commit 4e2063bce0acfae87b6060a1116bb6474a691255 · edouard.paris/did-method-plc

+17 -5

packages/lib/src/document.ts

···

       12
        
         const verificationMethods: VerificationMethod[] = []

     

       13
        
         for (const [keyid, key] of Object.entries(data.verificationMethods)) {

     

       14
        
           const info = formatKeyAndContext(key)

     

       15
       -
           if (!context.includes(info.context)) {

     

       16
        
             context.push(info.context)

     

       17
        
           }

     

       18
        
           verificationMethods.push({

     
···

       55
        
       }

     

       56
        
       

     

       57
        
       type KeyAndContext = {

     

       58
       -
         context: string

     

       59
        
         type: string

     

       60
       -
         publicKeyMultibase

     

       61
        
       }

     

       62
        
       

     

       63
        
       const formatKeyAndContext = (key: string): KeyAndContext => {

     
···

       65
        
         try {

     

       66
        
           keyInfo = crypto.parseDidKey(key)

     

       67
        
         } catch (err) {

     

       68
       -
           throw new UnsupportedKeyError(key, err)

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       69
        
         }

     

       70
        
         const { jwtAlg } = keyInfo

     

       71
        
       

     
···

       82
        
             publicKeyMultibase: key.replace(/^(did:key:)/, ''),

     

       83
        
           }

     

       84
        
         }

     

       85
       -
         throw new UnsupportedKeyError(key, `Unsupported key type: ${jwtAlg}`)

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       86
        
       }

···

       12
        
         const verificationMethods: VerificationMethod[] = []

     

       13
        
         for (const [keyid, key] of Object.entries(data.verificationMethods)) {

     

       14
        
           const info = formatKeyAndContext(key)

     

       15
       +
           if (info.context && !context.includes(info.context)) {

     

       16
        
             context.push(info.context)

     

       17
        
           }

     

       18
        
           verificationMethods.push({

     
···

       55
        
       }

     

       56
        
       

     

       57
        
       type KeyAndContext = {

     

       58
       +
         context?: string

     

       59
        
         type: string

     

       60
       +
         publicKeyMultibase: string

     

       61
        
       }

     

       62
        
       

     

       63
        
       const formatKeyAndContext = (key: string): KeyAndContext => {

     
···

       65
        
         try {

     

       66
        
           keyInfo = crypto.parseDidKey(key)

     

       67
        
         } catch (err) {

     

       68
       +
           return {

     

       69
       +
             // we can't specify a context for a key type we don't recognize

     

       70
       +
             type: 'Multikey',

     

       71
       +
             publicKeyMultibase: key.replace(/^(did:key:)/, ''),

     

       72
       +
           }

     

       73
        
         }

     

       74
        
         const { jwtAlg } = keyInfo

     

       75
        
       

     
···

       86
        
             publicKeyMultibase: key.replace(/^(did:key:)/, ''),

     

       87
        
           }

     

       88
        
         }

     

       89
       +
       

     

       90
       +
         // this codepath might seem unreachable/redundant, but it's possible

     

       91
       +
         // parseDidKey() supports more key formats in future, before this function

     

       92
       +
         // can be updated likewise

     

       93
       +
         return {

     

       94
       +
           // we can't specify a context for a key type we don't recognize

     

       95
       +
           type: 'Multikey',

     

       96
       +
           publicKeyMultibase: key.replace(/^(did:key:)/, ''),

     

       97
       +
         }

     

       98
        
       }

+23 -2

packages/server/src/constraints.ts

···

       1
        
       import { DAY, HOUR, cborEncode } from '@atproto/common'

     

       2
        
       import * as plc from '@did-plc/lib'

     

       3
        
       import { ServerError } from './error'

     

       4
       -
       import { parseDidKey } from '@atproto/crypto'

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       5
        
       

     

       6
        
       const MAX_OP_BYTES = 4000

     

       7
        
       const MAX_AKA_ENTRIES = 10

     
···

       10
        
       const MAX_SERVICE_ENTRIES = 10

     

       11
        
       const MAX_SERVICE_TYPE_LENGTH = 256

     

       12
        
       const MAX_SERVICE_ENDPOINT_LENGTH = 512

     

       0
        
       
     

       13
        
       const MAX_ID_LENGTH = 32

     

       0
        
       
     

       14
        
       

     

       15
        
       export function validateIncomingOp(input: unknown): plc.OpOrTombstone {

     

