feat: add support for EcdsaSecp256k1Signature2019Proof and fix pk encoding for EddsaJcs2022Proof

build.sbt

@@ -122,6 +122,9 @@ lazy val D = new {
 
   val jwtCirce = "com.github.jwt-scala" %% "jwt-circe" % V.jwtCirceVersion
   val jsonCanonicalization: ModuleID = "io.github.erdtman" % "java-json-canonicalization" % "1.1"
+  val titaniumJsonLd: ModuleID = "com.apicatalog" % "titanium-json-ld" % "1.4.0"
+  val jakartaJson: ModuleID = "org.glassfish" % "jakarta.json" % "2.0.1"
+  val ironVC: ModuleID = "com.apicatalog" % "iron-verifiable-credentials" % "0.14.0"
   val scodecBits: ModuleID = "org.scodec" %% "scodec-bits" % "1.1.38"
 
   // https://mvnrepository.com/artifact/org.didcommx/didcomm/0.3.2
@@ -184,6 +187,9 @@ lazy val D_Shared = new {
       D.zioCatsInterop,
       D.zioPrelude,
       D.jsonCanonicalization,
+      D.titaniumJsonLd,
+      D.jakartaJson,
+      D.ironVC,
       D.scodecBits,
     )
 }

pollux/core/src/main/scala/org/hyperledger/identus/pollux/core/repository/CredentialStatusListRepositoryInMemory.scala

@@ -96,7 +96,6 @@ class CredentialStatusListRepositoryInMemory(
       emptyJwtCredential <- VCStatusList2021
         .build(
           vcId = s"$statusListRegistryUrl/credential-status/$id",
-          slId = "",
           revocationData = bitString,
           jwtIssuer = jwtIssuer
         )

pollux/sql-doobie/src/main/scala/org/hyperledger/identus/pollux/sql/repository/JdbcCredentialStatusListRepository.scala

@@ -89,7 +89,6 @@ class JdbcCredentialStatusListRepository(xa: Transactor[ContextAwareTask], xb: T
       emptyStatusListCredential <- VCStatusList2021
         .build(
           vcId = s"$statusListRegistryUrl/credential-status/$id",
-          slId = "",
           revocationData = bitString,
           jwtIssuer = jwtIssuer
         )

pollux/vc-jwt/src/main/scala/org/hyperledger/identus/pollux/vc/jwt/DidJWT.scala

@@ -6,12 +6,16 @@ import com.nimbusds.jose.crypto.bc.BouncyCastleProviderSingleton
 import com.nimbusds.jose.jwk.{Curve, ECKey, OctetKeyPair}
 import com.nimbusds.jwt.{JWTClaimsSet, SignedJWT}
 import io.circe.*
-import org.hyperledger.identus.shared.crypto.Ed25519KeyPair
+import org.bouncycastle.jce.spec.ECNamedCurveSpec
+import org.bouncycastle.jce.ECNamedCurveTable
 import zio.*
-
 import java.security.*
+import java.security.interfaces.ECPublicKey
+import scala.jdk.CollectionConverters.*
+import org.hyperledger.identus.shared.crypto.Ed25519KeyPair
 import java.util.Base64
 
+
 opaque type JWT = String
 
 object JWT {
@@ -40,7 +44,14 @@ class ES256KSigner(privateKey: PrivateKey) extends Signer {
   }
 
   override def generateProofForJson(payload: Json, pk: PublicKey): Task[Proof] = {
-    EcdsaJcs2019ProofGenerator.generateProof(payload, privateKey, pk)
+    val err = Throwable("Public key must be secp256k1 EC public key")
+    pk match
+      case pk: ECPublicKey =>
+        getCurveName(pk).fold(ZIO.fail(err)) { curveName =>
+          if curveName != "secp256k1" then ZIO.fail(Throwable(err.getMessage + s", but got $curveName"))
+          else EcdsaSecp256k1Signature2019ProofGenerator.generateProof(payload, signer, pk)
+        }
+      case _ => ZIO.fail(err)
   }
 
   override def encode(claim: Json): JWT = {
@@ -54,6 +65,20 @@ class ES256KSigner(privateKey: PrivateKey) extends Signer {
   }
 }
 
+def getCurveName(publicKey: ECPublicKey): Option[String] = {
+  val params = publicKey.getParams
+
+  val maybeCurveName = ECNamedCurveTable.getNames.asScala.find {
+    case name: String =>
+      val spec = ECNamedCurveTable.getParameterSpec(name)
+      val curveSpec =
+        new ECNamedCurveSpec(spec.getName, spec.getCurve, spec.getG, spec.getN, spec.getH, spec.getSeed)
+      curveSpec.getCurve.equals(params.getCurve)
+    case _ => false
+  }
+  maybeCurveName.fold(Option.empty[String]) { case name: String => Some(name) }
+}
+
 class EdSigner(ed25519KeyPair: Ed25519KeyPair) extends Signer {
   lazy val signer: Ed25519Signer = {
     val d = java.util.Base64.getUrlEncoder.withoutPadding().encodeToString(ed25519KeyPair.privateKey.getEncoded)

pollux/vc-jwt/src/main/scala/org/hyperledger/identus/pollux/vc/jwt/DidResolver.scala

