.have.length(2); - expect(did.didDocument.verificationMethod?.[0]).to.have.property('id', `#sig`); - expect(did.didDocument.verificationMethod?.[1]).to.have.property('id', `#enc`); - expect(did.didDocument.service).to.have.length(1); - expect(did.didDocument.service?.[0]).to.have.property('id', `#dwn`); - expect(did.didDocument.service?.[0]).to.have.property('type', 'DecentralizedWebNode'); - expect(did.didDocument.service?.[0]).to.have.property('serviceEndpoint'); - expect(did.didDocument.service?.[0]?.serviceEndpoint).to.have.property('nodes'); - expect(did.didDocument.service?.[0]?.serviceEndpoint).to.have.property('encryptionKeys'); - expect(did.didDocument.service?.[0]?.serviceEndpoint).to.have.property('signingKeys'); + expect(did.document.verificationMethod).to.have.length(2); + expect(did.document.verificationMethod?.[0]).to.have.property('id', `#sig`); + expect(did.document.verificationMethod?.[1]).to.have.property('id', `#enc`); + expect(did.document.service).to.have.length(1); + expect(did.document.service?.[0]).to.have.property('id', `#dwn`); + expect(did.document.service?.[0]).to.have.property('type', 'DecentralizedWebNode'); + expect(did.document.service?.[0]).to.have.property('serviceEndpoint'); + expect(did.document.service?.[0]?.serviceEndpoint).to.have.property('nodes'); + expect(did.document.service?.[0]?.serviceEndpoint).to.have.property('encryptionKeys'); + expect(did.document.service?.[0]?.serviceEndpoint).to.have.property('signingKeys'); }); it('publishes DIDs, by default', async () => { @@ -421,34 +421,8 @@ describe('DidIon', () => { }); }); - describe('fromKeyManager()', () => { - let keyManager: LocalKeyManager; - - before(() => { - keyManager = new LocalKeyManager(); - }); - - it('returns a DID from existing keys present in a key manager', async () => { - // Stub the DID resolution method to return a DID document with no verification methods. - sinon.stub(DidIon, 'resolve').returns(Promise.resolve(CreateTestVector.oneMethodNoServices.didResolutionResult)); - - // Import the test DID's keys into the key manager. - await keyManager.importKey({ key: CreateTestVector.oneMethodNoServices.privateKey[0] }); - - const did = await DidIon.fromKeyManager({ didUri: CreateTestVector.oneMethodNoServices.didUri, keyManager }); - - expect(did).to.have.property('didDocument'); - expect(did).to.have.property('getSigner'); - expect(did).to.have.property('keyManager'); - expect(did).to.have.property('metadata'); - expect(did).to.have.property('uri', CreateTestVector.oneMethodNoServices.didUri); - - sinon.restore(); - }); - }); - describe('getSigningMethod()', () => { - it('returns the first authentication verification method', async function () { + it('returns the first assertionMethod verification method', async function () { const verificationMethod = await DidIon.getSigningMethod({ didDocument: { id : 'did:ion:123', @@ -460,7 +434,7 @@ describe('DidIon', () => { publicKeyJwk : {} as Jwk } ], - authentication: ['did:ion:123#0'] + assertionMethod: ['did:ion:123#0'] } }); @@ -468,61 +442,70 @@ describe('DidIon', () => { expect(verificationMethod).to.have.property('id', 'did:ion:123#0'); }); - it('returns undefined if there is no authentication verification method', async function () { - const verificationMethod = await DidIon.getSigningMethod({ - didDocument: { - id : 'did:ion:123', - verificationMethod : [ - { - id : 'did:ion:123#0', - type : 'JsonWebKey2020', - controller : 'did:ion:123', - publicKeyJwk : {} as Jwk - } - ], - assertionMethod: ['did:ion:123#0'] - } - }); - - expect(verificationMethod).to.not.exist; + it('throws an error if the DID document is missing verification methods', async function () { + try { + await DidIon.getSigningMethod({ + didDocument: { id: 'did:ion:123' } + }); + expect.fail('Error should have been thrown'); + } catch (error: any) { + expect(error.message).to.include('verification method intended for signing could not be determined'); + } }); - it('returns undefined if the only authentication method is embedded', async function () { - const verificationMethod = await DidIon.getSigningMethod({ - didDocument: { - id : 'did:ion:123', - verificationMethod : [ - { - id : 'did:ion:123#0', - type : 'JsonWebKey2020', - controller : 'did:ion:123', - publicKeyJwk : {} as Jwk - } - ], - authentication: [ - { - id : 'did:ion:123#1', - type : 'JsonWebKey2020', - controller : 'did:ion:123', - publicKeyJwk : {} as Jwk - } - ], - assertionMethod: ['did:ion:123#0'] - } - }); - - expect(verificationMethod).to.not.exist; + it('throws an error if there is no assertionMethod verification method', async function () { + try { + await DidIon.getSigningMethod({ + didDocument: { + id : 'did:ion:123', + verificationMethod : [ + { + id : 'did:ion:123#0', + type : 'JsonWebKey2020', + controller : 'did:ion:123', + publicKeyJwk : {} as Jwk + } + ], + authentication: ['did:ion:123#0'] + } + }); + expect.fail('Error should have been thrown'); + } catch (error: any) { + expect(error.message).to.include('verification method intended for signing could not be determined'); + } }); - it('handles didDocuments missing verification methods', async function () { - const result = await DidIon.getSigningMethod({ - didDocument: { id: 'did:ion:123' } - }); - - expect(result).to.be.undefined; + it('throws an error if the only assertionMethod method is embedded', async function () { + try { + await DidIon.getSigningMethod({ + didDocument: { + id : 'did:ion:123', + verificationMethod : [ + { + id : 'did:ion:123#0', + type : 'JsonWebKey2020', + controller : 'did:ion:123', + publicKeyJwk : {} as Jwk + } + ], + assertionMethod: [ + { + id : 'did:ion:123#1', + type : 'JsonWebKey2020', + controller : 'did:ion:123', + publicKeyJwk : {} as Jwk + } + ], + authentication: ['did:ion:123#0'] + } + }); + expect.fail('Error should have been thrown'); + } catch (error: any) { + expect(error.message).to.include('verification method intended for signing could not be determined'); + } }); - it('throws an error if a non-key method is used', async function () { + it('throws an error if a non-ion method is used', async function () { // Example DID Document with a non-key method const didDocument: DidDocument = { '@context' : 'https://www.w3.org/ns/did/v1', @@ -546,6 +529,92 @@ describe('DidIon', () => { }); }); + describe('import()', () => { + let portableDid: PortableDid; + + beforeEach(() => { + // Define a DID to use for the test. + portableDid = { + uri : 'did:ion:EiB82xs9NseP908Y4amd7oW3jstZuTBQwk2q1ZhdLU9-Sg:eyJkZWx0YSI6eyJwYXRjaGVzIjpbeyJhY3Rpb24iOiJyZXBsYWNlIiwiZG9jdW1lbnQiOnsicHVibGljS2V5cyI6W3siaWQiOiJ3N0tPN1hCMTB5VDZ2RFRTVEh5UWtGaG5VcEZmcVd6eGtkNzB3ZHdDY1ZnIiwicHVibGljS2V5SndrIjp7ImNydiI6IkVkMjU1MTkiLCJrdHkiOiJPS1AiLCJ4IjoiOHJXb0xxR1lyLWxjOUZXUC1peWdDbHZ4R1lNRHJBOEF3NVAwR3ZuOC05RSJ9LCJwdXJwb3NlcyI6WyJhdXRoZW50aWNhdGlvbiIsImFzc2VydGlvbk1ldGhvZCIsImNhcGFiaWxpdHlEZWxlZ2F0aW9uIiwiY2FwYWJpbGl0eUludm9jYXRpb24iXSwidHlwZSI6Ikpzb25XZWJLZXkyMDIwIn1dLCJzZXJ2aWNlcyI6W119fV0sInVwZGF0ZUNvbW1pdG1lbnQiOiJFaUFDdWppZ084N3oyOUJ0N2pjRlViMUdXeUJBTlNuSlA2NF9QS0ctVzVwc19RIn0sInN1ZmZpeERhdGEiOnsiZGVsdGFIYXNoIjoiRWlDN2haUmh3elBTQlE0bkxnbm5TcmRuWE5FWGRZYnk2VUQ1VXNzTkhNSG9rQSIsInJlY292ZXJ5Q29tbWl0bWVudCI6IkVpQU5UXzdkbVBFbklQMUlUNERqaUQxeVJ2VDVrMlg2V3owcVRNZ1k3TU9vRGcifX0', + document : { + id : 'did:ion:EiB82xs9NseP908Y4amd7oW3jstZuTBQwk2q1ZhdLU9-Sg:eyJkZWx0YSI6eyJwYXRjaGVzIjpbeyJhY3Rpb24iOiJyZXBsYWNlIiwiZG9jdW1lbnQiOnsicHVibGljS2V5cyI6W3siaWQiOiJ3N0tPN1hCMTB5VDZ2RFRTVEh5UWtGaG5VcEZmcVd6eGtkNzB3ZHdDY1ZnIiwicHVibGljS2V5SndrIjp7ImNydiI6IkVkMjU1MTkiLCJrdHkiOiJPS1AiLCJ4IjoiOHJXb0xxR1lyLWxjOUZXUC1peWdDbHZ4R1lNRHJBOEF3NVAwR3ZuOC05RSJ9LCJwdXJwb3NlcyI6WyJhdXRoZW50aWNhdGlvbiIsImFzc2VydGlvbk1ldGhvZCIsImNhcGFiaWxpdHlEZWxlZ2F0aW9uIiwiY2FwYWJpbGl0eUludm9jYXRpb24iXSwidHlwZSI6Ikpzb25XZWJLZXkyMDIwIn1dLCJzZXJ2aWNlcyI6W119fV0sInVwZGF0ZUNvbW1pdG1lbnQiOiJFaUFDdWppZ084N3oyOUJ0N2pjRlViMUdXeUJBTlNuSlA2NF9QS0ctVzVwc19RIn0sInN1ZmZpeERhdGEiOnsiZGVsdGFIYXNoIjoiRWlDN2haUmh3elBTQlE0bkxnbm5TcmRuWE5FWGRZYnk2VUQ1VXNzTkhNSG9rQSIsInJlY292ZXJ5Q29tbWl0bWVudCI6IkVpQU5UXzdkbVBFbklQMUlUNERqaUQxeVJ2VDVrMlg2V3owcVRNZ1k3TU9vRGcifX0', + '@context' : [ + 'https://www.w3.org/ns/did/v1', + { + '@base': 'did:ion:EiB82xs9NseP908Y4amd7oW3jstZuTBQwk2q1ZhdLU9-Sg:eyJkZWx0YSI6eyJwYXRjaGVzIjpbeyJhY3Rpb24iOiJyZXBsYWNlIiwiZG9jdW1lbnQiOnsicHVibGljS2V5cyI6W3siaWQiOiJ3N0tPN1hCMTB5VDZ2RFRTVEh5UWtGaG5VcEZmcVd6eGtkNzB3ZHdDY1ZnIiwicHVibGljS2V5SndrIjp7ImNydiI6IkVkMjU1MTkiLCJrdHkiOiJPS1AiLCJ4IjoiOHJXb0xxR1lyLWxjOUZXUC1peWdDbHZ4R1lNRHJBOEF3NVAwR3ZuOC05RSJ9LCJwdXJwb3NlcyI6WyJhdXRoZW50aWNhdGlvbiIsImFzc2VydGlvbk1ldGhvZCIsImNhcGFiaWxpdHlEZWxlZ2F0aW9uIiwiY2FwYWJpbGl0eUludm9jYXRpb24iXSwidHlwZSI6Ikpzb25XZWJLZXkyMDIwIn1dLCJzZXJ2aWNlcyI6W119fV0sInVwZGF0ZUNvbW1pdG1lbnQiOiJFaUFDdWppZ084N3oyOUJ0N2pjRlViMUdXeUJBTlNuSlA2NF9QS0ctVzVwc19RIn0sInN1ZmZpeERhdGEiOnsiZGVsdGFIYXNoIjoiRWlDN2haUmh3elBTQlE0bkxnbm5TcmRuWE5FWGRZYnk2VUQ1VXNzTkhNSG9rQSIsInJlY292ZXJ5Q29tbWl0bWVudCI6IkVpQU5UXzdkbVBFbklQMUlUNERqaUQxeVJ2VDVrMlg2V3owcVRNZ1k3TU9vRGcifX0', + }, + ], + service: [ + ], + verificationMethod: [ + { + id : '#w7KO7XB10yT6vDTSTHyQkFhnUpFfqWzxkd70wdwCcVg', + controller : 'did:ion:EiB82xs9NseP908Y4amd7oW3jstZuTBQwk2q1ZhdLU9-Sg:eyJkZWx0YSI6eyJwYXRjaGVzIjpbeyJhY3Rpb24iOiJyZXBsYWNlIiwiZG9jdW1lbnQiOnsicHVibGljS2V5cyI6W3siaWQiOiJ3N0tPN1hCMTB5VDZ2RFRTVEh5UWtGaG5VcEZmcVd6eGtkNzB3ZHdDY1ZnIiwicHVibGljS2V5SndrIjp7ImNydiI6IkVkMjU1MTkiLCJrdHkiOiJPS1AiLCJ4IjoiOHJXb0xxR1lyLWxjOUZXUC1peWdDbHZ4R1lNRHJBOEF3NVAwR3ZuOC05RSJ9LCJwdXJwb3NlcyI6WyJhdXRoZW50aWNhdGlvbiIsImFzc2VydGlvbk1ldGhvZCIsImNhcGFiaWxpdHlEZWxlZ2F0aW9uIiwiY2FwYWJpbGl0eUludm9jYXRpb24iXSwidHlwZSI6Ikpzb25XZWJLZXkyMDIwIn1dLCJzZXJ2aWNlcyI6W119fV0sInVwZGF0ZUNvbW1pdG1lbnQiOiJFaUFDdWppZ084N3oyOUJ0N2pjRlViMUdXeUJBTlNuSlA2NF9QS0ctVzVwc19RIn0sInN1ZmZpeERhdGEiOnsiZGVsdGFIYXNoIjoiRWlDN2haUmh3elBTQlE0bkxnbm5TcmRuWE5FWGRZYnk2VUQ1VXNzTkhNSG9rQSIsInJlY292ZXJ5Q29tbWl0bWVudCI6IkVpQU5UXzdkbVBFbklQMUlUNERqaUQxeVJ2VDVrMlg2V3owcVRNZ1k3TU9vRGcifX0', + type : 'JsonWebKey2020', + publicKeyJwk : { + crv : 'Ed25519', + kty : 'OKP', + x : '8rWoLqGYr-lc9FWP-iygClvxGYMDrA8Aw5P0Gvn8-9E', + }, + }, + ], + authentication: [ + '#w7KO7XB10yT6vDTSTHyQkFhnUpFfqWzxkd70wdwCcVg', + ], + assertionMethod: [ + '#w7KO7XB10yT6vDTSTHyQkFhnUpFfqWzxkd70wdwCcVg', + ], + capabilityDelegation: [ + '#w7KO7XB10yT6vDTSTHyQkFhnUpFfqWzxkd70wdwCcVg', + ], + capabilityInvocation: [ + '#w7KO7XB10yT6vDTSTHyQkFhnUpFfqWzxkd70wdwCcVg', + ], + }, + metadata: { + published : true, + canonicalId : 'did:ion:EiB82xs9NseP908Y4amd7oW3jstZuTBQwk2q1ZhdLU9-Sg', + recoveryKey : { + kty : 'EC', + crv : 'secp256k1', + x : 'QksyL3a7KSJiP3wBDKE5y6eJfLB-zhrwzogMaBKTJWE', + y : 'UBB51L3h9WtZO-H1DPa14NL0Nprl9QhZqzT-yeE_-Rc', + kid : 'HjpYhxsUEVbp3rJMmP4JZ6I6QoyBwLReEN4LRUm1mbM', + alg : 'ES256K', + }, + updateKey: { + kty : 'EC', + crv : 'secp256k1', + x : 'gr57k7ktS7YtWv1lrqML6bSUIANlnGIOoxbo19hPSyw', + y : 'XeIPR96BI3Q-HTDW5_pF0wNeNw1Q-2wcNx_1IpllFmc', + kid : 'DImcjX7RGtpcmDPKADfYKNEukweZzfP1NZHQH5RW6AM', + alg : 'ES256K', + }, + }, + privateKeys: [ + { + crv : 'Ed25519', + d : 'cmMpyVm6LdGCOW0mk9NWn4RRhTqs_GYz5Oys_0aQNtM', + kty : 'OKP', + x : '8rWoLqGYr-lc9FWP-iygClvxGYMDrA8Aw5P0Gvn8-9E', + kid : 'w7KO7XB10yT6vDTSTHyQkFhnUpFfqWzxkd70wdwCcVg', + alg : 'EdDSA', + }, + ], + }; + }); + + it('returns a previously created DID from the URI and imported key material', async () => { + const did = await DidIon.import({ portableDid }); + + expect(did).to.have.property('document'); + expect(did).to.have.property('getSigner'); + expect(did).to.have.property('keyManager'); + expect(did).to.have.property('metadata'); + expect(did).to.have.property('uri', portableDid.uri); + }); + }); + describe('resolve()', () => { it('resolves published short form ION DIDs', async() => { fetchStub.returns(Promise.resolve(fetchOkResponse(ResolveTestVector.publishedDid.didResolutionResult))); @@ -610,32 +679,32 @@ describe('DidIon', () => { }); }); - describe('toKeys()', () => { - let keyManager: LocalKeyManager; - - before(() => { - keyManager = new LocalKeyManager(); - }); - - it('returns a single verification method for a DID, by default', async () => { - // Import the test DID's key into the key manager. - await keyManager.importKey({ key: ToKeysTestVector.oneMethodNoServices.privateKey[0] }); - - // Use the DID object from the test vector but with the instantiated key manager. - const did = ToKeysTestVector.oneMethodNoServices.did; - did.keyManager = keyManager; - - // Convert the DID to a portable format. - const portableDid = await DidIon.toKeys({ did }); - - expect(portableDid).to.have.property('verificationMethods'); - expect(portableDid.verificationMethods).to.have.length(1); - expect(portableDid.verificationMethods[0]).to.have.property('publicKeyJwk'); - expect(portableDid.verificationMethods[0]).to.have.property('privateKeyJwk'); - expect(portableDid.verificationMethods[0]).to.have.property('purposes'); - expect(portableDid.verificationMethods[0]).to.have.property('type'); - expect(portableDid.verificationMethods[0]).to.have.property('id'); - expect(portableDid.verificationMethods[0]).to.have.property('controller'); - }); - }); + // describe('toKeys()', () => { + // let keyManager: LocalKeyManager; + + // before(() => { + // keyManager = new LocalKeyManager(); + // }); + + // it('returns a single verification method for a DID, by default', async () => { + // // Import the test DID's key into the key manager. + // await keyManager.importKey({ key: ToKeysTestVector.oneMethodNoServices.privateKey[0] }); + + // // Use the DID object from the test vector but with the instantiated key manager. + // const did = ToKeysTestVector.oneMethodNoServices.did; + // did.keyManager = keyManager; + + // // Convert the DID to a portable format. + // const portableDid = await DidIon.toKeys({ did }); + + // expect(portableDid).to.have.property('verificationMethods'); + // expect(portableDid.verificationMethods).to.have.length(1); + // expect(portableDid.verificationMethods[0]).to.have.property('publicKeyJwk'); + // expect(portableDid.verificationMethods[0]).to.have.property('privateKeyJwk'); + // expect(portableDid.verificationMethods[0]).to.have.property('purposes'); + // expect(portableDid.verificationMethods[0]).to.have.property('type'); + // expect(portableDid.verificationMethods[0]).to.have.property('id'); + // expect(portableDid.verificationMethods[0]).to.have.property('controller'); + // }); + // }); }); \ No newline at end of file diff --git a/packages/dids/tests/methods/did-jwk.spec.ts b/packages/dids/tests/methods/did-jwk.spec.ts index 49ce27ab5..5142344e7 100644 --- a/packages/dids/tests/methods/did-jwk.spec.ts +++ b/packages/dids/tests/methods/did-jwk.spec.ts @@ -1,12 +1,11 @@ import type { Jwk } from '@web5/crypto'; import type { UnwrapPromise } from '@web5/common'; -import sinon from 'sinon'; import { expect } from 'chai'; import { LocalKeyManager } from '@web5/crypto'; import type { DidDocument } from '../../src/types/did-core.js'; -import type { PortableDid, PortableDidVerificationMethod } from '../../src/portable-did.js'; +import type { PortableDid } from '../../src/types/portable-did.js'; import { DidErrorCode } from '../../src/did-error.js'; import { DidJwk } from '../../src/methods/did-jwk.js'; @@ -21,15 +20,15 @@ describe('DidJwk', () => { describe('create()', () => { it('creates a did:jwk DID', async () => { - const did = await DidJwk.create({ keyManager, options: { algorithm: 'Ed25519' } }); + const did = await DidJwk.create({ keyManager, options: { algorithm: 'secp256k1' } }); - expect(did).to.have.property('didDocument'); + expect(did).to.have.property('document'); expect(did).to.have.property('getSigner'); expect(did).to.have.property('keyManager'); expect(did).to.have.property('metadata'); expect(did).to.have.property('uri'); expect(did.uri.startsWith('did:jwk:')).to.be.true; - expect(did.didDocument.verificationMethod).to.have.length(1); + expect(did.document.verificationMethod).to.have.length(1); }); it('uses a default key manager and key generation algorithm if neither is given', async () => { @@ -50,7 +49,7 @@ describe('DidJwk', () => { const did = await DidJwk.create({ keyManager, options: { algorithm: 'secp256k1' } }); // Retrieve the public key from the key manager. - const keyUri = await keyManager.getKeyUri({ key: did.didDocument.verificationMethod![0]!.publicKeyJwk! }); + const keyUri = await keyManager.getKeyUri({ key: did.document.verificationMethod![0]!.publicKeyJwk! }); const publicKey = await keyManager.getPublicKey({ keyUri }); // Verify the public key is an secp256k1 key. @@ -61,7 +60,7 @@ describe('DidJwk', () => { const did = await DidJwk.create({ keyManager, options: { verificationMethods: [{ algorithm: 'secp256k1' }] } }); // Retrieve the public key from the key manager. - const keyUri = await keyManager.getKeyUri({ key: did.didDocument.verificationMethod![0]!.publicKeyJwk! }); + const keyUri = await keyManager.getKeyUri({ key: did.document.verificationMethod![0]!.publicKeyJwk! }); const publicKey = await keyManager.getPublicKey({ keyUri }); // Verify the public key is an secp256k1 key. @@ -72,7 +71,7 @@ describe('DidJwk', () => { const did = await DidJwk.create({ keyManager }); // Retrieve the public key from the key manager. - const keyUri = await keyManager.getKeyUri({ key: did.didDocument.verificationMethod![0]!.publicKeyJwk! }); + const keyUri = await keyManager.getKeyUri({ key: did.document.verificationMethod![0]!.publicKeyJwk! }); const publicKey = await keyManager.getPublicKey({ keyUri }); // Verify the public key is an Ed25519 key. @@ -89,31 +88,6 @@ describe('DidJwk', () => { ).to.have.property('uri'); }); - it('returns a getSigner() function that creates valid signatures that can be verified', async () => { - const did = await DidJwk.create({ keyManager, options: { algorithm: 'Ed25519' } }); - - const signer = await did.getSigner(); - const data = new Uint8Array([1, 2, 3]); - const signature = await signer.sign({ data }); - const isValid = await signer.verify({ data, signature }); - - expect(signature).to.have.length(64); - expect(isValid).to.be.true; - }); - - it('returns a getSigner() function handles undefined params', async function () { - // Create a `did:jwk` DID. - const did = await DidJwk.create({ keyManager, options: { algorithm: 'Ed25519' } }); - - // Simulate the creation of a signer with undefined params - const signer = await did.getSigner({ }); - - // Note: Since this test does not interact with an actual keyManager, it primarily ensures - // that the method doesn't break with undefined params. - expect(signer).to.have.property('sign'); - expect(signer).to.have.property('verify'); - }); - it('throws an error if both algorithm and verificationMethods are provided', async () => { try { await DidJwk.create({ @@ -128,241 +102,170 @@ describe('DidJwk', () => { expect(error.message).to.include('options are mutually exclusive'); } }); - }); - - describe('fromKeyManager()', () => { - let didUri: string; - let keyManager: LocalKeyManager; - let privateKey: Jwk; - - before(() => { - keyManager = new LocalKeyManager(); - }); - - beforeEach(() => { - didUri = 'did:jwk:eyJrdHkiOiJPS1AiLCJjcnYiOiJFZDI1NTE5IiwieCI6IjNFQmFfRUxvczJhbHZMb2pxSVZjcmJLcGlyVlhqNmNqVkQ1djJWaHdMejgifQ'; - - privateKey = { - kty : 'OKP', - crv : 'Ed25519', - x : '3EBa_ELos2alvLojqIVcrbKpirVXj6cjVD5v2VhwLz8', - d : 'hMqv-FAvhVWz2nxobesO7TzI0-GN0kvzkUGYdnZt_TA' - }; - }); - - it('returns a DID JWK from existing keys present in a key manager', async () => { - // Import the test DID's keys into the key manager. - await keyManager.importKey({ key: privateKey }); - - const did = await DidJwk.fromKeyManager({ didUri, keyManager }); - expect(did).to.have.property('didDocument'); - expect(did).to.have.property('getSigner'); - expect(did).to.have.property('keyManager'); - expect(did).to.have.property('metadata'); - expect(did).to.have.property('uri', didUri); - }); - - it('returns a DID with a getSigner function that can sign and verify data', async () => { - // Import the test DID's keys into the key manager. - await keyManager.importKey({ key: privateKey }); - - const did = await DidJwk.fromKeyManager({ didUri, keyManager }); - - const signer = await did.getSigner(); - const data = new Uint8Array([1, 2, 3]); - const signature = await signer.sign({ data }); - const isValid = await signer.verify({ data, signature }); - - expect(signature).to.have.length(64); - expect(isValid).to.be.true; - }); - - it('returns a DID with a getSigner function that accepts a specific keyUri', async () => { - // Import the test DID's keys into the key manager. - await keyManager.importKey({ key: privateKey }); - - const did = await DidJwk.fromKeyManager({ didUri, keyManager }); - - // Retrieve the key URI of the verification method's public key. - const { d, ...publicKey } = privateKey; // Remove the private key component - const keyUri = await did.keyManager.getKeyUri({ key: publicKey }); - - const signer = await did.getSigner({ keyUri }); - const data = new Uint8Array([1, 2, 3]); - const signature = await signer.sign({ data }); - const isValid = await signer.verify({ data, signature }); - - expect(signature).to.have.length(64); - expect(isValid).to.be.true; - }); - - it(`does not include the 'keyAgreement' relationship when JWK use is 'sig'`, async () => { - // Add the `sig` key use property to the test DID's private key. - privateKey.use = 'sig'; - - // Redefine the DID URI that is based on inclusion of the `use: 'sig'` property. - didUri = 'did:jwk:eyJrdHkiOiJPS1AiLCJjcnYiOiJFZDI1NTE5IiwieCI6IjNFQmFfRUxvczJhbHZMb2pxSVZjcmJLcGlyVlhqNmNqVkQ1djJWaHdMejgiLCJ1c2UiOiJzaWcifQ'; - - // Import the private key into the key manager. - await keyManager.importKey({ key: privateKey }); - - // Instantiate the DID object using the existing key. - let did = await DidJwk.fromKeyManager({ didUri, keyManager }); - - // Verify the DID document does not contain the `keyAgreement` relationship. - expect(did.didDocument).to.not.have.property('keyAgreement'); - }); - - it(`only specifies 'keyAgreement' relationship when JWK use is 'enc'`, async () => { - // Redefine the test DID's private key to be a secp256k1 key with the `enc` key use property. - privateKey = { - kty : 'EC', - crv : 'secp256k1', - d : 'WJPT7YKR12IulMa2cCQIoQXEK3YL3K4bBDmd684gnEY', - x : 'ORyV-OYLFV0C7Vv9ky-j90Yi4nDTkaYdF2-hObR71SM', - y : 'D2EyTbAkVfaBa9khVngdqwLfSy6hnIYAz3lLxdvJmEc', - kid : '_BuKVglXMSv5OLbiRABKQPXDwmDoHucVPpwdnhdUwEU', - alg : 'ES256K', - use : 'enc', - }; - - // Redefine the DID URI that is based on inclusion of the `use: 'enc'` property. - didUri = 'did:jwk:eyJrdHkiOiJFQyIsImNydiI6InNlY3AyNTZrMSIsIngiOiJPUnlWLU9ZTEZWMEM3VnY5a3ktajkwWWk0bkRUa2FZZEYyLWhPYlI3MVNNIiwieSI6IkQyRXlUYkFrVmZhQmE5a2hWbmdkcXdMZlN5NmhuSVlBejNsTHhkdkptRWMiLCJraWQiOiJfQnVLVmdsWE1TdjVPTGJpUkFCS1FQWER3bURvSHVjVlBwd2RuaGRVd0VVIiwiYWxnIjoiRVMyNTZLIiwidXNlIjoiZW5jIn0'; - - // Import the private key into the key manager. - await keyManager.importKey({ key: privateKey }); - - // Instantiate the DID object using the existing key. - const did = await