feat: add dip to spiritnet runtime (#616)

## fixes [#3250](KILTprotocol/ticket#3250)

Author: Ad96el

Cargo.lock

@@ -185,7 +185,6 @@ std = [
   "kilt-runtime-api-staking/std",
   "kilt-support/std",
   "log/std",
-  "kilt-support/std",
   "pallet-aura/std",
   "pallet-authorship/std",
   "pallet-balances/std",

runtimes/peregrine/Cargo.toml

@@ -30,13 +30,12 @@ use frame_support::{
 	traits::{AsEnsureOriginWithArg, ConstU32, EitherOfDiverse, Everything, InstanceFilter, PrivilegeCmp},
 	weights::{ConstantMultiplier, Weight},
 };
-use frame_system::{EnsureRoot, EnsureSigned};
+use frame_system::{pallet_prelude::BlockNumberFor, EnsureRoot, EnsureSigned};
 use parity_scale_codec::{Decode, Encode, MaxEncodedLen};
 
 #[cfg(feature = "try-runtime")]
 use frame_try_runtime::UpgradeCheckSelect;
 
-use frame_system::pallet_prelude::BlockNumberFor;
 use sp_api::impl_runtime_apis;
 use sp_core::{ConstBool, OpaqueMetadata};
 use sp_runtime::{
@@ -830,6 +829,8 @@ impl InstanceFilter<RuntimeCall> for ProxyType {
 							| did::Call::submit_did_call { .. }
 							| did::Call::update_deposit { .. }
 							| did::Call::change_deposit_owner { .. }
+							| did::Call::create_from_account { .. }
+							| did::Call::dispatch_as { .. }
 					)
 					| RuntimeCall::DidLookup(
 						// Excludes `reclaim_deposit`

runtimes/peregrine/src/lib.rs

@@ -36,8 +36,11 @@ attestation.workspace = true
 ctype.workspace = true
 delegation.workspace = true
 did.workspace = true
+kilt-runtime-api-dip-provider.workspace = true
 kilt-support.workspace = true
+pallet-deposit-storage.workspace = true
 pallet-did-lookup.workspace = true
+pallet-dip-provider.workspace = true
 pallet-inflation.workspace = true
 pallet-migration.workspace = true
 pallet-web3-names.workspace = true
@@ -126,7 +129,9 @@ runtime-benchmarks = [
   "pallet-balances/runtime-benchmarks",
   "pallet-collective/runtime-benchmarks",
   "pallet-democracy/runtime-benchmarks",
+  "pallet-deposit-storage/runtime-benchmarks",
   "pallet-did-lookup/runtime-benchmarks",
+  "pallet-dip-provider/runtime-benchmarks",
   "pallet-indices/runtime-benchmarks",
   "pallet-inflation/runtime-benchmarks",
   "pallet-membership/runtime-benchmarks",
@@ -171,6 +176,7 @@ std = [
   "frame-system/std",
   "frame-try-runtime?/std",
   "kilt-runtime-api-did/std",
+  "kilt-runtime-api-dip-provider/std",
   "kilt-runtime-api-public-credentials/std",
   "kilt-runtime-api-staking/std",
   "kilt-support/std",
@@ -180,7 +186,9 @@ std = [
   "pallet-balances/std",
   "pallet-collective/std",
   "pallet-democracy/std",
+  "pallet-deposit-storage/std",
   "pallet-did-lookup/std",
+  "pallet-dip-provider/std",
   "pallet-indices/std",
   "pallet-inflation/std",
   "pallet-membership/std",
@@ -241,7 +249,9 @@ try-runtime = [
   "pallet-balances/try-runtime",
   "pallet-collective/try-runtime",
   "pallet-democracy/try-runtime",
+  "pallet-deposit-storage/try-runtime",
   "pallet-did-lookup/try-runtime",
+  "pallet-dip-provider/try-runtime",
   "pallet-indices/try-runtime",
   "pallet-inflation/try-runtime",
   "pallet-membership/try-runtime",

