Merge pull request #151 from alan-turing-institute/148-cas-keys

DID resolution including >1kB keys
alan-turing-institute · Nov 17, 2023 · 96d8809 · 96d8809
2 parents b704ea2 + 2da3ae8
commit 96d8809
Show file tree

Hide file tree

Showing 19 changed files with 781 additions and 428 deletions.
diff --git a/trustchain-api/src/api.rs b/trustchain-api/src/api.rs
@@ -14,7 +14,7 @@ use trustchain_core::{
     chain::DIDChain,
     holder::Holder,
     issuer::{Issuer, IssuerError},
-    resolver::{Resolver, ResolverResult},
+    resolver::{ResolverResult, TrustchainResolver},
     vc::CredentialError,
     verifier::{Timestamp, Verifier, VerifierError},
     vp::PresentationError,
@@ -42,10 +42,7 @@ pub trait TrustchainDIDAPI {
         attest_operation(did, controlled_did, verbose).await
     }
     /// Resolves a given DID using given endpoint.
-    async fn resolve<T>(did: &str, resolver: &Resolver<T>) -> ResolverResult
-    where
-        T: DIDResolver + Send + Sync,
-    {
+    async fn resolve(did: &str, resolver: &dyn TrustchainResolver) -> ResolverResult {
         // Result metadata, Document, Document metadata
         resolver.resolve_as_result(did).await
     }
@@ -86,12 +83,12 @@ pub trait TrustchainDIDAPI {
 #[async_trait]
 pub trait TrustchainVCAPI {
     /// Signs a credential.
-    async fn sign<T: DIDResolver>(
+    async fn sign(
         mut credential: Credential,
         did: &str,
         linked_data_proof_options: Option<LinkedDataProofOptions>,
         key_id: Option<&str>,
-        resolver: &T,
+        resolver: &dyn TrustchainResolver,
         context_loader: &mut ContextLoader,
     ) -> Result<Credential, IssuerError> {
         credential.issuer = Some(ssi::vc::Issuer::URI(URI::String(did.to_string())));
@@ -123,7 +120,7 @@ pub trait TrustchainVCAPI {
         let result = credential
             .verify(
                 linked_data_proof_options,
-                verifier.resolver(),
+                verifier.resolver().as_did_resolver(),
                 context_loader,
             )
             .await;
@@ -208,7 +205,7 @@ pub trait TrustchainVPAPI {
                             match Credential::decode_verify_jwt(
                                 jwt,
                                 ldp_opts.clone(),
-                                verifier.resolver(),
+                                verifier.resolver().as_did_resolver(),
                                 &mut context_loader,
                             )
                             .await
@@ -234,7 +231,11 @@ pub trait TrustchainVPAPI {
 
         // Verify signature by holder to authenticate
         let result = presentation
-            .verify(ldp_options.clone(), verifier.resolver(), context_loader)
+            .verify(
+                ldp_options.clone(),
+                verifier.resolver().as_did_resolver(),
+                context_loader,
+            )
             .await;
         if !result.errors.is_empty() {
             return Err(PresentationError::VerifiedHolderUnauthenticated(result));

diff --git a/trustchain-core/src/chain.rs b/trustchain-core/src/chain.rs
@@ -1,14 +1,10 @@
 //! Chain API and `DIDChain` type with default implementation.
 use crate::display::PrettyDID;
-use crate::resolver::Resolver;
+use crate::resolver::TrustchainResolver;
 use crate::utils::{canonicalize, decode, decode_verify, extract_keys, hash};
 use serde::{Deserialize, Serialize};
 use ssi::did_resolve::Metadata;
-use ssi::{
-    did::Document,
-    did_resolve::{DIDResolver, DocumentMetadata},
-    one_or_many::OneOrMany,
-};
+use ssi::{did::Document, did_resolve::DocumentMetadata, one_or_many::OneOrMany};
 use std::collections::HashMap;
 use std::fmt;
 use thiserror::Error;
@@ -125,10 +121,7 @@ impl fmt::Display for DIDChain {
 
 impl DIDChain {
     // Public constructor.
-    pub async fn new<T: DIDResolver + Sync + Send>(
-        did: &str,
-        resolver: &Resolver<T>,
-    ) -> Result<Self, ChainError> {
+    pub async fn new(did: &str, resolver: &dyn TrustchainResolver) -> Result<Self, ChainError> {
         // Construct an empty chain.
         let mut chain = DIDChain::empty();
 

diff --git a/trustchain-core/src/issuer.rs b/trustchain-core/src/issuer.rs
@@ -1,8 +1,8 @@
 //! DID issuer API.
 use crate::key_manager::KeyManagerError;
+use crate::resolver::TrustchainResolver;
 use crate::subject::Subject;
 use async_trait::async_trait;
-use ssi::did_resolve::DIDResolver;
 use ssi::jsonld::ContextLoader;
 use ssi::vc::{Credential, LinkedDataProofOptions};
 use thiserror::Error;
@@ -43,12 +43,12 @@ impl From<KeyManagerError> for IssuerError {
 #[async_trait]
 pub trait Issuer: Subject {
     /// Signs a credential. An issuer attests to a credential by signing the credential with one of their private signing keys.
-    async fn sign<T: DIDResolver>(
+    async fn sign(
         &self,
         credential: &Credential,
         linked_data_proof_options: Option<LinkedDataProofOptions>,
         key_id: Option<&str>,
-        resolver: &T,
+        resolver: &dyn TrustchainResolver,
         context_loader: &mut ContextLoader,
     ) -> Result<Credential, IssuerError>;
 }
diff --git a/trustchain-core/src/key_manager.rs b/trustchain-core/src/key_manager.rs
@@ -9,7 +9,7 @@ use std::path::{Path, PathBuf};
 use thiserror::Error;
 
 /// An error relating to Trustchain key management.
-#[derive(Error, Debug, PartialEq, Eq, PartialOrd, Ord)]
+#[derive(Error, Debug)]
 pub enum KeyManagerError {
     /// Key does not exist.
     #[error("Key does not exist.")]
@@ -35,6 +35,9 @@ pub enum KeyManagerError {
     /// Expected only one key but found many.
     #[error("Expected only one key but found many.")]
     InvalidManyKeys,
+    /// Wrapped SSI JWK error.
+    #[error(transparent)]
+    SSIJWKError(#[from] ssi::jwk::Error),
 }
 
 /// KeyType enum.