Skip to content

Feat/eidomni 708 unambiguous supply of did doc verification material #63

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
vst-bit merged 9 commits into from
Mar 4, 2026
Merged

Feat/eidomni 708 unambiguous supply of did doc verification material #63

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
64d7730
EIDOMNI-708: Default verification material (in a DID document) is gen…
vst-bit Feb 20, 2026
47b4b30
EIDOMNI-708: DidLogCreator#forceOverwrite fluent method deprecated. T…
vst-bit Feb 23, 2026
1fe3c1e
EIDOMNI-708: Verification material for DID document ("assertionMethod…
vst-bit Feb 25, 2026
2b1403d
EIDOMNI-708: PMD (medium) warnings fixed/suppressed
vst-bit Feb 25, 2026
33d8ee1
EIDOMNI-708: PMD (medium) warnings fixed/suppressed
vst-bit Feb 25, 2026
7dacfd7
EIDOMNI-708: Further unit tests added. PlantUML diagrams updated
vst-bit Feb 26, 2026
87ffd06
EIDOMNI-708: Reviewer remarks taken into account, hence cleanup and o…
vst-bit Mar 3, 2026
206e416
Merge branch 'main' into feat/EIDOMNI-708-unambiguous-supply-of-did-d…
vst-bit Mar 3, 2026
4b5bf7b
EIDOMNI-708: PMD warning suppressed
vst-bit Mar 3, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@

| Version | Description |
|-----------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| **1.9.0** | Changed [Proof-of-Possession (PoP)](https://www.rfc-editor.org/rfc/rfc7800.html) creation to include a resolvable `kid` in the JWT header. |
| **1.9.0** | Changed [Proof-of-Possession (PoP)](https://www.rfc-editor.org/rfc/rfc7800.html) creation to include a resolvable `kid` in the JWT header. |
Comment thread
vst-bit marked this conversation as resolved.
| 1.8.0 | **FEATURE**: The DID Toolbox Java API enhanced - supplying [DID method parameters](https://identity.foundation/didwebvh/v1.0/#didwebvh-did-method-parameters) `updateKeys`/`nextKeyHashes` via new Java interfaces `UpdateKeysDidMethodParameter`/`NextKeyHashesDidMethodParameter` (in case of `DidLog[Creator\|Updater]Context` classes). Deprecations introduced accordingly. <p/>**REFACTORING**: Reusing crypto-logic already implemented in Rust (DID Resolver) - e.g. new [cryptosuite](https://www.w3.org/TR/vc-di-eddsa/#eddsa-jcs-2022) class introduced (`EdDsaJcs2022VcDataIntegrityCryptographicSuite`) in favor of deprecated `Ed25519VerificationMethodKeyProviderImpl` |
| 1.7.0 | Support for the [_post-quantum safe_](https://didwebvh.info/latest/implementers-guide/prerotation-keys/#post-quantum-attacks) technique called [Key Rotation with Pre-Rotation](https://didwebvh.info/latest/implementers-guide/prerotation-keys) introduced: A value for the `nextKeyHashes` DID method parameter can now also be supplied via new `-w` CLI option, in the fashion similar to supplying `updateKeys` values |
| 1.6.0 | Support for [DID Web + Verifiable History (`did:webvh`) - v1.0](https://identity.foundation/didwebvh/v1.0/) introduced, which is now the default DID method when running `create` command (instead of legacy `did:tdw:0.3`). Running DID method operations via appropriate contexts (`ch.admin.bj.swiyu.didtoolbox.context.DidLog*Context`) |
Expand Down
2 changes: 1 addition & 1 deletion THIRD-PARTY-LICENSES.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ This is the list of all third-party dependencies grouped by their license type.
* **Gson** (com.google.code.gson:gson:2.13.2 - https://github.com/google/gson)
* **Tink Cryptography API** (com.google.crypto.tink:tink:1.20.0 - http://github.com/tink-crypto/tink-java)
* **error-prone annotations** (com.google.errorprone:error_prone_annotations:2.41.0 - https://errorprone.info/error_prone_annotations)
* **Nimbus JOSE+JWT** (com.nimbusds:nimbus-jose-jwt:10.7 - https://bitbucket.org/connect2id/nimbus-jose-jwt)
* **Nimbus JOSE+JWT** (com.nimbusds:nimbus-jose-jwt:10.8 - https://bitbucket.org/connect2id/nimbus-jose-jwt)
* **Java Native Access** (net.java.dev.jna:jna:5.18.1 - https://github.com/java-native-access/jna)
* **org.apiguardian:apiguardian-api** (org.apiguardian:apiguardian-api:1.1.2 - https://github.com/apiguardian-team/apiguardian)
* **jcommander** (org.jcommander:jcommander:3.0 - https://jcommander.org)
Expand Down
2 changes: 1 addition & 1 deletion examples/using-pre-rotation-keys/pom.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,7 @@
<dependency>
<groupId>ch.admin.swiyu</groupId>
<artifactId>didtoolbox</artifactId>
<version>1.8.0</version>
<version>1.9.0-SNAPSHOT</version>
</dependency>
</dependencies>

