create statement: Issuer as public key using did:key if not given

Signed-off-by: John Andersen <[email protected]>

Author: pdxjohnny

scitt_emulator/create_statement.py

@@ -2,17 +2,28 @@
 # Licensed under the MIT License.
 import pathlib
 import argparse
-from typing import Optional
+from typing import Union, Optional
 
 import cwt
 import pycose
 import pycose.headers
 import pycose.messages
 import pycose.keys.ec2
+from cryptography.hazmat.primitives.serialization import Encoding, PublicFormat
+from cryptography.hazmat.primitives.serialization import load_pem_private_key
+
+# NOTE These are unmaintained but the
+# https://github.com/hashberg-io/multiformats stuff and base58 modules don't
+# produce the same results:
+# https://grotto-networking.com/blog/posts/DID_Key.html#bug-in-multibase-library
+import multibase
+import multicodec
 
 # TODO jwcrypto is LGPLv3, is there another option with a permissive licence?
 import jwcrypto.jwk
 
+from scitt_emulator.did_helpers import DID_KEY_METHOD, MULTICODEC_HEX_P384_PUBLIC_KEY
+
 
 @pycose.headers.CoseHeaderAttribute.register_attribute()
 class CWTClaims(pycose.headers.CoseHeaderAttribute):
@@ -40,7 +51,7 @@ class TBD(pycose.headers.CoseHeaderAttribute):
 
 def create_claim(
     claim_path: pathlib.Path,
-    issuer: str,
+    issuer: Union[str, None],
     subject: str,
     content_type: str,
     payload: str,
@@ -91,6 +102,23 @@ def create_claim(
     cwt_cose_key_to_cose_key = cwt_cose_key.to_dict()
     sign1_message_key = pycose.keys.ec2.EC2Key.from_dict(cwt_cose_key_to_cose_key)
 
+    # If issuer was not given used did:key of public key
+    if issuer is None:
+        multicodec_prefix_p_384 = "p384-pub"
+        multicodec.constants.NAME_TABLE[multicodec_prefix_p_384] = MULTICODEC_HEX_P384_PUBLIC_KEY
+        issuer = (
+            DID_KEY_METHOD
+            + multibase.encode(
+                "base58btc",
+                multicodec.add_prefix(
+                    multicodec_prefix_p_384,
+                    load_pem_private_key(key_as_pem_bytes, password=None)
+                    .public_key()
+                    .public_bytes(Encoding.X962, PublicFormat.CompressedPoint),
+                ),
+            ).decode()
+        )
+
     # CWT_Claims (label: 14 pending [CWT_CLAIM_COSE]): A CWT representing
     # the Issuer (iss) making the statement, and the Subject (sub) to
     # correlate a collection of statements about an Artifact. Additional
@@ -163,7 +191,7 @@ def create_claim(
 def cli(fn):
     p = fn("create-claim", description="Create a fake SCITT claim")
     p.add_argument("--out", required=True, type=pathlib.Path)
-    p.add_argument("--issuer", required=True, type=str)
+    p.add_argument("--issuer", required=False, type=str, default=None)
     p.add_argument("--subject", required=True, type=str)
     p.add_argument("--content-type", required=True, type=str)
     p.add_argument("--payload", required=True, type=str)

tests/test_cli.py

@@ -12,7 +12,6 @@
 from scitt_emulator import cli, server
 from scitt_emulator.oidc import OIDCAuthMiddleware
 
-issuer = "did:web:example.com"
 content_type = "application/json"
 payload = '{"foo": "bar"}'
 
@@ -72,8 +71,6 @@ def test_client_cli(use_lro: bool, tmp_path):
             "create-claim",
             "--out",
             claim_path,
-            "--issuer",
-            issuer,
             "--subject",
             "test",
             "--content-type",
@@ -265,8 +262,6 @@ def test_client_cli_token(tmp_path):
                 "create-claim",
                 "--out",
                 claim_path,
-                "--issuer",
-                issuer,
                 "--subject",
                 "test",
                 "--content-type",

tests/test_docs.py

@@ -293,7 +293,9 @@ def test_docs_registration_policies(tmp_path):
         ]
         execute_cli(command)
         assert os.path.exists(receipt_path)
+        receipt_path.unlink()
         assert os.path.exists(entry_id_path)
+        receipt_path.unlink(entry_id_path)
 
         # TODO Switch back on the OIDC routes
         # submit accepted claim using OIDC -> jwks lookup
@@ -311,4 +313,6 @@ def test_docs_registration_policies(tmp_path):
         ]
         execute_cli(command)
         assert os.path.exists(receipt_path)
+        receipt_path.unlink()
         assert os.path.exists(entry_id_path)
+        receipt_path.unlink(entry_id_path)