Merge remote-tracking branch 'origin/develop' into develop

# Conflicts:
#	packages/kms-musap-rn/package.json
#	pnpm-lock.yaml

.github/workflows/build-test-publish-on-push.yml

@@ -18,6 +18,11 @@ jobs:
       GH_USER: ${{secrets.GH_USER}}
       GH_EMAIL: ${{secrets.GH_EMAIL}}
       VC_HTTP_API_AUTH_TOKEN: ${{secrets.VC_HTTP_API_AUTH_TOKEN}}
+      AZURE_KEYVAULT_URL: ${{secrets.AZURE_KEYVAULT_URL}}
+      AZURE_KEYVAULT_TENANT_ID: ${{secrets.AZURE_KEYVAULT_TENANT_ID}}
+      AZURE_KEYVAULT_CLIENT_ID: ${{secrets.AZURE_KEYVAULT_CLIENT_ID}}
+      AZURE_KEYVAULT_CLIENT_SECRET: ${{secrets.AZURE_KEYVAULT_CLIENT_SECRET}}
+
     runs-on: ubuntu-latest
     services:
       postgres:
@@ -88,4 +93,3 @@ jobs:
       - name: publish @unstable when on unstable branch
         if: startsWith(github.ref, 'refs/heads/feat')
         run: lerna publish --conventional-prerelease --force-publish --canary --sync-dist-version --no-git-tag-version --include-merged-tags --preid $PRE_ID --pre-dist-tag unstable --yes --throttle-size 75 --registry https://registry.npmjs.org
-

CHANGELOG.md

@@ -3,6 +3,39 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+# [0.27.0](https://github.com/Sphereon-Opensource/SSI-SDK-crypto-extensions/compare/v0.26.0...v0.27.0) (2024-12-05)
+
+### Bug Fixes
+
+- add some additional tests for did:key ([59b1161](https://github.com/Sphereon-Opensource/SSI-SDK-crypto-extensions/commit/59b11614f67416a763b3f8eaedf0aad925666ec8))
+- default crypto engine ([503768f](https://github.com/Sphereon-Opensource/SSI-SDK-crypto-extensions/commit/503768f6fa976585b6b2ae2c63652bad556cce20))
+- make sure we return the chain back in the original order ([683ddb7](https://github.com/Sphereon-Opensource/SSI-SDK-crypto-extensions/commit/683ddb776b3b6d8e54bcf944cc4c32c7a7fecefc))
+- Move away from using crypto.subtle for signature verifications, as it is too problematic in React-native. Replaced with audited noble implementations ([69ec9a6](https://github.com/Sphereon-Opensource/SSI-SDK-crypto-extensions/commit/69ec9a68a655eb34060a70ba64d83ef0df770bac))
+- remove random uuid ([b968166](https://github.com/Sphereon-Opensource/SSI-SDK-crypto-extensions/commit/b968166eadb5f78d276657b89c6930c0fb97f08d))
+- update x.509 test with latest cert ([175cd80](https://github.com/Sphereon-Opensource/SSI-SDK-crypto-extensions/commit/175cd8041e4b7f8c761b5519d44ec0602e2be88c))
+- update x.509 x5c order ([3dbfe73](https://github.com/Sphereon-Opensource/SSI-SDK-crypto-extensions/commit/3dbfe73665f102d9c51e180199348cc8288f2a9c))
+
+### Features
+
+- Allow non trusted certs ([b1c6ff7](https://github.com/Sphereon-Opensource/SSI-SDK-crypto-extensions/commit/b1c6ff753ba397e3d7732d768c23699e83047f6d))
+- Allow non trusted certs ([8416546](https://github.com/Sphereon-Opensource/SSI-SDK-crypto-extensions/commit/84165465629cefca755c7a64a7626278618ebb8f))
+- implement azure keyvault rest client ([dc69703](https://github.com/Sphereon-Opensource/SSI-SDK-crypto-extensions/commit/dc697034da974e88d933088f5aaf551c27845a49))
+- make sure we convert JWK claims from base64 to base64url if they are not spec compliant ([918677b](https://github.com/Sphereon-Opensource/SSI-SDK-crypto-extensions/commit/918677bc9cf062c0eff7d6eec5e83ee50d47f4e7))
+- New x.509 validation implementation. Less features than previous version, but should work on RN ([c11d735](https://github.com/Sphereon-Opensource/SSI-SDK-crypto-extensions/commit/c11d7358925eebdb63db63a28a97f7e179ae0246))
+
+# [0.26.0](https://github.com/Sphereon-Opensource/SSI-SDK-crypto-extensions/compare/v0.25.0...v0.26.0) (2024-11-26)
+
+### Bug Fixes
+
+- Add support for P-384/521 external JWKs ([7f4a809](https://github.com/Sphereon-Opensource/SSI-SDK-crypto-extensions/commit/7f4a8090121ee2aedae64af06ccc42e7b069bd6b))
+- Make sure we can use thumbprints for signing ([679d3e7](https://github.com/Sphereon-Opensource/SSI-SDK-crypto-extensions/commit/679d3e73ca984a57afda9c55222a9fc596a623ec))
+- Make sure we can use thumbprints for signing ([e64b326](https://github.com/Sphereon-Opensource/SSI-SDK-crypto-extensions/commit/e64b3263f83eaa88b75a57d2d3bae8f5e0575c6d))
+
+### Features
+
+- Add OYD DID support in enum ([01fe1d0](https://github.com/Sphereon-Opensource/SSI-SDK-crypto-extensions/commit/01fe1d0168b6b8da929a85586eedb7d398a239a3))
+- create kms-azure plugin structure ([61e1a61](https://github.com/Sphereon-Opensource/SSI-SDK-crypto-extensions/commit/61e1a61f7442acf376d5cc6e39cdacdc336b8aa3))
+
 # [0.25.0](https://github.com/Sphereon-Opensource/SSI-SDK-crypto-extensions/compare/v0.24.0...v0.25.0) (2024-10-28)
 