Expand Down
18 changes: 7 additions & 11 deletions examples/using-pre-rotation-keys/src/main/java/org/examples/Main.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,13 +1,10 @@
package org.examples;

import ch.admin.bj.swiyu.didtoolbox.JwkUtils;
import ch.admin.bj.swiyu.didtoolbox.context.DidLogCreatorContext;
import ch.admin.bj.swiyu.didtoolbox.context.DidLogCreatorStrategyException;
import ch.admin.bj.swiyu.didtoolbox.context.DidLogUpdaterContext;
import ch.admin.bj.swiyu.didtoolbox.context.DidLogUpdaterStrategyException;
import ch.admin.bj.swiyu.didtoolbox.model.NextKeyHashesDidMethodParameter;
import ch.admin.bj.swiyu.didtoolbox.model.NextKeyHashesDidMethodParameterException;
import ch.admin.bj.swiyu.didtoolbox.model.UpdateKeysDidMethodParameter;
import ch.admin.bj.swiyu.didtoolbox.model.*;
import ch.admin.bj.swiyu.didtoolbox.vc_data_integrity.EdDsaJcs2022VcDataIntegrityCryptographicSuite;
import ch.admin.bj.swiyu.didtoolbox.vc_data_integrity.VcDataIntegrityCryptographicSuite;
import ch.admin.bj.swiyu.didtoolbox.vc_data_integrity.VcDataIntegrityCryptographicSuiteException;
Expand All @@ -23,10 +20,9 @@
import java.nio.file.Path;
import java.security.PublicKey;
import java.security.spec.InvalidKeySpecException;
import java.util.Map;
import java.util.Set;

public class Main {

Check warning on line 25 in examples/using-pre-rotation-keys/src/main/java/org/examples/Main.java

View workflow job for this annotation

GitHub Actions / code-quality-check

All methods are static. Consider adding a private no-args constructor to prevent instantiation. 

For classes that only have static methods, consider making them utility classes.
Note that this doesn't apply to abstract classes, since their subclasses may
well include non-static methods.  Also, if you want this class to be a utility class,
remember to add a private constructor to prevent instantiation.
(Note, that this use was known before PMD 5.1.0 as UseSingleton).

UseUtilityClass (Priority: 3, Ruleset: Design)
https://docs.pmd-code.org/snapshot/pmd_rules_java_design.html#useutilityclass

public static void main(String... args) {

Expand All @@ -36,7 +32,7 @@
try {
System.out.println(build());
} catch (URISyntaxException | IOException | DidLogCreatorStrategyException | DidLogUpdaterStrategyException |
InvalidKeySpecException | NextKeyHashesDidMethodParameterException err) {
InvalidKeySpecException | NextKeyHashesDidMethodParameterException | VerificationMethodException err) {
System.err.println(err.getMessage());
System.exit(1);
}
Expand All @@ -45,7 +41,7 @@
}

static String build() throws URISyntaxException, IOException, DidLogCreatorStrategyException,
DidLogUpdaterStrategyException, InvalidKeySpecException, NextKeyHashesDidMethodParameterException {
DidLogUpdaterStrategyException, InvalidKeySpecException, NextKeyHashesDidMethodParameterException, VerificationMethodException {

// initial DID log entry
var didLog = new StringBuilder(
Expand All @@ -62,8 +58,8 @@
//,NextKeyHashesDidMethodParameter.of(RandomEd25519KeyStore.rotate().getPublicKey())
//,NextKeyHashesDidMethodParameter.of(RandomEd25519KeyStore.rotate().getPublicKey())
))
// Forced to avoid error: "The PEM file(s) exist(s) already and will remain intact until overwrite mode is engaged: .didtoolbox/auth-key-01"
.forceOverwrite(true)
.assertionMethods(Set.of(VerificationMethod.of("my-assert-key-01", Path.of("../../src/test/data/assert-key-01.pub"))))
.authentications(Set.of(VerificationMethod.of("my-auth-key-01", Path.of("../../src/test/data/auth-key-01.pub"))))
.build()
.create(URL.of(new URI("https://identifier-reg.trust-infra.swiyu-int.admin.ch/api/v1/did/18fa7c77-9dd1-4e20-a147-fb1bec146085"), null))
).append(System.lineSeparator());
Expand All @@ -71,15 +67,13 @@
// Update the DID log by adding as many entries as there are keys in the store.
// Keep "rotating" (pre-rotation) keys while updating
var i = 0;
while (i++ < RandomEd25519KeyStore.getCapacity()) {

