EIDOMNI-708: Reviewer remarks taken into account, hence cleanup and optimization

Author: vst-bit

examples/using-pre-rotation-keys/src/main/java/org/examples/Main.java

@@ -59,7 +59,7 @@ static String build() throws URISyntaxException, IOException, DidLogCreatorStrat
                                 //,NextKeyHashesDidMethodParameter.of(RandomEd25519KeyStore.rotate().getPublicKey())
                         ))
                         .assertionMethods(Set.of(VerificationMethod.of("my-assert-key-01", Path.of("../../src/test/data/assert-key-01.pub"))))
-                        //.authentications(Set.of(VerificationMethod.of("my-auth-key-01", Path.of("../../src/test/data/auth-key-01.pub"))))
+                        .authentications(Set.of(VerificationMethod.of("my-auth-key-01", Path.of("../../src/test/data/auth-key-01.pub"))))
                         .build()
                         .create(URL.of(new URI("https://identifier-reg.trust-infra.swiyu-int.admin.ch/api/v1/did/18fa7c77-9dd1-4e20-a147-fb1bec146085"), null))
         ).append(System.lineSeparator());

src/main/java/ch/admin/bj/swiyu/didtoolbox/AbstractDidLogEntryBuilder.java

@@ -21,10 +21,10 @@ public abstract class AbstractDidLogEntryBuilder {
 
     protected DidLogMeta didLogMeta;
 
-    protected static JsonObject buildVerificationMethodWithPublicKeyJwk(String didTDW, String keyID, String publicKeyJwk) {
+    protected static JsonObject buildVerificationMethodWithPublicKeyJwk(String did, String fragmentId, String publicKeyJwk) {
 
         var verificationMethodObj = new JsonObject();
-        verificationMethodObj.addProperty("id", didTDW + "#" + keyID);
+        verificationMethodObj.addProperty("id", did + "#" + fragmentId);
         // CAUTION The "controller" property must not be present w.r.t.:
         // - https://confluence.bit.admin.ch/x/3e0EMw
         verificationMethodObj.addProperty("type", "JsonWebKey2020");

src/main/java/ch/admin/bj/swiyu/didtoolbox/JwkUtils.java

@@ -63,7 +63,7 @@ public static String loadECPublicJWKasJSON(Path ecPublicPemPath, String kid) thr
             throw new IllegalArgumentException(String.format("The supplied key ID (kid) of the JWK '%s' must be a regular case-sensitive string featuring no URIs reserved characters", kid));
         }
 
-        ECPublicKey publicKey = (ECPublicKey) PemUtils.parsePemPublicKey(Files.newBufferedReader(ecPublicPemPath));
+        var publicKey = (ECPublicKey) PemUtils.parsePemPublicKey(Files.newBufferedReader(ecPublicPemPath));
 
         return (new ECKey.Builder(Curve.P_256, publicKey)).keyID(kid).build().toPublicJWK().toJSONString();
     }

src/main/java/ch/admin/bj/swiyu/didtoolbox/PemUtils.java

@@ -83,7 +83,7 @@ static PrivateKey parsePemPrivateKey(Reader pemPrivateKeyReader) throws IOExcept
         throw new IllegalArgumentException("The supplied reader features no PEM-encoded private key");
     }
 
-    static PublicKey parsePemPublicKey(Reader pemPublicKeyReader) throws IOException {
+    public static PublicKey parsePemPublicKey(Reader pemPublicKeyReader) throws IOException {
         final PEMParser parser = new PEMParser(pemPublicKeyReader);
         var pemObj = parser.readObject();
 

src/main/java/ch/admin/bj/swiyu/didtoolbox/ProofOfPossessionCreatorException.java

@@ -13,10 +13,6 @@ public class ProofOfPossessionCreatorException extends Exception {
     @Serial
     private static final long serialVersionUID = -8688911417489177064L;
 
-    public ProofOfPossessionCreatorException(String message) {
-        super(message);
-    }
-
     public ProofOfPossessionCreatorException(Exception e) {
         super(e);
     }

src/main/java/ch/admin/bj/swiyu/didtoolbox/model/VerificationMaterial.java

@@ -1,48 +1,71 @@
 package ch.admin.bj.swiyu.didtoolbox.model;
 
+import ch.admin.bj.swiyu.didtoolbox.PemUtils;
 import com.nimbusds.jose.jwk.Curve;
 import com.nimbusds.jose.jwk.ECKey;
 
