Merge branch 'dev' into feat/holder-init

.env.example

@@ -4,6 +4,6 @@ UNICORE__EVENT_STORE__CONNECTION_STRING="postgresql://demo_user:demo_pass@cqrs-p
 
 UNICORE__SECRET_MANAGER__STRONGHOLD_PATH="agent_secret_manager/tests/res/test.stronghold"
 UNICORE__SECRET_MANAGER__STRONGHOLD_PASSWORD="secure_password"
-UNICORE__SECRET_MANAGER__ISSUER_KEY_ID="9O66nzWqYYy1LmmiOudOlh2SMIaUWoTS"
+UNICORE__SECRET_MANAGER__ISSUER_EDDSA_KEY_ID="9O66nzWqYYy1LmmiOudOlh2SMIaUWoTS"
 UNICORE__SECRET_MANAGER__ISSUER_DID="did:iota:rms:0x42ad588322e58b3c07aa39e4948d021ee17ecb5747915e9e1f35f028d7ecaf90"
 UNICORE__SECRET_MANAGER__ISSUER_FRAGMENT="bQKQRzaop7CgEvqVq8UlgLGsdF-R-hnLFkKFZqW2VN0"

.github/workflows/build-push-docker.yaml

@@ -2,6 +2,7 @@
 name: Build and push Docker image
 
 on:
+  # TODO: `workflow_dispatch` should be removed once manual docker builds from branches are not needed anymore
   workflow_dispatch:
   push:
     branches: ["dev"]

Cargo.toml

@@ -18,7 +18,7 @@ edition = "2021"
 rust-version = "1.76.0"
 
 [workspace.dependencies]
-did_manager = { git = "https://git@github.com/impierce/did-manager.git", rev = "2bda2b8" }
+did_manager = { git = "https://git@github.com/impierce/did-manager.git", tag = "v1.0.0-beta.2" }
 siopv2 = { git = "https://git@github.com/impierce/openid4vc.git", rev = "23facd4" }
 oid4vci = { git = "https://git@github.com/impierce/openid4vc.git", rev = "23facd4" }
 oid4vc-core = { git = "https://git@github.com/impierce/openid4vc.git", rev = "23facd4" }
@@ -34,9 +34,10 @@ identity_credential = { version = "1.3", default-features = false, features = [
     "validator",
     "credential",
     "presentation",
-    "domain-linkage"
+    "domain-linkage",
 ] }
 identity_iota = { version = "1.3" }
+identity_verification = { version = "1.3", default-features = false }
 jsonwebtoken = "9.3"
 lazy_static = "1.4"
 mime = { version = "0.3" }

agent_api_rest/src/verification/relying_party/redirect.rs

@@ -108,7 +108,7 @@ pub mod tests {
 
         let provider_manager = ProviderManager::new(
             Arc::new(Subject {
-                secret_manager: secret_manager().await,
+                secret_manager: Arc::new(tokio::sync::Mutex::new(secret_manager().await)),
             }),
             vec!["did:key"],
             vec![Algorithm::EdDSA],

agent_application/CONFIGURATION.md

@@ -2,44 +2,51 @@
 
 A configuration file is used to configure UniCore. It is expected to be present in `agent_application/config.yaml`. An example can be found in [example-config.yaml](example-config.yaml). Values can also be set through the environment, preferably used to inject sensitive values or environment-specific values.
 
-> [!NOTE]
-> Environment variables **override** values specified in the configuration file.
+:::info
+Environment variables **override** values specified in the configuration file.
+:::
 
-> [!IMPORTANT]
-> All environment variables need to be prefixed with `UNICORE__` to prevent conflicts with existing variables.
+:::note
+All environment variables need to be prefixed with `UNICORE__` to prevent conflicts with other unrelated variables.
+:::
 
