akramer/digital-credentials-public-validator
akramer/digital-credentials-public-validator
0
0
Fork 0
Code Issues Pull Requests Activity

Added in code to fetch jwk from a url.

Browse Source
This commit is contained in:
Miles Lyon 2022-07-08 10:51:18 -04:00
parent 0f41d00a00
commit 9ab087f026
2 changed files with 42 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
inspector-vc/pom.xml
View File

@ -41,6 +41,12 @@
<artifactId>titanium-json-ld</artifactId> <artifactId>titanium-json-ld</artifactId>
<version>1.3.1</version> <version>1.3.1</version>
</dependency> </dependency>
<!-- https://mvnrepository.com/artifact/org.apache.httpcomponents/httpclient -->
<dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpclient</artifactId>
<version>4.5.13</version>
</dependency>
<!-- https://mvnrepository.com/artifact/io.setl/rdf-urdna --> <!-- https://mvnrepository.com/artifact/io.setl/rdf-urdna -->
<!-- https://github.com/setl/rdf-urdna <!-- https://github.com/setl/rdf-urdna
<dependency> <dependency>

43
inspector-vc/src/main/java/org/oneedtech/inspect/vc/probe/SignatureVerifierProbe.java
View File

@ -1,6 +1,5 @@
package org.oneedtech.inspect.vc.probe; package org.oneedtech.inspect.vc.probe;
import static com.google.common.base.Strings.isNullOrEmpty;
import static org.oneedtech.inspect.util.code.Defensives.checkTrue; import static org.oneedtech.inspect.util.code.Defensives.checkTrue;
import java.math.BigInteger; import java.math.BigInteger;
@ -12,10 +11,16 @@ import java.util.Base64;
import java.util.Base64.Decoder; import java.util.Base64.Decoder;
import java.util.List; import java.util.List;
import org.apache.http.HttpEntity;
import org.apache.http.HttpStatus;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.util.EntityUtils;
import org.oneedtech.inspect.core.probe.Probe; import org.oneedtech.inspect.core.probe.Probe;
import org.oneedtech.inspect.core.probe.RunContext; import org.oneedtech.inspect.core.probe.RunContext;
import org.oneedtech.inspect.core.report.ReportItems; import org.oneedtech.inspect.core.report.ReportItems;
import org.oneedtech.inspect.util.code.Defensives;
import org.oneedtech.inspect.vc.Credential; import org.oneedtech.inspect.vc.Credential;
import com.auth0.jwt.JWT; import com.auth0.jwt.JWT;
@ -80,21 +85,22 @@ public class SignatureVerifierProbe extends Probe<Credential> {
if(jwk == null && kid == null) { throw new Exception("Key must present in either jwk or kid value."); } if(jwk == null && kid == null) { throw new Exception("Key must present in either jwk or kid value."); }
if(kid != null){ if(kid != null){
//TODO @Miles load jwk JsonNode from url and do the rest the same below. Need to set up testing. //Load jwk JsonNode from url and do the rest the same below.
//TODO Consider additional testing.
String kidUrl = kid.textValue(); String kidUrl = kid.textValue();
String jwkResponse = fetchJwk(kidUrl);
if(jwkResponse == null) { throw new Exception("Unable to retrieve jwk value from url specified in kid."); }
jwk = mapper.readTree(jwkResponse);
} }
//Clean up may be required. Currently need to cleanse extra double quoting. //Clean up may be required. Currently need to cleanse extra double quoting.
String modulusString = jwk.get("n").textValue(); String modulusString = jwk.get("n").textValue();
String exponentString = jwk.get("e").textValue(); String exponentString = jwk.get("e").textValue();
// BigInteger modulus = new BigInteger(1, org.springframework.util.Base64Utils.decodeFromUrlSafeString(modulusString));
// BigInteger exponent = new BigInteger(1, org.springframework.util.Base64Utils.decodeFromUrlSafeString(exponentString));
// mgy: use java util decoder instead of spring?
BigInteger modulus = new BigInteger(1, decoder.decode(modulusString)); BigInteger modulus = new BigInteger(1, decoder.decode(modulusString));
BigInteger exponent = new BigInteger(1, decoder.decode(exponentString)); BigInteger exponent = new BigInteger(1, decoder.decode(exponentString));
PublicKey pub = KeyFactory.getInstance("RSA").generatePublic(new RSAPublicKeySpec(modulus, exponent)); PublicKey pub = KeyFactory.getInstance("RSA").generatePublic(new RSAPublicKeySpec(modulus, exponent));
Algorithm algorithm = Algorithm.RSA256((RSAPublicKey)pub, null); Algorithm algorithm = Algorithm.RSA256((RSAPublicKey)pub, null);
@ -117,6 +123,29 @@ public class SignatureVerifierProbe extends Probe<Credential> {
} }
} }
private String fetchJwk(String fetchUrl){
String responseString = null;
try {
CloseableHttpClient client = HttpClients.createDefault();
HttpGet httpGet = new HttpGet(fetchUrl);
CloseableHttpResponse response = client.execute(httpGet);
if (response.getStatusLine().getStatusCode() == HttpStatus.SC_OK) {
HttpEntity entity = response.getEntity();
responseString = EntityUtils.toString(entity, "UTF-8");
}
client.close();
}
catch(Exception ex){
responseString = null;
}
return responseString;
}
public static final String ID = SignatureVerifierProbe.class.getSimpleName(); public static final String ID = SignatureVerifierProbe.class.getSimpleName();
} }