Added v2 version of W3C Verifiable Credential
This commit is contained in:
parent
4b9b1d4147
commit
50b29ee167
@ -8,6 +8,8 @@ import static org.oneedtech.inspect.vc.VerifiableCredential.Type.VerifiablePrese
|
|||||||
import com.fasterxml.jackson.databind.JsonNode;
|
import com.fasterxml.jackson.databind.JsonNode;
|
||||||
import com.google.common.base.MoreObjects;
|
import com.google.common.base.MoreObjects;
|
||||||
import com.google.common.collect.ImmutableMap;
|
import com.google.common.collect.ImmutableMap;
|
||||||
|
|
||||||
|
import java.net.URI;
|
||||||
import java.util.Collections;
|
import java.util.Collections;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
@ -26,18 +28,19 @@ import org.oneedtech.inspect.vc.util.JsonNodeUtil;
|
|||||||
*/
|
*/
|
||||||
public class VerifiableCredential extends Credential {
|
public class VerifiableCredential extends Credential {
|
||||||
final VerifiableCredential.Type credentialType;
|
final VerifiableCredential.Type credentialType;
|
||||||
|
final VCVersion version;
|
||||||
|
|
||||||
protected VerifiableCredential(
|
protected VerifiableCredential(
|
||||||
Resource resource,
|
Resource resource,
|
||||||
JsonNode data,
|
JsonNode data,
|
||||||
String jwt,
|
String jwt,
|
||||||
Map<CredentialEnum, SchemaKey> schemas,
|
Map<CredentialEnum, SchemaKey> schemas,
|
||||||
String issuedOnPropertyName,
|
VCVersion version) {
|
||||||
String expiresAtPropertyName) {
|
super(ID, resource, data, jwt, schemas, version.issuanceDateField, version.expirationDateField);
|
||||||
super(ID, resource, data, jwt, schemas, issuedOnPropertyName, expiresAtPropertyName);
|
|
||||||
|
|
||||||
JsonNode typeNode = jsonData.get("type");
|
JsonNode typeNode = jsonData.get("type");
|
||||||
this.credentialType = VerifiableCredential.Type.valueOf(typeNode);
|
this.credentialType = VerifiableCredential.Type.valueOf(typeNode);
|
||||||
|
this.version = version;
|
||||||
}
|
}
|
||||||
|
|
||||||
public CredentialEnum getCredentialType() {
|
public CredentialEnum getCredentialType() {
|
||||||
@ -48,6 +51,10 @@ public class VerifiableCredential extends Credential {
|
|||||||
return jwt == null ? ProofType.EMBEDDED : ProofType.EXTERNAL;
|
return jwt == null ? ProofType.EMBEDDED : ProofType.EXTERNAL;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public VCVersion getVersion() {
|
||||||
|
return version;
|
||||||
|
}
|
||||||
|
|
||||||
private static final Map<CredentialEnum, SchemaKey> schemas =
|
private static final Map<CredentialEnum, SchemaKey> schemas =
|
||||||
new ImmutableMap.Builder<CredentialEnum, SchemaKey>()
|
new ImmutableMap.Builder<CredentialEnum, SchemaKey>()
|
||||||
.put(AchievementCredential, Catalog.OB_30_ANY_ACHIEVEMENTCREDENTIAL_JSON)
|
.put(AchievementCredential, Catalog.OB_30_ANY_ACHIEVEMENTCREDENTIAL_JSON)
|
||||||
@ -56,17 +63,19 @@ public class VerifiableCredential extends Credential {
|
|||||||
.put(EndorsementCredential, Catalog.OB_30_ANY_ENDORSEMENTCREDENTIAL_JSON)
|
.put(EndorsementCredential, Catalog.OB_30_ANY_ENDORSEMENTCREDENTIAL_JSON)
|
||||||
.build();
|
.build();
|
||||||
|
|
||||||
|
public static final String JSONLD_CONTEXT_W3C_CREDENTIALS_V2 = "https://www.w3.org/ns/credentials/v2";
|
||||||
|
|
||||||
private static final Map<Set<VerifiableCredential.Type>, List<String>> contextMap =
|
private static final Map<Set<VerifiableCredential.Type>, List<String>> contextMap =
