From 8fe612f7442902ea66469ce8503e8ad3be7a670e Mon Sep 17 00:00:00 2001
From: Greg Bernstein <gregb@grotto-networking.com>
Date: Thu, 2 Jan 2025 14:31:18 -0800
Subject: [PATCH] Add Employment authorization document test vector.

Co-authored-by: Ted Thibodeau Jr <tthibodeau@openlinksw.com>
Co-authored-by: Manu Sporny <msporny@digitalbazaar.com>
---
 .../employ/canonDocDataInt.txt                | 24 ++++++
 .../employ/combinedHashDataInt.txt            |  1 +
 .../eddsa-rdfc-2022/employ/docHashDataInt.txt |  1 +
 .../employ/proofCanonDataInt.txt              |  5 ++
 .../employ/proofConfigDataInt.json            | 11 +++
 .../employ/proofHashDataInt.txt               |  1 +
 .../employ/sigBTC58DataInt.txt                |  1 +
 .../eddsa-rdfc-2022/employ/sigHexDataInt.txt  |  1 +
 .../eddsa-rdfc-2022/employ/signedDataInt.json | 46 ++++++++++++
 TestVectors/employmentAuth.json               | 38 ++++++++++
 index.html                                    | 74 +++++++++++++++++++
 11 files changed, 203 insertions(+)
 create mode 100644 TestVectors/eddsa-rdfc-2022/employ/canonDocDataInt.txt
 create mode 100644 TestVectors/eddsa-rdfc-2022/employ/combinedHashDataInt.txt
 create mode 100644 TestVectors/eddsa-rdfc-2022/employ/docHashDataInt.txt
 create mode 100644 TestVectors/eddsa-rdfc-2022/employ/proofCanonDataInt.txt
 create mode 100644 TestVectors/eddsa-rdfc-2022/employ/proofConfigDataInt.json
 create mode 100644 TestVectors/eddsa-rdfc-2022/employ/proofHashDataInt.txt
 create mode 100644 TestVectors/eddsa-rdfc-2022/employ/sigBTC58DataInt.txt
 create mode 100644 TestVectors/eddsa-rdfc-2022/employ/sigHexDataInt.txt
 create mode 100644 TestVectors/eddsa-rdfc-2022/employ/signedDataInt.json
 create mode 100644 TestVectors/employmentAuth.json

diff --git a/TestVectors/eddsa-rdfc-2022/employ/canonDocDataInt.txt b/TestVectors/eddsa-rdfc-2022/employ/canonDocDataInt.txt
new file mode 100644
index 0000000..66db3e2
--- /dev/null
+++ b/TestVectors/eddsa-rdfc-2022/employ/canonDocDataInt.txt
@@ -0,0 +1,24 @@
+<did:key:zDnaegE6RR3atJtHKwTRTWHsJ3kNHqFwv7n9YjTgmU7TyfU76> <https://schema.org/image> <data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAADUlEQVQIW2NgUPr/HwADaAIhG61j/AAAAABJRU5ErkJggg==> .
+_:c14n0 <http://www.w3.org/1999/02/22-rdf-syntax-ns#type> <https://w3id.org/citizenship#EmploymentAuthorizationDocumentCredential> .
+_:c14n0 <http://www.w3.org/1999/02/22-rdf-syntax-ns#type> <https://www.w3.org/2018/credentials#VerifiableCredential> .
+_:c14n0 <https://schema.org/description> "Example Employment Authorization Document." .
+_:c14n0 <https://schema.org/name> "Employment Authorization Document" .
+_:c14n0 <https://www.w3.org/2018/credentials#credentialSubject> _:c14n1 .
+_:c14n0 <https://www.w3.org/2018/credentials#issuer> <did:key:zDnaegE6RR3atJtHKwTRTWHsJ3kNHqFwv7n9YjTgmU7TyfU76> .
+_:c14n0 <https://www.w3.org/2018/credentials#validFrom> "2019-12-03T00:00:00Z"^^<http://www.w3.org/2001/XMLSchema#dateTime> .
