@interop/did-web-resolver 1.1.0 → 2.2.0

package/README.md

@@ -21,7 +21,7 @@ TBD
 ## Background
 
 A `did:web` method driver for use with in-browser and server-side on Node.js
-with the [`did-io`](https://github.com/digitalbazaar/did-io) resolver library. 
+with the [`did-io`](https://github.com/digitalcredentials/did-io) resolver library. 
 
 Draft spec (W3C CCG Work Item):
 
@@ -37,9 +37,9 @@ Other implementations:
 
 ```js
 import { Ed25519VerificationKey2020 }
-  from '@digitalbazaar/ed25519-verification-key-2020'
+  from '@digitalcredentials/ed25519-verification-key-2020'
 import { X25519KeyAgreementKey2020 }
-  from '@digitalbazaar/x25519-key-agreement-key-2020'
+  from '@digitalcredentials/x25519-key-agreement-key-2020'
 import { CryptoLD } from 'crypto-ld'
 
 import * as didWeb from '@interop/did-web-resolver'
@@ -51,16 +51,47 @@ cryptoLd.use(X25519KeyAgreementKey2020)
 const didWebDriver = didWeb.driver({ cryptoLd })
 
 // Optionally use it with the CachedResolver from did-io
-import {CachedResolver} from '@digitalbazaar/did-io';
+import {CachedResolver} from '@digitalcredentials/did-io';
 const resolver = new CachedResolver()
 resolver.use(didWebDriver)
 ```
 
 ### Generating a new DID
 
+#### Generating from seed
+
+If you have a deterministic secret seed (created with [`did-cli`](https://github.com/digitalcredentials/did-cli),
+for example) and would like to generate a `did:web` document from it:
+
 ```js
-const { didDocument, keyPairs, methodFor } = await didWebDriver.generate()
+const url = 'https://example.com'
+const seed = 'z1AhV1bADy7RepJ64mvH7Kk7htFNGc7EA1WA5nGzLSTWc6o'
 
+const { didDocument, keyPairs, methodFor } = await didWebDriver.generate({ url, seed })
+// didDocument
+{
+  '@context': [
+    'https://www.w3.org/ns/did/v1',
+    'https://w3id.org/security/suites/ed25519-2020/v1',
+    'https://w3id.org/security/suites/x25519-2020/v1'
+  ],
+  id: 'did:web:example.com',
+  assertionMethod: [{
+    id: 'did:web:example.com#z6MkmDMjfkjs9XPCN1LfoQQRHz1mJ8PEdiVYC66XKhj3wGyB',
+    type: 'Ed25519VerificationKey2020',
+    controller: 'did:web:example.com',
+    publicKeyMultibase: 'z6MkmDMjfkjs9XPCN1LfoQQRHz1mJ8PEdiVYC66XKhj3wGyB'
+  }]
+}
+```
+
+#### Generating new random keys
+
+Invoking `generate()` by itself will create new keypairs for each proof purpose.
+
+```js
+const { didDocument, keyPairs, methodFor } = await didWebDriver.generate()
+// didDocument
 {
   '@context': [
     'https://www.w3.org/ns/did/v1',

package/build-dist.sh

@@ -0,0 +1,14 @@
+mkdir ./dist/esm
+cat >dist/esm/index.js <<!EOF
+import cjsModule from '../index.js';
+export const driver = cjsModule.driver;
+export const DidWebResolver = cjsModule.DidWebResolver;
+export const didFromUrl = cjsModule.didFromUrl;
+export const urlFromDid = cjsModule.urlFromDid;
+!EOF
+
+cat >dist/esm/package.json <<!EOF
+{
+  "type": "module"
+}
+!EOF

package/dist/DidWebResolver.js

@@ -0,0 +1,379 @@
+'use strict';
+
+Object.defineProperty(exports, '__esModule', { value: true });
+
+var httpClient = require('@digitalcredentials/http-client');
+var didIo = require('@digitalcredentials/did-io');
+var ed25519Context = require('ed25519-signature-2020-context');
+var x25519Context = require('x25519-key-agreement-2020-context');
+var didContext = require('did-context');
+var bnid = require('@digitalcredentials/bnid');
+
+function _interopDefaultLegacy (e) { return e && typeof e === 'object' && 'default' in e ? e : { 'default': e }; }
+
+function _interopNamespace(e) {
+  if (e && e.__esModule) return e;
+  var n = Object.create(null);
+  if (e) {
+    Object.keys(e).forEach(function (k) {
+      if (k !== 'default') {
+        var d = Object.getOwnPropertyDescriptor(e, k);
+        Object.defineProperty(n, k, d.get ? d : {
+          enumerable: true,
+          get: function () { return e[k]; }
+        });
+      }
+    });
+  }
+  n["default"] = e;
+  return Object.freeze(n);
+}
+
+var didIo__namespace = /*#__PURE__*/_interopNamespace(didIo);
+var ed25519Context__default = /*#__PURE__*/_interopDefaultLegacy(ed25519Context);
+var x25519Context__default = /*#__PURE__*/_interopDefaultLegacy(x25519Context);
+var didContext__default = /*#__PURE__*/_interopDefaultLegacy(didContext);
+
+const { VERIFICATION_RELATIONSHIPS } = didIo__namespace;
+
+const DEFAULT_KEY_MAP = {
+  capabilityInvocation: 'Ed25519VerificationKey2020',
+  authentication: 'Ed25519VerificationKey2020',
+  assertionMethod: 'Ed25519VerificationKey2020',
+  capabilityDelegation: 'Ed25519VerificationKey2020',
+  keyAgreement: 'X25519KeyAgreementKey2020'
+};
+
+function didFromUrl ({ url } = {}) {
+  if (!url) {
+    throw new TypeError('Cannot convert url to did, missing url.')