|
||||||
new ImmutableMap.Builder<Set<VerifiableCredential.Type>, List<String>>()
|
new ImmutableMap.Builder<Set<VerifiableCredential.Type>, List<String>>()
|
||||||
.put(
|
.put(
|
||||||
Set.of(Type.OpenBadgeCredential, AchievementCredential, EndorsementCredential),
|
Set.of(Type.OpenBadgeCredential, AchievementCredential, EndorsementCredential),
|
||||||
List.of(
|
List.of(
|
||||||
"https://www.w3.org/ns/credentials/v2",
|
JSONLD_CONTEXT_W3C_CREDENTIALS_V2,
|
||||||
"https://purl.imsglobal.org/spec/ob/v3p0/context-3.0.3.json"))
|
"https://purl.imsglobal.org/spec/ob/v3p0/context-3.0.3.json"))
|
||||||
.put(
|
.put(
|
||||||
Set.of(ClrCredential),
|
Set.of(ClrCredential),
|
||||||
List.of(
|
List.of(
|
||||||
"https://www.w3.org/ns/credentials/v2",
|
JSONLD_CONTEXT_W3C_CREDENTIALS_V2,
|
||||||
"https://purl.imsglobal.org/spec/clr/v2p0/context-2.0.1.json",
|
"https://purl.imsglobal.org/spec/clr/v2p0/context-2.0.1.json",
|
||||||
"https://purl.imsglobal.org/spec/ob/v3p0/context-3.0.3.json"))
|
"https://purl.imsglobal.org/spec/ob/v3p0/context-3.0.3.json"))
|
||||||
.build();
|
.build();
|
||||||
@ -82,7 +91,7 @@ public class VerifiableCredential extends Credential {
|
|||||||
"https://purl.imsglobal.org/spec/clr/v2p0/context-2.0.1.json",
|
"https://purl.imsglobal.org/spec/clr/v2p0/context-2.0.1.json",
|
||||||
List.of("https://purl.imsglobal.org/spec/clr/v2p0/context.json"))
|
List.of("https://purl.imsglobal.org/spec/clr/v2p0/context.json"))
|
||||||
.put(
|
.put(
|
||||||
"https://www.w3.org/ns/credentials/v2",
|
JSONLD_CONTEXT_W3C_CREDENTIALS_V2,
|
||||||
List.of("https://www.w3.org/2018/credentials/v1"))
|
List.of("https://www.w3.org/2018/credentials/v1"))
|
||||||
.build();
|
.build();
|
||||||
|
|
||||||
@ -183,20 +192,39 @@ public class VerifiableCredential extends Credential {
|
|||||||
.toString();
|
.toString();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public static enum VCVersion {
|
||||||
|
VCDMv2p0(ISSUED_ON_PROPERTY_NAME_V20, EXPIRES_AT_PROPERTY_NAME_V20),
|
||||||
|
VCDMv1p1(ISSUED_ON_PROPERTY_NAME_V11, EXPIRES_AT_PROPERTY_NAME_V11);
|
||||||
|
|
||||||
|
final String issuanceDateField;
|
||||||
|
final String expirationDateField;
|
||||||
|
|
||||||
|
VCVersion(String issuanceDateField, String expirationDateField) {
|
||||||
|
this.issuanceDateField = issuanceDateField;
|
||||||
|
this.expirationDateField = expirationDateField;
|
||||||
|
}
|
||||||
|
|
||||||
|
static VCVersion of(JsonNode context) {
|
||||||
|
if (JsonNodeUtil.asNodeList(context)
|
||||||
|
.stream()
|
||||||
|
.anyMatch(node -> node.isTextual() && node.asText().equals(JSONLD_CONTEXT_W3C_CREDENTIALS_V2)) )
|
||||||
|
return VCDMv2p0;
|
||||||
|
|
||||||
|
return VCDMv1p1;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
public static class Builder extends Credential.Builder<VerifiableCredential> {
|
public static class Builder extends Credential.Builder<VerifiableCredential> {
|
||||||
@Override
|
@Override
|
||||||
public VerifiableCredential build() {
|
public VerifiableCredential build() {
|
||||||
boolean is2p0VC = JsonNodeUtil.asNodeList(getJsonData().get("@context"))
|
VCVersion version = VCVersion.of(getJsonData().get("@context"));
|
||||||
.stream()
|
|
||||||
.anyMatch(node -> node.isTextual() && node.asText().equals("https://www.w3.org/ns/credentials/v2"));
|
|
||||||
|
|
||||||
return new VerifiableCredential(
|
