Merge pull request #80 from imsglc/77-ed25519signature2020-is-deprecated
77 ed25519signature2020 is deprecated
This commit is contained in:
commit
2eae2f63ee
@ -5,7 +5,7 @@
|
||||
<parent>
|
||||
<groupId>org.1edtech</groupId>
|
||||
<artifactId>inspector</artifactId>
|
||||
<version>0.9.11</version>
|
||||
<version>0.9.12</version>
|
||||
</parent>
|
||||
<artifactId>inspector-vc</artifactId>
|
||||
<dependencies>
|
||||
|
@ -12,6 +12,7 @@ import org.oneedtech.inspect.core.probe.RunContext;
|
||||
import org.oneedtech.inspect.core.report.ReportItems;
|
||||
import org.oneedtech.inspect.vc.VerifiableCredential;
|
||||
import org.oneedtech.inspect.vc.W3CVCHolder;
|
||||
import org.oneedtech.inspect.vc.verification.Ed25519Signature2022LdVerifier;
|
||||
|
||||
import com.apicatalog.jsonld.StringUtils;
|
||||
import com.apicatalog.jsonld.document.Document;
|
||||
@ -22,6 +23,7 @@ import com.apicatalog.multicodec.Multicodec.Codec;
|
||||
|
||||
import info.weboftrust.ldsignatures.LdProof;
|
||||
import info.weboftrust.ldsignatures.verifier.Ed25519Signature2020LdVerifier;
|
||||
import info.weboftrust.ldsignatures.verifier.LdVerifier;
|
||||
import jakarta.json.JsonArray;
|
||||
import jakarta.json.JsonObject;
|
||||
import jakarta.json.JsonString;
|
||||
@ -55,23 +57,18 @@ public class EmbeddedProofProbe extends Probe<VerifiableCredential> {
|
||||
}
|
||||
|
||||
// get proof of standard type and purpose
|
||||
Optional<LdProof> selectedProof = proofs.stream().filter(
|
||||
proof -> proof.isType("Ed25519Signature2020") && proof.getProofPurpose().equals("assertionMethod"))
|
||||
.findFirst();
|
||||
Optional<LdProof> selectedProof = proofs.stream()
|
||||
.filter(proof -> proof.getProofPurpose().equals("assertionMethod"))
|
||||
.filter(proof -> proof.isType("Ed25519Signature2020") ||
|
||||
(proof.isType("DataIntegrityProof") && proof.getJsonObject().containsKey("cryptosuite") && proof.getJsonObject().get("cryptosuite").equals("eddsa-2022")))
|
||||
.findFirst();
|
||||
|
||||
if (!selectedProof.isPresent()) {
|
||||
return error("No proof with type \"Ed25519Signature2020\" or proof purpose \"assertionMethod\" found", ctx);
|
||||
return error("No proof with type any of (\"Ed25519Signature2020\", \"DataIntegrityProof\" with cryptosuite attr of \"eddsa-2022\") or proof purpose \"assertionMethod\" found", ctx);
|
||||
}
|
||||
|
||||
LdProof proof = selectedProof.get();
|
||||
|
||||
if (!proof.isType("Ed25519Signature2020")) {
|
||||
return error("Unknown proof type: " + proof.getType(), ctx);
|
||||
}
|
||||
if (!proof.getProofPurpose().equals("assertionMethod")) {
|
||||
return error("Invalid proof purpose: " + proof.getProofPurpose(), ctx);
|
||||
}
|
||||
|
||||
URI method = proof.getVerificationMethod();
|
||||
|
||||
// The verification method must dereference to an Ed25519VerificationKey2020.