+  }
+  if (url.startsWith('http:')) {
+    throw new TypeError('did:web does not support non-HTTPS URLs.')
+  }
+
+  let parsedUrl;
+  try {
+    parsedUrl = new URL(url);
+  } catch (error) {
+    throw new TypeError(`Invalid url: "${url}".`)
+  }
+
+  const { host, pathname } = parsedUrl;
+
+  let pathComponent = '';
+  if (pathname && pathname !== '/' && pathname !== '/.well-known/did.json') {
+    pathComponent = pathname.split('/').map(encodeURIComponent).join(':');
+  }
+
+  return 'did:web:' + encodeURIComponent(host) + pathComponent
+}
+
+function urlFromDid ({ did } = {}) {
+  if (!did) {
+    throw new TypeError('Cannot convert did to url, missing did.')
+  }
+  if (!did.startsWith('did:web:')) {
+    throw new TypeError(`DID Method not supported: "${did}".`)
+  }
+
+  const [didUrl, hashFragment] = did.split('#');
+  // eslint-disable-next-line no-unused-vars
+  // const [didResource, query] = didUrl.split('?')
+
+  // eslint-disable-next-line no-unused-vars
+  const [_did, _web, urlNoProtocol] = didUrl.split(':');
+
+  let parsedUrl;
+  try {
+    // URI-decode the url (in case it contained a port number,
+    // for example, `did:web:localhost%3A8080`
+    parsedUrl = new URL('https://' + decodeURIComponent(urlNoProtocol));
+  } catch (error) {
+    throw new TypeError(`Cannot construct url from did: "${did}".`)
+  }
+
+  if (!parsedUrl.pathname || parsedUrl.pathname === '/') {
+    parsedUrl.pathname = '/.well-known/did.json';
+  } else {
+    const pathFragments = parsedUrl.pathname.split('/');
+    parsedUrl.pathname = pathFragments.map(decodeURIComponent).join('/');
+  }
+
+  if (hashFragment) {
+    parsedUrl.hash = hashFragment;
+  }
+  return parsedUrl.toString()
+}
+
+/**
+ * Initializes the DID Document's keys/proof methods.
+ *
+ * @example
+ * didDocument.id = 'did:ex:123';
+ * const {didDocument, keyPairs} = await initKeys({
+ *   didDocument,
+ *   cryptoLd,
+ *   keyMap: {
+ *     capabilityInvocation: someExistingKey,
+ *     authentication: 'Ed25519VerificationKey2020',
+ *     assertionMethod: 'Ed25519VerificationKey2020',
+ *     keyAgreement: 'X25519KeyAgreementKey2019'
+ *   }
+ * });.
+ *
+ * @param {object} options - Options hashmap.
+ * @param {object} options.didDocument - DID Document.
+ * @typedef {object} CryptoLD
+ * @param {CryptoLD} [options.cryptoLd] - CryptoLD driver instance,
+ *   initialized with the key types this DID Document intends to support.
+ * @param {object} [options.keyMap] - Map of keys (or key types) by purpose.
+ *
+ * @returns {Promise<{didDocument: object, keyPairs: Map}>} Resolves with the
+ *   DID Document initialized with keys, as well as the map of the corresponding
+ *   key pairs (by key id).
+ */
+async function initKeys ({ didDocument, cryptoLd, keyMap } = {}) {
+  const doc = { ...didDocument };
+  if (!doc.id) {
+    throw new TypeError(
+      'DID Document "id" property is required to initialize keys.')
+  }
+
+  const keyPairs = new Map();
+
+  // Set the defaults for the created keys (if needed)
+  const options = { controller: doc.id };
+
+  for (const purpose in keyMap) {
+    if (!VERIFICATION_RELATIONSHIPS.has(purpose)) {
+      throw new Error(`Unsupported key purpose: "${purpose}".`)
+    }
+
+    let key;
+    if (typeof keyMap[purpose] === 'string') {
+      if (!cryptoLd) {
+        throw new Error('Please provide an initialized CryptoLD instance.')
+      }
+      key = await cryptoLd.generate({ type: keyMap[purpose], ...options });
+    } else {
+      // An existing key has been provided
+      key = keyMap[purpose];
+    }
+
+    doc[purpose] = [key.export({ publicKey: true })];
+    keyPairs.set(key.id, key);
+  }
+
+  return { didDocument: doc, keyPairs }
+}
+
+class DidWebResolver {
+  /**
+   * @param cryptoLd {CryptoLD}
+   * @param keyMap {object}
+   * @param [logger] {object} Logger object (with .log, .error, .warn,
+   *   etc methods).
+   */
+  constructor ({ cryptoLd, keyMap = DEFAULT_KEY_MAP, logger = console } = {}) {
+    this.method = 'web'; // did:web:... (used for didIo resolver harness)
+    this.cryptoLd = cryptoLd;
+    this.keyMap = keyMap;
+    this.logger = logger;
+  }
+
+  /**
+   * Generates a new DID Document and initializes various authentication
+   * and authorization proof purpose keys.
+   *
+   * @example
+   *   const url = 'https://example.com'
+   *   const { didDocument, didKeys } = await didWeb.generate({url})
+   *   didDocument.id
+   *   // -> 'did:web:example.com'
+   *
+   *
+   * Either an `id` or a `url` is required:
+   * @param [id] {string} - A did:web DID. If absent, will be converted from url
+   * @param [url] {string}
+   *
+   * @param [keyMap] {object} A hashmap of key types by purpose.
