Compare commits

..

2 Commits

Author SHA1 Message Date
Cayo Puigdefabregas 8eb0b70f0a add did web in README 2024-05-30 11:12:04 +02:00
Cayo Puigdefabregas 1c14e11d73 add did web 2024-05-30 11:11:37 +02:00
5 changed files with 171 additions and 8 deletions

View File

@ -29,10 +29,17 @@ The mode of use under the command line would be the following:
```
## generate a did identifier:
### did key
```sh
python did.py -n did -k keypair.json
```
### did web
```sh
python did.py -n did -k keypair.json -u https://localhost/user1/dids/
```
## generate an example signed credential:
An example of a credential is generated, which is the one that appears in the credential_tmpl template in the file [templates.py](templates.py)
```sh
@ -54,7 +61,7 @@ An example of a credential is generated, which is the one that appears in the cr
python verify_vp.py presentation_signed.json
```
# Use as a lib
# Use as a library
In the tests you can find examples of use. Now I will explain the usual cases
## generate a key pair:
@ -64,12 +71,22 @@ In the tests you can find examples of use. Now I will explain the usual cases
```
## generate a did identifier:
### did key
```python
from pyvckit.did import generate_keys, generate_did
key = generate_keys()
did = generate_did(key)
```
### did web
```python
from pyvckit.did import generate_keys, generate_did
key = generate_keys()
url = "https://localhost/user1/dids/"
did = generate_did(key, url)
```
## generate a signed credential:
Assuming **credential** is a valid credential.
**credential** is a string variable
@ -108,3 +125,15 @@ Assuming **vc** is a properly signed verifiable credential
from pyvckit.verify_vp import verify_vp
verified = verify_vp(json.dumps(vp))
```
## creation of did document:
This command will create a json document and a url path where to place this document. The did must be a web did.
This document is an example and in production it must be adapted to contain the revoked verifiable credentials.
```python
from pyvckit.did import generate_keys, generate_did, gen_did_document
key = generate_keys()
url = "https://localhost/did-registry"
did = generate_did(key, url)
definitive_url, document = gen_did_document(did, key)
```

View File

@ -29,10 +29,17 @@ El modo de uso bajo la linea de comandos seria el siguiente:
```
## generar un identificador did:
### did key
```sh
python did.py -n did -k keypair.json
```
### did web
```sh
python did.py -n did -k keypair.json -u https://localhost/user1/dids/
```
## generar una credencial firmada de ejemplo:
Se genera un ejemplo de credencial que es el que aparece en la plantilla credential_tmpl del fichero [templates.py](templates.py)
```sh
@ -54,6 +61,12 @@ Se genera un ejemplo de credencial que es el que aparece en la plantilla credent
python verify_vp.py presentation_signed.json
```
## creación del documento did:
Este comando creara un documento json y una ruta url donde colocar este documento. El did tiene que ser un did web.
```sh
python did.py -k keypair.json -g did:web:localhost:did-registry:z6MkiNc8xqJLcG7QR1wzD9HPs5oPQEaWNcVf92QsbppNiB7C
```
# Uso como librería
En los test podras encontrar ejemplos de uso. Ahora explicare los casos habituales
@ -64,12 +77,22 @@ En los test podras encontrar ejemplos de uso. Ahora explicare los casos habitual
```
## generar un identificador did:
### did key
```python
from pyvckit.did import generate_keys, generate_did
key = generate_keys()
did = generate_did(key)
```
### did web
```python
from pyvckit.did import generate_keys, generate_did
key = generate_keys()
url = "https://localhost/user1/dids/"
did = generate_did(key, url)
```
## generar una credencial firmada:
Suponiendo que **credential** es una credencial válida.
**credential** es una variable de tipo string
@ -108,3 +131,15 @@ Suponiendo que **vc** es una credencial verificable correctamente firmada
from pyvckit.verify_vp import verify_vp
verified = verify_vp(json.dumps(vp))
```
## creación del documento did:
Este comando creara un documento json y una ruta url donde colocar este documento. El did tiene que ser un did web.
Este documento es un ejemplo y en producción hay que adaptarlo para contener las credenciales verificables revocadas.
```python
from pyvckit.did import generate_keys, generate_did, gen_did_document
key = generate_keys()
url = "https://localhost/did-registry"
did = generate_did(key, url)
definitive_url, document = gen_did_document(did, key)
```