+import java.io.IOException;
+import java.nio.file.Files;
+import java.nio.file.Path;
 import java.security.interfaces.ECPublicKey;
 
 /**
  * <a href="https://www.w3.org/TR/did-1.0/#verification-material">Verification material</a> is any information that is used by a process that applies a
  * <a href="https://www.w3.org/TR/did-1.0/#dfn-verification-method">verification method</a>.
  * <p>
+ * This interface models <a href="https://www.w3.org/TR/did-1.0/#verification-material">verification material</a> with sole focus on
+ * <a href="https://www.w3.org/TR/did-1.0/#dfn-publickeyjwk">publicKeyJwk</a> property. Ergo, beware that also optional
+ * <a href="https://www.w3.org/TR/did-1.0/#dfn-publickeymultibase">publicKeyMultibase</a> property is at this point not
+ * (yet) relevant for the interface and therefore not (yet) modeled.
+ * <p>
  * The interface also features a several convenient static factory methods focusing on standard Java types typically used for the purpose
- * of holding EC/P-256 public keys e.g. {@link ECPublicKey}.
+ * of holding public EC keys, e.g. {@link ECPublicKey} or {@link Path}.
+ *
+ * @since 1.9.0
  */
 public interface VerificationMaterial {
 
     /**
      * Yet another static factory method of the interface.
      * <p>
-     * Assuming the supplied {@code ecPublicKey} represents a valid EC/P-256 public key,
-     * a valid {@link VerificationMaterial} object is returned of type <a href="https://w3c-ccg.github.io/lds-jws2020/">JsonWebKey2020</a>.
+     * For the supplied public Elliptic Curve key {@code ecPublicKey},
+     * a valid {@link VerificationMaterial} implementation object is returned featuring {@link #getPublicKeyJwk()} method
+     * that always returns JSON representation of the Elliptic Curve JWK with any private values removed.
+     * The cryptographic curve is always P-256 (secp256r1, also called prime256v1, OID = 1.2.840.10045.3.1.7).
      *
      * @param kid         non-empty string representing a <a href="https://www.rfc-editor.org/rfc/rfc7517#section-4.5">"kid" (Key ID) Parameter</a>
-     * @param ecPublicKey valid EC/P-256 public key
-     * @return a valid {@link VerificationMaterial} implementation object, never {@code null}
+     * @param ecPublicKey The public EC key to represent. Must not be {@code null}
+     * @return a valid {@link VerificationMaterial} implementation object representing Elliptic Curve JWK with any
+     * private values removed, never {@code null}
      */
     static VerificationMaterial of(String kid, ECPublicKey ecPublicKey) {
 
-        return new VerificationMaterial() {
-            @Override
-            public String getPublicKeyJwk() {
-                return (new ECKey.Builder(Curve.P_256, ecPublicKey)).keyID(kid).build().toPublicJWK().toJSONString();
-            }
+        return () -> (new ECKey.Builder(Curve.P_256, ecPublicKey)).keyID(kid).build().toPublicJWK().toJSONString();
+    }
 
-            @Override
-            public String getPublicKeyMultibase() {
-                return null;
-            }
-        };
+    /**
+     * Yet another static factory method of the interface.
+     * <p>
+     * For the supplied public Elliptic Curve key {@code ecPublicKey},
+     * a valid {@link VerificationMaterial} implementation object is returned featuring {@link #getPublicKeyJwk()} method
+     * that always returns JSON representation of the Elliptic Curve JWK with any private values removed.
+     * The cryptographic curve is always P-256 (secp256r1, also called prime256v1, OID = 1.2.840.10045.3.1.7).
+     *
+     * @param kid                non-empty string representing a <a href="https://www.rfc-editor.org/rfc/rfc7517#section-4.5">"kid" (Key ID) Parameter</a>
+     * @param ecPublicKeyPemPath file featuring a proper public EC key in PEM format
+     * @return a valid {@link VerificationMaterial} implementation object representing Elliptic Curve JWK with any
+     * @throws IOException if the supplied {@code ecPublicKeyPemPath} does not feature a proper public EC key in PEM format
+     * private values removed, never {@code null}
+     */
+    static VerificationMaterial of(String kid, Path ecPublicKeyPemPath) throws IOException {
+        var ecPublicKey = (ECPublicKey) PemUtils.parsePemPublicKey(Files.newBufferedReader(ecPublicKeyPemPath));
+        return () -> (new ECKey.Builder(Curve.P_256, ecPublicKey)).keyID(kid).build().toPublicJWK().toJSONString();
     }
 
