From efab0ac8f10e0eca102f5e99981b12cb4519cce6 Mon Sep 17 00:00:00 2001 From: Gabe <7622243+decentralgabe@users.noreply.github.com> Date: Tue, 10 Dec 2024 14:16:03 -0800 Subject: [PATCH] Revert "Migrate (#16)" This reverts commit 008380bea39c085cf811857fd31aa6a3f96e9fcc. --- .github/ISSUE_TEMPLATE/bug-report.md | 31 ++++++ .github/workflows/ci.yml | 4 +- .github/workflows/golangci-lint.yml | 2 +- .github/workflows/security.yml | 22 +++++ CODE_OF_CONDUCT.md | 136 +++++++++++++++++++++++++++ CONTRIBUTING.md | 121 ++++++++++++++++++++++++ GOVERNANCE.md | 67 +++++++++++++ LICENSE | 3 +- README.md | 66 +++++++------ SECURITY.md | 2 +- cid/cid.go | 38 +------- cid/testdata/vm-ed25519.json | 20 ---- cid/testdata/vm-p256.json | 22 ----- cid/testdata/vm-p384.json | 22 ----- cid/testdata/vm-p521.json | 22 ----- cid/testdata_test.go | 44 --------- cose/cose.go | 2 +- cose/cose_test.go | 4 +- credential/credential.go | 2 +- crypto_test.go | 12 +-- go.mod | 2 +- go.sum | 2 - jose/jose.go | 2 +- jose/jose_test.go | 4 +- sdjwt/sdjwt.go | 2 +- sdjwt/sdjwt_test.go | 4 +- 26 files changed, 438 insertions(+), 220 deletions(-) create mode 100644 .github/ISSUE_TEMPLATE/bug-report.md create mode 100644 .github/workflows/security.yml create mode 100644 CODE_OF_CONDUCT.md create mode 100644 CONTRIBUTING.md create mode 100644 GOVERNANCE.md delete mode 100644 cid/testdata/vm-ed25519.json delete mode 100644 cid/testdata/vm-p256.json delete mode 100644 cid/testdata/vm-p384.json delete mode 100644 cid/testdata/vm-p521.json delete mode 100644 cid/testdata_test.go diff --git a/.github/ISSUE_TEMPLATE/bug-report.md b/.github/ISSUE_TEMPLATE/bug-report.md new file mode 100644 index 0000000..25f0bc5 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/bug-report.md @@ -0,0 +1,31 @@ +--- +name: 🐛 Bug Report +about: Thank you for taking the time, please report a reproducible bug +title: "[Bug] " +labels: bug +assignees: add codeowner's @name here + +--- + +**Describe the bug** +*A clear and concise description of what the bug is.* + +**To Reproduce:** +*Steps to reproduce the behavior:* +1. Go to '...' +2. Click on '....' +3. Scroll down to '....' +4. See error + +**Expected behavior:** +*A clear and concise description of what you expected to happen.* + +**Supporting Material** +*If applicable, add screenshots, output log and/or other documentation to help explain your problem.* + +**Environment (please complete the following information):** + - OS: [ex: iOS] + - Version + +**Additional context** +Add any other context that you feel is relevant about the problem here. diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index adf1bed..ec35787 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -20,7 +20,7 @@ jobs: - name: Set up Go uses: actions/setup-go@v3 with: - go-version: 1.23.3 + go-version: 1.23.2 - name: Install Mage run: go install github.com/magefile/mage @@ -35,7 +35,7 @@ jobs: - name: Set up Go uses: actions/setup-go@v3 with: - go-version: 1.23.3 + go-version: 1.23.2 - name: Install Mage run: go install github.com/magefile/mage diff --git a/.github/workflows/golangci-lint.yml b/.github/workflows/golangci-lint.yml index 75715c7..2792b53 100644 --- a/.github/workflows/golangci-lint.yml +++ b/.github/workflows/golangci-lint.yml @@ -15,7 +15,7 @@ jobs: steps: - uses: actions/setup-go@v3 with: - go-version: 1.23.3 + go-version: 1.23.2 - uses: actions/checkout@v3 - name: golangci-lint uses: golangci/golangci-lint-action@v3 diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml new file mode 100644 index 0000000..e1753e4 --- /dev/null +++ b/.github/workflows/security.yml @@ -0,0 +1,22 @@ +name: Security and License Scans + +on: + pull_request_target: + branches: + - main + + push: + branches: + - main + + # Run every day at 5am UTC + schedule: + - cron: "0 5 * * *" + + # Allows you to run this workflow manually from the Actions tab + workflow_dispatch: + +jobs: + security-license-scan: + uses: TBD54566975/open-source-programs/.github/workflows/security.yml@main + secrets: inherit \ No newline at end of file diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md new file mode 100644 index 0000000..8128d59 --- /dev/null +++ b/CODE_OF_CONDUCT.md @@ -0,0 +1,136 @@ + +# TBD Code of Conduct + +TBD builds infrastructure for the next wave of innovation in financial services — which we believe will be decentralized, permissionless, and non-custodial. This means opening the global economy to everyone. We extend the same principles of inclusion to our developer ecosystem. We are excited to build with you. So we will ensure our community is