+   *
+   * @parma [cryptoLd] {object} CryptoLD instance with support for supported
+   *   crypto suites installed.
+   *
+   * @returns {Promise<{didDocument: object, keyPairs: Map,
+   *   methodFor: Function}>} Resolves with the generated DID Document, along
+   *   with the corresponding key pairs used to generate it (for storage in a
+   *   KMS).
+   */
+  async generate ({ id, url, seed, keyMap, cryptoLd = this.cryptoLd } = {}) {
+    if (!id && !url) {
+      throw new TypeError('A "url" or an "id" parameter is required.')
+    }
+    if (seed && keyMap) {
+      throw new TypeError(
+        'Either a "seed" or a "keyMap" param must be provided, but not both.'
+      )
+    }
+
+    const did = id || didFromUrl({ url });
+
+    if (seed) {
+      const keyPair = await _keyPairFromSecretSeed({
+        seed, controller: did, cryptoLd
+      });
+      keyMap = { assertionMethod: keyPair };
+    } else {
+      keyMap = keyMap || this.keyMap;
+    }
+
+    // Compose the DID Document
+    let didDocument = {
+      '@context': [
+        didContext__default["default"].constants.DID_CONTEXT_URL,
+        ed25519Context__default["default"].constants.CONTEXT_URL,
+        x25519Context__default["default"].constants.CONTEXT_URL
+      ],
+      id: did
+    };
+
+    const result = await initKeys({ didDocument, cryptoLd, keyMap });
+    const keyPairs = result.keyPairs;
+    didDocument = result.didDocument;
+
+    // Convenience function that returns the public/private key pair instance
+    // for a given purpose (authentication, assertionMethod, keyAgreement, etc).
+    const methodFor = ({ purpose }) => {
+      const { id: methodId } = didIo__namespace.findVerificationMethod({
+        doc: didDocument, purpose
+      });
+      return keyPairs.get(methodId)
+    };
+
+    return { didDocument, keyPairs, methodFor }
+  }
+
+  /**
+   * Fetches a DID Document for a given DID.
+   *
+   * @example
+   * // In Node.js tests, use an agent to avoid self-signed certificate errors
+   * const agent = new https.agent({rejectUnauthorized: false});
+   *
+   * @param {string} [did] For example, 'did:web:example.com'
+   * @param {string} [url]
+   * @param {https.Agent} [agent] Optional agent used to customize network
+   *   behavior in Node.js (such as `rejectUnauthorized: false`).
+   * @param {object} [logger] Logger object (with .log, .error, .warn,
+   *   etc methods).
+   *
+   * @throws {Error}
+   *
+   * @returns {Promise<object>} Plain parsed JSON object of the DID Document.
+   */
+  async get ({ did, url, agent, logger = this.logger }) {
+    const didUrl = url || urlFromDid({ did });
+    if (!didUrl) {
+      throw new TypeError('A DID or a URL is required.')
+    }
+
+    const [urlAuthority, keyIdFragment] = didUrl.split('#');
+
+    let didDocument;
+    try {
+      logger.info(`Fetching "${urlAuthority}" via http client.`);
+      const result = await httpClient.httpClient.get(urlAuthority, { agent });
+      didDocument = result.data;
+    } catch (e) {
+      // status is HTTP status code
+      // data is JSON error from the server if available
+      const { data, status } = e;
+      logger.error(`Http ${status} error:`, data);
+      throw e
+    }
+    if (didDocument && keyIdFragment) {
+      // resolve an individual key
+      // Keys are expected to have format: <did:web:...>#<keyIdFragment>
+      const didAuthority = didFromUrl({ url: urlAuthority });
+      const methodId = `${didAuthority}#${keyIdFragment}`;
+
+      const key = didIo__namespace.findVerificationMethod({ doc: didDocument, methodId });
+      if (!key) {
+        throw new Error(`Key id ${methodId} not found.`)
+      }
+
+      const keyPair = await this.cryptoLd.from(key);
+
+      return keyPair.export({ publicKey: true, includeContext: true })
+    }
+
+    return didDocument
+  }
+
+  /**
+   * Returns the public key (verification method) object for a given DID
+   * Document and purpose. Useful in conjunction with a `.get()` call.
+   *
+   * @example
+   * const didDocument = await didKeyDriver.get({did});
+   * const authKeyData = didDriver.publicMethodFor({
+   *   didDocument, purpose: 'authentication'
+   * });
+   * // You can then create a suite instance object to verify signatures etc.
+   * const authPublicKey = await cryptoLd.from(authKeyData);
+   * const {verify} = authPublicKey.verifier();
+   *
+   * @param {object} options - Options hashmap.
+   * @param {object} options.didDocument - DID Document (retrieved via a
+   *   `.get()` or from some other source).
+   * @param {string} options.purpose - Verification method purpose, such as
+   *   'authentication', 'assertionMethod', 'keyAgreement' and so on.
+   *
+   * @returns {object} Returns the public key object (obtained from the DID
+   *   Document), without a `@context`.
+   */
+  publicMethodFor ({ didDocument, purpose } = {}) {
+    if (!didDocument) {
+      throw new TypeError('The "didDocument" parameter is required.')
+    }
+    if (!purpose) {
+      throw new TypeError('The "purpose" parameter is required.')
