# README
Orb VDR
Orb vdr used to manage DID operation.
New VDR
import (
"crypto"
"github.com/hyperledger/aries-framework-go-ext/component/vdr/orb"
)
type keyRetrieverImpl struct {
nextRecoveryPublicKey crypto.PublicKey
nextUpdatePublicKey crypto.PublicKey
updateKey crypto.PrivateKey
recoverKey crypto.PrivateKey
}
func (k *keyRetrieverImpl) GetNextRecoveryPublicKey(didID string) (crypto.PublicKey, error) {
return k.nextRecoveryPublicKey, nil
}
func (k *keyRetrieverImpl) GetNextUpdatePublicKey(didID string) (crypto.PublicKey, error) {
return k.nextUpdatePublicKey, nil
}
func (k *keyRetrieverImpl) GetSigningKey(didID string, ot orb.OperationType) (crypto.PrivateKey, error) {
if ot == orb.Update {
return k.updateKey, nil
}
return k.recoverKey, nil
}
keyRetrieverImpl := &keyRetrieverImpl{}
vdr, err := orb.New(keyRetrieverImpl, orb.WithDomain("https://testnet.devel.trustbloc.dev"))
if err != nil {
return err
}
Create DID
For creating DID use vdr create and pass DID document. To discover orb instance there are two ways explicitly or through domain.
import (
"crypto"
"crypto/ed25519"
"crypto/rand"
"fmt"
ariesdid "github.com/hyperledger/aries-framework-go/pkg/doc/did"
"github.com/hyperledger/aries-framework-go/pkg/doc/jose"
vdrapi "github.com/hyperledger/aries-framework-go/pkg/framework/aries/api/vdr"
"github.com/hyperledger/aries-framework-go-ext/component/vdr/orb"
)
recoveryKey, recoveryKeyPrivateKey, err := ed25519.GenerateKey(rand.Reader)
if err != nil {
return err
}
updateKey, updateKeyPrivateKey, err := ed25519.GenerateKey(rand.Reader)
if err != nil {
return err
}
didPublicKey, _, err := ed25519.GenerateKey(rand.Reader)
if err != nil {
return err
}
jwk, err := jose.JWKFromKey(didPublicKey)
if err != nil {
return err
}
vm,err:=ariesdid.NewVerificationMethodFromJWK("key1", "Ed25519VerificationKey2018", "", jwk)
if err != nil {
return err
}
didDoc := &ariesdid.Doc{}
// add did keys
didDoc.Authentication = append(didDoc.Authentication, *ariesdid.NewReferencedVerification(vm,
ariesdid.Authentication))
// add did services
didDoc.Service = []ariesdid.Service{{ID: "svc1", Type: "type", ServiceEndpoint: "http://www.example.com/"}}
// create did
createdDocResolution, err := vdr.Create(didDoc,
vdrapi.WithOption(orb.RecoveryPublicKeyOpt, recoveryKey),
vdrapi.WithOption(orb.UpdatePublicKeyOpt, updateKey),
// No need to use this option because we already use domain
// vdrapi.WithOption(orb.OperationEndpointsOpt, []string{"https://orb-1.devel.trustbloc.dev/sidetree/v1/operations"}),
vdrapi.WithOption(orb.AnchorOriginOpt, "https://orb-2.devel.trustbloc.dev/services/orb"))
if err != nil {
return err
}
fmt.Println(createdDocResolution.DIDDocument.ID)
// recovery private key be will used to sign next recovery request
keyRetrieverImpl.recoverKey = recoveryKeyPrivateKey
// update private key will be used to sign next update request
keyRetrieverImpl.updateKey = updateKeyPrivateKey
discoverableDID := createdDocResolution.DIDDocument.ID
Resolve DID
For resolving DID use vdr read and pass DID URI. To discover orb instance there are two ways explicitly or through did URI.
docResolution, err := vdr.Read(discoverableDID)
if err != nil {
return err
}
fmt.Println(docResolution.DIDDocument.ID)
Update DID
For updating DID use vdr update and pass DID document. To discover orb instance there are two ways explicitly or through domain.