 ### Bug Fixes

lerna.json

@@ -1,6 +1,6 @@
 {
   "packages": ["packages/*"],
-  "version": "0.25.0",
+  "version": "0.27.0",
   "npmClient": "pnpm",
   "command": {
     "publish": {
@@ -14,7 +14,5 @@
   "sort": true,
   "stream": true,
   "$schema": "node_modules/lerna/schemas/lerna-schema.json",
-  "ignoreChanges": [
-    "packages/oidf-resolution-tests/**"
-  ]
+  "ignoreChanges": ["packages/oidf-resolution-tests/**"]
 }

packages/did-provider-jwk/CHANGELOG.md

@@ -3,6 +3,14 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+# [0.27.0](https://github.com/Sphereon-OpenSource/SSI-SDK-crypto-extensions/compare/v0.26.0...v0.27.0) (2024-12-05)
+
+**Note:** Version bump only for package @sphereon/ssi-sdk-ext.did-provider-jwk
+
+# [0.26.0](https://github.com/Sphereon-OpenSource/SSI-SDK-crypto-extensions/compare/v0.25.0...v0.26.0) (2024-11-26)
+
+**Note:** Version bump only for package @sphereon/ssi-sdk-ext.did-provider-jwk
+
 # [0.25.0](https://github.com/Sphereon-OpenSource/SSI-SDK-crypto-extensions/compare/v0.24.0...v0.25.0) (2024-10-28)
 
 ### Features

packages/did-provider-jwk/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@sphereon/ssi-sdk-ext.did-provider-jwk",
   "description": "Sphereon SSI-SDK plugin for management of did:key identifiers.",
-  "version": "0.25.0",
+  "version": "0.27.0",
   "source": "src/index.ts",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",

packages/did-provider-jwk/src/jwk-did-provider.ts

@@ -12,9 +12,9 @@ const debug = Debug('sphereon:did-provider-jwk')
  * @public
  */
 export class JwkDIDProvider extends AbstractIdentifierProvider {
-  private readonly defaultKms: string
+  private readonly defaultKms?: string
 
-  constructor(options: { defaultKms: string }) {
+  constructor(options: { defaultKms?: string }) {
     super()
     this.defaultKms = options.defaultKms
   }
@@ -23,6 +23,7 @@ export class JwkDIDProvider extends AbstractIdentifierProvider {
   async createIdentifier(args: ICreateIdentifierArgs, context: IRequiredContext): Promise<Omit<IIdentifier, 'provider'>> {
     const key = await importProvidedOrGeneratedKey(
       {
+        // @ts-ignore
         kms: args.kms ?? this.defaultKms,
         alias: args.alias,
         options: args.options,

