Implementing BearerDid / PortableDid, exposing our own JWS, JWT, JWK types

CODEOWNERS

@@ -9,7 +9,7 @@
 # The format is described: https://github.blog/2017-07-06-introducing-code-owners/
 
 # These owners will be the default owners for everything in the repo.
-* @amika-sq @mistermoe @nitro-neal @tomdaffurn @phoebe-lew @diehuxx @kirahsapong @jiyoontbd @frankhinek
+* @mistermoe @nitro-neal @tomdaffurn @phoebe-lew @diehuxx @kirahsapong @jiyoontbd @frankhinek
 
 /crypto/src/main/kotlin/web5/sdk/crypto/AwsKeyManager.kt @tomdaffurn
 # -----------------------------------------------

build.gradle.kts

@@ -63,6 +63,7 @@ dependencies {
   api(project(":credentials"))
   api(project(":crypto"))
   api(project(":dids"))
+  api(project(":jose"))
 
   detektPlugins("io.gitlab.arturbosch.detekt:detekt-formatting:1.23.+")
 }

common/src/main/kotlin/web5/sdk/common/Convert.kt

@@ -46,7 +46,7 @@ public val B64URL_DECODER: Base64.Decoder = Base64.getUrlDecoder()
  * ```
  * // Example 1: Convert a ByteArray to a Base64Url encoded string without padding
  * val byteArray = byteArrayOf(1, 2, 3)
- * val base64Url = Convert(byteArray).toBase64Url(padding = false)
+ * val base64Url = Convert(byteArray).toBase64Url() // same as .toBase64Url(padding = false)
  * println(base64Url)  // Output should be a Base64Url encoded string without padding
  *
  * // Example 2: Convert a Base64Url encoded string to a ByteArray
@@ -68,13 +68,14 @@ public class Convert<T>(private val value: T, private val kind: EncodingFormat?
   /**
    * Converts the [value] to a Base64Url-encoded string.
    *
-   * @param padding Determines whether the resulting Base64 string should be padded or not. Default is true.
+   * @param padding Determines whether the resulting Base64 string should be padded or not.
+   *                Default is false.
    * @return The Base64Url-encoded string.
    *
    * Note: If the value type is unsupported for this conversion, the method will throw an exception.
    */
   @JvmOverloads
-  public fun toBase64Url(padding: Boolean = true): String {
+  public fun toBase64Url(padding: Boolean = false): String {
     val encoder = if (padding) B64URL_ENCODER else B64URL_ENCODER.withoutPadding()
 
     return when (this.value) {

common/src/main/kotlin/web5/sdk/common/Json.kt

@@ -2,8 +2,11 @@ package web5.sdk.common
 
 import com.fasterxml.jackson.annotation.JsonInclude
 import com.fasterxml.jackson.databind.ObjectMapper
+import com.fasterxml.jackson.databind.ObjectReader
 import com.fasterxml.jackson.databind.ObjectWriter
 import com.fasterxml.jackson.databind.SerializationFeature
+import com.fasterxml.jackson.databind.module.SimpleModule
+import com.fasterxml.jackson.module.kotlin.readValue
 import com.fasterxml.jackson.module.kotlin.registerKotlinModule
 
 /**
@@ -21,6 +24,7 @@ import com.fasterxml.jackson.module.kotlin.registerKotlinModule
  * ```
  */
 public object Json {
+
   /**
    * The Jackson object mapper instance, shared across the lib.
    *
@@ -32,7 +36,10 @@ public object Json {
     .setSerializationInclusion(JsonInclude.Include.NON_NULL)
     .disable(SerializationFeature.WRITE_DATES_AS_TIMESTAMPS)
 
+
+
   private val objectWriter: ObjectWriter = jsonMapper.writer()
+  public val objectReader: ObjectReader = jsonMapper.reader()
 
   /**
    * Converts a kotlin object to a json string.
@@ -43,4 +50,24 @@ public object Json {
   public fun stringify(obj: Any): String {
     return objectWriter.writeValueAsString(obj)
   }
-}
+
+  /**
+   * Parse a json string into a kotlin object.
+   *
+   * @param T type of the object to parse.
+   * @param payload JSON string to parse
+   * @return parsed type T
+   */
+  public inline fun <reified T> parse(payload: String): T {
+    return objectReader.readValue(payload, T::class.java)
+  }
+
+  /**
+   * Parse a JSON string into a Map.
+   *
+   * @return String parsed into a Map
+   */
+  public fun String.toMap(): Map<String, Any> {
+    return jsonMapper.readValue(this)
+  }
+}

config/detekt.yml

@@ -169,7 +169,7 @@ style:
   UselessCallOnNotNull:
     active: true
   UtilityClassWithPublicConstructor:
-    active: true
+    active: false
 
 TbdRuleset:
   JvmOverloadsAnnotationRule:

credentials/build.gradle.kts

@@ -38,6 +38,8 @@ dependencies {
   implementation(project(":dids"))
   implementation(project(":common"))
   implementation(project(":crypto"))
+  implementation(project(":jose"))
+
 
   // Implementation
   implementation(libs.comFasterXmlJacksonModuleKotlin)

credentials/src/main/kotlin/web5/sdk/credentials/PresentationExchange.kt

@@ -1,18 +1,21 @@
 package web5.sdk.credentials
 
 import com.fasterxml.jackson.databind.JsonNode
+import com.fasterxml.jackson.databind.module.SimpleModule
 import com.fasterxml.jackson.databind.node.ObjectNode
 import com.networknt.schema.JsonSchema
 import com.nfeld.jsonpathkt.JsonPath
 import com.nfeld.jsonpathkt.extension.read
-import com.nimbusds.jwt.JWTParser
-import com.nimbusds.jwt.SignedJWT
+import web5.sdk.common.Json
 import web5.sdk.credentials.model.InputDescriptorMapping
 import web5.sdk.credentials.model.InputDescriptorV2
 import web5.sdk.credentials.model.PresentationDefinitionV2
 import web5.sdk.credentials.model.PresentationDefinitionV2Validator
 import web5.sdk.credentials.model.PresentationSubmission
 import web5.sdk.credentials.model.PresentationSubmissionValidator
+import web5.sdk.jose.JwtClaimsSetSerializer
+import web5.sdk.jose.jwt.Jwt
+import web5.sdk.jose.jwt.JwtClaimsSet
 import java.util.UUID
 
 /**
@@ -161,12 +164,17 @@ public object PresentationExchange {
     vcJwtList: Iterable<String>,
     presentationDefinition: PresentationDefinitionV2
   ): Map<InputDescriptorV2, List<String>> {
-    val vcJwtListWithNodes = vcJwtList.zip(vcJwtList.map { vcJwt ->
-      val vc = JWTParser.parse(vcJwt) as SignedJWT
 
-      JsonPath.parse(vc.payload.toString())
-        ?: throw JsonPathParseException()
-    })
+    val jwtModule = SimpleModule().addSerializer(JwtClaimsSet::class.java, JwtClaimsSetSerializer())
+    Json.jsonMapper.registerModule(jwtModule)
+
+    val vcJwtListWithNodes = vcJwtList.zip(
+      vcJwtList.map { vcJwt ->
+        val vc = Jwt.decode(vcJwt)
+        val jsonString = Json.jsonMapper.writeValueAsString(vc.claims)
+        Json.jsonMapper.readTree(jsonString)
+          ?: throw JsonPathParseException()
+      })
     return presentationDefinition.inputDescriptors.associateWith { inputDescriptor ->
       vcJwtListWithNodes.filter { (_, node) ->
         vcSatisfiesInputDescriptor(node, inputDescriptor)

credentials/src/main/kotlin/web5/sdk/credentials/VerifiableCredential.kt

@@ -10,11 +10,10 @@ import com.fasterxml.jackson.module.kotlin.KotlinModule
 import com.fasterxml.jackson.module.kotlin.convertValue
 import com.nfeld.jsonpathkt.JsonPath
 import com.nfeld.jsonpathkt.extension.read
-import com.nimbusds.jwt.JWTClaimsSet
-import com.nimbusds.jwt.JWTParser
-import com.nimbusds.jwt.SignedJWT
-import web5.sdk.credentials.util.JwtUtil
-import web5.sdk.dids.Did
+import web5.sdk.common.Json
+import web5.sdk.dids.did.BearerDid
+import web5.sdk.jose.jwt.Jwt
+import web5.sdk.jose.jwt.JwtClaimsSet
 import java.net.URI
 import java.security.SignatureException
 import java.util.Date
@@ -53,7 +52,7 @@ public class VerifiableCredential internal constructor(public val vcDataModel: V
    * If the [assertionMethodId] is null, the function will attempt to use the first available verification method from
    * the [did]. The result is a String in a JWT format.
    *
-   * @param did The [Did] used to sign the credential.
+   * @param did The [BearerDid] used to sign the credential.
    * @param assertionMethodId An optional identifier for the assertion method that will be used for verification of the
    *        produced signature.
    * @return The JWT representing the signed verifiable credential.
@@ -64,15 +63,15 @@ public class VerifiableCredential internal constructor(public val vcDataModel: V
    * ```
    */
   @JvmOverloads
-  public fun sign(did: Did, assertionMethodId: String? = null): String {
-    val payload = JWTClaimsSet.Builder()
+  public fun sign(did: BearerDid, assertionMethodId: String? = null): String {
+    val payload = JwtClaimsSet.Builder()
       .issuer(vcDataModel.issuer.toString())
-      .issueTime(vcDataModel.issuanceDate)
+      .issueTime(vcDataModel.issuanceDate.time)
       .subject(vcDataModel.credentialSubject.id.toString())
-      .claim("vc", vcDataModel.toMap())
+      .misc("vc", vcDataModel.toMap())
       .build()
 
-    return JwtUtil.sign(did, assertionMethodId, payload)
+    return Jwt.sign(did, payload)
   }
 
   /**
@@ -188,7 +187,8 @@ public class VerifiableCredential internal constructor(public val vcDataModel: V
      * ```
      */
     public fun verify(vcJwt: String) {
-      JwtUtil.verify(vcJwt)
+      val decodedJwt = Jwt.decode(vcJwt)
+      decodedJwt.verify()
     }
 
     /**
@@ -203,15 +203,12 @@ public class VerifiableCredential internal constructor(public val vcDataModel: V
      * ```
      */
     public fun parseJwt(vcJwt: String): VerifiableCredential {
-      val jwt = JWTParser.parse(vcJwt) as SignedJWT
-      val jwtPayload = jwt.payload.toJSONObject()
-      val vcDataModelValue = jwtPayload.getOrElse("vc") {
+      val jwt = Jwt.decode(vcJwt)
+      val jwtPayload = jwt.claims
+      val vcDataModelValue = jwtPayload.misc["vc"] ?:
         throw IllegalArgumentException("jwt payload missing vc property")
-      }
 
-      @Suppress("UNCHECKED_CAST") // only partially unchecked. can only safely cast to Map<*, *>
-      val vcDataModelMap = vcDataModelValue as? Map<String, Any>
-        ?: throw IllegalArgumentException("expected vc property in JWT payload to be an object")
+      val vcDataModelMap = Json.parse<Map<String, Any>>(Json.stringify(vcDataModelValue))
 
       val vcDataModel = VcDataModel.fromMap(vcDataModelMap)
 

