From a3a9ba8fa884757a38d50986fa6a431bda840b6b Mon Sep 17 00:00:00 2001
From: JGiter <dimaadipmi@gmail.com>
Date: Tue, 2 Nov 2021 12:22:02 +0200
Subject: [PATCH] feat: ES256 delegate

---
 docs/api/classes/GnosisIam.GnosisIam-1.md     |  5 ++--
 docs/api/classes/iam.IAM.md                   |  5 ++--
 .../errors_ErrorMessages.ERROR_MESSAGES.md    |  7 ++++++
 package.json                                  |  1 +
 src/errors/ErrorMessages.ts                   |  1 +
 src/iam.ts                                    | 23 ++++++++++++++-----
 src/iam/iam-base.ts                           |  2 +-
 7 files changed, 33 insertions(+), 11 deletions(-)

diff --git a/docs/api/classes/GnosisIam.GnosisIam-1.md b/docs/api/classes/GnosisIam.GnosisIam-1.md
index bf6309d6..aee0fac3 100644
--- a/docs/api/classes/GnosisIam.GnosisIam-1.md
+++ b/docs/api/classes/GnosisIam.GnosisIam-1.md
@@ -398,7 +398,7 @@ ___
 
 ### createDelegateProof
 
-▸ **createDelegateProof**(`delegateKey`, `rpcUrl`, `identity`): `Promise`<`string`\>
+▸ **createDelegateProof**(`delegateKey`, `rpcUrl`, `identity`, `algorithm?`): `Promise`<`string`\>
 
 **`description`** create a proof of identity delegate
 
@@ -406,9 +406,10 @@ ___
 
 | Name | Type | Description |
 | :------ | :------ | :------ |
-| `delegateKey` | `string` | private key of the delegate |
+| `delegateKey` | `string` | private key of the delegate in hexadecimal format |
 | `rpcUrl` | `string` | the url of the blockchain provider |
 | `identity` | `string` | Did of the delegate |
+| `algorithm` | `Algorithms` | - |
 
 #### Returns
 
diff --git a/docs/api/classes/iam.IAM.md b/docs/api/classes/iam.IAM.md
index e8501c50..8081b2d0 100644
--- a/docs/api/classes/iam.IAM.md
+++ b/docs/api/classes/iam.IAM.md
@@ -353,7 +353,7 @@ ___
 
 ### createDelegateProof
 
-▸ **createDelegateProof**(`delegateKey`, `rpcUrl`, `identity`): `Promise`<`string`\>
+▸ **createDelegateProof**(`delegateKey`, `rpcUrl`, `identity`, `algorithm?`): `Promise`<`string`\>
 
 **`description`** create a proof of identity delegate
 
@@ -361,9 +361,10 @@ ___
 
 | Name | Type | Description |
 | :------ | :------ | :------ |
-| `delegateKey` | `string` | private key of the delegate |
+| `delegateKey` | `string` | private key of the delegate in hexadecimal format |
 | `rpcUrl` | `string` | the url of the blockchain provider |
 | `identity` | `string` | Did of the delegate |
+| `algorithm` | `Algorithms` | - |
 
 #### Returns
 
diff --git a/docs/api/enums/errors_ErrorMessages.ERROR_MESSAGES.md b/docs/api/enums/errors_ErrorMessages.ERROR_MESSAGES.md
index 85047f76..b6fcb882 100644
--- a/docs/api/enums/errors_ErrorMessages.ERROR_MESSAGES.md
+++ b/docs/api/enums/errors_ErrorMessages.ERROR_MESSAGES.md
@@ -17,6 +17,7 @@
 - [ENS\_RESOLVER\_NOT\_INITIALIZED](errors_ErrorMessages.ERROR_MESSAGES.md#ens_resolver_not_initialized)
 - [ENS\_TYPE\_NOT\_SUPPORTED](errors_ErrorMessages.ERROR_MESSAGES.md#ens_type_not_supported)
 - [INSUFFICIENT\_BALANCE](errors_ErrorMessages.ERROR_MESSAGES.md#insufficient_balance)
+- [JWT\_ALGORITHM\_NOT\_SUPPORTED](errors_ErrorMessages.ERROR_MESSAGES.md#jwt_algorithm_not_supported)
 - [JWT\_NOT\_INITIALIZED](errors_ErrorMessages.ERROR_MESSAGES.md#jwt_not_initialized)
 - [METAMASK\_EXTENSION\_NOT\_AVAILABLE](errors_ErrorMessages.ERROR_MESSAGES.md#metamask_extension_not_available)
 - [NATS\_NOT\_CONNECTED](errors_ErrorMessages.ERROR_MESSAGES.md#nats_not_connected)
@@ -108,6 +109,12 @@ ___
 
