akramer/digital-credentials-public-validator
akramer/digital-credentials-public-validator
0
0
Fork 0
Code Issues Pull Requests Activity

Decode the public key before giving it to Ed25519Signature2020LdVerifier

Browse Source
This commit is contained in:
Andy Miller (IMS) 2022-09-09 12:07:22 -07:00
parent 07b3abcc57
commit f08e835e95
1 changed files with 38 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
inspector-vc/src/main/java/org/oneedtech/inspect/vc/probe/EmbeddedProofProbe.java
View File

@ -3,6 +3,7 @@ package org.oneedtech.inspect.vc.probe;
import java.io.StringReader; import java.io.StringReader;
import java.net.URI; import java.net.URI;
import org.bouncycastle.util.Arrays;
import org.oneedtech.inspect.core.probe.Probe; import org.oneedtech.inspect.core.probe.Probe;
import org.oneedtech.inspect.core.probe.RunContext; import org.oneedtech.inspect.core.probe.RunContext;
import org.oneedtech.inspect.core.report.ReportItems; import org.oneedtech.inspect.core.report.ReportItems;
@ -10,6 +11,7 @@ import org.oneedtech.inspect.vc.Credential;
import org.oneedtech.inspect.vc.util.CachingDocumentLoader; import org.oneedtech.inspect.vc.util.CachingDocumentLoader;
import com.apicatalog.ld.DocumentError; import com.apicatalog.ld.DocumentError;
import com.apicatalog.multibase.Multibase;
import com.apicatalog.vc.processor.StatusVerifier; import com.apicatalog.vc.processor.StatusVerifier;
import com.danubetech.verifiablecredentials.VerifiableCredential; import com.danubetech.verifiablecredentials.VerifiableCredential;
@ -36,7 +38,42 @@ public class EmbeddedProofProbe extends Probe<Credential> {
vc.setDocumentLoader(new CachingDocumentLoader()); vc.setDocumentLoader(new CachingDocumentLoader());
URI method = vc.getLdProof().getVerificationMethod(); URI method = vc.getLdProof().getVerificationMethod();
byte[] publicKey = method.toString().getBytes();
// The verification method must dereference to an Ed25519VerificationKey2020.
// Danubetech's Ed25519Signature2020LdVerifier expects the decoded public key
// from the Ed25519VerificationKey2020 (32 bytes).
String publicKeyMultibase = "";
// Formats accepted:
//
// [controller]#[publicKeyMultibase]
// did:key:[publicKeyMultibase]
// [publicKeyMultibase]
if (method.toString().contains("#")) {
publicKeyMultibase = method.getFragment();
} else {
if (method.toString().startsWith("did")) {
String didScheme = method.getSchemeSpecificPart();
if (didScheme.startsWith("key:")) {
publicKeyMultibase = didScheme.substring(4);
} else {
return fatal("Unknown verification method: " + method.toString(), ctx);
}
} else {
publicKeyMultibase = method.toString();
}
}
// Decode the Multibase to Multicodec and check that it is an Ed25519 public key
byte[] publicKeyMulticodec = Multibase.decode(publicKeyMultibase);
if (publicKeyMulticodec[0] != -19 || publicKeyMulticodec[1] != 1) {
return fatal("Verification method does not contain an Ed25519 public key", ctx);
}
// Extract the publicKey bytes from the Multicodec
byte[] publicKey = Arrays.copyOfRange(publicKeyMulticodec, 2, publicKeyMulticodec.length);
Ed25519Signature2020LdVerifier verifier = new Ed25519Signature2020LdVerifier(publicKey); Ed25519Signature2020LdVerifier verifier = new Ed25519Signature2020LdVerifier(publicKey);