runtimes/spiritnet/Cargo.toml

@@ -0,0 +1,67 @@
+// KILT Blockchain – https://botlabs.org
+// Copyright (C) 2019-2024 BOTLabs GmbH
+
+// The KILT Blockchain is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+
+// The KILT Blockchain is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+
+// You should have received a copy of the GNU General Public License
+// along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
+// If you feel like getting in touch with us, you can do so at [email protected]
+
+use did::{DidRawOrigin, EnsureDidOrigin};
+use frame_system::EnsureSigned;
+use runtime_common::{
+	constants::{deposit_storage::MAX_DEPOSIT_PALLET_KEY_LENGTH, dip_provider::MAX_LINKED_ACCOUNTS},
+	dip::{
+		deposit::{DepositCollectorHooks, DepositHooks, DepositNamespace},
+		did::LinkedDidInfoProvider,
+		merkle::DidMerkleRootGenerator,
+	},
+	AccountId, DidIdentifier,
+};
+use sp_core::ConstU32;
+
+use crate::{weights, Balances, Runtime, RuntimeEvent, RuntimeHoldReason};
+
+pub(crate) mod runtime_api;
+
+impl pallet_dip_provider::Config for Runtime {
+	// Only DID origins can submit the commitment identity tx, which will go through
+	// only if the DID in the origin matches the identifier specified in the tx.
+	type CommitOriginCheck = EnsureDidOrigin<DidIdentifier, AccountId>;
+	type CommitOrigin = DidRawOrigin<DidIdentifier, AccountId>;
+	type Identifier = DidIdentifier;
+	// The identity commitment is defined as the Merkle root of the linked identity
+	// info, as specified by the [`LinkedDidInfoProvider`].
+	type IdentityCommitmentGenerator = DidMerkleRootGenerator<Runtime>;
+	// Identity info is defined as the collection of DID keys, linked accounts, and
+	// the optional web3name of a given DID subject.
+	type IdentityProvider = LinkedDidInfoProvider<MAX_LINKED_ACCOUNTS>;
+	type ProviderHooks = DepositCollectorHooks;
+	type RuntimeEvent = RuntimeEvent;
+	type WeightInfo = weights::pallet_dip_provider::WeightInfo<Runtime>;
+}
+
+impl pallet_deposit_storage::Config for Runtime {
+	#[cfg(feature = "runtime-benchmarks")]
+	type BenchmarkHooks = runtime_common::dip::deposit::PalletDepositStorageBenchmarkHooks;
+	// Any signed origin can submit the tx, which will go through only if the
+	// deposit payer matches the signed origin.
+	type CheckOrigin = EnsureSigned<AccountId>;
+	// The balances pallet is used to reserve/unreserve tokens.
+	type Currency = Balances;
+	type DepositHooks = DepositHooks;
+	type MaxKeyLength = ConstU32<MAX_DEPOSIT_PALLET_KEY_LENGTH>;
+	type Namespace = DepositNamespace;
+	type RuntimeEvent = RuntimeEvent;
+	type RuntimeHoldReason = RuntimeHoldReason;
+	type WeightInfo = weights::pallet_deposit_storage::WeightInfo<Runtime>;
+}

runtimes/spiritnet/src/dip/mod.rs

@@ -0,0 +1,54 @@
+// KILT Blockchain – https://botlabs.org
+// Copyright (C) 2019-2024 BOTLabs GmbH
+
+// The KILT Blockchain is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+
+// The KILT Blockchain is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+
+// You should have received a copy of the GNU General Public License
+// along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
+// If you feel like getting in touch with us, you can do so at [email protected]
+
+use did::KeyIdOf;
+use pallet_did_lookup::linkable_account::LinkableAccountId;
+use pallet_dip_provider::IdentityCommitmentVersion;
+use parity_scale_codec::{Decode, Encode};
+use runtime_common::{
+	dip::{did::LinkedDidInfoProviderError, merkle::DidMerkleProofError},
+	DidIdentifier,
+};
+use scale_info::TypeInfo;
+use sp_std::vec::Vec;
+
+use crate::Runtime;
+
+/// Parameters for a DIP proof request.
+#[derive(Encode, Decode, TypeInfo)]
+pub struct DipProofRequest {
+	/// The subject identifier for which to generate the DIP proof.
+	pub(crate) identifier: DidIdentifier,
+	/// The DIP version.
+	pub(crate) version: IdentityCommitmentVersion,
+	/// The DID key IDs of the subject's DID Document to reveal in the DIP
+	/// proof.
+	pub(crate) keys: Vec<KeyIdOf<Runtime>>,
+	/// The list of accounts linked to the subject's DID to reveal in the
+	/// DIP proof.
+	pub(crate) accounts: Vec<LinkableAccountId>,
+	/// A flag indicating whether the web3name claimed by the DID subject
+	/// should revealed in the DIP proof.
+	pub(crate) should_include_web3_name: bool,
+}
+
+#[derive(Encode, Decode, TypeInfo)]
+pub enum DipProofError {
+	IdentityProvider(LinkedDidInfoProviderError),
+	MerkleProof(DidMerkleProofError),
+}

runtimes/spiritnet/src/dip/runtime_api.rs

@@ -58,6 +58,7 @@ use runtime_common::{
 	assets::{AssetDid, PublicCredentialsFilter},
 	authorization::{AuthorizationId, PalletAuthorize},
 	constants::{self, UnvestedFundsAllowedWithdrawReasons, EXISTENTIAL_DEPOSIT, KILT},
+	dip::merkle::{CompleteMerkleProof, DidMerkleProofOf, DidMerkleRootGenerator},
 	errors::PublicCredentialsApiError,
 	fees::{ToAuthor, WeightToFee},
 	pallet_id, AccountId, AuthorityId, Balance, BlockHashCount, BlockLength, BlockNumber, BlockWeights, DidIdentifier,
@@ -75,6 +76,7 @@ pub use sp_runtime::BuildStorage;
 #[cfg(test)]
 mod tests;
 
+mod dip;
 mod weights;
 pub mod xcm_config;
 
