Skip to content

Commit

Permalink
Merge pull request #12 from borisrizov-zf/chore/migrate-old-repo
Browse files Browse the repository at this point in the history
Chore: migrate old (catenax-ng) repo
  • Loading branch information
carslen authored Oct 10, 2023
2 parents 2eea703 + e584aaa commit a26eccf
Show file tree
Hide file tree
Showing 203 changed files with 7,097 additions and 1,356 deletions.
11 changes: 3 additions & 8 deletions .github/workflows/build.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -41,12 +41,7 @@ jobs:
uses: actions/setup-java@v1
with:
java-version: 17
distribution: temurin

- name: Build Lib with Maven
run: ./mvnw -s settings.xml -B package --file ./cx-ssi-lib/pom.xml
env:
GITHUB_PACKAGE_USERNAME: ${{ github.actor }}
GITHUB_PACKAGE_PASSWORD: ${{ secrets.GITHUB_TOKEN }}

- name: Run tests
run: ./mvnw -B test --file ./cx-ssi-lib/pom.xml
- name: Build with Maven
run: ./mvnw --batch-mode --update-snapshots -s settings.xml -B package --file ./pom.xml
43 changes: 19 additions & 24 deletions DEPENDENCIES
Original file line number Diff line number Diff line change
@@ -1,12 +1,10 @@
maven/mavencentral/com.apicatalog/titanium-json-ld/1.1.0, Apache-2.0, approved, clearlydefined
maven/mavencentral/com.danubetech/key-formats-java/1.2.0, Apache-2.0, approved, #3467
maven/mavencentral/com.danubetech/verifiable-credentials-java/1.0.0, Apache-2.0, approved, #3465
maven/mavencentral/com.fasterxml.jackson.core/jackson-annotations/2.11.1, Apache-2.0, approved, CQ23491
maven/mavencentral/com.fasterxml.jackson.core/jackson-core/2.11.1, Apache-2.0, approved, CQ23092
maven/mavencentral/com.fasterxml.jackson.core/jackson-databind/2.11.1, Apache-2.0, approved, CQ23093
maven/mavencentral/com.github.jnr/jffi/1.2.9, Apache-2.0, approved, CQ9095
maven/mavencentral/com.github.jnr/jnr-ffi/2.0.5, Apache-2.0, approved, CQ12035
maven/mavencentral/com.github.jnr/jnr-x86asm/1.0.2, MIT, approved, CQ9094
maven/mavencentral/com.apicatalog/titanium-json-ld/1.3.2, Apache-2.0, approved, #8912
maven/mavencentral/com.fasterxml.jackson.core/jackson-annotations/2.15.2, Apache-2.0, approved, #7947
maven/mavencentral/com.fasterxml.jackson.core/jackson-core/2.15.2, MIT AND Apache-2.0, approved, #7932
maven/mavencentral/com.fasterxml.jackson.core/jackson-databind/2.15.2, Apache-2.0, approved, #7934
maven/mavencentral/com.fasterxml.jackson.dataformat/jackson-dataformat-xml/2.15.2, Apache-2.0, approved, #9237
maven/mavencentral/com.fasterxml.woodstox/woodstox-core/6.5.1, Apache-2.0, approved, #7950
maven/mavencentral/com.github.ben-manes.caffeine/caffeine/3.1.6, Apache-2.0, approved, clearlydefined
maven/mavencentral/com.github.multiformats/java-multibase/v1.1.0, MIT AND BSD-3-Clause AND EPL-1.0 AND Apache-2.0, approved, #4095
maven/mavencentral/com.github.stephenc.jcip/jcip-annotations/1.0-1, Apache-2.0, approved, CQ21949
maven/mavencentral/com.google.code.findbugs/jsr305/3.0.2, Apache-2.0, approved, #20
Expand All @@ -19,29 +17,26 @@ maven/mavencentral/com.google.guava/listenablefuture/9999.0-empty-to-avoid-confl
maven/mavencentral/com.google.http-client/google-http-client/1.43.1, Apache-2.0, approved, clearlydefined
maven/mavencentral/com.google.j2objc/j2objc-annotations/1.3, Apache-2.0, approved, CQ21195
maven/mavencentral/com.google.protobuf/protobuf-java/3.19.6, BSD-3-Clause, approved, clearlydefined
maven/mavencentral/com.nimbusds/nimbus-jose-jwt/9.9, Apache-2.0, approved, clearlydefined
