Did log operations

demo/README.md

@@ -1,23 +1,15 @@
 # DID WebVH Server Demo
 
-There's 3 ways to run this demo:
-- Using the deployed demo instance of the services through the public Postman workspace.
-  - Just head to the [public Postman workspace](https://www.postman.com/bcgov-digital-trust/trust-did-web-server) and follow the instructions.
-  - You can also import this workspace by searching for `Trust DID Web Server` in the public API Network.
-
-- Deploying the project locally and using a desktop installation of Postman to execute the requests.
-  - You will need a **local** installation of the [Postman desktop app](https://www.postman.com/downloads/). Once you have this, you can import the [public workspace](https://www.postman.com/bcgov-digital-trust/trust-did-web-server). The workspace also contains additional documentation for runnig this demo.
-
-- Deploying the project locally and using the OpenAPI web interfaces of each service.
+These are step by step instructions.
 
 ## Setting up you local deployments
 
 You will need a docker installation, curl, jq and a bash shell.
 
 Once this is all checked, you can clone the repo, move to the demo repository and start the services:
 ```bash
-git clone https://github.com/OpSecId/trustdidweb-server-py.git
-cd trustdidweb-server-py/demo/ && ./manage start
+git clone https://github.com/identity-foundation/didwebvh-server-py.git
+cd didwebvh-server-py/demo/ && ./manage start
 
