sonr/pkg/crypto/mpc/ucan.go

package mpc

import (
	"fmt"
	"time"

	"github.com/golang-jwt/jwt"
	"github.com/ucan-wg/go-ucan"
)

type (
	Token  = ucan.Token
	Claims = ucan.Claims
	Proof  = ucan.Proof

	Attenuations = ucan.Attenuations
	Fact         = ucan.Fact
)

var (
	UCANVersion    = ucan.UCANVersion
	UCANVersionKey = ucan.UCANVersionKey
	PrfKey         = ucan.PrfKey
	FctKey         = ucan.FctKey
	AttKey         = ucan.AttKey
	CapKey         = ucan.CapKey
)

type keyshareSource struct {
	userShare *UserKeyshare
	valShare  *ValKeyshare

	addr      string
	issuerDID string
}

func (k keyshareSource) NewOriginToken(audienceDID string, att Attenuations, fct []Fact, notBefore, expires time.Time) (*ucan.Token, error) {
	return k.newToken(audienceDID, nil, att, fct, notBefore, expires)
}

func (k keyshareSource) NewAttenuatedToken(parent *Token, audienceDID string, att ucan.Attenuations, fct []ucan.Fact, nbf, exp time.Time) (*Token, error) {
	if !parent.Attenuations.Contains(att) {
		return nil, fmt.Errorf("scope of ucan attenuations must be less than it's parent")
	}
	return k.newToken(audienceDID, append(parent.Proofs, Proof(parent.Raw)), att, fct, nbf, exp)
}

func (k keyshareSource) newToken(audienceDID string, prf []Proof, att Attenuations, fct []Fact, nbf, exp time.Time) (*ucan.Token, error) {
	t := jwt.New(newMPCSigningMethod("MPC256", k))

	// if _, err := did.Parse(audienceDID); err != nil {
	// 	return nil, fmt.Errorf("invalid audience DID: %w", err)
	// }

	t.Header[UCANVersionKey] = UCANVersion

	var (
		nbfUnix int64
		expUnix int64
	)

	if !nbf.IsZero() {
		nbfUnix = nbf.Unix()
	}
	if !exp.IsZero() {
		expUnix = exp.Unix()
	}

	// set our claims
	t.Claims = &Claims{
		StandardClaims: &jwt.StandardClaims{
			Issuer:    k.issuerDID,
			Audience:  audienceDID,
			NotBefore: nbfUnix,
			// set the expire time
			// see http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-20#section-4.1.4
			ExpiresAt: expUnix,
		},
		Attenuations: att,
		Facts:        fct,
		Proofs:       prf,
	}

	raw, err := t.SignedString(nil)
	if err != nil {
		return nil, err
	}

	return &Token{
		Raw:          raw,
		Attenuations: att,
		Facts:        fct,
		Proofs:       prf,
	}, nil
}
feature/1114 implement account interface (#1167) - refactor: move session-related code to middleware package - refactor: update PKL build process and adjust related configurations - feat: integrate base.cosmos.v1 Genesis module - refactor: pass session context to modal rendering functions - refactor: move nebula package to app directory and update templ version - refactor: Move home section video view to dedicated directory - refactor: remove unused views file - refactor: move styles and UI components to global scope - refactor: Rename images.go to cdn.go - feat: Add Empty State Illustrations - refactor: Consolidate Vault Index Logic - fix: References to App.wasm and remove Vault Directory embedded CDN files - refactor: Move CDN types to Models - fix: Correct line numbers in templ error messages for arch_templ.go - refactor: use common types for peer roles - refactor: move common types and ORM to a shared package - fix: Config import dwn - refactor: move nebula directory to app - feat: Rebuild nebula - fix: correct file paths in panels templates - feat: Remove duplicate types - refactor: Move dwn to pkg/core - refactor: Binary Structure - feat: Introduce Crypto Pkg - fix: Broken Process Start - *feat: Update pkg/ structure - feat: Refactor PKL Structure - build: update pkl build process - chore: Remove Empty Files - refactor: remove unused macaroon package - feat: Add WebAwesome Components - refactor: consolidate build and generation tasks into a single taskfile, remove redundant makefile targets - refactor: refactor server and move components to pkg/core/dwn - build: update go modules - refactor: move gateway logic into dedicated hway command - feat: Add KSS (Krawczyk-Song-Song) MPC cryptography module - feat: Implement MPC-based JWT signing and UCAN token generation - feat: add support for MPC-based JWT signing - feat: Implement MPC-based UCAN capabilities for smart accounts - feat: add address field to keyshareSource - feat: Add comprehensive MPC test suite for keyshares, UCAN tokens, and token attenuations - refactor: improve MPC keyshare management and signing process - feat: enhance MPC capability hierarchy documentation - refactor: rename GenerateKeyshares function to NewKeyshareSource for clarity - refactor: remove unused Ethereum address computation - feat: Add HasHandle and IsAuthenticated methods to HTTPContext - refactor: Add context.Context support to session HTTPContext - refactor: Resolve context interface conflicts in HTTPContext - feat: Add session ID context key and helper functions - feat: Update WebApp Page Rendering - refactor: Simplify context management by using single HTTPContext key - refactor: Simplify HTTPContext creation and context management in session middleware - refactor: refactor session middleware to use a single data structure - refactor: Simplify HTTPContext implementation and session data handling - refactor: Improve session context handling and prevent nil pointer errors - refactor: Improve session context handling with nil safety and type support - refactor: improve session data injection - feat: add full-screen modal component and update registration flow - chore: add .air.toml to .gitignore - feat: add Air to devbox and update dependencies** 2024-11-23 01:28:58 -05:00			`package mpc`