maven/mavencentral/commons-codec/commons-codec/1.15, Apache-2.0 AND BSD-3-Clause AND LicenseRef-Public-Domain, approved, CQ22641
maven/mavencentral/com.nimbusds/nimbus-jose-jwt/9.31, Apache-2.0, approved, clearlydefined
maven/mavencentral/commons-beanutils/commons-beanutils/1.9.4, Apache-2.0, approved, CQ12654
maven/mavencentral/commons-codec/commons-codec/1.11, Apache-2.0 AND BSD-3-Clause, approved, CQ15971
maven/mavencentral/commons-collections/commons-collections/3.2.2, Apache-2.0, approved, CQ10385
maven/mavencentral/commons-digester/commons-digester/2.1, Apache-2.0, approved, clearlydefined
maven/mavencentral/commons-logging/commons-logging/1.2, Apache-2.0, approved, CQ10162
maven/mavencentral/decentralized-identity/jsonld-common-java/1.0.0, Apache-2.0, approved, #3108
maven/mavencentral/info.weboftrust/ld-signatures-java/1.0.0, Apache-2.0, approved, #3463
maven/mavencentral/io.github.erdtman/java-json-canonicalization/1.1, Apache-2.0, approved, clearlydefined
maven/mavencentral/commons-validator/commons-validator/1.7, Apache-2.0, approved, clearlydefined
maven/mavencentral/io.grpc/grpc-context/1.27.2, Apache-2.0, approved, clearlydefined
maven/mavencentral/io.opencensus/opencensus-api/0.31.1, Apache-2.0, approved, clearlydefined
maven/mavencentral/io.opencensus/opencensus-contrib-http-util/0.31.1, Apache-2.0, approved, clearlydefined
maven/mavencentral/io.setl/rdf-urdna/1.1, Apache-2.0, approved, clearlydefined
maven/mavencentral/io.setl/rdf-urdna/1.2, Apache-2.0, approved, clearlydefined
maven/mavencentral/jakarta.json/jakarta.json-api/2.1.2, EPL-2.0 OR GPL-2.0-only WITH Classpath-exception-2.0, approved, #7907
maven/mavencentral/joda-time/joda-time/2.12.5, Apache-2.0, approved, clearlydefined
maven/mavencentral/net.i2p.crypto/eddsa/0.3.0, CC0-1.0, approved, CQ22537
maven/mavencentral/org.abstractj.kalium/kalium/0.8.0, Apache-2.0, approved, clearlydefined
maven/mavencentral/org.apache.commons/commons-lang3/3.12.0, Apache-2.0, approved, clearlydefined
maven/mavencentral/org.apache.httpcomponents/httpclient/4.5.14, Apache-2.0 AND LicenseRef-Public-Domain, approved, CQ23527
maven/mavencentral/org.apache.httpcomponents/httpcore/4.4.16, Apache-2.0, approved, CQ23528
maven/mavencentral/org.bitcoinj/bitcoinj-core/0.15.10, Apache-2.0, approved, clearlydefined
maven/mavencentral/org.bouncycastle/bcprov-jdk15on/1.70, MIT, approved, #1712
maven/mavencentral/org.bouncycastle/bcprov-jdk15to18/1.68, MIT, approved, #3464
maven/mavencentral/org.checkerframework/checker-compat-qual/2.5.5, MIT, approved, clearlydefined
maven/mavencentral/org.glassfish/jakarta.json/2.0.0, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.jsonp
maven/mavencentral/org.ow2.asm/asm-analysis/5.0.3, BSD-2-Clause, approved, CQ9714
maven/mavencentral/org.ow2.asm/asm-commons/5.0.3, BSD-2-Clause, approved, CQ9714
maven/mavencentral/org.ow2.asm/asm-tree/5.0.3, BSD-2-Clause, approved, CQ9714
maven/mavencentral/org.ow2.asm/asm-util/5.0.3, BSD-2-Clause, approved, CQ9714
maven/mavencentral/org.ow2.asm/asm/5.0.3, BSD-2-Clause, approved, CQ9714
maven/mavencentral/org.checkerframework/checker-qual/3.33.0, MIT, approved, clearlydefined
maven/mavencentral/org.codehaus.woodstox/stax2-api/4.2.1, BSD-2-Clause, approved, #2670
maven/mavencentral/org.eclipse.parsson/parsson/1.1.3, EPL-2.0, approved, ee4j.parsson
maven/mavencentral/org.projectlombok/lombok/1.18.26, MIT AND LicenseRef-Public-Domain, approved, CQ23907
164 changes: 164 additions & 0 deletions docs/Architecture.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,164 @@
# Architecture

