co-identity 0.1.0

COKIT DID and DIDComm implementations.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126

// SPDX-License-Identifier: AGPL-3.0-only
// Copyright (C) 2026 1io BRANDGUARDIAN GmbH

use crate::{
	library::{
		didcomm_jwe::{didcomm_jwe, didcomm_jwe_receive},
		didcomm_jws::didcomm_jws,
		didcomm_receive::didcomm_receive,
	},
	DidCommHeader, IdentityResolver, ReceiveError, SignError, VerificationMethod,
};
use co_primitives::{Did, Secret};

pub trait DidCommContext {
	fn did(&self) -> &Did;
	fn key_agreement(&self) -> &VerificationMethod;
	fn verification_method(&self) -> &VerificationMethod;
}

pub struct DidCommPublicContext {
	did: Did,
	verification_method: VerificationMethod,
	key_agreement: VerificationMethod,
}
impl DidCommPublicContext {
	pub fn new(did: Did, verification_method: VerificationMethod, key_agreement: VerificationMethod) -> Self {
		Self { did, verification_method, key_agreement }
	}
}
impl DidCommContext for DidCommPublicContext {
	fn did(&self) -> &Did {
		&self.did
	}

	fn key_agreement(&self) -> &VerificationMethod {
		&self.key_agreement
	}

	fn verification_method(&self) -> &VerificationMethod {
		&self.verification_method
	}
}

pub struct DidCommPrivateContext {
	public: DidCommPublicContext,
	verification_method_private_key: Secret,
	key_agreement_private_key: Secret,
}
impl DidCommPrivateContext {
	pub fn new(
		public: DidCommPublicContext,
		verification_method_private_key: Secret,
		key_agreement_private_key: Secret,
	) -> Self {
		Self { public, verification_method_private_key, key_agreement_private_key }
	}

	/// Create JWS message envelope.
	///
	/// # DID Comm
	/// - Envelope: `signed(plaintext)`
	/// - Media Type: `application/didcomm-signed+json`
	///
	/// # Arguments
	/// - `body` - JSON String.
	pub fn jws(&self, header: DidCommHeader, body: &str) -> Result<String, SignError> {
		didcomm_jws(
			self.verification_method_private_key.clone(),
			&self
				.verification_method()
				.public_key_bytes()
				.map_err(SignError::InvalidArgument)?,
			header,
			body,
		)
	}

	/// Create JWE message envelope.
	///
	/// # DID Comm
	/// - Envelope: `authcrypt(plaintext)`
	/// - Media Type: `application/didcomm-encrypted+json`
	///
	/// # Arguments
	/// - `body` - JSON String.
	pub fn jwe(&self, to: &DidCommPublicContext, header: DidCommHeader, body: &str) -> Result<String, SignError> {
		if !header.to.contains(&to.did) {
			return Err(SignError::InvalidArgument(anyhow::anyhow!("header must contain recipent: to: {}", to.did)));
		}
		didcomm_jwe(
			self.key_agreement_private_key.clone(),
			to.key_agreement.public_key_bytes().map_err(SignError::InvalidArgument)?,
			header,
			body,
		)
	}

	pub async fn jwe_receive<R: IdentityResolver>(
		&self,
		resolver: &R,
		incoming: &str,
	) -> Result<(DidCommHeader, String), ReceiveError> {
		didcomm_jwe_receive(self.key_agreement_private_key.clone(), resolver, incoming).await
	}

	pub async fn receive<R: IdentityResolver>(
		&self,
		resolver: &R,
		incoming: &str,
	) -> Result<(DidCommHeader, String), ReceiveError> {
		didcomm_receive(Some(self.key_agreement_private_key.clone()), resolver, incoming).await
	}
}
impl DidCommContext for DidCommPrivateContext {
	fn did(&self) -> &Did {
		self.public.did()
	}

	fn key_agreement(&self) -> &VerificationMethod {
		self.public.key_agreement()
	}

	fn verification_method(&self) -> &VerificationMethod {
		self.public.verification_method()
	}
}