Verify eddsa-2022 proofs

This commit is contained in:
Xavi Aracil 2023-05-29 11:15:18 +02:00
parent c55bbf808a
commit dfa159035f

View File

@ -12,6 +12,7 @@ import org.oneedtech.inspect.core.probe.RunContext;
import org.oneedtech.inspect.core.report.ReportItems; import org.oneedtech.inspect.core.report.ReportItems;
import org.oneedtech.inspect.vc.VerifiableCredential; import org.oneedtech.inspect.vc.VerifiableCredential;
import org.oneedtech.inspect.vc.W3CVCHolder; import org.oneedtech.inspect.vc.W3CVCHolder;
import org.oneedtech.inspect.vc.verification.Ed25519Signature2022LdVerifier;
import com.apicatalog.jsonld.StringUtils; import com.apicatalog.jsonld.StringUtils;
import com.apicatalog.jsonld.document.Document; import com.apicatalog.jsonld.document.Document;
@ -22,6 +23,7 @@ import com.apicatalog.multicodec.Multicodec.Codec;
import info.weboftrust.ldsignatures.LdProof; import info.weboftrust.ldsignatures.LdProof;
import info.weboftrust.ldsignatures.verifier.Ed25519Signature2020LdVerifier; import info.weboftrust.ldsignatures.verifier.Ed25519Signature2020LdVerifier;
import info.weboftrust.ldsignatures.verifier.LdVerifier;
import jakarta.json.JsonArray; import jakarta.json.JsonArray;
import jakarta.json.JsonObject; import jakarta.json.JsonObject;
import jakarta.json.JsonString; import jakarta.json.JsonString;
@ -55,23 +57,18 @@ public class EmbeddedProofProbe extends Probe<VerifiableCredential> {
} }
// get proof of standard type and purpose // get proof of standard type and purpose
Optional<LdProof> selectedProof = proofs.stream().filter( Optional<LdProof> selectedProof = proofs.stream()
proof -> proof.isType("Ed25519Signature2020") && proof.getProofPurpose().equals("assertionMethod")) .filter(proof -> proof.getProofPurpose().equals("assertionMethod"))
.findFirst(); .filter(proof -> proof.isType("Ed25519Signature2020") ||
(proof.isType("DataIntegrityProof") && proof.getJsonObject().containsKey("cryptosuite") && proof.getJsonObject().get("cryptosuite").equals("eddsa-2022")))
.findFirst();
if (!selectedProof.isPresent()) { if (!selectedProof.isPresent()) {
return error("No proof with type \"Ed25519Signature2020\" or proof purpose \"assertionMethod\" found", ctx); return error("No proof with type any of (\"Ed25519Signature2020\", \"DataIntegrityProof\" with cryptosuite attr of \"eddsa-2022\") or proof purpose \"assertionMethod\" found", ctx);
} }
LdProof proof = selectedProof.get(); LdProof proof = selectedProof.get();
if (!proof.isType("Ed25519Signature2020")) {
return error("Unknown proof type: " + proof.getType(), ctx);
}
if (!proof.getProofPurpose().equals("assertionMethod")) {
return error("Invalid proof purpose: " + proof.getProofPurpose(), ctx);
}
URI method = proof.getVerificationMethod(); URI method = proof.getVerificationMethod();
// The verification method must dereference to an Ed25519VerificationKey2020. // The verification method must dereference to an Ed25519VerificationKey2020.
@ -245,7 +242,8 @@ public class EmbeddedProofProbe extends Probe<VerifiableCredential> {
// Extract the publicKey bytes from the Multicodec // Extract the publicKey bytes from the Multicodec
byte[] publicKey = Multicodec.decode(Codec.Ed25519PublicKey, publicKeyMulticodec); byte[] publicKey = Multicodec.decode(Codec.Ed25519PublicKey, publicKeyMulticodec);
Ed25519Signature2020LdVerifier verifier = new Ed25519Signature2020LdVerifier(publicKey); // choose verifier
LdVerifier<?> verifier = getVerifier(proof, publicKey);
try { try {
boolean verify = verifier.verify(credentialHolder.getCredential(), proof); boolean verify = verifier.verify(credentialHolder.getCredential(), proof);
@ -259,6 +257,12 @@ public class EmbeddedProofProbe extends Probe<VerifiableCredential> {
return success(ctx); return success(ctx);
} }
private LdVerifier<?> getVerifier(LdProof proof, byte[] publicKey) {
return proof.isType("Ed25519Signature2020")
? new Ed25519Signature2020LdVerifier(publicKey)
: new Ed25519Signature2022LdVerifier(publicKey);
}
private Boolean IsValidPublicKeyMultibase(String publicKeyMultibase) { private Boolean IsValidPublicKeyMultibase(String publicKeyMultibase) {
try { try {
byte[] publicKeyMulticodec = Multibase.decode(publicKeyMultibase); byte[] publicKeyMulticodec = Multibase.decode(publicKeyMultibase);