UNPKG

@sphereon/gx-agent-cli

Version:

Gaia-X Compliance Client CLI

github.com/Sphereon/gx-agent

Sphereon/gx-agent

161 lines (150 loc) 6.12 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
import { program } from 'commander' import { printTable } from 'console-table-printer' import fs from 'fs' import { DIDResolutionResult, IIdentifier } from '@veramo/core' import { asDID, convertDidWebToHost, ExportFileResult, getAgent } from '@sphereon/gx-agent' const did = program.command('did').description('Decentralized Identifiers (DID) commands') did .command('create') .description('creates a did:web from X509 Certificates provided using files') .requiredOption('--private-key-file <string>', 'Private Key file') .requiredOption('--cert-file <string>', 'Certificate file') .requiredOption('--ca-chain-file <string>', 'the Certificate Chain file') .requiredOption('-d, --domain <string>', 'the domain of certificate (CN), which will be used in the DID') .option('--ca-chain-url <string>', 'the Certificate Chain URL to use. A default location will be used if not supplied') .option( '-kid, --key-identifier <string>', 'An optional key identifier name for the certificate and key. Will be stored in the DID Document. A default will be used if not supplied' ) .option('--show', 'Show resulting did') .action(async (cmd) => { const agent = await getAgent() const privateKeyPEM = fs.readFileSync(cmd.privateKeyFile, 'utf-8') const certificatePEM = fs.readFileSync(cmd['certFile'], 'utf-8') const certificateChainPEM = fs.readFileSync(cmd['caChainFile'], 'utf-8') const did = await asDID(cmd.domain, cmd.show === true) const cn = convertDidWebToHost(did) const x5cFile = cmd['caChainFile'].split('\\').pop().split('/').pop() const x5u = cmd['caChainUrl'] if (x5u && x5u.startsWith('http://') && !x5u.startsWith('http://localhost')) { throw Error(`A CA chain needs to be hosted in a secure https:// location!. url supplied: ${x5u}`) } // fixme: this should be an optional param. If not supplied we can do it like this const certificateChainURL = x5u ? `https://${x5u.replace('https://', '')}` : `https://${cn}/.well-known/${x5cFile}` try { const identifier: IIdentifier = await agent.createDIDFromX509({ domain: did, privateKeyPEM, certificatePEM, certificateChainPEM, certificateChainURL, // kms: 'local' kid: cmd.keyIdentifier ? cmd.keyIdentifier : 'JWK2020-RSA', }) printTable([{ provider: identifier.provider, DID: identifier.did, alias: identifier.alias }]) } catch (e: any) { console.error(e.message) } }) did .command('list') .description('lists identifiers stored in the agent') .action(async (cmd) => { const agent = await getAgent() try { const identifiers: IIdentifier[] = await agent.didManagerFind({ provider: 'did:web' }) if (!identifiers || identifiers.length === 0) { console.error('No identifiers stored in the agent!') } else { printTable( identifiers.map((id) => { return { provider: id.provider, DID: id.did, alias: id.alias, } }) ) } } catch (e: any) { console.error(e.message) } }) export async function exportDID(cmd: any, did: string): Promise<ExportFileResult[]> { const agent = await getAgent() const path = cmd.path ? cmd.path : 'exported' const didStr = await asDID(did) try { const exportResult = await agent.exportDIDToPath({ domain: didStr, path }) if (!exportResult || exportResult.length === 0) { console.error(`Nothing exported for ${didStr}`) } else { printTable( exportResult.map((result) => { return { DID: didStr, ...result } }) ) console.log('Well-known DID files have been exported.') console.log( `Please copy everything from ${path}/${convertDidWebToHost( didStr )}, to your webserver. Do not forget to include the hidden .well-known directory!` ) } return exportResult } catch (e: any) { console.error(e.message) throw e } } did .command('export') .description( "export a DID and it's CA-chain to a well-known location, for hosting. Be aware that this will create a .well-known path, which is invisible in most Operating Systems" ) .argument('[did]', 'the DID or domain of certificate (CN). Optional if participantDID is configured or only one DID is present') .option('-p, --path <string>', 'A base path to export the files to. Defaults to "exported"') .action(async (did, cmd) => { await exportDID(cmd, did) }) did .command('delete') .description("deletes a DID and it's CA-chain from the agent") .argument('<did>', 'the DID or domain of certificate (CN)') .action(async (did) => { const agent = await getAgent() const didStr = await asDID(did) try { const succeeded = await agent.didManagerDelete({ did: didStr }) printTable([{ DID: didStr, deleted: succeeded }]) } catch (e: any) { console.error(e.message) } }) did .command('resolve') .description('resolves a did:web') .argument('[did]', 'Optional DID or domain associated with the DID web') .option('-l, --local-only', 'Only resolves agent stored DIDs. Does not call externally hosted DIDs') // .requiredOption('-d, --did <string>', 'the DID or domain associated with the DID web') .action(async (did, opts) => { const didStr = await asDID(did) const agent = await getAgent() try { printTable([{ DID: didStr }]) if (opts?.localOnly) { console.log('DID Document:\n' + JSON.stringify(await agent.exportDIDDocument({ domain: didStr }), null, 2)) return } const result: DIDResolutionResult = await agent.resolveDid({ didUrl: didStr }) if (result.didDocument) { console.log(JSON.stringify(result.didDocument, null, 2)) } else if (result.didResolutionMetadata) { console.log(printTable([{ ...result.didResolutionMetadata }])) } else { console.error(`Unknown error occurred resolving DID ${didStr}`) } } catch (e: any) { console.error(e.message) } })