TBD54566975 · decentralgabe · May 8, 2023 · May 8, 2023 · May 8, 2023 · May 8, 2023
@@ -4,14 +4,16 @@ import (
 	"context"
 	"testing"
 
-	"github.com/TBD54566975/ssi-sdk/crypto/jwx"
-	"github.com/TBD54566975/ssi-sdk/did"
-	"github.com/TBD54566975/ssi-sdk/util"
 	"github.com/goccy/go-json"
 	"github.com/oliveagle/jsonpath"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 
+	"github.com/TBD54566975/ssi-sdk/crypto/jwx"
+	"github.com/TBD54566975/ssi-sdk/did/key"
+	"github.com/TBD54566975/ssi-sdk/did/resolver"
+	"github.com/TBD54566975/ssi-sdk/util"
+
 	"github.com/TBD54566975/ssi-sdk/credential"
 	"github.com/TBD54566975/ssi-sdk/crypto"
 	"github.com/TBD54566975/ssi-sdk/cryptosuite"
@@ -55,7 +57,7 @@ func TestBuildPresentationSubmission(t *testing.T) {
 		assert.NoError(tt, err)
 		assert.NotEmpty(tt, submissionBytes)
 
-		resolver, err := did.NewResolver([]did.Resolver{did.KeyResolver{}}...)
+		resolver, err := resolver.NewResolver([]resolver.Resolver{key.Resolver{}}...)
 		assert.NoError(tt, err)
 		_, _, _, err = credential.VerifyVerifiablePresentationJWT(context.Background(), *verifier, resolver, string(submissionBytes))
 		assert.Error(tt, err)
@@ -99,7 +101,7 @@ func TestBuildPresentationSubmission(t *testing.T) {
 
 		println(string(submissionBytes))
 
-		resolver, err := did.NewResolver([]did.Resolver{did.KeyResolver{}}...)
+		resolver, err := resolver.NewResolver([]resolver.Resolver{key.Resolver{}}...)
 		assert.NoError(tt, err)
 		_, _, vp, err := credential.VerifyVerifiablePresentationJWT(context.Background(), *verifier, resolver, string(submissionBytes))
 		assert.NoError(tt, err)
@@ -846,7 +848,7 @@ func getGenericTestClaim() map[string]any {
 }
 
 func getJWKSignerVerifier(t *testing.T) (*jwx.Signer, *jwx.Verifier) {
-	privKey, didKey, err := did.GenerateDIDKey(crypto.Ed25519)
+	privKey, didKey, err := key.GenerateDIDKey(crypto.Ed25519)
 	require.NoError(t, err)
 
 	expanded, err := didKey.Expand()

@@ -6,14 +6,15 @@ import (
 	"strings"
 
 	"github.com/TBD54566975/ssi-sdk/crypto/jwx"
-	"github.com/TBD54566975/ssi-sdk/did"
+	"github.com/TBD54566975/ssi-sdk/did/resolver"
 	"github.com/TBD54566975/ssi-sdk/schema"
 
-	"github.com/TBD54566975/ssi-sdk/credential"
-	"github.com/TBD54566975/ssi-sdk/util"
 	"github.com/goccy/go-json"
 	"github.com/oliveagle/jsonpath"
 	"github.com/pkg/errors"
+
+	"github.com/TBD54566975/ssi-sdk/credential"
+	"github.com/TBD54566975/ssi-sdk/util"
 )
 
 // VerifiedSubmissionData is the result of a successful verification of a presentation submission
@@ -35,7 +36,7 @@ type VerifiedSubmissionData struct {
 // Note: this method does not support LD cryptosuites, and prefers JWT representations. Future refactors
 // may include an analog method for LD suites.
 // TODO(gabe) remove embed target, have it detected from the submission
-func VerifyPresentationSubmission(ctx context.Context, verifier any, resolver did.Resolver, et EmbedTarget, def PresentationDefinition, submission []byte) ([]VerifiedSubmissionData, error) { //revive:disable-line
+func VerifyPresentationSubmission(ctx context.Context, verifier any, resolver resolver.Resolver, et EmbedTarget, def PresentationDefinition, submission []byte) ([]VerifiedSubmissionData, error) { //revive:disable-line
 	if resolver == nil {
 		return nil, errors.New("resolver cannot be empty")
 	}

