Merge pull request #80 from imsglc/77-ed25519signature2020-is-deprecated

77 ed25519signature2020 is deprecated
This commit is contained in:
Xavi Aracil 2023-06-21 09:30:46 +02:00 committed by GitHub
commit 2eae2f63ee
13 changed files with 364 additions and 14 deletions

View File

@ -5,7 +5,7 @@
<parent>
<groupId>org.1edtech</groupId>
<artifactId>inspector</artifactId>
<version>0.9.11</version>
<version>0.9.12</version>
</parent>
<artifactId>inspector-vc</artifactId>
<dependencies>

View File

@ -12,6 +12,7 @@ import org.oneedtech.inspect.core.probe.RunContext;
import org.oneedtech.inspect.core.report.ReportItems;
import org.oneedtech.inspect.vc.VerifiableCredential;
import org.oneedtech.inspect.vc.W3CVCHolder;
import org.oneedtech.inspect.vc.verification.Ed25519Signature2022LdVerifier;
import com.apicatalog.jsonld.StringUtils;
import com.apicatalog.jsonld.document.Document;
@ -22,6 +23,7 @@ import com.apicatalog.multicodec.Multicodec.Codec;
import info.weboftrust.ldsignatures.LdProof;
import info.weboftrust.ldsignatures.verifier.Ed25519Signature2020LdVerifier;
import info.weboftrust.ldsignatures.verifier.LdVerifier;
import jakarta.json.JsonArray;
import jakarta.json.JsonObject;
import jakarta.json.JsonString;
@ -55,23 +57,18 @@ public class EmbeddedProofProbe extends Probe<VerifiableCredential> {
}
// get proof of standard type and purpose
Optional<LdProof> selectedProof = proofs.stream().filter(
proof -> proof.isType("Ed25519Signature2020") && proof.getProofPurpose().equals("assertionMethod"))
.findFirst();
Optional<LdProof> selectedProof = proofs.stream()
.filter(proof -> proof.getProofPurpose().equals("assertionMethod"))
.filter(proof -> proof.isType("Ed25519Signature2020") ||
(proof.isType("DataIntegrityProof") && proof.getJsonObject().containsKey("cryptosuite") && proof.getJsonObject().get("cryptosuite").equals("eddsa-2022")))
.findFirst();
if (!selectedProof.isPresent()) {
return error("No proof with type \"Ed25519Signature2020\" or proof purpose \"assertionMethod\" found", ctx);
return error("No proof with type any of (\"Ed25519Signature2020\", \"DataIntegrityProof\" with cryptosuite attr of \"eddsa-2022\") or proof purpose \"assertionMethod\" found", ctx);
}
LdProof proof = selectedProof.get();
if (!proof.isType("Ed25519Signature2020")) {
return error("Unknown proof type: " + proof.getType(), ctx);
}
if (!proof.getProofPurpose().equals("assertionMethod")) {
return error("Invalid proof purpose: " + proof.getProofPurpose(), ctx);
}
URI method = proof.getVerificationMethod();
// The verification method must dereference to an Ed25519VerificationKey2020.
@ -245,7 +242,8 @@ public class EmbeddedProofProbe extends Probe<VerifiableCredential> {
// Extract the publicKey bytes from the Multicodec
byte[] publicKey = Multicodec.decode(Codec.Ed25519PublicKey, publicKeyMulticodec);
Ed25519Signature2020LdVerifier verifier = new Ed25519Signature2020LdVerifier(publicKey);
// choose verifier
LdVerifier<?> verifier = getVerifier(proof, publicKey);
try {
boolean verify = verifier.verify(credentialHolder.getCredential(), proof);
@ -259,6 +257,12 @@ public class EmbeddedProofProbe extends Probe<VerifiableCredential> {
return success(ctx);
}
private LdVerifier<?> getVerifier(LdProof proof, byte[] publicKey) {
return proof.isType("Ed25519Signature2020")
? new Ed25519Signature2020LdVerifier(publicKey)
: new Ed25519Signature2022LdVerifier(publicKey);
}
private Boolean IsValidPublicKeyMultibase(String publicKeyMultibase) {
try {
byte[] publicKeyMulticodec = Multibase.decode(publicKeyMultibase);