truly open, transparent and inclusive. Because of the global nature of our project, diversity and inclusivity is paramount to our success. We not only welcome diverse perspectives, we **need** them! + +The code of conduct below reflects the expectations for ourselves and for our community. + + +## Our Pledge + +We as members, contributors, and leaders pledge to make participation in our +community a harassment-free experience for everyone, regardless of age, physical appearance, visible or invisible disability, ethnicity, sex characteristics, gender +identity and expression, level of experience, education, socio-economic status, +nationality, personal appearance, race, caste, color, religion, or sexual +identity and orientation. + +We pledge to act and interact in ways that contribute to an open, welcoming, +diverse, inclusive, and healthy community. + +## Our Standards + +Examples of behavior that contributes to a positive environment for our +community include: + +* Demonstrating empathy and kindness toward other people +* Being respectful and welcoming of differing opinions, viewpoints, and experiences +* Giving and gracefully accepting constructive feedback +* Accepting responsibility and apologizing to those affected by our mistakes, + and learning from the experience +* Focusing on what is best not just for us as individuals, but for the overall + community + +Examples of unacceptable behavior include: + +* The use of sexualized language or imagery, and sexual attention or advances of + any kind +* Trolling, insulting or derogatory comments, and personal or political attacks +* Public or private harassment +* Publishing others' private information, such as a physical or email address, + without their explicit permission +* Other conduct which could reasonably be considered inappropriate in a + professional setting + +## Enforcement Responsibilities + +The TBD Open Source Governance Committee (GC) is responsible for clarifying and enforcing our standards of +acceptable behavior and will take appropriate and fair corrective action in +response to any behavior that they deem inappropriate, threatening, offensive, +or harmful. + +The GC has the right and responsibility to remove, edit, or reject +comments, commits, code, wiki edits, issues, and other contributions that are +not aligned to this Code of Conduct, and will communicate reasons for moderation +decisions when appropriate. + +## Scope + +This Code of Conduct applies within all project spaces, and it also applies when an individual is representing the project or its community in public spaces. Examples of representing a project or community include using an official project e-mail address, posting via an official social media account, or acting as an appointed representative at an online or offline event, or any space where the project is listed as part of your profile. + +## Enforcement + +Instances of abusive, harassing, or otherwise unacceptable behavior may be +reported to the TBD Open Source Governance Committee (GC) at +`tbd-open-source-governance@squareup.com`. +All complaints will be reviewed and investigated promptly and fairly. + +The GC is obligated to respect the privacy and security of the +reporter of any incident. + +## Enforcement Guidelines + +The GC will follow these Community Impact Guidelines in determining +the consequences for any action they deem in violation of this Code of Conduct: + +### 1. Correction + +**Community Impact**: Use of inappropriate language or other behavior deemed +unprofessional or unwelcome in the community. + +**Consequence**: A private, written warning from the GC, providing +clarity around the nature of the violation and an explanation of why the +behavior was inappropriate. A public apology may be requested. + +### 2. Warning + +**Community Impact**: A violation through a single incident or series of +actions. + +**Consequence**: A warning with consequences for continued behavior. No +interaction with the people involved, including unsolicited interaction with +those enforcing the Code of Conduct, for a specified period of time. This +includes avoiding interactions in community spaces as well as external channels +like social media and forums. + +Although this list cannot be exhaustive, we explicitly honor diversity in age, culture, ethnicity, gender identity or expression, language, national origin, political beliefs, profession, race, religion, sexual orientation, socioeconomic status, and technical ability. We will not tolerate discrimination based on any of the protected characteristics above, including