KILT SDK 1.0.0-alpha

package.json

@@ -24,8 +24,14 @@
  "@hapi/boom": "^10.0.1",
  "@hapi/hapi": "^21.3.2",
  "@hapi/inert": "^7.1.0",
- "@kiltprotocol/sdk-js": "^0.34.0",
- "@kiltprotocol/vc-export": "^0.34.0",
+ "@kiltprotocol/chain-helpers": "0.100.0-alpha.1",
+ "@kiltprotocol/credentials": "0.100.0-alpha.1",
+ "@kiltprotocol/did": "0.100.0-alpha.1",
+ "@kiltprotocol/extension-api": "KILTprotocol/kilt-extension-api#rf-sdk-1-alpha",
+ "@kiltprotocol/legacy-credentials": "0.100.0-alpha.1",
+ "@kiltprotocol/sdk-js": "1.0.0-alpha.1",
+ "@kiltprotocol/types": "0.100.0-alpha.1",
+ "@kiltprotocol/utils": "0.100.0-alpha.1",
  "@polkadot/keyring": "^12.6.2",
  "@polkadot/util": "^12.6.2",
  "@polkadot/util-crypto": "^12.6.2",

scripts/loadTest/apis.ts

@@ -1,23 +1,24 @@
-import got from 'got';
+import type { DidUrl } from '@kiltprotocol/types';
+import type { IEncryptedMessage } from '@kiltprotocol/extension-api/types';
 
-import { DidResourceUri, IEncryptedMessage } from '@kiltprotocol/sdk-js';
+import got from 'got';
 
-import { CheckSessionInput } from './loadTest';
+import { Challenge } from './loadTest';
 
 const sessionHeader = 'x-session-id';
 
 const api = got.extend({ prefixUrl: process.env.URL });
 
 export async function getSessionFromEndpoint(): Promise<{
- dAppEncryptionKeyUri: DidResourceUri;
+ dAppEncryptionKeyUri: DidUrl;
  sessionId: string;
  challenge: string;
 }> {
  return api('api/session').json();
 }
 
 export async function checkSession(
- encryptionChallenge: CheckSessionInput,
+ encryptionChallenge: Challenge,
  sessionId: string,
 ) {
  await api

scripts/loadTest/encryptedMessage.ts

@@ -1,23 +1,23 @@
-import {
- Credential,
- Did,
- DidResourceUri,
- IRequestAttestation,
+import type {
+ DidUrl,
  KiltEncryptionKeypair,
- Message,
  PartialClaim,
-} from '@kiltprotocol/sdk-js';
+} from '@kiltprotocol/types';
+import type { IRequestAttestation } from '@kiltprotocol/extension-api/types';
 
-import { naclSeal } from '@polkadot/util-crypto';
+import { parse } from '@kiltprotocol/did';
+import * as Message from '@kiltprotocol/extension-api/messaging';
+import { Credential as LegacyCredential } from '@kiltprotocol/legacy-credentials';
+import { Crypto } from '@kiltprotocol/utils';
 
 export async function getEncryptedMessage(
  claim: PartialClaim & Required<Pick<PartialClaim, 'contents'>>,
- dAppEncryptionKeyUri: DidResourceUri,
- keyAgreementKeyUri: DidResourceUri,
- keyAgreement: KiltEncryptionKeypair,
+ receiverEncryptionKeyUri: DidUrl,
+ senderEncryptionKeyUri: DidUrl,
+ senderKeypair: KiltEncryptionKeypair,
 ) {
- const owner = Did.parse(keyAgreementKeyUri).did;
- const credential = Credential.fromClaim({ ...claim, owner });
+ const sender = parse(senderEncryptionKeyUri).did;
+ const credential = LegacyCredential.fromClaim({ ...claim, owner: sender });
 
  const requestForAttestationBody: IRequestAttestation = {
  content: { credential },
@@ -26,17 +26,21 @@ export async function getEncryptedMessage(
 