packages/did-provider-key/CHANGELOG.md

@@ -3,6 +3,17 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+# [0.27.0](https://github.com/Sphereon-OpenSource/SSI-SDK-crypto-extensions/compare/v0.26.0...v0.27.0) (2024-12-05)
+
+### Bug Fixes
+
+- add some additional tests for did:key ([59b1161](https://github.com/Sphereon-OpenSource/SSI-SDK-crypto-extensions/commit/59b11614f67416a763b3f8eaedf0aad925666ec8))
+- update x.509 test with latest cert ([175cd80](https://github.com/Sphereon-OpenSource/SSI-SDK-crypto-extensions/commit/175cd8041e4b7f8c761b5519d44ec0602e2be88c))
+
+# [0.26.0](https://github.com/Sphereon-OpenSource/SSI-SDK-crypto-extensions/compare/v0.25.0...v0.26.0) (2024-11-26)
+
+**Note:** Version bump only for package @sphereon/ssi-sdk-ext.did-provider-key
+
 # [0.25.0](https://github.com/Sphereon-OpenSource/SSI-SDK-crypto-extensions/compare/v0.24.0...v0.25.0) (2024-10-28)
 
 ### Bug Fixes

packages/did-provider-key/__tests__/key-did-provider.test.ts

@@ -43,16 +43,73 @@ describe('@sphereon/did-provider-key', () => {
     expect(identifier.keys.length).toBe(1)
   })
 
-  it('should create consistent identifier with provided key', async () => {
+  it('should create identifier without provided key Ed25519', async () => {
     const options = {
+      type: Key.Ed25519,
+    }
+    const identifier: IIdentifier = await agent.didManagerCreate({ options })
+
+    expect(identifier).toBeDefined()
+    expect(identifier.did).toBeDefined()
+  })
+
+  it('should create identifier without provided key Secp256r1', async () => {
+    const options = {
+      type: Key.Secp256r1,
+    }
+    const identifier: IIdentifier = await agent.didManagerCreate({ options })
+
+    expect(identifier).toBeDefined()
+    expect(identifier.did).toBeDefined()
+  })
+
+  it('should create identifier without provided key Secp256k1', async () => {
+    const options = {
+      type: Key.Secp256k1,
+    }
+    const identifier: IIdentifier = await agent.didManagerCreate({ options })
+
+    expect(identifier).toBeDefined()
+    expect(identifier.did).toBeDefined()
+  })
+
+  it('should create consistent identifier with provided key ed25519', async () => {
+    const options = {
+      type: Key.Ed25519,
+      key: {
+        privateKeyHex: PRIVATE_KEY_HEX + PRIVATE_KEY_HEX,
+      },
+    }
+    const identifier: IIdentifier = await agent.didManagerCreate({ options })
+
+    expect(identifier).toBeDefined()
+    expect(identifier.did).toBe('did:key:z6MknvX3iMSuMSMCebC4Z7Cve4u7p7VdfTShx93b8nCff3c6')
+  })
+
+  it('should create consistent identifier with provided key Secp256r1', async () => {
+    const options = {
+      type: Key.Secp256r1,
+      key: {
+        privateKeyHex: PRIVATE_KEY_HEX,
+      },
+    }
+    const identifier: IIdentifier = await agent.didManagerCreate({ options })
+
+    expect(identifier).toBeDefined()
+    expect(identifier.did).toBe('did:key:zDnaeZqjqUtYuYakaWXGb9VRSukEn5rcAuFfteLgzumPNNZfN')
+  })
+
+  it('should create consistent identifier with provided key Secp256k1', async () => {
+    const options = {
+      type: Key.Secp256k1,
       key: {
         privateKeyHex: PRIVATE_KEY_HEX,
       },
     }
     const identifier: IIdentifier = await agent.didManagerCreate({ options })
 
     expect(identifier).toBeDefined()
-    expect(identifier.did).toBe('did:key:zQ3shqZQs23rWENxtomyw4BNz1p23AkbjzwdeYg6DpmhWDDE6') 
+    expect(identifier.did).toBe('did:key:zQ3shqZQs23rWENxtomyw4BNz1p23AkbjzwdeYg6DpmhWDDE6')
   })
 
   it('should remove identifier', async () => {

packages/did-provider-key/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@sphereon/ssi-sdk-ext.did-provider-key",
   "description": "Sphereon SSI-SDK plugin for management of did:key identifiers.",
-  "version": "0.25.0",
+  "version": "0.27.0",
   "source": "src/index.ts",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",

