Implementing BearerDid / PortableDid, exposing our own JWS, JWT, JWK types #262
Conversation
…earerDid. changed DidUri to Did
…t how to call didxyz.import() from BearerDID. also figure out how to call didDhtApi methods after creating BearerDID via DidDht.create()
…import() as a static method. not sure if right path, might reverse
| public fun sign(bearerDid: BearerDid, assertionMethodId: String? = null): String { | ||
| val payload = JwtClaimsSet.Builder() | ||
| .issuer(bearerDid.uri) | ||
| .issueTime(Date().time) |
There was a problem hiding this comment.
if this is iat may need to change to seconds, currently this is milliseconds I think
There was a problem hiding this comment.
fixed, and updated the ktdoc
| public val iss: String? = null, | ||
| public val sub: String? = null, | ||
| public val aud: String? = null, | ||
| public val exp: Long? = null, |
There was a problem hiding this comment.
I think long is the right impl here but I think i see other libs with int
There was a problem hiding this comment.
i agree it should stay as a long - can you tell me which lib has it as an int so we can write an issue for it? i checked js (number), go(int64) and swift (ISO8601Date)
credentials/src/test/kotlin/web5/sdk/credentials/VerifiablePresentationTest.kt
Outdated
Show resolved
Hide resolved
| * @throws [AWSKMSException] for any error originating from the [AWSKMS] client | ||
| */ | ||
| override fun getPublicKey(keyAlias: String): JWK { | ||
| override fun getPublicKey(keyAlias: String): Jwk { | ||
| val getPublicKeyRequest = GetPublicKeyRequest().withKeyId(keyAlias) | ||
| val publicKeyResponse = kmsClient.getPublicKey(getPublicKeyRequest) | ||
| val publicKey = convertToJavaPublicKey(publicKeyResponse.publicKey) | ||
|
|
||
| val algorithmDetails = getAlgorithmDetails(publicKeyResponse.keySpec.enum()) | ||
| val jwkBuilder = when (publicKey) { |
There was a problem hiding this comment.
does this handle uncompressing compressed EC keys?
There was a problem hiding this comment.
good question not sure. it does handle converting what aws returns into a JWK correctly
| } | ||
|
|
||
| override fun privateKeyToBytes(privateKey: JWK): ByteArray { | ||
| override fun privateKeyToBytes(privateKey: Jwk): ByteArray { |
There was a problem hiding this comment.
it would be good to have methods that are able to represent compressed keys
There was a problem hiding this comment.
for Ed25519 @decentralgabe ? or are you talking about Secp256k1 or more generally EC?
There was a problem hiding this comment.
would like gabe to weigh in on this / edit this issue to clarify what's missing here
There was a problem hiding this comment.
also are you talking about compressed public keys? bc presumably if you have d you can deterministically derive x and therefore y. so i'd say privateKeyToBytes already returns the most compressed key?
|
a reminder to myself to first merge TBD54566975/web5-spec#130 and then change the submodule commit to the merge commit also do the same for TBD54566975/web5-js#466 |
Co-authored-by: Gabe <[email protected]>
| is ECPublicKey -> ECKey.Builder(JwaCurve.toJwkCurve(algorithmDetails.curve), publicKey) | ||
| is ECPublicKey -> { | ||
| val key = ECKey.Builder(JwaCurve.toNimbusCurve(algorithmDetails.curve), publicKey).build() | ||
| Jwk.Builder("EC", key.curve.name) |
There was a problem hiding this comment.
Does this defs populate algorithm, keyID, keyUse? I think at least keyID was needed when first implemented
There was a problem hiding this comment.
alg and kid is now not populated by default - relevant comment here
kid can be computed when needed via Jwk#computeThumbprint()
keyUse hmm... i'm pretty sure we're also not populating these by default, and it is optional per JWK spec
https://datatracker.ietf.org/doc/html/rfc7517#section-4.2
Values defined by this specification are:
o "sig" (signature)
o "enc" (encryption)Other values MAY be used. The "use" value is a case-sensitive
string. Use of the "use" member is OPTIONAL, unless the application
requires its presence.
There was a problem hiding this comment.
the only fields that are required to build a Jwk are kty and crv
…r and the corresponding test
Motivation
Overview
BearerDidandPortableDidtypes used in place ofDid(uri, keyManager)abstract class. Now all existing DID implementations'DidXyz.create()to returnBearerDid.Jws,Jwt,Jwktypes are used in place of nimbusds types. We are still creating private key internally using nimbusds (seeEd25519.ktfor example), but all public surface APIs no longer expose the third party dependency.How Has This Been Tested?
Checklist
Before submitting this PR, please make sure: