KILT SDK 1.0.0-alpha

package.json

@@ -24,8 +24,14 @@
     "@hapi/boom": "^10.0.1",
     "@hapi/hapi": "^21.3.3",
     "@hapi/inert": "^7.1.0",
-    "@kiltprotocol/sdk-js": "^0.34.0",
-    "@kiltprotocol/vc-export": "^0.34.0",
+    "@kiltprotocol/chain-helpers": "0.100.0-alpha.1",
+    "@kiltprotocol/credentials": "0.100.0-alpha.1",
+    "@kiltprotocol/did": "0.100.0-alpha.1",
+    "@kiltprotocol/extension-api": "KILTprotocol/kilt-extension-api#rf-sdk-1-alpha",
+    "@kiltprotocol/legacy-credentials": "0.100.0-alpha.1",
+    "@kiltprotocol/sdk-js": "1.0.0-alpha.1",
+    "@kiltprotocol/types": "0.100.0-alpha.1",
+    "@kiltprotocol/utils": "0.100.0-alpha.1",
     "@polkadot/keyring": "^12.6.2",
     "@polkadot/util": "^12.6.2",
     "@polkadot/util-crypto": "^12.6.2",

scripts/loadTest/apis.ts

@@ -1,23 +1,24 @@
-import got from 'got';
+import type { DidUrl } from '@kiltprotocol/types';
+import type { IEncryptedMessage } from '@kiltprotocol/extension-api/types';
 
-import { DidResourceUri, IEncryptedMessage } from '@kiltprotocol/sdk-js';
+import got from 'got';
 
-import { CheckSessionInput } from './loadTest';
+import { Challenge } from './loadTest';
 
 const sessionHeader = 'x-session-id';
 
 const api = got.extend({ prefixUrl: process.env.URL });
 
 export async function getSessionFromEndpoint(): Promise<{
-  dAppEncryptionKeyUri: DidResourceUri;
+  dAppEncryptionKeyUri: DidUrl;
   sessionId: string;
   challenge: string;
 }> {
   return api('api/session').json();
 }
 
 export async function checkSession(
-  encryptionChallenge: CheckSessionInput,
+  encryptionChallenge: Challenge,
   sessionId: string,
 ) {
   await api

scripts/loadTest/encryptedMessage.ts

@@ -1,23 +1,23 @@
-import {
-  Credential,
-  Did,
-  DidResourceUri,
-  IRequestAttestation,
+import type {
+  DidUrl,
   KiltEncryptionKeypair,
-  Message,
   PartialClaim,
-} from '@kiltprotocol/sdk-js';
+} from '@kiltprotocol/types';
+import type { IRequestAttestation } from '@kiltprotocol/extension-api/types';
 
-import { naclSeal } from '@polkadot/util-crypto';
+import { parse } from '@kiltprotocol/did';
+import * as Message from '@kiltprotocol/extension-api/messaging';
+import { Credential as LegacyCredential } from '@kiltprotocol/legacy-credentials';
+import { Crypto } from '@kiltprotocol/utils';
 
 export async function getEncryptedMessage(
   claim: PartialClaim & Required<Pick<PartialClaim, 'contents'>>,
-  dAppEncryptionKeyUri: DidResourceUri,
-  keyAgreementKeyUri: DidResourceUri,
-  keyAgreement: KiltEncryptionKeypair,
+  receiverEncryptionKeyUri: DidUrl,
+  senderEncryptionKeyUri: DidUrl,
+  senderKeypair: KiltEncryptionKeypair,
 ) {
-  const owner = Did.parse(keyAgreementKeyUri).did;
-  const credential = Credential.fromClaim({ ...claim, owner });
+  const sender = parse(senderEncryptionKeyUri).did;
+  const credential = LegacyCredential.fromClaim({ ...claim, owner: sender });
 
   const requestForAttestationBody: IRequestAttestation = {
     content: { credential },
@@ -26,17 +26,21 @@ export async function getEncryptedMessage(
 