     /**
      * As <a href="https://www.w3.org/TR/did-1.0/#dfn-publickeyjwk">specified</a>:
      * <pre>
-     * The publicKeyJwk property is OPTIONAL. If present, the value MUST be a map representing a JSON Web Key that conforms to [RFC7517].
+     * The {@code publicKeyJwk} property is OPTIONAL. If present, the value MUST be a map representing a JSON Web Key that conforms to [RFC7517].
      * The map MUST NOT contain "d", or any other members of the private information class as described in Registration Template.
      * It is RECOMMENDED that verification methods that use JWKs [RFC7517] to represent their public keys use the value of kid as their fragment identifier.
      * It is RECOMMENDED that JWK kid values are set to the public key fingerprint [RFC7638].
@@ -52,16 +75,4 @@ public String getPublicKeyMultibase() {
      * Or {@code null} denoting its optional nature.
      */
     String getPublicKeyJwk();
-
-    /**
-     * As <a href="https://www.w3.org/TR/did-1.0/#dfn-publickeymultibase">specified</a>:
-     * <pre>
-     * The publicKeyMultibase property is OPTIONAL. This feature is non-normative.
-     * If present, the value MUST be a string representation of a [MULTIBASE] encoded public key.
-     * </pre>
-     *
-     * @return a string representation of a [MULTIBASE] encoded public key.
-     * Or {@code null} denoting its optional nature.
-     */
-    String getPublicKeyMultibase();
 }

src/main/java/ch/admin/bj/swiyu/didtoolbox/model/VerificationMethod.java

@@ -1,14 +1,12 @@
 package ch.admin.bj.swiyu.didtoolbox.model;
 
-import ch.admin.bj.swiyu.didtoolbox.JwkUtils;
 import com.google.gson.JsonObject;
 import com.google.gson.JsonParser;
 import com.google.gson.JsonSyntaxException;
 
 import java.io.IOException;
 import java.nio.file.Path;
 import java.security.interfaces.ECPublicKey;
-import java.security.spec.InvalidKeySpecException;
 import java.util.Objects;
 
 /**
@@ -18,23 +16,39 @@
  * or authorize interactions with the <a href="https://www.w3.org/TR/did-1.0/#dfn-did-subjects">DID subject</a> or associated parties.
  * <p>
  * The interface also features a several convenient static factory methods focusing on standard Java types typically used for the purpose
- * of holding EC/P-256 public keys e.g. {@link ECPublicKey}, {@link Path} or {@link String}.
+ * of holding public EC public keys e.g. {@link ECPublicKey}, {@link Path} or {@link String}.
+ *
+ * @since 1.9.0
  */
 public interface VerificationMethod {
 
+    /**
+     * The string representation of the
+     * <a href="https://www.w3.org/TR/did-1.0/#dfn-verification-method">verification method</a> type behind
+     * <a href="https://w3c-ccg.github.io/lds-jws2020/#json-web-key-2020">JsonWebKey2020</a>, which is
+     * the type of the verification method for the signature suite {@code JsonWebSignature2020}.
+     */
+    String VM_TYPE_JSON_WEB_KEY_2020 = "JsonWebKey2020";
+
     /**
      * Yet another static factory method of the interface.
      * <p>
-     * Assuming the supplied {@code publicKeyJwk} represents a proper EC/P-256 <a href="https://www.rfc-editor.org/rfc/rfc7517">JSON Web Key (JWK)</a>,
-     * a valid {@link VerificationMethod} object is returned of type <a href="https://w3c-ccg.github.io/lds-jws2020/">JsonWebKey2020</a>.
+     * Assuming the supplied {@code publicKeyJwk} represents a proper <a href="https://www.rfc-editor.org/rfc/rfc7517">JSON Web Key (JWK)</a>
+     * featuring <a href="https://www.rfc-editor.org/rfc/rfc7517#section-4.1">"kty" (Key Type)</a>, {@code crv}, {@code x} and {@code y} parameters,
+     * a valid {@link VerificationMethod} implementation object is returned featuring
+     * {@link VerificationMethod#getVerificationMaterial()} method that always returns a valid
+     * {@link VerificationMaterial} implementation object of type {@code type}
+     * (e.g. {@link #VM_TYPE_JSON_WEB_KEY_2020}).
      *
      * @param kid          non-empty string representing a <a href="https://www.rfc-editor.org/rfc/rfc7517#section-4.5">"kid" (Key ID) Parameter</a>
+     * @param type         string representation of a <a href="https://www.w3.org/TR/did-1.0/#dfn-verification-method">verification method</a> type
+     *                     (e.g. <{@link #VM_TYPE_JSON_WEB_KEY_2020})
      * @param publicKeyJwk string representation of a <a href="https://www.rfc-editor.org/rfc/rfc7517">JSON Web Key (JWK)</a>
      * @return a valid {@link VerificationMethod} implementation object, never {@code null}
      * @throws VerificationMethodException if the supplied {@code publicKeyJwk} does not represent a proper
-     *                                     <a href="https://www.rfc-editor.org/rfc/rfc7517">JSON Web Key (JWK)</a>
+     *                                     <a href="https://www.rfc-editor.org/rfc/rfc7517">JSON Web Key (JWK)</a> as described above
      */
-    static VerificationMethod of(String kid, String publicKeyJwk) throws VerificationMethodException {
+    static VerificationMethod of(String kid, String type, String publicKeyJwk) throws VerificationMethodException {
 