70
did.py
View File

@ -1,16 +1,19 @@
import json
import argparse
import requests
import multicodec
import multiformats
import nacl.signing
import nacl.encoding
from jwcrypto import jwk
from urllib.parse import urlparse
from nacl.signing import SigningKey
from nacl.encoding import RawEncoder
from templates import did_document_tmpl
def key_to_did(public_key_bytes, type_did):
def key_to_did(public_key_bytes, url):
"""did-key-format :=
did:key:MULTIBASE(base58-btc, MULTICODEC(public-key-type, raw-public-key-bytes))"""
@ -19,8 +22,11 @@ def key_to_did(public_key_bytes, type_did):
# Multibase encode the hashed bytes
did = multiformats.multibase.encode(mc, 'base58btc')
if type_did == "web":
return f"did:web:{did}"
if url:
u = urlparse(url)
domain = u.netloc
path = u.path.strip("/").replace("/", ":")
return f"did:web:{domain}:{path}:{did}"
return f"did:key:{did}"
@ -45,13 +51,13 @@ def get_signing_key(jwk_pr):
return signing_key
def generate_did(jwk_pr, type_did=None):
def generate_did(jwk_pr, url=None):
signing_key = get_signing_key(jwk_pr)
verify_key = signing_key.verify_key
public_key_bytes = verify_key.encode()
# Generate the DID
did = key_to_did(public_key_bytes, type_did)
did = key_to_did(public_key_bytes, url)
return did
def generate_keys():
@ -62,10 +68,44 @@ def generate_keys():
return json.dumps(key_json)
def gen_did_document(did, keys):
if did[:8] != "did:web:":
return "", ""
document = did_document_tmpl.copy()
webdid_owner = did+"#owner"
webdid_revocation = did+"#revocation"
document["id"] = did
document["verificationMethod"][0]["id"] = webdid_owner
document["verificationMethod"][0]["controller"] = did
document["verificationMethod"][0]["publicKeyJwk"]["x"] = keys["x"]
document["authentication"].append(webdid_owner)
document["assertionMethod"].append(webdid_owner)
document["service"][0]["id"] = webdid_revocation
document_fixed_serialized = json.dumps(document)
url = "https://" + "/".join(did.split(":")[2:]) + "/did.json"
return url, document_fixed_serialized
def resolve_did(did):
if did[:8] != "did:web:":
return
try:
url = "https://" + "/".join(did.split(":")[2:]) + "/did.json"
response = requests.get(url)
except Exception:
url = "http://" + "/".join(did.split(":")[2:]) + "/did.json"
response = requests.get(url)
if 200 <= response.status_code < 300:
return response.json()
def main():
parser=argparse.ArgumentParser(description='Generates a new did or key pair')
parser.add_argument("-k", "--key-path", required=False)
parser.add_argument("-n", "--new", choices=['keys', 'did'])
parser.add_argument("-u", "--url")
parser.add_argument("-g", "--gen-doc")
args=parser.parse_args()
if args.new == 'keys':
@ -77,12 +117,32 @@ def main():
print("error: argument --key-path: expected one argument")
return
if args.new == 'did' and args.url:
key = key_read(args.key_path)
did = generate_did(key, args.url)
print(did)
return
if args.new == 'did':
key = key_read(args.key_path)
did = generate_did(key)
print(did)
return
if args.gen_doc and not args.key_path:
print("error: argument --key-path: expected one argument")
return
if args.gen_doc:
keys = json.loads(key_read(args.key_path))
if not keys.get("x"):
print("error: argument --key-path: not is valid")
return
url, doc = gen_did_document(args.gen_doc, keys)
# print(url)
print(doc)
return
if __name__ == "__main__":
main()

View File

@ -25,3 +25,4 @@ Pillow
multiformats
PyNaCl
py-multicodec
pyroaring

View File

@ -27,3 +27,41 @@ presentation_tmpl = {
"holder": "",
"verifiableCredential": []
}
did_document_tmpl = {
"@context": [
"https://www.w3.org/ns/did/v1",
{
"Ed25519VerificationKey2018": "https://w3id.org/security#Ed25519VerificationKey2018",
"publicKeyJwk": {
"@id": "https://w3id.org/security#publicKeyJwk",
"@type": "@json"
}
}
],
"id": "",
"verificationMethod": [
{
"id": "",
"type": "Ed25519VerificationKey2018",
"controller": "",
"publicKeyJwk": {
"kty": "OKP",
"crv": "Ed25519",
"x": ""
}
}
],
"authentication": [
],
"assertionMethod": [
],
"service": [
{
"id": "",
"type": "RevocationBitmap2022",
"serviceEndpoint": "data:application/octet-stream;base64,eJyzMmAAAwADKABr"
}
]
}