On chain RHS publishing (#160)

* On chain RHS publishing

* Add credential status publisher registry

Author: Kolezhniuk

.github/workflows/ci.yaml

@@ -58,4 +58,6 @@ jobs:
           WALLET_KEY: ${{ secrets.WALLET_KEY }}
           RPC_URL: ${{ secrets.RPC_URL }}
           RHS_URL: ${{ secrets.RHS_URL }}
+          STATE_CONTRACT_ADDRESS: ${{ secrets.STATE_CONTRACT_ADDRESS }}
+          RHS_CONTRACT_ADDRESS: ${{ secrets.RHS_CONTRACT_ADDRESS }}
         run: npm run test

README.md

@@ -30,9 +30,11 @@ To run them, please set following variables:
 
 ```bash
 export WALLET_KEY="...key in hex format"
-export RPC_URL="...url to polygon network rpc node"
+export RPC_URL="...url to network rpc node"
 export RHS_URL="..reverse hash service url"
 export IPFS_URL="url for ipfs"
+export STATE_CONTRACT_ADDRESS="state contract address"
+export RHS_CONTRACT_ADDRESS="reverse hash service contract address"
 
 ```
 

src/credentials/credential-wallet.ts

@@ -1,4 +1,4 @@
-import { DID } from '@iden3/js-iden3-core';
+import { DID, getChainId } from '@iden3/js-iden3-core';
 import { IDataStorage } from '../storage/interfaces';
 import {
   W3CCredential,
@@ -335,7 +335,7 @@ export class CredentialWallet implements ICredentialWallet {
       type: VerifiableConstants.JSON_SCHEMA_VALIDATOR
     };
 
-    cr.credentialStatus = this.buildCredentialStatus(request);
+    cr.credentialStatus = this.buildCredentialStatus(request, issuer);
 
     return cr;
   };
@@ -345,7 +345,7 @@ export class CredentialWallet implements ICredentialWallet {
    * @param {CredentialRequest} request
    * @returns `CredentialStatus`
    */
-  private buildCredentialStatus(request: CredentialRequest): CredentialStatus {
+  private buildCredentialStatus(request: CredentialRequest, issuer: DID): CredentialStatus {
     const credentialStatus: CredentialStatus = {
       id: request.revocationOpts.id,
       type: request.revocationOpts.type,
@@ -367,6 +367,24 @@ export class CredentialWallet implements ICredentialWallet {
               }`
             : `${credentialStatus.id.replace(/\/$/, '')}`
         };
+      case CredentialStatusType.Iden3OnchainSparseMerkleTreeProof2023: {
+        const issuerId = DID.idFromDID(issuer);
+        const chainId = getChainId(DID.blockchainFromId(issuerId), DID.networkIdFromId(issuerId));
+        const searchParams = [
+          ['revocationNonce', request.revocationOpts.nonce?.toString() || ''],
+          ['contractAddress', `${chainId}:${request.revocationOpts.id}`],
+          ['state', request.revocationOpts.issuerState || '']
+        ]
+          .filter(([, value]) => Boolean(value))
+          .map(([key, value]) => `${key}=${value}`)
+          .join('&');
+
+        return {
+          ...credentialStatus,
+          // `[did]:[methodid]:[chain]:[network]:[id]/credentialStatus?(revocationNonce=value)&[contractAddress=[chainID]:[contractAddress]]&(state=issuerState)`
+          id: `${issuer.string()}/credentialStatus?${searchParams}`
+        };
+      }
       default:
         return credentialStatus;
     }

src/credentials/index.ts

@@ -3,6 +3,7 @@ export * from './status/reverse-sparse-merkle-tree';
 export * from './status/sparse-merkle-tree';
 export * from './status/resolver';
 export * from './status/agent-revocation';
+export * from './status/credential-status-publisher';
 export * from './status/utils';
 export * from './credential-wallet';
 export * from './rhs';

src/credentials/rhs.ts

@@ -1,15 +1,10 @@
-import {
-  Hash,
-  newHashFromBigInt,
-  testBit,
-  Merkletree,
-  NodeLeaf,
-  Siblings
-} from '@iden3/js-merkletree';
+import { Hash, testBit, Merkletree, NodeLeaf, Siblings } from '@iden3/js-merkletree';
 