         JsonObject jsonObj;
         try {
@@ -60,7 +74,7 @@ public String getIdFragment() {
 
             @Override
             public String getType() {
-                return "JsonWebKey2020";
+                return type;
             }
 
             @Override
@@ -71,11 +85,6 @@ public String getPublicKeyJwk() {
                         jsonObj.addProperty("kid", kid);
                         return jsonObj.toString();
                     }
-
-                    @Override
-                    public String getPublicKeyMultibase() {
-                        return null;
-                    }
                 };
             }
 
@@ -94,33 +103,100 @@ public int hashCode() {
     /**
      * Yet another static factory method of the interface.
      * <p>
-     * Assuming the supplied {@code pemPath} denotes a file featuring a proper EC/P-256 public key,
-     * a valid {@link VerificationMethod} object is returned of type <a href="https://w3c-ccg.github.io/lds-jws2020/">JsonWebKey2020</a>.
+     * It is nothing but a variant of the {@link #of(String, String, String)}
+     * static factory method having {@link #VM_TYPE_JSON_WEB_KEY_2020} as {@code type}.
+     *
+     * @see #of(String, String, String)
+     * @see #VM_TYPE_JSON_WEB_KEY_2020
+     */
+    static VerificationMethod of(String kid, String publicKeyJwk) throws VerificationMethodException {
+        return VerificationMethod.of(kid, VM_TYPE_JSON_WEB_KEY_2020, publicKeyJwk);
+    }
+
+    /**
+     * Yet another static factory method of the interface.
+     * <p>
+     * Assuming the supplied {@code ecPublicKeyPemPath} denotes a file featuring a proper (PEM-encoded) public EC key,
+     * a valid {@link VerificationMethod} implementation object is returned featuring
+     * {@link VerificationMethod#getVerificationMaterial()} method that always returns a valid
+     * {@link VerificationMaterial} implementation object of type {@code type}
+     * (e.g. {@link #VM_TYPE_JSON_WEB_KEY_2020}).
      *
-     * @param kid     non-empty string representing a <a href="https://www.rfc-editor.org/rfc/rfc7517#section-4.5">"kid" (Key ID) Parameter</a>
-     * @param pemPath file featuring a proper EC/P-256 public key in PEM format
+     * @param kid                non-empty string representing a <a href="https://www.rfc-editor.org/rfc/rfc7517#section-4.5">"kid" (Key ID) Parameter</a>
+     * @param type               string representation of a <a href="https://www.w3.org/TR/did-1.0/#dfn-verification-method">verification method</a> type
+     *                           (e.g. <{@link #VM_TYPE_JSON_WEB_KEY_2020})
+     * @param ecPublicKeyPemPath file featuring a proper public EC key in PEM format
      * @return a valid {@link VerificationMethod} implementation object, never {@code null}
-     * @throws VerificationMethodException if the supplied {@code pemPath} does not feature a proper EC/P-256 public key in PEM format
+     * @throws VerificationMethodException if the supplied {@code ecPublicKeyPemPath} does not feature a proper public EC key in PEM format
+     * @see #of(String, String, String)
      */
-    static VerificationMethod of(String kid, Path pemPath) throws VerificationMethodException {
+    static VerificationMethod of(String kid, String type, Path ecPublicKeyPemPath) throws VerificationMethodException {
+
+        VerificationMaterial vm;
         try {
-            return VerificationMethod.of(kid, JwkUtils.loadECPublicJWKasJSON(pemPath, kid));
-        } catch (IOException | InvalidKeySpecException exc) {
+            vm = VerificationMaterial.of(kid, ecPublicKeyPemPath);
+        } catch (IOException exc) {
             throw new VerificationMethodException(exc);
         }
+
+        return new VerificationMethod() {
+            @Override
+            public String getIdFragment() {
+                return kid;
+            }
+
+            @Override
+            public String getType() {
+                return type;
+            }
+
+            @Override
+            public VerificationMaterial getVerificationMaterial() {
+                return vm;
+            }
+
+            @Override
+            public boolean equals(Object obj) {
+                return this.defaultEquals(obj);
+            }
+
+            @Override
+            public int hashCode() {
+                return Objects.hash(this.getIdFragment());
+            }
+        };
     }
 