DidJwk.fromKeyManager({ didUri, keyManager }); - - // Verrify the DID document does not contain any verification relationships other than - // `keyAgreement`. - expect(did.didDocument).to.have.property('keyAgreement'); - expect(did.didDocument).to.not.have.property('assertionMethod'); - expect(did.didDocument).to.not.have.property('authentication'); - expect(did.didDocument).to.not.have.property('capabilityDelegation'); - expect(did.didDocument).to.not.have.property('capabilityInvocation'); - }); - - it('throws an error if the given DID URI cannot be resolved', async () => { - const didUri = 'did:jwk:...'; + it('throws an error if zero verificationMethods are given', async () => { try { - await DidJwk.fromKeyManager({ didUri, keyManager }); + // @ts-expect-error - Test case where verificationMethods is undefined. + await DidJwk.create({ keyManager, options: { verificationMethods: [] } }); expect.fail('Expected an error to be thrown.'); } catch (error: any) { - expect(error.message).to.include('missing verification methods'); + expect(error.message).to.include('must contain exactly one entry'); } }); - it('throws an error if an unsupported DID method is given', async () => { + it('throws an error if two or more verificationMethods are given', async () => { try { - await DidJwk.fromKeyManager({ didUri: 'did:example:e30', keyManager }); + await DidJwk.create({ + keyManager, + // @ts-expect-error - Test case where verificationMethods has too many entries. + options: { verificationMethods: [{ algorithm: 'secp256k1' }, { algorithm: 'Ed25519' }] } + }); expect.fail('Expected an error to be thrown.'); } catch (error: any) { - expect(error.message).to.include('Method not supported'); - expect(error.code).to.equal(DidErrorCode.MethodNotSupported); + expect(error.message).to.include('must contain exactly one entry'); } }); + }); - it('throws an error if the resolved DID document lacks any verification methods', async () => { - // Stub the DID resolve method to return a DID document without a verificationMethod property. - sinon.stub(DidJwk, 'resolve').returns(Promise.resolve({ - didDocument : { id: 'did:jwk:...' }, - didDocumentMetadata : {}, - didResolutionMetadata : {} - })); + describe('export()', () => { + it('returns a single verification method for a DID', async () => { + // Create a DID to use for the test. + const did = await DidJwk.create(); - const didUri = 'did:jwk:...'; - try { - await DidJwk.fromKeyManager({ didUri, keyManager }); - expect.fail('Expected an error to be thrown.'); - } catch (error: any) { - expect(error.message).to.include('missing verification methods'); - } finally { - sinon.restore(); - } + const portableDid = await did.export(); - // Stub the DID resolve method to return a DID document an empty verificationMethod property. - sinon.stub(DidJwk, 'resolve').returns(Promise.resolve({ - didDocument : { id: 'did:jwk:...', verificationMethod: [] }, - didDocumentMetadata : {}, - didResolutionMetadata : {} - })); + expect(portableDid.document).to.have.property('verificationMethod'); + expect(portableDid.document.verificationMethod).to.have.length(1); + expect(portableDid.document.verificationMethod![0]).to.have.property('publicKeyJwk'); + expect(portableDid.document.verificationMethod![0]).to.have.property('type'); + expect(portableDid.document.verificationMethod![0]).to.have.property('id'); + expect(portableDid.document.verificationMethod![0]).to.have.property('controller'); + expect(portableDid.privateKeys).to.have.length(1); + expect(portableDid.privateKeys![0]).to.have.property('crv'); + expect(portableDid.privateKeys![0]).to.have.property('x'); + expect(portableDid.privateKeys![0]).to.have.property('d'); + }); + }); + describe('getSigningMethod()', () => { + it('returns the signing method for a DID', async () => { + // Create a DID to use for the test. + const did = await DidJwk.create(); + + const signingMethod = await DidJwk.getSigningMethod({ didDocument: did.document }); + + expect(signingMethod).to.have.property('publicKeyJwk'); + expect(signingMethod).to.have.property('type', 'JsonWebKey2020'); + expect(signingMethod).to.have.property('id', `${did.uri}#0`); + expect(signingMethod).to.have.property('controller', did.uri); + }); + + it('throws an error if the DID document is missing verification methods', async function () { try { - await DidJwk.fromKeyManager({ didUri, keyManager }); - expect.fail('Expected an error to be thrown.'); + await DidJwk.getSigningMethod({ + didDocument: { id: 'did:jwk:123' } + }); + expect.fail('Error should have been thrown'); } catch (error: any) { - expect(error.message).to.include('missing verification methods'); - } finally { - sinon.restore(); + expect(error.message).to.include('verification method intended for signing could not be determined'); } }); - it('throws an error if the resolved DID document is missing a public key', async () => { - // Stub the DID resolution method to return a DID document with no verification methods. - sinon.stub(DidJwk, 'resolve').returns(Promise.resolve({ - didDocument: { - id : 'did:jwk:...', - verificationMethod : [{ - id : 'did:jwk:...#0', - type : 'JsonWebKey2020', - controller : 'did:jwk:...' - }], - }, - didDocumentMetadata : {}, - didResolutionMetadata : {} - })); + it('throws an error if a non-jwk method is used', async function () { + // Example DID Document with a non-jwk method + const didDocument: DidDocument = { + '@context' : 'https://www.w3.org/ns/did/v1', + id : 'did:example:123', + verificationMethod : [ + { + id : 'did:example:123#0', + type : 'JsonWebKey2020', + controller : 'did:example:123', + publicKeyJwk : {} as Jwk + } + ], + }; - const didUri = 'did:jwk:...'; try { - await DidJwk.fromKeyManager({ didUri, keyManager }); - expect.fail('Expected an error to be thrown.'); + await DidJwk.getSigningMethod({ didDocument }); + expect.fail('Error should have been thrown'); } catch (error: any) { - expect(error.message).to.include('does not contain a public key'); - } finally { - sinon.restore(); + expect(error.message).to.equal('Method not supported: example'); } }); }); - describe('fromKeys()', () => { + describe('import()', () => { let portableDid: PortableDid; beforeEach(() => { // Define a DID to use for the test. portableDid = { - uri : 'did:jwk:eyJrdHkiOiJPS1AiLCJjcnYiOiJFZDI1NTE5IiwieCI6IjNFQmFfRUxvczJhbHZMb2pxSVZjcmJLcGlyVlhqNmNqVkQ1djJWaHdMejgifQ', - verificationMethods : [{ - publicKeyJwk: { - kty : 'OKP', + uri : 'did:jwk:eyJjcnYiOiJFZDI1NTE5Iiwia3R5IjoiT0tQIiwieCI6Im80MHNoWnJzY28tQ2ZFcWs2bUZzWGZjUDk0bHkzQXozZ204NFB6QVVzWG8iLCJraWQiOiJCRHAweGltODJHc3dseG5QVjhUUHRCZFV3ODB3a0dJRjhnakZidzF4NWlRIiwiYWxnIjoiRWREU0EifQ', + document : { + '@context': [ + 'https://www.w3.org/ns/did/v1', + 'https://w3id.org/security/suites/jws-2020/v1', + ], + id : 'did:jwk:eyJjcnYiOiJFZDI1NTE5Iiwia3R5IjoiT0tQIiwieCI6Im80MHNoWnJzY28tQ2ZFcWs2bUZzWGZjUDk0bHkzQXozZ204NFB6QVVzWG8iLCJraWQiOiJCRHAweGltODJHc3dseG5QVjhUUHRCZFV3ODB3a0dJRjhnakZidzF4NWlRIiwiYWxnIjoiRWREU0EifQ', + verificationMethod : [ + { + id : 'did:jwk:eyJjcnYiOiJFZDI1NTE5Iiwia3R5IjoiT0tQIiwieCI6Im80MHNoWnJzY28tQ2ZFcWs2bUZzWGZjUDk0bHkzQXozZ204NFB6QVVzWG8iLCJraWQiOiJCRHAweGltODJHc3dseG5QVjhUUHRCZFV3ODB3a0dJRjhnakZidzF4NWlRIiwiYWxnIjoiRWREU0EifQ#0', + type : 'JsonWebKey2020', + controller : 'did:jwk:eyJjcnYiOiJFZDI1NTE5Iiwia3R5IjoiT0tQIiwieCI6Im80MHNoWnJzY28tQ2ZFcWs2bUZzWGZjUDk0bHkzQXozZ204NFB6QVVzWG8iLCJraWQiOiJCRHAweGltODJHc3dseG5QVjhUUHRCZFV3ODB3a0dJRjhnakZidzF4NWlRIiwiYWxnIjoiRWREU0EifQ', + publicKeyJwk : { + crv : 'Ed25519', + kty : 'OKP', + x : 'o40shZrsco-CfEqk6mFsXfcP94ly3Az3gm84PzAUsXo', + kid : 'BDp0xim82GswlxnPV8TPtBdUw80wkGIF8gjFbw1x5iQ', + alg : 'EdDSA', + }, + }, + ], + authentication: [ + 'did:jwk:eyJjcnYiOiJFZDI1NTE5Iiwia3R5IjoiT0tQIiwieCI6Im80MHNoWnJzY28tQ2ZFcWs2bUZzWGZjUDk0bHkzQXozZ204NFB6QVVzWG8iLCJraWQiOiJCRHAweGltODJHc3dseG5QVjhUUHRCZFV3ODB3a0dJRjhnakZidzF4NWlRIiwiYWxnIjoiRWREU0EifQ#0', + ], + assertionMethod: [ + 'did:jwk:eyJjcnYiOiJFZDI1NTE5Iiwia3R5IjoiT0tQIiwieCI6Im80MHNoWnJzY28tQ2ZFcWs2bUZzWGZjUDk0bHkzQXozZ204NFB6QVVzWG8iLCJraWQiOiJCRHAweGltODJHc3dseG5QVjhUUHRCZFV3ODB3a0dJRjhnakZidzF4NWlRIiwiYWxnIjoiRWREU0EifQ#0', + ], + capabilityInvocation: [ + 'did:jwk:eyJjcnYiOiJFZDI1NTE5Iiwia3R5IjoiT0tQIiwieCI6Im80MHNoWnJzY28tQ2ZFcWs2bUZzWGZjUDk0bHkzQXozZ204NFB6QVVzWG8iLCJraWQiOiJCRHAweGltODJHc3dseG5QVjhUUHRCZFV3ODB3a0dJRjhnakZidzF4NWlRIiwiYWxnIjoiRWREU0EifQ#0', + ], + capabilityDelegation: [ + 'did:jwk:eyJjcnYiOiJFZDI1NTE5Iiwia3R5IjoiT0tQIiwieCI6Im80MHNoWnJzY28tQ2ZFcWs2bUZzWGZjUDk0bHkzQXozZ204NFB6QVVzWG8iLCJraWQiOiJCRHAweGltODJHc3dseG5QVjhUUHRCZFV3ODB3a0dJRjhnakZidzF4NWlRIiwiYWxnIjoiRWREU0EifQ#0', + ], + keyAgreement: [ + 'did:jwk:eyJjcnYiOiJFZDI1NTE5Iiwia3R5IjoiT0tQIiwieCI6Im80MHNoWnJzY28tQ2ZFcWs2bUZzWGZjUDk0bHkzQXozZ204NFB6QVVzWG8iLCJraWQiOiJCRHAweGltODJHc3dseG5QVjhUUHRCZFV3ODB3a0dJRjhnakZidzF4NWlRIiwiYWxnIjoiRWREU0EifQ#0', + ], + }, + metadata: { + }, + privateKeys: [ + { crv : 'Ed25519', - x : '3EBa_ELos2alvLojqIVcrbKpirVXj6cjVD5v2VhwLz8' - }, - privateKeyJwk: { + d : '628WwXicdWc0BULN1JG_ybSrhwWWnz9NFwxbG09Ecr0', kty : 'OKP', - crv : 'Ed25519', - x : '3EBa_ELos2alvLojqIVcrbKpirVXj6cjVD5v2VhwLz8', - d : 'hMqv-FAvhVWz2nxobesO7TzI0-GN0kvzkUGYdnZt_TA' + x : 'o40shZrsco-CfEqk6mFsXfcP94ly3Az3gm84PzAUsXo', + kid : 'BDp0xim82GswlxnPV8TPtBdUw80wkGIF8gjFbw1x5iQ', + alg : 'EdDSA', }, - purposes: ['authentication'] - }] + ], }; }); - it('returns a DID JWK from the given set of verification method keys', async () => { - const did = await DidJwk.fromKeys(portableDid); + it('returns a BearerDid from the given DID JWK PortableDid', async () => { + const did = await DidJwk.import({ portableDid }); - expect(did).to.have.property('didDocument'); + expect(did).to.have.property('document'); expect(did).to.have.property('getSigner'); expect(did).to.have.property('keyManager'); expect(did).to.have.property('metadata'); expect(did).to.have.property('uri', portableDid.uri); + expect(did.document).to.deep.equal(portableDid.document); }); it('returns a DID with a getSigner function that can sign and verify data', async () => { - const did = await DidJwk.fromKeys(portableDid); + const did = await DidJwk.import({ portableDid }); const signer = await did.getSigner(); const data = new Uint8Array([1, 2, 3]); const signature = await signer.sign({ data }); @@ -372,168 +275,69 @@ describe('DidJwk', () => { expect(isValid).to.be.true; }); - it('returns a DID with a getSigner function that accepts a specific keyUri', async () => { - const did = await DidJwk.fromKeys(portableDid); - - // Retrieve the key URI of the verification method's public key. - const keyUri = await did.keyManager.getKeyUri({ key: portableDid.verificationMethods![0].publicKeyJwk! }); - - const signer = await did.getSigner({ keyUri }); - const data = new Uint8Array([1, 2, 3]); - const signature = await signer.sign({ data }); - const isValid = await signer.verify({ data, signature }); - - expect(signature).to.have.length(64); - expect(isValid).to.be.true; - }); - - it(`does not include the 'keyAgreement' relationship when JWK use is 'sig'`, async () => { - // Add the `sig` key use property. - portableDid.verificationMethods[0].privateKeyJwk!.use = 'sig'; - portableDid.verificationMethods[0].publicKeyJwk!.use = 'sig'; - - // Import the private key into a key manager. - const keyManager = new LocalKeyManager(); - await keyManager.importKey({ key: portableDid.verificationMethods![0].privateKeyJwk! }); - - // Create the DID using the key set. - let did = await DidJwk.fromKeys(portableDid); - - // Verify the