|
||||
@ -245,7 +242,8 @@ public class EmbeddedProofProbe extends Probe<VerifiableCredential> {
|
||||
// Extract the publicKey bytes from the Multicodec
|
||||
byte[] publicKey = Multicodec.decode(Codec.Ed25519PublicKey, publicKeyMulticodec);
|
||||
|
||||
Ed25519Signature2020LdVerifier verifier = new Ed25519Signature2020LdVerifier(publicKey);
|
||||
// choose verifier
|
||||
LdVerifier<?> verifier = getVerifier(proof, publicKey);
|
||||
|
||||
try {
|
||||
boolean verify = verifier.verify(credentialHolder.getCredential(), proof);
|
||||
@ -259,6 +257,12 @@ public class EmbeddedProofProbe extends Probe<VerifiableCredential> {
|
||||
return success(ctx);
|
||||
}
|
||||
|
||||
private LdVerifier<?> getVerifier(LdProof proof, byte[] publicKey) {
|
||||
return proof.isType("Ed25519Signature2020")
|
||||
? new Ed25519Signature2020LdVerifier(publicKey)
|
||||
: new Ed25519Signature2022LdVerifier(publicKey);
|
||||
}
|
||||
|
||||
private Boolean IsValidPublicKeyMultibase(String publicKeyMultibase) {
|
||||
try {
|
||||
byte[] publicKeyMulticodec = Multibase.decode(publicKeyMultibase);
|
||||
|
@ -114,6 +114,7 @@ public class CachingDocumentLoader extends ConfigurableDocumentLoader {
|
||||
.put("https://www.w3.org/ns/did/v1", Resources.getResource("contexts/did-v1.jsonld"))
|
||||
.put("https://www.w3.org/ns/odrl.jsonld", Resources.getResource("contexts/odrl.jsonld"))
|
||||
.put("https://w3id.org/security/suites/ed25519-2020/v1",Resources.getResource("contexts/security-suites-ed25519-2020-v1.jsonld"))
|
||||
.put("https://w3id.org/security/data-integrity/v1",Resources.getResource("contexts/data-integrity-v1.jsonld"))
|
||||
.put("https://www.w3.org/2018/credentials/v1", Resources.getResource("contexts/2018-credentials-v1.jsonld"))
|
||||
.put("https://w3id.org/security/v1", Resources.getResource("contexts/security-v1.jsonld"))
|
||||
.put("https://w3id.org/security/v2", Resources.getResource("contexts/security-v2.jsonld"))
|
||||
|
@ -0,0 +1,52 @@
|
||||
package org.oneedtech.inspect.vc.verification;
|
||||
|
||||
import com.danubetech.keyformats.crypto.ByteVerifier;
|
||||
import com.danubetech.keyformats.crypto.impl.Ed25519_EdDSA_PublicKeyVerifier;
|
||||
import com.danubetech.keyformats.jose.JWSAlgorithm;
|
||||
import info.weboftrust.ldsignatures.LdProof;
|
||||
import info.weboftrust.ldsignatures.verifier.LdVerifier;
|
||||
import io.ipfs.multibase.Multibase;
|
||||
|
||||
import java.security.GeneralSecurityException;
|
||||
|
||||
public class Ed25519Signature2022LdVerifier extends LdVerifier<Ed25519Signature2022SignatureSuite> {
|
||||
|
||||
public Ed25519Signature2022LdVerifier(ByteVerifier verifier) {
|
||||
|
||||
super(SignatureSuites.SIGNATURE_SUITE_ED25519SIGNATURE2022, verifier, new URDNA2015Canonicalizer());
|
||||
}
|
||||
|
||||
public Ed25519Signature2022LdVerifier(byte[] publicKey) {
|
||||
|
||||
this(new Ed25519_EdDSA_PublicKeyVerifier(publicKey));
|
||||
}
|
||||
|
||||
public Ed25519Signature2022LdVerifier() {
|
||||
|
||||
this((ByteVerifier) null);
|
||||
}
|