**Documentation Template: arc42**

arc42, the template for documentation of software and system architecture.
Template Version 8.2 EN. (based upon AsciiDoc version), January 2023
See [arc42.org](https://arc42.org/license).

## Introduction and Goals

The *SSI Agent Lib* (hereafter referred to as the **lib**) is an open-source Java library developed under the Tractus-X project. It provides core functionalities and abstractions commonly required when implementing a digital wallet or any service leveraging self-sovereign identities (SSI).

### Requirements Overview

The lib supports the following use cases and interactions:

| Feature | Description / Constraints |
| ------------------------------------------------------------------------------- | ------------------------- |
| [Create DID](Feature-Create-Did.md) | |
| [Parse DID](Feature-Parse-Did.md) | |
| [Generate DID document](Feature-Generate-Did-Document.md) | |
| [Resolve DID document](Feature-Resolve-Did-Document.md) | |
| [Issue Verifiable Credential](Feature-Issue-Verifiable-Credential.md) | |
| [Issue Verifiable Presentation](Feature-Issue-Verifiable-Presentation.md) | |
| [Verify Verifiable Presentation](Feature-Verify-Verifiable-Presentation.md) | |
| [Validate Verifiable Presentation](Feature-Validate-Verifiable-Presentation.md) | |
| [Generate a key pair](Feature-Generate-Key-Pair.md) | Only Ed25519 supported. |

### Quality Goals

| Priority | Quality Goal | Scenario |
|----------|-------------- |-------------------------------------------------------------------------------------|
| 1 | Flexibility | Support for multiple cryptographic algorithms. |
| 1 | Extensibility | Integration of custom implementations for certain aspects (e.g., DID resolution). |
| 2 | Usability | Seamless integration and usage within other systems. |

## Architecture Constraints

- Java is the designated programming language to ensure compatibility with the Managed Identity Wallet and the [Tractus-X EDC](https://github.com/eclipse-tractusx/tractusx-edc).
- [JWT](https://www.w3.org/TR/vc-data-model/#json-web-token) based verifiable presentations are required for interoperability with the [DAPS](https://github.com/International-Data-Spaces-Association/IDS-G/tree/main/Components/IdentityProvider/DAPS), which uses JWT Access-Tokens for AuthN/AuthZ.
- [JsonWebKey2020](https://www.w3.org/community/reports/credentials/CG-FINAL-lds-jws2020-20220721/) serves as the Crypto Suite for Verifiable Credentials (VCs) & Verifiable Presentations (VPs).

## System Scope and Context

![System Scope](images/SystemScope.png)

The SSI Lib is intended for use by the Catena-X Managed Identity Wallet (MIW), the Eclipse Dataspace Connector (EDC), and third-party self-hosted wallets. While the SSI Lib provides did:web DID resolution capabilities, it also supports external DID resolution (e.g., Uniresolver).

## Solution Strategy

The library adopts a stateless design with no data persistency. It offers segregated interfaces, allowing usage of both internal features and external components. For instance, internal and external

DID resolution can be swapped (see `DidDocumentResolver.java`).

## Building Block View

### Whitebox Overall System

![Whitebox System Overview](images/WhiteboxSystem.png)

The library's building blocks are divided into various packages based on the provided SSI features, along with additional packages like `model` and `exception` for basic utilities.

