/
did.go
122 lines (99 loc) · 3.62 KB
/
did.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
package did
/**
* Decentralised Identity (DID) based methods:
*
* https://www.w3.org/TR/did-core/
*/
import (
"crypto"
"encoding/json"
"time"
"github.com/datatrails/go-datatrails-common/logger"
"github.com/lestrrat-go/jwx/jwk"
godid "github.com/nuts-foundation/go-did/did"
)
const (
didDocumentIDKey = "id"
didDocumentTimeout = time.Second * 30
DIDFragementDelimiter = "#"
)
// Document represents a DID Document as specified by the DID Core specification (https://www.w3.org/TR/did-core/).
type Document struct {
ID string `json:"id"`
Context []string `json:"@context,omitempty"`
Controller []string `json:"controller,omitempty"`
VerificationMethod []VerificationMethod `json:"verificationMethod,omitempty"`
}
// VerificationMethod represents a DID Verification Method as specified by the DID Core specification (https://www.w3.org/TR/did-core/#verification-methods).
type VerificationMethod struct {
ID string `json:"id"`
Type string `json:"type,omitempty"`
Controller string `json:"controller,omitempty"`
PublicKeyBase58 string `json:"publicKeyBase58,omitempty"`
PublicKeyJwk map[string]interface{} `json:"publicKeyJwk,omitempty"`
}
// did is a Decentralised Identity (DID)
// https://www.w3.org/TR/did-core/
type Did struct {
did *godid.DID
}
// NewDid returns did given the did URL
//
// in the form found: https://www.w3.org/TR/did-core/#did-url-syntax
//
// e.g. "did:web:sample.issuer:user:alice#key123"
func NewDid(didURL string) (*Did, error) {
didID, err := godid.ParseDIDURL(didURL)
if err != nil {
// TODO return a suitable error
return nil, err
}
d := Did{
did: didID,
}
return &d, nil
}
// publicKeyFromDocument gets the did's public key based on the id of the did
//
// from the given document
func (d *Did) publicKeyFromDocument(document *Document) (crypto.PublicKey, error) {
for _, verificationMethod := range document.VerificationMethod {
// NOTE: the spec says:
// `the verification method map MUST include the id, type, controller`
// https://www.w3.org/TR/did-core/#verification-methods`
//
// therefore check for an empty ID
if verificationMethod.ID == "" {
logger.Sugar.Infof("publicKeyFromDocument: invalid did, verification methods MUST include id")
return nil, ErrNoVerificationMethodId
}
// check the id of verification method on the docuement is the fragment found in the did
if verificationMethod.ID != d.did.Fragment {
continue
}
if verificationMethod.PublicKeyJwk == nil {
continue
}
publickKeyJwkJson, err := json.Marshal(verificationMethod.PublicKeyJwk)
if err != nil {
logger.Sugar.Infof("publicKeyFromDocument: failed to get public key json: %v", err)
return nil, err
}
publicKeyJwk, err := jwk.ParseKey(publickKeyJwkJson)
if err != nil {
logger.Sugar.Infof("publicKeyFromDocument: failed to get public key: %v", err)
return nil, err
}
// we are currently limited by the cose package to using rsa, ecdsa or edwards keys when verifying cose messages
// so those are they public key types we will support
publicKey, err := jwkToPublicKey(publicKeyJwk)
if err != nil {
logger.Sugar.Infof("publicKeyFromDocument: failed to get public key from jwk: %v", err)
return nil, err
}
return publicKey, err
}
// if we get here, we have evaluated all the verification methods and have not found a match
logger.Sugar.Infof("publicKeyFromDocument: could not find key by id: %v in did document", d.did.Fragment)
return nil, &ErrDiDKeyNotFound{keyID: d.did.Fragment}
}