 import { NODE_TYPE_LEAF } from '@iden3/js-merkletree';
 import { hashElems } from '@iden3/js-merkletree';
 import { ProofNode } from './status/reverse-sparse-merkle-tree';
+import { Iden3SmtRhsCredentialStatusPublisher } from './status/credential-status-publisher';
+import { CredentialStatusType } from '../verifiable';
 /**
  * Interface to unite contains three trees: claim, revocation and rootOfRoots
  * Also contains the current state of identity
@@ -29,6 +24,7 @@ export interface TreesModel {
  * A reverse hash service (RHS) is a centralized or decentralized service for storing publicly available data about identity.
  * Such data are identity state and state of revocation tree and roots tree root tree.
  *
+ * @deprecated Use `pushHashesToReverseHashService` instead.
  * @param {Hash} state - current state of identity
  * @param {TreesModel} trees - current trees of identity (claims, revocation, rootOfRoots )
  * @param {string} rhsUrl - URL of service
@@ -41,6 +37,28 @@ export async function pushHashesToRHS(
   rhsUrl: string,
   revokedNonces?: number[]
 ): Promise<void> {
+  const nodes = await getNodesRepresentation(revokedNonces, trees, state);
+  const publisher = new Iden3SmtRhsCredentialStatusPublisher();
+  await publisher.publish({
+    nodes,
+    credentialStatusType: CredentialStatusType.Iden3ReverseSparseMerkleTreeProof,
+    rhsUrl: rhsUrl
+  });
+}
+
+/**
+ * Retrieves the representation of nodes for generating a proof.
+ *
+ * @param revokedNonces - An array of revoked nonces.
+ * @param trees - The TreesModel object containing the necessary trees.
+ * @param state - The hash of the state.
+ * @returns A Promise that resolves to an array of ProofNode objects.
+ */
+export async function getNodesRepresentation(
+  revokedNonces: number[] | undefined,
+  trees: TreesModel,
+  state: Hash
+): Promise<ProofNode[]> {
   const nb = new NodesBuilder();
 
   if (revokedNonces) {
@@ -60,16 +78,7 @@ export async function pushHashesToRHS(
     );
   }
 
-  if (nb.nodes.length > 0) {
-    await saveNodes(nb.nodes, rhsUrl);
-  }
-}
-
-async function saveNodes(nodes: ProofNode[], nodeUrl: string): Promise<boolean> {
-  const nodesJSON = nodes.map((n) => n.toJSON());
-  const resp = await fetch(nodeUrl + '/node', { method: 'post', body: JSON.stringify(nodesJSON) });
-  const status = resp.status;
-  return status === 200;
+  return nb.nodes;
 }
 
 async function addRoRNode(nb: NodesBuilder, trees: TreesModel): Promise<void> {
@@ -78,6 +87,7 @@ async function addRoRNode(nb: NodesBuilder, trees: TreesModel): Promise<void> {
 
   return nb.addKey(currentRootsTree, (await claimsTree.root()).bigInt());
 }
+
 async function addRevocationNode(
   nb: NodesBuilder,
   trees: TreesModel,
@@ -105,9 +115,9 @@ class NodesBuilder {
   async addKey(tree: Merkletree, nodeKey: bigint): Promise<void> {
     const { value: nodeValue, siblings } = await tree.get(nodeKey);
 
-    const nodeKeyHash = newHashFromBigInt(nodeKey);
+    const nodeKeyHash = Hash.fromBigInt(nodeKey);
 
-    const nodeValueHash = newHashFromBigInt(nodeValue);
+    const nodeValueHash = Hash.fromBigInt(nodeValue);
 
     const node = new NodeLeaf(nodeKeyHash, nodeValueHash);
     const newNodes: ProofNode[] = await buildNodesUp(siblings, node);
@@ -142,7 +152,7 @@ async function buildNodesUp(siblings: Siblings, node: NodeLeaf): Promise<ProofNo
     nodes[index] = new ProofNode();
   }
   nodes[sl].hash = prevHash;
-  const hashOfOne = newHashFromBigInt(BigInt(1));
+  const hashOfOne = Hash.fromBigInt(BigInt(1));
 
   nodes[sl].children = [node.entry[0], node.entry[1], hashOfOne];
 
@@ -157,7 +167,7 @@ async function buildNodesUp(siblings: Siblings, node: NodeLeaf): Promise<ProofNo
       nodes[i].children[0] = prevHash;
       nodes[i].children[1] = siblings[i];
     }
-    nodes[i].hash = await hashElems([nodes[i].children[0].bigInt(), nodes[i].children[1].bigInt()]);
+    nodes[i].hash = hashElems([nodes[i].children[0].bigInt(), nodes[i].children[1].bigInt()]);
 
