Merge pull request #39 from Sphereon-Opensource/feature/ssi-sdk-update

Tweaks while testing

docs/X509-setup.md

@@ -82,6 +82,10 @@ Letsencrypt allows you to get X509 Certificates for your domain(s) for free. The
 can also be used in Gaia-X for now. The process to get these credentials is mostly automated and can be found for your
 environment in this website: https://certbot.eff.org/. Additional documentation for certbot can be found
 here: https://eff-certbot.readthedocs.io/en/stable/
+Please make sure you add these flags to the certbot command:
+```shell
+certbot certonly --standalone --rsa-key-size 2048 --key-type rsa
+```
 
 After having installed the certificate successfully you will need the following files from the directory
 /etc/letsencrypt/live/[your-domain]:

package.json

@@ -40,12 +40,12 @@
     ]
   },
   "resolutions": {
-    "@sphereon/ssi-sdk.core": "0.13.0",
-    "@sphereon/ssi-types": "0.13.0",
+    "@sphereon/ssi-sdk.core": "0.15.1",
+    "@sphereon/ssi-types": "0.15.1",
     "@sphereon/ssi-sdk-ext.kms-local": "^0.12.2-next.3",
     "@sphereon/did-uni-client": "^0.6.0",
-    "@sphereon/ssi-sdk-ext.did-utils": "0.12.2-next.3",
-    "@sphereon/ssi-sdk.vc-handler-ld-local": "0.13.0",
+    "@sphereon/ssi-sdk-ext.did-utils": "0.14.0",
+    "@sphereon/ssi-sdk.vc-handler-ld-local": "0.15.1",
     "@digitalcredentials/ed25519-verification-key-2020": "3.2.2",
     "@veramo/cli": "4.2.0",
     "@veramo/core": "4.2.0",

packages/gx-agent-cli/README.md

@@ -78,7 +78,7 @@ If you see an output similar like the above, the Gaia-X Agent CLI is properly in
 
 You will first need to have an existing X.509 EV SSL certificate or create a new
 one. [This document](../../docs/X509-setup.md)
-explains how to setup a new X.509 certificate. Without following the steps in the document you cannot be onboarded as
+explains how to set up a new X.509 certificate. Without following the steps in the document you cannot be onboarded as
 Gaia-X participant.
 
 # Agent configuration Commands
@@ -123,7 +123,7 @@ _support for versions v2206 and v2210 are removed in this release_
 ## Verify configuration
 
 Verifies a Gaia-X `agent.yml` file at a specific file location. If the `-f/--filename` option is omitted the default
-home-dir location will be used in stead. The `--show` option, will display the entire configuration file.
+home-dir location will be used instead. The `--show` option, will display the entire configuration file.
 
 For technical people or developers. You can also test whether low level agent methods are properly configured and
 available by providing the `-m/--method` option. For example to test the DID resolution method, you could
@@ -152,7 +152,7 @@ Your Gaia-X agent configuration seems fine. An agent can be created and the 'age
 Gaia-X DIDs currently rely on the so called [DID:web](https://w3c-ccg.github.io/did-method-web/) DID documents and
 method.
 The DID document is responsible for listing public keys associated with the DID and your organizational domain. This DID
-is used to sign Gaia-X self-descriptions and so called Verifiable Credentials. This allows others to determine that data
+is used to sign Gaia-X self-descriptions and so-called Verifiable Credentials. This allows others to determine that data
 is authentic and not manipulated, originating from your organization.
 For Gaia-X so called did:web DIDs will be used, meaning DIDs associated with your domain name hosted at a well known
 location (https://example.com/.well-known/did.json). The DID will list at least the X.509 Certificate public key
@@ -193,7 +193,7 @@ explore the database of the agent
 ## List DIDs
 