			`import (`
			`"fmt"`
			`"time"`

			`"github.com/golang-jwt/jwt"`
			`"github.com/ucan-wg/go-ucan"`
			`)`

			`type (`
			`Token = ucan.Token`
			`Claims = ucan.Claims`
			`Proof = ucan.Proof`

			`Attenuations = ucan.Attenuations`
			`Fact = ucan.Fact`
			`)`

			`var (`
			`UCANVersion = ucan.UCANVersion`
			`UCANVersionKey = ucan.UCANVersionKey`
			`PrfKey = ucan.PrfKey`
			`FctKey = ucan.FctKey`
			`AttKey = ucan.AttKey`
			`CapKey = ucan.CapKey`
			`)`

			`type keyshareSource struct {`
			`userShare *UserKeyshare`
			`valShare *ValKeyshare`

			`addr string`
			`issuerDID string`
			`}`

			`func (k keyshareSource) NewOriginToken(audienceDID string, att Attenuations, fct []Fact, notBefore, expires time.Time) (*ucan.Token, error) {`
			`return k.newToken(audienceDID, nil, att, fct, notBefore, expires)`
			`}`

			`func (k keyshareSource) NewAttenuatedToken(parent Token, audienceDID string, att ucan.Attenuations, fct []ucan.Fact, nbf, exp time.Time) (Token, error) {`
			`if !parent.Attenuations.Contains(att) {`
			`return nil, fmt.Errorf("scope of ucan attenuations must be less than it's parent")`
			`}`
			`return k.newToken(audienceDID, append(parent.Proofs, Proof(parent.Raw)), att, fct, nbf, exp)`
			`}`

			`func (k keyshareSource) newToken(audienceDID string, prf []Proof, att Attenuations, fct []Fact, nbf, exp time.Time) (*ucan.Token, error) {`
			`t := jwt.New(newMPCSigningMethod("MPC256", k))`

			`// if _, err := did.Parse(audienceDID); err != nil {`
			`// return nil, fmt.Errorf("invalid audience DID: %w", err)`
			`// }`

			`t.Header[UCANVersionKey] = UCANVersion`

			`var (`
			`nbfUnix int64`
			`expUnix int64`
			`)`

			`if !nbf.IsZero() {`
			`nbfUnix = nbf.Unix()`
			`}`
			`if !exp.IsZero() {`
			`expUnix = exp.Unix()`
			`}`

			`// set our claims`
			`t.Claims = &Claims{`
			`StandardClaims: &jwt.StandardClaims{`
			`Issuer: k.issuerDID,`
			`Audience: audienceDID,`
			`NotBefore: nbfUnix,`
			`// set the expire time`
			`// see http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-20#section-4.1.4`
			`ExpiresAt: expUnix,`
			`},`
			`Attenuations: att,`
			`Facts: fct,`
			`Proofs: prf,`
			`}`

			`raw, err := t.SignedString(nil)`
			`if err != nil {`
			`return nil, err`
			`}`

			`return &Token{`
			`Raw: raw,`
			`Attenuations: att,`
			`Facts: fct,`
			`Proofs: prf,`
			`}, nil`
			`}`