View File

@ -114,6 +114,7 @@ public class CachingDocumentLoader extends ConfigurableDocumentLoader {
.put("https://www.w3.org/ns/did/v1", Resources.getResource("contexts/did-v1.jsonld"))
.put("https://www.w3.org/ns/odrl.jsonld", Resources.getResource("contexts/odrl.jsonld"))
.put("https://w3id.org/security/suites/ed25519-2020/v1",Resources.getResource("contexts/security-suites-ed25519-2020-v1.jsonld"))
.put("https://w3id.org/security/data-integrity/v1",Resources.getResource("contexts/data-integrity-v1.jsonld"))
.put("https://www.w3.org/2018/credentials/v1", Resources.getResource("contexts/2018-credentials-v1.jsonld"))
.put("https://w3id.org/security/v1", Resources.getResource("contexts/security-v1.jsonld"))
.put("https://w3id.org/security/v2", Resources.getResource("contexts/security-v2.jsonld"))

View File

@ -0,0 +1,52 @@
package org.oneedtech.inspect.vc.verification;
import com.danubetech.keyformats.crypto.ByteVerifier;
import com.danubetech.keyformats.crypto.impl.Ed25519_EdDSA_PublicKeyVerifier;
import com.danubetech.keyformats.jose.JWSAlgorithm;
import info.weboftrust.ldsignatures.LdProof;
import info.weboftrust.ldsignatures.verifier.LdVerifier;
import io.ipfs.multibase.Multibase;
import java.security.GeneralSecurityException;
public class Ed25519Signature2022LdVerifier extends LdVerifier<Ed25519Signature2022SignatureSuite> {
public Ed25519Signature2022LdVerifier(ByteVerifier verifier) {
super(SignatureSuites.SIGNATURE_SUITE_ED25519SIGNATURE2022, verifier, new URDNA2015Canonicalizer());
}
public Ed25519Signature2022LdVerifier(byte[] publicKey) {
this(new Ed25519_EdDSA_PublicKeyVerifier(publicKey));
}
public Ed25519Signature2022LdVerifier() {
this((ByteVerifier) null);
}
public static boolean verify(byte[] signingInput, LdProof ldProof, ByteVerifier verifier) throws GeneralSecurityException {
// verify
String proofValue = ldProof.getProofValue();
if (proofValue == null) throw new GeneralSecurityException("No 'proofValue' in proof.");
boolean verify;
byte[] bytes = Multibase.decode(proofValue);
verify = verifier.verify(signingInput, bytes, JWSAlgorithm.EdDSA);
// done
return verify;
}
@Override
public boolean verify(byte[] signingInput, LdProof ldProof) throws GeneralSecurityException {
return verify(signingInput, ldProof, this.getVerifier());
}
}

View File

@ -0,0 +1,28 @@
package org.oneedtech.inspect.vc.verification;
import com.danubetech.keyformats.jose.JWSAlgorithm;
import com.danubetech.keyformats.jose.KeyTypeName;
import info.weboftrust.ldsignatures.suites.SignatureSuite;
import java.net.URI;
import java.util.Arrays;
import java.util.List;
import java.util.Map;
public class Ed25519Signature2022SignatureSuite extends SignatureSuite {
Ed25519Signature2022SignatureSuite() {
super(
"DataIntegrityProof",
URI.create("https://www.w3.org/TR/vc-di-eddsa"),
URI.create("https://w3id.org/security#URDNA2015"),
URI.create("http://w3id.org/digests#sha256"),
URI.create("http://w3id.org/security#ed25519"),
List.of(KeyTypeName.Ed25519),
Map.of(KeyTypeName.Ed25519, List.of(JWSAlgorithm.EdDSA)),
Arrays.asList(LDSecurityContexts.JSONLD_CONTEXT_W3ID_SUITES_ED25519_2022_V1,
info.weboftrust.ldsignatures.jsonld.LDSecurityContexts.JSONLD_CONTEXT_W3ID_SECURITY_V3));
}
}

View File

@ -0,0 +1,49 @@
package org.oneedtech.inspect.vc.verification;
import java.net.URI;
import com.apicatalog.jsonld.loader.DocumentLoader;
import foundation.identity.jsonld.JsonLDObject;
import foundation.identity.jsonld.JsonLDUtils;
import info.weboftrust.ldsignatures.LdProof;
public class Eddsa2022LdProof extends LdProof {
public static final URI[] DEFAULT_JSONLD_CONTEXTS = { LDSecurityContexts.JSONLD_CONTEXT_W3ID_SUITES_ED25519_2022_V1 };
public static final DocumentLoader DEFAULT_DOCUMENT_LOADER = LDSecurityContexts.DOCUMENT_LOADER;
public static Builder<? extends Builder<?>> builder() {
return new Builder(new Eddsa2022LdProof());
}
/*
* Factory methods
*/
public static class Builder<B extends Builder<B>> extends LdProof.Builder<B> {
private boolean addCryptosuite = true;
public Builder(LdProof jsonLdObject) {
super(jsonLdObject);
}
@Override
public B base(JsonLDObject base) {
addCryptosuite = false;
return super.base(base);
}
@Override
public LdProof build() {
super.build();
if (addCryptosuite) {
JsonLDUtils.jsonLdAdd(this.jsonLdObject, "cryptosuite", "eddsa-2022");
}
return (LdProof) this.jsonLdObject;
}
}
}