   const message = Message.fromBody(
     requestForAttestationBody,
-    owner,
-    Did.parse(dAppEncryptionKeyUri).did,
+    sender,
+    parse(receiverEncryptionKeyUri).did,
   );
 
   return Message.encrypt(
     message,
-    async function decrypt({ data, peerPublicKey }) {
-      const { secretKey } = keyAgreement;
-      const { sealed, nonce } = naclSeal(data, secretKey, peerPublicKey);
-      return { nonce, data: sealed, keyUri: keyAgreementKeyUri };
+    async function encrypt({ data, peerPublicKey }) {
+      const { secretKey } = senderKeypair;
+      const { nonce, box } = Crypto.encryptAsymmetric(
+        data,
+        peerPublicKey,
+        secretKey,
+      );
+      return { nonce, data: box, keyUri: senderEncryptionKeyUri };
     },
-    dAppEncryptionKeyUri,
+    receiverEncryptionKeyUri,
   );
 }

scripts/loadTest/loadTest.ts

@@ -1,16 +1,20 @@
-import { naclSeal, randomAsNumber } from '@polkadot/util-crypto';
-import { HexString } from '@polkadot/util/types';
-import {
-  connect,
-  CType,
-  Did,
+import type {
   DidDocument,
-  DidEncryptionKey,
-  DidResourceUri,
-  disconnect,
+  DidUrl,
   ICType,
-  Utils,
-} from '@kiltprotocol/sdk-js';
+  VerificationMethod,
+} from '@kiltprotocol/types';
+
+import { DidResolver, connect, disconnect } from '@kiltprotocol/sdk-js';
+import { Crypto } from '@kiltprotocol/utils';
+import { CType } from '@kiltprotocol/credentials';
+import {
+  createLightDidDocument,
+  isFailedDereferenceMetadata,
+  multibaseKeyToDidKey,
+} from '@kiltprotocol/did';
+
+import { randomAsNumber } from '@polkadot/util-crypto';
 
 import { getEncryptedMessage } from './encryptedMessage.js';
 import {
@@ -24,10 +28,10 @@ import {
   sendEmailApi,
 } from './apis.js';
 
-export type CheckSessionInput = {
-  encryptionKeyUri: DidResourceUri;
-  encryptedChallenge: HexString;
-  nonce: HexString;
+export type Challenge = {
+  encryptionKeyUri: DidUrl;
+  encryptedChallenge: string;
+  nonce: string;
 };
 
 const emailCType: ICType = {
@@ -42,24 +46,24 @@ const emailCType: ICType = {
   type: 'object',
 };
 
-function getDidEncryptionKey(details: DidDocument): DidEncryptionKey {
-  const { keyAgreement } = details;
+function getDidEncryptionKey(document: DidDocument) {
+  const { keyAgreement } = document;
   if (!keyAgreement?.[0]) {
     throw new Error('encryptionKey is not defined somehow');
   }
   return keyAgreement[0];
 }
 
 export function createDid() {
-  const authentication = Utils.Crypto.makeKeypairFromSeed();
-  const keyAgreement = Utils.Crypto.makeEncryptionKeypairFromSeed();
+  const authentication = Crypto.makeKeypairFromSeed();
+  const keyAgreement = Crypto.makeEncryptionKeypairFromSeed();
 
-  const document = Did.createLightDidDocument({
+  const document = createLightDidDocument({
     authentication: [authentication],
     keyAgreement: [keyAgreement],
   });
-  const { id } = getDidEncryptionKey(document);
-  const keyAgreementKeyUri: DidResourceUri = `${document.uri}${id}`;
+  const fragment = getDidEncryptionKey(document);
+  const keyAgreementKeyUri = `${document.id}${fragment}` as DidUrl;
 
   return {
     document,
@@ -70,23 +74,33 @@ export function createDid() {
 
 async function produceEncryptedChallenge(
   challenge: string,
-  dAppEncryptionKeyUri: DidResourceUri,
-): Promise<CheckSessionInput> {
-  const dAppEncryptionDidKey = await Did.resolveKey(dAppEncryptionKeyUri);
-
+  receiverKeyUri: DidUrl,
+): Promise<Challenge> {
   const temporaryChannelDid = createDid();
   const { keyAgreementKeyUri, keyAgreement } = temporaryChannelDid;
 