return new VerifiableCredential(
|
||||||
getResource(),
|
getResource(),
|
||||||
getJsonData(),
|
getJsonData(),
|
||||||
getJwt(),
|
getJwt(),
|
||||||
schemas,
|
schemas,
|
||||||
is2p0VC ? ISSUED_ON_PROPERTY_NAME_V20 : ISSUED_ON_PROPERTY_NAME_V11,
|
version);
|
||||||
is2p0VC ? EXPIRES_AT_PROPERTY_NAME_V20 : EXPIRES_AT_PROPERTY_NAME_V11);
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1,23 +1,33 @@
|
|||||||
package org.oneedtech.inspect.vc;
|
package org.oneedtech.inspect.vc;
|
||||||
|
|
||||||
|
import java.io.StringReader;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
|
|
||||||
import org.oneedtech.inspect.vc.jsonld.JsonLDObjectUtils;
|
import org.oneedtech.inspect.vc.jsonld.JsonLDObjectUtils;
|
||||||
import org.oneedtech.inspect.vc.util.CachingDocumentLoader;
|
import org.oneedtech.inspect.vc.util.CachingDocumentLoader;
|
||||||
|
|
||||||
import com.danubetech.verifiablecredentials.VerifiableCredential;
|
|
||||||
|
|
||||||
import info.weboftrust.ldsignatures.LdProof;
|
import info.weboftrust.ldsignatures.LdProof;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Holder for W3C's Verifiable Credential
|
* Holder for W3C's Verifiable Credential
|
||||||
*/
|
*/
|
||||||
public class W3CVCHolder {
|
public class W3CVCHolder {
|
||||||
private VerifiableCredential credential;
|
private com.danubetech.verifiablecredentials.VerifiableCredential credential;
|
||||||
|
|
||||||
public W3CVCHolder(VerifiableCredential credential) {
|
public W3CVCHolder(VerifiableCredential credential) {
|
||||||
this.credential = credential;
|
switch (credential.version) {
|
||||||
credential.setDocumentLoader(new CachingDocumentLoader());
|
case VCDMv1p1:
|
||||||
|
this.credential = com.danubetech.verifiablecredentials.VerifiableCredential
|
||||||
|
.fromJson(new StringReader(credential.getJson().toString()));
|
||||||
|
break;
|
||||||
|
case VCDMv2p0:
|
||||||
|
this.credential = W3CVerifiableCredentialDM2
|
||||||
|
.fromJson(new StringReader(credential.getJson().toString()));
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
throw new IllegalArgumentException("Unsupported version: " + credential.version);
|
||||||
|
}
|
||||||
|
this.credential.setDocumentLoader(new CachingDocumentLoader());
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -30,7 +40,7 @@ public class W3CVCHolder {
|
|||||||
return JsonLDObjectUtils.getListFromJsonLDObject(LdProof.class, credential);
|
return JsonLDObjectUtils.getListFromJsonLDObject(LdProof.class, credential);
|
||||||
}
|
}
|
||||||
|
|
||||||
public VerifiableCredential getCredential() {
|
public com.danubetech.verifiablecredentials.VerifiableCredential getCredential() {
|
||||||
return credential;
|
return credential;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -0,0 +1,22 @@
|
|||||||
|
package org.oneedtech.inspect.vc;
|
||||||
|
|
||||||
|
import java.net.URI;
|
||||||
|
import java.util.Date;
|
||||||
|
|
||||||
|
import foundation.identity.jsonld.JsonLDUtils;
|
||||||
|
|
||||||
|
public class W3CVerifiableCredentialDM2 extends com.danubetech.verifiablecredentials.VerifiableCredential {
|
||||||
|
public static final URI[] DEFAULT_JSONLD_CONTEXTS = { URI.create(VerifiableCredential.JSONLD_CONTEXT_W3C_CREDENTIALS_V2) };
|
||||||
|
|
||||||
|
public Date getValidFrom() {
|
||||||
|
return JsonLDUtils.stringToDate(JsonLDUtils.jsonLdGetString(this.getJsonObject(), JSONLD_TERM_VALIDFROM));