+_:c14n0 <https://www.w3.org/2018/credentials#validUntil> "2029-12-03T00:00:00Z"^^<http://www.w3.org/2001/XMLSchema#dateTime> .
+_:c14n1 <http://www.w3.org/1999/02/22-rdf-syntax-ns#type> <https://schema.org/Person> .
+_:c14n1 <http://www.w3.org/1999/02/22-rdf-syntax-ns#type> <https://w3id.org/citizenship#EmployablePerson> .
+_:c14n1 <https://schema.org/additionalName> "JACOB" .
+_:c14n1 <https://schema.org/birthDate> "1999-07-17"^^<http://www.w3.org/2001/XMLSchema#dateTime> .
+_:c14n1 <https://schema.org/familyName> "SMITH" .
+_:c14n1 <https://schema.org/gender> "Male" .
+_:c14n1 <https://schema.org/givenName> "JOHN" .
+_:c14n1 <https://schema.org/image> <data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAADUlEQVQIW2Ng+M/wHwAEAQH/7yMK/gAAAABJRU5ErkJggg==> .
+_:c14n1 <https://w3id.org/citizenship#birthCountry> "Bahamas" .
+_:c14n1 <https://w3id.org/citizenship#employmentAuthorizationDocument> _:c14n2 .
+_:c14n1 <https://w3id.org/citizenship#residentSince> "2015-01-01"^^<http://www.w3.org/2001/XMLSchema#dateTime> .
+_:c14n2 <http://www.w3.org/1999/02/22-rdf-syntax-ns#type> <https://w3id.org/citizenship#EmploymentAuthorizationDocument> .
+_:c14n2 <https://schema.org/identifier> "83627465" .
+_:c14n2 <https://w3id.org/citizenship#lprCategory> "C09" .
+_:c14n2 <https://w3id.org/citizenship#lprNumber> "999-999-999" .
diff --git a/TestVectors/eddsa-rdfc-2022/employ/combinedHashDataInt.txt b/TestVectors/eddsa-rdfc-2022/employ/combinedHashDataInt.txt
new file mode 100644
index 0000000..1cf6940
--- /dev/null
+++ b/TestVectors/eddsa-rdfc-2022/employ/combinedHashDataInt.txt
@@ -0,0 +1 @@
+bea7b7acfbad0126b135104024a5f1733e705108f42d59668b05c0c50004c6b003f59e5b04ab575b1172cb684f22eede72f0e9033e0b5c67d0e2506768d6ce11
\ No newline at end of file
diff --git a/TestVectors/eddsa-rdfc-2022/employ/docHashDataInt.txt b/TestVectors/eddsa-rdfc-2022/employ/docHashDataInt.txt
new file mode 100644
index 0000000..5daf759
--- /dev/null
+++ b/TestVectors/eddsa-rdfc-2022/employ/docHashDataInt.txt
@@ -0,0 +1 @@
+03f59e5b04ab575b1172cb684f22eede72f0e9033e0b5c67d0e2506768d6ce11
\ No newline at end of file
diff --git a/TestVectors/eddsa-rdfc-2022/employ/proofCanonDataInt.txt b/TestVectors/eddsa-rdfc-2022/employ/proofCanonDataInt.txt
new file mode 100644
index 0000000..4244e64
--- /dev/null
+++ b/TestVectors/eddsa-rdfc-2022/employ/proofCanonDataInt.txt
@@ -0,0 +1,5 @@
+_:c14n0 <http://purl.org/dc/terms/created> "2023-02-24T23:36:38Z"^^<http://www.w3.org/2001/XMLSchema#dateTime> .
+_:c14n0 <http://www.w3.org/1999/02/22-rdf-syntax-ns#type> <https://w3id.org/security#DataIntegrityProof> .
+_:c14n0 <https://w3id.org/security#cryptosuite> "eddsa-rdfc-2022"^^<https://w3id.org/security#cryptosuiteString> .
+_:c14n0 <https://w3id.org/security#proofPurpose> <https://w3id.org/security#assertionMethod> .