     /**
      * Yet another static factory method of the interface.
      * <p>
-     * Assuming the supplied {@code publicKeyJwk} represents a valid EC/P-256 public key,
-     * a valid {@link VerificationMethod} object is returned of type <a href="https://w3c-ccg.github.io/lds-jws2020/">JsonWebKey2020</a>.
+     * It is nothing but a variant of the {@link #of(String, String, Path)}
+     * static factory method having {@link #VM_TYPE_JSON_WEB_KEY_2020} as {@code type}.
+     *
+     * @see #of(String, String, Path)
+     * @see #VM_TYPE_JSON_WEB_KEY_2020
+     */
+    static VerificationMethod of(String kid, Path pemPath) throws VerificationMethodException {
+        return VerificationMethod.of(kid, VM_TYPE_JSON_WEB_KEY_2020, pemPath);
+    }
+
+    /**
+     * Yet another static factory method of the interface.
+     * <p>
+     * For the supplied public EC key {@code ecPublicKey},
+     * a valid {@link VerificationMethod} implementation object is returned featuring
+     * {@link VerificationMethod#getVerificationMaterial()} method that always returns a valid
+     * {@link VerificationMaterial} implementation object of type {@code type}
+     * (e.g. {@link #VM_TYPE_JSON_WEB_KEY_2020}).
      *
      * @param kid         non-empty string representing a <a href="https://www.rfc-editor.org/rfc/rfc7517#section-4.5">"kid" (Key ID) Parameter</a>
-     * @param ecPublicKey valid EC/P-256 public key
+     * @param type        string representation of a <a href="https://www.w3.org/TR/did-1.0/#dfn-verification-method">verification method</a> type
+     *                    (e.g. <{@link #VM_TYPE_JSON_WEB_KEY_2020})
+     * @param ecPublicKey valid public EC public key
      * @return a valid {@link VerificationMethod} implementation object, never {@code null}
+     * @see VerificationMaterial#of(String, ECPublicKey)
      */
-    static VerificationMethod of(String kid, ECPublicKey ecPublicKey) {
+    static VerificationMethod of(String kid, String type, ECPublicKey ecPublicKey) {
         return new VerificationMethod() {
             @Override
             public String getIdFragment() {
@@ -129,7 +205,7 @@ public String getIdFragment() {
 
             @Override
             public String getType() {
-                return "JsonWebKey2020";
+                return type;
             }
 
             @Override
@@ -149,6 +225,19 @@ public int hashCode() {
         };
     }
 
+    /**
+     * Yet another static factory method of the interface.
+     * <p>
+     * It is nothing but a variant of the {@link #of(String, String, ECPublicKey)}
+     * static factory method having {@link #VM_TYPE_JSON_WEB_KEY_2020} as {@code type}.
+     *
+     * @see #of(String, String, ECPublicKey)
+     * @see #VM_TYPE_JSON_WEB_KEY_2020
+     */
+    static VerificationMethod of(String kid, ECPublicKey ecPublicKey) {
+        return VerificationMethod.of(kid, VM_TYPE_JSON_WEB_KEY_2020, ecPublicKey);
+    }
+
     /**
      * As <a href="https://www.w3.org/TR/did-1.0/#dfn-verificationmethod">specified</a>
      * and w.r.t. <a href="https://www.rfc-editor.org/rfc/rfc3986#section-3.5">RFC3986</a>