participants with disabilities. + +Violating these terms may lead to a temporary or permanent ban. + +### 3. Temporary Ban + +**Community Impact**: A serious violation of community standards, including +sustained inappropriate behavior. + +**Consequence**: A temporary ban from any sort of interaction or public +communication with the community for a specified period of time. No public or +private interaction with the people involved, including unsolicited interaction +with those enforcing the Code of Conduct, is allowed during this period. +Violating these terms may lead to a permanent ban. + +### 4. Permanent Ban + +**Community Impact**: Demonstrating a pattern of violation of community +standards, including sustained inappropriate behavior, harassment of an +individual, or aggression toward or disparagement of classes of individuals. + +**Consequence**: A permanent ban from any sort of public interaction within the +community. + +## Attribution + +This Code of Conduct is adapted from the [Contributor Covenant][homepage], +version 2.1, available at +[https://www.contributor-covenant.org/version/2/1/code_of_conduct.html][v2.1]. + +Community Impact Guidelines were inspired by +[Mozilla's code of conduct enforcement ladder][Mozilla CoC]. + +For answers to common questions about this code of conduct, see the FAQ at +[https://www.contributor-covenant.org/faq][FAQ]. Translations are available at +[https://www.contributor-covenant.org/translations][translations]. + +[homepage]: https://www.contributor-covenant.org +[v2.1]: https://www.contributor-covenant.org/version/2/1/code_of_conduct.html +[Mozilla CoC]: https://github.com/mozilla/diversity +[FAQ]: https://www.contributor-covenant.org/faq +[translations]: https://www.contributor-covenant.org/translations diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md new file mode 100644 index 0000000..6c7c49e --- /dev/null +++ b/CONTRIBUTING.md @@ -0,0 +1,121 @@ +# Contribution Guide + +There are many ways to be an open source contributor, and we're here to help you on your way! You may: + +* Propose ideas in our + [discord](https://discord.gg/tbd) +* Raise an issue or feature request in our [issue tracker](https://github.com/TBD54566975/vc-jose-cose-go/issues) +* Help another contributor with one of their questions, or a code review +* Suggest improvements to our Getting Started documentation by supplying a Pull Request +* Evangelize our work together in conferences, podcasts, and social media spaces. + +This guide is for you. + +## Development Prerequisites + +| Requirement | Tested Version | Installation Instructions | +| ----------- | -------------- | ----------------------------------------------------- | +| Go | 1.23.2 | [go.dev](https://go.dev/doc/tutorial/compile-install) | +| Mage | 1.12.1 | [magefile.org](https://magefile.org/) | + +### Go + +This project is written in Go, a modern, open source programming language. + +You may verify your `go` installation via the terminal: + +``` +$> go version +go version go1.23.2 darwin/amd64 +``` + +If you do not have go, we recommend installing it by: + +#### MacOS + +##### Homebrew + +``` +$> brew install go +``` + +#### Linux + +See the [Go Installation Documentation](https://go.dev/doc/install). + +### Mage + +The build is run by Mage. + +You may verify your `mage` installation via the terminal: + +``` +$> mage --version +Mage Build Tool v1.15.0-5-g2385abb +Build Date: 2024-08-20T17:26:25-07:00 +Commit: 2385abb +built with: go1.23.2 +``` + +#### MacOS + +##### Homebrew + +``` +$> brew install mage +``` + +#### Linux + +Installation instructions are on the [Magefile home page](https://magefile.org/). + +## Communications + +### Issues + +Anyone from the community is welcome (and encouraged!) to raise issues via +[GitHub Issues](https://github.com/TBD54566975/vc-jose-cose-go/issues) + +### Discussions + +Design discussions and proposals take place in our [discord](https://discord.gg/tbd). + +We advocate an asynchronous, written debate model - so write up your thoughts and invite the community to join in! + +### Continuous Integration + +Build and Test cycles are run on every commit to every branch on [GitHub Actions](https://github.com/TBD54566975/vc-jose-cose-go/actions). + +## Contribution + +We review contributions to the codebase via GitHub's Pull Request mechanism. We have +the following guidelines to ease your experience and help our leads respond quickly +to your valuable work: + +* Start by proposing a change either in Issues (most appropriate for small + change requests or bug fixes) or in Discussions (most appropriate for design + and architecture considerations, proposing a new feature, or where you'd + like insight and feedback) +* Cultivate consensus around your ideas; the project leads will help you + pre-flight how beneficial the proposal might be to the project. Developing early + buy-in will help others understand what you're looking to do, and give you a + greater chance of your contributions making it into the codebase! No one wants to + see work done in an area that's unlikely to be incorporated into the codebase. +* Fork the repo into your own namespace/remote +* Work in a dedicated feature branch. Atlassian wrote a great + [description of this workflow](https://www.atlassian.com/git/tutorials/comparing-workflows/feature-branch-workflow) +* When you're ready to offer your work to the project, first: +* Squash your commits into a single one (or an appropriate small number of commits), and + rebase atop the upstream `main` branch. This will limit the potential for merge + conflicts during review, and helps keep the audit trail clean. A good writeup for + how this is done is + [here](https://medium.com/@slamflipstrom/a-beginners-guide-to-squashing-commits-with-git-rebase-8185cf6e62ec), and if you're + having trouble - feel free to ask a member or the community for help or leave the commits as-is, and flag that you'd like + rebasing assistance in your PR! We're here to support you. +* Open a PR in the project to bring in the code from your feature branch. +* The maintainers noted in the `CODEOWNERS` file will review your PR and optionally + open a discussion about its contents before moving forward. +* Remain responsive to follow-up questions, be open to making requested changes, and... + You're a contributor! +* And remember to respect everyone in our global development community. Guidelines + are established in our `CODE_OF_CONDUCT.md`. diff --git a/GOVERNANCE.md b/GOVERNANCE.md new file mode 100644 index 0000000..d02f5ad --- /dev/null +++ b/GOVERNANCE.md @@ -0,0 +1,67 @@ +# TBD Open Source Project Governance + + + +* [Contributors](#contributors) +* [Maintainers](#maintainers) +* [Governance Committee](#governance-committee) + + + +## Contributors + +Anyone may be a contributor to TBD projects. Contribution may take the form of: + +* Asking and answering questions on the Discord or GitHub Issues +* Filing an issue +* Offering a feature or bug fix via a Pull Request +* Suggesting documentation improvements +* ...and more! + +Anyone with a GitHub account may use the project issue trackers and communications channels. We welcome newcomers, so don't hesitate to say hi! + +## Maintainers + +Maintainers have write access to GitHub repositories and act as project administrators. They approve and merge pull requests, cut releases, and guide collaboration with the community. They have: + +* Commit access to their project's repositories +* Write access to continuous integration (CI) jobs + +Both maintainers and non-maintainers may propose changes to +source code. The mechanism to propose such a change is a GitHub pull request. Maintainers review and merge (_land_) pull requests. + +If a maintainer opposes a proposed change, then the change cannot land. The exception is if the Governance Committee (GC) votes to approve the change despite the opposition. Usually, involving the GC is unnecessary. + +See: + +* [List of maintainers - `MAINTAINERS.md`](./MAINTAINERS.md) +* [Contribution Guide - `CONTRIBUTING.md`](./CONTRIBUTING.md) + +### Maintainer activities + +* Helping users and novice contributors +* Contributing code and documentation changes that improve the project +* Reviewing and commenting on issues and pull requests +* Participation in working groups +* Merging pull requests + +## Governance Committee + +The TBD Open Source Governance Committee (GC) has final authority over this project, including: + +* Technical direction +* Project governance and process (including this policy) +* Contribution policy +* GitHub repository hosting +* Conduct guidelines +* Maintaining the list of maintainers + +The current GC members are: + +* Ben Boeser, Technical Partnerships Lead, TBD +* Angie Jones, Head of Developer Relations, TBD +* Julie Kim, Head of Legal, TBD +* Nidhi Nahar, Head of Patents and Open Source, Block +* Andrew Lee Rubinger, Head of Open Source, TBD + +Members are not to be contacted individually. The GC may be reached through `tbd-open-source-governance@squareup.com` and is an available resource in mediation or for sensitive cases beyond the scope of project maintainers. It operates as a "Self-appointing council or board" as defined by Red Hat: [Open Source Governance Models](https://www.redhat.com/en/blog/understanding-open-source-governance-models). diff --git a/LICENSE b/LICENSE index 7aa79b8..ebd7b4b 100644 --- a/LICENSE +++ b/LICENSE @@ -194,8 +194,7 @@ http://www.apache.org/licenses/LICENSE-2.0 - Copyright 2023 Block, Inc. - Copyright 2024 Gabe Cohen +Copyright 2023 Block, Inc. Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, diff --git a/README.md b/README.md index 2875cad..dc2f2ce 100644 --- a/README.md +++ b/README.md @@ -1,15 +1,15 @@ -[![godoc vc-jose-cose-go](https://img.shields.io/badge/godoc-vc--jose--cose--go-blue)](https://pkg.go.dev/github.com/decentralgabe/vc-jose-cose-go) -[![go version 1.23.3](https://img.shields.io/badge/go_version-1.23.2-brightgreen)](https://golang.org/) -[![Go Report Card](https://goreportcard.com/badge/github.com/decentralgabe/vc-jose-cose-go)](https://goreportcard.com/report/github.com/decentralgabe/vc-jose-cose-go) -[![license Apache 2](https://img.shields.io/badge/license-Apache%202-black)](https://github.com/decentralgabe/vc-jose-cose-go/blob/main/LICENSE) -[![issues](https://img.shields.io/github/issues/decentralgabe/vc-jose-cose-go)](https://github.com/decentralgabe/vc-jose-cose-go/issues) -![ci status](https://github.com/decentralgabe/vc-jose-cose-go/actions/workflows/ci.yml/badge.svg?branch=main&event=push) -[![codecov](https://codecov.io/github/decentralgabe/vm-jose-cose-go/graph/badge.svg?token=PIS07W0RQJ)](https://codecov.io/github/decentralgabe/vc-jose-cose-go) +[![godoc vc-jose-cose-go](https://img.shields.io/badge/godoc-vc--jose--cose--go-blue)](https://pkg.go.dev/github.com/TBD54566975/vc-jose-cose-go) +[![go version 1.23.2](https://img.shields.io/badge/go_version-1.23.2-brightgreen)](https://golang.org/) +[![Go Report Card](https://goreportcard.com/badge/github.com/TBD54566975/vc-jose-cose-go)](https://goreportcard.com/report/github.com/TBD54566975/vc-jose-cose-go) +[![license Apache 2](https://img.shields.io/badge/license-Apache%202-black)](https://github.com/TBD54566975/vc-jose-cose-go/blob/main/LICENSE) +[![issues](https://img.shields.io/github/issues/TBD54566975/vc-jose-cose-go)](https://github.com/TBD54566975/vc-jose-cose-go/issues) +![ci status](https://github.com/TBD54566975/vc-jose-cose-go/actions/workflows/ci.yml/badge.svg?branch=main&event=push) +[![codecov](https://codecov.io/github/TBD54566975/vc-jose-cose-go/graph/badge.svg?token=PIS07W0RQJ)](https://codecov.io/github/TBD54566975/vc-jose-cose-go) # VC JOSE COSE in go -A lightweight go implementation of the [W3C Verifiable Credentials v2 Data Model](https://www.w3.org/TR/vm-data-model-2.0) -with support for [Securing Verifiable Credentials using JOSE and COSE](https://www.w3.org/TR/vm-jose-cose/). +A lightweight go implementation of the [W3C Verifiable Credentials v2 Data Model](https://www.w3.org/TR/vc-data-model-2.0) +with support for [Securing Verifiable Credentials using JOSE and COSE](https://www.w3.org/TR/vc-jose-cose/). ## Usage @@ -18,23 +18,23 @@ This library provides Go implementations for signing and verifying Verifiable Cr ## Installation ``` -go get github.com/decentralgabe/vc-jose-cose-go +go get github.com/TBD54566975/vc-jose-cose-go ``` ### JOSE (JSON Object Signing and Encryption) ```go import ( - "github.com/decentralgabe/vc-jose-cose-go/jose" - "github.com/decentralgabe/vc-jose-cose-go/credential" - "github.com/decentralgabe/vc-jose-cose-go/util" + "github.com/TBD54566975/vc-jose-cose-go/jose" + "github.com/TBD54566975/vc-jose-cose-go/credential" + "github.com/TBD54566975/vc-jose-cose-go/util" "github.com/lestrrat-go/jwx/v2/jwk" "github.com/lestrrat-go/jwx/v2/jwa" ) func main() { // Create a VC - vm := credential.VerifiableCredential{ + vc := credential.VerifiableCredential{ Context: []string{"https://www.w3.org/2018/credentials/v1"}, ID: "https://example.edu/credentials/1872", Type: []string{"VerifiableCredential"}, @@ -49,12 +49,12 @@ func main() { key, _ := util.GenerateJWK(jwa.Ed25519) // Sign the VC - jwt, err := jose.SignVerifiableCredential(vm, key) + jwt, err := jose.SignVerifiableCredential(vc, key) if err != nil { // Handle error } - vm, err := jose.VerifyVerifiableCredential(jwt, key) + vc, err := jose.VerifyVerifiableCredential(jwt, key) if err != nil { // Handle error } @@ -66,15 +66,15 @@ func main() { ```go import ( - "github.com/decentralgabe/vc-jose-cose-go/sdjwt" - "github.com/decentralgabe/vc-jose-cose-go/credential" - "github.com/decentralgabe/vc-jose-cose-go/util" + "github.com/TBD54566975/vc-jose-cose-go/sdjwt" + "github.com/TBD54566975/vc-jose-cose-go/credential" + "github.com/TBD54566975/vc-jose-cose-go/util" "github.com/lestrrat-go/jwx/v2/jwk" "github.com/lestrrat-go/jwx/v2/jwa" ) func