@@ -4,18 +4,20 @@ import (
 	"context"
 	"testing"
 
+	"github.com/stretchr/testify/assert"
+
 	"github.com/TBD54566975/ssi-sdk/crypto/jwx"
-	"github.com/TBD54566975/ssi-sdk/did"
+	"github.com/TBD54566975/ssi-sdk/did/key"
+	"github.com/TBD54566975/ssi-sdk/did/resolver"
 	"github.com/TBD54566975/ssi-sdk/util"
-	"github.com/stretchr/testify/assert"
 
 	"github.com/TBD54566975/ssi-sdk/credential"
 	"github.com/TBD54566975/ssi-sdk/cryptosuite"
 )
 
 func TestVerifyPresentationSubmission(t *testing.T) {
 	t.Run("Empty submission", func(tt *testing.T) {
-		resolver, err := did.NewResolver([]did.Resolver{did.KeyResolver{}}...)
+		resolver, err := resolver.NewResolver([]resolver.Resolver{key.Resolver{}}...)
 		assert.NoError(tt, err)
 		verifier := jwx.Verifier{}
 		_, err = VerifyPresentationSubmission(context.Background(), verifier, resolver, "badEmbedTarget", PresentationDefinition{}, nil)
@@ -24,7 +26,7 @@ func TestVerifyPresentationSubmission(t *testing.T) {
 	})
 
 	t.Run("Empty presentation definition", func(tt *testing.T) {
-		resolver, err := did.NewResolver([]did.Resolver{did.KeyResolver{}}...)
+		resolver, err := resolver.NewResolver([]resolver.Resolver{key.Resolver{}}...)
 		assert.NoError(tt, err)
 		verifier := jwx.Verifier{}
 		_, err = VerifyPresentationSubmission(context.Background(), verifier, resolver, "badEmbedTarget", PresentationDefinition{}, []byte{0, 1, 2, 3})
@@ -33,7 +35,7 @@ func TestVerifyPresentationSubmission(t *testing.T) {
 	})
 
 	t.Run("Unsupported embed target", func(tt *testing.T) {
-		resolver, err := did.NewResolver([]did.Resolver{did.KeyResolver{}}...)
+		resolver, err := resolver.NewResolver([]resolver.Resolver{key.Resolver{}}...)
 		assert.NoError(tt, err)
 		verifier := jwx.Verifier{}
 		_, err = VerifyPresentationSubmission(context.Background(), verifier, resolver, "badEmbedTarget", PresentationDefinition{ID: "1"}, []byte{0, 1, 2, 3})
@@ -60,7 +62,7 @@ func TestVerifyPresentationSubmission(t *testing.T) {
 			},
 		}
 
-		resolver, err := did.NewResolver([]did.Resolver{did.KeyResolver{}}...)
+		resolver, err := resolver.NewResolver([]resolver.Resolver{key.Resolver{}}...)
 		assert.NoError(tt, err)
 		_, verifier := getJWKSignerVerifier(tt)
 		_, err = VerifyPresentationSubmission(context.Background(), *verifier, resolver, JWTVPTarget, def, []byte{0, 1, 2, 3})
@@ -88,7 +90,7 @@ func TestVerifyPresentationSubmission(t *testing.T) {
 		}
 		assert.NoError(tt, def.IsValid())
 
-		resolver, err := did.NewResolver([]did.Resolver{did.KeyResolver{}}...)
+		resolver, err := resolver.NewResolver([]resolver.Resolver{key.Resolver{}}...)
 		assert.NoError(tt, err)
 
 		signer, verifier := getJWKSignerVerifier(tt)
@@ -127,7 +129,7 @@ func TestVerifyPresentationSubmission(t *testing.T) {
 		}
 		assert.NoError(tt, def.IsValid())
 
-		resolver, err := did.NewResolver([]did.Resolver{did.KeyResolver{}}...)
+		resolver, err := resolver.NewResolver([]resolver.Resolver{key.Resolver{}}...)
 		assert.NoError(tt, err)
 
 		signer, verifier := getJWKSignerVerifier(tt)