||||
|
||||
public static boolean verify(byte[] signingInput, LdProof ldProof, ByteVerifier verifier) throws GeneralSecurityException {
|
||||
|
||||
// verify
|
||||
|
||||
String proofValue = ldProof.getProofValue();
|
||||
if (proofValue == null) throw new GeneralSecurityException("No 'proofValue' in proof.");
|
||||
|
||||
boolean verify;
|
||||
|
||||
byte[] bytes = Multibase.decode(proofValue);
|
||||
verify = verifier.verify(signingInput, bytes, JWSAlgorithm.EdDSA);
|
||||
|
||||
// done
|
||||
|
||||
return verify;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean verify(byte[] signingInput, LdProof ldProof) throws GeneralSecurityException {
|
||||
|
||||
return verify(signingInput, ldProof, this.getVerifier());
|
||||
}
|
||||
|
||||
}
|
@ -0,0 +1,28 @@
|
||||
package org.oneedtech.inspect.vc.verification;
|
||||
|
||||
import com.danubetech.keyformats.jose.JWSAlgorithm;
|
||||
import com.danubetech.keyformats.jose.KeyTypeName;
|
||||
import info.weboftrust.ldsignatures.suites.SignatureSuite;
|
||||
|
||||
import java.net.URI;
|
||||
import java.util.Arrays;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
|
||||
public class Ed25519Signature2022SignatureSuite extends SignatureSuite {
|
||||
|
||||
Ed25519Signature2022SignatureSuite() {
|
||||
|
||||
super(
|
||||
"DataIntegrityProof",
|
||||
URI.create("https://www.w3.org/TR/vc-di-eddsa"),
|
||||
URI.create("https://w3id.org/security#URDNA2015"),
|
||||
URI.create("http://w3id.org/digests#sha256"),
|
||||
URI.create("http://w3id.org/security#ed25519"),
|
||||
List.of(KeyTypeName.Ed25519),
|
||||
Map.of(KeyTypeName.Ed25519, List.of(JWSAlgorithm.EdDSA)),
|
||||
Arrays.asList(LDSecurityContexts.JSONLD_CONTEXT_W3ID_SUITES_ED25519_2022_V1,
|
||||
info.weboftrust.ldsignatures.jsonld.LDSecurityContexts.JSONLD_CONTEXT_W3ID_SECURITY_V3));
|
||||
}
|
||||
|
||||
}
|
@ -0,0 +1,49 @@
|
||||
package org.oneedtech.inspect.vc.verification;
|
||||
|
||||
import java.net.URI;
|
||||
|
||||
import com.apicatalog.jsonld.loader.DocumentLoader;
|
||||
|
||||
import foundation.identity.jsonld.JsonLDObject;
|
||||
import foundation.identity.jsonld.JsonLDUtils;
|
||||
import info.weboftrust.ldsignatures.LdProof;
|
||||
|
||||
public class Eddsa2022LdProof extends LdProof {
|
||||
public static final URI[] DEFAULT_JSONLD_CONTEXTS = { LDSecurityContexts.JSONLD_CONTEXT_W3ID_SUITES_ED25519_2022_V1 };
|
||||
public static final DocumentLoader DEFAULT_DOCUMENT_LOADER = LDSecurityContexts.DOCUMENT_LOADER;
|
||||
|
||||
public static Builder<? extends Builder<?>> builder() {
|
||||
return new Builder(new Eddsa2022LdProof());
|
||||
}
|
||||
|
||||
/*
|
||||
* Factory methods
|
||||
*/
|
||||
|
||||
public static class Builder<B extends Builder<B>> extends LdProof.Builder<B> {
|
||||
|
||||
private boolean addCryptosuite = true;
|
||||
|
||||
public Builder(LdProof jsonLdObject) {
|
||||
super(jsonLdObject);
|
||||
}
|
||||
|
||||
@Override
|
||||
public B base(JsonLDObject base) {
|
||||
addCryptosuite = false;
|
||||
return super.base(base);
|
