Skip to content
This repository has been archived by the owner on Dec 12, 2024. It is now read-only.

Remove returning private keys #417

Merged
merged 7 commits into from
May 9, 2023
Merged

Remove returning private keys #417

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
43ae126
remove returning priv keys
May 9, 2023
f0786e4
update docs and integration tests
May 9, 2023
66e960b
fix alice priv key
May 9, 2023
2d01d2f
more int test fixes
May 9, 2023
e708f4c
Test fiox
May 9, 2023
2923b55
Refactor credential application logic (#416)
decentralgabe May 9, 2023
ad9ce00
Merge branch 'main' into make-fully-custodail
decentralgabe May 9, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 1 addition & 6 deletions pkg/server/router/did.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -124,12 +124,7 @@ func (dr DIDRouter) CreateDIDByMethod(ctx context.Context, w http.ResponseWriter
return framework.NewRequestError(errors.Wrap(err, errMsg), http.StatusInternalServerError)
}

resp := CreateDIDByMethodResponse{
DID: createDIDResponse.DID,
PrivateKeyBase58: createDIDResponse.PrivateKeyBase58,
KeyType: createDIDResponse.KeyType,
}

resp := CreateDIDByMethodResponse{DID: createDIDResponse.DID}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is it possible to:

  1. Remove the fields you deleted from the CreateDIDByMethodResponse?
  2. Update the documentation of this endpoint, particularly the description? From the perspective of a dev using ssi-service, it's important to understand what happens to the keys when this method is called.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  1. yes - done
  2. yes will update good call

return framework.Respond(ctx, w, resp, http.StatusCreated)
}

Expand Down
16 changes: 8 additions & 8 deletions pkg/server/router/manifest_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,6 @@ import (
"github.com/TBD54566975/ssi-sdk/crypto"
didsdk "github.com/TBD54566975/ssi-sdk/did"
"github.com/google/uuid"
"github.com/mr-tron/base58"
"github.com/stretchr/testify/assert"

"github.com/tbd54566975/ssi-service/pkg/service/manifest/model"
Expand Down Expand Up @@ -63,7 +62,12 @@ func TestManifestRouter(t *testing.T) {
assert.NoError(tt, err)
assert.NotEmpty(tt, issuerDID)

applicantDID, err := didService.CreateDIDByMethod(context.Background(), createDIDRequest)
applicantPrivKey, applicantDIDKey, err := didsdk.GenerateDIDKey(crypto.Ed25519)
assert.NoError(tt, err)
assert.NotEmpty(tt, applicantPrivKey)
assert.NotEmpty(tt, applicantDIDKey)

applicantDID, err := applicantDIDKey.Expand()
assert.NoError(tt, err)
assert.NotEmpty(tt, applicantDID)

Expand All @@ -86,7 +90,7 @@ func TestManifestRouter(t *testing.T) {
createdCred, err := credentialService.CreateCredential(context.Background(), credential.CreateCredentialRequest{
Issuer: issuerDID.DID.ID,
IssuerKID: kid,
Subject: applicantDID.DID.ID,
Subject: applicantDID.ID,
SchemaID: createdSchema.ID,
Data: map[string]any{"licenseType": "WA-DL-CLASS-A"},
})
Expand Down Expand Up @@ -115,11 +119,7 @@ func TestManifestRouter(t *testing.T) {
applicationRequest := getValidApplicationRequest(m.ID, m.PresentationDefinition.ID, m.PresentationDefinition.InputDescriptors[0].ID, containers)

// sign application
applicantPrivKeyBytes, err := base58.Decode(applicantDID.PrivateKeyBase58)
assert.NoError(tt, err)
applicantPrivKey, err := crypto.BytesToPrivKey(applicantPrivKeyBytes, applicantDID.KeyType)
assert.NoError(tt, err)
signer, err := keyaccess.NewJWKKeyAccess(applicantDID.DID.ID, applicantDID.DID.VerificationMethod[0].ID, applicantPrivKey)
signer, err := keyaccess.NewJWKKeyAccess(applicantDID.ID, applicantDID.VerificationMethod[0].ID, applicantPrivKey)
assert.NoError(tt, err)
signed, err := signer.SignJSON(applicationRequest)
assert.NoError(tt, err)
Expand Down
14 changes: 4 additions & 10 deletions pkg/server/router/presentation_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@ package router

import (
"context"
gocrypto "crypto"
"testing"