       16
        
         const byteLength = cborEncode(input).byteLength

     
···

       104
        
           }

     

       105
        
         }

     

       106
        
         const verifyMethods = Object.entries(op.verificationMethods)

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       107
        
         for (const [id, key] of verifyMethods) {

     

       108
        
           if (id.length > MAX_ID_LENGTH) {

     

       109
        
             throw new ServerError(

     
···

       111
        
               `Verification Method id too long (max ${MAX_ID_LENGTH}): ${id}`,

     

       112
        
             )

     

       113
        
           }

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       114
        
           try {

     

       115
       -
             parseDidKey(key)

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       116
        
           } catch (err) {

     

       117
        
             throw new ServerError(400, `Invalid verificationMethod key: ${key}`)

     

       118
        
           }

···

       1
        
       import { DAY, HOUR, cborEncode } from '@atproto/common'

     

       2
        
       import * as plc from '@did-plc/lib'

     

       3
        
       import { ServerError } from './error'

     

       4
       +
       import {

     

       5
       +
         extractPrefixedBytes,

     

       6
       +
         extractMultikey,

     

       7
       +
         parseDidKey,

     

       8
       +
       } from '@atproto/crypto'

     

       9
        
       

     

       10
        
       const MAX_OP_BYTES = 4000

     

       11
        
       const MAX_AKA_ENTRIES = 10

     
···

       14
        
       const MAX_SERVICE_ENTRIES = 10

     

       15
        
       const MAX_SERVICE_TYPE_LENGTH = 256

     

       16
        
       const MAX_SERVICE_ENDPOINT_LENGTH = 512

     

       17
       +
       const MAX_VERIFICATION_METHOD_ENTRIES = 10

     

       18
        
       const MAX_ID_LENGTH = 32

     

       19
       +
       const MAX_DID_KEY_LENGTH = 256 // k256 = 57, BLS12-381 = 143

     

       20
        
       

     

       21
        
       export function validateIncomingOp(input: unknown): plc.OpOrTombstone {

     

       22
        
         const byteLength = cborEncode(input).byteLength

     
···

       110
        
           }

     

       111
        
         }

     

       112
        
         const verifyMethods = Object.entries(op.verificationMethods)

     

       113
       +
         if (verifyMethods.length > MAX_VERIFICATION_METHOD_ENTRIES) {

     

       114
       +
           throw new ServerError(

     

       115
       +
             400,

     

       116
       +
             `Too many Verification Method entries (max ${MAX_VERIFICATION_METHOD_ENTRIES})`,

     

       117
       +
           )

     

       118
       +
         }

     

       119
        
         for (const [id, key] of verifyMethods) {

     

       120
        
           if (id.length > MAX_ID_LENGTH) {

     

       121
        
             throw new ServerError(

     
···

       123
        
               `Verification Method id too long (max ${MAX_ID_LENGTH}): ${id}`,

     

       124
        
             )

     

       125
        
           }

     

       126
       +
           if (key.length > MAX_DID_KEY_LENGTH) {

     

       127
       +
             throw new ServerError(

     

       128
       +
               400,

     

       129
       +
               `Verification Method key too long (max ${MAX_DID_KEY_LENGTH}): ${key}`,

     

       130
       +
             )

     

       131
       +
           }

     

       132
        
           try {

     

       133
       +
             // perform only minimal did:key syntax checking, with no restrictions on

     

       134
       +
             // key types

     

       135
       +
             const multikey = extractMultikey(key) // enforces did:key: prefix

     

       136
       +
             extractPrefixedBytes(multikey) // enforces base58-btc encoding

     

       137
        
           } catch (err) {

     

       138
        
             throw new ServerError(400, `Invalid verificationMethod key: ${key}`)

     

       139
        
           }

+109 -39

packages/server/tests/server.test.ts

···

       6
        
       import { didForCreateOp, PlcClientError } from '@did-plc/lib'

     

       7
        
       

     

       8
        
       describe('PLC server', () => {

     

       9
       -
         let handle = 'at://alice.example.com'

     

       0
        
       
     

       10
        
         let atpPds = 'https://example.com'

     

       11
        
       

     

       12
        
         let close: CloseFn

     
···

       16
        
         let signingKey: P256Keypair

     

       17
        
         let rotationKey1: P256Keypair

     

       18
        
         let rotationKey2: P256Keypair

     

