Documentation
¶
Overview ¶
Package did DID Peer ------------------------------------------------ https://identity.foundation/peer-did-method-spec/
Peer based, self-signed DID method.
The method can be used independent of any central source of truth, and is intended to be cheap, fast, scalable, and secure. It is suitable for most private relationships between people, organizations, and things. We expect that peer-to-peer relationships in every blockchain ecosystem can benefit by offloading pairwise and n-wise relationships to peer DIDs.
Currently only methods 0 and 2 are supported. Method 1 will be supported in a future date.
Index ¶
- Constants
- func GetDIDPKHContext() (string, error)
- func GetDIDPKHNetworkPrefixes() []string
- func GetDIDPKHPrefixForNetwork(n Network) (string, error)
- func GetSupportedDIDBrcmTypes() []crypto.KeyType
- func GetSupportedDIDKeyTypes() []crypto.KeyType
- func GetVerificationTypeForNetwork(n Network) (string, error)
- func IsValidPKH(did DIDPKH) bool
- func KeyTypeToLDKeyType(kt crypto.KeyType) (cryptosuite.LDKeyType, error)
- type DID
- type DIDBrcm
- type DIDDocument
- type DIDDocumentMetadata
- type DIDKey
- type DIDPKH
- type DIDPeer
- type DIDResolutionMetadata
- type DIDResolutionResult
- type DIDWeb
- func (d DIDWeb) CreateDoc(kt crypto.KeyType, publicKey []byte) (*DIDDocument, error)
- func (d DIDWeb) CreateDocBytes(kt crypto.KeyType, publicKey []byte) ([]byte, error)
- func (d DIDWeb) GetDocURL() (string, error)
- func (d DIDWeb) IsValid() bool
- func (DIDWeb) Method() Method
- func (d DIDWeb) Resolve() (*DIDDocument, error)
- func (d DIDWeb) ResolveDocBytes() ([]byte, error)
- func (d DIDWeb) String() string
- func (d DIDWeb) Suffix() (string, error)
- type KeyResolver
- type Method
- type Network
- type PKHResolver
- type PeerDelta
- type PeerMethod0
- type PeerMethod1
- type PeerMethod2
- type PeerResolver
- type PeerServiceBlockEncoded
- type PurposeType
- type Resolution
- type ResolutionError
- type ResolutionOptions
- type Resolver
- type Service
- type ServiceTypeAbbreviationMap
- type VerificationMethod
- type VerificationMethodSet
- type WebResolver
Constants ¶
const ( KnownDIDContext string = "https://www.w3.org/ns/did/v1" // Base58BTCMultiBase Base58BTC https://github.com/multiformats/go-multibase/blob/master/multibase.go Base58BTCMultiBase = multibase.Base58BTC Ed25519MultiCodec = multicodec.Ed25519Pub X25519MultiCodec = multicodec.X25519Pub Secp256k1MultiCodec = multicodec.Secp256k1Pub P256MultiCodec = multicodec.P256Pub P384MultiCodec = multicodec.P384Pub P521MultiCodec = multicodec.P521Pub RSAMultiCodec = multicodec.RsaPub SHA256MultiCodec = multicodec.Sha2_256 )
const ( DIDPeerPrefix = "did:peer" PeerEncNumBasis = Base58BTCMultiBase PeerDIDRegex = `^did:peer:(([01](z)([1-9a-km-zA-HJ-NP-Z]{46,47}))|(2((\.[AEVID](z)([1-9a-km-zA-HJ-NP-Z]{46,47}))+(\.(S)[0-9a-zA-Z=]*)?)))$` PeerKnownContext = "https://w3id.org/did/v1" PeerDIDCommMessagingAbbr string = "dm" PeerDIDCommMessaging string = "DIDCommMessaging" Hash = "#" )
ANBF specified here: https://identity.foundation/peer-did-method-spec/#method-specific-identifier
const ( BitcoinNetworkPrefix = "bip122:000000000019d6689c085ae165831e93" EthereumNetworkPrefix = "eip155:1" PolygonNetworkPrefix = "eip155:137" EcdsaSecp256k1RecoveryMethod2020 = "EcdsaSecp256k1RecoveryMethod2020" )
const ( DIDWebWellKnownURLPath = ".well-known/" DIDWebDIDDocFilename = "did.json" DIDWebPrefix = "did:web" )
const (
// DIDBrcmPrefix did:key prefix
DIDBrcmPrefix = "did:brcm"
)
const (
// DIDKeyPrefix did:key prefix
DIDKeyPrefix = "did:key"
)
const (
// DIDPKHPrefix did:pkh prefix
DIDPKHPrefix = "did:pkh"
)
Variables ¶
This section is empty.
