Merge pull request #46 from nuts-foundation/rename-cleanup

Cleanup in preparation of initial release and rename

.github/workflows/go.yml

@@ -35,4 +35,4 @@ jobs:
       with:
         coverageLocations: |
           ${{github.workspace}}/c.out:gocov
-        prefix: github.com/nuts-foundation/uzi-did-x509-issuer
+        prefix: github.com/nuts-foundation/go-didx509-toolkit

.gitignore

@@ -1,6 +1,6 @@
 /*.pem
 !ca.pem
-uzi-did-x509-issuer
+go-didx509-toolkit
 c.out
 .idea
 ./issuer

README.md

@@ -1,116 +1,48 @@
-# Nuts X509 Certificate Issuer
+# Golang did:x509 and X509Credential Toolkit
 
-[![Maintainability](https://api.codeclimate.com/v1/badges/f92496250890e40900aa/maintainability)](https://codeclimate.com/github/nuts-foundation/uzi-did-x509-issuer/maintainability)
-[![Test Coverage](https://api.codeclimate.com/v1/badges/f92496250890e40900aa/test_coverage)](https://codeclimate.com/github/nuts-foundation/uzi-did-x509-issuer/test_coverage)
-
-> [!CAUTION]
-> This repository contains experimental code and is not suitable for production usage!
+[![Maintainability](https://api.codeclimate.com/v1/badges/f92496250890e40900aa/maintainability)](https://codeclimate.com/github/nuts-foundation/go-didx509-toolkit/maintainability)
+[![Test Coverage](https://api.codeclimate.com/v1/badges/f92496250890e40900aa/test_coverage)](https://codeclimate.com/github/nuts-foundation/go-didx509-toolkit/test_coverage)
 
 ## Description
 
-The X509 certificate Issuer is a Go-based tool designed for issuing Verifiable Credentials signed by a X509 certificate. The issuer creates a did:x509 based on the PKI certificate chain.
-Its main purspose is to create verificable credentials form certificates issued by the [UZI certificate chain from the CIBG registry](https://www.zorgcsp.nl/ca-certificaten).
-
-## Features
-
-The X509 certificate Issuer generated a Verifiable Credential of type X509Credential with the following features:
-
-- The DID method is a customized did:x509 DID pointing to the x5c header.
-- The x5c filled with the certificate chain. The chain is built from:
-  - The provided UZI server (Test) certificate
-  - All the required certificates from the [UZI register](https://www.zorgcsp.nl/certificate-revocation-lists-crl-s).
-  - If the test mode is enabled, the [Test UZI register](https://acceptatie.zorgcsp.nl/ca-certificaten)
-- Signed by the private key of the X509 certificate.
-- The VC issued to the provided DID and name.
-
-## Note on security, trust, and secrecy
-
-The VC that is signed by this application are cryptographic proofs, signed by the private key used in the X509 certificate process. Note that:
-
-- This private key is supposed to be kept very secret.
-- The Subject DID of the signed credential is mandated with cryptographic proof to act on behalf of the owner of the private key on the NUTS network.
-
-## Prerequisites
-
-Before you begin, ensure you have met the following requirements:
-
-- You have installed Go SDK 1.23.1 or compatible version.
-- You are using a Unix-based operating system like macOS or Linux.
-- You have the necessary permissions to install software and manage certificates.
-
-## Installation
+This is a Golang-based toolkit for creating `did:x509` DIDs and `X509Credential`s.
+`X509Credential`s can be used present the identity information contained in the `did:x509` DID as Verifiable Credential.
 
-Follow these steps to set up the project:
+Its original purpose is to create Verifiable Credentials from certificates issued by the [UZI certificate chain from the CIBG registry](https://www.zorgcsp.nl/ca-certificaten).
 
-1. **Clone the repository:**
-   ```sh
-   git clone https://github.com/nuts-foundation/uzi-did-x509-issuer
-   ```
-2. **Change to the project directory:**
-   ```sh
-   cd uzi-did-x509-issuer
-   ```
-3. **Download dependencies:**
-   ```sh
-   go mod download && go mod verify
-   ```
-4. **Build the project:**
-   ```sh
-   go build -ldflags="-w -s " -o ./issuer
-   ```
-   or
-   ```shell
-   make build
-   ```
-
-## Usage
-
-1. **Run the application:**
-
-   ```sh
-   ./issuer
-   ```
-
-2. **Getting command line help:**
-   - Use the CLI options provided by the application to generate new certificates. Refer to the help command for more details:
-   ```sh
-   ./issuer --help
-   ```
-3. **Call for generating a VC:**
-   - The following parameters are required:
-     - **certificate_file**, the PEM file of the URA server certificate
-     - **signing_key** ,the unencrypted PEM file of the private key used for signing.
-     - **subject_did** and **subject_name**, the vc.subject.id and vc.subject.name of the generated verifiable credential.
-
-### Examples
+## Features
 
-- **Example call with a TEST certificate**
-  ```
-  ./issuer vc cert.pem key.key did:web:example.com:example --test
-  ```
-- **Example call with a production certificate**
-  ```
-  ./issuer vc cert.pem key.key did:web:example.com:example
-  ```
+### Creating `did:x509` DIDs
 
-## Project UZI CA and Intermediate CA files
+The toolkit creates `did:x509` DIDs as specified by https://trustoverip.github.io/tswg-did-x509-method-specification/.
+It extends this DID method specification by adding support for the `san:otherName` field in the certificate (required by the CIBG UZI certificate use case).
 
-This project downloads the relevant CA certs from:
+### Issuing `X509Credential`s
 
-- [https://www.zorgcsp.nl/ca-certificaten](https://www.zorgcsp.nl/ca-certificaten)
-- [https://acceptatie.zorgcsp.nl/ca-certificaten](https://acceptatie.zorgcsp.nl/ca-certificaten)
+The primary use of this toolkit is self-issuing `X509Credential`s through a `did:x509` DID, backed by an X.509 certificate.
+To issue an `X509Credential`, provide the following parameters:
 
-## Converting to PEM files:
+- **certificate_file**: the PEM file of the certificate
+- **signing_key**: the unencrypted PEM file of the private key used for signing.
+- **credential_subject**: the ID of the credential subject, typically a DID.
 
-The following command converts .cer files to PEM:
+Usage:
+```shell
+./issuer vc <certificate_file> <signing_key> <credential_subject>
+```
 
+Example:
 ```shell
- openssl x509 -inform der -in certificate.cer -out certificate.pem
+./issuer vc certificate.pem key.pem did:web:example.com
 ```
 
-## Validating a X509Credential
+### Validating `X509Credential`s
+
+TODO
 
-The logic on Validating a X509Credential is described in the [VC_VALIDATION.md](VC_VALIDATION.md) file.
+## Limitations
+
+Only RSA keys are supported at the moment.
 
 ## Contributing
 
@@ -127,8 +59,4 @@ Please ensure your code follows the project's coding conventions and passes all
 
 ## License
 
-This project is licensed under the MIT License. See the [LICENSE](LICENSE) file for details.
-
-## Contact
-
-If you have any questions or suggestions, feel free to open an issue or contact the project maintainers at [[email protected]](mailto:[email protected]).
+This project is licensed under the GPLv3 License. See the [LICENSE](LICENSE) file for details.