       0
        
       
     

       19
        
       

     

       20
       -
         let did: string

     

       0
        
       
     

       21
        
       

     

       22
        
         beforeAll(async () => {

     

       23
        
           const server = await runTestServer({

     
···

       30
        
           signingKey = await P256Keypair.create()

     

       31
        
           rotationKey1 = await P256Keypair.create()

     

       32
        
           rotationKey2 = await P256Keypair.create()

     

       0
        
       
     

       33
        
         })

     

       34
        
       

     

       35
        
         afterAll(async () => {

     
···

       42
        
           if (!doc) {

     

       43
        
             throw new Error('expected doc')

     

       44
        
           }

     

       45
       -
           expect(doc.did).toEqual(did)

     

       46
        
           expect(doc.verificationMethods).toEqual({ atproto: signingKey.did() })

     

       47
        
           expect(doc.rotationKeys).toEqual([rotationKey1.did(), rotationKey2.did()])

     

       48
       -
           expect(doc.alsoKnownAs).toEqual([handle])

     

       49
        
           expect(doc.services).toEqual({

     

       50
        
             atproto_pds: {

     

       51
        
               type: 'AtprotoPersonalDataServer',

     
···

       55
        
         }

     

       56
        
       

     

       57
        
         it('registers a did', async () => {

     

       58
       -
           did = await client.createDid({

     

       59
        
             signingKey: signingKey.did(),

     

       60
        
             rotationKeys: [rotationKey1.did(), rotationKey2.did()],

     

       61
       -
             handle,

     

       62
        
             pds: atpPds,

     

       63
        
             signer: rotationKey1,

     

       64
        
           })

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       65
        
         })

     

       66
        
       

     

       67
        
         it('retrieves did doc data', async () => {

     

       68
       -
           const doc = await client.getDocumentData(did)

     

       69
        
           verifyDoc(doc)

     

       70
        
         })

     

       71
        
       

     

       72
        
         it('can perform some updates', async () => {

     

       73
        
           const newRotationKey = await P256Keypair.create()

     

       74
        
           signingKey = await P256Keypair.create()

     

       75
       -
           handle = 'at://ali.example2.com'

     

       76
        
           atpPds = 'https://example2.com'

     

       77
        
       

     

       78
       -
           await client.updateAtprotoKey(did, rotationKey1, signingKey.did())

     

       79
       -
           await client.updateRotationKeys(did, rotationKey1, [

     

       80
        
             newRotationKey.did(),

     

       81
        
             rotationKey2.did(),

     

       82
        
           ])

     

       83
        
           rotationKey1 = newRotationKey

     

       84
        
       

     

       85
       -
           await client.updateHandle(did, rotationKey1, handle)

     

       86
       -
           await client.updatePds(did, rotationKey1, atpPds)

     

       87
        
       

     

       88
       -
           const doc = await client.getDocumentData(did)

     

       89
        
           verifyDoc(doc)

     

       90
        
         })

     

       91
        
       

     

       92
       -
         it('does not allow key types that we do not support', async () => {

     

       93
       -
           // an ed25519 key which we don't yet support

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       94
        
           const newSigningKey =

     

       95
        
             'did:key:z6MkjwbBXZnFqL8su24wGL2Fdjti6GSLv9SWdYGswfazUPm9'

     

       96
        
       

     

       97
       -
           const promise = client.updateAtprotoKey(did, rotationKey1, newSigningKey)

     

       98
       -
           await expect(promise).rejects.toThrow(PlcClientError)

     

       0
        
       
     

       99
        
       

     

       100
       -
           const promise2 = client.updateRotationKeys(did, rotationKey1, [

     

       101
       -
             newSigningKey,

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       102
        
           ])

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       103
        
           await expect(promise2).rejects.toThrow(PlcClientError)

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       104
        
         })

     

       105
        
       

     

       106
        
         it('retrieves the operation log', async () => {

     

       107
       -
           const doc = await client.getDocumentData(did)

     

       108
       -
           const ops = await client.getOperationLog(did)

     

       109
       -
           const computedDoc = await plc.validateOperationLog(did, ops)

     

       110
        
           expect(computedDoc).toEqual(doc)

     

       111
        
         })

     

       112
        
       

     

       113
        
         it('rejects on bad updates', async () => {

     

       114
        
           const newKey = await P256Keypair.create()

     

       115
       -
           const operation = client.updateAtprotoKey(did, newKey, newKey.did())