|
||||||
|
}
|
||||||
|
|
||||||
|
public Date getValidUntil() {
|
||||||
|
return JsonLDUtils.stringToDate(JsonLDUtils.jsonLdGetString(this.getJsonObject(), JSONLD_TERM_VALIDUNTIL));
|
||||||
|
}
|
||||||
|
|
||||||
|
private static final String JSONLD_TERM_VALIDFROM = "validFrom";
|
||||||
|
private static final String JSONLD_TERM_VALIDUNTIL = "validUntil";
|
||||||
|
|
||||||
|
}
|
@ -1,34 +1,30 @@
|
|||||||
package org.oneedtech.inspect.vc.probe;
|
package org.oneedtech.inspect.vc.probe;
|
||||||
|
|
||||||
import java.io.StringReader;
|
|
||||||
import java.net.URI;
|
|
||||||
import java.net.URLEncoder;
|
|
||||||
import java.nio.charset.Charset;
|
|
||||||
import java.util.List;
|
|
||||||
import java.util.Optional;
|
|
||||||
|
|
||||||
import org.oneedtech.inspect.core.probe.Probe;
|
|
||||||
import org.oneedtech.inspect.core.probe.RunContext;
|
|
||||||
import org.oneedtech.inspect.core.report.ReportItems;
|
|
||||||
import org.oneedtech.inspect.vc.VerifiableCredential;
|
|
||||||
import org.oneedtech.inspect.vc.W3CVCHolder;
|
|
||||||
import org.oneedtech.inspect.vc.verification.Ed25519Signature2022LdVerifier;
|
|
||||||
|
|
||||||
import com.apicatalog.jsonld.StringUtils;
|
import com.apicatalog.jsonld.StringUtils;
|
||||||
import com.apicatalog.jsonld.document.Document;
|
import com.apicatalog.jsonld.document.Document;
|
||||||
import com.apicatalog.jsonld.loader.DocumentLoaderOptions;
|
import com.apicatalog.jsonld.loader.DocumentLoaderOptions;
|
||||||
import com.apicatalog.multibase.Multibase;
|
import com.apicatalog.multibase.Multibase;
|
||||||
import com.apicatalog.multicodec.Multicodec;
|
import com.apicatalog.multicodec.Multicodec;
|
||||||
import com.apicatalog.multicodec.Multicodec.Codec;
|
import com.apicatalog.multicodec.Multicodec.Codec;
|
||||||
|
|
||||||
import info.weboftrust.ldsignatures.LdProof;
|
import info.weboftrust.ldsignatures.LdProof;
|
||||||
import info.weboftrust.ldsignatures.verifier.Ed25519Signature2020LdVerifier;
|
import info.weboftrust.ldsignatures.verifier.Ed25519Signature2020LdVerifier;
|
||||||
import info.weboftrust.ldsignatures.verifier.LdVerifier;
|
import info.weboftrust.ldsignatures.verifier.LdVerifier;
|
||||||
import jakarta.json.JsonArray;
|
import jakarta.json.JsonArray;
|
||||||
import jakarta.json.JsonObject;
|
import jakarta.json.JsonObject;
|
||||||
import jakarta.json.JsonString;
|
|
||||||
import jakarta.json.JsonStructure;
|
import jakarta.json.JsonStructure;
|
||||||
import jakarta.json.JsonValue;
|
import jakarta.json.JsonValue;
|
||||||
|
import java.net.URI;
|
||||||
|
import java.net.URLEncoder;
|
||||||
|
import java.nio.charset.Charset;
|
||||||
|
import java.util.List;
|
||||||
|
import java.util.Optional;
|
||||||
|
import org.oneedtech.inspect.core.probe.Probe;
|
||||||
|
import org.oneedtech.inspect.core.probe.RunContext;
|
||||||
|
import org.oneedtech.inspect.core.report.ReportItems;
|
||||||
|
import org.oneedtech.inspect.vc.VerifiableCredential;
|
||||||
|
import org.oneedtech.inspect.vc.W3CVCHolder;
|
||||||
|
import org.oneedtech.inspect.vc.verification.Ed25519Signature2022LdVerifier;
|
||||||
|
import org.oneedtech.inspect.vc.verification.Ed25519Signature2022VCDM20LdVerifier;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* A Probe that verifies a credential's embedded proof.
|
* A Probe that verifies a credential's embedded proof.