"github.com/TBD54566975/ssi-sdk/credential/exchange"
Expand Down Expand Up @@ -35,14 +34,9 @@ func TestPresentationDefinitionRouter(t *testing.T) {
})
}

type Public interface {
Public() gocrypto.PublicKey
}

func TestPresentationDefinitionService(t *testing.T) {

s := setupTestDB(t)
assert.NotNil(t, s)
assert.NotEmpty(t, s)

keyStoreService := testKeyStoreService(t, s)
didService := testDIDService(t, s, keyStoreService)
Expand All @@ -52,11 +46,11 @@ func TestPresentationDefinitionService(t *testing.T) {
KeyType: crypto.Ed25519,
})
require.NoError(t, err)
privKeyBytes, err := base58.Decode(authorDID.PrivateKeyBase58)
pubKeyBytes, err := base58.Decode(authorDID.DID.VerificationMethod[0].PublicKeyBase58)
require.NoError(t, err)
privKey, err := crypto.BytesToPrivKey(privKeyBytes, authorDID.KeyType)
pubKey, err := crypto.BytesToPubKey(pubKeyBytes, crypto.Ed25519)
require.NoError(t, err)
ka, err := keyaccess.NewJWKKeyAccessVerifier(authorDID.DID.ID, authorDID.DID.ID, privKey.(Public).Public())
ka, err := keyaccess.NewJWKKeyAccessVerifier(authorDID.DID.ID, authorDID.DID.ID, pubKey)
require.NoError(t, err)

service, err := presentation.NewPresentationService(config.PresentationServiceConfig{}, s, didService.GetResolver(), schemaService, keyStoreService)
Expand Down
105 changes: 47 additions & 58 deletions pkg/server/server_manifest_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,6 @@ import (
"github.com/benbjohnson/clock"
"github.com/goccy/go-json"
"github.com/google/uuid"
"github.com/mr-tron/base58"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"

Expand Down Expand Up @@ -350,12 +349,14 @@ func TestManifestAPI(t *testing.T) {
assert.NotEmpty(tt, issuerDID)

// create an applicant
applicantDID, err := didService.CreateDIDByMethod(context.Background(), did.CreateDIDRequest{
Method: didsdk.KeyMethod,
KeyType: crypto.Ed25519,
})
applicantPrivKey, applicantDIDKey, err := didsdk.GenerateDIDKey(crypto.Ed25519)
assert.NoError(tt, err)
assert.NotEmpty(tt, issuerDID)
assert.NotEmpty(tt, applicantPrivKey)
assert.NotEmpty(tt, applicantDIDKey)

applicantDID, err := applicantDIDKey.Expand()
assert.NoError(tt, err)
assert.NotEmpty(tt, applicantDID)

// create a schema for the creds to be issued against
licenseSchema := map[string]any{
Expand All @@ -380,7 +381,7 @@ func TestManifestAPI(t *testing.T) {
credential.CreateCredentialRequest{
Issuer: issuerDID.DID.ID,
IssuerKID: kid,
Subject: applicantDID.DID.ID,
Subject: applicantDID.ID,
SchemaID: createdSchema.ID,
Data: map[string]any{
"licenseType": "WA-DL-CLASS-A",
Expand Down Expand Up @@ -413,11 +414,7 @@ func TestManifestAPI(t *testing.T) {
applicationRequest := getValidApplicationRequest(m.ID, m.PresentationDefinition.ID, m.PresentationDefinition.InputDescriptors[0].ID, container)

// sign application
applicantPrivKeyBytes, err := base58.Decode(applicantDID.PrivateKeyBase58)
assert.NoError(tt, err)
applicantPrivKey, err := crypto.BytesToPrivKey(applicantPrivKeyBytes, applicantDID.KeyType)
assert.NoError(tt, err)
signer, err := keyaccess.NewJWKKeyAccess(applicantDID.DID.ID, applicantDID.DID.VerificationMethod[0].ID, applicantPrivKey)
signer, err := keyaccess.NewJWKKeyAccess(applicantDID.ID, applicantDID.VerificationMethod[0].ID, applicantPrivKey)
assert.NoError(tt, err)
signed, err := signer.SignJSON(applicationRequest)
assert.NoError(tt, err)
Expand Down Expand Up @@ -452,7 +449,7 @@ func TestManifestAPI(t *testing.T) {
_, _, vc, err := credsdk.ToCredential(appResp.Credentials[0])
assert.NoError(tt, err)
expectedSubject := credsdk.CredentialSubject{
"id": applicantDID.DID.ID,
"id": applicantDID.ID,
"state": "CA",
"firstName": "Tester",
"lastName": "McTest",
Expand All @@ -465,7 +462,7 @@ func TestManifestAPI(t *testing.T) {
_, _, vc2, err := credsdk.ToCredential(appResp.Credentials[1])
assert.NoError(tt, err)
expectedSubject = credsdk.CredentialSubject{
"id": applicantDID.DID.ID,
"id": applicantDID.ID,
"someCrazyObject": map[string]any{
"foo": 123.,
"bar": false,
Expand Down Expand Up @@ -515,12 +512,14 @@ func TestManifestAPI(t *testing.T) {
assert.NotEmpty(tt, issuerDID)

// create an applicant
applicantDID, err := didService.CreateDIDByMethod(context.Background(), did.CreateDIDRequest{
Method: didsdk.KeyMethod,
KeyType: crypto.Ed25519,
})
applicantPrivKey, applicantDIDKey, err := didsdk.GenerateDIDKey(crypto.Ed25519)
assert.NoError(tt, err)
assert.NotEmpty(tt, issuerDID)
assert.NotEmpty(tt, applicantPrivKey)
assert.NotEmpty(tt, applicantDIDKey)

applicantDID, err := applicantDIDKey.Expand()
assert.NoError(tt, err)
assert.NotEmpty(tt, applicantDID)

// create a schema for the creds to be issued against
licenseSchema := map[string]any{
Expand All @@ -542,7 +541,7 @@ func TestManifestAPI(t *testing.T) {
createdCred, err := credentialService.CreateCredential(context.Background(), credential.CreateCredentialRequest{
Issuer: issuerDID.DID.ID,
IssuerKID: kid,
Subject: applicantDID.DID.ID,
Subject: applicantDID.ID,
SchemaID: createdSchema.ID,
Data: map[string]any{"licenseType": "WA-DL-CLASS-A"},
})
Expand Down Expand Up @@ -572,11 +571,7 @@ func TestManifestAPI(t *testing.T) {
applicationRequest := getValidApplicationRequest(m.ID, m.PresentationDefinition.ID, m.PresentationDefinition.InputDescriptors[0].ID, container)

// sign application
applicantPrivKeyBytes, err := base58.Decode(applicantDID.PrivateKeyBase58)
assert.NoError(tt, err)
applicantPrivKey, err := crypto.BytesToPrivKey(applicantPrivKeyBytes, applicantDID.KeyType)
assert.NoError(tt, err)
signer, err := keyaccess.NewJWKKeyAccess(applicantDID.DID.ID, applicantDID.DID.VerificationMethod[0].ID, applicantPrivKey)
signer, err := keyaccess.NewJWKKeyAccess(applicantDID.ID, applicantDID.VerificationMethod[0].ID, applicantPrivKey)
assert.NoError(tt, err)
signed, err := signer.SignJSON(applicationRequest)
assert.NoError(tt, err)
Expand Down Expand Up @@ -629,7 +624,7 @@ func TestManifestAPI(t *testing.T) {
_, _, vc, err := credsdk.ToCredential(appResp.Credentials[0])
assert.NoError(tt, err)
assert.Equal(tt, credsdk.CredentialSubject{
"id": applicantDID.DID.ID,
"id": applicantDID.ID,
"looks": "pretty darn handsome",
}, vc.CredentialSubject)
assert.Equal(tt, expireAt.Format(time.RFC3339), vc.ExpirationDate)
Expand Down Expand Up @@ -672,12 +667,14 @@ func TestManifestAPI(t *testing.T) {
assert.NotEmpty(tt, issuerDID)

// create an applicant
applicantDID, err := didService.CreateDIDByMethod(context.Background(), did.CreateDIDRequest{
Method: didsdk.KeyMethod,
KeyType: crypto.Ed25519,
})
applicantPrivKey, applicantDIDKey, err := didsdk.GenerateDIDKey(crypto.Ed25519)
assert.NoError(tt, err)
assert.NotEmpty(tt, issuerDID)
assert.NotEmpty(tt, applicantPrivKey)
assert.NotEmpty(tt, applicantDIDKey)

applicantDID, err := applicantDIDKey.Expand()
assert.NoError(tt, err)
assert.NotEmpty(tt, applicantDID)