 Lists all DIDs known to the agent. Normally you will only have one DID:web for your organization. When only one DID is
-present, the agent will automatically select this DID for it's commands. If you have more DIDs available, you should use
+present, the agent will automatically select this DID for its commands. If you have more DIDs available, you should use
 the -d option available on most commands, to select the appropriate DID
 
 ```shell
@@ -279,7 +279,7 @@ DID Document:
 
 ## Export a DID and the CA chain
 
-You will need to host the DID on your domain. For now you will have to copy the files to your webserver (the agent can
+You will need to host the DID on your domain. For now, you will have to copy the files to your webserver (the agent can
 host them for you, but that option is not yet available). The document will have to be served from your domain in the
 /.well-known location. The easiest way to accommodate that typically is to create a folder called .well-known in your
 Website root directory. The export command already creates that folder for you!
@@ -319,22 +319,22 @@ gx-agent did delete did:web:nk-gx-agent.eu.ngrok.io
 # Participant onboarding
 
 You first need to become a Gaia-X compliant participant. In order to do so, you first need to create a participant
-self-description. This is a so called Credential in a specific order. You will need to sign this self-description, using
+self-description. This is a so-called Credential in a specific order. You will need to sign this self-description, using
 your DID, making it a Verifiable Credential. The compliance service will issue an attestation, in the form of a
-Participant Credential, signed by it’s DID. This allows you to prove to others that you are a Gaia-X participant.
+Participant Credential, signed by its DID. This allows you to prove to others that you are a Gaia-X participant.
 
 You can either become compliant in 1 step, or by having 2 extra steps. The benefit of using 2 steps is that you can
 verify the self-description, before sending it in to become compliant. The agent internally creates the same objects, no
 matter what choice you make.
 
 ## Export example participant-input-credential.json
 
-There is a command to export a template/example for two version of participants self-description to disk. If you want to create a Pariticipant according to v2206 api, you can call it with that specific version `-v v2206`, or you can call it with `-v v2210` to get the new version of Participant Self-Description. _Also calling it without a version param will generate v2210 version of a participant self-description._ You can then edit this example
+There is a command to export a template/example for two version of participants self-description to disk. If you want to create a Participant according to v2206 api, you can call it with that specific version `-v v2206`, or you can call it with `-v v2210` to get the new version of Participant Self-Description. _Also calling it without a version param will generate v2210 version of a participant self-description._ You can then edit this example
 self-description with your information.
 The `--show` argument, displays the example self-description to your console.
 
 ```shell
-gx-agent participant sd export-example -d did:web:nk-gx-agent.eu.ngrok.io --show
+gx-agent participant sd example -d did:web:nk-gx-agent.eu.ngrok.io --show
 
 output:
 ┌─────────────┬───────────────────────────────────┬──────────────────────────────────────┐
@@ -381,7 +381,7 @@ Example self-description file has been written to participant-input-credential.j
 ```
 
 You now should open the file, and adjust the values with your participant information. Update all
-the values. Do not add new keys or remove any properties/keys, except for the some of the keys that are mentioned in the context file:
+the values. Do not add new keys or remove any properties/keys, except for some of the keys that are mentioned in the context file:
 
 - gx:legalRegistrationNumber
 - gx:parentOrganization
@@ -610,7 +610,7 @@ The `--show` argument, displays the example self-description to your console.
 
 ```shell
 
-gx-agent so sd example -d
+gx-agent so sd example -d did:web:nk-gx-agent.eu.ngrok.io
 
 output:
 IMPORTANT: the values specified with '*' should be populated by you.
@@ -656,9 +656,13 @@ will always overwrite the existing file!
 