|
||||||
@ -37,7 +33,7 @@ import jakarta.json.JsonValue;
|
|||||||
*/
|
*/
|
||||||
public class EmbeddedProofProbe extends Probe<VerifiableCredential> {
|
public class EmbeddedProofProbe extends Probe<VerifiableCredential> {
|
||||||
|
|
||||||
private final static List<String> ALLOWED_CRYPTOSUITES = List.of("eddsa-2022", "eddsa-rdfc-2022");
|
private static final List<String> ALLOWED_CRYPTOSUITES = List.of("eddsa-2022", "eddsa-rdfc-2022");
|
||||||
|
|
||||||
public EmbeddedProofProbe() {
|
public EmbeddedProofProbe() {
|
||||||
super(ID);
|
super(ID);
|
||||||
@ -50,8 +46,7 @@ public class EmbeddedProofProbe extends Probe<VerifiableCredential> {
|
|||||||
@Override
|
@Override
|
||||||
public ReportItems run(VerifiableCredential crd, RunContext ctx) throws Exception {
|
public ReportItems run(VerifiableCredential crd, RunContext ctx) throws Exception {
|
||||||
|
|
||||||
W3CVCHolder credentialHolder = new W3CVCHolder(com.danubetech.verifiablecredentials.VerifiableCredential
|
W3CVCHolder credentialHolder = new W3CVCHolder(crd);
|
||||||
.fromJson(new StringReader(crd.getJson().toString())));
|
|
||||||
|
|
||||||
List<LdProof> proofs = credentialHolder.getProofs();
|
List<LdProof> proofs = credentialHolder.getProofs();
|
||||||
if (proofs == null || proofs.size() == 0) {
|
if (proofs == null || proofs.size() == 0) {
|
||||||
@ -59,14 +54,24 @@ public class EmbeddedProofProbe extends Probe<VerifiableCredential> {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// get proof of standard type and purpose
|
// get proof of standard type and purpose
|
||||||
Optional<LdProof> selectedProof = proofs.stream()
|
Optional<LdProof> selectedProof =
|
||||||
|
proofs.stream()
|
||||||
.filter(proof -> proof.getProofPurpose().equals("assertionMethod"))
|
.filter(proof -> proof.getProofPurpose().equals("assertionMethod"))
|
||||||
.filter(proof -> proof.isType("Ed25519Signature2020") ||
|
.filter(
|
||||||
(proof.isType("DataIntegrityProof") && proof.getJsonObject().containsKey("cryptosuite") && ALLOWED_CRYPTOSUITES.contains(proof.getJsonObject().get("cryptosuite"))))
|
proof ->
|
||||||
|
proof.isType("Ed25519Signature2020")
|
||||||
|
|| (proof.isType("DataIntegrityProof")
|
||||||
|
&& proof.getJsonObject().containsKey("cryptosuite")
|
||||||
|
&& ALLOWED_CRYPTOSUITES.contains(
|
||||||
|
proof.getJsonObject().get("cryptosuite"))))
|
||||||
.findFirst();
|
.findFirst();
|
||||||
|
|
||||||
if (!selectedProof.isPresent()) {
|
if (!selectedProof.isPresent()) {
|
||||||
return error("No proof with type any of (\"Ed25519Signature2020\", \"DataIntegrityProof\" with cryptosuite attr of \"eddsa-rdfc-2022\" or \"eddsa-2022\") or proof purpose \"assertionMethod\" found", ctx);
|
return error(
|
||||||
|
"No proof with type any of (\"Ed25519Signature2020\", \"DataIntegrityProof\" with"
|
||||||
|
+ " cryptosuite attr of \"eddsa-rdfc-2022\" or \"eddsa-2022\") or proof purpose"
|
||||||
|
+ " \"assertionMethod\" found",
|
||||||
|
ctx);
|
||||||
}
|
}
|
||||||
|
|
||||||
LdProof proof = selectedProof.get();
|
LdProof proof = selectedProof.get();
|
||||||
@ -137,21 +142,36 @@ public class EmbeddedProofProbe extends Probe<VerifiableCredential> {
|
|||||||
// resolved.
|
// resolved.
