ma-did 0.1.0

DID and message primitives for the ma actor stack
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75

use crate::{Did, Document, EncryptionKey, Result, SigningKey, VerificationMethod};

/// A generated DID identity with keys and a signed document.
///
/// Private keys are hex-encoded for storage. Use [`SigningKey::from_private_key_bytes`]
/// and [`EncryptionKey::from_private_key_bytes`] to reconstruct key objects.
#[derive(Debug, Clone)]
pub struct GeneratedIdentity {
    pub root_did: Did,
    pub document: Document,
    pub signing_private_key_hex: String,
    pub encryption_private_key_hex: String,
}

/// Generate a base DID identity with keys and a signed document.
///
/// No `ma` extension fields are set — those are application-specific.
///
/// # Examples
///
/// ```
/// use ma_did::generate_identity;
///
/// let id = generate_identity(
///     "k51qzi5uqu5dj9807pbuod1pplf0vxh8m4lfy3ewl9qbm2s8dsf9ugdf9gedhr"
/// ).unwrap();
///
/// // Document is signed and valid
/// id.document.verify().unwrap();
/// id.document.validate().unwrap();
///
/// // Private keys available for storage
/// assert!(!id.signing_private_key_hex.is_empty());
/// assert!(!id.encryption_private_key_hex.is_empty());
/// ```
pub fn generate_identity(ipns: &str) -> Result<GeneratedIdentity> {
    let root_did = Did::new_root(ipns)?;
    let sign_did = Did::new_root(ipns)?;
    let enc_did = Did::new_root(ipns)?;

    let signing_key = SigningKey::generate(sign_did)?;
    let encryption_key = EncryptionKey::generate(enc_did)?;

    let mut document = Document::new(&root_did, &root_did);

    let assertion_vm = VerificationMethod::new(
        root_did.base_id(),
        root_did.base_id(),
        signing_key.key_type.clone(),
        signing_key.did.fragment.as_deref().unwrap_or_default(),
        signing_key.public_key_multibase.clone(),
    )?;

    let key_agreement_vm = VerificationMethod::new(
        root_did.base_id(),
        root_did.base_id(),
        encryption_key.key_type.clone(),
        encryption_key.did.fragment.as_deref().unwrap_or_default(),
        encryption_key.public_key_multibase.clone(),
    )?;

    let assertion_vm_id = assertion_vm.id.clone();
    document.add_verification_method(assertion_vm.clone())?;
    document.add_verification_method(key_agreement_vm.clone())?;
    document.assertion_method = vec![assertion_vm_id];
    document.key_agreement = vec![key_agreement_vm.id.clone()];
    document.sign(&signing_key, &assertion_vm)?;

    Ok(GeneratedIdentity {
        root_did,
        document,
        signing_private_key_hex: hex::encode(signing_key.private_key_bytes()),
        encryption_private_key_hex: hex::encode(encryption_key.private_key_bytes()),
    })
}