DID document does not contain the `keyAgreement` relationship. - expect(did.didDocument).to.not.have.property('keyAgreement'); - }); - - it(`only specifies 'keyAgreement' relationship when JWK use is 'enc'`, async () => { - // Generate a random secp256k1 private key. - const keyUri = await keyManager.generateKey({ algorithm: 'secp256k1' }); - const publicKey = await keyManager.getPublicKey({ keyUri }); - const privateKey = await keyManager.exportKey({ keyUri }); - - // Add the `enc` key use property. - privateKey.use = 'enc'; - publicKey.use = 'enc'; - - // Swap the keys in the key set with the newly generated secp256k1 keys. - portableDid.verificationMethods[0].privateKeyJwk = privateKey; - portableDid.verificationMethods[0].publicKeyJwk = publicKey; - - // Create the DID using the key set. - let did = await DidJwk.fromKeys({ - keyManager, - verificationMethods: portableDid.verificationMethods! - }); - - // Verrify the DID document does not contain any verification relationships other than - // `keyAgreement`. - expect(did.didDocument).to.have.property('keyAgreement'); - expect(did.didDocument).to.not.have.property('assertionMethod'); - expect(did.didDocument).to.not.have.property('authentication'); - expect(did.didDocument).to.not.have.property('capabilityDelegation'); - expect(did.didDocument).to.not.have.property('capabilityInvocation'); - }); - - it('throws an error if no verification methods are given', async () => { - try { - // @ts-expect-error - Test case where verificationMethods is undefined. - await DidJwk.fromKeys({}); - expect.fail('Expected an error to be thrown.'); - } catch (error: any) { - expect(error.message).to.include('one verification method'); - } - }); - - it('throws an error if the given key set is empty', async () => { - try { - await DidJwk.fromKeys({ verificationMethods: [] }); - expect.fail('Expected an error to be thrown.'); - } catch (error: any) { - expect(error.message).to.include('one verification method'); - } - }); - - it('throws an error if the given key set is missing a public key', async () => { - delete portableDid.verificationMethods[0].publicKeyJwk; + it('throws an error if the DID method is not supported', async () => { + // Change the method to something other than 'jwk'. + portableDid.uri = 'did:unknown:abc123'; try { - await DidJwk.fromKeys(portableDid); + await DidJwk.import({ portableDid }); expect.fail('Expected an error to be thrown.'); } catch (error: any) { - expect(error.message).to.include('does not contain a public and private key'); + expect(error.code).to.equal(DidErrorCode.MethodNotSupported); + expect(error.message).to.include('Method not supported'); } }); - it('throws an error if the given key set is missing a private key', async () => { - delete portableDid.verificationMethods[0].privateKeyJwk; + it('throws an error if the DID method cannot be determined', async () => { + // An unparsable DID URI. + portableDid.uri = 'did:abc123'; try { - await DidJwk.fromKeys(portableDid); + await DidJwk.import({ portableDid }); expect.fail('Expected an error to be thrown.'); } catch (error: any) { - expect(error.message).to.include('does not contain a public and private key'); + expect(error.code).to.equal(DidErrorCode.MethodNotSupported); + expect(error.message).to.include('Method not supported'); } }); - it('throws an error if the key set contains two or more keys', async () => { - const verificationMethod: PortableDidVerificationMethod = { - publicKeyJwk: { - kty : 'OKP', - crv : 'Ed25519', - x : '3EBa_ELos2alvLojqIVcrbKpirVXj6cjVD5v2VhwLz8' - }, - privateKeyJwk: { - kty : 'OKP', - crv : 'Ed25519', - x : '3EBa_ELos2alvLojqIVcrbKpirVXj6cjVD5v2VhwLz8', - d : 'hMqv-FAvhVWz2nxobesO7TzI0-GN0kvzkUGYdnZt_TA' - }, - purposes: ['authentication'] - }; + it('throws an error if the DID document contains two or more verification methods', async () => { + // Add a second verification method to the DID document. + portableDid.document.verificationMethod?.push(portableDid.document.verificationMethod[0]); try { - await DidJwk.fromKeys({ - verificationMethods: [verificationMethod, verificationMethod] - }); + await DidJwk.import({ portableDid }); expect.fail('Expected an error to be thrown.'); } catch (error: any) { - expect(error.message).to.include('one verification method'); + expect(error.code).to.equal(DidErrorCode.InvalidDidDocument); + expect(error.message).to.include('DID document must contain exactly one verification method'); } }); }); - describe('getSigningMethod()', () => { - it('handles didDocuments missing verification methods', async function () { - const result = await DidJwk.getSigningMethod({ - didDocument: { id: 'did:jwk:123' } - }); + describe('resolve()', () => { + it(`does not include the 'keyAgreement' relationship when JWK use is 'sig'`, async () => { + const didWithSigKeyUse = 'did:jwk:eyJjcnYiOiJFZDI1NTE5Iiwia3R5IjoiT0tQIiwieCI6IkMxeUttMzhGYWdLamZRblpjLVFuVEdFYm5wSXUwTE8tTGNIbXZUbE01b0UiLCJraWQiOiJ6d1RvZVFpb0NkbGROV20wZEtZNG95T1dlb1BSRzZ2UG40SW1Hb0M5ekZNIiwiYWxnIjoiRWREU0EiLCJ1c2UiOiJzaWcifQ'; - expect(result).to.be.undefined; + const resolutionResult = await DidJwk.resolve(didWithSigKeyUse); + + // Verify the DID document does not contain the `keyAgreement` relationship. + expect(resolutionResult.didDocument).to.not.have.property('keyAgreement'); }); - it('throws an error if a non-jwk method is used', async function () { - // Example DID Document with a non-jwk method - const didDocument: DidDocument = { - '@context' : 'https://www.w3.org/ns/did/v1', - id : 'did:example:123', - verificationMethod : [ - { - id : 'did:example:123#0', - type : 'JsonWebKey2020', - controller : 'did:example:123', - publicKeyJwk : {} as Jwk - } - ], - }; + it(`only specifies 'keyAgreement' relationship when JWK use is 'enc'`, async () => { + const didWithEncKeyUse = 'did:jwk:eyJrdHkiOiJFQyIsImNydiI6InNlY3AyNTZrMSIsIngiOiJCTVcwQ2lnMjBuTFozTTV5NzkxTEFuY2RyZnl6WS1qTE95UnNVU29tX1g4IiwieSI6IlVrajU4N0VJcVk4cl9jYU1zUmNOZkI4MWxjbGJPNjRmUG4yOXRHOEJWbUkiLCJraWQiOiI5Yi1oUTVlc0NiQlpKNkl5Z0hFZ0Z6T21rUkM1U2QzSlZ5R2FLS0ZGZUVFIiwiYWxnIjoiRVMyNTZLIiwidXNlIjoiZW5jIn0'; - try { - await DidJwk.getSigningMethod({ didDocument }); - expect.fail('Error should have been thrown'); - } catch (error: any) { - expect(error.message).to.equal('Method not supported: example'); - } + const resolutionResult = await DidJwk.resolve(didWithEncKeyUse); + + // Verrify the DID document does not contain any verification relationships other than `keyAgreement`. + expect(resolutionResult.didDocument).to.have.property('keyAgreement'); + expect(resolutionResult.didDocument).to.not.have.property('assertionMethod'); + expect(resolutionResult.didDocument).to.not.have.property('authentication'); + expect(resolutionResult.didDocument).to.not.have.property('capabilityDelegation'); + expect(resolutionResult.didDocument).to.not.have.property('capabilityInvocation'); }); - }); - describe('resolve()', () => { it('returns an error due to DID parsing failing', async function () { const invalidDidUri = 'did:invalidFormat'; const resolutionResult = await DidJwk.resolve(invalidDidUri); @@ -553,24 +357,6 @@ describe('DidJwk', () => { }); }); - describe('toKeys()', () => { - it('returns a single verification method for a DID', async () => { - // Create a DID to use for the test. - const did = await DidJwk.create(); - - const keySet = await DidJwk.toKeys({ did }); - - expect(keySet).to.have.property('verificationMethods'); - expect(keySet.verificationMethods).to.have.length(1); - expect(keySet.verificationMethods![0]).to.have.property('publicKeyJwk'); - expect(keySet.verificationMethods![0]).to.have.property('privateKeyJwk'); - expect(keySet.verificationMethods![0]).to.have.property('purposes'); - expect(keySet.verificationMethods![0]).to.have.property('type'); - expect(keySet.verificationMethods![0]).to.have.property('id'); - expect(keySet.verificationMethods![0]).to.have.property('controller'); - }); - }); - describe('Web5TestVectorsDidJwk', () => { it('resolve', async () => { type TestVector = { diff --git a/packages/dids/tests/methods/did-key.spec.ts b/packages/dids/tests/methods/did-key.spec.ts index dde1e48e4..4cec299e4 100644 --- a/packages/dids/tests/methods/did-key.spec.ts +++ b/packages/dids/tests/methods/did-key.spec.ts @@ -1,11 +1,10 @@ import type { Jwk } from '@web5/crypto'; -import sinon from 'sinon'; import { expect } from 'chai'; import { LocalKeyManager } from '@web5/crypto'; import type { DidDocument } from '../../src/types/did-core.js'; -import type { PortableDid, PortableDidVerificationMethod } from '../../src/portable-did.js'; +import type { PortableDid } from '../../src/types/portable-did.js'; import { DidErrorCode } from '../../src/did-error.js'; import { DidKey, DidKeyUtils } from '../../src/methods/did-key.js'; @@ -21,13 +20,13 @@ describe('DidKey', () => { it('creates a did:key DID', async () => { const did = await DidKey.create({ keyManager, options: { algorithm: 'Ed25519' } }); - expect(did).to.have.property('didDocument'); + expect(did).to.have.property('document'); expect(did).to.have.property('getSigner'); expect(did).to.have.property('keyManager'); expect(did).to.have.property('metadata'); expect(did).to.have.property('uri'); expect(did.uri.startsWith('did:key:')).to.be.true; - expect(did.didDocument.verificationMethod).to.have.length(1); + expect(did.document.verificationMethod).to.have.length(1); }); it('uses a default key manager and key generation algorithm if neither is given', async () => { @@ -48,7 +47,7 @@ describe('DidKey', () => { const did = await DidKey.create({ keyManager, options: { algorithm: 'secp256k1' } }); // Retrieve the public key from the key manager. - const keyUri = await keyManager.getKeyUri({ key: did.didDocument.verificationMethod![0]!.publicKeyJwk! }); + const keyUri = await keyManager.getKeyUri({ key: did.document.verificationMethod![0]!.publicKeyJwk! }); const publicKey = await keyManager.getPublicKey({ keyUri }); // Verify the public key is an secp256k1 key. @@ -59,7 +58,7 @@ describe('DidKey', () => { const did = await DidKey.create({ keyManager, options: { verificationMethods: [{ algorithm: 'secp256k1' }] } }); // Retrieve the public key from the key manager. - const keyUri = await keyManager.getKeyUri({ key: did.didDocument.verificationMethod![0]!.publicKeyJwk! }); + const keyUri = await keyManager.getKeyUri({ key: did.document.verificationMethod![0]!.publicKeyJwk! }); const publicKey = await keyManager.getPublicKey({ keyUri }); // Verify the public key is an secp256k1 key. @@ -70,7 +69,7 @@ describe('DidKey', () => { const did = await DidKey.create({ keyManager }); // Retrieve the public key from the key manager. - const keyUri = await keyManager.getKeyUri({ key: did.didDocument.verificationMethod![0]!.publicKeyJwk! }); + const keyUri = await keyManager.getKeyUri({ key: did.document.verificationMethod![0]!.publicKeyJwk! }); const publicKey = await keyManager.getPublicKey({ keyUri }); // Verify the public key is an Ed25519 key. @@ -89,12 +88,12 @@ describe('DidKey', () => { it('supports multibase and JWK public key format', async () => { let did = await DidKey.create({ keyManager, options: { publicKeyFormat: 'JsonWebKey2020' } }); - expect(did.didDocument.verificationMethod![0]!.publicKeyJwk).to.exist; - expect(did.didDocument.verificationMethod![0]!.publicKeyMultibase).to.not.exist; + expect(did.document.verificationMethod![0]!.publicKeyJwk).to.exist; + expect(did.document.verificationMethod![0]!.publicKeyMultibase).to.not.exist; did = await DidKey.create({ keyManager, options: { publicKeyFormat: 'Ed25519VerificationKey2020' } }); - expect(did.didDocument.verificationMethod![0]!.publicKeyJwk).to.not.exist; - expect(did.didDocument.verificationMethod![0]!.publicKeyMultibase).to.exist; + expect(did.document.verificationMethod![0]!.publicKeyJwk).to.not.exist; + expect(did.document.verificationMethod![0]!.publicKeyMultibase).to.exist; }); it('accepts an alternate default context', async () => { @@ -105,33 +104,8 @@ describe('DidKey', () => { } }); - expect(did.didDocument['@context']).to.not.include('https://www.w3.org/ns/did/v1'); - expect(did.didDocument['@context']).to.include('https://www.w3.org/ns/did/v99'); - }); - - it('returns a getSigner() function that creates valid signatures that can be verified', async () => { - const did = await DidKey.create({ keyManager, options: { algorithm: 'Ed25519' } }); - - const signer = await did.getSigner(); - const data = new Uint8Array([1, 2, 3]); - const signature = await signer.sign({ data }); - const isValid = await signer.verify({ data, signature }); - - expect(signature).to.have.length(64); - expect(isValid).to.be.true; - }); - - it('returns a getSigner() function handles undefined params', async function () { - // Create a `did:key` DID. - const did = await DidKey.create({ keyManager, options: { algorithm: 'Ed25519' } }); - - // Simulate the creation of a signer with undefined params - const signer = await did.getSigner({ }); - - // Note: Since this test does not interact with an actual keyManager, it primarily ensures - // that the method doesn't break with undefined params. - expect(signer).to.have.property('sign'); - expect(signer).to.have.property('verify'); + expect(did.document['@context']).to.not.include('https://www.w3.org/ns/did/v1'); + expect(did.document['@context']).to.include('https://www.w3.org/ns/did/v99'); }); it('throws an error if both algorithm and verificationMethods are provided', async () => { @@ -148,192 +122,238 @@ describe('DidKey', () => { expect(error.message).to.include('options are mutually exclusive'); } }); - }); - describe('fromKeyManager()', () => { - let didUri: string; - let keyManager: LocalKeyManager; - let privateKey: Jwk; - - before(() => { - keyManager = new LocalKeyManager(); + it('throws an error if zero verificationMethods are given', async () => { + try { + // @ts-expect-error - Test case where verificationMethods is undefined. + await DidKey.create({ keyManager, options: { verificationMethods: [] } }); + expect.fail('Expected an error to be thrown.'); + } catch (error: any) { + expect(error.message).to.include('must contain exactly one entry'); + } }); - beforeEach(() => { - didUri = 'did:key:z6MkqBvAA4RBFFATVs7TXxEf4FcL1QY3JntYvwAYJMptDt5D'; - - privateKey = { - kty : 'OKP', - crv : 'Ed25519', - x : 'n4JbpJYkl77eGav9miqxHJsf-hoZl7GrbcrTmLJ9NBA', - d : 'JZPFC1MVj65ZUnj1HWTUDqvdQU6W2yBdZXMrRxDSqVA' - }; + it('throws an error if two or more verificationMethods are given', async () => { + try { + await DidKey.create({ + keyManager, + // @ts-expect-error - Test case where verificationMethods has too many entries. + options: { verificationMethods: [{ algorithm: 'secp256k1' }, { algorithm: 'Ed25519' }] } + }); + expect.fail('Expected an error to be thrown.'); + } catch (error: any) { + expect(error.message).to.include('must contain exactly one entry'); + } }); + }); - it('returns a DID Key from existing keys present in a key manager', async () => { - // Import the test DID's keys into the key manager. - await keyManager.importKey({ key: privateKey }); + describe('export()', () => { + it('returns a single verification method for a DID', async () => { + // Create a DID to use for the test. + const did = await DidKey.create(); - const did = await DidKey.fromKeyManager({ didUri, keyManager }); + const portableDid = await did.export(); - expect(did).to.have.property('didDocument'); - expect(did).to.have.property('getSigner'); - expect(did).to.have.property('keyManager'); - expect(did).to.have.property('metadata'); - expect(did).to.have.property('uri', didUri); + expect(portableDid.document).to.have.property('verificationMethod'); + expect(portableDid.document.verificationMethod).to.have.length(1); + expect(portableDid.document.verificationMethod![0]).to.have.property('publicKeyJwk'); + expect(portableDid.document.verificationMethod![0]).to.have.property('type'); + expect(portableDid.document.verificationMethod![0]).to.have.property('id'); + expect(portableDid.document.verificationMethod![0]).to.have.property('controller'); + expect(portableDid.privateKeys).to.have.length(1); + expect(portableDid.privateKeys![0]).to.have.property('crv'); + expect(portableDid.privateKeys![0]).to.have.property('x'); + expect(portableDid.privateKeys![0]).to.have.property('d'); }); + }); - it('returns a DID with a getSigner function that can sign and verify data', async () => { - // Import the test DID's keys into the key manager. - await keyManager.importKey({ key: privateKey }); + describe('getSigningMethod()', () => { + it('returns the signing method for a DID', async () => { + // Create a DID to use for the test. + const did = await DidKey.create(); - const did = await DidKey.fromKeyManager({ didUri, keyManager }); + const signingMethod = await DidKey.getSigningMethod({ didDocument: did.document }); - const signer = await did.getSigner(); - const data = new Uint8Array([1, 2, 3]); - const signature = await signer.sign({ data }); - const isValid = await signer.verify({ data, signature }); - - expect(signature).to.have.length(64); - expect(isValid).to.be.true; + expect(signingMethod).to.have.property('type', 'JsonWebKey2020'); + expect(signingMethod).to.have.property('id'); + expect(signingMethod!.id).to.include(did.uri); + expect(signingMethod).to.have.property('controller', did.uri); }); - it('returns a DID with a getSigner function that accepts a specific keyUri', async () => { - // Import the test DID's keys into the key manager. - await keyManager.importKey({ key: privateKey }); - - const did = await DidKey.fromKeyManager({ didUri, keyManager }); - - // Retrieve the key URI of the verification method's public key. - const { d, ...publicKey } = privateKey; // Remove the private key component - const keyUri = await did.keyManager.getKeyUri({ key: publicKey }); - - const signer = await did.getSigner({ keyUri }); - const data = new Uint8Array([1, 2, 3]); - const signature = await signer.sign({ data }); - const isValid = await signer.verify({ data, signature }); + it('returns the first assertionMethod verification method', async function () { + const verificationMethod = await DidKey.getSigningMethod({ + didDocument: { + id : 'did:key:123', + verificationMethod : [ + { + id : 'did:key:123#0', + type : 'JsonWebKey2020', + controller : 'did:key:123', + publicKeyJwk : {} as Jwk + } + ], + assertionMethod: ['did:key:123#0'] + } + }); - expect(signature).to.have.length(64); - expect(isValid).to.be.true; + expect(verificationMethod).to.exist; + expect(verificationMethod).to.have.property('id', 'did:key:123#0'); }); - it('throws an error if the given DID URI cannot be resolved', async () => { - const didUri = 'did:key:...'; + it('throws an error if the DID document is missing verification methods', async function () { try { - await DidKey.fromKeyManager({ didUri, keyManager }); - expect.fail('Expected an error to be thrown.'); + await DidKey.getSigningMethod({ + didDocument: { id: 'did:key:123' } + }); + expect.fail('Error should have been thrown'); } catch (error: any) { - expect(error.message).to.include('missing verification methods'); + expect(error.message).to.include('verification method intended for signing could not be determined'); } }); - it('throws an error if an unsupported DID method is given', async () => { + it('throws an error if there is no assertionMethod verification method', async function () { try { - await DidKey.fromKeyManager({ didUri: 'did:example:z6Mk', keyManager }); - expect.fail('Expected an error to be thrown.'); + await DidKey.getSigningMethod({ + didDocument: { + id : 'did:key:123', + verificationMethod : [ + { + id : 'did:key:123#0', + type : 'JsonWebKey2020', + controller : 'did:key:123', + publicKeyJwk : {} as Jwk + } + ], + authentication: ['did:key:123#0'] + } + }); + expect.fail('Error should have been thrown'); } catch (error: any) { - expect(error.code).to.equal(DidErrorCode.MethodNotSupported); + expect(error.message).to.include('verification method intended for signing could not be determined'); } }); - it('throws an error if the resolved DID document lacks any verification methods', async () => { - // Stub the DID resolve method to return a DID document without a verificationMethod property. - sinon.stub(DidKey, 'resolve').returns(Promise.resolve({ - didDocument : { id: 'did:key:...' }, - didDocumentMetadata : {}, - didResolutionMetadata : {} - })); - - const didUri = 'did:key:...'; - try { - await DidKey.fromKeyManager({ didUri, keyManager }); - expect.fail('Expected an error to be thrown.'); - } catch (error: any) { - expect(error.message).to.include('missing verification methods'); - } finally { - sinon.restore(); - } - - // Stub the DID resolve method to return a DID document an empty verificationMethod property. - sinon.stub(DidKey, 'resolve').returns(Promise.resolve({ - didDocument : { id: 'did:key:...', verificationMethod: [] }, - didDocumentMetadata : {}, - didResolutionMetadata : {} - })); - + it('throws an error if the only assertionMethod method is embedded', async function () { try { - await DidKey.fromKeyManager({ didUri, keyManager }); - expect.fail('Expected an error to be thrown.'); + await DidKey.getSigningMethod({ + didDocument: { + id : 'did:key:123', + verificationMethod : [ + { + id : 'did:key:123#0', + type : 'JsonWebKey2020', + controller : 'did:key:123', + publicKeyJwk : {} as Jwk + } + ], + assertionMethod: [ + { + id : 'did:key:123#1', + type : 'JsonWebKey2020', + controller : 'did:key:123', + publicKeyJwk : {} as Jwk + } + ], + authentication: ['did:key:123#0'] + } + }); + expect.fail('Error should have been thrown'); } catch (error: any) { - expect(error.message).to.include('missing verification methods'); - } finally { - sinon.restore(); + expect(error.message).to.include('verification method intended for signing could not be determined'); } }); - it('throws an error if the resolved DID document is missing a public key', async () => { - // Stub the DID resolution method to return a DID document with no verification methods. - sinon.stub(DidKey, 'resolve').returns(Promise.resolve({ - didDocument: { - id : 'did:key:...', - verificationMethod : [{ - id : 'did:key:...