Merge branch 'main' into ci/fix-integration-failure

hyperledger · Apr 25, 2024 · b2461f2 · b2461f2
2 parents 830789a + 0b2a9ed
commit b2461f2
Show file tree

Hide file tree

Showing 47 changed files with 1,225 additions and 570 deletions.
diff --git a/.github/workflows/labeler.yml b/.github/workflows/labeler.yml
@@ -5,7 +5,9 @@ on:
 jobs:
   triage:
     runs-on: self-hosted
+    permissions:
+      pull-requests: write
     steps:
       - uses: actions/labeler@v5
         with:
-          repo-token: "${{ secrets.ATALA_GITHUB_TOKEN }}"
+          repo-token: "${{ secrets.GITHUB_TOKEN }}"
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -20,17 +20,20 @@ on:
 jobs:
   release:
     env:
-      GITHUB_ACTOR: ${{ secrets.ATALA_GITHUB_ACTOR }}
-      GITHUB_TOKEN: ${{ secrets.ATALA_GITHUB_TOKEN }}
+      GITHUB_ACTOR: ${{ github.actor }}
+      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
       SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
       # New JDK version makes 'localhost' lookup on linux return ipv6.
       # Our test containers are on ipv4. We need to make 'localhost' resolve to ipv4.
       JAVA_TOOL_OPTIONS: -Djava.net.preferIPv4Stack=true
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
     steps:
       - uses: actions/checkout@v3
         with:
-          token: ${{ secrets.ATALA_GITHUB_TOKEN }}
+          token: ${{ secrets.GITHUB_TOKEN }}
           ref: ${{ github.event.inputs.release-branch }}
           fetch-depth: 0
       - name: Setup Java and Scala
@@ -58,8 +61,8 @@ jobs:
         uses: docker/login-action@v2
         with:
           registry: ghcr.io
-          username: ${{ secrets.ATALA_GITHUB_ACTOR }}
-          password: ${{ secrets.ATALA_GITHUB_TOKEN }}
+          username: github.actor
+          password: ${{ secrets.GITHUB_TOKEN }}
       - name: Set up QEMU
         uses: docker/setup-qemu-action@v2
       - name: Set up Docker Buildx

diff --git a/build.sbt b/build.sbt
@@ -193,19 +193,18 @@ lazy val D_Shared = new {
       D.zioPrelude,
       D.jsonCanonicalization,
       D.scodecBits,
-      D.circeCore,
-      D.circeGeneric,
-      D.circeParser
     )
 }
 
 lazy val D_SharedCrypto = new {
   lazy val dependencies: Seq[ModuleID] =
     Seq(
+      D.zioJson,
       D.apollo,
       D.bouncyBcpkix,
       D.bouncyBcprov,
       D.prismCrypto, // TODO: remove after migrated all primitives to apollo
+      D.nimbusJwt,
       D.zioTest,
       D.zioTestSbt,
       D.zioTestMagnolia,
@@ -252,6 +251,9 @@ lazy val D_Castor = new {
       D.zioMock,
       D.zioTestSbt,
       D.zioTestMagnolia,
+      D.circeCore,
+      D.circeGeneric,
+      D.circeParser
     )
 
   // Project Dependencies

diff --git a/castor/lib/core/src/main/scala/io/iohk/atala/castor/core/model/did/PublicKey.scala b/castor/lib/core/src/main/scala/io/iohk/atala/castor/core/model/did/PublicKey.scala
@@ -1,7 +1,6 @@
 package io.iohk.atala.castor.core.model.did
 
 import io.iohk.atala.shared.models.Base64UrlString
-import io.iohk.atala.prism.crypto.EC
 
 final case class PublicKey(
     id: String,
@@ -20,33 +19,11 @@ final case class InternalPublicKey(
     publicKeyData: PublicKeyData
 )
 