// create a schema for the creds to be issued against
licenseSchema := map[string]any{
Expand All @@ -699,7 +696,7 @@ func TestManifestAPI(t *testing.T) {
createdCred, err := credentialService.CreateCredential(context.Background(), credential.CreateCredentialRequest{
Issuer: issuerDID.DID.ID,
IssuerKID: kid,
Subject: applicantDID.DID.ID,
Subject: applicantDID.ID,
SchemaID: createdSchema.ID,
Data: map[string]any{"licenseType": "WA-DL-CLASS-A"},
})
Expand Down Expand Up @@ -733,11 +730,7 @@ func TestManifestAPI(t *testing.T) {
applicationRequest.CredentialApplication.PresentationSubmission = nil

// sign application
applicantPrivKeyBytes, err := base58.Decode(applicantDID.PrivateKeyBase58)
assert.NoError(tt, err)
applicantPrivKey, err := crypto.BytesToPrivKey(applicantPrivKeyBytes, applicantDID.KeyType)
assert.NoError(tt, err)
signer, err := keyaccess.NewJWKKeyAccess(applicantDID.DID.ID, applicantDID.DID.VerificationMethod[0].ID, applicantPrivKey)
signer, err := keyaccess.NewJWKKeyAccess(applicantDID.ID, applicantDID.VerificationMethod[0].ID, applicantPrivKey)
assert.NoError(tt, err)
signed, err := signer.SignJSON(applicationRequest)
assert.NoError(tt, err)
Expand Down Expand Up @@ -825,10 +818,12 @@ func TestManifestAPI(t *testing.T) {
assert.NotEmpty(tt, issuerDID)

// create an applicant
applicantDID, err := didService.CreateDIDByMethod(context.Background(), did.CreateDIDRequest{
Method: didsdk.KeyMethod,
KeyType: crypto.Ed25519,
})
applicantPrivKey, applicantDIDKey, err := didsdk.GenerateDIDKey(crypto.Ed25519)
assert.NoError(tt, err)
assert.NotEmpty(tt, applicantPrivKey)
assert.NotEmpty(tt, applicantDIDKey)

applicantDID, err := applicantDIDKey.Expand()
assert.NoError(tt, err)
assert.NotEmpty(tt, applicantDID)

Expand All @@ -852,7 +847,7 @@ func TestManifestAPI(t *testing.T) {
createdCred, err := credentialService.CreateCredential(context.Background(), credential.CreateCredentialRequest{
Issuer: issuerDID.DID.ID,
IssuerKID: kid,
Subject: applicantDID.DID.ID,
Subject: applicantDID.ID,
SchemaID: createdSchema.ID,
Data: map[string]any{"licenseType": "WA-DL-CLASS-A"},
})
Expand Down Expand Up @@ -880,11 +875,7 @@ func TestManifestAPI(t *testing.T) {
applicationRequest := getValidApplicationRequest(m.ID, m.PresentationDefinition.ID, m.PresentationDefinition.InputDescriptors[0].ID, container)

// sign application
applicantPrivKeyBytes, err := base58.Decode(applicantDID.PrivateKeyBase58)
assert.NoError(tt, err)
applicantPrivKey, err := crypto.BytesToPrivKey(applicantPrivKeyBytes, applicantDID.KeyType)
assert.NoError(tt, err)
signer, err := keyaccess.NewJWKKeyAccess(applicantDID.DID.ID, applicantDID.DID.VerificationMethod[0].ID, applicantPrivKey)
signer, err := keyaccess.NewJWKKeyAccess(applicantDID.ID, applicantDID.VerificationMethod[0].ID, applicantPrivKey)
assert.NoError(tt, err)
signed, err := signer.SignJSON(applicationRequest)
assert.NoError(tt, err)
Expand Down Expand Up @@ -980,12 +971,14 @@ func TestManifestAPI(t *testing.T) {
assert.NotEmpty(tt, issuerDID)

// create an applicant
applicantDID, err := didService.CreateDIDByMethod(context.Background(), did.CreateDIDRequest{
Method: didsdk.KeyMethod,
KeyType: crypto.Ed25519,
})
applicantPrivKey, applicantDIDKey, err := didsdk.GenerateDIDKey(crypto.Ed25519)
assert.NoError(tt, err)
assert.NotEmpty(tt, issuerDID)
assert.NotEmpty(tt, applicantPrivKey)
assert.NotEmpty(tt, applicantDIDKey)

applicantDID, err := applicantDIDKey.Expand()
assert.NoError(tt, err)
assert.NotEmpty(tt, applicantDID)

