Implementing BearerDid / PortableDid, exposing our own JWS, JWT, JWK types

CODEOWNERS

@@ -9,7 +9,7 @@
 # The format is described: https://github.blog/2017-07-06-introducing-code-owners/
 
 # These owners will be the default owners for everything in the repo.
-* @amika-sq @mistermoe @nitro-neal @tomdaffurn @phoebe-lew @diehuxx @kirahsapong @jiyoontbd @frankhinek
+* @mistermoe @nitro-neal @tomdaffurn @phoebe-lew @diehuxx @kirahsapong @jiyoontbd @frankhinek
 
 /crypto/src/main/kotlin/web5/sdk/crypto/AwsKeyManager.kt @tomdaffurn
 # -----------------------------------------------

credentials/src/main/kotlin/web5/sdk/credentials/VerifiableCredential.kt

@@ -14,7 +14,7 @@ import com.nimbusds.jwt.JWTClaimsSet
 import com.nimbusds.jwt.JWTParser
 import com.nimbusds.jwt.SignedJWT
 import web5.sdk.credentials.util.JwtUtil
-import web5.sdk.dids.Did
+import web5.sdk.dids.ChangemeDid
 import java.net.URI
 import java.security.SignatureException
 import java.util.Date
@@ -53,7 +53,7 @@ public class VerifiableCredential internal constructor(public val vcDataModel: V
    * If the [assertionMethodId] is null, the function will attempt to use the first available verification method from
    * the [did]. The result is a String in a JWT format.
    *
-   * @param did The [Did] used to sign the credential.
+   * @param did The [ChangemeDid] used to sign the credential.
    * @param assertionMethodId An optional identifier for the assertion method that will be used for verification of the
    *        produced signature.
    * @return The JWT representing the signed verifiable credential.
@@ -64,7 +64,7 @@ public class VerifiableCredential internal constructor(public val vcDataModel: V
    * ```
    */
   @JvmOverloads
-  public fun sign(did: Did, assertionMethodId: String? = null): String {
+  public fun sign(did: ChangemeDid, assertionMethodId: String? = null): String {
     val payload = JWTClaimsSet.Builder()
       .issuer(vcDataModel.issuer.toString())
       .issueTime(vcDataModel.issuanceDate)

credentials/src/main/kotlin/web5/sdk/credentials/VerifiablePresentation.kt

@@ -7,7 +7,7 @@ import com.nimbusds.jwt.JWTClaimsSet
 import com.nimbusds.jwt.JWTParser
 import com.nimbusds.jwt.SignedJWT
 import web5.sdk.credentials.util.JwtUtil
-import web5.sdk.dids.Did
+import web5.sdk.dids.ChangemeDid
 import java.net.URI
 import java.security.SignatureException
 import java.util.Date
@@ -47,7 +47,7 @@ public class VerifiablePresentation internal constructor(public val vpDataModel:
    * If the [assertionMethodId] is null, the function will attempt to use the first available verification method from
    * the [did]. The result is a String in a JWT format.
    *
-   * @param did The [Did] used to sign the credential.
+   * @param did The [ChangemeDid] used to sign the credential.
    * @param assertionMethodId An optional identifier for the assertion method that will be used for verification of the
    *        produced signature.
    * @return The JWT representing the signed verifiable credential.
@@ -58,7 +58,7 @@ public class VerifiablePresentation internal constructor(public val vpDataModel:
    * ```
    */
   @JvmOverloads
-  public fun sign(did: Did, assertionMethodId: String? = null): String {
+  public fun sign(did: ChangemeDid, assertionMethodId: String? = null): String {
     val payload = JWTClaimsSet.Builder()
       .issuer(did.uri)
       .issueTime(Date())