Functions ¶
func GetDIDPKHContext ¶
GetDIDPKHContext returns a context which should be manually inserted into each did:pkh document. This will likely change over time as new verification methods are supported, and general-purpose methods are specified.
func GetDIDPKHNetworkPrefixes ¶
func GetDIDPKHNetworkPrefixes() []string
func GetDIDPKHPrefixForNetwork ¶
GetDIDPKHPrefixForNetwork returns the did:pkh prefix for a given network
func GetSupportedDIDKeyTypes ¶
func GetVerificationTypeForNetwork ¶
GetVerificationTypeForNetwork returns the verification key type for a given network
func IsValidPKH ¶
IsValidPKH checks if a pkh did is valid based on the following parameters: pkh-did = "did:pkh:" address address = account_id according to [CAIP-10] account_id: chain_id + ":" + account_address chain_id: [-a-z0-9]{3,8}:[-a-zA-Z0-9]{1,32} account_address: [a-zA-Z0-9]{1,64} chain_id: namespace + ":" + reference namespace: [-a-z0-9]{3,8} reference: [-a-zA-Z0-9]{1,32}
func KeyTypeToLDKeyType ¶
func KeyTypeToLDKeyType(kt crypto.KeyType) (cryptosuite.LDKeyType, error)
KeyTypeToLDKeyType converts crypto.KeyType to cryptosuite.LDKeyType
Types ¶
type DID ¶
type DID interface {
// IsValid checks if the DID is compliant with its methods definition
IsValid() bool
// String Returns the string representation of the DID identifier (e.g. did:example:abcd)
String() string
// Suffix provides the value of the DID without the method prefix
Suffix() (string, error)
// Method provides the method for the DID
Method() Method
}
DID encapsulates functionality common to all DIDs
type DIDBrcm ¶
type DIDBrcm string
func CreateDIDBrcm ¶
CreateDIDBrcm constructs a did:key from a specific key type and its corresponding public key This method does not attempt to validate that the provided public key is of the specified key type. A safer method is `GenerateDIDBrcm` which handles key generation based on the provided key type.
func GenerateDIDBrcm ¶
GenerateDIDBrcm takes in a key type value that this library supports and constructs a conformant did:key identifier. The function returns the associated private key value cast to the generic golang crypto.PrivateKey interface. To use the private key, it is recommended to re-cast to the associated type. For example, called with the input for a secp256k1 key: privKey, didKey, err := GenerateDIDBrcm(SECP256k1) if err != nil { ... } // where secp is an import alias to the secp256k1 library we use "github.com/decred/dcrd/dcrec/secp256k1/v4" secpPrivKey, ok := privKey.(secp.PrivateKey) if !ok { ... }
func (DIDBrcm) Decode ¶
Decode takes a did:key and returns the underlying public key value as bytes, the LD key type, and a possible error
func (DIDBrcm) Expand ¶
func (d DIDBrcm) Expand() (*DIDDocument, error)
Expand turns the DID key into a compliant DID Document
type DIDDocument ¶
type DIDDocument struct {
Context interface{} `json:"@context,omitempty"`
// As per https://www.w3.org/TR/did-core/#did-subject intermediate representations of DID Documents do not
// require an ID property. The provided test vectors demonstrate IRs. As such, the property is optional.