     

       116
        
           await expect(operation).rejects.toThrow()

     

       117
        
         })

     

       118
        
       

     

       119
        
         it('allows for recovery through a forked history', async () => {

     

       120
        
           const attackerKey = await P256Keypair.create()

     

       121
       -
           await client.updateRotationKeys(did, rotationKey2, [attackerKey.did()])

     

       122
        
       

     

       123
        
           const newKey = await P256Keypair.create()

     

       124
       -
           const ops = await client.getOperationLog(did)

     

       125
        
           const forkPoint = ops.at(-2)

     

       126
        
           if (!check.is(forkPoint, plc.def.operation)) {

     

       127
        
             throw new Error('Could not find fork point')

     
···

       130
        
             rotationKey1.did(),

     

       131
        
             newKey.did(),

     

       132
        
           ])

     

       133
       -
           await client.sendOperation(did, op)

     

       134
        
       

     

       135
        
           rotationKey2 = newKey

     

       136
        
       

     

       137
       -
           const doc = await client.getDocumentData(did)

     

       138
        
           verifyDoc(doc)

     

       139
        
         })

     

       140
        
       

     

       141
        
         it('retrieves the auditable operation log', async () => {

     

       142
       -
           const log = await client.getOperationLog(did)

     

       143
       -
           const auditable = await client.getAuditableLog(did)

     

       144
        
           // has one nullifed op

     

       145
        
           expect(auditable.length).toBe(log.length + 1)

     

       146
        
           expect(auditable.filter((op) => op.nullified).length).toBe(1)

     
···

       151
        
         })

     

       152
        
       

     

       153
        
         it('retrieves the did doc', async () => {

     

       154
       -
           const data = await client.getDocumentData(did)

     

       155
       -
           const doc = await client.getDocument(did)

     

       156
        
           expect(doc).toEqual(plc.formatDidDoc(data))

     

       157
        
         })

     

       158
        
       

     
···

       188
        
           await Promise.all(

     

       189
        
             keys.map(async (key) => {

     

       190
        
               try {

     

       191
       -
                 await client.updateAtprotoKey(did, rotationKey1, key.did())

     

       192
        
                 successes++

     

       193
        
               } catch (err) {

     

       194
        
                 failures++

     
···

       198
        
           expect(successes).toBe(1)

     

       199
        
           expect(failures).toBe(19)

     

       200
        
       

     

       201
       -
           const ops = await client.getOperationLog(did)

     

       202
       -
           await plc.validateOperationLog(did, ops)

     

       203
        
         })

     

       204
        
       

     

       205
        
         it('tombstones the did', async () => {

     

       206
       -
           await client.tombstone(did, rotationKey1)

     

       207
        
       

     

       208
       -
           const promise = client.getDocument(did)

     

       209
        
           await expect(promise).rejects.toThrow(PlcClientError)

     

       210
       -
           const promise2 = client.getDocumentData(did)

     

       211
        
           await expect(promise2).rejects.toThrow(PlcClientError)

     

       212
        
         })

     

       213
        
       

     

       214
        
         it('exports the data set', async () => {

     

       215
        
           const data = await client.export()

     

       216
        
           expect(data.every((row) => check.is(row, plc.def.exportedOp))).toBeTruthy()

     

       217
       -
           expect(data.length).toBe(29)

     

       218
        
           for (let i = 1; i < data.length; i++) {

     

       219
        
             expect(data[i].createdAt >= data[i - 1].createdAt).toBeTruthy()

     

       220
        
           }

     
···

       226
        
               type: 'create',

     

       227
        
               signingKey: signingKey.did(),

     

       228
        
               recoveryKey: rotationKey1.did(),

     

       229
       -
               handle,

     

       230
        
               service: atpPds,

     

       231
        
               prev: null,

     

       232
        
             },

···

       6
        
       import { didForCreateOp, PlcClientError } from '@did-plc/lib'

     

       7
        
       

     

       8
        
       describe('PLC server', () => {

     

       9
       +
         let handle1 = 'at://alice.example.com'

     

       10
       +
         let handle2 = 'at://bob.example.com'

     

       11
        
         let atpPds = 'https://example.com'

     

       12
        
       

     

       13
        
         let close: CloseFn

     
···

       17
        
         let signingKey: P256Keypair

     

       18
        
         let rotationKey1: P256Keypair

     