  const message = Message.fromBody(
  requestForAttestationBody,
- owner,
- Did.parse(dAppEncryptionKeyUri).did,
+ sender,
+ parse(receiverEncryptionKeyUri).did,
  );
 
  return Message.encrypt(
  message,
- async function decrypt({ data, peerPublicKey }) {
- const { secretKey } = keyAgreement;
- const { sealed, nonce } = naclSeal(data, secretKey, peerPublicKey);
- return { nonce, data: sealed, keyUri: keyAgreementKeyUri };
+ async function encrypt({ data, peerPublicKey }) {
+ const { secretKey } = senderKeypair;
+ const { nonce, box } = Crypto.encryptAsymmetric(
+ data,
+ peerPublicKey,
+ secretKey,
+ );
+ return { nonce, data: box, keyUri: senderEncryptionKeyUri };
  },
- dAppEncryptionKeyUri,
+ receiverEncryptionKeyUri,
  );
 }

scripts/loadTest/loadTest.ts

@@ -1,16 +1,20 @@
-import { naclSeal, randomAsNumber } from '@polkadot/util-crypto';
-import { HexString } from '@polkadot/util/types';
-import {
- connect,
- CType,
- Did,
+import type {
  DidDocument,
- DidEncryptionKey,
- DidResourceUri,
- disconnect,
+ DidUrl,
  ICType,
- Utils,
-} from '@kiltprotocol/sdk-js';
+ VerificationMethod,
+} from '@kiltprotocol/types';
+
+import { DidResolver, connect, disconnect } from '@kiltprotocol/sdk-js';
+import { Crypto } from '@kiltprotocol/utils';
+import { CType } from '@kiltprotocol/credentials';
+import {
+ createLightDidDocument,
+ isFailedDereferenceMetadata,
+ multibaseKeyToDidKey,
+} from '@kiltprotocol/did';
+
+import { randomAsNumber } from '@polkadot/util-crypto';
 
 import { getEncryptedMessage } from './encryptedMessage.js';
 import {
@@ -24,10 +28,10 @@ import {
  sendEmailApi,
 } from './apis.js';
 
-export type CheckSessionInput = {
- encryptionKeyUri: DidResourceUri;
- encryptedChallenge: HexString;
- nonce: HexString;
+export type Challenge = {
+ encryptionKeyUri: DidUrl;
+ encryptedChallenge: string;
+ nonce: string;
 };
 
 const emailCType: ICType = {
@@ -42,24 +46,24 @@ const emailCType: ICType = {
  type: 'object',
 };
 
-function getDidEncryptionKey(details: DidDocument): DidEncryptionKey {
- const { keyAgreement } = details;
+function getDidEncryptionKey(document: DidDocument) {
+ const { keyAgreement } = document;
  if (!keyAgreement?.[0]) {
  throw new Error('encryptionKey is not defined somehow');
  }
  return keyAgreement[0];
 }
 
 export function createDid() {
- const authentication = Utils.Crypto.makeKeypairFromSeed();
- const keyAgreement = Utils.Crypto.makeEncryptionKeypairFromSeed();
+ const authentication = Crypto.makeKeypairFromSeed();
+ const keyAgreement = Crypto.makeEncryptionKeypairFromSeed();
 
- const document = Did.createLightDidDocument({
+ const document = createLightDidDocument({
  authentication: [authentication],
  keyAgreement: [keyAgreement],
  });
- const { id } = getDidEncryptionKey(document);
- const keyAgreementKeyUri: DidResourceUri = `${document.uri}${id}`;
+ const fragment = getDidEncryptionKey(document);
+ const keyAgreementKeyUri = `${document.id}${fragment}` as DidUrl;
 
  return {
  document,
@@ -70,23 +74,33 @@ export function createDid() {
 
 async function produceEncryptedChallenge(
  challenge: string,
- dAppEncryptionKeyUri: DidResourceUri,
-): Promise<CheckSessionInput> {
- const dAppEncryptionDidKey = await Did.resolveKey(dAppEncryptionKeyUri);
-
+ receiverKeyUri: DidUrl,
+): Promise<Challenge> {
  const temporaryChannelDid = createDid();
  const { keyAgreementKeyUri, keyAgreement } = temporaryChannelDid;
 
