feat: public key conversion API (#68)

* feat: public key conversion API * Use Magic Nix Cache * Extend CI permissions * Improve documentation
vaultie · Aug 20, 2024 · 7ee4f0b · 7ee4f0b
1 parent 8ba7ce7
commit 7ee4f0b
Show file tree

Hide file tree

Showing 6 changed files with 40 additions and 31 deletions.
diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
@@ -14,9 +14,9 @@ jobs:
     runs-on: ubuntu-latest
     permissions:
       contents: read
-      pages: write
-      packages: write
       id-token: write
+      packages: write
+      pages: write
     environment:
       name: github-pages
       url: ${{ steps.deployment.outputs.page_url }}
@@ -25,11 +25,7 @@ jobs:
       - name: Install Nix
         uses: DeterminateSystems/nix-installer-action@main
       - name: Activate Nix cache
-        uses: nix-community/cache-nix-action@v5
-        with:
-          primary-key: nix-${{ runner.os }}-${{ hashFiles('**/*.nix', 'flake.lock', '**/Cargo.lock', '**/yarn.lock') }}
-          restore-prefixes-first-match: nix-${{ runner.os }}-
-          gc-max-store-size: 2684354560 # 2.5 GB
+        uses: DeterminateSystems/magic-nix-cache-action@main
       - name: Install Node
         uses: actions/setup-node@v4
         with:

diff --git a/.github/workflows/bump.yaml b/.github/workflows/bump.yaml
@@ -13,17 +13,14 @@ jobs:
     runs-on: ubuntu-latest
     permissions:
       contents: write
+      id-token: write
       pull-requests: write
     steps:
       - uses: actions/checkout@v4
       - name: Install Nix
         uses: DeterminateSystems/nix-installer-action@main
       - name: Activate Nix cache
-        uses: nix-community/cache-nix-action@v5
-        with:
-          primary-key: nix-${{ runner.os }}-${{ hashFiles('**/*.nix', 'flake.lock', '**/Cargo.lock', '**/yarn.lock') }}
-          restore-prefixes-first-match: nix-${{ runner.os }}-
-          gc-max-store-size: 2684354560 # 2.5 GB
+        uses: DeterminateSystems/magic-nix-cache-action@main
       - name: Bump version
         run: nix develop .#ci --command cargo set-version ${{ inputs.version }}
       - name: Create PR

diff --git a/.github/workflows/check.yaml b/.github/workflows/check.yaml
@@ -1,21 +1,23 @@
 name: "Check"
+
 on:
   pull_request:
     branches:
       - main
+
 jobs:
   check:
+    if: ${{ !startsWith(github.event.pull_request.head.ref, 'bump-') }}
     name: Check Nix flake
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      id-token: write
     steps:
       - uses: actions/checkout@v4
       - name: Install Nix
         uses: DeterminateSystems/nix-installer-action@main
       - name: Activate Nix cache
-        uses: nix-community/cache-nix-action@v5
-        with:
-          primary-key: nix-${{ runner.os }}-${{ hashFiles('**/*.nix', 'flake.lock', '**/Cargo.lock', '**/yarn.lock') }}
-          restore-prefixes-first-match: nix-${{ runner.os }}-
-          gc-max-store-size: 2684354560 # 2.5 GB
+        uses: DeterminateSystems/magic-nix-cache-action@main
       - name: Run flake checks
         run: nix flake check
diff --git a/crates/teddybear-crypto/src/lib.rs b/crates/teddybear-crypto/src/lib.rs
@@ -84,17 +84,17 @@ pub enum Ed25519Error {
 #[derive(Clone, Debug, Serialize, Deserialize)]
 #[serde(transparent)]
 pub struct Document {
-    inner: ssi_dids_core::Document,
+    pub inner: ssi_dids_core::Document,
 }
 
 #[derive(Default, Deserialize)]
 #[serde(default, rename_all = "camelCase")]
 pub struct DocumentResolveOptions<'a> {
     /// Whether to require high assurance DID verification.
-    require_high_assurance_verification: bool,
+    pub require_high_assurance_verification: bool,
 