Check warning on line 70 in examples/using-pre-rotation-keys/src/main/java/org/examples/Main.java

View workflow job for this annotation

GitHub Actions / code-quality-check

Avoid assignment to i in operand 

Avoid assignments in operands; this can make code more complicated and harder to read.

AssignmentInOperand (Priority: 3, Ruleset: Error Prone)
https://docs.pmd-code.org/snapshot/pmd_rules_java_errorprone.html#assignmentinoperand

didLog.append(
// next DID log entry
DidLogUpdaterContext.builder()
// switch to the key defined by the "nextKeyHashes" from the previous entry (the key store is already "rotated" earlier)
.cryptographicSuite(RandomEd25519KeyStore.cryptographicSuite())
// REMINDER .didtoolbox directory was created previously while building the initial DID log entry (thanks to .forceOverwrite(true))
.assertionMethodKeys(Map.of("my-assert-key-0" + i, JwkUtils.loadECPublicJWKasJSON(Path.of(".didtoolbox/assert-key-01.pub"), "my-assert-key-0" + i))).authenticationKeys(Map.of("my-auth-key-0" + i, JwkUtils.loadECPublicJWKasJSON(Path.of(".didtoolbox/auth-key-01.pub"), "my-auth-key-0" + i)))
// Prepare ("rotate" to) another pre-rotation key to be used when building the next DID log entry
.nextKeyHashesDidMethodParameter(Set.of(
// Bear in mind, after the key store "rotation", all its (static) helpers "point" to the next/another key in the store
Expand All @@ -89,6 +83,8 @@
//,NextKeyHashesDidMethodParameter.of(RandomEd25519KeyStore.rotate().getPublicKey())
//,NextKeyHashesDidMethodParameter.of(RandomEd25519KeyStore.rotate().getPublicKey())
))
.assertionMethods(Set.of(VerificationMethod.of("my-assert-key-0" + i, Path.of("../../src/test/data/assert-key-01.pub"))))
.authentications(Set.of(VerificationMethod.of("my-auth-key-0" + i, Path.of("../../src/test/data/auth-key-01.pub"))))
.build()
.update(didLog.toString())
).append(System.lineSeparator());
Expand All @@ -105,7 +101,7 @@
* <strong>CAUTION</strong> The sole purpose of this helper class is to assist developers while writing unit tests.
* It is NOT intended to be used in production code.
*/
static class RandomEd25519KeyStore {

Check failure on line 104 in examples/using-pre-rotation-keys/src/main/java/org/examples/Main.java

View workflow job for this annotation

GitHub Actions / code-quality-check

This class has only private constructors and may be final 

Reports classes that may be made final because they cannot be extended from outside
their compilation unit anyway. This is because all their constructors are private,
so a subclass could not call the super constructor.

ClassWithOnlyPrivateConstructorsShouldBeFinal (Priority: 1, Ruleset: Design)
https://docs.pmd-code.org/snapshot/pmd_rules_java_design.html#classwithonlyprivateconstructorsshouldbefinal

private static RandomEd25519KeyStore instance = new RandomEd25519KeyStore(5);
private final VcDataIntegrityCryptographicSuite[] suites;
Expand All @@ -123,13 +119,13 @@
var index = 0;
do {
// the Ed25519VerificationMethodKeyProviderImpl() would also work, but is deprecated
var suite = new EdDsaJcs2022VcDataIntegrityCryptographicSuite();

Check warning on line 122 in examples/using-pre-rotation-keys/src/main/java/org/examples/Main.java

View workflow job for this annotation

GitHub Actions / code-quality-check

Avoid instantiating new objects inside loops 

New objects created within loops should be checked to see if they can created outside them and reused.