main() { - vm := credential.VerifiableCredential{ + vc := credential.VerifiableCredential{ Context: []string{"https://www.w3.org/2018/credentials/v1"}, ID: "https://example.edu/credentials/1872", Type: []string{"VerifiableCredential"}, @@ -95,7 +95,7 @@ func main() { key, _ := util.GenerateJWK(jwa.Ed25519) // Create SD-JWT - sdJWT, err := sdjwt.SignVerifiableCredential(vm, disclosurePaths, issuerKey) + sdJWT, err := sdjwt.SignVerifiableCredential(vc, disclosurePaths, issuerKey) if err != nil { // Handle error } @@ -111,16 +111,16 @@ func main() { ```go import ( - "github.com/decentralgabe/vc-jose-cose-go/cose" - "github.com/decentralgabe/vc-jose-cose-go/credential" - "github.com/decentralgabe/vc-jose-cose-go/util" + "github.com/TBD54566975/vc-jose-cose-go/cose" + "github.com/TBD54566975/vc-jose-cose-go/credential" + "github.com/TBD54566975/vc-jose-cose-go/util" "github.com/lestrrat-go/jwx/v2/jwk" "github.com/lestrrat-go/jwx/v2/jwa" ) func main() { // Create a VC - vm := credential.VerifiableCredential{ + vc := credential.VerifiableCredential{ Context: []string{"https://www.w3.org/2018/credentials/v1"}, ID: "https://example.edu/credentials/1872", Type: []string{"VerifiableCredential"}, @@ -135,15 +135,25 @@ func main() { key, _ := util.GenerateJWK(jwa.Ed25519) // Sign the VC - cs1, err := cose.SignVerifiableCredential(vm, key) + cs1, err := cose.SignVerifiableCredential(vc, key) if err != nil { // Handle error } - vm, err := cose.VerifyVerifiableCredential(cs1, key) + vc, err := cose.VerifyVerifiableCredential(cs1, key) if err != nil { // Handle error } // Use the verified VC } -``` \ No newline at end of file +``` + +## Project Resources + +| Resource | Description | +| ------------------------------------------ | ------------------------------------------------------------------------------ | +| [CODEOWNERS](./CODEOWNERS) | Outlines the project lead(s) | +| [CODE_OF_CONDUCT.md](./CODE_OF_CONDUCT.md) | Expected behavior for project contributors, promoting a welcoming environment | +| [CONTRIBUTING.md](./CONTRIBUTING.md) | Developer guide to build, test, run, access CI, chat, discuss, file issues | +| [GOVERNANCE.md](./GOVERNANCE.md) | Project governance | +| [LICENSE](./LICENSE) | Apache License, Version 2.0 | \ No newline at end of file diff --git a/SECURITY.md b/SECURITY.md index b480c06..68a7682 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -8,6 +8,6 @@ This project is under active development and has no officially released versions To report a vulnerability please open an issue and label it with "bug". Additionally, please tag relevant maintainers, who can be found in -the [CODEOWNERS](https://github.com/decentralgabe/vc-jose-cose-go/blob/main/CODEOWNERS) file. +the [CODEOWNERS](https://github.com/TBD54566975/vc-jose-cose-go/blob/main/CODEOWNERS) file. We aim to respond to vulnerability reports within one business day. \ No newline at end of file diff --git a/cid/cid.go b/cid/cid.go index e787fd7..150d3ed 100644 --- a/cid/cid.go +++ b/cid/cid.go @@ -1,10 +1,9 @@ package cid import ( - "github.com/goccy/go-json" "github.com/lestrrat-go/jwx/v2/jwk" - "github.com/decentralgabe/vc-jose-cose-go/util" + "github.com/TBD54566975/vc-jose-cose-go/util" ) const ( @@ -36,40 +35,5 @@ type VerificationMethod struct { SecretKeyMultibase string `json:"secretKeyMultibase,omitempty"` } -// UnmarshalJSON implements custom unmarshaling for VerificationMethod -func (vm *VerificationMethod) UnmarshalJSON(data []byte) error { - // Create a temporary type without the custom UnmarshalJSON method to avoid recursion - type VMAlias VerificationMethod - var temp struct { - PublicKeyJWK json.RawMessage `json:"publicKeyJwk,omitempty"` - SecretKeyJWK json.RawMessage `json:"secretKeyJwk,omitempty"` - *VMAlias - } - temp.VMAlias = (*VMAlias)(vm) - - if err := json.Unmarshal(data, &temp); err != nil { - return err - } - - // Parse the JWKs if they exist - if len(temp.PublicKeyJWK) > 0 { - key, err := jwk.ParseKey(temp.PublicKeyJWK) - if err != nil { - return err - } - vm.PublicKeyJWK = key - } - - if len(temp.SecretKeyJWK) > 0 { - key, err := jwk.ParseKey(temp.SecretKeyJWK) - if err != nil { - return err - } - vm.SecretKeyJWK = key - } - - return nil -} - type VerificationMethodMap struct { } diff --git a/cid/testdata/vm-ed25519.json b/cid/testdata/vm-ed25519.json deleted file mode 100644 index 658e6a0..0000000 --- a/cid/testdata/vm-ed25519.json +++ /dev/null @@ -1,20 +0,0 @@ -{ - "id": "https://example.issuer/vc-jose-cose#key-4", - "type": "JsonWebKey", - "controller": "https://example.issuer/vc-jose-cose", - "publicKeyJwk": { - "alg": "EdDSA", - "crv": "Ed25519", - "kid": "2aOHaQxsWVT4mLsUkdtlCnUV-au0BBR-5yPYaPaCc5k", - "kty": "OKP", - "x": "NvUhsjZe7Mdv8Esoc60o3ma1U5j2tFUTDsOQd39xMnI" - }, - "secretKeyJwk": { - "alg": "EdDSA", - "crv": "Ed25519", - "d": "cbxP1TvbhLteRSspEvwxEuFKRDHWpGmPla8ePI0cmv8", - "kid": "2aOHaQxsWVT4mLsUkdtlCnUV-au0BBR-5yPYaPaCc5k", - "kty": "OKP", - "x": "NvUhsjZe7Mdv8Esoc60o3ma1U5j2tFUTDsOQd39xMnI" - } -} diff --git a/cid/testdata/vm-p256.json b/cid/testdata/vm-p256.json deleted file mode 100644 index b89c663..0000000 --- a/cid/testdata/vm-p256.json +++ /dev/null @@ -1,22 +0,0 @@ -{ - "id": "https://example.issuer/vc-jose-cose#key-1", - "type": "JsonWebKey", - "controller": "https://example.issuer/vc-jose-cose", - "publicKeyJwk": { - "alg": "ES256", - "crv": "P-256", - "kid": "73voMXFNmNlOEpuYCSJlh8eN0dscykoO6gBukgRS1uU", - "kty": "EC", - "x": "WfTi93YuhsQxKbD0ftnjOXJndqhnJ5kgDV-ZDGyrhBQ", - "y": "qUd_55EjX0mjKZ6W6mF4UXVYTQ41K6jfdnYFwN5uPyk" - }, - "secretKeyJwk": { - "alg": "ES256", - "crv": "P-256", - "d": "J_a5KH6A2Ru7iOAzvUkQEjKCJQCdxUXVajaW3CaPORs", - "kid": "73voMXFNmNlOEpuYCSJlh8eN0dscykoO6gBukgRS1uU", - "kty": "EC", - "x": "WfTi93YuhsQxKbD0ftnjOXJndqhnJ5kgDV-ZDGyrhBQ", - "y": "qUd_55EjX0mjKZ6W6mF4UXVYTQ41K6jfdnYFwN5uPyk" - } -} diff --git a/cid/testdata/vm-p384.json b/cid/testdata/vm-p384.json deleted file mode 100644 index 09c22e3..0000000 --- a/cid/testdata/vm-p384.json +++ /dev/null @@ -1,22 +0,0 @@ -{ - "id": "https://example.issuer/vc-jose-cose#key-2", - "type": "JsonWebKey", - "controller": "https://example.issuer/vc-jose-cose", - "publicKeyJwk": { - "alg": "ES384", - "crv": "P-384", - "kid": "96qBnDpvS6x8YSCH_xmnLlXZMkDhHBr8lj99u5aog7s", - "kty": "EC", - "x": "PBM13G1rU-NPczSpFO7QGc-uSUHqoDPZSbshgR820ligqFB2yGFbE90VnpTiSswG", - "y": "x7mdD6reunUlSQ5LoC2GDpLOrjbIMLnt1TEGgxoyXSaKScPPRYY7hTr3geCvEZpf" - }, - "secretKeyJwk": { - "alg": "ES384", - "crv": "P-384", - "d": "c4UX9J2YcD6frHBJr1AKOBzr9niqDaNwaV001vmJVnShDk_QM7j8ggZu4klh32r7", - "kid": "96qBnDpvS6x8YSCH_xmnLlXZMkDhHBr8lj99u5aog7s", - "kty": "EC", - "x": "PBM13G1rU-NPczSpFO7QGc-uSUHqoDPZSbshgR820ligqFB2yGFbE90VnpTiSswG", - "y": "x7mdD6reunUlSQ5LoC2GDpLOrjbIMLnt1TEGgxoyXSaKScPPRYY7hTr3geCvEZpf" - } -} diff --git a/cid/testdata/vm-p521.json b/cid/testdata/vm-p521.json deleted file mode 100644 index aac5c45..0000000 --- a/cid/testdata/vm-p521.json +++ /dev/null @@ -1,22 +0,0 @@ -{ - "id": "https://example.issuer/vc-jose-cose#key-3", - "type": "JsonWebKey", - "controller": "https://example.issuer/vc-jose-cose", - "publicKeyJwk": { - "alg": "ES512", - "crv": "P-521", - "kid": "KQsihxP-LTeTZO2ETEfduP153UBIiFRhI8nSklMSmm0", - "kty": "EC", - "x": "Ac8mt4TvYd3TOrYtTk_YTQ5QQMpl58OnrU7uRxQEUoOO_6QnRBM0Xan8KQI_0dPKzcKBak0ZSEXcc5SNFUBHYfbP", - "y": "ADP_cowssurHA7uMHy4IODl247oQjCxZWFX7Gtr3cFmfVIwEyKGegrJh9ooZy5FsvFVbYwAmLKVfGZs7O15RBsO-" - }, - "secretKeyJwk": { - "alg": "ES512", - "crv": "P-521", - "d": "ABLav_lS-i3hVtEiYGNHwl7xdAu93Qc0O1httqelzCTs8uEmiSjkoKX6tCKwz--beZSL5a8qtdoC4mazTMtvsS4h", - "kid": "KQsihxP-LTeTZO2ETEfduP153UBIiFRhI8nSklMSmm0", - "kty": "EC", - "x": "Ac8mt4TvYd3TOrYtTk_YTQ5QQMpl58OnrU7uRxQEUoOO_6QnRBM0Xan8KQI_0dPKzcKBak0ZSEXcc5SNFUBHYfbP", - "y": "ADP_cowssurHA7uMHy4IODl247oQjCxZWFX7Gtr3cFmfVIwEyKGegrJh9ooZy5FsvFVbYwAmLKVfGZs7O15RBsO-" - } -} diff --git a/cid/testdata_test.go b/cid/testdata_test.go deleted file mode 100644 index c68fcc8..0000000 --- a/cid/testdata_test.go +++ /dev/null @@ -1,44 +0,0 @@ -package cid - -import ( - "embed" - "testing" - - "github.com/goccy/go-json" - - "github.com/stretchr/testify/assert" -) - -const ( - VMExample1 string = "vm-ed25519.json" - VMExample2 string = "vm-p256.json" - VMExample3 string = "vm-p384.json" - VMExample4 string = "vm-p521.json" -) - -var ( - //go:embed testdata - testVectors embed.FS - vmTestVectors = []string{VMExample1, VMExample2, VMExample3, VMExample4} -) - -func TestVMVectors(t *testing.T) { - // round trip serialize and de-serialize from json to our object model - for _, tv := range vmTestVectors { - gotTestVector, err := getTestVector(tv) - assert.NoError(t, err) - - var vm VerificationMethod - err = json.Unmarshal([]byte(gotTestVector), &vm) - assert.NoError(t, err) - - vmBytes, err := json.Marshal(vm) - assert.NoError(t, err) - assert.JSONEq(t, gotTestVector, string(vmBytes)) - } -} - -func getTestVector(fileName string) (string, error) { - b, err := testVectors.ReadFile("testdata/" + fileName) - return