+_:c14n0 <https://w3id.org/security#verificationMethod> <did:key:z6MkrJVnaZkeFzdQyMZu1cgjg7k1pZZ6pvBQ7XJPt4swbTQ2#z6MkrJVnaZkeFzdQyMZu1cgjg7k1pZZ6pvBQ7XJPt4swbTQ2> .
diff --git a/TestVectors/eddsa-rdfc-2022/employ/proofConfigDataInt.json b/TestVectors/eddsa-rdfc-2022/employ/proofConfigDataInt.json
new file mode 100644
index 0000000..cc04663
--- /dev/null
+++ b/TestVectors/eddsa-rdfc-2022/employ/proofConfigDataInt.json
@@ -0,0 +1,11 @@
+{
+  "type": "DataIntegrityProof",
+  "cryptosuite": "eddsa-rdfc-2022",
+  "created": "2023-02-24T23:36:38Z",
+  "verificationMethod": "did:key:z6MkrJVnaZkeFzdQyMZu1cgjg7k1pZZ6pvBQ7XJPt4swbTQ2#z6MkrJVnaZkeFzdQyMZu1cgjg7k1pZZ6pvBQ7XJPt4swbTQ2",
+  "proofPurpose": "assertionMethod",
+  "@context": [
+    "https://www.w3.org/ns/credentials/v2",
+    "https://w3id.org/citizenship/v4rc1"
+  ]
+}
\ No newline at end of file
diff --git a/TestVectors/eddsa-rdfc-2022/employ/proofHashDataInt.txt b/TestVectors/eddsa-rdfc-2022/employ/proofHashDataInt.txt
new file mode 100644
index 0000000..26fce0d
--- /dev/null
+++ b/TestVectors/eddsa-rdfc-2022/employ/proofHashDataInt.txt
@@ -0,0 +1 @@
+bea7b7acfbad0126b135104024a5f1733e705108f42d59668b05c0c50004c6b0
\ No newline at end of file
diff --git a/TestVectors/eddsa-rdfc-2022/employ/sigBTC58DataInt.txt b/TestVectors/eddsa-rdfc-2022/employ/sigBTC58DataInt.txt
new file mode 100644
index 0000000..19e486b
--- /dev/null
+++ b/TestVectors/eddsa-rdfc-2022/employ/sigBTC58DataInt.txt
@@ -0,0 +1 @@
+zeuuS9pi2ZR8Q41bFFJKS9weSWkwa7pRcxHTHzxjDEHtVSZp3D9Rm3JdzT82EQpmXMb9wvfFJLuDPeSXZaRX1q1c
\ No newline at end of file
diff --git a/TestVectors/eddsa-rdfc-2022/employ/sigHexDataInt.txt b/TestVectors/eddsa-rdfc-2022/employ/sigHexDataInt.txt
new file mode 100644
index 0000000..d86d496
--- /dev/null
+++ b/TestVectors/eddsa-rdfc-2022/employ/sigHexDataInt.txt
@@ -0,0 +1 @@
+20b1a944960b75ca69ba070af4820de6e6acae1afe827d8c566c0f7b932d1bd3abde3222b3095088051439a8b4e7a5356c7ba6d246774f875ebb6ddee1577003
\ No newline at end of file
diff --git a/TestVectors/eddsa-rdfc-2022/employ/signedDataInt.json b/TestVectors/eddsa-rdfc-2022/employ/signedDataInt.json
new file mode 100644
index 0000000..f61287a
--- /dev/null
+++ b/TestVectors/eddsa-rdfc-2022/employ/signedDataInt.json
@@ -0,0 +1,46 @@
+{
+  "@context": [
+    "https://www.w3.org/ns/credentials/v2",
+    "https://w3id.org/citizenship/v4rc1"
+  ],
+  "type": [
+    "VerifiableCredential",
+    "EmploymentAuthorizationDocumentCredential"
+  ],
+  "issuer": {
+    "id": "did:key:zDnaegE6RR3atJtHKwTRTWHsJ3kNHqFwv7n9YjTgmU7TyfU76",
+    "image": "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAADUlEQVQIW2NgUPr/HwADaAIhG61j/AAAAABJRU5ErkJggg=="
+  },
+  "credentialSubject": {
+    "type": [
+      "Person",
+      "EmployablePerson"
+    ],
+    "givenName": "JOHN",
+    "additionalName": "JACOB",
+    "familyName": "SMITH",
+    "image": "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAADUlEQVQIW2Ng+M/wHwAEAQH/7yMK/gAAAABJRU5ErkJggg==",
+    "gender": "Male",
+    "residentSince": "2015-01-01",
+    "birthCountry": "Bahamas",