-sealed trait PublicKeyData
+sealed trait PublicKeyData {
+  def crv: EllipticCurve
+}
 
 object PublicKeyData {
-  final case class ECKeyData(
-      crv: EllipticCurve,
-      x: Base64UrlString,
-      y: Base64UrlString
-  ) extends PublicKeyData
-
-  final case class ECCompressedKeyData(
-      crv: EllipticCurve,
-      data: Base64UrlString
-  ) extends PublicKeyData {
-    def toUncompressedKeyData: Option[ECKeyData] = {
-      crv match {
-        case EllipticCurve.SECP256K1 =>
-          val prism14PublicKey = EC.INSTANCE.toPublicKeyFromCompressed(data.toByteArray)
-          val ecPoint = prism14PublicKey.getCurvePoint()
-          Some(
-            ECKeyData(
-              crv = crv,
-              x = Base64UrlString.fromByteArray(ecPoint.getX().bytes()),
-              y = Base64UrlString.fromByteArray(ecPoint.getY().bytes())
-            )
-          )
-        case _ => None
-      }
-    }
-  }
+  final case class ECKeyData(crv: EllipticCurve, x: Base64UrlString, y: Base64UrlString) extends PublicKeyData
+  final case class ECCompressedKeyData(crv: EllipticCurve, data: Base64UrlString) extends PublicKeyData
 }
diff --git a/castor/lib/core/src/main/scala/io/iohk/atala/castor/core/model/did/w3c/W3CModelHelper.scala b/castor/lib/core/src/main/scala/io/iohk/atala/castor/core/model/did/w3c/W3CModelHelper.scala
@@ -1,23 +1,15 @@
 package io.iohk.atala.castor.core.model.did.w3c
 
-import io.iohk.atala.castor.core.model.did.{
-  DIDData,
-  DIDMetadata,
-  PrismDID,
-  PublicKey,
-  PublicKeyData,
-  Service,
-  VerificationRelationship
-}
-import io.iohk.atala.shared.models.HexString
-import io.iohk.atala.castor.core.model.did.ServiceType
 import io.circe.Json
-import io.iohk.atala.castor.core.model.did.ServiceEndpoint
+import io.iohk.atala.castor.core.model.did.*
 import io.iohk.atala.castor.core.model.did.ServiceEndpoint.UriOrJsonEndpoint
-import io.iohk.atala.castor.core.model.did.EllipticCurve
-import java.time.format.DateTimeFormatter
-import java.time.ZoneOffset
+import io.iohk.atala.shared.crypto.Apollo
+import io.iohk.atala.shared.models.Base64UrlString
+import io.iohk.atala.shared.models.HexString
+
 import java.time.Instant
+import java.time.ZoneOffset
+import java.time.format.DateTimeFormatter
 
 object W3CModelHelper extends W3CModelHelper
 
@@ -118,7 +110,6 @@ private[castor] trait W3CModelHelper {
     }
   }
 
-  // FIXME: do we need to support uncompress for OKP key types?
   extension (publicKey: PublicKey) {
     def toW3C(did: PrismDID, controller: PrismDID): PublicKeyRepr = {
       val curve = publicKey.publicKeyData match {
@@ -147,32 +138,31 @@ private[castor] trait W3CModelHelper {
             x = Some(data.toStringNoPadding),
             y = None
           )
-        case PublicKeyData.ECKeyData(crv, _, _) =>
-          throw Exception(s"Uncompressed key for curve ${crv.name} is not supported")
-      }
-    }
-
-    private def secp256k1Repr(pk: PublicKeyData): PublicKeyJwk = {
-      pk match {
-        case pk: PublicKeyData.ECCompressedKeyData =>
-          val uncomporessed = pk.toUncompressedKeyData.getOrElse(
-            throw Exception(s"Conversion to uncompress key is not supported for curve ${pk.crv.name}")
-          )
+        case PublicKeyData.ECKeyData(crv, x, _) =>
           PublicKeyJwk(
-            kty = "EC",
-            crv = uncomporessed.crv.name,
-            x = Some(uncomporessed.x.toStringNoPadding),
-            y = Some(uncomporessed.y.toStringNoPadding)
-          )
-        case PublicKeyData.ECKeyData(crv, x, y) =>
-          PublicKeyJwk(
-            kty = "EC",
+            kty = "OKP",
             crv = crv.name,
             x = Some(x.toStringNoPadding),
-            y = Some(y.toStringNoPadding)
+            y = None
           )
+      }
+    }
 