+    }
+
+    const method = didIo__namespace.findVerificationMethod({ doc: didDocument, purpose });
+    if (!method) {
+      throw new Error(`No verification method found for purpose "${purpose}"`)
+    }
+    return method
+  }
+}
+
+/**
+ * @param options {object}
+ * @param options.seed {string|Uint8Array}
+ * @param controller {string}
+ * @param cryptoLd {object}
+ *
+ * @return {Promise<LDKeyPair>}
+ */
+async function _keyPairFromSecretSeed ({ seed, controller, cryptoLd } = {}) {
+  let seedBytes;
+  if (typeof seed === 'string') {
+    // Currently only supports base58 multibase / identity multihash encoding.
+    if (!seed.startsWith('z1A')) {
+      throw new TypeError('"seed" parameter must be a multibase/multihash encoded string, or a Uint8Array.')
+    }
+    seedBytes = bnid.decodeSecretKeySeed({ secretKeySeed: seed });
+  } else {
+    seedBytes = new Uint8Array(seed);
+  }
+  return cryptoLd.generate({
+    controller, seed: seedBytes, type: 'Ed25519VerificationKey2020'
+  })
+}
+
+exports.DidWebResolver = DidWebResolver;
+exports.didFromUrl = didFromUrl;
+exports.initKeys = initKeys;
+exports.urlFromDid = urlFromDid;

package/dist/esm/index.js

@@ -0,0 +1,5 @@
+import cjsModule from '../index.js';
+export const driver = cjsModule.driver;
+export const DidWebResolver = cjsModule.DidWebResolver;
+export const didFromUrl = cjsModule.didFromUrl;
+export const urlFromDid = cjsModule.urlFromDid;

package/dist/esm/package.json

@@ -0,0 +1,3 @@
+{
+  "type": "module"
+}

package/dist/index.js

@@ -0,0 +1,14 @@
+'use strict';
+
+Object.defineProperty(exports, '__esModule', { value: true });
+
+var DidWebResolver = require('./DidWebResolver.js');
+
+const driver = options => {
+  return new DidWebResolver.DidWebResolver(options)
+};
+
+exports.DidWebResolver = DidWebResolver.DidWebResolver;
+exports.didFromUrl = DidWebResolver.didFromUrl;
+exports.urlFromDid = DidWebResolver.urlFromDid;
+exports.driver = driver;

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@interop/did-web-resolver",
   "description": "A did:web method Decentralized Identifier (DID) resolver for the did-io library.",
-  "version": "1.1.0",
+  "version": "2.2.0",
   "author": {
     "name": "Dmitri Zagidulin",
     "url": "https://github.com/dmitrizagidulin/"
@@ -14,34 +14,57 @@
   "homepage": "https://github.com/interop-alliance/did-web-driver",
   "bugs": "https://github.com/interop-alliance/did-web-driver/issues",
   "scripts": {
+    "rollup": "rollup -c rollup.config.js",
+    "build": "npm run clear && npm run rollup && ./build-dist.sh",
+    "clear": "rimraf dist/ && mkdir dist",
+    "prepare": "npm run build",
+    "rebuild": "npm run clear && npm run build",
     "test": "npm run standard && npm run test-node",
     "test-node": "cross-env NODE_ENV=test mocha -r esm --preserve-symlinks -t 10000 test/**/*.spec.js",
     "test-karma": "karma start test/karma.conf.js",
     "nyc": "cross-env NODE_ENV=test nyc npm run test-node",
     "standard": "standard --fix"
   },
+  "files": [
+    "dist",
+    "src",
+    "rollup.config.js",
+    "build-dist.sh",
+    "README.md",
+    "LICENSE"
+  ],
+  "main": "dist/index.js",
+  "module": "dist/esm/index.js",
+  "exports": {
+    ".": {
+      "require": "./dist/index.js",
+      "import": "./dist/esm/index.js"
+    },
+    "./package.json": "./package.json"
+  },
   "dependencies": {
-    "@digitalbazaar/did-io": "^1.0.0",
-    "@digitalbazaar/http-client": "^1.1.0",
-    "did-context": "^3.0.1",
+    "@digitalcredentials/bnid": "^2.1.1",
+    "@digitalcredentials/did-io": "^1.0.2",
+    "@digitalcredentials/http-client": "^1.2.2",
+    "did-context": "^3.1.1",
     "ed25519-signature-2020-context": "^1.1.0",
-    "esm": "^3.2.25",
     "x25519-key-agreement-2020-context": "^1.0.0"
   },
   "devDependencies": {
-    "@babel/core": "^7.13.16",
-    "@babel/plugin-transform-modules-commonjs": "^7.13.8",
-    "@babel/plugin-transform-runtime": "^7.13.15",
-    "@babel/preset-env": "^7.13.15",
-    "@babel/runtime": "^7.13.17",
-    "@digitalbazaar/ed25519-verification-key-2020": "^2.1.1",
-    "@digitalbazaar/x25519-key-agreement-key-2020": "^1.2.0",
-    "babel-loader": "^8.2.2",
+    "@babel/core": "^7.16.7",
+    "@babel/plugin-transform-modules-commonjs": "^7.16.7",
+    "@babel/plugin-transform-runtime": "^7.16.7",
+    "@babel/preset-env": "^7.16.7",
+    "@babel/runtime": "^7.16.7",
+    "@digitalcredentials/ed25519-verification-key-2020": "^3.2.2",
+    "@digitalcredentials/x25519-key-agreement-key-2020": "^2.0.2",
+    "babel-loader": "^8.2.3",
     "chai": "^4.3.4",
     "cross-env": "^7.0.3",
-    "crypto-ld": "^5.1.0",
+    "crypto-ld": "^6.0.0",
     "dirty-chai": "^2.0.1",
-    "karma": "^6.3.2",
+    "esm": "^3.2.25",
+    "karma": "^6.3.9",
     "karma-babel-preprocessor": "^8.0.1",