@@ -78,20 +78,6 @@ case class VerificationMethod(
     blockchainAccountId: Option[String] = Option.empty,
     ethereumAddress: Option[String] = Option.empty
 )
-case class JsonWebKey(
-    alg: Option[String] = Option.empty,
-    crv: Option[String] = Option.empty,
-    e: Option[String] = Option.empty,
-    d: Option[String] = Option.empty,
-    ext: Option[Boolean] = Option.empty,
-    key_ops: Vector[String] = Vector.empty,
-    kid: Option[String] = Option.empty,
-    kty: String,
-    n: Option[String] = Option.empty,
-    use: Option[String] = Option.empty,
-    x: Option[String] = Option.empty,
-    y: Option[String] = Option.empty
-)
 case class Service(id: String, `type`: String | Seq[String], serviceEndpoint: Json)
 
 /** An adapter for translating Castor resolver to resolver defined in JWT library */

pollux/vc-jwt/src/main/scala/org/hyperledger/identus/pollux/vc/jwt/EcdsaSecp256k1VerificationKey2019.scala

@@ -0,0 +1,49 @@
+package org.hyperledger.identus.pollux.vc.jwt
+
+import io.circe.*
+import io.circe.syntax.*
+import java.time.Instant
+import java.time.ZoneOffset
+
+case class EcdsaSecp256k1VerificationKey2019(
+    publicKeyJwk: JsonWebKey,
+    id: Option[String] = None,
+    controller: Option[String] = None,
+    expires: Option[Instant] = None
+) {
+  val `type`: String = "EcdsaSecp256k1VerificationKey2019"
+  val `@context`: Set[String] =
+    Set("https://w3id.org/security/v1")
+}
+
+object EcdsaSecp256k1VerificationKey2019 {
+  given ecdsaSecp256k1VerificationKey2019Encoder: Encoder[EcdsaSecp256k1VerificationKey2019] =
+    (key: EcdsaSecp256k1VerificationKey2019) =>
+      Json
+        .obj(
+          ("@context", key.`@context`.asJson),
+          ("type", key.`type`.asJson),
+          ("id", key.id.asJson),
+          ("controller", key.controller.asJson),
+          ("publicKeyJwk", key.publicKeyJwk.asJson.dropNullValues.dropEmptyValues),
+          ("expires", key.expires.map(_.atOffset(ZoneOffset.UTC)).asJson)
+        )
+
+  given ecdsaSecp256k1VerificationKey2019Decoder: Decoder[EcdsaSecp256k1VerificationKey2019] =
+    (c: HCursor) =>
+      for {
+        id <- c.downField("id").as[Option[String]]
+        `type` <- c.downField("type").as[String]
+        controller <- c.downField("controller").as[Option[String]]
+        publicKeyJwk <- c.downField("publicKeyJwk").as[JsonWebKey]
+        expires <- c.downField("expires").as[Option[Instant]]
+      } yield {
+        EcdsaSecp256k1VerificationKey2019(
+          id = id,
+          publicKeyJwk = publicKeyJwk,
+          controller = controller,
+          expires = expires
+        )
+      }
+
+}

pollux/vc-jwt/src/main/scala/org/hyperledger/identus/pollux/vc/jwt/JsonWebKey.scala

@@ -0,0 +1,72 @@
+package org.hyperledger.identus.pollux.vc.jwt
+
+import io.circe.*
+import io.circe.syntax.*
+
+case class JsonWebKey(
+    alg: Option[String] = Option.empty,
+    crv: Option[String] = Option.empty,
+    e: Option[String] = Option.empty,
+    d: Option[String] = Option.empty,
+    ext: Option[Boolean] = Option.empty,
+    key_ops: Vector[String] = Vector.empty,
+    kid: Option[String] = Option.empty,
+    kty: String,
+    n: Option[String] = Option.empty,
+    use: Option[String] = Option.empty,
+    x: Option[String] = Option.empty,
+    y: Option[String] = Option.empty
+)
+
+object JsonWebKey {
+  given jsonWebKeyEncoder: Encoder[JsonWebKey] =
+    (jsonWebKey: JsonWebKey) =>
+      Json
+        .obj(
+          ("alg", jsonWebKey.alg.asJson),
+          ("crv", jsonWebKey.crv.asJson),
+          ("e", jsonWebKey.e.asJson),
+          ("d", jsonWebKey.d.asJson),
+          ("ext", jsonWebKey.ext.asJson),
+          ("key_ops", jsonWebKey.key_ops.asJson),
+          ("kid", jsonWebKey.kid.asJson),
+          ("kty", jsonWebKey.kty.asJson),
+          ("n", jsonWebKey.n.asJson),
+          ("use", jsonWebKey.use.asJson),
+          ("x", jsonWebKey.x.asJson),
+          ("y", jsonWebKey.y.asJson),
+        )
+
+  given jsonWebKeyDecoder: Decoder[JsonWebKey] =
+    (c: HCursor) =>
+      for {
+        alg <- c.downField("alg").as[Option[String]]
+        crv <- c.downField("crv").as[Option[String]]
+        e <- c.downField("e").as[Option[String]]
+        d <- c.downField("d").as[Option[String]]
+        ext <- c.downField("ext").as[Option[Boolean]]
+        key_ops <- c.downField("key_ops").as[Vector[String]]
+        kid <- c.downField("kid").as[Option[String]]
+        kty <- c.downField("kty").as[String]
+        n <- c.downField("n").as[Option[String]]
+        use <- c.downField("use").as[Option[String]]
+        x <- c.downField("x").as[Option[String]]
+        y <- c.downField("y").as[Option[String]]
+      } yield {
+        JsonWebKey(
+          alg = alg,
+          crv = crv,
+          e = e,
+          d = d,
+          ext = ext,
+          key_ops = key_ops,
+          kid = kid,
+          kty = kty,
+          n = n,
+          use = use,
+          x = x,
+          y = y
+        )
+      }
+
+}