Implemented storing encrypted credentials in Ceramic (#15)

* wip

* wip

* save and get vc from ceramic

* update type

* add uniqBy method

* fixes after review

* move store vc to ceramic method

* remove backups

* update changelog

* hotfix

* update config

* remove comments

* fixes after review

CHANGELOG.md

@@ -6,6 +6,15 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 ## [Unreleased]
+### Changed
+- `@rarimo/rarime`:
+  - Save credentials to ceramic instead of snap store
+
+### Removed
+- `@rarimo/rarime`:
+  - `create` and `recover` backup methods
+- `@rarimo/rarime-connector`:
+  - `create` and `recover` backup methods
 
 ## [0.8.0] - 2023-10-23
 ### Changed

packages/connector/README.md

@@ -156,21 +156,6 @@ type StateInfo = {
 };
 ```
 
-
-### Create a backup
-To create a backup of keys and credentials:
-```typescript
-createBackup(): Promise<boolean>
-```
-Returns true if backup created
-
-### Recovery from a backup
-Recovering the identity and credentials from a backup:
-```typescript
-recoverBackup(): Promise<boolean>
-```
-Returns true if backup recovered
-
 ### Check state contract sync
 
 ```typescript

packages/connector/src/methods.ts

@@ -32,21 +32,6 @@ export const createIdentity = async function (
   );
 };
 
-export const createBackup = async function (
-  this: MetamaskSnap,
-): Promise<boolean> {
-  return await sendSnapMethod({ method: RPCMethods.CreateBackup }, this.snapId);
-};
-
-export const recoverBackup = async function (
-  this: MetamaskSnap,
-): Promise<boolean> {
-  return await sendSnapMethod(
-    { method: RPCMethods.RecoverBackup },
-    this.snapId,
-  );
-};
-
 export const saveCredentials = async function (
   this: MetamaskSnap,
   params: SaveCredentialsRequestParams,

packages/connector/src/snap.ts

@@ -1,9 +1,7 @@
 import { SnapConnector } from './types';
 import {
-  createBackup,
   createIdentity,
   createProof,
-  recoverBackup,
   saveCredentials,
   checkStateContractSync,
   getCredentials,
@@ -19,8 +17,6 @@ export class MetamaskSnap {
   public getConnector = async (): Promise<SnapConnector> => {
     return {
       createIdentity: createIdentity.bind(this),
-      createBackup: createBackup.bind(this),
-      recoverBackup: recoverBackup.bind(this),
       saveCredentials: saveCredentials.bind(this),
       createProof: createProof.bind(this),
       checkStateContractSync: checkStateContractSync.bind(this),

packages/connector/src/types.ts

@@ -9,8 +9,6 @@ declare global {
 
 export enum RPCMethods {
   CreateIdentity = 'create_identity',
-  CreateBackup = 'create_backup',
-  RecoverBackup = 'recover_backup',
   SaveCredentials = 'save_credentials',
   CreateProof = 'create_proof',
   CheckStateContractSync = 'check_state_contract_sync',
@@ -19,8 +17,6 @@ export enum RPCMethods {
 
 export type SnapConnector = {
   createIdentity(): Promise<string>;
-  createBackup(): Promise<boolean>;
-  recoverBackup(): Promise<boolean>;
   saveCredentials(
     params: SaveCredentialsRequestParams,
   ): Promise<W3CCredential[]>;

packages/site/src/pages/index.tsx

@@ -7,8 +7,6 @@ import {
   createIdentity,
   sendVc,
   shouldDisplayReconnectButton,
-  createBackup,
-  recoverBackup,
   reconnectSnap,
   checkStateContractSync,
   getCredentials,
@@ -158,24 +156,6 @@ const Index = () => {
     }
   };
 
-  const handleCreateBackupClick = async () => {
-    try {
-      await createBackup();
-    } catch (e) {
-      console.error(e);
-      dispatch({ type: MetamaskActions.SetError, payload: e });
-    }
-  };
-
-  const handleRecoverBackupClick = async () => {
-    try {
-      await recoverBackup();
-    } catch (e) {
-      console.error(e);
-      dispatch({ type: MetamaskActions.SetError, payload: e });
-    }
-  };
-
   const handleCheckStateContractSyncClick = async () => {
     try {
       await checkStateContractSync();
@@ -305,43 +285,6 @@ const Index = () => {
             !shouldDisplayReconnectButton(state.installedSnap)
           }
         />
-        <Card
-          content={{
-            title: 'Create a backup',
-            description: 'Creating a backup of keys and credentials',
-            button: (
-              <SendHelloButton
-                onClick={handleCreateBackupClick}
-                disabled={!state.installedSnap}
-              />
-            ),
-          }}
-          disabled={!state.installedSnap}
-          fullWidth={
-            state.isFlask &&
-            Boolean(state.installedSnap) &&
-            !shouldDisplayReconnectButton(state.installedSnap)
-          }
-        />
-        <Card
-          content={{
-            title: 'Recovery from a backup',
-            description:
-              'Recovering the identity and credentials from a backup',
-            button: (
-              <SendHelloButton
-                onClick={handleRecoverBackupClick}
-                disabled={!state.installedSnap}
-              />
-            ),
-          }}
-          disabled={!state.installedSnap}
-          fullWidth={
-            state.isFlask &&
-            Boolean(state.installedSnap) &&
-            !shouldDisplayReconnectButton(state.installedSnap)
-          }
-        />
         <Card
           content={{
             title: 'Check Sync',

packages/site/src/utils/snap.ts

@@ -38,6 +38,7 @@ export const createProof = async () => {
   const data = await connector.createProof({
     circuitId: 'credentialAtomicQueryMTPV2OnChain',
     accountAddress: accounts[0],
+    issuerDid: 'did:iden3:tJgV5GSETVoEdg3BeQygWJdNEHHwZTSSiCB1NkM1u',
     query: {
       allowedIssuers: ['*'],
       credentialSubject: {
@@ -51,14 +52,6 @@ export const createProof = async () => {
   console.log(data);
 };
 