     "karma-chai": "^0.1.0",
     "karma-chrome-launcher": "^3.1.0",
@@ -49,13 +72,14 @@
     "karma-mocha-reporter": "^2.2.5",
     "karma-sourcemap-loader": "^0.3.8",
     "karma-webpack": "^5.0.0",
-    "mocha": "^8.3.2",
+    "mocha": "^8.4.0",
     "nyc": "^15.1.0",
-    "sinon": "^10.0.0",
-    "standard": "^16.0.3",
-    "webpack": "^5.35.1"
+    "rimraf": "^3.0.2",
+    "rollup": "^2.62.0",
+    "sinon": "^12.0.1",
+    "standard": "^16.0.4",
+    "webpack": "^5.65.0"
   },
-  "main": "src/main.js",
   "nyc": {
     "reporter": [
       "html",

package/rollup.config.js

@@ -0,0 +1,15 @@
+import pkg from './package.json'
+
+export default [
+  {
+    input: './src/index.js',
+    output: [
+      {
+        dir: 'dist',
+        format: 'cjs',
+        preserveModules: true
+      }
+    ],
+    external: Object.keys(pkg.dependencies).concat(['crypto', 'util'])
+  }
+]

package/src/DidWebResolver.js

@@ -1,8 +1,9 @@
-import { httpClient } from '@digitalbazaar/http-client'
-import * as didIo from '@digitalbazaar/did-io'
+import { httpClient } from '@digitalcredentials/http-client'
+import * as didIo from '@digitalcredentials/did-io'
 import ed25519Context from 'ed25519-signature-2020-context'
 import x25519Context from 'x25519-key-agreement-2020-context'
 import didContext from 'did-context'
+import { decodeSecretKeySeed } from '@digitalcredentials/bnid'
 
 const { VERIFICATION_RELATIONSHIPS } = didIo
 
@@ -49,25 +50,31 @@ export function urlFromDid ({ did } = {}) {
 
   const [didUrl, hashFragment] = did.split('#')
   // eslint-disable-next-line no-unused-vars
-  const [didResource, query] = didUrl.split('?')
+  // const [didResource, query] = didUrl.split('?')
 
   // eslint-disable-next-line no-unused-vars
-  const [_did, _web, host, ...pathFragments] = didResource.split(':')
+  const [_did, _web, urlNoProtocol] = didUrl.split(':')
 
-  let pathname = ''
-  if (pathFragments.length === 0) {
-    pathname = '/.well-known/did.json'
+  let parsedUrl
+  try {
+    // URI-decode the url (in case it contained a port number,
+    // for example, `did:web:localhost%3A8080`
+    parsedUrl = new URL('https://' + decodeURIComponent(urlNoProtocol))
+  } catch (error) {
+    throw new TypeError(`Cannot construct url from did: "${did}".`)
+  }
+
+  if (!parsedUrl.pathname || parsedUrl.pathname === '/') {
+    parsedUrl.pathname = '/.well-known/did.json'
   } else {
-    pathname = '/' + pathFragments.map(decodeURIComponent).join('/')
+    const pathFragments = parsedUrl.pathname.split('/')
+    parsedUrl.pathname = pathFragments.map(decodeURIComponent).join('/')
   }
 
-  const url = new URL(pathname, 'https://' + decodeURIComponent(host))
   if (hashFragment) {
-    url.hash = hashFragment
+    parsedUrl.hash = hashFragment
   }
-  // TODO: Not passing on the query part currently; reserved for DID URLs?
-
-  return url.toString()
+  return parsedUrl.toString()
 }
 
 /**
@@ -97,7 +104,7 @@ export function urlFromDid ({ did } = {}) {
  *   DID Document initialized with keys, as well as the map of the corresponding
  *   key pairs (by key id).
  */
-export async function initKeys ({ didDocument, cryptoLd, keyMap = {} } = {}) {
+export async function initKeys ({ didDocument, cryptoLd, keyMap } = {}) {
   const doc = { ...didDocument }
   if (!doc.id) {
     throw new TypeError(
@@ -161,7 +168,7 @@ export class DidWebResolver {
    * @param [id] {string} - A did:web DID. If absent, will be converted from url
    * @param [url] {string}
    *
-   * @param [keyMap=DEFAULT_KEY_MAP] {object} A hashmap of key types by purpose.
+   * @param [keyMap] {object} A hashmap of key types by purpose.
    *
    * @parma [cryptoLd] {object} CryptoLD instance with support for supported
    *   crypto suites installed.
@@ -171,9 +178,27 @@ export class DidWebResolver {
    *   with the corresponding key pairs used to generate it (for storage in a
    *   KMS).
    */
-  async generate ({ id, url, keyMap = this.keyMap, cryptoLd = this.cryptoLd } = {}) {
+  async generate ({ id, url, seed, keyMap, cryptoLd = this.cryptoLd } = {}) {
+    if (!id && !url) {
+      throw new TypeError('A "url" or an "id" parameter is required.')
+    }
+    if (seed && keyMap) {
+      throw new TypeError(
+        'Either a "seed" or a "keyMap" param must be provided, but not both.'
+      )
+    }
+
     const did = id || didFromUrl({ url })
 
+    if (seed) {
+      const keyPair = await _keyPairFromSecretSeed({
+        seed, controller: did, cryptoLd
+      })
+      keyMap = { assertionMethod: keyPair }
+    } else {
+      keyMap = keyMap || this.keyMap
+    }
+
     // Compose the DID Document
     let didDocument = {
       '@context': [
@@ -224,10 +249,13 @@ export class DidWebResolver {
       throw new TypeError('A DID or a URL is required.')