     prevHash = nodes[i].hash;
   }

src/credentials/status/credential-status-publisher.ts

@@ -0,0 +1,120 @@
+import { TransactionReceipt } from 'ethers';
+import { JSONObject } from '../../iden3comm';
+import { OnChainRevocationStorage } from '../../storage';
+import { CredentialStatusType } from '../../verifiable';
+import { ProofNode } from './reverse-sparse-merkle-tree';
+
+/**
+ * Represents a credential status publisher.
+ */
+export interface ICredentialStatusPublisher {
+  /**
+   * Publishes the credential status.
+   * @param params - The parameters for publishing the status.
+   * @returns A promise that resolves when the status is published.
+   */
+  publish(params: JSONObject): Promise<void>;
+}
+
+/**
+ * Registry for managing credential status publishers.
+ */
+export class CredentialStatusPublisherRegistry {
+  private _publishers: Map<CredentialStatusType, ICredentialStatusPublisher[]> = new Map();
+
+  /**
+   * Registers one or more credential status publishers for a given type.
+   * @param type - The credential status type.
+   * @param publisher - One or more credential status publishers.
+   */
+  public register(type: CredentialStatusType, ...publisher: ICredentialStatusPublisher[]): void {
+    const publishers = this._publishers.get(type) ?? [];
+    publishers.push(...publisher);
+    this._publishers.set(type, publishers);
+  }
+
+  /**
+   * Retrieves the credential status publishers for a given type.
+   * @param type - The credential status type.
+   * @returns An array of credential status publishers or undefined if none are registered for the given type.
+   */
+  public get(type: CredentialStatusType): ICredentialStatusPublisher[] | undefined {
+    return this._publishers.get(type);
+  }
+}
+
+/**
+ * Implementation of the ICredentialStatusPublisher interface for publishing on-chain credential status.
+ */
+export class Iden3OnchainSmtCredentialStatusPublisher implements ICredentialStatusPublisher {
+  constructor(private readonly _storage: OnChainRevocationStorage) {}
+
+  /**
+   * Publishes the credential status to the blockchain.
+   * @param params - The parameters for publishing the credential status.
+   */
+  public async publish(params: {
+    nodes: ProofNode[];
+    credentialStatusType: CredentialStatusType;
+    onChain?: { txCallback?: (tx: TransactionReceipt) => Promise<void> };
+  }): Promise<void> {
+    if (
+      ![CredentialStatusType.Iden3OnchainSparseMerkleTreeProof2023].includes(
+        params.credentialStatusType
+      )
+    ) {
+      throw new Error(
+        `On-chain publishing is not supported for credential status type ${params.credentialStatusType}`
+      );
+    }
+    const nodesBigInts = params.nodes.map((n) => n.children.map((c) => c.bigInt()));
+
+    const txPromise = this._storage.saveNodes(nodesBigInts);
+
+    if (params.onChain?.txCallback) {
+      const cb = params.onChain?.txCallback;
+      txPromise.then((receipt) => cb(receipt));
+      return;
+    }
+
+    await txPromise;
+  }
+}
+
+/**
+ * Implementation of the ICredentialStatusPublisher interface for publishing off-chain credential status.
+ */
+export class Iden3SmtRhsCredentialStatusPublisher implements ICredentialStatusPublisher {
+  /**
+   * Publishes the credential status to a specified node URL.
+   * @param params - The parameters for publishing the credential status.
+   * @param params.nodes - The proof nodes to be published.
+   * @param params.rhsUrl - The URL of the node to publish the credential status to.
+   * @returns A promise that resolves when the credential status is successfully published.
+   * @throws An error if the publishing fails.
+   */
+  public async publish(params: {
+    nodes: ProofNode[];
+    credentialStatusType: CredentialStatusType;
+
+    rhsUrl: string;
+  }): Promise<void> {
+    if (
+      ![CredentialStatusType.Iden3ReverseSparseMerkleTreeProof].includes(
+        params.credentialStatusType
+      )
+    ) {
+      throw new Error(
+        `On-chain publishing is not supported for credential status type ${params.credentialStatusType}`
+      );
+    }
+    const nodesJSON = params.nodes.map((n) => n.toJSON());
+    const resp = await fetch(params.rhsUrl + '/node', {
+      method: 'post',
+      body: JSON.stringify(nodesJSON)
+    });
+    if (resp.status !== 200) {
+      throw new Error(`Failed to publish credential status. Status: ${resp.status}`);
+    }
+  }
+}

src/credentials/utils.ts

@@ -1,5 +1,7 @@
 import { DID } from '@iden3/js-iden3-core';
 import { W3CCredential } from '../verifiable';
+import { PublicKey } from '@iden3/js-crypto';
+import { KmsKeyId, KmsKeyType, keyPath } from '../kms';
 
 /**
  * Retrieves the user DID from a given credential.
@@ -20,3 +22,15 @@ export const getUserDIDFromCredential = (issuerDID: DID, credential: W3CCredenti
   }
   return DID.parse(credential.credentialSubject.id);
 };
+
+export const getKMSIdByAuthCredential = (credential: W3CCredential): KmsKeyId => {
+  if (!credential.type.includes('AuthBJJCredential')) {
+    throw new Error("can't sign with not AuthBJJCredential credential");
+  }
+  const x = credential.credentialSubject['x'] as unknown as string;
+  const y = credential.credentialSubject['y'] as unknown as string;
+
+  const pb: PublicKey = new PublicKey([BigInt(x), BigInt(y)]);
+  const kp = keyPath(KmsKeyType.BabyJubJub, pb.hex());
+  return { type: KmsKeyType.BabyJubJub, id: kp };
+};