**Key Building Blocks**

- `resolver`
- `jwt`
- `model`
- `proof`
- `serialization`
- `util`
- `validation`
- `exception`
- `did`
- `base`
- `crypt`

**Crucial Interfaces**

- `DidDocumentResolver`
- `LinkedDataProofGenerator`
- `validateLdProofValidator`
- `SignedJwtVerifier`
- `SignedJwtFactory`
- `JsonLdValidator`


#### resolver

This component is responsible for resolving Decentralized Identifiers (DIDs). It interacts with the underlying infrastructure to retrieve and parse DID Documents associated with a given DID.

#### jwt

The JWT (JSON Web Tokens) component is responsible for creating and verifying JWT-based verifiable presentations and credentials. It ensures the proper formatting and signing of JWTs.

#### model

The model component contains the data structures and classes used across the library. It defines the main objects (like DID, Verifiable Credential, etc.) that the library operates on.

#### proof

This component deals with the creation and validation of Linked Data Proofs. It generates proofs for Verifiable Credentials and validates incoming proofs.

#### serialization

The serialization component converts between the library's internal data structures and the JSON-LD format used in SSI. It is essential for the import and export of SSI data.

#### util

The util (or utility) component includes helper functions and classes used across the library. This may involve utility functions for encoding/decoding, date and time handling, etc.

#### validation

The validation component verifies that data is correctly formatted and valid according to the defined schemas and specifications. It is used in multiple contexts, such as when receiving Verifiable Credentials or Verifiable Presentations.

#### exception

The exception component defines the error and exception classes used in the library. It provides structured error handling and aids in debugging and error tracking.

#### did

The DID component involves all functionality specifically related to DIDs, such as generation, parsing, and formatting of DIDs and DID Documents.

#### base

The base component includes fundamental functionality and classes used throughout the library, setting the base structure of the library.

#### crypt

The crypt (or cryptography) component is responsible for all cryptographic operations, like signing, verification, and key generation. It directly supports JsonWebKey2020 based operations.

## Runtime View

Refer to the respective Feature Specs for insights into the library's runtime behavior.

## Deployment View

The SSI Lib can be integrated into an application as a standard JAR file through common build tools (i.e., Maven, Gradle, etc.). Therefore, no additional deployment artifacts are necessary.

## Cross-cutting Concepts

### Extensibility
The architecture is designed to allow for the easy addition and integration of new features or alterations to existing ones. This is evident in the support for custom implementations (e.g., DID resolution) and the use of interfaces to allow flexibility in the underlying implementations.

### Exception Handling
Exception handling is a recurring concept in the architecture. The library has the exception building block, and other building blocks should follow consistent practices for error/exception handling to ensure robust operation.

## Architecture Decisions

## Quality Requirements

- The library should create a JWT-based proof via JsonWebKey2020 / ED25519 signature within 0.5 seconds on current-generation server hardware under normal load (< 50% CPU Utilization)

## Risks and Technical Debts

- Currently, only ED25519 is supported.
- No formal interface exists for key encoding; it currently uses a byte array.

## Glossary

| Term | Definition |
|------|------------------------------------|
| EDC | Eclipse Dataspace Connector |
| MIW | Managed Identity Wallet |
| SSI | Self-Sovereign Identity |
Binary file added docs/Documentation.pdf
Binary file not shown.
38 changes: 38 additions & 0 deletions docs/Feature-Create-Did.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
# Feature: Create DID

## 1. Specification

Create a Decentralized Identifier (DID) as specified in [W3C-DID-Core](https://www.w3.org/TR/did-core/), for a set of supported DID methods.

*Example:*
```
did:web:mydomain.com:12345
```

#### 1.1 Assumptions
There is no need to ensure uniqueness of the created DID.

#### 1.2 Constraints
Currently only DID method **did:web** *MUST* be supported.

#### 1.3 System Environment
Any kind of registration process of a DID is out of scope and needs to be handled by the client.