|
||||||
Optional<JsonStructure> keyStructure;
|
Optional<JsonStructure> keyStructure;
|
||||||
try {
|
try {
|
||||||
Document keyDocument = credentialHolder.getCredential().getDocumentLoader().loadDocument(uri,
|
Document keyDocument =
|
||||||
new DocumentLoaderOptions());
|
credentialHolder
|
||||||
|
.getCredential()
|
||||||
|
.getDocumentLoader()
|
||||||
|
.loadDocument(uri, new DocumentLoaderOptions());
|
||||||
keyStructure = keyDocument.getJsonContent();
|
keyStructure = keyDocument.getJsonContent();
|
||||||
} catch (Exception e) {
|
} catch (Exception e) {
|
||||||
return error("Key document not found at " + method + ". URI: " + uri
|
return error(
|
||||||
+ " doesn't return a valid document. Reason: " + e.getMessage() + " ", ctx);
|
"Key document not found at "
|
||||||
|
+ method
|
||||||
|
+ ". URI: "
|
||||||
|
+ uri
|
||||||
|
+ " doesn't return a valid document. Reason: "
|
||||||
|
+ e.getMessage()
|
||||||
|
+ " ",
|
||||||
|
ctx);
|
||||||
}
|
}
|
||||||
if (keyStructure.isEmpty()) {
|
if (keyStructure.isEmpty()) {
|
||||||
return error("Key document not found at " + method + ". URI: " + uri
|
return error(
|
||||||
+ " doesn't return a valid document. Reason: The document is empty.", ctx);
|
"Key document not found at "
|
||||||
|
+ method
|
||||||
|
+ ". URI: "
|
||||||
|
+ uri
|
||||||
|
+ " doesn't return a valid document. Reason: The document is empty.",
|
||||||
|
ctx);
|
||||||
}
|
}
|
||||||
|
|
||||||
// check did in "assertionMethod"
|
// check did in "assertionMethod"
|
||||||
JsonArray assertionMethod = keyStructure.get().asJsonObject()
|
JsonArray assertionMethod =
|
||||||
.getJsonArray("assertionMethod");
|
keyStructure.get().asJsonObject().getJsonArray("assertionMethod");
|
||||||
if (assertionMethod == null) {
|
if (assertionMethod == null) {
|
||||||
return error("Document doesn't have a list of assertion methods at URI: " + uri, ctx);
|
return error("Document doesn't have a list of assertion methods at URI: " + uri, ctx);
|
||||||
} else {
|
} else {
|
||||||
@ -169,12 +189,14 @@ public class EmbeddedProofProbe extends Probe<VerifiableCredential> {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// get keys from "verificationMethod"
|
// get keys from "verificationMethod"
|
||||||
JsonArray keyVerificationMethod = keyStructure.get().asJsonObject()
|
JsonArray keyVerificationMethod =
|
||||||
.getJsonArray("verificationMethod");
|
keyStructure.get().asJsonObject().getJsonArray("verificationMethod");
|
||||||
if (keyVerificationMethod == null) {
|
if (keyVerificationMethod == null) {
|
||||||
return error("Document doesn't have a list of verification methods at URI: " + uri, ctx);
|
return error(
|
||||||
|
"Document doesn't have a list of verification methods at URI: " + uri, ctx);
|
||||||
}
|
}
|
||||||
Optional<JsonValue> verificationMethodMaybe = keyVerificationMethod.stream()
|
Optional<JsonValue> verificationMethodMaybe =
|
||||||
|
keyVerificationMethod.stream()
|
||||||
.filter(n -> n.asJsonObject().getString("id").equals(method.toString()))
|
.filter(n -> n.asJsonObject().getString("id").equals(method.toString()))
|
||||||
.findFirst();
|
.findFirst();
|
||||||
if (verificationMethodMaybe.isEmpty()) {
|
if (verificationMethodMaybe.isEmpty()) {
|
||||||
@ -190,8 +212,11 @@ public class EmbeddedProofProbe extends Probe<VerifiableCredential> {
|
|||||||
}
|
}
|
||||||
} else if (method.getScheme().equals("http") || method.getScheme().equals("https")) {
|
} else if (method.getScheme().equals("http") || method.getScheme().equals("https")) {
|
||||||
try {
|
try {
|
||||||
Document keyDocument = credentialHolder.getCredential().getDocumentLoader().loadDocument(method,
|
Document keyDocument =
|
||||||
new DocumentLoaderOptions());
|
credentialHolder
|
||||||
|
.getCredential()
|
||||||
|
.getDocumentLoader()
|
||||||
|
.loadDocument(method, new DocumentLoaderOptions());
|
||||||