       19
        
         let rotationKey2: P256Keypair

     

       20
       +
         let rotationKey3: P256Keypair

     

       21
        
       

     

       22
       +
         let did1: string

     

       23
       +
         let did2: string

     

       24
        
       

     

       25
        
         beforeAll(async () => {

     

       26
        
           const server = await runTestServer({

     
···

       33
        
           signingKey = await P256Keypair.create()

     

       34
        
           rotationKey1 = await P256Keypair.create()

     

       35
        
           rotationKey2 = await P256Keypair.create()

     

       36
       +
           rotationKey3 = await P256Keypair.create()

     

       37
        
         })

     

       38
        
       

     

       39
        
         afterAll(async () => {

     
···

       46
        
           if (!doc) {

     

       47
        
             throw new Error('expected doc')

     

       48
        
           }

     

       49
       +
           expect(doc.did).toEqual(did1)

     

       50
        
           expect(doc.verificationMethods).toEqual({ atproto: signingKey.did() })

     

       51
        
           expect(doc.rotationKeys).toEqual([rotationKey1.did(), rotationKey2.did()])

     

       52
       +
           expect(doc.alsoKnownAs).toEqual([handle1])

     

       53
        
           expect(doc.services).toEqual({

     

       54
        
             atproto_pds: {

     

       55
        
               type: 'AtprotoPersonalDataServer',

     
···

       59
        
         }

     

       60
        
       

     

       61
        
         it('registers a did', async () => {

     

       62
       +
           did1 = await client.createDid({

     

       63
        
             signingKey: signingKey.did(),

     

       64
        
             rotationKeys: [rotationKey1.did(), rotationKey2.did()],

     

       65
       +
             handle: handle1,

     

       66
        
             pds: atpPds,

     

       67
        
             signer: rotationKey1,

     

       68
        
           })

     

       69
       +
       

     

       70
       +
           did2 = await client.createDid({

     

       71
       +
             signingKey: signingKey.did(),

     

       72
       +
             rotationKeys: [rotationKey3.did()],

     

       73
       +
             handle: handle2,

     

       74
       +
             pds: atpPds,

     

       75
       +
             signer: rotationKey3,

     

       76
       +
           })

     

       77
        
         })

     

       78
        
       

     

       79
        
         it('retrieves did doc data', async () => {

     

       80
       +
           const doc = await client.getDocumentData(did1)

     

       81
        
           verifyDoc(doc)

     

       82
        
         })

     

       83
        
       

     

       84
        
         it('can perform some updates', async () => {

     

       85
        
           const newRotationKey = await P256Keypair.create()

     

       86
        
           signingKey = await P256Keypair.create()

     

       87
       +
           handle1 = 'at://ali.example2.com'

     

       88
        
           atpPds = 'https://example2.com'

     

       89
        
       

     

       90
       +
           await client.updateAtprotoKey(did1, rotationKey1, signingKey.did())

     

       91
       +
           await client.updateRotationKeys(did1, rotationKey1, [

     

       92
        
             newRotationKey.did(),

     

       93
        
             rotationKey2.did(),

     

       94
        
           ])

     

       95
        
           rotationKey1 = newRotationKey

     

       96
        
       

     

       97
       +
           await client.updateHandle(did1, rotationKey1, handle1)

     

       98
       +
           await client.updatePds(did1, rotationKey1, atpPds)

     

       99
        
       

     

       100
       +
           const doc = await client.getDocumentData(did1)

     

       101
        
           verifyDoc(doc)

     

       102
        
         })

     

       103
        
       

     

       104
       +
         it('does not allow *rotation* key types that we do not yet support', async () => {

     

       105
       +
           // an ed25519 key, which we don't yet support

     

       106
       +
           const newRotationKey =

     

       107
       +
             'did:key:z6MkjwbBXZnFqL8su24wGL2Fdjti6GSLv9SWdYGswfazUPm9'

     

       108
       +
       

     

       109
       +
           const promise = client.updateRotationKeys(did2, rotationKey3, [

     

       110
       +
             rotationKey2.did(),

     

       111
       +
             newRotationKey,

     

       112
       +
           ])

     

       113
       +
           await expect(promise).rejects.toThrow(PlcClientError)

     

       114
       +
         })

     

       115
       +
       

     

       116
       +
         it('allows *verificationMethod* key types that we do not explicitly support', async () => {

     

       117
       +
           // an ed25519 key, which we don't explicitly support

     

       118
        
           const newSigningKey =

     

       119
        
             'did:key:z6MkjwbBXZnFqL8su24wGL2Fdjti6GSLv9SWdYGswfazUPm9'

     

       120
        
       

     

       121
       +
           // Note: atproto itself does not currently support ed25519 keys, but PLC

     

       122
       +
           // does not have opinions about atproto (or other services!)

