From b30ff57c5791b2cbdd41f141b1d631fa5a7905b3 Mon Sep 17 00:00:00 2001 From: Benjamin DENEUX Date: Mon, 19 Aug 2024 15:16:26 +0200 Subject: [PATCH 1/3] feat(credential): allow choose proof purpose when signing --- client/credential/sign.go | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/client/credential/sign.go b/client/credential/sign.go index f90f68bd..3f8efc44 100644 --- a/client/credential/sign.go +++ b/client/credential/sign.go @@ -36,6 +36,7 @@ const ( flagOverwrite = "overwrite" flagDate = "date" flagSchemaMap = "schema-map" + flagPurpose = "purpose" ) const ( @@ -65,6 +66,9 @@ It will read a verifiable credential from a file (or stdin), sign it, and print "Multiple mappings can be provided by repeating the flag. Example usage: "+ "--%[1]s originalURI1=alternativeURI1 --%[1]s originalURI2=alternativeURI2", flagSchemaMap)) + cmd.Flags().String(flagPurpose, "assertionMethod", "Proof that describes credential purpose, helps prevent it from being misused for some other purpose."+ + "Example of commonly used proof purpose values: "+ + "authentication, assertionMethod, keyAgreement, capabilityDelegation, capabilityInvocation.") _ = cmd.MarkFlagRequired(flags.FlagFrom) @@ -120,7 +124,13 @@ func runSignCmd(cmd *cobra.Command, args []string) error { if err != nil { return err } - err = signVerifiableCredential(documentLoader, vc, signer, date) + + purpose, err := cmd.Flags().GetString(flagPurpose) + if err != nil { + return err + } + + err = signVerifiableCredential(documentLoader, vc, signer, date, purpose) if err != nil { return errorsmod.Wrapf(sdkerr.ErrInvalidRequest, "failed to sign: %v", err) } @@ -245,7 +255,7 @@ func loadVerifiableCredential(documentLoader ld.DocumentLoader, bs []byte) (*ver } func signVerifiableCredential( - documentLoader ld.DocumentLoader, vc *verifiable.Credential, signer KeyringSigner, date time.Time, + documentLoader ld.DocumentLoader, vc *verifiable.Credential, signer KeyringSigner, date time.Time, purpose string, ) error { didKeyID, err := signer.DIDKeyID() if err != nil { @@ -265,6 +275,7 @@ func signVerifiableCredential( Suite: ed25519signature2020.New(suite.WithSigner(signer)), SignatureRepresentation: verifiable.SignatureProofValue, VerificationMethod: didKeyID, + Purpose: purpose, }, jsonld.WithDocumentLoader(documentLoader)) case *secp256k1.PubKey: return vc.AddLinkedDataProof(&verifiable.LinkedDataProofContext{ @@ -273,6 +284,7 @@ func signVerifiableCredential( Suite: ecdsasecp256k1signature2019.New(suite.WithSigner(signer)), SignatureRepresentation: verifiable.SignatureJWS, VerificationMethod: didKeyID, + Purpose: purpose, }, jsonld.WithDocumentLoader(documentLoader)) default: return fmt.Errorf("invalid pubkey type: %s; expected oneof %+q", From 6294c8d58dedfb85dcc9177ff8e81d9abbc35caf Mon Sep 17 00:00:00 2001 From: Benjamin DENEUX Date: Mon, 19 Aug 2024 15:40:31 +0200 Subject: [PATCH 2/3] docs(credentiel): updated new command arg --- client/credential/sign.go | 4 ++-- docs/command/axoned_credential_sign.md | 1 + 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/client/credential/sign.go b/client/credential/sign.go index 3f8efc44..9d163049 100644 --- a/client/credential/sign.go +++ b/client/credential/sign.go @@ -66,8 +66,8 @@ It will read a verifiable credential from a file (or stdin), sign it, and print "Multiple mappings can be provided by repeating the flag. Example usage: "+ "--%[1]s originalURI1=alternativeURI1 --%[1]s originalURI2=alternativeURI2", flagSchemaMap)) - cmd.Flags().String(flagPurpose, "assertionMethod", "Proof that describes credential purpose, helps prevent it from being misused for some other purpose."+ - "Example of commonly used proof purpose values: "+ + cmd.Flags().String(flagPurpose, "assertionMethod", "Proof that describes credential purpose, helps prevent it from being "+ + "misused for some other purpose. Example of commonly used proof purpose values: "+ "authentication, assertionMethod, keyAgreement, capabilityDelegation, capabilityInvocation.") _ = cmd.MarkFlagRequired(flags.FlagFrom) diff --git a/docs/command/axoned_credential_sign.md b/docs/command/axoned_credential_sign.md index d3135d99..2b06e009 100644 --- a/docs/command/axoned_credential_sign.md +++ b/docs/command/axoned_credential_sign.md @@ -21,6 +21,7 @@ axoned credential sign [file] [flags] --keyring-backend string Select keyring's backend (os|file|kwallet|pass|test|memory) (default "test") --keyring-dir string The client Keyring directory; if omitted, the default 'home' directory will be used --overwrite Overwrite existing signatures with a new one. If disabled, new signature will be appended + --purpose string Proof that describes credential purpose, helps prevent it from being misused for some other purpose. Example of commonly used proof purpose values: authentication, assertionMethod, keyAgreement, capabilityDelegation, capabilityInvocation. (default "assertionMethod") --schema-map strings Map original URIs to alternative URIs for resolving JSON-LD schemas. Useful for redirecting network-based URIs to local filesystem paths or other URIs. Each mapping should be in the format 'originalURI=alternativeURI'. Multiple mappings can be provided by repeating the flag. Example usage: --schema-map originalURI1=alternativeURI1 --schema-map originalURI2=alternativeURI2 ``` From 643dab4ed6cdf8bc53ca2e2754ca74f39acfda25 Mon Sep 17 00:00:00 2001 From: Benjamin DENEUX Date: Mon, 19 Aug 2024 15:57:34 +0200 Subject: [PATCH 3/3] fix(credential): correctly wraps error on parsing arg --- client/credential/sign.go | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/client/credential/sign.go b/client/credential/sign.go index 9d163049..6d9f0e9b 100644 --- a/client/credential/sign.go +++ b/client/credential/sign.go @@ -106,7 +106,6 @@ func runSignCmd(cmd *cobra.Command, args []string) error { return err } documentLoader := newDocumentLoader(schemaMap) - vc, err := loadVerifiableCredential(documentLoader, bs) if err != nil { return errorsmod.Wrapf(sdkerr.ErrInvalidRequest, "failed to load verifiable credential: %v", err) @@ -119,17 +118,14 @@ func runSignCmd(cmd *cobra.Command, args []string) error { if overrideProofs { vc.Proofs = nil } - date, err := parseStringAsDate(cmd, flagDate) if err != nil { - return err + return errorsmod.Wrapf(sdkerr.ErrInvalidType, "%s is not a valid date: %v", flagDate, err) } - purpose, err := cmd.Flags().GetString(flagPurpose) if err != nil { - return err + return errorsmod.Wrapf(sdkerr.ErrInvalidType, "%s is not a valid string: %v", flagPurpose, err) } - err = signVerifiableCredential(documentLoader, vc, signer, date, purpose) if err != nil { return errorsmod.Wrapf(sdkerr.ErrInvalidRequest, "failed to sign: %v", err)