credentials/src/main/kotlin/web5/sdk/credentials/util/JwtUtil.kt

@@ -9,9 +9,9 @@ import com.nimbusds.jwt.JWTParser
 import com.nimbusds.jwt.SignedJWT
 import web5.sdk.common.Convert
 import web5.sdk.crypto.Crypto
-import web5.sdk.dids.Did
+import web5.sdk.dids.ChangemeDid
 import web5.sdk.dids.DidResolvers
-import web5.sdk.dids.didcore.DidUri
+import web5.sdk.dids.didcore.Did
 import web5.sdk.dids.exceptions.DidResolutionException
 import web5.sdk.dids.exceptions.PublicKeyJwkMissingException
 import java.net.URI
@@ -31,18 +31,18 @@ public object JwtUtil {
    * If the [assertionMethodId] is null, the function will attempt to use the first available verification method from
    * the [did]. The result is a String in a JWT format.
    *
-   * @param did The [Did] used to sign the credential.
+   * @param did The [ChangemeDid] used to sign the credential.
    * @param assertionMethodId An optional identifier for the assertion method
    *        that will be used for verification of the produced signature.
-   * @param jwtPayload the payload that is getting signed by the [Did]
+   * @param jwtPayload the payload that is getting signed by the [ChangemeDid]
    * @return The JWT representing the signed verifiable credential.
    *
    * Example:
    * ```
    * val signedVc = verifiableCredential.sign(myDid)
    * ```
    */
-  public fun sign(did: Did, assertionMethodId: String?, jwtPayload: JWTClaimsSet): String {
+  public fun sign(did: ChangemeDid, assertionMethodId: String?, jwtPayload: JWTClaimsSet): String {
     val didResolutionResult = DidResolvers.resolve(did.uri)
     val didDocument = didResolutionResult.didDocument
     if (didResolutionResult.didResolutionMetadata.error != null || didDocument == null) {
@@ -108,13 +108,13 @@ public object JwtUtil {
     }
 
     val verificationMethodId = jwt.header.keyID
-    val didUri = DidUri.Parser.parse(verificationMethodId)
+    val did = Did.Parser.parse(verificationMethodId)
 
-    val didResolutionResult = DidResolvers.resolve(didUri.url)
+    val didResolutionResult = DidResolvers.resolve(did.url)
     if (didResolutionResult.didResolutionMetadata.error != null) {
       throw SignatureException(
         "Signature verification failed: " +
-          "Failed to resolve DID ${didUri.url}. " +
+          "Failed to resolve DID ${did.url}. " +
           "Error: ${didResolutionResult.didResolutionMetadata.error}"
       )
     }
@@ -123,8 +123,8 @@ public object JwtUtil {
     // or just `#fragment`. See: https://www.w3.org/TR/did-core/#relative-did-urls.
     // using a set for fast string comparison. DIDs can be lonnng.
     val verificationMethodIds = setOf(
-      didUri.url,
-      "#${didUri.fragment}"
+      did.url,
+      "#${did.fragment}"
     )
 
     didResolutionResult.didDocument?.assertionMethod?.firstOrNull {

credentials/src/test/kotlin/web5/sdk/credentials/VerifiableCredentialTest.kt

@@ -16,7 +16,7 @@ import org.junit.jupiter.api.assertDoesNotThrow
 import web5.sdk.crypto.AlgorithmId
 import web5.sdk.crypto.AwsKeyManager
 import web5.sdk.crypto.InMemoryKeyManager
-import web5.sdk.dids.Did
+import web5.sdk.dids.ChangemeDid
 import web5.sdk.dids.didcore.Purpose
 import web5.sdk.dids.extensions.load
 import web5.sdk.dids.methods.dht.CreateDidDhtOptions
@@ -252,8 +252,8 @@ class Web5TestVectorsCredentials {
 
       val keyManager = InMemoryKeyManager()
       keyManager.import(listOf(vector.input.signerPrivateJwk!!))
-      val issuerDid = Did.load(vector.input.signerDidUri!!, keyManager)
-      val vcJwt = vc.sign(issuerDid)
+      val issuerChangemeDid = ChangemeDid.load(vector.input.signerDidUri!!, keyManager)
+      val vcJwt = vc.sign(issuerChangemeDid)
 
       assertEquals(vector.output, vcJwt, vector.description)
     }

crypto/src/main/kotlin/web5/sdk/crypto/KeyManager.kt

@@ -59,4 +59,12 @@ public interface KeyManager {
    * @throws IllegalArgumentException if the key is not known to the [KeyManager]
    */
   public fun getDeterministicAlias(publicKey: JWK): String
+}
+
+public interface KeyExporter {
+  public fun exportKey(keyId: String): JWK
+}
+
+public interface KeyImporter {
+  public fun importKey(jwk: JWK): String
 }

dids/src/main/kotlin/web5/sdk/dids/DidMethod.kt

@@ -1,7 +1,7 @@
 package web5.sdk.dids
 
 import web5.sdk.crypto.KeyManager
-import web5.sdk.dids.didcore.DidUri
+import web5.sdk.dids.didcore.Did
 import web5.sdk.dids.exceptions.PublicKeyJwkMissingException
 
