feat: add DID module (#186)

* feat: add DID module

* updated architecture doc

* added package-info

* pr remark

core/identity-hub-credentials/build.gradle.kts

@@ -7,7 +7,6 @@ dependencies {
     api(project(":spi:identity-hub-store-spi"))
     implementation(libs.edc.core.connector) // for the CriterionToPredicateConverterImpl
     implementation(libs.edc.spi.jsonld)
-    implementation(libs.edc.spi.jsonld)
     implementation(libs.edc.ext.jsonld) // for the JSON-LD mapper
     implementation(libs.edc.iatp.service) // JWT validator
     implementation(libs.edc.core.crypto) // JWT verifier

core/identity-hub-did/build.gradle.kts

@@ -0,0 +1,12 @@
+plugins {
+    `java-library`
+}
+
+dependencies {
+    api(project(":spi:identity-hub-spi"))
+
+    testImplementation(libs.edc.junit)
+    testImplementation(libs.edc.ext.jsonld)
+    testImplementation(testFixtures(project(":spi:identity-hub-spi")))
+    testImplementation(libs.edc.identity.did.crypto) // EC private key wrapper
+}

core/identity-hub-did/src/main/java/org/eclipse/edc/identityhub/did/DidResourceManager.java

@@ -0,0 +1,18 @@
+/*
+ *  Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
+ *
+ *  This program and the accompanying materials are made available under the
+ *  terms of the Apache License, Version 2.0 which is available at
+ *  https://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Contributors:
+ *       Bayerische Motoren Werke Aktiengesellschaft (BMW AG) - initial API and implementation
+ *
+ */
+
+package org.eclipse.edc.identityhub.did;
+
+public class DidResourceManager {
+}

core/identity-hub-did/src/main/java/org/eclipse/edc/identityhub/did/DidServicesExtension.java

@@ -0,0 +1,25 @@
+/*
+ *  Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
+ *
+ *  This program and the accompanying materials are made available under the
+ *  terms of the Apache License, Version 2.0 which is available at
+ *  https://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Contributors:
+ *       Bayerische Motoren Werke Aktiengesellschaft (BMW AG) - initial API and implementation
+ *
+ */
+
+package org.eclipse.edc.identityhub.did;
+
+import org.eclipse.edc.runtime.metamodel.annotation.Extension;
+import org.eclipse.edc.spi.system.ServiceExtension;
+
+import static org.eclipse.edc.identityhub.did.DidServicesExtension.NAME;
+
+@Extension(value = NAME)
+public class DidServicesExtension implements ServiceExtension {
+    public static final String NAME = "DID Service Extension";
+}

core/identity-hub-did/src/main/resources/META-INF/services/org.eclipse.edc.spi.system.ServiceExtension

@@ -0,0 +1,15 @@
+#
+#  Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
+#
+#  This program and the accompanying materials are made available under the
+#  terms of the Apache License, Version 2.0 which is available at
+#  https://www.apache.org/licenses/LICENSE-2.0
+#
+#  SPDX-License-Identifier: Apache-2.0
+#
+#  Contributors:
+#       Bayerische Motoren Werke Aktiengesellschaft (BMW AG) - initial API and implementation
+#
+#
+
+org.eclipse.edc.identityhub.did.DidServicesExtension