// create a schema for the creds to be issued against
licenseSchema := map[string]any{
Expand All @@ -1007,7 +1000,7 @@ func TestManifestAPI(t *testing.T) {
createdCred, err := credentialService.CreateCredential(context.Background(), credential.CreateCredentialRequest{
Issuer: issuerDID.DID.ID,
IssuerKID: kid,
Subject: applicantDID.DID.ID,
Subject: applicantDID.ID,
SchemaID: createdSchema.ID,
Data: map[string]any{"licenseType": "WA-DL-CLASS-A"},
})
Expand Down Expand Up @@ -1035,11 +1028,7 @@ func TestManifestAPI(t *testing.T) {
applicationRequest := getValidApplicationRequest(m.ID, m.PresentationDefinition.ID, m.PresentationDefinition.InputDescriptors[0].ID, container)

// sign application
applicantPrivKeyBytes, err := base58.Decode(applicantDID.PrivateKeyBase58)
assert.NoError(tt, err)
applicantPrivKey, err := crypto.BytesToPrivKey(applicantPrivKeyBytes, applicantDID.KeyType)
assert.NoError(tt, err)
signer, err := keyaccess.NewJWKKeyAccess(applicantDID.DID.ID, applicantDID.DID.VerificationMethod[0].ID, applicantPrivKey)
signer, err := keyaccess.NewJWKKeyAccess(applicantDID.ID, applicantDID.VerificationMethod[0].ID, applicantPrivKey)
assert.NoError(tt, err)
signed, err := signer.SignJSON(applicationRequest)
assert.NoError(tt, err)
Expand Down
10 changes: 1 addition & 9 deletions pkg/service/did/ion.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -197,15 +197,7 @@ func (h *ionHandler) CreateDID(ctx context.Context, request CreateDIDRequest) (*
return nil, errors.Wrap(err, "could not store did:ion private key")
}

privKeyBytes, err := crypto.PrivKeyToBytes(privKey)
if err != nil {
return nil, errors.Wrap(err, "converting private key to bytes")
}
return &CreateDIDResponse{
DID: didDoc,
PrivateKeyBase58: base58.Encode(privKeyBytes),
KeyType: request.KeyType,
}, nil
return &CreateDIDResponse{DID: didDoc}, nil
}

func keyToStoreRequest(kid string, privateKeyJWK crypto.PrivateKeyJWK, controller string) (*keystore.StoreKeyRequest, error) {
Expand Down
3 changes: 0 additions & 3 deletions pkg/service/did/ion_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -71,7 +71,6 @@ func TestIONHandler(t *testing.T) {
})
assert.NoError(tt, err)
assert.NotEmpty(tt, created)
assert.Equal(tt, crypto.Ed25519, created.KeyType)
})

t.Run("Test Create DID", func(tt *testing.T) {
Expand All @@ -91,7 +90,6 @@ func TestIONHandler(t *testing.T) {
})
assert.NoError(tt, err)
assert.NotEmpty(tt, created)
assert.Equal(tt, crypto.Ed25519, created.KeyType)

// get the did
gotDID, err := handler.GetDID(context.Background(), GetDIDRequest{
Expand Down Expand Up @@ -124,7 +122,6 @@ func TestIONHandler(t *testing.T) {
})
assert.NoError(tt, err)
assert.NotEmpty(tt, created)
assert.Equal(tt, crypto.Ed25519, created.KeyType)

gock.New("https://test-ion-resolver.com").
Get("/identifiers/" + created.DID.ID).
Expand Down
7 changes: 1 addition & 6 deletions pkg/service/did/key.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -77,12 +77,7 @@ func (h *keyHandler) CreateDID(ctx context.Context, request CreateDIDRequest) (*
if err = h.keyStore.StoreKey(ctx, keyStoreRequest); err != nil {
return nil, errors.Wrap(err, "could not store did:key private key")
}

return &CreateDIDResponse{
DID: storedDID.DID,
PrivateKeyBase58: privKeyBase58,
KeyType: request.KeyType,
}, nil
return &CreateDIDResponse{DID: storedDID.DID}, nil
}

func (h *keyHandler) GetDID(ctx context.Context, request GetDIDRequest) (*GetDIDResponse, error) {
Expand Down
Loading