@@ -743,8 +745,10 @@ impl InstanceFilter<RuntimeCall> for ProxyType {
 					| RuntimeCall::Ctype(..)
 					| RuntimeCall::Delegation(..)
 					| RuntimeCall::Democracy(..)
+					| RuntimeCall::DepositStorage(..)
 					| RuntimeCall::Did(..)
 					| RuntimeCall::DidLookup(..)
+					| RuntimeCall::DipProvider(..)
 					| RuntimeCall::Indices(
 						// Excludes `force_transfer`, and `transfer`
 						pallet_indices::Call::claim { .. }
@@ -796,6 +800,7 @@ impl InstanceFilter<RuntimeCall> for ProxyType {
 							| delegation::Call::change_deposit_owner { .. }
 					)
 					| RuntimeCall::Democracy(..)
+					// Excludes `DepositStorage`
 					| RuntimeCall::Did(
 						// Excludes `reclaim_deposit`
 						did::Call::add_key_agreement_key { .. }
@@ -812,6 +817,8 @@ impl InstanceFilter<RuntimeCall> for ProxyType {
 							| did::Call::submit_did_call { .. }
 							| did::Call::update_deposit { .. }
 							| did::Call::change_deposit_owner { .. }
+							| did::Call::create_from_account { .. }
+							| did::Call::dispatch_as { .. }
 					)
 					| RuntimeCall::DidLookup(
 						// Excludes `reclaim_deposit`
@@ -822,6 +829,7 @@ impl InstanceFilter<RuntimeCall> for ProxyType {
 							| pallet_did_lookup::Call::update_deposit { .. }
 							| pallet_did_lookup::Call::change_deposit_owner { .. }
 					)
+					| RuntimeCall::DipProvider(..)
 					| RuntimeCall::Indices(..)
 					| RuntimeCall::Multisig(..)
 					| RuntimeCall::ParachainStaking(..)
@@ -972,6 +980,8 @@ construct_runtime! {
 		Web3Names: pallet_web3_names = 68,
 		PublicCredentials: public_credentials = 69,
 		Migration: pallet_migration = 70,
+		DipProvider: pallet_dip_provider = 71,
+		DepositStorage: pallet_deposit_storage = 72,
 
 		// Parachains pallets. Start indices at 80 to leave room.
 
@@ -1015,6 +1025,7 @@ impl did::DeriveDidCallAuthorizationVerificationKeyRelationship for RuntimeCall
 			RuntimeCall::Attestation { .. } => Ok(did::DidVerificationKeyRelationship::AssertionMethod),
 			RuntimeCall::Ctype { .. } => Ok(did::DidVerificationKeyRelationship::AssertionMethod),
 			RuntimeCall::Delegation { .. } => Ok(did::DidVerificationKeyRelationship::CapabilityDelegation),
+			RuntimeCall::DipProvider { .. } => Ok(did::DidVerificationKeyRelationship::Authentication),
 			// DID creation is not allowed through the DID proxy.
 			RuntimeCall::Did(did::Call::create { .. }) => Err(did::RelationshipDeriveError::NotCallableByDid),
 			RuntimeCall::Did { .. } => Ok(did::DidVerificationKeyRelationship::Authentication),
@@ -1105,6 +1116,8 @@ mod benches {
 		[public_credentials, PublicCredentials]
 		[pallet_xcm, PolkadotXcm]
 		[pallet_migration, Migration]
+		[pallet_dip_provider, DipProvider]
+		[pallet_deposit_storage, DepositStorage]
 		[frame_benchmarking::baseline, Baseline::<Runtime>]
 	);
 }
@@ -1371,6 +1384,16 @@ impl_runtime_apis! {
 		}
 	}
 
+	impl kilt_runtime_api_dip_provider::DipProvider<Block, dip::runtime_api::DipProofRequest, CompleteMerkleProof<Hash, DidMerkleProofOf<Runtime>>, dip::runtime_api::DipProofError> for Runtime {
+		fn generate_proof(request: dip::runtime_api::DipProofRequest) -> Result<CompleteMerkleProof<Hash, DidMerkleProofOf<Runtime>>, dip::runtime_api::DipProofError> {
+			use pallet_dip_provider::traits::IdentityProvider;
+
+			let identity_details = pallet_dip_provider::IdentityProviderOf::<Runtime>::retrieve(&request.identifier).map_err(dip::runtime_api::DipProofError::IdentityProvider)?;
+
+			DidMerkleRootGenerator::<Runtime>::generate_proof(&identity_details, request.version, request.keys.iter(), request.should_include_web3_name, request.accounts.iter()).map_err(dip::runtime_api::DipProofError::MerkleProof)
+		}
+	}
+
 	#[cfg(feature = "runtime-benchmarks")]
 	impl frame_benchmarking::Benchmark<Block> for Runtime {
 		fn benchmark_metadata(extra: bool) -> (

runtimes/spiritnet/src/lib.rs

@@ -24,7 +24,9 @@ pub mod frame_system;
 pub mod pallet_balances;
 pub mod pallet_collective;
 pub mod pallet_democracy;
+pub mod pallet_deposit_storage;
 pub mod pallet_did_lookup;
+pub mod pallet_dip_provider;
 pub mod pallet_indices;
 pub mod pallet_inflation;
 pub mod pallet_membership;