- const { sealed, nonce } = naclSeal(
- Utils.Crypto.coToUInt8(challenge),
+ const { dereferencingMetadata, contentStream } =
+ await DidResolver.dereference(receiverKeyUri, {});
+
+ if (isFailedDereferenceMetadata(dereferencingMetadata)) {
+ throw new Error(dereferencingMetadata.error);
+ }
+
+ const verificationMethod = contentStream as VerificationMethod;
+ const { publicKey } = multibaseKeyToDidKey(
+ verificationMethod.publicKeyMultibase,
+ );
+
+ const { nonce, box } = Crypto.encryptAsymmetricAsStr(
+ Crypto.coToUInt8(challenge),
+ publicKey,
  keyAgreement.secretKey,
- dAppEncryptionDidKey.publicKey,
  );
 
  return {
  encryptionKeyUri: keyAgreementKeyUri,
- encryptedChallenge: Utils.Crypto.u8aToHex(sealed),
- nonce: Utils.Crypto.u8aToHex(nonce),
+ encryptedChallenge: box,
+ nonce,
  };
 }
 

src/backend/didConfiguration/didConfigResource.ts

@@ -1,60 +1,32 @@
 import {
- Claim,
- Credential,
- ICredentialPresentation,
-} from '@kiltprotocol/sdk-js';
+ createCredential,
+ didConfigResourceFromCredentials,
+} from '@kiltprotocol/extension-api/wellKnownDidConfiguration';
 
 import { configuration } from '../utilities/configuration';
-import { fullDidPromise } from '../utilities/fullDid';
-import { signWithAssertionMethod } from '../utilities/cryptoCallbacks';
+import {
+ fullDidPromise,
+ getAssertionMethodSigners,
+} from '../utilities/fullDid';
 import { exitOnError } from '../utilities/exitOnError';
 
-import { domainLinkageCType } from './domainLinkageCType';
-import { fromCredential } from './domainLinkageCredential';
-
-async function attestDomainLinkage(): Promise<ICredentialPresentation> {
- const claimContents = {
- id: configuration.did,
- origin: configuration.baseUri,
- };
+export const didConfigResourcePromise = (async () => {
+ await fullDidPromise;
 
  if (configuration.did === 'pending') {
  throw new Error('Own DID not found');
  }
 
- const claim = Claim.fromCTypeAndClaimContents(
- domainLinkageCType,
- claimContents,
+ const signers = await getAssertionMethodSigners();
+
+ const domainLinkageCredential = await createCredential(
+ signers,
+ configuration.baseUri,
  configuration.did,
+ { proofType: 'KILTSelfSigned2020' },
  );
 
- const credential = Credential.fromClaim(claim);
-
- const { fullDid } = await fullDidPromise;
-
- const attestationKey = fullDid.assertionMethod?.[0];
- if (!attestationKey) {
- throw new Error('The attestation key is not defined?!?');
- }
-
- return Credential.createPresentation({
- credential,
- // the domain linkage credential is special in that it is signed with the assertionMethod key
- signCallback: signWithAssertionMethod,
- });
-}
-
-export const didConfigResourcePromise = (async () => {
- await fullDidPromise;
-
- const credential = await attestDomainLinkage();
-
- const domainLinkageCredential = fromCredential(credential);
-
- return {
- '@context': 'https://identity.foundation/.well-known/did-configuration/v1',
- linked_dids: [domainLinkageCredential],
- };
+ return didConfigResourceFromCredentials([domainLinkageCredential]);
 })();
 
 didConfigResourcePromise.catch(exitOnError);