 ```
 
@@ -32,9 +24,11 @@ curl -H Host:agent.docker.localhost \
 ```
 
 *You can visit the following pages in your browser*
-- http://agent.docker.localhost
+- http://agent.docker.localhost/api/doc
 - http://server.docker.localhost/docs
 
+You can continue reading to go through the steps of registering a DID. There's also a script available to automate this (`./register.sh`).
+
 ## Create a DID
 
 Time required: Less than 10 minutes
@@ -43,153 +37,78 @@ DID web requires a public endpoint to be globally resolveable. For this demo, we
 
 This demo also serves as an introduction to Data Integrity proof sets.
 
+At any time, you can reset this demo with the `./manage restart` command.
+
 ### Request a did namespace and identifier
 ```bash
-namespace='demo'
-identifier='issuer'
-curl -H Host:server.docker.localhost \
-    http://127.0.0.1?namespace=$namespace&identifier=$identifier | jq .
-```
-```json
-{
-  "document": {
-    "@context": [
-      "https://www.w3.org/ns/did/v1"
-    ],
-    "id": "did:web:server.docker.localhost:demo:issuer"
-  },
-  "options": {
-    "type": "DataIntegrityProof",
-    "cryptosuite": "eddsa-jcs-2022",
-    "proofPurpose": "authentication",
-    "created": "2024-09-06T20:57:52+00:00",
-    "expires": "2024-09-06T21:07:52+00:00",
-    "domain": "server.docker.localhost",
-    "challenge": "de96aa5e-3c6d-55d7-9ef7-77dd98cabf96"
-  }
-}
+DID_REQUEST=$(curl -H Host:server.docker.localhost \
+    'http://127.0.0.1?namespace=demo&identifier=issuer' | jq .)
+
+DID_DOCUMENT=$(echo $DID_REQUEST | jq .didDocument)
+PROOF_OPTIONS=$(echo $DID_REQUEST | jq .proofOptions)
+
 ```
-From this point on, you have 10 minutes to complete the rest of this demo before the proof configuration is expired. You can restart at any moment with the `./manage restart` command.
 
-## Create a new verification Method
-Open the browser and register a new verification method with the agent.
-- http://issuer.docker.localhost/api/doc#/wallet/post_keys
+The proof options generated have a 10 minutes validity period, after which you will need to request a new set of options.
 
-Here's a sample request you can copy into the OpenAPI interface.
+## Create an update key for this did
+```bash
+# http://agent.docker.localhost/api/doc#/wallet/post_wallet_keys
 
-```json
-{
-    "kid": "did:web:server.docker.localhost:demo:issuer#key-01"
-}
-```
+UPDATE_KEY=$(curl -X 'POST' -H Host:agent.docker.localhost \
+  'http://127.0.0.1/wallet/keys' \
+  -d '{}' | jq -r .multikey)
+CONTROLLER_VERIFICATION_METHOD="did:key:$UPDATE_KEY#$UPDATE_KEY"
 
-## Create and sign the did document
-Create your DID document, adding the verification method created at the previous step. Also add an `authentication` and `assertionMethod` relationship to this verification method.
-```json
-{
-    "@context": [
-      "https://www.w3.org/ns/did/v1"
-    ],
-    "id": "did:web:server.docker.localhost:demo:issuer",
-    "authentication": ["did:web:server.docker.localhost:demo:issuer#key-01"],
-    "assertionMethod": ["did:web:server.docker.localhost:demo:issuer#key-01"],
-    "verificationMethod": [
-        {
-            "id": "did:web:server.docker.localhost:demo:issuer#key-01",
-            "type": "MultiKey",
-            "controller": "did:web:server.docker.localhost:demo:issuer",
-            "publicKeyMultibase": "z6MkgKA7yrw5kYSiDuQFcye4bMaJpcfHFry3Bx45pdWh3s8i"
-        }
-    ],
-}
 ```
+
+## Sign the did document
+You can optionally add information to your did document containing the content you want to publish. Refer to the did core spec to get familiar with such features. For this demo, we will leave it as is.
+
 Sign with the proof options obtained from step 1.
-- http://issuer.docker.localhost/api/doc#/wallet/post_wallet_di_add_proof
-
-See below for a template to use as your request body.
-- *You will need to use the options you obtained since there's an expiration of 10 minutes and a unique challenge was created.*
-- *Also, you will need to add the verificationMethod you created.*
-```json
-{
-  "document": {
-        "@context": [
-          "https://www.w3.org/ns/did/v1"
-        ],
-        "id": "did:web:server.docker.localhost:demo:issuer",
-        "authentication": ["did:web:server.docker.localhost:demo:issuer#key-01"],
-        "assertionMethod": ["did:web:server.docker.localhost:demo:issuer#key-01"],
-        "verificationMethod": [
-            {
-                "id": "did:web:server.docker.localhost:demo:issuer#key-01",
-                "type": "MultiKey",
-                "controller": "did:web:server.docker.localhost:demo:issuer",
-                "publicKeyMultibase": "z6MkgKA7yrw5kYSiDuQFcye4bMaJpcfHFry3Bx45pdWh3s8i"
-            }
-        ]
-    },
-  "options": {
-    "type": "DataIntegrityProof",
-    "cryptosuite": "eddsa-jcs-2022",
-    "proofPurpose": "authentication",
-    "created": "⚠️",
-    "expires": "⚠️",
-    "domain": "server.docker.localhost",
-    "challenge": "⚠️",
-    "verificationMethod": "did:key:⚠️#⚠️"
-  }
-}
+```bash
+# http://issuer.docker.localhost/api/doc#/wallet/post_wallet_di_add_proof
+
+# Add verificationMethod to the proof options
+CONTROLLER_PROOF_OPTIONS=$(jq '. += {"verificationMethod": "'"$CONTROLLER_VERIFICATION_METHOD"'"}' <<< "$PROOF_OPTIONS")
+
+# Construct the payload for the request
+PAYLOAD=$(cat <<EOF 
+{"document": $DID_DOCUMENT, "options": $CONTROLLER_PROOF_OPTIONS}
+EOF
+)
+
+# Request a signature on the did document
+SIGNED_DID_DOC=$(curl -X 'POST' -H Host:agent.docker.localhost \
+  -H 'Content-Type: application/json' \
+  'http://127.0.0.1/vc/di/add-proof' \
+  -d ''"$PAYLOAD"'' | jq .securedDocument)
 
 ```
 
 ## Request an endorser signature
 Request an endorser signature on the signed did document.
-- http://endorser.docker.localhost/api/doc#/wallet/post_wallet_di_add_proof
-
-See below for a template to use as your request body.
-- *Again, you will need to use the options you obtained since there's an expiration of 10 minutes and a unique challenge was created.*
-- *Also, you will need to add the `verificationMethod` from the endorser, which is derived from the server's root did: `did:web:server.docker.localhost#key-01`. This has been provisioned on the endorser agent during startup.*
-```json
-{
-  "document": {
-        "@context": [
-          "https://www.w3.org/ns/did/v1"
-        ],
-        "id": "did:web:server.docker.localhost:demo:issuer",
-        "authentication": ["did:web:server.docker.localhost:demo:issuer#key-01"],
-        "assertionMethod": ["did:web:server.docker.localhost:demo:issuer#key-01"],
-        "verificationMethod": [
-            {
-                "id": "did:web:server.docker.localhost:demo:issuer#key-01",
-                "type": "MultiKey",
-                "controller": "did:web:server.docker.localhost:demo:issuer",
-                "publicKeyMultibase": "z6MkgKA7yrw5kYSiDuQFcye4bMaJpcfHFry3Bx45pdWh3s8i"
-            }
-        ],
-        "proof": [
-          {
-            "type": "DataIntegrityProof",
-            "cryptosuite": "eddsa-jcs-2022",
-            "proofPurpose": "authentication",
-            "verificationMethod": "did:key:⚠️#⚠️",
-            "created": "⚠️",
-            "expires": "⚠️",
-            "domain": "server.docker.localhost",
-            "challenge": "⚠️",
-            "proofValue": "z3GBx56nXZDead55EXi85tLyeXiS2oTa3SEkQYtgiqGANE6k4GxZXFNs1Uh7tdAA2tsgo8HarkZs8YrCwuA8biQaj"
-          }
-        ]
-    },
-  "options": {
-    "type": "DataIntegrityProof",
-    "cryptosuite": "eddsa-jcs-2022",
-    "proofPurpose": "authentication",
-    "verificationMethod": "did:key:z6MkgKA7yrw5kYSiDuQFcye4bMaJpcfHFry3Bx45pdWh3s8i#z6MkgKA7yrw5kYSiDuQFcye4bMaJpcfHFry3Bx45pdWh3s8i ",
-    "created": "⚠️",
-    "expires": "⚠️",
-    "domain": "server.docker.localhost",
-    "challenge": "⚠️"
-  }
-}
+
+```bash
+# http://issuer.docker.localhost/api/doc#/wallet/post_wallet_di_add_proof
+
+# Change verificationMethod to the proof options
+ENDORSER_KEY='z6MkgKA7yrw5kYSiDuQFcye4bMaJpcfHFry3Bx45pdWh3s8i'
+ENDORSER_VERIFICATION_METHOD="did:key:$ENDORSER_KEY#$ENDORSER_KEY"
+ENDORSER_PROOF_OPTIONS=$(jq '. += {"verificationMethod": "'"$ENDORSER_VERIFICATION_METHOD"'"}' <<< "$PROOF_OPTIONS")
+
+# Construct the payload for the request
+PAYLOAD=$(cat <<EOF 
+{"document": $SIGNED_DID_DOC, "options": $ENDORSER_PROOF_OPTIONS}
+EOF
+)
+
+# Request a signature on the did document
+ENDORSED_DID_DOC=$(curl -X 'POST' -H Host:agent.docker.localhost \
+  -H 'Content-Type: application/json' \
+  'http://127.0.0.1/vc/di/add-proof' \
+  -d ''"$PAYLOAD"'' | jq .securedDocument)
+
 ```
 
