uport-project / kotlin-did-jwt Goto Github PK

The DID spec mentions a controller property for DID public key entries.
Our resolver uses owner to describe a similar concept.

There is a slight difference in semantics. When the owner of an identity is changed in the ERC1056 registry, this should be reflected in the DID document entry in the controller field of the root key.

More specifically, if keyA calls changeOwner, listing keyB as the new owner, the DID document entry now looks like this:

{
    id: 'did:ethr:0xkeyA#owner',
    type: 'Secp256k1VerificationKey2018',
    owner: 'did:ethr:0xkeyA',
    ethereumAddress: '0xkeyB'
}

A correction should be made to the did-resolver such that the public key entry should appear like so:

{
    id: 'did:ethr:0xkeyA#owner',
    type: 'Secp256k1VerificationKey2018',
    controller: 'did:ethr:0xkeyB',
    ethereumAddress: '0xkeyB'
}

This mirrors [ #168401735 ] in PT

accept and use an optional StatusEntry param for checkStatus() to deduplicate parsing of credentials and to support verification of credentials that don't necessarily embed a status entry.

rethink exceptional cases to accommodate credentials that don't embed status, and create more informative errors for misconfigured status methods or malformed entries.

create and use a CredentialStatus implementation that is only used to signal a credential that doesn't declare a status checking method.

There are some regular expression that only allow \\w (ALPHA / DIGIT / "_") in the the ethr-network part of the ethr-did.

Examples I found:

Although the ethr-method only specifies a fixed set of networks in its spec, the more general did-core allows for ALPHA / DIGIT / "." / "-" / "_". I want this lib to be future proof for new networks with dot and minus in their network name!

I'm planning to add a network to the spec if a - in the name.

Add documentation about how to use credential-status and ethr-status methods

perhaps revisit the names of classes along the way to make sure the API is intuitive.

Development checklist

• 1. deprecate the UniversalDID object
• 2. in the universal-did module, create a DIDResolverImpl internal class with the same functionality as UniversalDID, just not a singleton
• 3. create builder pattern for DIDResolver that returns a DIDResolverImpl instance
  example usage:

  val resolver : DIDResolver = DIDResolver.Builder
  .addResolver(ethrDidResolver)
  .addResolver(/*...*/)
  .build()

• 4. remove UniversalDID initialization code from JWTTools constructor.
• 5. create a module called uport-defaults
  • 5.1 Create a fun DIDResolver.configureDefaultsWithInfura(infuraProjectId : String) : DIDResolver extension method
  • 5.2 This method should call a DIDResolver.Builder that uses the provided infuraProjectId to configure all the common networks and resolvers in a manner similar to the UniversalDID initialization done in the current JWTTools constructor.
  • 5.3 remove now unused dependencies from the jwt module. It should no longer depend on ethr-did, web-did, uport-did
• 6. Update documentation to reflect new usage patterns

Require and use a DIDDocument param for checkStatus gather valid revokers (support revocations for non ethr-did)

The package for serialization has changed to
org.jetbrains.kotlinx:kotlinx-serialization-json:1.2.1

Having both the json (new package) and the runtime (user by this project) library in the project causes the compiler to fail with NullPointerException

The discussion here indicates that the https did method name is too broad and it should be renamed to web.
For compatibility reasons the old method name should still be supported but deprecated.

• canResolve(<web did>) allows did:web:example.com as well as did:https:example.com
• resolve(<web-did | https-did>) resolves the same DID doc
• rename HttpsDID and related classes to WebDID, etc
• rename module to web-did

This universal Resolver object would have its own resolve method which can take any did and use the correct method specific resolver.

This local Resolver instance should be used during jwt verification instead of the global.
For this to happen correctly, the already configured uni-resolver should be injected into JWTTools during construction.

This mirrors [ #167845321 ] on PT

Acceptance

• new verifyJWT method that also accepts a Resolver
• old method should be marked as deprecated

I have imported verion 0.3.2 in my project (https://github.com/blockstack/blockstack-app-android).

I now get duplicate class exception during ./gradlew app:assembleDebug for:

com.github.komputing.KHash:keccak-jvm
com.github.komputing.KHash:khash-extensions-jvm

Probably a dependency of komputing/KEthereum#73

Scenario

val resolver = EthrDidResolver.Builder().addNetwork(Networks.mainnet).build()
val ddo = resolver.resolve("0xE6Fe788d8ca214A080b0f6aC7F48480b2AEfa9a6")

Expected behavior

ddo should contain a PublicKeyEntry of type secp256k1VerificationKey2018 with a publicKeyHex value of 0x0295dda1dca7f80e308ef60155ddeac00e46b797fd40ef407f422e88d2467a27eb according to this tx: 0x9d770e99da67685f7af83a2743962b5f02335c8abb069ef511cc982864aa8bee

Actual behavior

The default DID document is returned, without that key entry.

offline tests - there should be no instantiation of JsonRPC during a check so that it can be mocked out during tests.

constructor configuration of the CredentialStatus aggregator class (as opposed to registerResolver)

The last point of #32 was not covered.
Since a resolver instance is now required, it should be described in the readme.

gradle gets confused if the two dependencies are in a gradle project:

implementation "com.github.walleth.kethereum:wallet:$kethereum_version"
implementation "com.github.uport-project.kotlin-did-jwt:jwt:$did_jwt_version"

due to upper case letter of KEtherum in build.gradle file.

This happens in a project that is not explicitly importing the okhttp dependency.
This is signaling a dependency declaration issue.

When fixed this would also negate the need to declare testImplementation("com.squareup.okhttp3:okhttp:3.14.1") in projects that use it for testing.

Workaround

dependencies {
  //...
  implementation("com.squareup.okhttp3:okhttp:3.14.1")
}