     }
 
-    let result
+    const [urlAuthority, keyIdFragment] = didUrl.split('#')
+
+    let didDocument
     try {
-      logger.info(`Fetching "${didUrl}" via http client.`)
-      result = await httpClient.get(didUrl, { agent })
+      logger.info(`Fetching "${urlAuthority}" via http client.`)
+      const result = await httpClient.get(urlAuthority, { agent })
+      didDocument = result.data
     } catch (e) {
       // status is HTTP status code
       // data is JSON error from the server if available
@@ -235,8 +263,23 @@ export class DidWebResolver {
       logger.error(`Http ${status} error:`, data)
       throw e
     }
+    if (didDocument && keyIdFragment) {
+      // resolve an individual key
+      // Keys are expected to have format: <did:web:...>#<keyIdFragment>
+      const didAuthority = didFromUrl({ url: urlAuthority })
+      const methodId = `${didAuthority}#${keyIdFragment}`
 
-    return result.data
+      const key = didIo.findVerificationMethod({ doc: didDocument, methodId })
+      if (!key) {
+        throw new Error(`Key id ${methodId} not found.`)
+      }
+
+      const keyPair = await this.cryptoLd.from(key)
+
+      return keyPair.export({ publicKey: true, includeContext: true })
+    }
+
+    return didDocument
   }
 
   /**
@@ -276,3 +319,27 @@ export class DidWebResolver {
     return method
   }
 }
+
+/**
+ * @param options {object}
+ * @param options.seed {string|Uint8Array}
+ * @param controller {string}
+ * @param cryptoLd {object}
+ *
+ * @return {Promise<LDKeyPair>}
+ */
+async function _keyPairFromSecretSeed ({ seed, controller, cryptoLd } = {}) {
+  let seedBytes
+  if (typeof seed === 'string') {
+    // Currently only supports base58 multibase / identity multihash encoding.
+    if (!seed.startsWith('z1A')) {
+      throw new TypeError('"seed" parameter must be a multibase/multihash encoded string, or a Uint8Array.')
+    }
+    seedBytes = decodeSecretKeySeed({ secretKeySeed: seed })
+  } else {
+    seedBytes = new Uint8Array(seed)
+  }
+  return cryptoLd.generate({
+    controller, seed: seedBytes, type: 'Ed25519VerificationKey2020'
+  })
+}

package/.github/workflows/main.yml

@@ -1,35 +0,0 @@
-name: Node.js CI
-
-on: [push]
-
-jobs:
-  test-node:
-    runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        node-version: [14.x]
-    steps:
-    - uses: actions/checkout@v2
-    - name: Use Node.js ${{ matrix.node-version }}
-      uses: actions/setup-node@v1
-      with:
-        node-version: ${{ matrix.node-version }}
-    - run: npm install
-    - name: Run test with Node.js ${{ matrix.node-version }}
-      run: npm run test-node
-      env:
-        CI: true
-  lint:
-    runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        node-version: [14.x]
-    steps:
-    - uses: actions/checkout@v2
-    - name: Use Node.js ${{ matrix.node-version }}
-      uses: actions/setup-node@v1
-      with:
-        node-version: ${{ matrix.node-version }}
-    - run: npm install
-    - name: Run Standard.js linter
-      run: npm run standard

package/.idea/codeStyles/Project.xml

@@ -1,38 +0,0 @@
-<component name="ProjectCodeStyleConfiguration">
-  <code_scheme name="Project" version="173">
-    <option name="RIGHT_MARGIN" value="80" />
-    <JSCodeStyleSettings version="0">
-      <option name="USE_SEMICOLON_AFTER_STATEMENT" value="false" />
-      <option name="FORCE_SEMICOLON_STYLE" value="true" />
-      <option name="SPACE_BEFORE_GENERATOR_MULT" value="true" />
-      <option name="USE_DOUBLE_QUOTES" value="false" />
-      <option name="FORCE_QUOTE_STYlE" value="true" />
-      <option name="SPACES_WITHIN_OBJECT_LITERAL_BRACES" value="true" />
-      <option name="SPACES_WITHIN_IMPORTS" value="true" />
-    </JSCodeStyleSettings>
-    <codeStyleSettings language="HTML">
-      <indentOptions>
-        <option name="INDENT_SIZE" value="2" />
-        <option name="CONTINUATION_INDENT_SIZE" value="2" />
-        <option name="TAB_SIZE" value="2" />
-      </indentOptions>
-    </codeStyleSettings>
-    <codeStyleSettings language="JavaScript">
-      <option name="KEEP_BLANK_LINES_IN_CODE" value="1" />
-      <option name="ALIGN_MULTILINE_PARAMETERS" value="false" />
-      <option name="ALIGN_MULTILINE_FOR" value="false" />
-      <option name="SPACE_BEFORE_METHOD_PARENTHESES" value="true" />
-      <option name="TERNARY_OPERATION_SIGNS_ON_NEXT_LINE" value="true" />
-      <option name="KEEP_SIMPLE_BLOCKS_IN_ONE_LINE" value="true" />
-      <option name="KEEP_SIMPLE_METHODS_IN_ONE_LINE" value="true" />
-      <indentOptions>
-        <option name="INDENT_SIZE" value="2" />
-        <option name="CONTINUATION_INDENT_SIZE" value="2" />
-        <option name="TAB_SIZE" value="2" />
-      </indentOptions>
-    </codeStyleSettings>
-    <codeStyleSettings language="Markdown">
-      <option name="SOFT_MARGINS" value="80" />
-    </codeStyleSettings>
-  </code_scheme>
-</component>

package/.idea/codeStyles/codeStyleConfig.xml

@@ -1,5 +0,0 @@
-<component name="ProjectCodeStyleConfiguration">