#0', - type : 'JsonWebKey2020', - controller : 'did:key:...' - }], - }, - didDocumentMetadata : {}, - didResolutionMetadata : {} - })); + it('throws an error if a non-key method is used', async function () { + // Example DID Document with a non-key method + const didDocument: DidDocument = { + '@context' : 'https://www.w3.org/ns/did/v1', + id : 'did:example:123', + verificationMethod : [ + { + id : 'did:example:123#0', + type : 'JsonWebKey2020', + controller : 'did:example:123', + publicKeyJwk : {} as Jwk + } + ], + }; - const didUri = 'did:key:...'; try { - await DidKey.fromKeyManager({ didUri, keyManager }); - expect.fail('Expected an error to be thrown.'); + await DidKey.getSigningMethod({ didDocument }); + expect.fail('Error should have been thrown'); } catch (error: any) { - expect(error.message).to.include('does not contain a public key'); - } finally { - sinon.restore(); + expect(error.message).to.equal('Method not supported: example'); } }); }); - describe('fromKeys()', () => { + describe('import()', () => { let portableDid: PortableDid; beforeEach(() => { // Define a DID to use for the test. portableDid = { - uri : 'did:key:z6MkkGkByH7rSY3uxDEPTk1CZzPG5hvf564ABFLQzCFwyYNN', - verificationMethods : [{ - publicKeyJwk: { - kty : 'OKP', + uri : 'did:key:z6MkfEC95uQzsxT6E6oERYyY5UMqgYugQ5YdxCw5h9RPPSGU', + document : { + id : 'did:key:z6MkfEC95uQzsxT6E6oERYyY5UMqgYugQ5YdxCw5h9RPPSGU', + verificationMethod : [ + { + id : 'did:key:z6MkfEC95uQzsxT6E6oERYyY5UMqgYugQ5YdxCw5h9RPPSGU#z6MkfEC95uQzsxT6E6oERYyY5UMqgYugQ5YdxCw5h9RPPSGU', + type : 'JsonWebKey2020', + controller : 'did:key:z6MkfEC95uQzsxT6E6oERYyY5UMqgYugQ5YdxCw5h9RPPSGU', + publicKeyJwk : { + kty : 'OKP', + crv : 'Ed25519', + x : 'C4K4f9q7m-ObUYEZBZm4bD9maKUYnjcIzUI-JWkai9U', + kid : 'bSmUGl3783WDG3U8uGxKw6Vh1ikHJ-qoap2EEw4VhKA', + }, + }, + ], + authentication: [ + 'did:key:z6MkfEC95uQzsxT6E6oERYyY5UMqgYugQ5YdxCw5h9RPPSGU#z6MkfEC95uQzsxT6E6oERYyY5UMqgYugQ5YdxCw5h9RPPSGU', + ], + assertionMethod: [ + 'did:key:z6MkfEC95uQzsxT6E6oERYyY5UMqgYugQ5YdxCw5h9RPPSGU#z6MkfEC95uQzsxT6E6oERYyY5UMqgYugQ5YdxCw5h9RPPSGU', + ], + capabilityInvocation: [ + 'did:key:z6MkfEC95uQzsxT6E6oERYyY5UMqgYugQ5YdxCw5h9RPPSGU#z6MkfEC95uQzsxT6E6oERYyY5UMqgYugQ5YdxCw5h9RPPSGU', + ], + capabilityDelegation: [ + 'did:key:z6MkfEC95uQzsxT6E6oERYyY5UMqgYugQ5YdxCw5h9RPPSGU#z6MkfEC95uQzsxT6E6oERYyY5UMqgYugQ5YdxCw5h9RPPSGU', + ], + '@context': [ + 'https://www.w3.org/ns/did/v1', + 'https://w3id.org/security/suites/jws-2020/v1', + ], + }, + metadata: { + }, + privateKeys: [ + { crv : 'Ed25519', - x : 'VnSOQ-n7kRcYd0XGW2MNCv7DDY5py5XhNcjM7-Y1HVM' - }, - privateKeyJwk: { + d : 'a-pqjsKCMFnbFZSyg8GKXfDgop1G2kvp910f3WRvuVs', kty : 'OKP', - crv : 'Ed25519', - x : 'VnSOQ-n7kRcYd0XGW2MNCv7DDY5py5XhNcjM7-Y1HVM', - d : 'iTD5DIOKZNkwgzsND-I8CLIXmgTxfQ1HUzl9fpMktAo' + x : 'C4K4f9q7m-ObUYEZBZm4bD9maKUYnjcIzUI-JWkai9U', + kid : 'bSmUGl3783WDG3U8uGxKw6Vh1ikHJ-qoap2EEw4VhKA', + alg : 'EdDSA', }, - purposes: ['authentication'] - }] + ], }; }); - it('returns a DID Key from the given set of verification method keys', async () => { - const did = await DidKey.fromKeys(portableDid); + it('returns a BearerDid from the given DID JWK PortableDid', async () => { + const did = await DidKey.import({ portableDid }); - expect(did).to.have.property('didDocument'); + expect(did).to.have.property('document'); expect(did).to.have.property('getSigner'); expect(did).to.have.property('keyManager'); expect(did).to.have.property('metadata'); expect(did).to.have.property('uri', portableDid.uri); + expect(did.document).to.deep.equal(portableDid.document); }); it('returns a DID with a getSigner function that can sign and verify data', async () => { - const did = await DidKey.fromKeys(portableDid); + const did = await DidKey.import({ portableDid }); const signer = await did.getSigner(); const data = new Uint8Array([1, 2, 3]); const signature = await signer.sign({ data }); @@ -343,184 +363,42 @@ describe('DidKey', () => { expect(isValid).to.be.true; }); - it('returns a DID with a getSigner function that accepts a specific keyUri', async () => { - const did = await DidKey.fromKeys(portableDid); - - // Retrieve the key URI of the verification method's public key. - const keyUri = await did.keyManager.getKeyUri({ key: portableDid.verificationMethods![0].publicKeyJwk! }); - - const signer = await did.getSigner({ keyUri }); - const data = new Uint8Array([1, 2, 3]); - const signature = await signer.sign({ data }); - const isValid = await signer.verify({ data, signature }); - - expect(signature).to.have.length(64); - expect(isValid).to.be.true; - }); - - it('throws an error if no verification methods are given', async () => { - try { - // @ts-expect-error - Test case where verificationMethods is undefined. - await DidKey.fromKeys({}); - expect.fail('Expected an error to be thrown.'); - } catch (error: any) { - expect(error.message).to.include('one verification method'); - } - }); + it('throws an error if the DID method is not supported', async () => { + // Change the method to something other than 'key'. + portableDid.uri = 'did:unknown:abc123'; - it('throws an error if the given key set is empty', async () => { try { - await DidKey.fromKeys({ verificationMethods: [] }); + await DidKey.import({ portableDid }); expect.fail('Expected an error to be thrown.'); } catch (error: any) { - expect(error.message).to.include('one verification method'); - } - }); - - it('throws an error if the given key set is missing a public key', async () => { - delete portableDid.verificationMethods[0].publicKeyJwk; - - try { - await DidKey.fromKeys(portableDid); - expect.fail('Expected an error to be thrown.'); - } catch (error: any) { - expect(error.message).to.include('does not contain a public and private key'); + expect(error.code).to.equal(DidErrorCode.MethodNotSupported); + expect(error.message).to.include('Method not supported'); } }); - it('throws an error if the given key set is missing a private key', async () => { - delete portableDid.verificationMethods[0].privateKeyJwk; + it('throws an error if the DID method cannot be determined', async () => { + // An unparsable DID URI. + portableDid.uri = 'did:abc123'; try { - await DidKey.fromKeys(portableDid); + await DidKey.import({ portableDid }); expect.fail('Expected an error to be thrown.'); } catch (error: any) { - expect(error.message).to.include('does not contain a public and private key'); + expect(error.code).to.equal(DidErrorCode.MethodNotSupported); + expect(error.message).to.include('Method not supported'); } }); - it('throws an error if the key set contains two or more keys', async () => { - const verificationMethod: PortableDidVerificationMethod = { - publicKeyJwk: { - kty : 'OKP', - crv : 'Ed25519', - x : '3EBa_ELos2alvLojqIVcrbKpirVXj6cjVD5v2VhwLz8' - }, - privateKeyJwk: { - kty : 'OKP', - crv : 'Ed25519', - x : '3EBa_ELos2alvLojqIVcrbKpirVXj6cjVD5v2VhwLz8', - d : 'hMqv-FAvhVWz2nxobesO7TzI0-GN0kvzkUGYdnZt_TA' - }, - purposes: ['authentication'] - }; + it('throws an error if the DID document contains two or more verification methods', async () => { + // Add a second verification method to the DID document. + portableDid.document.verificationMethod?.push(portableDid.document.verificationMethod[0]); try { - await DidKey.fromKeys({ - verificationMethods: [verificationMethod, verificationMethod] - }); + await DidKey.import({ portableDid }); expect.fail('Expected an error to be thrown.'); } catch (error: any) { - expect(error.message).to.include('one verification method'); - } - }); - }); - - describe('getSigningMethod()', () => { - it('returns the first authentication verification method', async function () { - const verificationMethod = await DidKey.getSigningMethod({ - didDocument: { - id : 'did:key:123', - verificationMethod : [ - { - id : 'did:key:123#0', - type : 'JsonWebKey2020', - controller : 'did:key:123', - publicKeyJwk : {} as Jwk - } - ], - authentication: ['did:key:123#0'] - } - }); - - expect(verificationMethod).to.exist; - expect(verificationMethod).to.have.property('id', 'did:key:123#0'); - }); - - it('returns undefined if there is no authentication verification method', async function () { - const verificationMethod = await DidKey.getSigningMethod({ - didDocument: { - id : 'did:key:123', - verificationMethod : [ - { - id : 'did:key:123#0', - type : 'JsonWebKey2020', - controller : 'did:key:123', - publicKeyJwk : {} as Jwk - } - ], - assertionMethod: ['did:key:123#0'] - } - }); - - expect(verificationMethod).to.not.exist; - }); - - it('returns undefined if the only authentication method is embedded', async function () { - const verificationMethod = await DidKey.getSigningMethod({ - didDocument: { - id : 'did:key:123', - verificationMethod : [ - { - id : 'did:key:123#0', - type : 'JsonWebKey2020', - controller : 'did:key:123', - publicKeyJwk : {} as Jwk - } - ], - authentication: [ - { - id : 'did:key:123#1', - type : 'JsonWebKey2020', - controller : 'did:key:123', - publicKeyJwk : {} as Jwk - } - ], - assertionMethod: ['did:key:123#0'] - } - }); - - expect(verificationMethod).to.not.exist; - }); - - it('handles didDocuments missing verification methods', async function () { - const result = await DidKey.getSigningMethod({ - didDocument: { id: 'did:key:123' } - }); - - expect(result).to.be.undefined; - }); - - it('throws an error if a non-key method is used', async function () { - // Example DID Document with a non-key method - const didDocument: DidDocument = { - '@context' : 'https://www.w3.org/ns/did/v1', - id : 'did:example:123', - verificationMethod : [ - { - id : 'did:example:123#0', - type : 'JsonWebKey2020', - controller : 'did:example:123', - publicKeyJwk : {} as Jwk - } - ], - }; - - try { - await DidKey.getSigningMethod({ didDocument }); - expect.fail('Error should have been thrown'); - } catch (error: any) { - expect(error.message).to.equal('Method not supported: example'); + expect(error.code).to.equal(DidErrorCode.InvalidDidDocument); + expect(error.message).to.include('DID document must contain exactly one verification method'); } }); }); @@ -646,52 +524,6 @@ describe('DidKey', () => { }); }); - describe('keyBytesToMultibaseId()', () => { - it('returns a multibase encoded string', () => { - const input = { - keyBytes : new Uint8Array(32), - multicodecName : 'ed25519-pub', - }; - const encoded = DidKeyUtils.keyBytesToMultibaseId({ keyBytes: input.keyBytes, multicodecName: input.multicodecName }); - expect(encoded).to.be.a.string; - expect(encoded.substring(0, 1)).to.equal('z'); - expect(encoded.substring(1, 4)).to.equal('6Mk'); - }); - - it('passes test vectors', () => { - let input: { keyBytes: Uint8Array, multicodecName: string }; - let output: string; - let encoded: string; - - // Test Vector 1. - input = { - keyBytes : (new Uint8Array(32)).fill(0), - multicodecName : 'ed25519-pub', - }; - output = 'z6MkeTG3bFFSLYVU7VqhgZxqr6YzpaGrQtFMh1uvqGy1vDnP'; - encoded = DidKeyUtils.keyBytesToMultibaseId({ keyBytes: input.keyBytes, multicodecName: input.multicodecName }); - expect(encoded).to.equal(output); - - // Test Vector 2. - input = { - keyBytes : (new Uint8Array(32)).fill(1), - multicodecName : 'ed25519-pub', - }; - output = 'z6MkeXBLjYiSvqnhFb6D7sHm8yKm4jV45wwBFRaatf1cfZ76'; - encoded = DidKeyUtils.keyBytesToMultibaseId({ keyBytes: input.keyBytes, multicodecName: input.multicodecName }); - expect(encoded).to.equal(output); - - // Test Vector 3. - input = { - keyBytes : (new Uint8Array(32)).fill(9), - multicodecName : 'ed25519-pub', - }; - output = 'z6Mkf4XhsxSXfEAWNK6GcFu7TyVs21AfUTRjiguqMhNQeDgk'; - encoded = DidKeyUtils.keyBytesToMultibaseId({ keyBytes: input.keyBytes, multicodecName: input.multicodecName }); - expect(encoded).to.equal(output); - }); - }); - describe('multicodecToJwk()', () => { it('converts ed25519 public key multicodec to JWK', async () => { const result = await DidKeyUtils.multicodecToJwk({ name: 'ed25519-pub' }); @@ -789,50 +621,6 @@ describe('DidKey', () => { }); }); - describe('multibaseIdToKeyBytes()', () => { - it('converts secp256k1-pub multibase identifiers', () => { - const multibaseKeyId = 'zQ3shMrXA3Ah8h5asMM69USP8qRDnPaCLRV3nPmitAXVfWhgp'; - - const { keyBytes, multicodecCode, multicodecName } = DidKeyUtils.multibaseIdToKeyBytes({ multibaseKeyId }); - - expect(keyBytes).to.exist; - expect(keyBytes).to.be.a('Uint8Array'); - expect(keyBytes).to.have.length(33); - expect(multicodecCode).to.exist; - expect(multicodecCode).to.equal(231); - expect(multicodecName).to.exist; - expect(multicodecName).to.equal('secp256k1-pub'); - }); - - it('converts ed25519-pub multibase identifiers', () => { - const multibaseKeyId = 'z6MkizSHspkM891CAnYZis1TJkB4fWwuyVjt4pV93rWPGYwW'; - - const { keyBytes, multicodecCode, multicodecName } = DidKeyUtils.multibaseIdToKeyBytes({ multibaseKeyId }); - - expect(keyBytes).to.exist; - expect(keyBytes).to.be.a('Uint8Array'); - expect(keyBytes).to.have.length(32); - expect(multicodecCode).to.exist; - expect(multicodecCode).to.equal(237); - expect(multicodecName).to.exist; - expect(multicodecName).to.equal('ed25519-pub'); - }); - - it('converts x25519-pub multibase identifiers', () => { - const multibaseKeyId = 'z6LSfsF6tQA7j56WSzNPT4yrzZprzGEK8137DMeAVLgGBJEz'; - - const { keyBytes, multicodecCode, multicodecName } = DidKeyUtils.multibaseIdToKeyBytes({ multibaseKeyId }); - - expect(keyBytes).to.exist; - expect(keyBytes).to.be.a('Uint8Array'); - expect(keyBytes).to.have.length(32); - expect(multicodecCode).to.exist; - expect(multicodecCode).to.equal(236); - expect(multicodecName).to.exist; - expect(multicodecName).to.equal('x25519-pub'); - }); - }); - describe('publicKeyToMultibaseId()', () => { it('supports Ed25519', async () => { const publicKey: Jwk = { diff --git a/packages/dids/tests/methods/did-method.spec.ts b/packages/dids/tests/methods/did-method.spec.ts index efc84cc4c..7799eed35 100644 --- a/packages/dids/tests/methods/did-method.spec.ts +++ b/packages/dids/tests/methods/did-method.spec.ts @@ -1,307 +1,30 @@ -import type { CryptoApi, Jwk } from '@web5/crypto'; - -import sinon from 'sinon'; import { expect } from 'chai'; -import { LocalKeyManager } from '@web5/crypto'; - -import type { BearerDid } from '../../src/bearer-did.js'; -import type { DidDocument, DidVerificationMethod } from '../../src/types/did-core.js'; import { DidMethod } from '../../src/methods/did-method.js'; -import { DidJwk } from '../../src/methods/did-jwk.js'; - -class DidTest extends DidMethod { - public static async getSigningMethod({ didDocument, methodId = '#0' }: { - didDocument: DidDocument; - methodId?: string; - }): Promise { - // Attempt to find the verification method in the DID Document. - return didDocument.verificationMethod?.find(vm => vm.id.endsWith(methodId)); - } -} describe('DidMethod', () => { - let keyManager: LocalKeyManager; - - before(() => { - keyManager = new LocalKeyManager(); - }); - - describe('fromKeyManager()', () => { - it('throws an error if the DID method implementation does not provide a resolve() function', async () => { - class DidTest extends DidMethod {} - - try { - await DidTest.fromKeyManager({ didUri: 'did:method:example', keyManager }); - expect.fail('Error should have been thrown'); - } catch (error: any) { - expect(error.message).to.include('must implement resolve()'); - } - }); - }); - - describe('getSigner()', () => { - let keyManagerMock: any; - let publicKey: Jwk; - let didDocument: DidDocument; - - beforeEach(() => { - // Mock for CryptoApi - keyManagerMock = { - digest : sinon.stub(), - generateKey : sinon.stub(), - getKeyUri : sinon.stub(), - getPublicKey : sinon.stub(), - sign : sinon.stub(), - verify : sinon.stub(), - }; - - // Example public key in JWK format - publicKey = { - kty : 'OKP', - use : 'sig', - crv : 'Ed25519', - kid : '...', - x : 'abc123', - alg : 'EdDSA' - }; - - // Example DID Document - didDocument = { - '@context' : 'https://www.w3.org/ns/did/v1', - id : 'did:jwk:example', - verificationMethod : [{ - id : 'did:jwk:example#0', - type : 'JsonWebKey2020', - controller : 'did:jwk:example', - publicKeyJwk : publicKey, - }], - }; - - keyManagerMock.getKeyUri.resolves('urn:jwk:example'); // Mock key URI retrieval - keyManagerMock.getPublicKey.resolves(publicKey); // Mock public key retrieval - keyManagerMock.sign.resolves(new Uint8Array(64).fill(0)); // Mock signature creation - keyManagerMock.verify.resolves(true); // Mock verification result - }); - - it('returns a signer with sign and verify functions', async () => { - const signer = await DidTest.getSigner({ didDocument, keyManager: keyManagerMock }); - - expect(signer).to.be.an('object'); - expect(signer).to.have.property('sign').that.is.a('function'); - expect(signer).to.have.property('verify').that.is.a('function'); - }); - - it('sign function should call keyManager.sign with correct parameters', async () => { - const signer = await DidTest.getSigner({ didDocument, keyManager: keyManagerMock }); - const dataToSign = new Uint8Array([0x00, 0x01]); - - await signer.sign({ data: dataToSign }); - - expect(keyManagerMock.sign.calledOnce).to.be.true; - expect(keyManagerMock.sign.calledWith(sinon.match({ data: dataToSign }))).to.be.true; - }); - - it('verify function should call keyManager.verify with correct parameters', async () => { - const signer = await DidTest.getSigner({ didDocument, keyManager: keyManagerMock }); - const dataToVerify = new Uint8Array([0x00, 0x01]); - const signature = new Uint8Array([0x01, 0x02]); - - await signer.verify({ data: dataToVerify, signature }); - - expect(keyManagerMock.verify.calledOnce).to.be.true; - expect(keyManagerMock.verify.calledWith(sinon.match({ data: dataToVerify, signature }))).to.be.true; - }); - - it('uses the provided keyUri to fetch the public key', async () => { - const keyUri = 'some-key-uri'; - keyManagerMock.getPublicKey.withArgs({ keyUri }).resolves(publicKey); - - const signer = await DidTest.getSigner({ didDocument, keyManager: keyManagerMock, keyUri }); - - expect(signer).to.be.an('object'); - expect(keyManagerMock.getPublicKey.calledWith({ keyUri })).to.be.true; - }); - + describe('getSigningMethod()', () => { it('throws an error if the DID method implementation does not provide a getSigningMethod() function', async () => { class DidTest extends DidMethod {} try { - await DidTest.getSigner({ didDocument, keyManager: keyManagerMock }); - expect.fail('Error should have been thrown'); - } catch (error: any) { - expect(error.message).to.include('must implement getSigningMethod'); - } - }); - - it('throws an error if the keyUri does not match any key in the DID Document', async () => { - const keyUri = 'nonexistent-key-uri'; - keyManagerMock.getPublicKey.withArgs({ keyUri }).resolves({ ...publicKey, x: 'def456' }); - - try { - await DidTest.getSigner({ didDocument, keyManager: keyManagerMock, keyUri }); - expect.fail('Error should have been thrown'); - } catch (error: any) { - expect(error.message).to.include(`is not present in the provided DID Document for '${didDocument.id}'`); - } - }); - - it('throws an error if no verification methods are found in the DID Document', async () => { - // Example DID Document with no verification methods - didDocument = { - '@context' : 'https://www.w3.org/ns/did/v1', - id : 'did:test:...', - verificationMethod : [], // Empty array indicates no verification methods - }; - - try { - await DidTest.getSigner({ didDocument, keyManager: keyManagerMock }); - expect.fail('Error should have been thrown'); - } catch (error: any) { - expect(error.message).to.include('No verification methods found'); - } - }); - - it('throws an error if the keys needed to create a signer are not determined', async function () { - keyManagerMock.getKeyUri.resolves(undefined); // Resolves to undefined to simulate missing publicKey - - try { - await DidTest.getSigner({ didDocument, keyManager: keyManagerMock }); + await DidTest.getSigningMethod({ didDocument: { id: 'did:method:example' } }); expect.fail('Error should have been thrown'); } catch (error: any) { - expect(error.message).to.include('Failed to determine the keys needed to create a signer'); + expect(error.message).to.include('must implement getSigningMethod()'); } }); }); - describe('toKeys()', () => { - let didJwk: BearerDid; - - beforeEach(async () => { - didJwk = { - didDocument: { - '@context': [ - 'https://www.w3.org/ns/did/v1', - 'https://w3id.org/security/suites/jws-2020/v1', - ], - id : 'did:jwk:eyJjcnYiOiJFZDI1NTE5Iiwia3R5IjoiT0tQIiwieCI6Im0yN1d2VGVRY2hzS3NfWmZXY1dQd1FQcFRjRjJNa2M5UkpzNFpwTm9PWVkiLCJraWQiOiJvbnRkb0hSUVRxQ2RKekdfYWhzdnJGWG1MYkdMWFRrYTNTQVIweGRkNDlBIiwiYWxnIjoiRWREU0EifQ', - verificationMethod : [ - { - id : 'did:jwk:eyJjcnYiOiJFZDI1NTE5Iiwia3R5IjoiT0tQIiwieCI6Im0yN1d2VGVRY2hzS3NfWmZXY1dQd1FQcFRjRjJNa2M5UkpzNFpwTm9PWVkiLCJraWQiOiJvbnRkb0hSUVRxQ2RKekdfYWhzdnJGWG1MYkdMWFRrYTNTQVIweGRkNDlBIiwiYWxnIjoiRWREU0EifQ#0', - type : 'JsonWebKey2020', - controller : 'did:jwk:eyJjcnYiOiJFZDI1NTE5Iiwia3R5IjoiT0tQIiwieCI6Im0yN1d2VGVRY2hzS3NfWmZXY1dQd1FQcFRjRjJNa2M5UkpzNFpwTm9PWVkiLCJraWQiOiJvbnRkb0hSUVRxQ2RKekdfYWhzdnJGWG1MYkdMWFRrYTNTQVIweGRkNDlBIiwiYWxnIjoiRWREU0EifQ', - publicKeyJwk : { - crv : 'Ed25519', - kty : 'OKP', - x : 'm27WvTeQchsKs_ZfWcWPwQPpTcF2Mkc9RJs4ZpNoOYY', - kid : 'ontdoHRQTqCdJzG_ahsvrFXmLbGLXTka3SAR0xdd49A', - alg : 'EdDSA', - }, - }, - ], - authentication: [ - 'did:jwk:eyJjcnYiOiJFZDI1NTE5Iiwia3R5IjoiT0tQIiwieCI6Im0yN1d2VGVRY2hzS3NfWmZXY1dQd1FQcFRjRjJNa2M5UkpzNFpwTm9PWVkiLCJraWQiOiJvbnRkb0hSUVRxQ2RKekdfYWhzdnJGWG1MYkdMWFRrYTNTQVIweGRkNDlBIiwiYWxnIjoiRWREU0EifQ#0', - ], - assertionMethod: [ - 'did:jwk:eyJjcnYiOiJFZDI1NTE5Iiwia3R5IjoiT0tQIiwieCI6Im0yN1d2VGVRY2hzS3NfWmZXY1dQd1FQcFRjRjJNa2M5UkpzNFpwTm9PWVkiLCJraWQiOiJvbnRkb0hSUVRxQ2RKekdfYWhzdnJGWG1MYkdMWFRrYTNTQVIweGRkNDlBIiwiYWxnIjoiRWREU0EifQ#0', - ], - capabilityInvocation: [ - 'did:jwk:eyJjcnYiOiJFZDI1NTE5Iiwia3R5IjoiT0tQIiwieCI6Im0yN1d2VGVRY2hzS3NfWmZXY1dQd1FQcFRjRjJNa2M5UkpzNFpwTm9PWVkiLCJraWQiOiJvbnRkb0hSUVRxQ2RKekdfYWhzdnJGWG1MYkdMWFRrYTNTQVIweGRkNDlBIiwiYWxnIjoiRWREU0EifQ#0', - ], - capabilityDelegation: [ - 'did:jwk:eyJjcnYiOiJFZDI1NTE5Iiwia3R5IjoiT0tQIiwieCI6Im0yN1d2VGVRY2hzS3NfWmZXY1dQd1FQcFRjRjJNa2M5UkpzNFpwTm9PWVkiLCJraWQiOiJvbnRkb0hSUVRxQ2RKekdfYWhzdnJGWG1MYkdMWFRrYTNTQVIweGRkNDlBIiwiYWxnIjoiRWREU0EifQ#0', - ], - keyAgreement: [ - 'did:jwk:eyJjcnYiOiJFZDI1NTE5Iiwia3R5IjoiT0tQIiwieCI6Im0yN1d2VGVRY2hzS3NfWmZXY1dQd1FQcFRjRjJNa2M5UkpzNFpwTm9PWVkiLCJraWQiOiJvbnRkb0hSUVRxQ2RKekdfYWhzdnJGWG1MYkdMWFRrYTNTQVIweGRkNDlBIiwiYWxnIjoiRWREU0EifQ#0', - ], - }, - getSigner : sinon.stub(), - keyManager, - metadata : {}, - uri : 'did:jwk:eyJjcnYiOiJFZDI1NTE5Iiwia3R5IjoiT0tQIiwieCI6Im0yN1d2VGVRY2hzS3NfWmZXY1dQd1FQcFRjRjJNa2M5UkpzNFpwTm9PWVkiLCJraWQiOiJvbnRkb0hSUVRxQ2RKekdfYWhzdnJGWG1MYkdMWFRrYTNTQVIweGRkNDlBIiwiYWxnIjoiRWREU0EifQ' - }; - }); - - it('returns a set of verification method keys for a DID', async () => { - const did = await DidJwk.create(); - - const keySet = await DidMethod.toKeys({ did }); - - expect(keySet).to.have.property('verificationMethods'); - expect(keySet.verificationMethods).to.have.length(1); - expect(keySet.verificationMethods![0]).to.have.property('publicKeyJwk'); - expect(keySet.verificationMethods![0]).to.have.property('privateKeyJwk'); - expect(keySet.verificationMethods![0]).to.have.property('purposes'); - expect(keySet.verificationMethods![0]).to.have.property('type'); - expect(keySet.verificationMethods![0]).to.have.property('id'); - expect(keySet.verificationMethods![0]).to.have.property('controller'); - }); - - it('returns a key set with the expected key purposes', async () => { - // Create a DID to use for the test. - const did = await DidJwk.create(); - - // Delete all verification relationships except `keyAgreement`. - delete did.didDocument.assertionMethod; - delete did.didDocument.authentication; - delete did.didDocument.capabilityDelegation; - delete did.didDocument.capabilityInvocation; - - const keySet = await DidMethod.toKeys({ did }); - - expect(keySet.verificationMethods![0]).to.have.property('purposes'); - expect(keySet.verificationMethods![0].purposes).to.deep.equal(['keyAgreement']); - }); - - it('throws an error if the DID document lacks any verification methods', async () => { - // Delete the verification method property from the DID document. - delete didJwk.didDocument.verificationMethod; - - try { - await DidMethod.toKeys({ did: didJwk }); - expect.fail('Error should have been thrown'); - } catch (error: any) { - expect(error.message).to.include('missing verification methods'); - } - }); - - it('throws an error if the DID document does not contain a public key', async () => { - // Delete the public key from the DID document. - delete didJwk.didDocument.verificationMethod![0].publicKeyJwk; + describe('resolve()', () => { + it('throws an error if the DID method implementation does not provide a resolve() function', async () => { + class DidTest extends DidMethod {} try { - await DidMethod.toKeys({ did: didJwk }); + await DidTest.resolve('did:method:example'); expect.fail('Error should have been thrown'); } catch (error: any) { - expect(error.message).to.include('does not contain a public key'); - } - }); - - it('throws an error if the key manager does not support exporting keys', async () => { - // Create a key manager that does not support exporting keys. - const keyManagerWithoutExport: CryptoApi = { - digest : sinon.stub(), - generateKey : sinon.stub(), - getKeyUri : sinon.stub(), - getPublicKey : sinon.stub(), - sign : sinon.stub(), - verify : sinon.stub(), - }; - - // Create a DID to use for the test. - const did: BearerDid = { - didDocument : { id: 'did:jwk:123' }, - keyManager : keyManagerWithoutExport, - getSigner : sinon.stub(), - metadata : {}, - uri : 'did:jwk:123', - }; - - try { - await DidMethod.toKeys({ did }); - expect.fail('Expected an error to be thrown.'); - } catch (error: any) { - expect(error.message).to.include('does not support exporting keys'); + expect(error.message).to.include('must implement resolve()'); } }); }); diff --git a/packages/dids/tests/resolver/did-resolver.spec.ts b/packages/dids/tests/resolver/did-resolver.spec.ts index c31b8c1d1..f5e844c6a 100644 --- a/packages/dids/tests/resolver/did-resolver.spec.ts +++ b/packages/dids/tests/resolver/did-resolver.spec.ts @@ -79,7 +79,7 @@ describe('DidResolver', () => { it('returns a DID verification method resource as the value of contentStream if found', async () => { const did = await DidJwk.create(); - const result = await didResolver.dereference(did.didDocument!.verificationMethod![0].id); + const result = await didResolver.dereference(did.document!.verificationMethod![0].id); expect(result.contentStream).to.be.not.be.null; expect(result.dereferencingMetadata.error).to.not.exist; diff --git a/packages/dids/tests/utils.spec.ts b/packages/dids/tests/utils.spec.ts index c6791a63d..a975fa31c 100644 --- a/packages/dids/tests/utils.spec.ts +++ b/packages/dids/tests/utils.spec.ts @@ -1,15 +1,19 @@ import { expect } from 'chai'; -import type { DidDocument } from '../src/types/did-core.js'; +import { DidVerificationRelationship, type DidDocument } from '../src/types/did-core.js'; import { getServices, isDidService, isDwnDidService, - getVerificationMethodByKey, - isDidVerificationMethod, + extractDidFragment, + keyBytesToMultibaseId, + multibaseIdToKeyBytes, getVerificationMethods, + isDidVerificationMethod, + getVerificationMethodByKey, getVerificationMethodTypes, + getVerificationRelationshipsById, } from '../src/utils.js'; import DidUtilsgetVerificationMethodsTestVector from './fixtures/test-vectors/utils/get-verification-methods.json' assert { type: 'json' }; @@ -17,6 +21,51 @@ import DidUtilsGetVerificationMethodTypesTestVector from './fixtures/test-vector import DidUtilsGetVerificationMethodByKeyTestVector from './fixtures/test-vectors/utils/get-verification-method-by-key.json' assert { type: 'json' }; describe('DID Utils', () => { + describe('extractDidFragment()', () => { + it('returns the fragment when a DID string with a fragment is provided', () => { + const result = extractDidFragment('did:example:123#key-1'); + expect(result).to.equal('key-1'); + }); + + it('returns the input string when a string without a fragment is provided', () => { + let result = extractDidFragment('did:example:123'); + expect(result).to.equal('did:example:123'); + + result = extractDidFragment('0'); + expect(result).to.equal('0'); + }); + + it('returns undefined for non-string inputs', () => { + const result = extractDidFragment({ id: 'did:example:123#0', type: 'JsonWebKey' }); + expect(result).to.be.undefined; + }); + + it('returns undefined for array inputs', () => { + const result = extractDidFragment([{ id: 'did:example:123#0', type: 'JsonWebKey' }]); + expect(result).to.be.undefined; + }); + + it('returns undefined for undefined inputs', () => { + const result = extractDidFragment(undefined); + expect(result).to.be.undefined; + }); + + it('returns undefined for empty string input', () => { + const result = extractDidFragment(''); + expect(result).to.be.undefined; + }); + + it('returns "0" when input is "did:method:123#0"', () => { + const result = extractDidFragment('did:method:123#0'); + expect(result).to.equal('0'); + }); + + it('returns "0" when input is "#0"', () => { + const result = extractDidFragment('#0'); + expect(result).to.equal('0'); + }); + }); + describe('getServices()', () => { let didDocument: DidDocument = { id : 'did:example:123', @@ -227,6 +276,60 @@ describe('DID Utils', () => { }); }); + describe('getVerificationRelationshipsById', () => { + let didDocument: DidDocument; + + beforeEach(() => { + didDocument = { + id : 'did:example:123', + authentication : ['did:example:123#auth'], + assertionMethod : [ + { + id : 'did:example:123#assert', + type : 'JsonWebKey', + controller : 'did:example:123' + } + ], + capabilityDelegation: ['did:example:123#key-2'], + }; + }); + + it('should return an empty array if no relationships match the methodId', () => { + const result = getVerificationRelationshipsById({ didDocument, methodId: '0' }); + expect(result).to.be.an('array').that.is.empty; + }); + + it('should return matching relationships by direct reference', () => { + const result = getVerificationRelationshipsById({ didDocument, methodId: 'auth' }); + expect(result).to.include(DidVerificationRelationship.authentication); + }); + + it('should return matching relationships by embedded method', () => { + const result = getVerificationRelationshipsById({ didDocument, methodId: 'assert' }); + expect(result).to.include(DidVerificationRelationship.assertionMethod); + }); + + it('handles method IDs with or without hash symbol prefix', () => { + let result = getVerificationRelationshipsById({ didDocument, methodId: 'key-2' }); + expect(result).to.include(DidVerificationRelationship.capabilityDelegation); + result = getVerificationRelationshipsById({ didDocument, methodId: '#key-2' }); + expect(result).to.include(DidVerificationRelationship.capabilityDelegation); + }); + + it('handles method IDs with a full DID URL', () => { + const result = getVerificationRelationshipsById({ didDocument, methodId: 'did:example:123#key-2' }); + expect(result).to.include(DidVerificationRelationship.capabilityDelegation); + }); + + it('ignores the DID if the method IDs is a full DID URL', () => { + // While not technically disallowed, it is not recommended for a verification method in a + // DID document to reference another DID. If a use case ever arises for this, we can revisit + // adding support to enable matching method IDs with the same identifier but different DIDs. + const result = getVerificationRelationshipsById({ didDocument, methodId: 'did:example:456#key-2' }); + expect(result).to.include(DidVerificationRelationship.capabilityDelegation); + }); + }); + describe('isDwnDidService', () => { it('returns true for a valid DwnDidService object', () => { const validDwnService = { @@ -429,4 +532,102 @@ describe('DID Utils', () => { expect(isDidVerificationMethod(extraProps)).to.be.true; }); }); + + describe('keyBytesToMultibaseId()', () => { + it('returns a multibase encoded string', () => { + const input = { + keyBytes : new Uint8Array(32), + multicodecName : 'ed25519-pub', + }; + const encoded = keyBytesToMultibaseId({ keyBytes: input.keyBytes, multicodecName: input.multicodecName }); + expect(encoded).to.be.a.string; + expect(encoded.substring(0, 1)).to.equal('z'); + expect(encoded.substring(1, 4)).to.equal('6Mk'); + }); + + it('passes test vectors', () => { + let input: { keyBytes: Uint8Array, multicodecName: string }; + let output: string; + let encoded: string; + + // Test Vector 1. + input = { + keyBytes : (new Uint8Array(32)).fill(0), + multicodecName : 'ed25519-pub', + }; + output = 'z6MkeTG3bFFSLYVU7VqhgZxqr6YzpaGrQtFMh1uvqGy1vDnP'; + encoded = keyBytesToMultibaseId({ keyBytes: input.keyBytes, multicodecName: input.multicodecName }); + expect(encoded).to.equal(output); + + // Test Vector 2. + input = { + keyBytes : (new Uint8Array(32)).fill(1), + multicodecName : 'ed25519-pub', + }; + output = 'z6MkeXBLjYiSvqnhFb6D7sHm8yKm4jV45wwBFRaatf1cfZ76'; + encoded = keyBytesToMultibaseId({ keyBytes: input.keyBytes, multicodecName: input.multicodecName }); + expect(encoded).to.equal(output); + + // Test Vector 3. + input = { + keyBytes : (new Uint8Array(32)).fill(9), + multicodecName : 'ed25519-pub', + }; + output = 'z6Mkf4XhsxSXfEAWNK6GcFu7TyVs21AfUTRjiguqMhNQeDgk'; + encoded = keyBytesToMultibaseId({ keyBytes: input.keyBytes, multicodecName: input.multicodecName }); + expect(encoded).to.equal(output); + }); + }); + + describe('multibaseIdToKeyBytes()', () => { + it('converts secp256k1-pub multibase identifiers', () => { + const multibaseKeyId = 'zQ3shMrXA3Ah8h5asMM69USP8qRDnPaCLRV3nPmitAXVfWhgp'; + + const { keyBytes, multicodecCode, multicodecName } = multibaseIdToKeyBytes({ multibaseKeyId }); + + expect(keyBytes).to.exist; + expect(keyBytes).to.be.a('Uint8Array'); + expect(keyBytes).to.have.length(33); + expect(multicodecCode).to.exist; + expect(multicodecCode).to.equal(231); + expect(multicodecName).to.exist; + expect(multicodecName).to.equal('secp256k1-pub'); + }); + + it('converts ed25519-pub multibase identifiers', () => { + const multibaseKeyId = 'z6MkizSHspkM891CAnYZis1TJkB4fWwuyVjt4pV93rWPGYwW'; + + const { keyBytes, multicodecCode, multicodecName } = multibaseIdToKeyBytes({ multibaseKeyId }); + + expect(keyBytes).to.exist; + expect(keyBytes).to.be.a('Uint8Array'); + expect(keyBytes).to.have.length(32); + expect(multicodecCode).to.exist; + expect(multicodecCode).to.equal(237); + expect(multicodecName).to.exist; + expect(multicodecName).to.equal('ed25519-pub'); + }); + + it('converts x25519-pub multibase identifiers', () => { + const multibaseKeyId = 'z6LSfsF6tQA7j56WSzNPT4yrzZprzGEK8137DMeAVLgGBJEz'; + + const { keyBytes, multicodecCode, multicodecName } = multibaseIdToKeyBytes({ multibaseKeyId }); + + expect(keyBytes).to.exist; + expect(keyBytes).to.be.a('Uint8Array'); + expect(keyBytes).to.have.length(32); + expect(multicodecCode).to.exist; + expect(multicodecCode).to.equal(236); + expect(multicodecName).to.exist; + expect(multicodecName).to.equal('x25519-pub'); + }); + + it('throws an error for an invalid multibase identifier', async () => { + try { + multibaseIdToKeyBytes({ multibaseKeyId: 'z6Mkiz' }); + } catch (error: any) { + expect(error.message).to.include('Invalid multibase identifier'); + } + }); + }); }); \ No newline at end of file