View File

@ -0,0 +1,43 @@
package org.oneedtech.inspect.vc.verification;
import java.io.IOException;
import java.net.URI;
import java.util.HashMap;
import java.util.Map;
import com.apicatalog.jsonld.JsonLdError;
import com.apicatalog.jsonld.document.JsonDocument;
import com.apicatalog.jsonld.http.media.MediaType;
import com.apicatalog.jsonld.loader.DocumentLoader;
import com.google.common.io.Resources;
import foundation.identity.jsonld.ConfigurableDocumentLoader;
public class LDSecurityContexts {
public static final URI JSONLD_CONTEXT_W3ID_SUITES_ED25519_2022_V1 = URI.create("https://w3id.org/security/data-integrity/v1");
public static final Map<URI, JsonDocument> CONTEXTS;
public static final DocumentLoader DOCUMENT_LOADER;
static {
try {
CONTEXTS = new HashMap<>();
CONTEXTS.putAll(info.weboftrust.ldsignatures.jsonld.LDSecurityContexts.CONTEXTS);
CONTEXTS.put(JSONLD_CONTEXT_W3ID_SUITES_ED25519_2022_V1,
JsonDocument.of(MediaType.JSON_LD, Resources.getResource("contexts/data-integrity-v1.jsonld").openStream()));
for (Map.Entry<URI, JsonDocument> context : CONTEXTS.entrySet()) {
context.getValue().setDocumentUrl(context.getKey());
}
} catch (JsonLdError | IOException ex) {
throw new ExceptionInInitializerError(ex);
}
DOCUMENT_LOADER = new ConfigurableDocumentLoader(CONTEXTS);
}
}

View File

@ -0,0 +1,5 @@
package org.oneedtech.inspect.vc.verification;
public class SignatureSuites {
public static final Ed25519Signature2022SignatureSuite SIGNATURE_SUITE_ED25519SIGNATURE2022 = new Ed25519Signature2022SignatureSuite();
}

View File

@ -0,0 +1,52 @@
package org.oneedtech.inspect.vc.verification;
import foundation.identity.jsonld.JsonLDException;
import foundation.identity.jsonld.JsonLDObject;
import info.weboftrust.ldsignatures.LdProof;
import info.weboftrust.ldsignatures.canonicalizer.Canonicalizer;
import info.weboftrust.ldsignatures.util.SHAUtil;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.util.List;
public class URDNA2015Canonicalizer extends Canonicalizer {
public URDNA2015Canonicalizer() {
super(List.of("urdna2015"));
}
@Override
public byte[] canonicalize(LdProof ldProof, JsonLDObject jsonLdObject) throws IOException, GeneralSecurityException, JsonLDException {
// construct the LD proof without proof values
LdProof ldProofWithoutProofValues = Eddsa2022LdProof.builder()
.base(ldProof)
.defaultContexts(true)
.build();
LdProof.removeLdProofValues(ldProofWithoutProofValues);
// construct the LD object without proof
JsonLDObject jsonLdObjectWithoutProof = JsonLDObject.builder()
.base(jsonLdObject)
.build();
jsonLdObjectWithoutProof.setDocumentLoader(jsonLdObject.getDocumentLoader());
LdProof.removeFromJsonLdObject(jsonLdObjectWithoutProof);
// canonicalize the LD proof and LD object
String canonicalizedLdProofWithoutProofValues = ldProofWithoutProofValues.normalize("urdna2015");
String canonicalizedJsonLdObjectWithoutProof = jsonLdObjectWithoutProof.normalize("urdna2015");
// construct the canonicalization result
byte[] canonicalizationResult = new byte[64];
System.arraycopy(SHAUtil.sha256(canonicalizedLdProofWithoutProofValues), 0, canonicalizationResult, 0, 32);
System.arraycopy(SHAUtil.sha256(canonicalizedJsonLdObjectWithoutProof), 0, canonicalizationResult, 32, 32);
return canonicalizationResult;
}
}