packages/did-provider-key/src/SphereonKeyDidProvider.ts

@@ -6,6 +6,7 @@ import {
   JwkKeyUse,
   TKeyType,
   toJwk,
+  toRawCompressedHexPublicKey,
 } from '@sphereon/ssi-sdk-ext.key-utils'
 import { IAgentContext, IIdentifier, IKey, IKeyManager, IService } from '@veramo/core'
 import { AbstractIdentifierProvider } from '@veramo/did-manager'
@@ -29,9 +30,9 @@ const keyCodecs = {
 } as const
 
 export class SphereonKeyDidProvider extends AbstractIdentifierProvider {
-  private readonly kms: string
+  private readonly kms?: string
 
-  constructor(options: { defaultKms: string }) {
+  constructor(options: { defaultKms?: string }) {
     super()
     this.kms = options.defaultKms
   }
@@ -48,6 +49,7 @@ export class SphereonKeyDidProvider extends AbstractIdentifierProvider {
         type?: TKeyType
         codecName?: 'EBSI' | 'jwk_jcs-pub' | Multicodec.CodecName
         key?: {
+          type?: Exclude<TKeyType, 'Secp384r1' | 'Secp521r1'>
           privateKeyHex: string
         }
       }
@@ -57,18 +59,26 @@ export class SphereonKeyDidProvider extends AbstractIdentifierProvider {
     let codecName = (options?.codecName?.toUpperCase() === 'EBSI' ? (JWK_JCS_PUB_NAME as Multicodec.CodecName) : options?.codecName) as
       | CodeNameType
       | undefined
-    const keyType: TKeyType = options?.type ?? (codecName === JWK_JCS_PUB_NAME ? 'Secp256r1' : 'Secp256k1')
+    const keyType = (options?.type ?? options?.key?.type ?? (codecName === JWK_JCS_PUB_NAME ? 'Secp256r1' : 'Secp256k1')) as Exclude<
+      TKeyType,
+      'Secp384r1' | 'Secp521r1'
+    >
     // console.log(`keytype: ${keyType}, codecName: ${codecName}`)
 
-    const key = await importProvidedOrGeneratedKey({
+    const key = await importProvidedOrGeneratedKey(
+      {
+        // @ts-ignore
         kms: kms ?? this.kms,
         alias: alias,
         options: { ...options, type: keyType },
       },
-      context,
+      context
     )
 
     let methodSpecificId: string | undefined
+
+    // did:key uses compressed pub keys
+    const compressedPublicKeyHex = toRawCompressedHexPublicKey(u8a.fromString(key.publicKeyHex, 'hex'), key.type)
     if (codecName === JWK_JCS_PUB_NAME) {
       const jwk = toJwk(key.publicKeyHex, keyType, { use: JwkKeyUse.Signature, key, noKidThumbprint: true })
       // console.log(`FIXME JWK: ${JSON.stringify(toJwk(privateKeyHex, keyType, { use: JwkKeyUse.Signature, key, isPrivateKey: true }), null, 2)}`)
@@ -77,15 +87,17 @@ export class SphereonKeyDidProvider extends AbstractIdentifierProvider {
       )
     } else if (codecName) {
       methodSpecificId = u8a.toString(
-        Multibase.encode('base58btc', Multicodec.addPrefix(codecName as Multicodec.CodecName, u8a.fromString(key.publicKeyHex, 'hex')))
+        Multibase.encode('base58btc', Multicodec.addPrefix(codecName as Multicodec.CodecName, u8a.fromString(compressedPublicKeyHex, 'hex')))
       )
     } else {
       codecName = keyCodecs[keyType]
 
       if (codecName) {
         // methodSpecificId  = bytesToMultibase({bytes: u8a.fromString(key.publicKeyHex, 'hex'), codecName})
         methodSpecificId = u8a
-          .toString(Multibase.encode('base58btc', Multicodec.addPrefix(codecName as Multicodec.CodecName, u8a.fromString(key.publicKeyHex, 'hex'))))
+          .toString(
+            Multibase.encode('base58btc', Multicodec.addPrefix(codecName as Multicodec.CodecName, u8a.fromString(compressedPublicKeyHex, 'hex')))
+          )
           .toString()
       }
     }

packages/did-provider-oyd/CHANGELOG.md

@@ -3,6 +3,14 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+# [0.27.0](https://github.com/OwnYourData/veramo/compare/v0.26.0...v0.27.0) (2024-12-05)
+
+**Note:** Version bump only for package @sphereon/did-provider-oyd
+
+# [0.26.0](https://github.com/OwnYourData/veramo/compare/v0.25.0...v0.26.0) (2024-11-26)
+
+**Note:** Version bump only for package @sphereon/did-provider-oyd
+
 # [0.25.0](https://github.com/OwnYourData/veramo/compare/v0.24.0...v0.25.0) (2024-10-28)
 