-export const createBackup = async () => {
-  await connector.createBackup();
-};
-
-export const recoverBackup = async () => {
-  await connector.recoverBackup();
-};
-
 export const checkStateContractSync = async () => {
   const isSynced = await connector.checkStateContractSync();
 

packages/snap/README.md

@@ -101,30 +101,6 @@ where:
 	- **type**: type of credentials allowed
 	- **credentialSubject**: query request to a query circuit
 
-### Create a backup
-To create a backup of keys and credentials:
-```javascript
-await window.ethereum.request({
-  method: 'wallet_invokeSnap',
-  params: {
-  snapId: 'snapId',
-    request: { method: 'create_backup' },
-  },
-});
-```
-
-### Recovery from a backup
-Recovering the identity and credentials from a backup:
-```javascript
-await window.ethereum.request({
-  method: 'wallet_invokeSnap',
-  params: {
-  snapId: 'snapId',
-    request: { method: 'recover_backup' },
-  },
-});
-```
-
 ### Check state contract
 
 Returns `true` if the state contract on current chain need to be synced:

packages/snap/package.json

@@ -33,10 +33,12 @@
     "preversion": "yarn && yarn build && git add snap.manifest.json"
   },
   "dependencies": {
+    "@ceramicnetwork/http-client": "2.27.0",
     "@ethersproject/abi": "5.0.0",
     "@ethersproject/bytes": "5.7.0",
     "@ethersproject/keccak256": "5.7.0",
     "@ethersproject/providers": "5.7.2",
+    "@glazed/did-datastore": "0.3.2",
     "@iden3/js-crypto": "1.0.0-beta.1",
     "@iden3/js-iden3-core": "1.0.0-beta.2",
     "@iden3/js-jsonld-merklization": "1.0.0-beta.14",
@@ -47,8 +49,11 @@
     "@metamask/snaps-ui": "0.32.2",
     "@rarimo/rarime-connector": "0.8.0",
     "buffer": "6.0.3",
+    "dids": "4.0.4",
     "ethers": "5.7.2",
     "intl": "1.2.5",
+    "key-did-provider-ed25519": "3.0.2",
+    "key-did-resolver": "3.0.0",
     "typia": "4.1.3",
     "uuid": "9.0.0"
   },

packages/snap/post-process.js

@@ -9,6 +9,11 @@ let bundleString = fs.readFileSync(bundlePath, 'utf8');
 
 bundleString = 'var Worker = {};\n'.concat(bundleString);
 
+bundleString = bundleString.replace(
+  "/** @type {import('cborg').TagDecoder[]} */",
+  '',
+);
+
 // Remove eval
 bundleString = bundleString.replaceAll(`eval(`, 'evalIn(');
 

packages/snap/snap.manifest.json

@@ -7,7 +7,7 @@
     "url": "https://github.com/rarimo/rarime.git"
   },
   "source": {
-    "shasum": "y+9O7z7mlNe85T/RCp32jySBwGoJ9tf0NrKlLrpgNdw=",
+    "shasum": "k0vZhwN7YHi80/3dxEZiMAoKCkN9NMvFESjYAPFdMYk=",
     "location": {
       "npm": {
         "filePath": "dist/bundle.js",

packages/snap/src/config.ts

@@ -88,3 +88,32 @@ export const SUPPORTED_CHAINS: Record<number, ChainInfo> = {
 };
 
 export const GET_CREDENTIALS_SUPPORTED_HOSTNAMES = ['localhost'];
+
+/*
+https://developers.ceramic.network/tools/glaze/deploy-from-cli/
+
+Publish models:
+1) glaze config:set ceramic-url ceramic-url(https://.....)
+2) glaze model:create encrypted-data
+3) glaze did:create
+  Save the private key and did and then use it in --key
+4) glaze model:add encrypted-data schema EncryptedCredentials '{"$schema":"http://json-schema.org/draft-07/schema#","title":"EncryptedCredentials","type":" object","properties":{"data":{"type":"string"}},"required":["data"],"additionalProperties":false}' --key=key
+5) glaze model:inspect encrypted-data
+  We take the schema version from there
+  And insert into schema (point 6) (ceramic:// + version)
+6) glaze model:add encrypted-data definition encryptedCredentials '{"name":"Encrypted credentials","description":"Encrypted verifiable credentials in Ceramic","schema":"ceramic://k3y52l7qbv1fryhxouyfmpmct2tiehvosfgkcqiqc2enafrolcq0i34ocim3p0ge8" }' --key =key
+7) glaze model:deploy encrypted-data ./deployed-model.json
+*/
+export const CERAMIC_ALIASES = {
+  definitions: {
+    encryptedCredentials:
+      'kjzl6cwe1jw148ogdspueenn4m3zbose42od00t7j17su653wql2rp73plm3biq',
+  },
+  schemas: {
+    EncryptedCredentials:
+      'ceramic://k3y52l7qbv1frymy245dkbe095vtpn9vqz4o5fu43gxrsu5c2h227i2ddw95y6a68',
+  },
+  tiles: {},
+};
+
+export const CERAMIC_URL = 'https://ceramic.rarimo.com';