Always set alg and kid on expansion

[nitro-neal]

This pr resolves #3 from this issue:
#497

Always set alg and kid on expansion (to the values in the registry), support overriding of alg values

toDnsPacket:

• check if the alg on the JWK == the alg in the registry for the given key type

fromDnsPacket:

• KID is always either 0 for the identity key or the JWK thumbprint for all other keys (no overriding it)
• the alg is always set to the default from the registry (https://did-dht.com/registry/#key-type-index) but can be overriden if you specify the alg property
• alg can be omitted and if it is you assume it’s the default

[changeset-bot]

⚠️ No Changeset found

Latest commit: 143b293

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[github-actions]

TBDocs Report

✅ No errors or warnings

@web5/api

• Project entry file: packages/api/src/index.ts

@web5/crypto

• Project entry file: packages/crypto/src/index.ts

@web5/crypto-aws-kms

• Project entry file: packages/crypto-aws-kms/src/index.ts

@web5/dids

• Project entry file: packages/dids/src/index.ts

@web5/credentials

• Project entry file: packages/credentials/src/index.ts

---

TBDocs Report Updated at 2024-05-07T21:17:36Z 143b293

[codecov-commenter]

Codecov Report

Attention: Patch coverage is 94.11765% with 2 lines in your changes are missing coverage. Please review.

Project coverage is 90.81%. Comparing base (eabe5ca) to head (44b12b6).

❗ Current head 44b12b6 differs from pull request most recent head 143b293. Consider uploading reports for the commit 143b293 to get more accurate results

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #502      +/-   ##
==========================================
- Coverage   91.03%   90.81%   -0.23%     
==========================================
  Files         116      116              
  Lines       29562    29439     -123     
  Branches     2177     2161      -16     
==========================================
- Hits        26912    26734     -178     
- Misses       2615     2669      +54     
- Partials       35       36       +1     

Components	Coverage Δ
agent	79.90% <ø> (-0.73%)	⬇️
api	97.91% <ø> (+0.13%)	⬆️
common	98.68% <ø> (ø)
credentials	95.25% <ø> (-0.01%)	⬇️
crypto	93.81% <ø> (ø)
dids	97.63% <94.11%> (-0.06%)	⬇️
identity-agent	96.70% <ø> (ø)
crypto-aws-kms	100.00% <ø> (ø)
proxy-agent	96.70% <ø> (ø)
user-agent	96.70% <ø> (ø)

[thehenrytsai]

looks legit but no need for tests? 😆

[thehenrytsai]

Sanity: getJoseSignatureAlgorithmFromPublicKey() does not seem to return Ed25519 that will be expected of vector 3.

[nitro-neal]

am I using this correctly?

export function getJoseSignatureAlgorithmFromPublicKey(publicKey: Jwk): string {
  const curveToJoseAlgorithm: Record<string, string> = {
    'Ed25519'   : 'EdDSA',
    'P-256'     : 'ES256',
    'P-384'     : 'ES384',
    'P-521'     : 'ES512',
    'secp256k1' : 'ES256K',
  };

  // If the key contains an `alg` property that matches a JOSE registered algorithm identifier,
  // return its value.
  if (publicKey.alg && Object.values(curveToJoseAlgorithm).includes(publicKey.alg)) {
    return publicKey.alg;
  }

  // If the key contains a `crv` property, return the corresponding algorithm.
  if (publicKey.crv && Object.keys(curveToJoseAlgorithm).includes(publicKey.crv)) {
    return curveToJoseAlgorithm[publicKey.crv];
  }

  throw new Error(
    `Unable to determine algorithm based on provided input: alg=${publicKey.alg}, crv=${publicKey.crv}. ` +
    `Supported 'alg' values: ${Object.values(curveToJoseAlgorithm).join(', ')}. ` +
    `Supported 'crv' values: ${Object.keys(curveToJoseAlgorithm).join(', ')}.`
  );
}

[nitro-neal]

I think the alg is always there for our jwks, but is that not necessarily the case for outside jwks inside the did dht??

if the alg is always there we can just do

if(parsedAlg) {
   publicKey.alg = parsedAlg
}

[thehenrytsai]

I don't get if(parsedAlg) { publicKey.alg = parsedAlg }, if parsedAlg is always defined, then there is nothing do right? since:

const { id, t, k, c, a: parsedAlg } = DidDhtUtils.parseTxtDataToObject(answer.data);

[nitro-neal]

parsed alg will not always be defined, but publicKey.alg is always defined

[thehenrytsai]

For my understanding: why would kid be defined when id is not 0? May have opportunity to simplify the condition here?

[nitro-neal]

simplifying to:

          if (id === '0') {
            publicKey.kid = '0';
          } else if (publicKey.kid === undefined) {
            publicKey.kid = await computeJwkThumbprint({ jwk: publicKey });
          }

[nitro-neal]

the publicKey.kid should be defined, but if it is not, we can recompute it deterministically with computeJwkThumbprint

[thehenrytsai]

@decentralgabe just confirmed that id MUST be 0 for identity key, and undefined otherwise, (we should have tests if they don't exist to make sure these are true in implementation), so it seems to me the condition can simply be:

Suggested change

	if (id === '0') {
	publicKey.kid = '0';
	} else if (publicKey.kid === undefined) {
	publicKey.kid = await computeJwkThumbprint({ jwk: publicKey });
	}
	if (id === undefined) {
	publicKey.kid = await computeJwkThumbprint({ jwk: publicKey });
	}

Happy to discuss if I am not making sense!

[decentralgabe]

i'm going to update the spec language to always remove the id property
@thehenrytsai correctly pointed out we can discern the 0 key based on the did identifier
all other keys will use the thumbprint