     

       123
       +
           await client.updateAtprotoKey(did2, rotationKey3, newSigningKey)

     

       124
        
       

     

       125
       +
           // a BLS12-381 key

     

       126
       +
           const exoticSigningKeyFromTheFuture =

     

       127
       +
             'did:key:zUC7K4ndUaGZgV7Cp2yJy6JtMoUHY6u7tkcSYUvPrEidqBmLCTLmi6d5WvwnUqejscAkERJ3bfjEiSYtdPkRSE8kSa11hFBr4sTgnbZ95SJj19PN2jdvJjyzpSZgxkyyxNnBNnY'

     

       128
       +
           await client.updateAtprotoKey(

     

       129
       +
             did2,

     

       130
       +
             rotationKey3,

     

       131
       +
             exoticSigningKeyFromTheFuture,

     

       132
       +
           )

     

       133
       +
       

     

       134
       +
           // check that we can still read back the rendered did document

     

       135
       +
           const doc = await client.getDocument(did2)

     

       136
       +
           expect(doc.verificationMethod).toEqual([

     

       137
       +
             {

     

       138
       +
               id: did2 + '#atproto',

     

       139
       +
               type: 'Multikey',

     

       140
       +
               controller: did2,

     

       141
       +
               publicKeyMultibase: exoticSigningKeyFromTheFuture.slice(8),

     

       142
       +
             },

     

       143
        
           ])

     

       144
       +
         })

     

       145
       +
       

     

       146
       +
         it('does not allow syntactically invalid verificationMethod keys', async () => {

     

       147
       +
           const promise1 = client.updateAtprotoKey(

     

       148
       +
             did2,

     

       149
       +
             rotationKey3,

     

       150
       +
             'did:key:BJV2WY5DJMJQXGZJANFZSAYLXMVZW63LFEEQFY3ZP', // not b58 (b32!)

     

       151
       +
           )

     

       152
       +
           await expect(promise1).rejects.toThrow(PlcClientError)

     

       153
       +
           const promise2 = client.updateAtprotoKey(

     

       154
       +
             did2,

     

       155
       +
             rotationKey3,

     

       156
       +
             'did:banana', // a malformed did:key

     

       157
       +
           )

     

       158
        
           await expect(promise2).rejects.toThrow(PlcClientError)

     

       159
       +
           const promise3 = client.updateAtprotoKey(

     

       160
       +
             did2,

     

       161
       +
             rotationKey3,

     

       162
       +
             'blah', // an even more malformed did:key

     

       163
       +
           )

     

       164
       +
           await expect(promise3).rejects.toThrow(PlcClientError)

     

       165
       +
         })

     

       166
       +
       

     

       167
       +
         it('does not allow unreasonably long verificationMethod keys', async () => {

     

       168
       +
           const promise = client.updateAtprotoKey(

     

       169
       +
             did2,

     

       170
       +
             rotationKey3,

     

       171
       +
             'did:key:z41vu8qtWtp8XRJ9Te5QhkyzU9ByBbiw7bZHKXDjZ8iYorixqZQmEZpxgVSteYirYWMBjqQuEbMYTDsCzXXCAanCSH2xG2cwpbCWGZ2coY2PnhbrDVo7QghsAHpm2X5zsRRwDLyUcm9MTNQAZuRs2B22ygQw3UwkKLA7PZ9ZQ9wMHppmkoaBapmUGaxRNjp1Mt4zxrm9RbEx8FiK3ANBL1fsjggNqvkKpbj6MjntRScPQnJCes9Vt1cFe3iwNP7Ya9RfbaKsVi1eothvSBcbWoouHActGeakHgqFLj1JpbkP7PL3hGGSWLQbXxzmdrfzBCYAtiUxGRvpf3JiaNA2WYbJTh58bzx',

     

       172
       +
           )

     

       173
       +
           await expect(promise).rejects.toThrow(PlcClientError)

     

       174
        
         })

     

       175
        
       

     

       176
        
         it('retrieves the operation log', async () => {

     