## 2. Architecture

#### 2.1 Class Diagram

![CreateParseDid.png](images/CreateParseDid.png)

* DidFactory - Public factory interface.
* DidMethod - Defines a DID method, and allows retrieving a **CreateDidOptions** object specific to the respective DID method.
* CreateDidOptions - Marker interface. Implementations hold properties required to create a new DID of the respective **DidMethod**.
* DidFactoryRegistry - *MAY* be used to register **DidFactory** implementations for multiple **DidMethod**s
* DidWebMethod - Example implementation of **DidMethod** for method *did:web*.
* CreateDidWebOptions - Example implementation of **CreateDidOptions** for method *did:web*.
* Did - Value class representing a DID. *MAY* refer to a **DidDocument**
* DidDocument - Value class representing a DID document.




52 changes: 52 additions & 0 deletions docs/Feature-Generate-Did-Document.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
# Feature: Generate DID Document

## 1. Specification

Given a valid DID, generate DID document as specified in [W3C-DID-Core](https://www.w3.org/TR/did-core/).

*Example:*
```json
{
"@context": [
"https://www.w3.org/ns/did/v1",
"https://w3id.org/security/suites/jws-2020/v1",
"https://w3id.org/security/suites/ed25519-2020/v1"
]
"id": "did:web:mydomain.com:12345",
"verificationMethod": [{
"id": "did:web:mydomain.com:12345#_Qq0UL2Fq651Q0Fjd6TvnYE-faHiOpRlPVQcY_-tA4A",
"type": "JsonWebKey2020",
"controller": "did:web:mydomain.com:12345",
"publicKeyJwk": {
"crv": "Ed25519",
"x": "VCpo2LMLhn6iWku8MKvSLg2ZAoC-nlOyPVQaO3FxVeQ",
"kty": "OKP",
"kid": "_Qq0UL2Fq651Q0Fjd6TvnYE-faHiOpRlPVQcY_-tA4A"
}
}, {
"id": "did:example:123456789abcdefghi#keys-1",
"type": "Ed25519VerificationKey2020",
"controller": "did:example:pqrstuvwxyz0987654321",
"publicKeyMultibase": "zH3C2AVvLMv6gmMNam3uVAjZpfkcJCwDwnZn6z3wXmqPV"
}],
}
```

#### 1.1 Assumptions
Multiple verification methods *SHOULD* be supported.

#### 1.2 Constraints
Currently only verification type **Ed25519VerificationKey2020** needs to be supported.

## 2. Architecture

#### 2.1 Class Diagrams

![CreateDidClass.png](images/CreateDidClass.png)

#### 2.2 Sequence Diagrams

![CreateDidSequence.png](images/CreateDidSequence.png)

*You can find an Example of the class interactions here:* /src/main/java/org/eclipse/tractusx/ssi/examples/BuildDIDDoc.java

35 changes: 35 additions & 0 deletions docs/Feature-Generate-Key-Pair.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
# Feature: Generate Key Pair

## 1. Specification

Given a supported key algorithm, generate a public / private key pair.

*OPTIONAL*:
- Generated keys *MAY* be returned as strings, encoded in a supported encoding.
- The seed used to initialize the random number generator *SHOULD* be returned.
- A seed *MAY* be specified to allow generating pseudo-random key pair (e.g. for testing purposes).

*Example:*
```json
{
"type": "Ed25519VerificationKey2020",
"publicKeyMultibase": "z6Mkqhx5Go6yU6yVt7vsWvu4QFPW5KMVGZmQASeiAdZ9ZmXL",
"privateKeyMultibase": "zrv4DKJ9CLMzdmPanZmEi49nNMzj8MaHBH2CMfRQVdAr4FY1mpfex9qTGboUdmwvFA73zzzdqy6ycwXPrPELHQhdoCS"
}
```

#### 1.1 Assumptions
Multiple key algorithms *SHOULD* be supported.

#### 1.2 Constraints
Currently only verification type **Ed25519VerificationKey2020** needs to be supported.

## 2. Architecture

#### 2.1 Class Diagrams

![CreateKeypairEd25519Class.png](images/CreateKeypairEd25519Class.png)

#### 2.2 Sequence Diagrams

![CreateKeypairEd25519Sequence.png](images/CreateKeypairEd25519Sequence.png)
Loading

0 comments on commit a26eccf

Please sign in to comment.