+    "birthDate": "1999-07-17",
+    "employmentAuthorizationDocument": {
+      "type": "EmploymentAuthorizationDocument",
+      "identifier": "83627465",
+      "lprCategory": "C09",
+      "lprNumber": "999-999-999"
+    }
+  },
+  "name": "Employment Authorization Document",
+  "description": "Example Employment Authorization Document.",
+  "validFrom": "2019-12-03T00:00:00Z",
+  "validUntil": "2029-12-03T00:00:00Z",
+  "proof": {
+    "type": "DataIntegrityProof",
+    "cryptosuite": "eddsa-rdfc-2022",
+    "created": "2023-02-24T23:36:38Z",
+    "verificationMethod": "did:key:z6MkrJVnaZkeFzdQyMZu1cgjg7k1pZZ6pvBQ7XJPt4swbTQ2#z6MkrJVnaZkeFzdQyMZu1cgjg7k1pZZ6pvBQ7XJPt4swbTQ2",
+    "proofPurpose": "assertionMethod",
+    "proofValue": "zeuuS9pi2ZR8Q41bFFJKS9weSWkwa7pRcxHTHzxjDEHtVSZp3D9Rm3JdzT82EQpmXMb9wvfFJLuDPeSXZaRX1q1c"
+  }
+}
\ No newline at end of file
diff --git a/TestVectors/employmentAuth.json b/TestVectors/employmentAuth.json
new file mode 100644
index 0000000..78e130e
--- /dev/null
+++ b/TestVectors/employmentAuth.json
@@ -0,0 +1,38 @@
+{
+    "@context": [
+      "https://www.w3.org/ns/credentials/v2",
+      "https://w3id.org/citizenship/v4rc1"
+    ],
+    "type": [
+      "VerifiableCredential",
+      "EmploymentAuthorizationDocumentCredential"
+    ],
+    "issuer": {
+      "id": "did:key:zDnaegE6RR3atJtHKwTRTWHsJ3kNHqFwv7n9YjTgmU7TyfU76",
+      "image": "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAADUlEQVQIW2NgUPr/HwADaAIhG61j/AAAAABJRU5ErkJggg=="
+    },
+    "credentialSubject": {
+      "type": [
+        "Person",
+        "EmployablePerson"
+      ],
+      "givenName": "JOHN",
+      "additionalName": "JACOB",
+      "familyName": "SMITH",
+      "image": "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAADUlEQVQIW2Ng+M/wHwAEAQH/7yMK/gAAAABJRU5ErkJggg==",
+      "gender": "Male",
+      "residentSince": "2015-01-01",
+      "birthCountry": "Bahamas",
+      "birthDate": "1999-07-17",
+      "employmentAuthorizationDocument": {
+        "type": "EmploymentAuthorizationDocument",
+        "identifier": "83627465",
+        "lprCategory": "C09",
+        "lprNumber": "999-999-999"
+      }
+    },
+    "name": "Employment Authorization Document",
+    "description": "Example Employment Authorization Document.",
+    "validFrom": "2019-12-03T00:00:00Z",
+    "validUntil": "2029-12-03T00:00:00Z"
+  }
\ No newline at end of file
diff --git a/index.html b/index.html
index 2c110c9..8b70d34 100644
--- a/index.html
+++ b/index.html
@@ -2304,6 +2304,80 @@ <h3>Representation: eddsa-rdfc-2022</h3>
         <pre class="example nohighlight" title="Signed Credential"
         data-include="TestVectors/eddsa-rdfc-2022/signedDataInt.json" data-include-format="text"></pre>
       </section>
+      <section>
+        <h3>Enhanced Example for Representation: eddsa-rdfc-2022</h3>
+        <p>
+Here we again go through the steps of creating a credential signed with
+`eddsa-rdfc-2022`, but with a more complicated input document. The
+representation of the public key and the representation of the private key
+are shown below.