     /// Preferred DNS-over-HTTPS resolver.
-    dns_over_https_resolver: Option<Cow<'a, str>>,
+    pub dns_over_https_resolver: Option<Cow<'a, str>>,
 }
 
 fn proof_purpose_iter<'a, I: IntoIterator<Item = &'a ValueOrReference>>(
@@ -231,6 +231,7 @@ impl Document {
     }
 }
 
+#[derive(Clone, Debug)]
 pub struct PrivateEd25519 {
     inner: ed25519_dalek::SigningKey,
 }
@@ -293,6 +294,7 @@ impl PrivateEd25519 {
     }
 }
 
+#[derive(Clone)]
 pub struct PrivateX25519 {
     inner: x25519_dalek::StaticSecret,
 }

diff --git a/crates/teddybear-js/module.d.ts b/crates/teddybear-js/module.d.ts
@@ -31,9 +31,9 @@
  * const privateJwk = privateKey.toPrivateJWK();
  * const didKey = privateKey.toDIDKey();
  *
- * // To create an entirely new DID document you can use
- * // "toVerificationMethod"
- * const vm = privateKey.toVerificationMethod();
+ * // You can convert private Ed25519 keys to public Ed25519 keys
+ * // by providing the related DID document identifier and controller.
+ * const publicKey = privateKey.toPublicKey("did:web:example.com", "did:web:example.com");
  *
  * // It is possible to convert a private Ed25519 key into a private
  * // X25519 key.

diff --git a/crates/teddybear-js/src/lib.rs b/crates/teddybear-js/src/lib.rs
@@ -206,14 +206,14 @@ impl PrivateEd25519 {
         self.0.to_did_key_url_fragment().to_string()
     }
 
-    /// Convert private key to verification method object.
-    #[wasm_bindgen(js_name = "toVerificationMethod")]
-    pub fn to_verification_method(&self, id: &str, controller: &str) -> Result<Object, JsError> {
+    /// Derive an Ed25519 public key from the private key.
+    #[wasm_bindgen(js_name = "toPublicKey")]
+    pub fn to_public_key(&self, id: &str, controller: &str) -> Result<PublicEd25519, JsError> {
         let verification_method = self
             .0
             .to_verification_method(IriBuf::from_str(id)?, UriBuf::from_str(controller)?);
 
-        Ok(verification_method.serialize(&OBJECT_SERIALIZER)?.into())
+        Ok(PublicEd25519(verification_method))
     }
 
     /// Sign the provided payload using the Ed25519 key.
@@ -297,14 +297,14 @@ impl PrivateX25519 {
         self.0.to_did_key_url_fragment().to_string()
     }
 
-    /// Convert private key to verification method object.
-    #[wasm_bindgen(js_name = "toVerificationMethod")]
-    pub fn to_verification_method(&self, id: &str, controller: &str) -> Result<Object, JsError> {
+    /// Derive an X25519 public key from the private key.
+    #[wasm_bindgen(js_name = "toPublicKey")]
+    pub fn to_public_key(&self, id: &str, controller: &str) -> Result<PublicX25519, JsError> {
         let verification_method = self
             .0
             .to_verification_method(IriBuf::from_str(id)?, UriBuf::from_str(controller)?);
 
-        Ok(verification_method.serialize(&OBJECT_SERIALIZER)?.into())
+        Ok(PublicX25519(verification_method))
     }
 
     /// Decrypt the provided JWE object using the X25519 key and the A256GCM algorithm.
@@ -390,6 +390,12 @@ impl PublicEd25519 {
     pub fn to_jwk(&self) -> JWK {
         JWK(self.0.to_jwk().into_owned())
     }
+
+    /// Serialize the current public key as a verification method object.
+    #[wasm_bindgen(js_name = "toJSON")]
+    pub fn to_json(&self) -> Result<Object, JsError> {
+        Ok(self.0.serialize(&OBJECT_SERIALIZER)?.into())
+    }
 }
 
 /// Public X25519 key.
@@ -417,6 +423,12 @@ impl PublicX25519 {
     pub fn to_jwk(&self) -> JWK {
         JWK(self.0.to_jwk().into_owned())
     }
+
+    /// Serialize the current public key as a verification method object.
+    #[wasm_bindgen(js_name = "toJSON")]
+    pub fn to_json(&self) -> Result<Object, JsError> {
+        Ok(self.0.serialize(&OBJECT_SERIALIZER)?.into())
+    }
 }
 
 /// JSON-LD context loader.