||||
}
|
||||
|
||||
@Override
|
||||
public LdProof build() {
|
||||
super.build();
|
||||
|
||||
if (addCryptosuite) {
|
||||
JsonLDUtils.jsonLdAdd(this.jsonLdObject, "cryptosuite", "eddsa-2022");
|
||||
}
|
||||
|
||||
return (LdProof) this.jsonLdObject;
|
||||
|
||||
}
|
||||
}
|
||||
}
|
@ -0,0 +1,43 @@
|
||||
package org.oneedtech.inspect.vc.verification;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.net.URI;
|
||||
import java.util.HashMap;
|
||||
import java.util.Map;
|
||||
|
||||
import com.apicatalog.jsonld.JsonLdError;
|
||||
import com.apicatalog.jsonld.document.JsonDocument;
|
||||
import com.apicatalog.jsonld.http.media.MediaType;
|
||||
import com.apicatalog.jsonld.loader.DocumentLoader;
|
||||
import com.google.common.io.Resources;
|
||||
|
||||
import foundation.identity.jsonld.ConfigurableDocumentLoader;
|
||||
|
||||
public class LDSecurityContexts {
|
||||
public static final URI JSONLD_CONTEXT_W3ID_SUITES_ED25519_2022_V1 = URI.create("https://w3id.org/security/data-integrity/v1");
|
||||
|
||||
public static final Map<URI, JsonDocument> CONTEXTS;
|
||||
public static final DocumentLoader DOCUMENT_LOADER;
|
||||
|
||||
static {
|
||||
|
||||
try {
|
||||
|
||||
CONTEXTS = new HashMap<>();
|
||||
|
||||
CONTEXTS.putAll(info.weboftrust.ldsignatures.jsonld.LDSecurityContexts.CONTEXTS);
|
||||
|
||||
CONTEXTS.put(JSONLD_CONTEXT_W3ID_SUITES_ED25519_2022_V1,
|
||||
JsonDocument.of(MediaType.JSON_LD, Resources.getResource("contexts/data-integrity-v1.jsonld").openStream()));
|
||||
|
||||
for (Map.Entry<URI, JsonDocument> context : CONTEXTS.entrySet()) {
|
||||
context.getValue().setDocumentUrl(context.getKey());
|
||||
}
|
||||
} catch (JsonLdError | IOException ex) {
|
||||
|
||||
throw new ExceptionInInitializerError(ex);
|
||||
}
|
||||
|
||||
DOCUMENT_LOADER = new ConfigurableDocumentLoader(CONTEXTS);
|
||||
}
|
||||
}
|
@ -0,0 +1,5 @@
|
||||
package org.oneedtech.inspect.vc.verification;
|
||||
|
||||
public class SignatureSuites {
|
||||
public static final Ed25519Signature2022SignatureSuite SIGNATURE_SUITE_ED25519SIGNATURE2022 = new Ed25519Signature2022SignatureSuite();
|
||||
}
|
@ -0,0 +1,52 @@
|
||||
package org.oneedtech.inspect.vc.verification;
|
||||
|
||||
import foundation.identity.jsonld.JsonLDException;
|
||||
import foundation.identity.jsonld.JsonLDObject;
|
||||
import info.weboftrust.ldsignatures.LdProof;
|
||||
import info.weboftrust.ldsignatures.canonicalizer.Canonicalizer;
|
||||
import info.weboftrust.ldsignatures.util.SHAUtil;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.security.GeneralSecurityException;
|
||||
import java.util.List;
|
||||
|
||||
public class URDNA2015Canonicalizer extends Canonicalizer {
|
||||
|
||||
public URDNA2015Canonicalizer() {
|
||||
|
||||
super(List.of("urdna2015"));
|
||||
}
|
||||
|
||||
@Override
|
||||
public byte[] canonicalize(LdProof ldProof, JsonLDObject jsonLdObject) throws IOException, GeneralSecurityException, JsonLDException {
|
||||
|
||||
// construct the LD proof without proof values