core/identity-hub-did/src/main/resources/did.json

@@ -0,0 +1,57 @@
+{
+  "@context": {
+    "@protected": true,
+    "id": "@id",
+    "type": "@type",
+    "alsoKnownAs": {
+      "@id": "https://www.w3.org/ns/activitystreams#alsoKnownAs",
+      "@type": "@id"
+    },
+    "assertionMethod": {
+      "@id": "https://w3id.org/security#assertionMethod",
+      "@type": "@id",
+      "@container": "@set"
+    },
+    "authentication": {
+      "@id": "https://w3id.org/security#authenticationMethod",
+      "@type": "@id",
+      "@container": "@set"
+    },
+    "capabilityDelegation": {
+      "@id": "https://w3id.org/security#capabilityDelegationMethod",
+      "@type": "@id",
+      "@container": "@set"
+    },
+    "capabilityInvocation": {
+      "@id": "https://w3id.org/security#capabilityInvocationMethod",
+      "@type": "@id",
+      "@container": "@set"
+    },
+    "controller": {
+      "@id": "https://w3id.org/security#controller",
+      "@type": "@id"
+    },
+    "keyAgreement": {
+      "@id": "https://w3id.org/security#keyAgreementMethod",
+      "@type": "@id",
+      "@container": "@set"
+    },
+    "service": {
+      "@id": "https://www.w3.org/ns/did#service",
+      "@type": "@id",
+      "@context": {
+        "@protected": true,
+        "id": "@id",
+        "type": "@type",
+        "serviceEndpoint": {
+          "@id": "https://www.w3.org/ns/did#serviceEndpoint",
+          "@type": "@id"
+        }
+      }
+    },
+    "verificationMethod": {
+      "@id": "https://w3id.org/security#verificationMethod",
+      "@type": "@id"
+    }
+  }
+}

core/identity-hub-did/src/test/resources/did.json

@@ -0,0 +1,57 @@
+{
+  "@context": {
+    "@protected": true,
+    "id": "@id",
+    "type": "@type",
+    "alsoKnownAs": {
+      "@id": "https://www.w3.org/ns/activitystreams#alsoKnownAs",
+      "@type": "@id"
+    },
+    "assertionMethod": {
+      "@id": "https://w3id.org/security#assertionMethod",
+      "@type": "@id",
+      "@container": "@set"
+    },
+    "authentication": {
+      "@id": "https://w3id.org/security#authenticationMethod",
+      "@type": "@id",
+      "@container": "@set"
+    },
+    "capabilityDelegation": {
+      "@id": "https://w3id.org/security#capabilityDelegationMethod",
+      "@type": "@id",
+      "@container": "@set"
+    },
+    "capabilityInvocation": {
+      "@id": "https://w3id.org/security#capabilityInvocationMethod",
+      "@type": "@id",
+      "@container": "@set"
+    },
+    "controller": {
+      "@id": "https://w3id.org/security#controller",
+      "@type": "@id"
+    },
+    "keyAgreement": {
+      "@id": "https://w3id.org/security#keyAgreementMethod",
+      "@type": "@id",
+      "@container": "@set"
+    },
+    "service": {
+      "@id": "https://www.w3.org/ns/did#service",
+      "@type": "@id",
+      "@context": {
+        "@protected": true,
+        "id": "@id",
+        "type": "@type",
+        "serviceEndpoint": {
+          "@id": "https://www.w3.org/ns/did#serviceEndpoint",
+          "@type": "@id"
+        }
+      }
+    },
+    "verificationMethod": {
+      "@id": "https://w3id.org/security#verificationMethod",
+      "@type": "@id"
+    }
+  }
+}

docs/developer/architecture/identity-trust-protocol/identity.hub.architecture.md

@@ -166,23 +166,16 @@ Services may register to receive `KeyPairManager` events, for example, when a ro
 
 ### 2.2.4. DID Resources
 
-A `DIDResource` is a `DID` and associated entries in a `DID` document.
+A `DIDResource` is a `DID` and associated entries in a `DID` document. It represents the lifecycle of a DID Document in
+the IdentityHub.
 
 ```java
 class DidResource {
     String did;
     DidState state;
-    long timestamp;
-    List<ServiceEndpoint> serviceEndpoints;
-    List<VerificationMethod> verificationMethods;
-    List<VerificationRelationship> verificationRelationships;
-}
-
-class VerificationMethod {
-    String id;
-    String type;
-    String material;
-    String keyPairResourceId;
+    long stateTimestamp;
+    long createTimestamp;
+    DidDocument document;
 }
 
 class VerificationRelationship {
@@ -191,12 +184,8 @@ class VerificationRelationship {
 }
 ```
 
-The `serviceEndpoints` property contains a collection of `ServiceEndpoints` that can be added through configuration or
-an API invocation.
-
-The `verificationMethods` property contains a collection of `VerificationMethods` associated with Key
-
-The `verificationRelationships` property contains a collection of `VerificationRelationships` associated with Key
+The `DidDocument` is defined in the connector repository and is a representation of
+a [W3C DID](https://www.w3.org/TR/did-core/).
 