 **Note:** Version bump only for package @sphereon/did-provider-oyd

packages/did-provider-oyd/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@sphereon/did-provider-oyd",
   "description": "OwnYourData plugin that can enable creation and control of did:oyd identifiers.",
-  "version": "0.25.0",
+  "version": "0.27.0",
   "source": "src/index.ts",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",

packages/did-provider-oyd/src/oyd-did-provider.ts

@@ -13,9 +13,9 @@ type IContext = IAgentContext<IKeyManager>
  * @public
  */
 export class OydDIDProvider extends AbstractIdentifierProvider {
-  private defaultKms: string
+  private defaultKms?: string
 
-  constructor(options: { defaultKms: string }) {
+  constructor(options: { defaultKms?: string }) {
     super()
     this.defaultKms = options.defaultKms
   }
@@ -48,6 +48,7 @@ export class OydDIDProvider extends AbstractIdentifierProvider {
     const keyType: OydDidSupportedKeyTypes = options?.keyType || 'Ed25519'
     const key = await this.holdKeys(
       {
+        // @ts-ignore
         kms: kms || this.defaultKms,
         options: {
           keyType,
@@ -102,6 +103,7 @@ export class OydDIDProvider extends AbstractIdentifierProvider {
   private async holdKeys(args: OydDidHoldKeysArgs, context: IContext): Promise<IKey> {
     if (args.options.privateKeyHex) {
       return context.agent.keyManagerImport({
+        // @ts-ignore
         kms: args.kms || this.defaultKms,
         type: args.options.keyType,
         kid: args.options.kid,
@@ -113,6 +115,7 @@ export class OydDIDProvider extends AbstractIdentifierProvider {
     }
     return context.agent.keyManagerCreate({
       type: args.options.keyType,
+      // @ts-ignore
       kms: args.kms || this.defaultKms,
       meta: {
         algorithms: ['Ed25519'],

packages/did-provider-web/CHANGELOG.md

@@ -3,6 +3,14 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+# [0.27.0](https://github.com/Sphereon-Opensource/SSI-SDK-crypto-extensions/compare/v0.26.0...v0.27.0) (2024-12-05)
+
+**Note:** Version bump only for package @sphereon/ssi-sdk-ext.did-provider-web
+
+# [0.26.0](https://github.com/Sphereon-Opensource/SSI-SDK-crypto-extensions/compare/v0.25.0...v0.26.0) (2024-11-26)
+
+**Note:** Version bump only for package @sphereon/ssi-sdk-ext.did-provider-web
+
 # [0.25.0](https://github.com/Sphereon-Opensource/SSI-SDK-crypto-extensions/compare/v0.24.0...v0.25.0) (2024-10-28)
 
 ### Features

packages/did-provider-web/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@sphereon/ssi-sdk-ext.did-provider-web",
   "description": "plugin that can enable creation and control of did:web identifiers.",
-  "version": "0.25.0",
+  "version": "0.27.0",
   "main": "dist/index.js",
   "exports": "./dist/index.js",
   "types": "dist/index.d.ts",

packages/did-resolver-ebsi/CHANGELOG.md

@@ -3,6 +3,14 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+# [0.27.0](https://github.com/Sphereon-Opensource/SSI-SDK-crypto-extensions/compare/v0.26.0...v0.27.0) (2024-12-05)
+
+**Note:** Version bump only for package @sphereon/ssi-sdk-ext.did-resolver-ebsi
+
+# [0.26.0](https://github.com/Sphereon-Opensource/SSI-SDK-crypto-extensions/compare/v0.25.0...v0.26.0) (2024-11-26)
+
+**Note:** Version bump only for package @sphereon/ssi-sdk-ext.did-resolver-ebsi
+
 # [0.25.0](https://github.com/Sphereon-Opensource/SSI-SDK-crypto-extensions/compare/v0.24.0...v0.25.0) (2024-10-28)
 
 **Note:** Version bump only for package @sphereon/ssi-sdk-ext.did-resolver-ebsi