AvoidInstantiatingObjectsInLoops (Priority: 3, Ruleset: Performance)
https://docs.pmd-code.org/snapshot/pmd_rules_java_performance.html#avoidinstantiatingobjectsinloops
suites[index] = suite;
Path publicPEM = null;
try {
publicPEM = Files.createTempFile("mypublic", "");
suite.writePublicKeyPemFile(publicPEM);
final PEMParser parser = new PEMParser(Files.newBufferedReader(publicPEM));

Check warning on line 128 in examples/using-pre-rotation-keys/src/main/java/org/examples/Main.java

View workflow job for this annotation

GitHub Actions / code-quality-check

Avoid instantiating new objects inside loops 

New objects created within loops should be checked to see if they can created outside them and reused.

AvoidInstantiatingObjectsInLoops (Priority: 3, Ruleset: Performance)
https://docs.pmd-code.org/snapshot/pmd_rules_java_performance.html#avoidinstantiatingobjectsinloops
var pemObj = parser.readObject();
if (pemObj instanceof SubjectPublicKeyInfo) {
keys[index] = new JcaPEMKeyConverter().getPublicKey((SubjectPublicKeyInfo) pemObj);
Expand All @@ -138,12 +134,12 @@
}

} catch (VcDataIntegrityCryptographicSuiteException | IOException e) {
throw new RuntimeException(e);

Check failure on line 137 in examples/using-pre-rotation-keys/src/main/java/org/examples/Main.java

View workflow job for this annotation

GitHub Actions / code-quality-check

Avoid throwing raw exception type RuntimeException. 

Avoid throwing certain exception types. Rather than throw a raw RuntimeException, Throwable,
Exception, or Error, use a subclassed exception or error instead.

AvoidThrowingRawExceptionTypes (Priority: 1, Ruleset: Design)
https://docs.pmd-code.org/snapshot/pmd_rules_java_design.html#avoidthrowingrawexceptiontypes
} finally {
if (publicPEM != null) publicPEM.toFile().deleteOnExit();
}

} while (++index < suites.length);

Check warning on line 142 in examples/using-pre-rotation-keys/src/main/java/org/examples/Main.java

View workflow job for this annotation

GitHub Actions / code-quality-check

Avoid assignment to index in operand 

Avoid assignments in operands; this can make code more complicated and harder to read.

AssignmentInOperand (Priority: 3, Ruleset: Error Prone)
https://docs.pmd-code.org/snapshot/pmd_rules_java_errorprone.html#assignmentinoperand
}