ID string `json:"id,omitempty"`
Controller string `json:"controller,omitempty"`
AlsoKnownAs string `json:"alsoKnownAs,omitempty"`
VerificationMethod []VerificationMethod `json:"verificationMethod,omitempty" validate:"dive"`
Authentication []VerificationMethodSet `json:"authentication,omitempty" validate:"dive"`
AssertionMethod []VerificationMethodSet `json:"assertionMethod,omitempty" validate:"dive"`
KeyAgreement []VerificationMethodSet `json:"keyAgreement,omitempty" validate:"dive"`
CapabilityInvocation []VerificationMethodSet `json:"capabilityInvocation,omitempty" validate:"dive"`
CapabilityDelegation []VerificationMethodSet `json:"capabilityDelegation,omitempty" validate:"dive"`
Services []Service `json:"service,omitempty" validate:"dive"`
}
DIDDocument is a representation of the did core specification https://www.w3.org/TR/did-core TODO(gabe) enforce validation of DID syntax https://www.w3.org/TR/did-core/#did-syntax
func (*DIDDocument) IsEmpty ¶
func (d *DIDDocument) IsEmpty() bool
func (*DIDDocument) IsValid ¶
func (d *DIDDocument) IsValid() error
type DIDDocumentMetadata ¶
type DIDDocumentMetadata struct {
Created string `json:"created,omitempty" validate:"datetime"`
Updated string `json:"updated,omitempty" validate:"datetime"`
Deactivated bool `json:"deactivated,omitempty"`
NextUpdate string `json:"nextUpdate,omitempty"`
VersionID string `json:"versionId,omitempty"`
NextVersionID string `json:"nextVersionId,omitempty"`
EquivalentID string `json:"equivalentId,omitempty"`
CanonicalID string `json:"canonicalId,omitempty"`
}
DIDDocumentMetadata https://www.w3.org/TR/did-core/#did-document-metadata
func (*DIDDocumentMetadata) IsValid ¶
func (s *DIDDocumentMetadata) IsValid() bool
type DIDKey ¶
type DIDKey string
func CreateDIDKey ¶
CreateDIDKey constructs a did:key from a specific key type and its corresponding public key This method does not attempt to validate that the provided public key is of the specified key type. A safer method is `GenerateDIDKey` which handles key generation based on the provided key type.
func GenerateDIDKey ¶
GenerateDIDKey takes in a key type value that this library supports and constructs a conformant did:key identifier. The function returns the associated private key value cast to the generic golang crypto.PrivateKey interface. To use the private key, it is recommended to re-cast to the associated type. For example, called with the input for a secp256k1 key: privKey, didKey, err := GenerateDIDKey(SECP256k1) if err != nil { ... } // where secp is an import alias to the secp256k1 library we use "github.com/decred/dcrd/dcrec/secp256k1/v4" secpPrivKey, ok := privKey.(secp.PrivateKey) if !ok { ... }
func (DIDKey) Decode ¶
Decode takes a did:key and returns the underlying public key value as bytes, the LD key type, and a possible error
func (DIDKey) Expand ¶
func (d DIDKey) Expand() (*DIDDocument, error)
Expand turns the DID key into a compliant DID Document
type DIDPKH ¶
type DIDPKH string
func CreateDIDPKH ¶
CreateDIDPKH constructs a did:pkh from a namespace, reference, and account address. Reference: did:pkh:namespace:reference:account_address
func CreateDIDPKHFromNetwork ¶
CreateDIDPKHFromNetwork constructs a did:pkh from a network and the networks native address.
func (DIDPKH) Expand ¶
func (d DIDPKH) Expand() (*DIDDocument, error)
Expand turns the DID key into a complaint DID Document
type DIDPeer ¶
type DIDPeer string
func (DIDPeer) GetMethodID ¶
func (DIDPeer) IsValidPurpose ¶
func (DIDPeer) IsValidPurpose(p PurposeType) bool
type DIDResolutionMetadata ¶
type DIDResolutionMetadata struct {
ContentType string
Error *ResolutionError
}
DIDResolutionMetadata https://www.w3.org/TR/did-core/#did-resolution-metadata
type DIDResolutionResult ¶
type DIDResolutionResult struct {
DIDResolutionMetadata
DIDDocument
DIDDocumentMetadata
}
DIDResolutionResult encapsulates the tuple of a DID resolution https://www.w3.org/TR/did-core/#did-resolution
type DIDWeb ¶
type DIDWeb string
did:web method specification https://w3c-ccg.github.io/did-method-web/ DID Web create and resolve methods are implemented in this package but NOT the update and deactivate methods please refer to web_test.go for example and test cases
func (DIDWeb) CreateDoc ¶
CreateDoc constructs a did:web DIDDocument from a specific key type and its corresponding public key. This method does not attempt to validate that the provided public key is of the specified key type. The returned DIDDocument is expected further turned into a JSON file named did.json and stored under the expected path of the target web domain specification: https://w3c-ccg.github.io/did-method-web/#create-register