 /**
@@ -26,7 +26,7 @@ import web5.sdk.dids.exceptions.PublicKeyJwkMissingException
  * Implementers should adhere to the respective DID method specifications ensuring both compliance
  * and interoperability across different DID networks.
  */
-public abstract class Did(public val uri: String, public val keyManager: KeyManager) {
+public abstract class ChangemeDid(public val uri: String, public val keyManager: KeyManager) {
   public companion object {
     // static helper methods here
   }
@@ -84,101 +84,102 @@ public interface CreationMetadata
  */
 public interface ResolveDidOptions
 
-/**
- * An interface defining operations for DID methods in accordance with the W3C DID standard.
- *
- * A DID method is a specific set of rules for creating, updating, and revoking DIDs,
- * specified in a DID method specification. Different DID methods utilize different
- * consensus mechanisms, cryptographic algorithms, and registries (or none at all).
- * The purpose of `DidMethod` implementations is to provide logic tailored to a
- * particular method while adhering to the broader operations outlined in the W3C DID standard.
- *
- * Implementations of this interface should provide method-specific logic for
- * creating and resolving DIDs under a particular method.
- *
- * @param T The type of DID that this method can create and resolve, extending [Did].
- *
- * ### Example of a Custom DID Method Implementation:
- * ```
- * class ExampleDidMethod : DidMethod<ExampleDid, ExampleCreateDidOptions> {
- *     override val methodName: String = "example"
- *
- *     override fun create(keyManager: KeyManager, options: ExampleCreateDidOptions?): ExampleDid {
- *         // Implementation-specific logic for creating DIDs.
- *     }
- *
- *     override fun resolve(didUrl: String, opts: ResolveDidOpts?): DidResolutionResult {
- *         // Implementation-specific logic for resolving DIDs.
- *     }
- * }
- * ```
- *
- * ### Notes:
- * - Ensure conformance with the relevant DID method specification for accurate and
- *   interoperable functionality.
- * - Ensure that cryptographic operations utilize secure and tested libraries, ensuring
- *   the reliability and security of DIDs managed by this method.
- */
-public interface DidMethod<T : Did, O : CreateDidOptions> {
-  /**
-   * A string that specifies the name of the DID method.
-   *
-   * For instance, in the DID `did:example:123456`, "example" would be the method name.
-   */
-  public val methodName: String
-
-  /**
-   * Creates a new DID.
-   *
-   * This function should generate a new DID according to the rules of the specific
-   * method being implemented, using the provided [KeyManager] and optionally considering
-   * any provided [CreateDidOptions].
-   *
-   * @param keyManager An instance of [KeyManager] responsible for cryptographic operations.
-   * @param options Optionally, an instance of [CreateDidOptions] providing additional options
-   *                or requirements for DID creation.
-   * @return A new instance of type [T], representing the created DID.
-   */
-  public fun create(keyManager: KeyManager, options: O? = null): T
-
-  /**
-   * Resolves a DID to its associated DID Document.
-   *
-   * This function should retrieve and return the DID Document associated with the provided
-   * DID URI, in accordance with the rules and mechanisms of the specific DID method being
-   * implemented, and optionally considering any provided [ResolveDidOptions].
-   *
-   * @param did A string containing the DID URI to be resolved.
-   * @param options Optionally, an instance of [ResolveDidOptions] providing additional options
-   *             or requirements for DID resolution.
-   * @return An instance of [DidResolutionResult] containing the resolved DID Document and
-   *         any associated metadata.
-   */
-  public fun resolve(did: String, options: ResolveDidOptions? = null): DidResolutionResult
-
-  /**
-   * Returns an instance of [T] for [uri]. This function validates that all the key material needed for signing and
-   * managing the passed in [uri] exists within the provided [keyManager].
-   *
-   * @param uri A string containing the DID URI to load.
-   * @param keyManager An instance of [KeyManager] that should contain all the key material needed for signing and
-   *                  managing the passed in [did].
-   * @return An instance of [T] representing the loaded DID.
-   */
-  public fun load(uri: String, keyManager: KeyManager): T
-}
-
-
-internal fun <T : Did, O : CreateDidOptions> DidMethod<T, O>.validateKeyMaterialInsideKeyManager(
-  did: String, keyManager: KeyManager) {
-  require(DidUri.parse(did).method == methodName) {
-    "did must start with the prefix \"did:$methodName\", but got $did"
-  }
-  val didResolutionResult = resolve(did)
-
-  didResolutionResult.didDocument!!.verificationMethod?.forEach {