 ## General
 
-| Name                                                    | Description                                                       | Default value | Accepted values                          |
-| ------------------------------------------------------- | ----------------------------------------------------------------- | ------------- | ---------------------------------------- |
-| `UNICORE__LOG_FORMAT`                                   | The format of the log output.                                     | `json`        | `json`, `text`                           |
-| `UNICORE__EVENT_STORE__TYPE`                            | The type of event store to use.                                   | -             | `in_memory`, `postgres`                  |
-| `UNICORE__EVENT_STORE__CONNECTION_STRING`               | The connection string for the event store database.               | -             | `postgresql://<user>:<pass>@<host>/<db>` |
-| `UNICORE__URL`                                          | The base URL UniCore runs on.                                     | -             | `https://my-domain.example.org`          |
-| `UNICORE__BASE_PATH`                                    | A base path can be set if needed.                                 | -             | string                                   |
-| `UNICORE__CORS_ENABLED`                                 | Enable CORS (permissive). Only required for browser-based access. | `false`       | boolean                                  |
-| `UNICORE__DID_METHODS__DID_WEB__ENABLED`                | Create and host a `did:web` DID document.                         | `false`       | boolean                                  |
-| `UNICORE__SIGNING_ALGORITHMS_SUPPORTED__EDDSA__ENABLED` | Toggles the algorithm allowed for cryptographic operations.       | `true`        | boolean                                  |
-| `UNICORE__DOMAIN_LINKAGE_ENABLED`                       | Enable domain linkage (only works with `did:web`).                | -             | boolean                                  |
-| `UNICORE__EXTERNAL_SERVER_RESPONSE_TIMEOUT_MS`          | The timeout for external server responses (in milliseconds).      | `1000`        | integer                                  |
+| Name                                                    | Description                                                                                  | Default value | Accepted values                          |
+| ------------------------------------------------------- | -------------------------------------------------------------------------------------------- | ------------- | ---------------------------------------- |
+| `UNICORE__LOG_FORMAT`                                   | The format of the log output.                                                                | `json`        | `json`, `text`                           |
+| `UNICORE__EVENT_STORE__TYPE`                            | The type of event store to use.                                                              | -             | `in_memory`, `postgres`                  |
+| `UNICORE__EVENT_STORE__CONNECTION_STRING`               | The connection string for the event store database.                                          | -             | `postgresql://<user>:<pass>@<host>/<db>` |
+| `UNICORE__URL`                                          | The base URL UniCore runs on.                                                                | -             | `https://my-domain.example.org`          |
+| `UNICORE__BASE_PATH`                                    | A base path can be set if needed.                                                            | -             | string                                   |
+| `UNICORE__CORS_ENABLED`                                 | Enable CORS (permissive). Only required for browser-based access.                            | `false`       | boolean                                  |
+| `UNICORE__DID_METHODS__DID_WEB__ENABLED`                | Create and host a `did:web` DID document.                                                    | `false`       | boolean                                  |
+| `UNICORE__SIGNING_ALGORITHMS_SUPPORTED__EDDSA__ENABLED` | Toggles the algorithm allowed for cryptographic operations.                                  | `true`        | boolean                                  |
+| `UNICORE__DOMAIN_LINKAGE_ENABLED`                       | Enable domain linkage (only works with `did:web`).                                           | -             | boolean                                  |
+| `UNICORE__EXTERNAL_SERVER_RESPONSE_TIMEOUT_MS`          | The timeout for external server responses (in milliseconds).                                 | `1000`        | integer                                  |
+| `UNICORE__DID_DOCUMENT_CACHE__ENABLED`                  | Enables a simple in-memory cache for DID documents.                                          | `false`       | boolean                                  |
+| `UNICORE__DID_DOCUMENT_CACHE__TTL`                      | Sets the expiry for cache entries in milliseconds.                                           | `5000`        | integer                                  |
+| `UNICORE__DID_DOCUMENT_CACHE__INCLUDE`                  | An optional list of DIDs to include in the cache. If not specified, all DIDs will be cached. | -             | -                                        |
 
 <!-- TODO: How to document all other DID methods? -->
 <!-- TODO: VP_FORMATS -->
 <!-- TODO: EVENT_PUBLISHERS: even configured through env vars? -->
 