-  <state>
-    <option name="USE_PER_PROJECT_SETTINGS" value="true" />
-  </state>
-</component>

package/.idea/did-web-resolver.iml

@@ -1,12 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<module type="WEB_MODULE" version="4">
-  <component name="NewModuleRootManager">
-    <content url="file://$MODULE_DIR$">
-      <excludeFolder url="file://$MODULE_DIR$/temp" />
-      <excludeFolder url="file://$MODULE_DIR$/.tmp" />
-      <excludeFolder url="file://$MODULE_DIR$/tmp" />
-    </content>
-    <orderEntry type="inheritedJdk" />
-    <orderEntry type="sourceFolder" forTests="false" />
-  </component>
-</module>

package/.idea/inspectionProfiles/Project_Default.xml

@@ -1,6 +0,0 @@
-<component name="InspectionProjectProfileManager">
-  <profile version="1.0">
-    <option name="myName" value="Project Default" />
-    <inspection_tool class="Eslint" enabled="true" level="WARNING" enabled_by_default="true" />
-  </profile>
-</component>

package/.idea/jsLibraryMappings.xml

@@ -1,6 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project version="4">
-  <component name="JavaScriptLibraryMappings">
-    <includedPredefinedLibrary name="Node.js Core" />
-  </component>
-</project>

package/.idea/modules.xml

@@ -1,8 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project version="4">
-  <component name="ProjectModuleManager">
-    <modules>
-      <module fileurl="file://$PROJECT_DIR$/.idea/did-web-resolver.iml" filepath="$PROJECT_DIR$/.idea/did-web-resolver.iml" />
-    </modules>
-  </component>
-</project>

package/.idea/vcs.xml

@@ -1,6 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project version="4">
-  <component name="VcsDirectoryMappings">
-    <mapping directory="$PROJECT_DIR$" vcs="Git" />
-  </component>
-</project>

package/.travis.yml

@@ -1,10 +0,0 @@
-language: node_js
-node_js:
-  - "12"
-
-sudo: false
-
-notifications:
-  email:
-    on_success: change
-    on_failure: change

package/CHANGELOG.md

@@ -1,29 +0,0 @@
-# did-web-driver ChangeLog
-
-## 1.1.0 - 2021-04-25
-
-### Added
-- Add `didWebDriver.publicMethodFor()`.
-
-## 1.0.1 - 2021-04-25
-
-### Fixed
-- Fix handling of hash fragments by `urlFromDid()`.
-- Add logger to constructor.
-
-## 1.0.0 - 2021-04-24
-
-### Changed
-- **BREAKING** Update to latest DID Core context
-- **BREAKING** Update to use crypto-ld v5 API, latest crypto suites
-- Add support for X25519KeyAgreementKey suite
-
-## 0.2.0 - 2020-08-01
-
-### Changed
-- **BREAKING**: Update to use crypto-ld v4 API
-
-## 0.0.1
-
-### Added
-- Initial implementation.

package/src/main.js

@@ -1,3 +0,0 @@
-// translate `index.js` to CommonJS
-require = require('esm')(module) // eslint-disable-line no-native-reassign, no-global-assign
-module.exports = require('./index.js')

package/test/karma.conf.js

@@ -1,40 +0,0 @@
-module.exports = (config) => {
-  const bundler = process.env.BUNDLER || 'webpack'
-  const frameworks = ['mocha']
-  const files = ['**/*.spec.js']
-  const reporters = ['mocha']
-  const browsers = ['ChromeHeadless']
-  const client = {
-    mocha: {
-      timeout: 2000
-    }
-  }
-  // main bundle preprocessors
-  const preprocessors = []
-  preprocessors.push(bundler)
-  preprocessors.push('sourcemap')
-
-  return config.set({
-    frameworks,
-    files,
-    reporters,
-    basePath: '',
-    port: 9876,
-    colors: true,
-    browsers,
-    client,
-    singleRun: true,
-    preprocessors: {
-      'unit/*.js': preprocessors
-    },
-    webpack: {
-      devtool: 'inline-source-map',
-      mode: 'development',
-      node: {
-        Buffer: false,
-        crypto: false,
-        setImmediate: false
-      }
-    }
-  })
-}

package/test/unit/DidWebResolver.spec.js

@@ -1,189 +0,0 @@
-import chai from 'chai'
-import dirtyChai from 'dirty-chai'
-
-import { DidWebResolver, urlFromDid, didFromUrl } from '../../src'
-
-import { Ed25519VerificationKey2020 }
-  from '@digitalbazaar/ed25519-verification-key-2020'
-import { X25519KeyAgreementKey2020 }
-  from '@digitalbazaar/x25519-key-agreement-key-2020'
-import { CryptoLD } from 'crypto-ld'
-chai.use(dirtyChai)
-chai.should()
-const { expect } = chai
-
-const cryptoLd = new CryptoLD()
-cryptoLd.use(Ed25519VerificationKey2020)
-cryptoLd.use(X25519KeyAgreementKey2020)
-
-describe('DidWebDriver', () => {
-  describe('constructor', () => {
-    it('should exist', () => {
-      expect(new DidWebResolver()).to.exist()
-    })
-  })
-
-  describe('publicMethodFor()', () => {
-    it('should fetch a public key object for a given purpose', async () => {
-      const didWeb = new DidWebResolver({ cryptoLd })
-      const url = 'https://example.com'
-      const { didDocument } = await didWeb.generate({ url })
-
-      const keyAgreementKey = didWeb.publicMethodFor({
-        didDocument, purpose: 'keyAgreement'
-      })
-
-      expect(keyAgreementKey.type).to.equal('X25519KeyAgreementKey2020')
-    })
-  })
-
-  describe('generate()', () => {
-    let didWeb
-
-    beforeEach(async () => {