|
||||
|
||||
LdProof ldProofWithoutProofValues = Eddsa2022LdProof.builder()
|
||||
.base(ldProof)
|
||||
.defaultContexts(true)
|
||||
.build();
|
||||
LdProof.removeLdProofValues(ldProofWithoutProofValues);
|
||||
|
||||
// construct the LD object without proof
|
||||
|
||||
JsonLDObject jsonLdObjectWithoutProof = JsonLDObject.builder()
|
||||
.base(jsonLdObject)
|
||||
.build();
|
||||
jsonLdObjectWithoutProof.setDocumentLoader(jsonLdObject.getDocumentLoader());
|
||||
LdProof.removeFromJsonLdObject(jsonLdObjectWithoutProof);
|
||||
|
||||
// canonicalize the LD proof and LD object
|
||||
|
||||
String canonicalizedLdProofWithoutProofValues = ldProofWithoutProofValues.normalize("urdna2015");
|
||||
String canonicalizedJsonLdObjectWithoutProof = jsonLdObjectWithoutProof.normalize("urdna2015");
|
||||
|
||||
// construct the canonicalization result
|
||||
|
||||
byte[] canonicalizationResult = new byte[64];
|
||||
System.arraycopy(SHAUtil.sha256(canonicalizedLdProofWithoutProofValues), 0, canonicalizationResult, 0, 32);
|
||||
System.arraycopy(SHAUtil.sha256(canonicalizedJsonLdObjectWithoutProof), 0, canonicalizationResult, 32, 32);
|
||||
|
||||
return canonicalizationResult;
|
||||
}
|
||||
}
|
@ -0,0 +1,74 @@
|
||||
{
|
||||
"@context": {
|
||||
"id": "@id",
|
||||
"type": "@type",
|
||||
"@protected": true,
|
||||
"proof": {
|
||||
"@id": "https://w3id.org/security#proof",
|
||||
"@type": "@id",
|
||||
"@container": "@graph"
|
||||
},
|
||||
"DataIntegrityProof": {
|
||||
"@id": "https://w3id.org/security#DataIntegrityProof",
|
||||
"@context": {
|
||||
"@protected": true,
|
||||
"id": "@id",
|
||||
"type": "@type",
|
||||
"challenge": "https://w3id.org/security#challenge",
|
||||
"created": {
|
||||
"@id": "http://purl.org/dc/terms/created",
|
||||
"@type": "http://www.w3.org/2001/XMLSchema#dateTime"
|
||||
},
|
||||
"domain": "https://w3id.org/security#domain",
|
||||
"expires": {
|
||||
"@id": "https://w3id.org/security#expiration",
|
||||
"@type": "http://www.w3.org/2001/XMLSchema#dateTime"
|
||||
},
|
||||
"nonce": "https://w3id.org/security#nonce",
|
||||
"proofPurpose": {
|
||||
"@id": "https://w3id.org/security#proofPurpose",
|
||||
"@type": "@vocab",
|
||||
"@context": {
|
||||
"@protected": true,
|
||||
"id": "@id",
|
||||
"type": "@type",
|
||||
"assertionMethod": {
|
||||
"@id": "https://w3id.org/security#assertionMethod",
|
||||
"@type": "@id",
|
||||
"@container": "@set"
|
||||
},
|
||||
"authentication": {
|
||||
"@id": "https://w3id.org/security#authenticationMethod",
|
||||
"@type": "@id",
|
||||
"@container": "@set"
|
||||
},
|
||||
"capabilityInvocation": {
|
||||
"@id": "https://w3id.org/security#capabilityInvocationMethod",
|
||||
"@type": "@id",
|
||||
"@container": "@set"
|
||||
},
|
||||
"capabilityDelegation": {
|
||||
"@id": "https://w3id.org/security#capabilityDelegationMethod",
|
||||
"@type": "@id",
|
||||
"@container": "@set"
|
||||
},
|
||||
"keyAgreement": {
|
||||
"@id": "https://w3id.org/security#keyAgreementMethod",
|
||||
"@type": "@id",
|
||||