updateKey, updateKeyPrivateKey, err := ed25519.GenerateKey(rand.Reader)
if err != nil {
return err
}
// this key will used for next update request
keyRetrieverImpl.nextUpdatePublicKey = updateKey
didPublicKey, _, err := ed25519.GenerateKey(rand.Reader)
if err != nil {
return err
}
jwk, err := jose.JWKFromKey(didPublicKey)
if err != nil {
return err
}
vm,err:=ariesdid.NewVerificationMethodFromJWK("key1", "Ed25519VerificationKey2018", "", jwk)
if err != nil {
return err
}
didDoc := &ariesdid.Doc{ID: discoverableDID}
didDoc.Authentication = append(didDoc.Authentication, *ariesdid.NewReferencedVerification(vm,
ariesdid.Authentication))
didDoc.CapabilityInvocation = append(didDoc.CapabilityInvocation, *ariesdid.NewReferencedVerification(vm,
ariesdid.CapabilityInvocation))
didDoc.Service = []ariesdid.Service{
{
ID: "svc1",
Type: "typeUpdated",
ServiceEndpoint: "http://www.example.com/",
},
{
ID: "svc2",
Type: "type",
ServiceEndpoint: "http://www.example.com/",
},
}
if err := vdr.Update(didDoc); err != nil {
return err
}
// update private key will be used to sign next update request
keyRetrieverImpl.updateKey = updateKeyPrivateKey
Recover DID
For recovering DID use vdr recover and pass DID document. To discover orb instance there are two ways explicitly or through domain.
recoveryKey, recoveryKeyPrivateKey, err := ed25519.GenerateKey(rand.Reader)
if err != nil {
return err
}
// this key will used for next recover request
keyRetriever.nextRecoveryPublicKey = recoveryKey
didDoc := &ariesdid.Doc{ID: discoverableDID}
didPublicKey, _, err := ed25519.GenerateKey(rand.Reader)
if err != nil {
return err
}
jwk, err := jose.JWKFromKey(didPublicKey)
if err != nil {
return err
}
vm,err:=ariesdid.NewVerificationMethodFromJWK("key1", "Ed25519VerificationKey2018", "", jwk)
if err != nil {
return err
}
didDoc.CapabilityInvocation = append(didDoc.CapabilityInvocation, *ariesdid.NewReferencedVerification(vm,
ariesdid.CapabilityDelegation))
didDoc.Service = []ariesdid.Service{{ID: "svc1", Type: "type", ServiceEndpoint: "http://www.example.com/"}}
if err := e.vdr.Update(didDoc,
vdrapi.WithOption(orb.RecoverOpt, true),
vdrapi.WithOption(orb.AnchorOriginOpt, "https://orb-2.devel.trustbloc.dev/services/orb")); err != nil {
return err
}
// recover private key will be used to sign next recover request
keyRetrieverImpl.recoverKey = recoveryKeyPrivateKey
Deactivate DID
For deactivating DID use vdr recover and pass DID URI. To discover orb instance there are two ways explicitly or through domain.
if err:=vdr.Deactivate(discoverableDID);err!=nil{
return err
}
# Functions
New creates new orb VDR.
WithAuthToken add auth token.
WithAuthTokenProvider add auth token provider.
WithDisableProofCheck disable proof check.
WithDocumentLoader overrides the default JSONLD document loader used when processing JSONLD DID Documents.
WithDomain option is setting domain.
WithHTTPClient option is for custom http client.
WithIPFSEndpoint overrides the global ipfs endpoint.
WithTLSConfig option is for definition of secured HTTP transport using a tls.Config instance.
WithUnanchoredMaxLifeTime option is max time for unanchored to be trusted .
WithVerifyResolutionResultType option is set verify resolution result type.
# Constants
All will verify document if it has unpublished or published operations.
AnchorOriginOpt anchor origin opt this option is not mandatory.
CheckDIDAnchored check did is anchored.
CheckDIDUpdated check did is updated.
DIDMethod did method.
None will not verify document.
OperationEndpointsOpt operation endpoints opt.
Recover operation.
RecoverOpt recover opt.
RecoveryPublicKeyOpt recovery public key opt.
ResolutionEndpointsOpt resolution endpoints opt.
TracingCtxOpt tracing opt.
Unpublished will verify document only if it has unpublished operations.
Update operation.
UpdatePublicKeyOpt update public key opt.
VersionIDOpt version id opt this option is not mandatory.
VersionTimeOpt version time opt this option is not mandatory.
# Interfaces
KeyRetriever key retriever.
SelectDomainService select domain service.
# Type aliases
OperationType operation type.
Option configures the bloc vdr.
VerifyResolutionResultType verify resolution result type.