       177
       +
           const doc = await client.getDocumentData(did1)

     

       178
       +
           const ops = await client.getOperationLog(did1)

     

       179
       +
           const computedDoc = await plc.validateOperationLog(did1, ops)

     

       180
        
           expect(computedDoc).toEqual(doc)

     

       181
        
         })

     

       182
        
       

     

       183
        
         it('rejects on bad updates', async () => {

     

       184
        
           const newKey = await P256Keypair.create()

     

       185
       +
           const operation = client.updateAtprotoKey(did1, newKey, newKey.did())

     

       186
        
           await expect(operation).rejects.toThrow()

     

       187
        
         })

     

       188
        
       

     

       189
        
         it('allows for recovery through a forked history', async () => {

     

       190
        
           const attackerKey = await P256Keypair.create()

     

       191
       +
           await client.updateRotationKeys(did1, rotationKey2, [attackerKey.did()])

     

       192
        
       

     

       193
        
           const newKey = await P256Keypair.create()

     

       194
       +
           const ops = await client.getOperationLog(did1)

     

       195
        
           const forkPoint = ops.at(-2)

     

       196
        
           if (!check.is(forkPoint, plc.def.operation)) {

     

       197
        
             throw new Error('Could not find fork point')

     
···

       200
        
             rotationKey1.did(),

     

       201
        
             newKey.did(),

     

       202
        
           ])

     

       203
       +
           await client.sendOperation(did1, op)

     

       204
        
       

     

       205
        
           rotationKey2 = newKey

     

       206
        
       

     

       207
       +
           const doc = await client.getDocumentData(did1)

     

       208
        
           verifyDoc(doc)

     

       209
        
         })

     

       210
        
       

     

       211
        
         it('retrieves the auditable operation log', async () => {

     

       212
       +
           const log = await client.getOperationLog(did1)

     

       213
       +
           const auditable = await client.getAuditableLog(did1)

     

       214
        
           // has one nullifed op

     

       215
        
           expect(auditable.length).toBe(log.length + 1)

     

       216
        
           expect(auditable.filter((op) => op.nullified).length).toBe(1)

     
···

       221
        
         })

     

       222
        
       

     

       223
        
         it('retrieves the did doc', async () => {

     

       224
       +
           const data = await client.getDocumentData(did1)

     

       225
       +
           const doc = await client.getDocument(did1)

     

       226
        
           expect(doc).toEqual(plc.formatDidDoc(data))

     

       227
        
         })

     

       228
        
       

     
···

       258
        
           await Promise.all(

     

       259
        
             keys.map(async (key) => {

     

       260
        
               try {

     

       261
       +
                 await client.updateAtprotoKey(did1, rotationKey1, key.did())

     

       262
        
                 successes++

     

       263
        
               } catch (err) {

     

       264
        
                 failures++

     
···

       268
        
           expect(successes).toBe(1)

     

       269
        
           expect(failures).toBe(19)

     

       270
        
       

     

       271
       +
           const ops = await client.getOperationLog(did1)

     

       272
       +
           await plc.validateOperationLog(did1, ops)

     

       273
        
         })

     

       274
        
       

     

       275
        
         it('tombstones the did', async () => {

     

       276
       +
           await client.tombstone(did1, rotationKey1)

     

       277
        
       

     

       278
       +
           const promise = client.getDocument(did1)

     

       279
        
           await expect(promise).rejects.toThrow(PlcClientError)

     

       280
       +
           const promise2 = client.getDocumentData(did1)

     

       281
        
           await expect(promise2).rejects.toThrow(PlcClientError)

     

       282
        
         })

     

       283
        
       

     

       284
        
         it('exports the data set', async () => {

     

       285
        
           const data = await client.export()

     

       286
        
           expect(data.every((row) => check.is(row, plc.def.exportedOp))).toBeTruthy()

     

       287
       +
           expect(data.length).toBe(32)

     

       288
        
           for (let i = 1; i < data.length; i++) {

     

       289
        
             expect(data[i].createdAt >= data[i - 1].createdAt).toBeTruthy()

     

       290
        
           }

     
···

       296
        
               type: 'create',

     

       297
        
               signingKey: signingKey.did(),

     

       298
        
               recoveryKey: rotationKey1.did(),

     

       299
       +
               handle: handle1,

     

       300
        
               service: atpPds,

     

       301
        
               prev: null,

     

       302
        
             },