-      didWeb = new DidWebResolver({ cryptoLd })
-    })
-
-    it('should generate using default key map', async () => {
-      const url = 'https://example.com'
-      const { didDocument, keyPairs } = await didWeb.generate({ url })
-
-      expect(didDocument).to.have.property('@context')
-      expect(didDocument.id).to.equal('did:web:example.com')
-      expect(didDocument.capabilityInvocation[0].type)
-        .to.equal('Ed25519VerificationKey2020')
-      expect(didDocument.authentication[0].type)
-        .to.equal('Ed25519VerificationKey2020')
-      expect(didDocument.assertionMethod[0].type)
-        .to.equal('Ed25519VerificationKey2020')
-      expect(didDocument.capabilityDelegation[0].type)
-        .to.equal('Ed25519VerificationKey2020')
-
-      expect(keyPairs).to.exist()
-    })
-
-    it('should return methodFor convenience function', async () => {
-      const url = 'https://example.com'
-      const { methodFor } = await didWeb.generate({ url })
-
-      const keyAgreementKey = methodFor({ purpose: 'keyAgreement' })
-
-      expect(keyAgreementKey).to.have.property('type', 'X25519KeyAgreementKey2020')
-      expect(keyAgreementKey).to.have.property('controller', 'did:web:example.com')
-      expect(keyAgreementKey).to.have.property('publicKeyMultibase')
-      expect(keyAgreementKey).to.have.property('privateKeyMultibase')
-    })
-  })
-
-  describe('urlFromDid()', () => {
-    it('should error on missing did', () => {
-      let error
-      try {
-        urlFromDid()
-      } catch (e) {
-        error = e
-      }
-      expect(error.message).to.equal('Cannot convert did to url, missing did.')
-    })
-
-    it('should error on non-did:web dids', () => {
-      let error
-      try {
-        urlFromDid({ did: 'did:example:1234' })
-      } catch (e) {
-        error = e
-      }
-      expect(error.message)
-        .to.equal('DID Method not supported: "did:example:1234".')
-    })
-
-    it('should convert first id fragment to pathname plus default path', () => {
-      expect(urlFromDid({ did: 'did:web:example.com' }))
-        .to.equal('https://example.com/.well-known/did.json')
-    })
-
-    it('should url-decode host', () => {
-      expect(urlFromDid({ did: 'did:web:localhost%3A8080' }))
-        .to.equal('https://localhost:8080/.well-known/did.json')
-    })
-
-    it('should url-decode path fragments', () => {
-      expect(urlFromDid({ did: 'did:web:example.com:path:some%2Bsubpath' }))
-        .to.equal('https://example.com/path/some+subpath')
-    })
-
-    it('should preserve hash fragments for dids without paths', () => {
-      const url = urlFromDid({ did: 'did:web:localhost%3A8080#keyId' })
-      expect(url).to.equal('https://localhost:8080/.well-known/did.json#keyId')
-    })
-
-    it('should preserve hash fragments for dids with paths', () => {
-      const url = urlFromDid({ did: 'did:web:example.com:path:some%2Bsubpath#keyId' })
-      expect(url).to.equal('https://example.com/path/some+subpath#keyId')
-    })
-  })
-
-  describe('didFromUrl', () => {
-    it('should error on missing url', () => {
-      let error
-      try {
-        didFromUrl()
-      } catch (e) {
-        error = e
-      }
-      expect(error.message).to.equal('Cannot convert url to did, missing url.')
-    })
-
-    it('should error on http URLs', () => {
-      let error
-      try {
-        didFromUrl({ url: 'http://example.com' })
-      } catch (e) {
-        error = e
-      }
-      expect(error.message).to.equal('did:web does not support non-HTTPS URLs.')
-    })
-
-    it('should error on invalid URLs', () => {
-      let error
-      try {
-        didFromUrl({ url: 'non-url' })
-      } catch (e) {
-        error = e
-      }
-      expect(error.message).to.equal('Invalid url: "non-url".')
-    })
-
-    it('should convert host to did identifier', () => {
-      expect(didFromUrl({ url: 'https://localhost' }))
-        .to.equal('did:web:localhost')
-      expect(didFromUrl({ url: 'https://example.com' }))
-        .to.equal('did:web:example.com')
-    })
-
-    it('should url-encode host', () => {
-      expect(didFromUrl({ url: 'https://localhost:8080' }))
-        .to.equal('did:web:localhost%3A8080')
-    })
-
-    it('should leave off the default / path', () => {
-      expect(didFromUrl({ url: 'https://example.com/' }))
-        .to.equal('did:web:example.com')
-    })
-
-    it('should encode path / separators as :', () => {
-      expect(didFromUrl({ url: 'https://example.com/path/subpath/did.json' }))
-        .to.equal('did:web:example.com:path:subpath:did.json')
-    })
-
-    it('should drop the default /.well-known/did.json pathname', () => {
-      expect(didFromUrl({ url: 'https://example.com/.well-known/did.json' }))
-        .to.equal('did:web:example.com')
-    })
-
-    it('should url-encode path fragments', () => {
-      expect(didFromUrl({ url: 'https://example.com/path/some+subpath' }))
-        .to.equal('did:web:example.com:path:some%2Bsubpath')
-    })
-  })
-})