-  const { sealed, nonce } = naclSeal(
-    Utils.Crypto.coToUInt8(challenge),
+  const { dereferencingMetadata, contentStream } =
+    await DidResolver.dereference(receiverKeyUri, {});
+
+  if (isFailedDereferenceMetadata(dereferencingMetadata)) {
+    throw new Error(dereferencingMetadata.error);
+  }
+
+  const verificationMethod = contentStream as VerificationMethod;
+  const { publicKey } = multibaseKeyToDidKey(
+    verificationMethod.publicKeyMultibase,
+  );
+
+  const { nonce, box } = Crypto.encryptAsymmetricAsStr(
+    Crypto.coToUInt8(challenge),
+    publicKey,
     keyAgreement.secretKey,
-    dAppEncryptionDidKey.publicKey,
   );
 
   return {
     encryptionKeyUri: keyAgreementKeyUri,
-    encryptedChallenge: Utils.Crypto.u8aToHex(sealed),
-    nonce: Utils.Crypto.u8aToHex(nonce),
+    encryptedChallenge: box,
+    nonce,
   };
 }
 

src/backend/didConfiguration/didConfigResource.ts

@@ -1,60 +1,32 @@
 import {
-  Claim,
-  Credential,
-  ICredentialPresentation,
-} from '@kiltprotocol/sdk-js';
+  createCredential,
+  didConfigResourceFromCredentials,
+} from '@kiltprotocol/extension-api/wellKnownDidConfiguration';
 
 import { configuration } from '../utilities/configuration';
-import { fullDidPromise } from '../utilities/fullDid';
-import { signWithAssertionMethod } from '../utilities/cryptoCallbacks';
+import {
+  fullDidPromise,
+  getAssertionMethodSigners,
+} from '../utilities/fullDid';
 import { exitOnError } from '../utilities/exitOnError';
 
-import { domainLinkageCType } from './domainLinkageCType';
-import { fromCredential } from './domainLinkageCredential';
-
-async function attestDomainLinkage(): Promise<ICredentialPresentation> {
-  const claimContents = {
-    id: configuration.did,
-    origin: configuration.baseUri,
-  };
+export const didConfigResourcePromise = (async () => {
+  await fullDidPromise;
 
   if (configuration.did === 'pending') {
     throw new Error('Own DID not found');
   }
 
-  const claim = Claim.fromCTypeAndClaimContents(
-    domainLinkageCType,
-    claimContents,
+  const signers = await getAssertionMethodSigners();
+
+  const domainLinkageCredential = await createCredential(
+    signers,
+    configuration.baseUri,
     configuration.did,
+    { proofType: 'KILTSelfSigned2020' },
   );
 
-  const credential = Credential.fromClaim(claim);
-
-  const { fullDid } = await fullDidPromise;
-
-  const attestationKey = fullDid.assertionMethod?.[0];
-  if (!attestationKey) {
-    throw new Error('The attestation key is not defined?!?');
-  }
-
-  return Credential.createPresentation({
-    credential,
-    // the domain linkage credential is special in that it is signed with the assertionMethod key
-    signCallback: signWithAssertionMethod,
-  });
-}
-
-export const didConfigResourcePromise = (async () => {
-  await fullDidPromise;
-
-  const credential = await attestDomainLinkage();
-
-  const domainLinkageCredential = fromCredential(credential);
-
-  return {
-    '@context': 'https://identity.foundation/.well-known/did-configuration/v1',
-    linked_dids: [domainLinkageCredential],
-  };
+  return didConfigResourceFromCredentials([domainLinkageCredential]);
 })();
 
 didConfigResourcePromise.catch(exitOnError);