Optional<JsonStructure> keyStructure = keyDocument.getJsonContent();
|
Optional<JsonStructure> keyStructure = keyDocument.getJsonContent();
|
||||||
if (keyStructure.isEmpty()) {
|
if (keyStructure.isEmpty()) {
|
||||||
return error("Key document not found at " + method, ctx);
|
return error("Key document not found at " + method, ctx);
|
||||||
@ -203,8 +228,8 @@ public class EmbeddedProofProbe extends Probe<VerifiableCredential> {
|
|||||||
// Then look for a controller document (e.g. DID Document) with a
|
// Then look for a controller document (e.g. DID Document) with a
|
||||||
// 'verificationMethod'
|
// 'verificationMethod'
|
||||||
// that is a Ed25519VerificationKey2020 document
|
// that is a Ed25519VerificationKey2020 document
|
||||||
JsonObject keyVerificationMethod = keyStructure.get().asJsonObject()
|
JsonObject keyVerificationMethod =
|
||||||
.getJsonObject("verificationMethod");
|
keyStructure.get().asJsonObject().getJsonObject("verificationMethod");
|
||||||
if (keyVerificationMethod.isEmpty()) {
|
if (keyVerificationMethod.isEmpty()) {
|
||||||
return error("Cannot parse key document from " + method, ctx);
|
return error("Cannot parse key document from " + method, ctx);
|
||||||
}
|
}
|
||||||
@ -236,7 +261,8 @@ public class EmbeddedProofProbe extends Probe<VerifiableCredential> {
|
|||||||
|
|
||||||
if (controller != null) {
|
if (controller != null) {
|
||||||
if (!controller.equals(credentialHolder.getCredential().getIssuer().toString())) {
|
if (!controller.equals(credentialHolder.getCredential().getIssuer().toString())) {
|
||||||
return error("Key controller does not match issuer: " + credentialHolder.getCredential().getIssuer(),
|
return error(
|
||||||
|
"Key controller does not match issuer: " + credentialHolder.getCredential().getIssuer(),
|
||||||
ctx);
|
ctx);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -245,7 +271,7 @@ public class EmbeddedProofProbe extends Probe<VerifiableCredential> {
|
|||||||
byte[] publicKey = Multicodec.decode(Codec.Ed25519PublicKey, publicKeyMulticodec);
|
byte[] publicKey = Multicodec.decode(Codec.Ed25519PublicKey, publicKeyMulticodec);
|
||||||
|
|
||||||
// choose verifier
|
// choose verifier
|
||||||
LdVerifier<?> verifier = getVerifier(proof, publicKey);
|
LdVerifier<?> verifier = getVerifier(proof, publicKey, crd);
|
||||||
|
|
||||||
try {
|
try {
|
||||||
boolean verify = verifier.verify(credentialHolder.getCredential(), proof);
|
boolean verify = verifier.verify(credentialHolder.getCredential(), proof);
|
||||||
@ -259,10 +285,12 @@ public class EmbeddedProofProbe extends Probe<VerifiableCredential> {
|
|||||||
return success(ctx);
|
return success(ctx);
|
||||||
}
|
}
|
||||||
|
|
||||||
private LdVerifier<?> getVerifier(LdProof proof, byte[] publicKey) {
|
private LdVerifier<?> getVerifier(LdProof proof, byte[] publicKey, VerifiableCredential crd) {
|
||||||
return proof.isType("Ed25519Signature2020")
|
return proof.isType("Ed25519Signature2020")
|
||||||
? new Ed25519Signature2020LdVerifier(publicKey)
|
? new Ed25519Signature2020LdVerifier(publicKey)
|
||||||
: new Ed25519Signature2022LdVerifier(publicKey);
|
: crd.getVersion() == VerifiableCredential.VCVersion.VCDMv1p1
|
||||||
|
? new Ed25519Signature2022LdVerifier(publicKey)
|
||||||
|
: new Ed25519Signature2022VCDM20LdVerifier(publicKey);
|
||||||
}
|
}
|
||||||
|
|
||||||
private Boolean IsValidPublicKeyMultibase(String publicKeyMultibase) {
|
private Boolean IsValidPublicKeyMultibase(String publicKeyMultibase) {
|
||||||
@ -273,7 +301,6 @@ public class EmbeddedProofProbe extends Probe<VerifiableCredential> {
|
|||||||
} catch (Exception e) {
|
} catch (Exception e) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
public static final String ID = EmbeddedProofProbe.class.getSimpleName();
|
public static final String ID = EmbeddedProofProbe.class.getSimpleName();
|
||||||
|
Loading…
Reference in New Issue
Block a user