string(b), err -} diff --git a/cose/cose.go b/cose/cose.go index 51c970a..33dafda 100644 --- a/cose/cose.go +++ b/cose/cose.go @@ -11,7 +11,7 @@ import ( "github.com/lestrrat-go/jwx/v2/jwk" "github.com/veraison/go-cose" - "github.com/decentralgabe/vc-jose-cose-go/credential" + "github.com/TBD54566975/vc-jose-cose-go/credential" ) const ( diff --git a/cose/cose_test.go b/cose/cose_test.go index 20834d6..baae3c4 100644 --- a/cose/cose_test.go +++ b/cose/cose_test.go @@ -7,8 +7,8 @@ import ( "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" - "github.com/decentralgabe/vc-jose-cose-go/credential" - "github.com/decentralgabe/vc-jose-cose-go/util" + "github.com/TBD54566975/vc-jose-cose-go/credential" + "github.com/TBD54566975/vc-jose-cose-go/util" ) func Test_Sign_Verify_VerifiableCredential(t *testing.T) { diff --git a/credential/credential.go b/credential/credential.go index 61e975d..3871ca1 100644 --- a/credential/credential.go +++ b/credential/credential.go @@ -6,7 +6,7 @@ import ( "github.com/goccy/go-json" - "github.com/decentralgabe/vc-jose-cose-go/util" + "github.com/TBD54566975/vc-jose-cose-go/util" ) const ( diff --git a/crypto_test.go b/crypto_test.go index 1723f93..56e46de 100644 --- a/crypto_test.go +++ b/crypto_test.go @@ -1,15 +1,15 @@ -package main +package vc_jose_cose_go import ( "fmt" - "testing" - - "github.com/decentralgabe/vc-jose-cose-go/cid" - "github.com/decentralgabe/vc-jose-cose-go/util" + "github.com/TBD54566975/vc-jose-cose-go/cid" + "github.com/TBD54566975/vc-jose-cose-go/util" "github.com/goccy/go-json" "github.com/lestrrat-go/jwx/v2/jwa" - "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" + "testing" + + "github.com/stretchr/testify/assert" ) // TestGenerateKeys is used to generate sample cid document verification methods diff --git a/go.mod b/go.mod index d9026c0..72f42fd 100644 --- a/go.mod +++ b/go.mod @@ -1,4 +1,4 @@ -module github.com/decentralgabe/vc-jose-cose-go +module github.com/TBD54566975/vc-jose-cose-go go 1.23.2 diff --git a/go.sum b/go.sum index 47a8ab5..e658fef 100644 --- a/go.sum +++ b/go.sum @@ -2,8 +2,6 @@ github.com/MichaelFraser99/go-jose v0.9.0 h1:7vUcuJs5vGP0F+AQDStv6puqMYMmx75B4/Q github.com/MichaelFraser99/go-jose v0.9.0/go.mod h1:kdRvg7/FPcDnsEz8PyCg5hhcBlLud9F0jB4Xy/u771c= github.com/MichaelFraser99/go-sd-jwt v1.2.1 h1:1Rf+Wy4jdPnRXRI4dvhjUsH2ygERYIrZETtiBtqIPos= github.com/MichaelFraser99/go-sd-jwt v1.2.1/go.mod h1:1Kt/SQQEpexmeO0NrfPACRwn51NdhcqORikJDNDQMVA= -github.com/decentralgabe/vc-jose-cose-go v0.0.0-20241210044408-487d633d17dd h1:HgZNv9gn7rJHniRWZSfTpTMZ6cXWJDuLfzoGjhrw5V8= -github.com/decentralgabe/vc-jose-cose-go v0.0.0-20241210044408-487d633d17dd/go.mod h1:Yn1xZnk9GjBz/B3IHa/WxQwVBy0A8ZppkM4c3c0tYdY= github.com/btcsuite/btcd/btcec/v2 v2.3.4 h1:3EJjcN70HCu/mwqlUsGK8GcNVyLVxFDlWurTXGPFfiQ= github.com/btcsuite/btcd/btcec/v2 v2.3.4/go.mod h1:zYzJ8etWJQIv1Ogk7OzpWjowwOdXY1W/17j2MW85J04= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= diff --git a/jose/jose.go b/jose/jose.go index 1157cfd..835b37f 100644 --- a/jose/jose.go +++ b/jose/jose.go @@ -11,7 +11,7 @@ import ( "github.com/lestrrat-go/jwx/v2/jwk" "github.com/lestrrat-go/jwx/v2/jws" - "github.com/decentralgabe/vc-jose-cose-go/credential" + "github.com/TBD54566975/vc-jose-cose-go/credential" ) const ( diff --git a/jose/jose_test.go b/jose/jose_test.go index 33972a4..7cc8e03 100644 --- a/jose/jose_test.go +++ b/jose/jose_test.go @@ -7,8 +7,8 @@ import ( "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" - "github.com/decentralgabe/vc-jose-cose-go/credential" - "github.com/decentralgabe/vc-jose-cose-go/util" + "github.com/TBD54566975/vc-jose-cose-go/credential" + "github.com/TBD54566975/vc-jose-cose-go/util" ) func Test_Sign_Verify_VerifiableCredential(t *testing.T) { diff --git a/sdjwt/sdjwt.go b/sdjwt/sdjwt.go index 0ee9f08..90f9848 100644 --- a/sdjwt/sdjwt.go +++ b/sdjwt/sdjwt.go @@ -14,7 +14,7 @@ import ( "github.com/lestrrat-go/jwx/v2/jwk" "github.com/lestrrat-go/jwx/v2/jws" - "github.com/decentralgabe/vc-jose-cose-go/credential" + "github.com/TBD54566975/vc-jose-cose-go/credential" ) const ( diff --git a/sdjwt/sdjwt_test.go b/sdjwt/sdjwt_test.go index 6ccd434..3a46461 100644 --- a/sdjwt/sdjwt_test.go +++ b/sdjwt/sdjwt_test.go @@ -7,8 +7,8 @@ import ( "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" - "github.com/decentralgabe/vc-jose-cose-go/credential" - "github.com/decentralgabe/vc-jose-cose-go/util" + "github.com/TBD54566975/vc-jose-cose-go/credential" + "github.com/TBD54566975/vc-jose-cose-go/util" ) func Test_Sign_Verify_VerifiableCredential(t *testing.T) {