@@ -6,7 +6,8 @@ import (
 	"time"
 
 	"github.com/TBD54566975/ssi-sdk/crypto/jwx"
-	"github.com/TBD54566975/ssi-sdk/did"
+	"github.com/TBD54566975/ssi-sdk/did/resolver"
+
 	"github.com/goccy/go-json"
 	"github.com/google/uuid"
 	"github.com/lestrrat-go/jwx/v2/jwa"
@@ -269,9 +270,9 @@ func SignVerifiablePresentationJWT(signer jwx.Signer, parameters JWTVVPParameter
 // After decoding the signature of each credential in the presentation is verified. If there are any issues during
 // decoding or signature validation, an error is returned. As a result, a successfully decoded VerifiablePresentation
 // object is returned.
-func VerifyVerifiablePresentationJWT(ctx context.Context, verifier jwx.Verifier, resolver did.Resolver, token string) (jws.Headers, jwt.Token, *VerifiablePresentation, error) {
-	if resolver == nil {
-		return nil, nil, nil, errors.New("resolver cannot be empty")
+func VerifyVerifiablePresentationJWT(ctx context.Context, verifier jwx.Verifier, r resolver.Resolver, token string) (jws.Headers, jwt.Token, *VerifiablePresentation, error) {
+	if r == nil {
+		return nil, nil, nil, errors.New("r cannot be empty")
 	}
 
 	// verify outer signature on the token
@@ -300,7 +301,7 @@ func VerifyVerifiablePresentationJWT(ctx context.Context, verifier jwx.Verifier,
 	// verify signature for each credential in the vp
 	for i, cred := range vp.VerifiableCredential {
 		// verify the signature on the credential
-		verified, err := VerifyCredentialSignature(ctx, cred, resolver)
+		verified, err := VerifyCredentialSignature(ctx, cred, r)
 		if err != nil {
 			return nil, nil, nil, errors.Wrapf(err, "verifying credential %d", i)
 		}

@@ -1,5 +1,3 @@
-//go:build jwx_es256k
-
 package credential
 
 import (
@@ -9,7 +7,9 @@ import (
 
 	"github.com/TBD54566975/ssi-sdk/crypto"
 	"github.com/TBD54566975/ssi-sdk/crypto/jwx"
-	"github.com/TBD54566975/ssi-sdk/did"
+	"github.com/TBD54566975/ssi-sdk/did/key"
+	"github.com/TBD54566975/ssi-sdk/did/resolver"
+
 	"github.com/google/uuid"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
@@ -108,7 +108,7 @@ func TestVerifiablePresentationJWT(t *testing.T) {
 		err = verifier.Verify(token)
 		assert.NoError(tt, err)
 
-		resolver, err := did.NewResolver([]did.Resolver{did.KeyResolver{}}...)
+		resolver, err := resolver.NewResolver([]resolver.Resolver{key.Resolver{}}...)
 		require.NoError(tt, err)
 		require.NotEmpty(tt, resolver)
 
@@ -142,7 +142,7 @@ func TestVerifiablePresentationJWT(t *testing.T) {
 		assert.NotEmpty(tt, parsedHeaders)
 		assert.NotEmpty(tt, parsedPres)
 
-		resolver, err := did.NewResolver([]did.Resolver{did.KeyResolver{}}...)
+		resolver, err := resolver.NewResolver([]resolver.Resolver{key.Resolver{}}...)
 		require.NoError(tt, err)
 		require.NotEmpty(tt, resolver)
 
@@ -155,7 +155,7 @@ func TestVerifiablePresentationJWT(t *testing.T) {
 	})
 
 	t.Run("with VC a single valid VC JWT", func(tt *testing.T) {
-		issuerPrivKey, issuerDID, err := did.GenerateDIDKey(crypto.Ed25519)
+		issuerPrivKey, issuerDID, err := key.GenerateDIDKey(crypto.Ed25519)
 		assert.NoError(tt, err)
 		assert.NotEmpty(tt, issuerPrivKey)
 		assert.NotEmpty(tt, issuerDID)
@@ -165,7 +165,7 @@ func TestVerifiablePresentationJWT(t *testing.T) {
 		issuerKID := expandedIssuerDID.VerificationMethod[0].ID
 		assert.NotEmpty(tt, issuerKID)
 