static void init(int capacity) {
Expand Down
30 changes: 7 additions & 23 deletions pom.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -349,7 +349,7 @@
<outputFilename>DidLogCreatorContext-create.puml</outputFilename>
<startClass>ch.admin.bj.swiyu.didtoolbox.context.DidLogCreatorContext</startClass>
<startMethod>create</startMethod>
<classBlacklistRegexp>.*Builder*.*</classBlacklistRegexp>
<classBlacklistRegexp>.*Builder*.*|.*Companion*.*|.*Uniffi*.*|.*Ffi*.*|.*Kt*.*|.*google*.*</classBlacklistRegexp>
<enableMarkdownWrapper>true</enableMarkdownWrapper>
<!--ignoreStandardClasses>true</ignoreStandardClasses-->
<showReturnTypes>true</showReturnTypes>
Expand All @@ -369,7 +369,7 @@
<outputFilename>DidLogUpdaterContext-update.puml</outputFilename>
<startClass>ch.admin.bj.swiyu.didtoolbox.context.DidLogUpdaterContext</startClass>
<startMethod>update</startMethod>
<classBlacklistRegexp>.*Builder*.*</classBlacklistRegexp>
<classBlacklistRegexp>.*Builder*.*|.*Companion*.*|.*Uniffi*.*|.*Ffi*.*|.*Kt*.*|.*google*.*</classBlacklistRegexp>
<enableMarkdownWrapper>true</enableMarkdownWrapper>
<!--ignoreStandardClasses>true</ignoreStandardClasses-->
<showReturnTypes>true</showReturnTypes>
Expand All @@ -389,7 +389,7 @@
<outputFilename>DidLogDeactivatorContext-deactivate.puml</outputFilename>
<startClass>ch.admin.bj.swiyu.didtoolbox.context.DidLogDeactivatorContext</startClass>
<startMethod>deactivate</startMethod>
<classBlacklistRegexp>.*Builder*.*</classBlacklistRegexp>
<classBlacklistRegexp>.*Builder*.*|.*Companion*.*|.*Uniffi*.*|.*Ffi*.*|.*Kt*.*|.*google*.*</classBlacklistRegexp>
<enableMarkdownWrapper>true</enableMarkdownWrapper>
<!--ignoreStandardClasses>true</ignoreStandardClasses-->
<showReturnTypes>true</showReturnTypes>
Expand All @@ -398,22 +398,6 @@
<useShortClassNames>false</useShortClassNames>
</configuration>
</execution>
<!--execution>
<id>generate-simple-diagram-WebVerifiableHistoryCreator-createDidLog</id>
<goals>
<goal>generateSequenceDiagram</goal>
</goals>
<phase>generate-test-sources</phase>
<configuration>
<outputDirectory>${basedir}/src/main/plantuml</outputDirectory>
<outputFilename>WebVerifiableHistoryCreator-createDidLog.puml</outputFilename>
<startClass>ch.admin.bj.swiyu.didtoolbox.webvh.WebVerifiableHistoryCreator</startClass>
<startMethod>createDidLog</startMethod>
<classBlacklistRegexp>.*Builder*.*|.*Companion*.*|.*Uniffi*.*|.*Ffi*.*|.*Kt*.*|.*google*.*</classBlacklistRegexp>
<enableMarkdownWrapper>true</enableMarkdownWrapper>
<showReturnTypes>true</showReturnTypes>
</configuration>
</execution-->
<!-- class diagrams -->
<execution>
<id>generate-diagram-didtoolbox-api-classes-only</id>
Expand All @@ -433,13 +417,13 @@
<fieldClassifierListToIgnore>
<fieldClassifierListToIgnore>STATIC</fieldClassifierListToIgnore>
</fieldClassifierListToIgnore>
<methodClassifierListToIgnore>STATIC</methodClassifierListToIgnore>
<!--methodClassifierListToIgnore>STATIC</methodClassifierListToIgnore-->
<hideFields>true</hideFields>
<hideMethods>true</hideMethods>
<!--useShortClassNames>true</useShortClassNames-->
<!--useShortClassNamesInFieldsAndMethods>true</useShortClassNamesInFieldsAndMethods-->
<blacklistRegexp>.*.jcommander.*|.*Util*.*|.*FilesPrivacy*.*|.*Tdw*.*|.*WebVerifiableHistory*.*|*.*ContextBuilder.*</blacklistRegexp>
<whitelistRegexp>.*VerificationMethodKeyProvider.*|.*.vc_data_integrity.*|.*.context.*|.*Enum*.*|.*.model.*DidMethodParameter*.*</whitelistRegexp>
<whitelistRegexp>.*VerificationMethodKeyProvider.*|.*.vc_data_integrity.*|.*.context.*|.*Enum*.*|.*.model.*DidMethodParameter*.*|.*.model.*Verification*.*</whitelistRegexp>
<enableMarkdownWrapper>true</enableMarkdownWrapper>
<additionalPlantUmlConfigs>
<!-- see https://pdf.plantuml.net/PlantUML_Language_Reference_Guide_en.pdf -->
Expand Down Expand Up @@ -470,13 +454,13 @@
<fieldClassifierListToIgnore>
<fieldClassifierListToIgnore>STATIC</fieldClassifierListToIgnore>
</fieldClassifierListToIgnore>
<methodClassifierListToIgnore>STATIC</methodClassifierListToIgnore>
<!--methodClassifierListToIgnore>STATIC</methodClassifierListToIgnore-->
<!--hideFields>true</hideFields>
<hideMethods>true</hideMethods-->
<!--useShortClassNames>true</useShortClassNames-->
<!--useShortClassNamesInFieldsAndMethods>true</useShortClassNamesInFieldsAndMethods-->
<blacklistRegexp>.*.jcommander.*|.*Util*.*|.*FilesPrivacy*.*|.*Tdw*.*|.*WebVerifiableHistory*.*|*.*ContextBuilder.*</blacklistRegexp>
<whitelistRegexp>.*VerificationMethodKeyProvider.*|.*.vc_data_integrity.*|.*.context.*|.*Enum*.*|.*.model.*DidMethodParameter*.*</whitelistRegexp>
<whitelistRegexp>.*VerificationMethodKeyProvider.*|.*.vc_data_integrity.*|.*.context.*|.*Enum*.*|.*.model.*DidMethodParameter*.*|.*.model.*Verification*.*</whitelistRegexp>
<enableMarkdownWrapper>true</enableMarkdownWrapper>
<additionalPlantUmlConfigs>
<!-- see https://pdf.plantuml.net/PlantUML_Language_Reference_Guide_en.pdf -->
Expand Down
Loading
Loading