 ___
 
+### JWT\_ALGORITHM\_NOT\_SUPPORTED
+
+• **JWT\_ALGORITHM\_NOT\_SUPPORTED** = `"Jwt algorithm no supported"`
+
+___
+
 ### JWT\_NOT\_INITIALIZED
 
 • **JWT\_NOT\_INITIALIZED** = `"JWT was not initialized"`
diff --git a/package.json b/package.json
index 4ac96e18..1f943dfb 100644
--- a/package.json
+++ b/package.json
@@ -81,6 +81,7 @@
         "eth-ens-namehash": "^2.0.8",
         "ethers": "^5.4.4",
         "js-sha3": "^0.8.0",
+        "jsonwebtoken": "^8.5.1",
         "lodash.difference": "^4.5.0",
         "nats.ws": "^1.3.0",
         "qs": "^6.9.4",
diff --git a/src/errors/ErrorMessages.ts b/src/errors/ErrorMessages.ts
index 20e0b7a5..46730626 100644
--- a/src/errors/ErrorMessages.ts
+++ b/src/errors/ErrorMessages.ts
@@ -32,4 +32,5 @@ export enum ERROR_MESSAGES {
     WITHDRAWAL_WAS_NOT_REQUESTED = "Stake withdrawal was not requested",
     STAKE_WAS_NOT_PUT = "Stake was not put",
     INSUFFICIENT_BALANCE = "Signer has insufficient balance",
+    JWT_ALGORITHM_NOT_SUPPORTED = "Jwt algorithm no supported",
 }
diff --git a/src/iam.ts b/src/iam.ts
index d487ddf7..57ef8dd1 100644
--- a/src/iam.ts
+++ b/src/iam.ts
@@ -16,6 +16,7 @@
 // @authors: Daniel Wojno
 
 import { providers, Signer, utils, Wallet } from "ethers";
+import jsonwebtoken from "jsonwebtoken";
 import {
     IRoleDefinition,
     IAppDefinition,
@@ -24,7 +25,7 @@ import {
     EncodedCall,
     DomainReader,
 } from "@energyweb/iam-contracts";
-import { KeyType } from "@ew-did-registry/keys";
+import { KeyType, privToPem } from "@ew-did-registry/keys";
 import {
     DIDAttribute,
     Encoding,
@@ -564,12 +565,17 @@ export class IAM extends IAMBase {
 
     /**
      * @description create a proof of identity delegate
-     * @param delegateKey private key of the delegate
+     * @param delegateKey private key of the delegate in hexadecimal format
      * @param rpcUrl the url of the blockchain provider
      * @param identity Did of the delegate
      * @returns token of delegate
      */
-    async createDelegateProof(delegateKey: string, rpcUrl: string, identity: string): Promise<string> {
+    async createDelegateProof(
+        delegateKey: string,
+        rpcUrl: string,
+        identity: string,
+        algorithm: Algorithms = Algorithms.EIP191,
+    ): Promise<string> {
         const provider = new providers.JsonRpcProvider(rpcUrl);
         const blockNumber = (await provider.getBlockNumber()).toString();
 
@@ -579,9 +585,14 @@ export class IAM extends IAMBase {
                 blockNumber,
             },
         };
-        const jwt = new JWT(new Wallet(delegateKey));
-        const identityToken = jwt.sign(payload, { algorithm: Algorithms.EIP191, issuer: identity });
-        return identityToken;
+        if (algorithm === Algorithms.EIP191) {
+            return new JWT(new Wallet(delegateKey)).sign(payload, { issuer: identity });
+        } else if (algorithm === Algorithms.ES256) {
+            /** @todo move to @ew-did-registry/jwt */
+            return jsonwebtoken.sign(payload, privToPem(delegateKey, KeyType.Secp256r1), { issuer: identity });
+        } else {
+            throw new Error(ERROR_MESSAGES.JWT_ALGORITHM_NOT_SUPPORTED);
+        }
     }
 
     /// ROLES
diff --git a/src/iam/iam-base.ts b/src/iam/iam-base.ts
index 8bf3792f..21c4c3dd 100644
--- a/src/iam/iam-base.ts
+++ b/src/iam/iam-base.ts
@@ -25,7 +25,7 @@ import { ClaimManager } from "../../ethers/ClaimManager";
 import { JWT } from "@ew-did-registry/jwt";
 import { ICacheServerClient } from "../cacheServerClient/ICacheServerClient";
 import { detectExecutionEnvironment, ExecutionEnvironment } from "../utils/detectEnvironment";
-import { connect, NatsConnection, Codec, JSONCodec } from "nats.ws";
+import { connect, NatsConnection, Codec, JSONCodec } from "nats.ws/lib/src/mod.js";
 import { ERROR_MESSAGES } from "../errors";
 import { ClaimData } from "../cacheServerClient/cacheServerClient.types";
 import difference from "lodash.difference";