-		subjectPrivKey, subjectDID, err := did.GenerateDIDKey(crypto.Ed25519)
+		subjectPrivKey, subjectDID, err := key.GenerateDIDKey(crypto.Ed25519)
 		assert.NoError(tt, err)
 		assert.NotEmpty(tt, subjectPrivKey)
 		assert.NotEmpty(tt, subjectDID)
@@ -215,7 +215,7 @@ func TestVerifiablePresentationJWT(t *testing.T) {
 		assert.NotEmpty(tt, parsedPres)
 
 		// Verify the VP JWT
-		resolver, err := did.NewResolver([]did.Resolver{did.KeyResolver{}}...)
+		resolver, err := resolver.NewResolver([]resolver.Resolver{key.Resolver{}}...)
 		require.NoError(tt, err)
 		require.NotEmpty(tt, resolver)
 

@@ -8,16 +8,18 @@ import (
 
 	"github.com/TBD54566975/ssi-sdk/crypto/jwx"
 	"github.com/TBD54566975/ssi-sdk/did"
+	"github.com/TBD54566975/ssi-sdk/did/resolver"
+
 	"github.com/pkg/errors"
 )
 
 // VerifyCredentialSignature verifies the signature of a credential of any type
 // TODO(gabe) support other types of credentials https://github.com/TBD54566975/ssi-sdk/issues/352
-func VerifyCredentialSignature(ctx context.Context, genericCred any, resolver did.Resolver) (bool, error) {
+func VerifyCredentialSignature(ctx context.Context, genericCred any, r resolver.Resolver) (bool, error) {
 	if genericCred == nil {
 		return false, errors.New("credential cannot be empty")
 	}
-	if resolver == nil {
+	if r == nil {
 		return false, errors.New("resolver cannot be empty")
 	}
 	switch genericCred.(type) {
@@ -38,28 +40,28 @@ func VerifyCredentialSignature(ctx context.Context, genericCred any, resolver di
 		return false, errors.New("data integrity signature verification not yet implemented")
 	case []byte:
 		// turn it into a string and try again
-		return VerifyCredentialSignature(ctx, string(genericCred.([]byte)), resolver)
+		return VerifyCredentialSignature(ctx, string(genericCred.([]byte)), r)
 	case string:
 		// could be a Data Integrity credential
 		var cred VerifiableCredential
 		if err := json.Unmarshal([]byte(genericCred.(string)), &cred); err == nil {
-			return VerifyCredentialSignature(ctx, cred, resolver)
+			return VerifyCredentialSignature(ctx, cred, r)
 		}
 
 		// could be a JWT
-		return VerifyJWTCredential(genericCred.(string), resolver)
+		return VerifyJWTCredential(genericCred.(string), r)
 	}
 	return false, fmt.Errorf("invalid credential type: %s", reflect.TypeOf(genericCred).Kind().String())
 }
 
 // VerifyJWTCredential verifies the signature of a JWT credential after parsing it to resolve the issuer DID
 // The issuer DID is resolver from the provided resolver, and used to find the issuer's public key matching
 // the KID in the JWT header.
-func VerifyJWTCredential(cred string, resolver did.Resolver) (bool, error) {
+func VerifyJWTCredential(cred string, r resolver.Resolver) (bool, error) {
 	if cred == "" {
 		return false, errors.New("credential cannot be empty")
 	}
-	if resolver == nil {
+	if r == nil {
 		return false, errors.New("resolver cannot be empty")
 	}
 	headers, token, _, err := ParseVerifiableCredentialFromJWT(cred)
@@ -72,7 +74,7 @@ func VerifyJWTCredential(cred string, resolver did.Resolver) (bool, error) {
 	if issuerKID == "" {
 		return false, errors.Errorf("missing kid in header of credential<%s>", token.JwtID())
 	}
-	issuerDID, err := resolver.Resolve(context.Background(), token.Issuer())
+	issuerDID, err := r.Resolve(context.Background(), token.Issuer())
 	if err != nil {
 		return false, errors.Wrapf(err, "error getting issuer DID<%s> to verify credential<%s>", token.Issuer(), token.JwtID())
 	}