 ## Submit the service-offering self-description
 
-The next command creates a self-asserted Verifiable Credential out of the ServiceOffering self-description input file. It sends that in
+The next command creates a self-asserted Verifiable Credential out of the ServiceOffering self-description input file. 
+```shell
+gx-agent so sd submit -sof service-offering-input-credential.json -sid <id>  
+```
+For the id, see "gx-agent vc list"
+It sends that in
 as a Verifiable Presentation with previously fetched ComplianceCredential and Participant SelfDescription to the Ecosystem Compliance service as configured in your agent.yml file.
-
 ```json
 {
   "type": ["VerifiablePresentation"],

packages/gx-agent-cli/package.json

@@ -17,7 +17,7 @@
     "@microsoft/api-extractor": "^7.33.6",
     "@microsoft/api-extractor-model": "^7.25.2",
     "@sphereon/gx-agent": "workspace:*",
-    "@sphereon/ssi-sdk-ext.did-utils": "0.12.2-next.3",
+    "@sphereon/ssi-sdk-ext.did-utils": "0.14.0",
     "@types/blessed": "^0.1.19",
     "@types/swagger-ui-express": "^4.1.3",
     "@types/uuid": "^9.0.0",
@@ -59,13 +59,13 @@
     "typescript": "4.6.4"
   },
   "resolutions": {
-    "@sphereon/ssi-sdk.core": "0.13.0",
-    "@sphereon/ssi-types": "0.13.0",
-    "@sphereon/ssi-sdk-ext.key-manager": "0.12.2-next.3",
-    "@sphereon/ssi-sdk-ext.kms-local": "0.12.2-next.3",
+    "@sphereon/ssi-sdk.core": "0.15.1",
+    "@sphereon/ssi-types": "0.15.1",
+    "@sphereon/ssi-sdk-ext.key-manager": "0.14.0",
+    "@sphereon/ssi-sdk-ext.kms-local": "0.14.0",
     "@sphereon/did-uni-client": "^0.6.0",
-    "@sphereon/ssi-sdk-ext.did-utils": "0.12.2-next.3",
-    "@sphereon/ssi-sdk.vc-handler-ld-local": "0.13.0",
+    "@sphereon/ssi-sdk-ext.did-utils": "0.14.0",
+    "@sphereon/ssi-sdk.vc-handler-ld-local": "0.15.1",
     "@digitalcredentials/ed25519-verification-key-2020": "3.2.2",
     "@veramo/cli": "4.2.0",
     "@veramo/core": "4.2.0",

packages/gx-agent/package.json

@@ -19,13 +19,13 @@
   },
   "dependencies": {
     "@sphereon/did-uni-client": "^0.6.0",
-    "@sphereon/ssi-sdk-ext.did-utils": "0.12.2-next.3",
-    "@sphereon/ssi-sdk-ext.key-manager": "0.12.2-next.3",
-    "@sphereon/ssi-sdk-ext.key-utils": "0.12.2-next.3",
-    "@sphereon/ssi-sdk-ext.kms-local": "0.12.2-next.3",
-    "@sphereon/ssi-sdk.core": "0.13.0",
-    "@sphereon/ssi-sdk.vc-handler-ld-local": "0.13.0",
-    "@sphereon/ssi-types": "0.13.0",
+    "@sphereon/ssi-sdk-ext.did-utils": "0.14.0",
+    "@sphereon/ssi-sdk-ext.key-manager": "0.14.0",
+    "@sphereon/ssi-sdk-ext.key-utils": "0.14.0",
+    "@sphereon/ssi-sdk-ext.kms-local": "0.14.0",
+    "@sphereon/ssi-sdk.core": "0.15.1",
+    "@sphereon/ssi-sdk.vc-handler-ld-local": "0.15.1",
+    "@sphereon/ssi-types": "0.15.1",
     "@transmute/jose-ld": "^0.7.0-unstable.67",
     "@transmute/lds-ecdsa-secp256k1-recovery2020": "^0.0.7",
     "@transmute/security-context": "^0.7.0-unstable.67",
@@ -68,13 +68,13 @@
     "typescript": "4.6.4"
   },
   "resolutions": {
-    "@sphereon/ssi-sdk.core": "0.13.0",
-    "@sphereon/ssi-types": "0.13.0",
-    "@sphereon/ssi-sdk-ext.key-manager": "0.12.2-next.3",
-    "@sphereon/ssi-sdk-ext.kms-local": "0.12.2-next.3",
+    "@sphereon/ssi-sdk.core": "0.15.1",
+    "@sphereon/ssi-types": "0.15.1",
+    "@sphereon/ssi-sdk-ext.key-manager": "0.14.0",
+    "@sphereon/ssi-sdk-ext.kms-local": "0.14.0",
     "@sphereon/did-uni-client": "^0.6.0",
-    "@sphereon/ssi-sdk-ext.did-utils": "0.12.2-next.3",
-    "@sphereon/ssi-sdk.vc-handler-ld-local": "0.13.0",
+    "@sphereon/ssi-sdk-ext.did-utils": "0.14.0",
+    "@sphereon/ssi-sdk.vc-handler-ld-local": "0.15.1",
     "@digitalcredentials/ed25519-verification-key-2020": "3.2.2",
     "@veramo/cli": "4.2.0",
     "@veramo/core": "4.2.0",

packages/gx-agent/src/agent/GXComplianceClient.ts

@@ -39,6 +39,7 @@ import { CredentialHandler } from './CredentialHandler.js'
 import { extractApiTypeFromVC } from '../utils/index.js'
 import { getApiVersionedUrl, postRequest } from '../utils/index.js'
 import { extractSignInfo } from '../utils/index.js'
+import {asDidWeb} from "@sphereon/ssi-sdk-ext.did-utils";
 
 /**
  * {@inheritDoc IGXComplianceClient}
@@ -188,7 +189,7 @@ export class GXComplianceClient implements IAgentPlugin {
     const serviceOfferingVC = await context.agent.dataStoreGetVerifiableCredential({
       hash: args.serviceOfferingId,
     })
-    const did = participantVC.credentialSubject.id ? participantVC.credentialSubject.id : getIssuerString(participantVC)
+    const did = participantVC.credentialSubject.id ? await asDidWeb(participantVC.credentialSubject.id) : getIssuerString(participantVC)
     const labelVCs = args.labelVCs
     const signInfo: ISignInfo = await extractSignInfo({ did, section: 'authentication' }, context)
     const serviceOfferingVP = await this.credentialHandler.issueVerifiablePresentation(