"@container": "@set"
|
||||
}
|
||||
}
|
||||
},
|
||||
"cryptosuite": "https://w3id.org/security#cryptosuite",
|
||||
"proofValue": {
|
||||
"@id": "https://w3id.org/security#proofValue",
|
||||
"@type": "https://w3id.org/security#multibase"
|
||||
},
|
||||
"verificationMethod": {
|
||||
"@id": "https://w3id.org/security#verificationMethod",
|
||||
"@type": "@id"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
@ -379,4 +379,14 @@ public class OB30Tests {
|
||||
assertHasProbeID(report, RevocationListProbe.ID, true);
|
||||
});
|
||||
}
|
||||
|
||||
@Test
|
||||
void testEddsa2022Valid() {
|
||||
assertDoesNotThrow(()->{
|
||||
Report report = validator.run(Samples.OB30.JSON.SIMPLE_EDDSA_20222_JSON.asFileResource());
|
||||
if(verbose) PrintHelper.print(report, true);
|
||||
assertValid(report);
|
||||
});
|
||||
|
||||
}
|
||||
}
|
||||
|
@ -11,6 +11,7 @@ public class Samples {
|
||||
public static final class JSON {
|
||||
public final static Sample COMPLETE_JSON = new Sample("ob30/complete.json", false);
|
||||
public final static Sample SIMPLE_JSON = new Sample("ob30/simple.json", true);
|
||||
public final static Sample SIMPLE_EDDSA_20222_JSON = new Sample("ob30/simple-eddsa-2022.json", true);
|
||||
public final static Sample SIMPLE_DID_KEY_METHOD_JSON = new Sample("ob30/simple-did-key-method.json", true);
|
||||
public final static Sample SIMPLE_DID_WEB_METHOD_JSON = new Sample("ob30/simple-did-web-method.json", true);
|
||||
public final static Sample SIMPLE_MULTIPLE_PROOF_JSON = new Sample("ob30/simple-multiple-proofs.json", true);
|
||||
|
31
inspector-vc/src/test/resources/ob30/simple-eddsa-2022.json
Normal file
31
inspector-vc/src/test/resources/ob30/simple-eddsa-2022.json
Normal file
@ -0,0 +1,31 @@
|
||||
{
|
||||
"@context": [
|
||||
"https://www.w3.org/2018/credentials/v1",
|
||||
"https://purl.imsglobal.org/spec/ob/v3p0/context-3.0.1.json",
|
||||
"https://w3id.org/security/data-integrity/v1"
|
||||
],
|
||||
"type": ["VerifiableCredential", "AchievementCredential"],
|
||||
"id": "http://www.1edtech.org/ob/1",
|
||||
"issuanceDate": "2022-11-27T00:00:00Z",
|
||||
"credentialSubject": {
|
||||
"type": "AchievementSubject",
|
||||
"id": "did:1edtech:1",
|
||||
"achievement": {
|
||||
"id": "did:1edtech:achievement:1",
|
||||
"type": ["Achievement"],
|
||||
"criteria": { "narrative": "some narrative" },
|
||||
"description": "some description",
|
||||
"name": "some name"
|
||||
}
|
||||
},
|
||||
"name": "Some name",
|
||||
"issuer": { "id": "https://example.com/issuers/876543", "type": ["Profile"] },
|
||||
"proof": {
|
||||
"type": "DataIntegrityProof",
|
||||
"created": "2023-05-29T08:42:26Z",
|
||||
"proofPurpose": "assertionMethod",
|
||||
"verificationMethod": "https://example.com/issuers/876543#z6MkjZRZv3aez3r18pB1RBFJR1kwUVJ5jHt92JmQwXbd5hwi",
|
||||
"cryptosuite": "eddsa-2022",
|
||||
"proofValue": "z2H1miRAGKPRCPUSudNTPrsWyvpRZzgtgjPBmnMkbcwR8StwEv8dr3NigviBgvZwBu8yA7wAyF5qLjyo3zN1UqLR2"
|
||||
}
|
||||
}
|
Loading…
Reference in New Issue
Block a user