View File

@ -0,0 +1,74 @@
{
"@context": {
"id": "@id",
"type": "@type",
"@protected": true,
"proof": {
"@id": "https://w3id.org/security#proof",
"@type": "@id",
"@container": "@graph"
},
"DataIntegrityProof": {
"@id": "https://w3id.org/security#DataIntegrityProof",
"@context": {
"@protected": true,
"id": "@id",
"type": "@type",
"challenge": "https://w3id.org/security#challenge",
"created": {
"@id": "http://purl.org/dc/terms/created",
"@type": "http://www.w3.org/2001/XMLSchema#dateTime"
},
"domain": "https://w3id.org/security#domain",
"expires": {
"@id": "https://w3id.org/security#expiration",
"@type": "http://www.w3.org/2001/XMLSchema#dateTime"
},
"nonce": "https://w3id.org/security#nonce",
"proofPurpose": {
"@id": "https://w3id.org/security#proofPurpose",
"@type": "@vocab",
"@context": {
"@protected": true,
"id": "@id",
"type": "@type",
"assertionMethod": {
"@id": "https://w3id.org/security#assertionMethod",
"@type": "@id",
"@container": "@set"
},
"authentication": {
"@id": "https://w3id.org/security#authenticationMethod",
"@type": "@id",
"@container": "@set"
},
"capabilityInvocation": {
"@id": "https://w3id.org/security#capabilityInvocationMethod",
"@type": "@id",
"@container": "@set"
},
"capabilityDelegation": {
"@id": "https://w3id.org/security#capabilityDelegationMethod",
"@type": "@id",
"@container": "@set"
},
"keyAgreement": {
"@id": "https://w3id.org/security#keyAgreementMethod",
"@type": "@id",
"@container": "@set"
}
}
},
"cryptosuite": "https://w3id.org/security#cryptosuite",
"proofValue": {
"@id": "https://w3id.org/security#proofValue",
"@type": "https://w3id.org/security#multibase"
},
"verificationMethod": {
"@id": "https://w3id.org/security#verificationMethod",
"@type": "@id"
}
}
}
}
}

View File

@ -379,4 +379,14 @@ public class OB30Tests {
assertHasProbeID(report, RevocationListProbe.ID, true);
});
}
@Test
void testEddsa2022Valid() {
assertDoesNotThrow(()->{
Report report = validator.run(Samples.OB30.JSON.SIMPLE_EDDSA_20222_JSON.asFileResource());
if(verbose) PrintHelper.print(report, true);
assertValid(report);
});
}
}

View File

@ -11,6 +11,7 @@ public class Samples {
public static final class JSON {
public final static Sample COMPLETE_JSON = new Sample("ob30/complete.json", false);
public final static Sample SIMPLE_JSON = new Sample("ob30/simple.json", true);
public final static Sample SIMPLE_EDDSA_20222_JSON = new Sample("ob30/simple-eddsa-2022.json", true);
public final static Sample SIMPLE_DID_KEY_METHOD_JSON = new Sample("ob30/simple-did-key-method.json", true);
public final static Sample SIMPLE_DID_WEB_METHOD_JSON = new Sample("ob30/simple-did-web-method.json", true);
public final static Sample SIMPLE_MULTIPLE_PROOF_JSON = new Sample("ob30/simple-multiple-proofs.json", true);

View File

@ -0,0 +1,31 @@
{
"@context": [
"https://www.w3.org/2018/credentials/v1",
"https://purl.imsglobal.org/spec/ob/v3p0/context-3.0.1.json",
"https://w3id.org/security/data-integrity/v1"
],
"type": ["VerifiableCredential", "AchievementCredential"],
"id": "http://www.1edtech.org/ob/1",
"issuanceDate": "2022-11-27T00:00:00Z",
"credentialSubject": {
"type": "AchievementSubject",
"id": "did:1edtech:1",
"achievement": {
"id": "did:1edtech:achievement:1",
"type": ["Achievement"],
"criteria": { "narrative": "some narrative" },
"description": "some description",
"name": "some name"
}
},
"name": "Some name",
"issuer": { "id": "https://example.com/issuers/876543", "type": ["Profile"] },
"proof": {
"type": "DataIntegrityProof",
"created": "2023-05-29T08:42:26Z",
"proofPurpose": "assertionMethod",
"verificationMethod": "https://example.com/issuers/876543#z6MkjZRZv3aez3r18pB1RBFJR1kwUVJ5jHt92JmQwXbd5hwi",
"cryptosuite": "eddsa-2022",
"proofValue": "z2H1miRAGKPRCPUSudNTPrsWyvpRZzgtgjPBmnMkbcwR8StwEv8dr3NigviBgvZwBu8yA7wAyF5qLjyo3zN1UqLR2"
}
}