 ## Secret Management
 
-| Name                                           | Description                            | Default value | Accepted values               |
-| ---------------------------------------------- | -------------------------------------- | ------------- | ----------------------------- |
-| `UNICORE__SECRET_MANAGER__STRONGHOLD_PATH`     | The path to the stronghold file.       | -             | `/var/lib/unicore/stronghold` |
-| `UNICORE__SECRET_MANAGER__STRONGHOLD_PASSWORD` | The password to unlock the stronghold. | -             | -                             |
-| `UNICORE__SECRET_MANAGER__ISSUER_KEY_ID`       | The key ID to be used.                 | -             | -                             |
-| `UNICORE__SECRET_MANAGER__ISSUER_DID`          | The DID of the issuer.                 | -             | -                             |
-| `UNICORE__SECRET_MANAGER__ISSUER_FRAGMENT`     | The fragment to be used.               | -             | -                             |
+| Name                                           | Description                                       | Default value | Accepted values               |
+| ---------------------------------------------- | ------------------------------------------------- | ------------- | ----------------------------- |
+| `UNICORE__SECRET_MANAGER__STRONGHOLD_PATH`     | The path to the stronghold file.                  | -             | `/var/lib/unicore/stronghold` |
+| `UNICORE__SECRET_MANAGER__STRONGHOLD_PASSWORD` | The password to unlock the stronghold.            | -             | -                             |
+| `UNICORE__SECRET_MANAGER__ISSUER_EDDSA_KEY_ID` | The key ID of the EDDSA (Ed25519) key to be used. | -             | -                             |
+| `UNICORE__SECRET_MANAGER__ISSUER_ES256_KEY_ID` | The key ID of the ES256 key to be used.           | -             | -                             |
+| `UNICORE__SECRET_MANAGER__ISSUER_DID`          | The DID of the issuer.                            | -             | -                             |
+| `UNICORE__SECRET_MANAGER__ISSUER_FRAGMENT`     | The fragment to be used.                          | -             | -                             |
 
 ## Look and Feel
 
-> [!NOTE]
-> Setting display values is currently not supported through environment variables. Please refer to `config.yaml`.
+:::info
+Setting display values is currently not supported through environment variables. Please refer to `config.yaml`.
+:::
 
 <!-- TODO: DISPLAY_0_NAME: even configured through env vars? -->

agent_application/Cargo.toml

@@ -17,6 +17,7 @@ agent_verification = { path = "../agent_verification" }
 axum.workspace = true
 did_manager.workspace = true
 identity_document = { version = "1.3" }
+identity_verification.workspace = true
 serde_json.workspace = true
 tokio.workspace = true
 tower-http.workspace = true

agent_application/example.config.yaml

@@ -23,7 +23,9 @@ domain_linkage_enabled: false
 
 signing_algorithms_supported:
   eddsa:
+    enabled: true
     preferred: true
+  es256:
     enabled: true
 
 # TODO: required to be stated explicitly?
@@ -68,10 +70,12 @@ credential_configurations:
           uri: https://www.impierce.com/external/impierce-logo.png
           alt_text: UniCore Logo
 
+did_document_cache:
+  enabled: false
+  ttl: 5000
+
 # Key configuration (temporary)
 secret_manager:
-  # Set this to `true` in order to generate a new stronghold file if it does not exist yet.
-  generate_stronghold: true
   stronghold_path: "/tmp/local.stronghold"
   # stronghold_password: "" <== Should be injected through the env variable `UNICORE__SECRET_MANAGER__STRONGHOLD_PASSWORD`
   # stronghold_password_file: ""

agent_application/src/main.rs

@@ -32,7 +32,7 @@ async fn main() -> io::Result<()> {
     }
 
     let subject = Arc::new(Subject {
-        secret_manager: secret_manager().await,
+        secret_manager: Arc::new(tokio::sync::Mutex::new(secret_manager().await)),
     });
 
     let issuance_services = Arc::new(IssuanceServices::new(subject.clone()));
@@ -90,9 +90,10 @@ async fn main() -> io::Result<()> {
         .enabled;
 
     let did_document = if enable_did_web {
+        let mut secret_manager = subject.secret_manager.lock().await;
+
         Some(
-            subject
-                .secret_manager
+            secret_manager
                 .produce_document(
                     did_manager::DidMethod::Web,
                     Some(did_manager::MethodSpecificParameters::Web { origin: url.origin() }),
@@ -108,13 +109,15 @@ async fn main() -> io::Result<()> {
     };
     // Domain Linkage
     let did_configuration_resource = if config().domain_linkage_enabled {
+        let secret_manager = subject.secret_manager.lock().await;
+
         Some(
             create_did_configuration_resource(
                 url.clone(),
                 did_document
                     .clone()
                     .expect("No DID document found to create a DID Configuration Resource for"),
-                &subject.secret_manager,
+                &secret_manager,
             )
             .await
             .expect("Failed to create DID Configuration Resource"),

agent_issuance/Cargo.toml

@@ -25,13 +25,14 @@ reqwest.workspace = true
 serde.workspace = true
 serde_json.workspace = true
 thiserror.workspace = true
-once_cell = { workspace = true, optional = true }
+tokio.workspace = true
 tracing.workspace = true
 url.workspace = true
 uuid.workspace = true
 
 # `test_utils` dependencies
 lazy_static = { workspace = true, optional = true }
+once_cell = { workspace = true, optional = true }
 rstest = { workspace = true, optional = true }
 
 [dev-dependencies]