+        </p>
+        <pre class="example nohighlight" title="Private and Public keys for Signature">
+{
+    publicKeyMultibase: "z6MkrJVnaZkeFzdQyMZu1cgjg7k1pZZ6pvBQ7XJPt4swbTQ2",
+    secretKeyMultibase: "z3u2en7t5LR2WtQH5PfFqMqwVHBeXouLzo6haApm8XHqvjxq"
+}
+        </pre>
+
+        <p>
+Signing begins with a credential without an attached proof, which is converted
+to canonical form, and then hashed, as shown in the following three examples.
+        </p>
+
+        <pre class="example nohighlight" title="Employment Authorization Credential without Proof" data-include="TestVectors/employmentAuth.json"
+        data-include-format="text"></pre>
+
+        <pre class="example nohighlight" title="Canonical Employment Authorization Credential without Proof" data-include="TestVectors/eddsa-rdfc-2022/employ/canonDocDataInt.txt"
+        data-include-format="text"></pre>
+
+
+        <pre class="example nohighlight" title="Hash of Canonical Employment Authorization Credential without Proof (hex)"
+        data-include="TestVectors/eddsa-rdfc-2022/employ/docHashDataInt.txt" data-include-format="text"></pre>
+
+        <p>
+The next step is to take the proof options document, convert it to canonical
+form, and obtain its hash, as shown in the next three examples.
+        </p>
+
+        <pre class="example nohighlight" title="Proof Options Document"
+        data-include="TestVectors/eddsa-rdfc-2022/employ/proofConfigDataInt.json" data-include-format="text"></pre>
+
+        <pre class="example nohighlight" title="Canonical Proof Options Document"
+        data-include="TestVectors/eddsa-rdfc-2022/employ/proofCanonDataInt.txt" data-include-format="text"></pre>
+
+        <pre class="example nohighlight" title="Hash of Canonical Proof Options Document (hex)"
+        data-include="TestVectors/eddsa-rdfc-2022/employ/proofHashDataInt.txt" data-include-format="text"></pre>
+
+        <p>
+Finally, we concatenate the hash of the proof options followed by the hash of
+the credential without proof, use the private key with the combined hash to
+compute the Ed25519 signature, and then base58-btc encode the signature.
+        </p>
+
+        <pre class="example nohighlight" title="Combine hashes of Proof Options and Credential (hex)"
+        data-include="TestVectors/eddsa-rdfc-2022/employ/combinedHashDataInt.txt" data-include-format="text"></pre>
+
+        <pre class="example nohighlight" title="Signature of Combined Hashes (hex)"
+        data-include="TestVectors/eddsa-rdfc-2022/employ/sigHexDataInt.txt" data-include-format="text"></pre>
+
+        <pre class="example nohighlight" title="Signature of Combined Hashes base58-btc"
+        data-include="TestVectors/eddsa-rdfc-2022/employ/sigBTC58DataInt.txt" data-include-format="text"></pre>
+
+        <p>Assemble the signed credential with the following two steps:</p>
+        <ol>
+          <li>
+Add the <code>proofValue</code> field with the previously computed base58-btc
+value to the proof options document.
+          </li>
+          <li>
+Set the <code>proof</code> field of the credential to the augmented proof
+option document.
+          </li>
+        </ol>
+
+        <pre class="example nohighlight" title="Signed Employment Authorization Credential"
+        data-include="TestVectors/eddsa-rdfc-2022/employ/signedDataInt.json" data-include-format="text"></pre>
+      </section>
       <section>
         <h3>Representation: eddsa-jcs-2022</h3>
         <p>