search

TBD54566975 / web5-kt

Apache License 2.0
7 stars 9 forks source link

Move `AwsKeyManager` into it's own module #322

Closed mistermoe closed 1 week ago

mistermoe commented 1 week ago

Currently, AwsKeyManager lives in web5-crypto module which happens to be the foundation of all other web5 modules.

AwsKeyManager relies on aws-java-sdk-kms as a dependency which results in web5-crypto's dependency tree to look like this:

[INFO]
[INFO] --- dependency:3.6.1:tree (default-cli) @ web5-crypto ---
[INFO] xyz.block:web5-crypto:jar:0.0.0-main-SNAPSHOT
[INFO] +- xyz.block:web5-common:jar:0.0.0-main-SNAPSHOT:compile
[INFO] +- xyz.block:web5-testing:jar:0.0.0-main-SNAPSHOT:test
[INFO] +- com.nimbusds:nimbus-jose-jwt:jar:9.37.2:compile
[INFO] |  \- com.github.stephenc.jcip:jcip-annotations:jar:1.0-1:compile
[INFO] +- com.amazonaws:aws-java-sdk-kms:jar:1.12.668:compile
[INFO] |  +- com.amazonaws:aws-java-sdk-core:jar:1.12.668:compile
[INFO] |  |  +- commons-logging:commons-logging:jar:1.1.3:compile
[INFO] |  |  +- commons-codec:commons-codec:jar:1.15:compile
[INFO] |  |  +- org.apache.httpcomponents:httpclient:jar:4.5.13:compile
[INFO] |  |  |  \- org.apache.httpcomponents:httpcore:jar:4.4.13:compile
[INFO] |  |  +- com.fasterxml.jackson.dataformat:jackson-dataformat-cbor:jar:2.12.6:compile
[INFO] |  |  \- joda-time:joda-time:jar:2.8.1:compile
[INFO] |  \- com.amazonaws:jmespath-java:jar:1.12.668:compile
[INFO] +- com.fasterxml.jackson.module:jackson-module-kotlin:jar:2.17.0:compile
[INFO] |  +- com.fasterxml.jackson.core:jackson-databind:jar:2.17.0:compile
[INFO] |  |  \- com.fasterxml.jackson.core:jackson-core:jar:2.17.0:compile
[INFO] |  +- com.fasterxml.jackson.core:jackson-annotations:jar:2.17.0:compile
[INFO] |  \- org.jetbrains.kotlin:kotlin-reflect:jar:1.9.22:compile
[INFO] +- com.google.crypto.tink:tink:jar:1.10.0:compile
[INFO] |  +- com.google.code.findbugs:jsr305:jar:3.0.2:compile
[INFO] |  +- com.google.code.gson:gson:jar:2.10.1:compile
[INFO] |  +- com.google.errorprone:error_prone_annotations:jar:2.18.0:compile
[INFO] |  \- com.google.protobuf:protobuf-java:jar:3.19.6:compile
[INFO] +- org.bouncycastle:bcprov-jdk15to18:jar:1.78:compile
[INFO] +- org.bouncycastle:bcpkix-jdk15to18:jar:1.78:compile
[INFO] |  \- org.bouncycastle:bcutil-jdk15to18:jar:1.78:compile
[INFO] +- org.assertj:assertj-core:jar:3.25.2:test
[INFO] |  \- net.bytebuddy:byte-buddy:jar:1.14.11:compile
[INFO] +- org.jetbrains.kotlin:kotlin-stdlib:jar:1.9.22:compile
[INFO] |  \- org.jetbrains:annotations:jar:13.0:compile
[INFO] +- org.jetbrains.kotlin:kotlin-test:jar:1.9.22:test
[INFO] +- org.jetbrains.kotlin:kotlin-test-junit5:jar:1.9.22:test
[INFO] +- org.junit.jupiter:junit-jupiter-api:jar:5.10.1:test
[INFO] |  +- org.opentest4j:opentest4j:jar:1.3.0:test
[INFO] |  +- org.junit.platform:junit-platform-commons:jar:1.10.1:test
[INFO] |  \- org.apiguardian:apiguardian-api:jar:1.1.2:test
[INFO] \- org.junit.jupiter:junit-jupiter-engine:jar:5.10.1:test
[INFO]    \- org.junit.platform:junit-platform-engine:jar:1.10.1:test

we should move AwsKeyManager to its own module to reduce the dependency tree depth here. Further, the web5 "rollup" shouldn't include the aws-key-manager module. it can be pulled in if/as needed.

Doing so will remove this portion of the dependency tree:

[INFO] +- com.amazonaws:aws-java-sdk-kms:jar:1.12.668:compile
[INFO] |  +- com.amazonaws:aws-java-sdk-core:jar:1.12.668:compile
[INFO] |  |  +- commons-logging:commons-logging:jar:1.1.3:compile
[INFO] |  |  +- commons-codec:commons-codec:jar:1.15:compile
[INFO] |  |  +- org.apache.httpcomponents:httpclient:jar:4.5.13:compile
[INFO] |  |  |  \- org.apache.httpcomponents:httpcore:jar:4.4.13:compile
[INFO] |  |  +- com.fasterxml.jackson.dataformat:jackson-dataformat-cbor:jar:2.12.6:compile
[INFO] |  |  \- joda-time:joda-time:jar:2.8.1:compile
[INFO] |  \- com.amazonaws:jmespath-java:jar:1.12.668:compile

the depth here may not seem steep but the transitive deps here show up in almost every java project in one way or another and typically end up being the cause of dependency collisions

ALRubinger commented 1 week ago

Will address when deps merged/closed:

ALRubinger commented 1 week ago

@mistermoe Just this AwsKeyManager impl or also the InMemoryKeyManager and other base interfaces like KeyManager, which live in crypto module?

mistermoe commented 1 week ago

@ALRubinger just AwsKeyManager. InMemoryKeyManager is used as the default key manager if one isn't provided during did creation

ALRubinger commented 1 week ago

PR and open questions in #327 @mistermoe

ALRubinger commented 1 week ago

Closed via PR #327