+    private def secp256k1Repr(pk: PublicKeyData): PublicKeyJwk = {
+      val (x, y) = pk match {
+        case PublicKeyData.ECKeyData(_, x, y) => (x, y)
+        case PublicKeyData.ECCompressedKeyData(_, data) =>
+          val point = Apollo.default.secp256k1.publicKeyFromEncoded(data.toByteArray).get.getECPoint
+          val x = Base64UrlString.fromByteArray(point.x)
+          val y = Base64UrlString.fromByteArray(point.y)
+          (x, y)
       }
+      PublicKeyJwk(
+        kty = "EC",
+        crv = EllipticCurve.SECP256K1.name,
+        x = Some(x.toStringNoPadding),
+        y = Some(y.toStringNoPadding)
+      )
     }
   }
 

diff --git a/castor/lib/core/src/main/scala/io/iohk/atala/castor/core/model/error/package.scala b/castor/lib/core/src/main/scala/io/iohk/atala/castor/core/model/error/package.scala
@@ -23,6 +23,8 @@ package object error {
     final case class TooManyDidPublicKeyAccess(limit: Int, access: Option[Int]) extends OperationValidationError
     final case class TooManyDidServiceAccess(limit: Int, access: Option[Int]) extends OperationValidationError
     final case class InvalidArgument(msg: String) extends OperationValidationError
+    final case class InvalidPublicKeyData(ids: Seq[String]) extends OperationValidationError
+    final case class InvalidMasterKeyType(ids: Seq[String]) extends OperationValidationError
   }
 
 }
diff --git a/castor/lib/core/src/main/scala/io/iohk/atala/castor/core/service/MockDIDService.scala b/castor/lib/core/src/main/scala/io/iohk/atala/castor/core/service/MockDIDService.scala
@@ -7,12 +7,9 @@ import io.iohk.atala.shared.crypto.Secp256k1KeyPair
 import io.iohk.atala.shared.models.Base64UrlString
 import zio.mock.{Expectation, Mock, Proxy}
 import zio.test.Assertion
-import zio.{IO, URLayer, ZIO, ZLayer, mock, Unsafe, Runtime}
+import zio.{IO, URLayer, ZIO, ZLayer, mock}
 
-import java.util.concurrent.TimeUnit
 import scala.collection.immutable.ArraySeq
-import scala.concurrent.Await
-import scala.concurrent.duration.Duration
 
 // FIXME: move this to test code
 object MockDIDService extends Mock[DIDService] {
@@ -45,13 +42,8 @@ object MockDIDService extends Mock[DIDService] {
   def createDID(
       verificationRelationship: VerificationRelationship
   ): (PrismDIDOperation.Create, Secp256k1KeyPair, DIDMetadata, DIDData) = {
-    // FIXME: unsafe bridge just to avoid refactoring the whole test into ZIO[?, ?, KeyPair]
-    def unsafeRun(effect: ZIO[Any, Nothing, Secp256k1KeyPair]): Secp256k1KeyPair = {
-      val f = Unsafe.unsafe { implicit unsafe => Runtime.default.unsafe.runToFuture(effect) }
-      Await.result(f, Duration(10, TimeUnit.SECONDS))
-    }
-    val masterKeyPair = unsafeRun(Apollo.default.secp256k1.generateKeyPair)
-    val keyPair = unsafeRun(Apollo.default.secp256k1.generateKeyPair)
+    val masterKeyPair = Apollo.default.secp256k1.generateKeyPair
+    val keyPair = Apollo.default.secp256k1.generateKeyPair
 
     val createOperation = PrismDIDOperation.Create(
       publicKeys = Seq(