func (DIDWeb) CreateDocBytes ¶
CreateDocBytes simply takes the output from CreateDoc and returns the bytes of the JSON DID document
func (DIDWeb) GetDocURL ¶
GetDocURL returns the expected URL of the DID Document where https:// prefix is required by the specification optional path supported
func (DIDWeb) Resolve ¶
func (d DIDWeb) Resolve() (*DIDDocument, error)
func (DIDWeb) ResolveDocBytes ¶
ResolveDocBytes simply performs a http.Get on the expected URL of the DID Document from GetDocURL and returns the bytes of the fetched file
type KeyResolver ¶
type KeyResolver struct{}
func (KeyResolver) Method ¶
func (KeyResolver) Method() Method
func (KeyResolver) Resolve ¶
func (KeyResolver) Resolve(did string, _ ResolutionOptions) (*DIDResolutionResult, error)
type Method ¶
type Method string
func GetMethodForDID ¶
GetMethodForDID provides the method for the given did string
type Network ¶
type Network string
func GetDIDPKHNetworkForDID ¶
GetDIDPKHNetworkForDID returns the network for a given did:pkh
func GetDIDPKHNetworkForPrefix ¶
GetDIDPKHNetworkForPrefix returns the did:pkh network for a given prefix
func GetSupportedPKHNetworks ¶
func GetSupportedPKHNetworks() []Network
type PKHResolver ¶
type PKHResolver struct{}
func (PKHResolver) Method ¶
func (PKHResolver) Method() Method
func (PKHResolver) Resolve ¶
func (PKHResolver) Resolve(did string, _ ResolutionOptions) (*DIDResolutionResult, error)
type PeerDelta ¶
type PeerDelta struct {
Change string `json:"change"` // <base64url encoding of a change fragment>,
By []byValue `json:"by"` // [ {"key": <id of key>, "sig": <signature value>} ... ],
When int64 `json:"when"` // <ISO8601/RFC3339 UTC timestamp with at least second precision>
}
PeerDelta https://identity.foundation/peer-did-method-spec/#backing-storage
type PeerMethod0 ¶
type PeerMethod0 struct {
// contains filtered or unexported fields
}
PeerMethod0 Method 0: inception key without doc https://identity.foundation/peer-did-method-spec/index.html#generation-method The DID doc offers no endpoint. This makes the DID functionally equivalent to a did:key value For example, did:key:z6MkpTHR8VNsBxYAAWHut2Geadd9jSwuBV8xRoAnwWsdvktH is equivalent to did:peer:0z6MkpTHR8VNsBxYAAWHut2Geadd9jSwuBV8xRoAnwWsdvktH
func (PeerMethod0) Method ¶
func (PeerMethod0) Method() Method
type PeerMethod1 ¶
type PeerMethod1 struct{}
PeerMethod1 Method 1: genesis doc
func (PeerMethod1) Generate ¶
func (PeerMethod1) Generate() (*DIDPeer, error)
Generate https://identity.foundation/peer-did-method-spec/#generation-method Creates a genesis version of JSON text of the DID doc for the DID. This inception key is the key that creates the DID and authenticates when exchanging it with the first peer CANNOT include the DID itself This lets the doc be created without knowing the DID's value in advance. Suppressing the DID value creates a stored variant of peer DID doc data, as opposed to the resolved variant that would have an actual DID value in the root id property. (In either the stored or resolved variant of the doc, anywhere else that the DID value would appear, it should appear as a relative reference rather than an absolute value. For example, each controller property of a verificationMethod that is owned by this DID would say "controller": "#id".). Calculate the SHA256 [RFC4634] hash of the bytes of the stored variant of the genesis version of the DID doc, and make this value the new DID's numeric basis.
func (PeerMethod1) Method ¶
func (PeerMethod1) Method() Method
type PeerMethod2 ¶
PeerMethod2 Method 2: multiple inception key without doc
func (PeerMethod2) Generate ¶
func (m PeerMethod2) Generate() (*DIDPeer, error)
Generate If numalgo == 2, the generation mode is similar to Method 0 (and therefore also did:key) with the ability to specify additional keys in the generated DID Document. This method is necessary when both an encryption key and a signing key are required. It determines the purpose implicitly by looking at the type of object: 1. Start with the did prefix did:peer:2 2. Construct a multibase encoded, multicodec-encoded form of each public key to be included. 3. Prefix each encoded key with a period character (.) and single character from the purpose codes table below. 4. Append the encoded key to the DID. 5. Encode and append a service type to the end of the peer DID if desired as described below.
