Add to-rdf-urdna2015 subcommand

[clehner]

This adds a CLI subcommand for converting JSON-LD to canonicalized RDF, to address #163.

1. Perform context expansion of JSON-LD document.
2. Deserialize JSON-LD document to RDF dataset.
3. Canonicalize dataset using URDNA2015.
4. Serialize dataset in N-Quads format.

This exposes the functionality used internally by many linked data signature suites. It can be useful for inspecting the data contents of a verifiable credential or presentation, linked data authorization capability, or other linked data document.

Another use for this sub-command is to construct linked data proof signing payloads for external signing. Note that for such signing payloads, the proof object and linked data document without proof object must be canonicalized separately, according to the linked data proof Create Verify Hash Algorithm. Furthermore, the proof object needs context defined for its terms which are otherwise defined in the document's parent context. Context such as that can be passed to this subcommand using the -c, --expand-context or -C, --more-context-json options. -c takes a URI (e.g. for the w3c-ccg security context, or vc-data-model base context, or a signature suite context) and corresponds to the JSON-LD expandContext option, while -C takes a JSON array of values to insert into the @context property of the payload (creating it if needed).

Usage

$ didkit to-rdf-urdna2015 --help
didkit-to-rdf-urdna2015 0.1.0
Convert JSON-LD to URDNA2015-canonicalized RDF N-Quads

USAGE:
    didkit to-rdf-urdna2015 [OPTIONS]

FLAGS:
    -h, --help       Prints help information
    -V, --version    Prints version information

OPTIONS:
    -b, --base <base>                              Base IRI
    -c, --expand-context <expand-context>          IRI for expandContext option
    -C, --more-context-json <more-context-json>    Additional values for JSON-LD @context property

Example

$ didkit to-rdf-urdna2015 < cli/tests/auth.jsonld
_:c14n0 <http://www.w3.org/1999/02/22-rdf-syntax-ns#type> <https://www.w3.org/2018/credentials#VerifiablePresentation> .
_:c14n0 <https://w3id.org/security#proof> _:c14n1 .
_:c14n0 <https://www.w3.org/2018/credentials#holder> <did:key:z6MkvYdEj32i7fTvLqg2uj26AJPGqu4qpX5t7ZSzwGJcSyQ5> .
_:c14n2 <http://purl.org/dc/terms/created> "2021-06-07T14:12:00.349Z"^^<http://www.w3.org/2001/XMLSchema#dateTime> _:c14n1 .
_:c14n2 <http://www.w3.org/1999/02/22-rdf-syntax-ns#type> <https://w3id.org/security#Ed25519Signature2018> _:c14n1 .
_:c14n2 <https://w3id.org/security#challenge> "0.726156" _:c14n1 .
_:c14n2 <https://w3id.org/security#jws> "eyJhbGciOiJFZERTQSIsImNyaXQiOlsiYjY0Il0sImI2NCI6ZmFsc2V9..5zelz6ht6Zia4enNwv_rmJqI6xyQo247YQ7YE_Rx2xMhjwohv7AUrnOchAW23buyrMUQDIqWS36bxVyhYUC_Dw" _:c14n1 .
_:c14n2 <https://w3id.org/security#proofPurpose> <https://w3id.org/security#authenticationMethod> _:c14n1 .
_:c14n2 <https://w3id.org/security#verificationMethod> <did:key:z6MkvYdEj32i7fTvLqg2uj26AJPGqu4qpX5t7ZSzwGJcSyQ5#z6MkvYdEj32i7fTvLqg2uj26AJPGqu4qpX5t7ZSzwGJcSyQ5> _:c14n1 .

Canonicalizing proof object only:

$ jq .proof cli/tests/auth.jsonld | didkit to-rdf-urdna2015 -c https://www.w3.org/2018/credentials/v1
_:c14n0 <http://purl.org/dc/terms/created> "2021-06-07T14:12:00.349Z"^^<http://www.w3.org/2001/XMLSchema#dateTime> .
_:c14n0 <http://www.w3.org/1999/02/22-rdf-syntax-ns#type> <https://w3id.org/security#Ed25519Signature2018> .
_:c14n0 <https://w3id.org/security#challenge> "0.726156" .
_:c14n0 <https://w3id.org/security#jws> "eyJhbGciOiJFZERTQSIsImNyaXQiOlsiYjY0Il0sImI2NCI6ZmFsc2V9..5zelz6ht6Zia4enNwv_rmJqI6xyQo247YQ7YE_Rx2xMhjwohv7AUrnOchAW23buyrMUQDIqWS36bxVyhYUC_Dw" .
_:c14n0 <https://w3id.org/security#proofPurpose> <https://w3id.org/security#authenticationMethod> .
_:c14n0 <https://w3id.org/security#verificationMethod> <did:key:z6MkvYdEj32i7fTvLqg2uj26AJPGqu4qpX5t7ZSzwGJcSyQ5#z6MkvYdEj32i7fTvLqg2uj26AJPGqu4qpX5t7ZSzwGJcSyQ5> .

[wyc]

(1) The functionality seems to be working correctly, but some tests seem to fail:

$ cargo test
...
running 3 tests
test generate_key ... ok
thread 'main' panicked at 'called `Result::unwrap()` on an `Err` value: Sign(NoKeys)', cli/src/main.rs:426:26
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
test didkit_cli ... FAILED
test resolver_option ... ok

failures:

---- didkit_cli stdout ----
thread 'didkit_cli' panicked at 'assertion failed: issue_output.status.success()', cli/tests/cli.rs:77:5
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace


failures:
    didkit_cli

test result: FAILED. 2 passed; 1 failed; 0 ignored; 0 measured; 0 filtered out; finished in 0.34s

error: test failed, to rerun pass '-p didkit-cli --test cli'

(2) Build warning in main.rs:

warning: the item `Read` is imported redundantly
   --> cli/src/main.rs:553:17
    |
2   | use std::io::{stdin, stdout, BufReader, BufWriter, Read, Write};
    |                                                    ---- the item `Read` is already imported here
...
553 |             use std::io::Read;
    |                 ^^^^^^^^^^^^^
    |
    = note: `#[warn(unused_imports)]` on by default

(3) Additionally, it would be great to add cli/tests/auth.jsonld to the repo so that anyone can try it out with an example if they want to.

[wyc]

+1, I'm glad it's so easy to add options

[clehner]

@wyc

(1) The functionality seems to be working correctly, but some tests seem to fail

This is because of a bug where didkit attempts to use ssh-agent for signing when it shouldn't. For now, if you run unset SSH_AUTH_SOCK, then cargo test should work normally. A fix is in #183.

(2) Build warning in main.rs

Fixed in c13fe27.

(3) Additionally, it would be great to add cli/tests/auth.jsonld to the repo so that anyone can try it out with an example if they want to.

It's an ephemeral file generated by cli/tests/example.sh (The file name was changed to auth in #166 since it may be a JWT or JSON-LD file, although maybe using different file names would be better). I've added use of to-rdf-urdna2015 to cli/tests/example.sh in 721671b - does that work?

Adding example VCs and VPs to the repo could also be done if that would be useful.
In ssi there are such files: https://github.com/spruceid/ssi/tree/main/examples but they are using did:example: issuers so cannot easily be verified with didkit.

[wyc]

All works now, thanks!