 > NB: There is no DID manager.
 
@@ -421,24 +410,25 @@ particular participant context. The DID module makes use of the EDC `Identity DI
 
 ### 3.6.1. DidDocumentPublisher
 
-The `DidDocumentPublisher` is responsible for generating, provisioning and deprovisioning DID documents to
-a `Verifiable Data Registry` (VDR) such as a CDN that serves a Web domain. The publisher is a state machine that can
-asynchronously transition as follows:
+The `DidDocumentPublisher` is responsible for generating, publishing and unpublishing DID documents to
+a `Verifiable Data Registry` (VDR) such as a CDN that serves a Web domain. The publisher can transition as follows:
 
-- **Publish**: GENERATED -> PROVISIONING -> PROVISIONED
-- **Unpublish**: PROVISIONED -> DEPROVISIONING -> DEPROVISIONED
-- **Republish**: PROVISIONED -> GENERATED -> PROVISIONING -> PROVISIONED
+- **Publish**: GENERATED -> PUBLISHED
+- **Unpublish**: PUBLISHED -> UNPUBLISHED
 
 All operations publish events.
 
-The `DidDocumentPublisher` delegates to extensions for handling provisioning to VDRs.
+There can be only one publisher per DID method, and all available publishers are kept in a `DidPublisherRegistry`, which
+can be used to contribute publishers via the extension mechanism.
 
 ### 3.6.2. DidDocumentService
 
 The `DidDocumentService` returns a **managed** DID document to the requesting client. Note that it _**does not**_
 resolve foreign DID documents. Note also this service is intended for internal use. DID resolution should be performed
 through specific DID methods that work directly with a VDR.
 
+The `DidDocumentService` uses the `DidResourceStore` internally.
+
 ## 3.7. Auth/Permission Module
 
 The `Auth/Permission` module includes services that delegate to the EDC `PolicyEngine` for access control.

resources/checkstyle-config.xml

@@ -29,8 +29,7 @@
   </module>
   <!-- https://checkstyle.org/config_filters.html#SuppressionFilter -->
   <module name="SuppressionFilter">
-    <property name="file" value="${org.checkstyle.google.suppressionfilter.config}"
-           default="resources/checkstyle-suppressions.xml" />
+    <property name="file" value="${config_loc}/suppressions.xml"/> 
     <property name="optional" value="true"/>
   </module>
 

resources/suppressions.xml

@@ -0,0 +1,10 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE suppressions PUBLIC
+        "-//Checkstyle//DTD SuppressionFilter Configuration 1.2//EN"
+        "https://checkstyle.org/dtds/suppressions_1_2.dtd">
+
+<suppressions>
+    <!-- Excludes generated source files -->
+    <suppress files="[/\\]build[/\\]" checks=".*"/>
+    <suppress files="package-info.java" checks="[a-zA-Z0-9]*"/>
+</suppressions>

settings.gradle.kts

@@ -25,10 +25,12 @@ dependencyResolutionManagement {
 // SPI modules
 include(":spi:identity-hub-spi")
 include(":spi:identity-hub-store-spi")
+include(":spi:identity-hub-did-spi")
 
 // core modules
 include(":core:identity-hub-api")
 include(":core:identity-hub-credentials")
+include(":core:identity-hub-did")
 
 // extension modules
 include(":extensions:cryptography:public-key-provider")

spi/identity-hub-did-spi/build.gradle.kts

@@ -0,0 +1,27 @@
+/*
+ *  Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
+ *
+ *  This program and the accompanying materials are made available under the
+ *  terms of the Apache License, Version 2.0 which is available at
+ *  https://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Contributors:
+ *       Bayerische Motoren Werke Aktiengesellschaft (BMW AG) - initial API and implementation
+ *
+ */
+
+plugins {
+    `java-library`
+    `java-test-fixtures`
+    `maven-publish`
+}
+
+val swagger: String by project
+
+dependencies {
+
+    api(libs.edc.spi.identitytrust)
+    implementation(libs.edc.spi.identity.did)
+}