func (PeerMethod2) Method ¶
func (PeerMethod2) Method() Method
type PeerResolver ¶
type PeerResolver struct{}
func (PeerResolver) Method ¶
func (PeerResolver) Method() Method
func (PeerResolver) Resolve ¶
func (PeerResolver) Resolve(did string, opts ResolutionOptions) (*DIDResolutionResult, error)
type PeerServiceBlockEncoded ¶
type PeerServiceBlockEncoded struct {
ServiceType string `json:"t"`
ServiceEndpoint string `json:"s"`
RoutingKeys []string `json:"r"`
Accept []string `json:"a"`
}
PeerServiceBlockEncoded Remaps the service block for encoding
type PurposeType ¶
type PurposeType string
const ( PeerPurposeEncryptionCode PurposeType = "E" PeerPurposeAssertionCode PurposeType = "A" PeerPurposeVerificationCode PurposeType = "V" PeerPurposeCapabilityInvocationCode PurposeType = "I" PeerPurposeCapabilityDelegationCode PurposeType = "D" PeerPurposeCapabilityServiceCode PurposeType = "S" )
https://identity.foundation/peer-did-method-spec/index.html#generation-method
type Resolution ¶
type Resolution interface {
// Resolve Attempts to resolve a DID for a given method
Resolve(did string, opts ResolutionOptions) (*DIDResolutionResult, error)
// Method provides the method for the given resolution implementation
Method() Method
}
Resolution provides an interface for resolving DIDs as per the spec https://www.w3.org/TR/did-core/#did-resolution
type ResolutionError ¶
type ResolutionError struct {
Code string `json:"code"`
InvalidDID bool `json:"invalidDid"`
NotFound bool `json:"notFound"`
RepresentationNotSupported bool `json:"representationNotSupported"`
}
ResolutionError https://www.w3.org/TR/did-core/#did-resolution-metadata
type ResolutionOptions ¶
type ResolutionOptions interface{}
ResolutionOptions https://www.w3.org/TR/did-spec-registries/#did-resolution-options
type Resolver ¶
type Resolver struct {
// contains filtered or unexported fields
}
Resolver resolves a DID. The current implementation ssk-sdk does not have a universal resolver: https://github.com/decentralized-identity/universal-resolver In its place, this method attempts to resolve DID methods that can be resolved without relying on additional services.
func NewResolver ¶
func NewResolver(resolvers ...Resolution) (*Resolver, error)
func (Resolver) Resolve ¶
func (dr Resolver) Resolve(did string, opts ...ResolutionOptions) (*DIDResolutionResult, error)
Resolve attempts to resolve a DID for a given method
func (Resolver) SupportedMethods ¶
type Service ¶
type Service struct {
ID string `json:"id" validate:"required"`
Type string `json:"type" validate:"required"`
// A string, map, or set composed of one or more strings and/or maps
// All string values must be valid URIs
ServiceEndpoint interface{} `json:"serviceEndpoint" validate:"required"`
RoutingKeys []string `json:"routingKeys,omitempty"`
Accept []string `json:"accept,omitempty"`
}
Service is a property compliant with the did-core spec https://www.w3.org/TR/did-core/#services
type VerificationMethod ¶
type VerificationMethod struct {
ID string `json:"id" validate:"required"`
Type cryptosuite.LDKeyType `json:"type" validate:"required"`
Controller string `json:"controller" validate:"required"`
PublicKeyBase58 string `json:"publicKeyBase58,omitempty"`
// must conform to https://datatracker.ietf.org/doc/html/rfc7517
PublicKeyJWK *crypto.PublicKeyJWK `json:"publicKeyJwk,omitempty" validate:"omitempty,dive"`
// https://datatracker.ietf.org/doc/html/draft-multiformats-multibase-03
PublicKeyMultibase string `json:"publicKeyMultibase,omitempty"`
// for PKH DIDs - https://github.com/w3c-ccg/did-pkh/blob/90b28ad3c18d63822a8aab3c752302aa64fc9382/did-pkh-method-draft.md
BlockchainAccountID string `json:"blockchainAccountId,omitempty"`
}
type VerificationMethodSet ¶
type VerificationMethodSet interface{}
VerificationMethodSet is a union type supporting the `authentication`, `assertionMethod`, `keyAgreement`, `capabilityInvocation`, and `capabilityDelegation` types. A set of one or more verification methods. Each verification method MAY be embedded or referenced. TODO(gabe) consider changing this to a custom unmarshaler https://stackoverflow.com/a/28016508
type WebResolver ¶
type WebResolver struct{}
func (WebResolver) Method ¶
func (WebResolver) Method() Method
func (WebResolver) Resolve ¶
func (WebResolver) Resolve(did string, _ ResolutionOptions) (*DIDResolutionResult, error)
Resolve fetches and returns the DIDDocument from the expected URL specification: https://w3c-ccg.github.io/did-method-web/#read-resolve
Source Files