feat: asset DIDs and public credentials

[ntn-x2]

fixes KILTProtocol/ticket#2029

This PR introduces the following components:

• A new crates folder which contains additional crates we work on and might want to offer to the community. In this case, the hope is that the Asset DID crate would be migrated to the Substrate repo eventually
• A new public-credentials pallet which stores credentials issued to assets as defined in the draft
• A new RPC module to fetch either a single credential entry (i.e., block number + deposit info) for a given (subject and root hash), or all credentials (i.e., a vector of(root hash, credential entry) for a given subject.

Pallet

The new pallet exposes the following extrinsics:

// Internally calls authorization::add() and fails if that call fails
fn add(credential: InputCredential);
// Internally calls authorization::remove() and fails if that call fails
fn remove(claim_hash: Hash, ac: Option<AccessControl>);
// Internally calls authorization::reclaim_deposit() and fails if that call fails
fn reclaim_deposit(claim_hash: Hash);

EDIT: with the merge of #392, two new extrinsics will be added, and the claim_hash is replaced by the credential_id:

fn add(credential: InputCredential);
fn remove(credential_id: Hash, ac: Option<AccessControl>);
fn reclaim_deposit(credential_id: Hash);
fn revoke(credential_id: Hash,  ac: Option<AccessControl>);
fn unrevoke(credential_id: Hash,  ac: Option<AccessControl>);

The InputCredential type is the following:

{
    "claim": {
        "ctype_hash": "0ab12...",
        "subject": "did:asset:...",
        "contents": "0ab12...",        // Encoded claims
    },
    "nonce": "0ab12....",
    "claim_hash": "0ab12...",
    // OPTIONAL
    "claimer_signature": {
        "claimer_id": "4fa..."        // Full DID (with no did:kilt: prefix of the claimer)
        "signature_payload": MultiSignature    // The usual signature type we use everywhere else
    },
    // OPTIONAL
    "authorization_info": AuthorizationInfo
}

EDIT: with the merge of #392, the format will be changed to:

{
    "ctype_hash": "0ab12...",
    "subject": "did:asset:...",
    "contents": "0ab12...",        // Encoded claims
    // OPTIONAL
    "authorization_info": AuthorizationInfo
}

RPC

The RPC exposes the following functions:

get_credential(subject_id, root_hash) -> Option<CredentialEntry>
get_credentials(subject_id) -> Vec<(RootHash, CredentialEntry)>

EDIT: with the merge of #392, the RPC endpoints will be:

get_credential(credential_id) -> Option<CredentialEntry>
get_credentials(subject_id, filter) -> Vec<(RootHash, CredentialEntry)>

For update examples see the description of #392.

[weichweich]

Some questions and some minor comments. But I also think the proxy filter is wrong? That needs to be changed.

Will give it another run after our call, but looks good initially. 🐝

[weichweich]

Any reason for using the qualified path here and not simply AssetDid?

[ntn-x2]

29f5a4c

[weichweich]

The cherry 🍒 on top: I think there is a way to derive the from impl for each enum variant. You only implemented it for two because those are useful right now?

[ntn-x2]

Yeah good to know, but the problem is that not all references are unambiguous. For instance an EvmSmartContractNonFungibleReference could refer to either an Erc721 or an Erc1155 asset type.

[weichweich]

I would separate them using a comment but use match through out the whole thing and not nest it with if

[weichweich]

Alternativ: don't use if but something like 'ensure!()'

[weichweich]

The easier extend is not an argument IMHO since the work to change a if-else to match is something any future dev can do. 😁 I also think we should stick with the linter rule.

[wischli]

LGTM!

[wischli]

I suppose this is an inherent error from my update. There are many more. But we can handle this in a separate PR.

Suggested change

	repository = "https://github.com/KILTprotocol/mashnet-node"
	repository = "https://github.com/KILTprotocol/kilt-node"

[ntn-x2]

Re-fixed in 3b1ab07.

[weichweich]

Still loving it

[weichweich]

Suggested change

	public-credentials-runtime-api = {version = "1.7.2", path = "./runtime-api"}
	public-credentials-runtime-api = {path = "./runtime-api"}