credentials/src/main/kotlin/web5/sdk/credentials/VerifiablePresentation.kt

@@ -3,11 +3,10 @@ package web5.sdk.credentials
 import com.fasterxml.jackson.annotation.JsonInclude
 import com.fasterxml.jackson.databind.ObjectMapper
 import com.fasterxml.jackson.module.kotlin.KotlinModule
-import com.nimbusds.jwt.JWTClaimsSet
-import com.nimbusds.jwt.JWTParser
-import com.nimbusds.jwt.SignedJWT
-import web5.sdk.credentials.util.JwtUtil
-import web5.sdk.dids.Did
+import web5.sdk.common.Json
+import web5.sdk.dids.did.BearerDid
+import web5.sdk.jose.jwt.Jwt
+import web5.sdk.jose.jwt.JwtClaimsSet
 import java.net.URI
 import java.security.SignatureException
 import java.util.Date
@@ -37,17 +36,17 @@ public class VerifiablePresentation internal constructor(public val vpDataModel:
   public val verifiableCredential: List<String>
     get() = vpDataModel.toMap()["verifiableCredential"] as List<String>
 
-    public val holder: String
+  public val holder: String
     get() = vpDataModel.holder.toString()
 
   /**
-   * Sign a verifiable presentation using a specified decentralized identifier ([did]) with the private key that pairs
+   * Sign a verifiable presentation using a specified decentralized identifier ([bearerDid]) with the private key that pairs
    * with the public key identified by [assertionMethodId].
    *
    * If the [assertionMethodId] is null, the function will attempt to use the first available verification method from
-   * the [did]. The result is a String in a JWT format.
+   * the [bearerDid]. The result is a String in a JWT format.
    *
-   * @param did The [Did] used to sign the credential.
+   * @param bearerDid The [BearerDid] used to sign the credential.
    * @param assertionMethodId An optional identifier for the assertion method that will be used for verification of the
    *        produced signature.
    * @return The JWT representing the signed verifiable credential.
@@ -58,14 +57,14 @@ public class VerifiablePresentation internal constructor(public val vpDataModel:
    * ```
    */
   @JvmOverloads
-  public fun sign(did: Did, assertionMethodId: String? = null): String {
-    val payload = JWTClaimsSet.Builder()
-      .issuer(did.uri)
-      .issueTime(Date())
-      .claim("vp", vpDataModel.toMap())
+  public fun sign(bearerDid: BearerDid, assertionMethodId: String? = null): String {
+    val payload = JwtClaimsSet.Builder()
+      .issuer(bearerDid.uri)
+      .issueTime(Date().time)
+      .misc("vp", vpDataModel.toMap())
       .build()
 
-    return JwtUtil.sign(did, assertionMethodId, payload)
+    return Jwt.sign(bearerDid, payload)
   }
 
   /**
@@ -153,7 +152,8 @@ public class VerifiablePresentation internal constructor(public val vpDataModel:
      * ```
      */
     public fun verify(vpJwt: String) {
-      JwtUtil.verify(vpJwt)
+      val decodedJwt = Jwt.decode(vpJwt)
+      decodedJwt.verify()
 
       val vp = this.parseJwt(vpJwt)
       vp.verifiableCredential.forEach {
@@ -177,15 +177,12 @@ public class VerifiablePresentation internal constructor(public val vpDataModel:
      * ```
      */
     public fun parseJwt(vpJwt: String): VerifiablePresentation {
-      val jwt = JWTParser.parse(vpJwt) as SignedJWT
-      val jwtPayload = jwt.payload.toJSONObject()
-      val vpDataModelValue = jwtPayload.getOrElse("vp") {
-        throw IllegalArgumentException("jwt payload missing vp property")
-      }
+      val jwt = Jwt.decode(vpJwt)
+      val jwtPayload = jwt.claims
+      val vpDataModelValue = jwtPayload.misc["vp"]
+        ?: throw IllegalArgumentException("jwt payload missing vp property")
 
-      @Suppress("UNCHECKED_CAST") // only partially unchecked. can only safely cast to Map<*, *>
-      val vpDataModelMap = vpDataModelValue as? Map<String, Any>
-        ?: throw IllegalArgumentException("expected vp property in JWT payload to be an object")
+      val vpDataModelMap = Json.parse<Map<String, Any>>(Json.stringify(vpDataModelValue))
 
       val vpDataModel = VpDataModel.fromMap(vpDataModelMap)