-    val publicKeyJwk = it.publicKeyJwk ?: throw PublicKeyJwkMissingException("publicKeyJwk is null")
-    val keyAlias = keyManager.getDeterministicAlias(publicKeyJwk)
-    keyManager.getPublicKey(keyAlias)
-  }
-}
+///**
+// * An interface defining operations for DID methods in accordance with the W3C DID standard.
+// *
+// * A DID method is a specific set of rules for creating, updating, and revoking DIDs,
+// * specified in a DID method specification. Different DID methods utilize different
+// * consensus mechanisms, cryptographic algorithms, and registries (or none at all).
+// * The purpose of `DidMethod` implementations is to provide logic tailored to a
+// * particular method while adhering to the broader operations outlined in the W3C DID standard.
+// *
+// * Implementations of this interface should provide method-specific logic for
+// * creating and resolving DIDs under a particular method.
+// *
+// * @param T The type of DID that this method can create and resolve, extending [ChangemeDid].
+// *
+// * ### Example of a Custom DID Method Implementation:
+// * ```
+// * class ExampleDidMethod : DidMethod<ExampleDid, ExampleCreateDidOptions> {
+// *     override val methodName: String = "example"
+// *
+// *     override fun create(keyManager: KeyManager, options: ExampleCreateDidOptions?): ExampleDid {
+// *         // Implementation-specific logic for creating DIDs.
+// *     }
+// *
+// *     override fun resolve(didUrl: String, opts: ResolveDidOpts?): DidResolutionResult {
+// *         // Implementation-specific logic for resolving DIDs.
+// *     }
+// * }
+// * ```
+// *
+// * ### Notes:
+// * - Ensure conformance with the relevant DID method specification for accurate and
+// *   interoperable functionality.
+// * - Ensure that cryptographic operations utilize secure and tested libraries, ensuring
+// *   the reliability and security of DIDs managed by this method.
+// */
+//public interface DidMethod<T : ChangemeDid, O : CreateDidOptions> {
+//  /**
+//   * A string that specifies the name of the DID method.
+//   *
+//   * For instance, in the DID `did:example:123456`, "example" would be the method name.
+//   */
+//  public val methodName: String
+//
+//  /**
+//   * Creates a new DID.
+//   *
+//   * This function should generate a new DID according to the rules of the specific
+//   * method being implemented, using the provided [KeyManager] and optionally considering
+//   * any provided [CreateDidOptions].
+//   *
+//   * @param keyManager An instance of [KeyManager] responsible for cryptographic operations.
+//   * @param options Optionally, an instance of [CreateDidOptions] providing additional options
+//   *                or requirements for DID creation.
+//   * @return A new instance of type [T], representing the created DID.
+//   */
+//  public fun create(keyManager: KeyManager, options: O? = null): T
+//
+//  /**
+//   * Resolves a DID to its associated DID Document.
+//   *
+//   * This function should retrieve and return the DID Document associated with the provided
+//   * DID URI, in accordance with the rules and mechanisms of the specific DID method being
+//   * implemented, and optionally considering any provided [ResolveDidOptions].
+//   *
+//   * @param did A string containing the DID URI to be resolved.
+//   * @param options Optionally, an instance of [ResolveDidOptions] providing additional options
+//   *             or requirements for DID resolution.
+//   * @return An instance of [DidResolutionResult] containing the resolved DID Document and
+//   *         any associated metadata.
+//   */
+//  public fun resolve(did: String, options: ResolveDidOptions? = null): DidResolutionResult
+//
+//  /**
+//   * Returns an instance of [T] for [uri]. This function validates that all the key material needed for signing and
+//   * managing the passed in [uri] exists within the provided [keyManager].
+//   *
+//   * @param uri A string containing the DID URI to load.
+//   * @param keyManager An instance of [KeyManager] that should contain all the key material needed for signing and
+//   *                  managing the passed in [did].
+//   * @return An instance of [T] representing the loaded DID.
+//   */
+//  public fun load(uri: String, keyManager: KeyManager): T
+//}
+//
+//
+//// todo do i just remove this?
+//internal fun <T : ChangemeDid, O : CreateDidOptions> DidMethod<T, O>.validateKeyMaterialInsideKeyManager(
+//  did: String, keyManager: KeyManager) {
+//  require(Did.parse(did).method == methodName) {
+//    "did must start with the prefix \"did:$methodName\", but got $did"
+//  }
+//  val didResolutionResult = resolve(did)
+//
+//  didResolutionResult.didDocument!!.verificationMethod?.forEach {
+//    val publicKeyJwk = it.publicKeyJwk ?: throw PublicKeyJwkMissingException("publicKeyJwk is null")
+//    val keyAlias = keyManager.getDeterministicAlias(publicKeyJwk)
+//    keyManager.getPublicKey(keyAlias)
+//  }
+//}