 ## Send the request back to the server
@@ -200,8 +119,55 @@ If you completed the steps properly and within 10 minutes, your DID will now be
 
 If you get an error, try restarting the demo using the `./manage restart` command.
 
+```bash
+# Construct the payload for the request
+PAYLOAD=$(cat <<EOF 
+{"didDocument": $ENDORSED_DID_DOC}
+EOF
+)
+
+# Request a signature on the did document
+curl -X 'POST' -H Host:server.docker.localhost \
+  -H 'Content-Type: application/json' \
+  'http://127.0.0.1/' \
+  -d ''"$PAYLOAD"'' | jq .
+
+```
 
-## Resolve (locally) your new DID
+## Resolve (locally) the DID
 ```bash
 curl -H Host:server.docker.localhost http://127.0.0.1/demo/issuer/did.json | jq .
 ```
+
+## Initialise the DID Log
+
+```bash
+# Request the provided helper log entry to sign
+LOG_ENTRY=$(curl -H Host:server.docker.localhost http://127.0.0.1/demo/issuer | jq .logEntry)
+
+# Sign with the controller
+PAYLOAD=$(cat <<EOF 
+{"document": $LOG_ENTRY, "options": $CONTROLLER_PROOF_OPTIONS}
+EOF
+)
+SIGNED_LOG_ENTRY=$(curl -X 'POST' -H Host:agent.docker.localhost \
+  -H 'Content-Type: application/json' \
+  'http://127.0.0.1/vc/di/add-proof' \
+  -d ''"$PAYLOAD"'' | jq .securedDocument)
+
+# Send response to server
+PAYLOAD=$(cat <<EOF 
+{"logEntry": $SIGNED_LOG_ENTRY}
+EOF
+)
+curl -X 'POST' -H Host:server.docker.localhost \
+  -H 'Content-Type: application/json' \
+  'http://127.0.0.1/demo/issuer' \
+  -d ''"$PAYLOAD"'' | jq .
+
+```
+
+## Resolve (locally) the DID Log
+```bash
+curl -H Host:server.docker.localhost http://127.0.0.1/demo/issuer/did.jsonl
+```

demo/docker-compose.yml

@@ -1,21 +1,5 @@
 ---
 services:
-  frontend:
-    build:
-      context: frontend
-      dockerfile: Dockerfile
-    environment:
-      DOMAIN: server.${DOMAIN}
-      SECRET_KEY: ${SECRET_KEY}
-      ENDORSER_MULTIKEY: ${ENDORSER_MULTIKEY}
-      TDW_SERVER_URL: http://server:8000
-      AGENT_ADMIN_URL: http://agent:8020
-    labels:
-      - traefik.enable=true
-      - traefik.http.routers.frontend.rule=Host(`demo.${DOMAIN}`)
-      - traefik.http.routers.frontend.entrypoints=web
-      - traefik.http.services.frontend.loadbalancer.server.port=5000
-
   server:
     build:
       context: ../server