akramer/digital-credentials-public-validator
akramer/digital-credentials-public-validator
0
0
Fork 0
Code Issues Pull Requests Activity

Added did:web verification method

Browse Source
This commit is contained in:
Xavi Aracil 2023-03-22 10:49:42 +01:00
parent 3ba3c642a9
commit f499ef32e9
1 changed files with 62 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

62
inspector-vc/src/main/java/org/oneedtech/inspect/vc/probe/EmbeddedProofProbe.java
View File

@ -2,6 +2,8 @@ package org.oneedtech.inspect.vc.probe;
import java.io.StringReader; import java.io.StringReader;
import java.net.URI; import java.net.URI;
import java.net.URLEncoder;
import java.nio.charset.Charset;
import java.util.List; import java.util.List;
import java.util.Optional; import java.util.Optional;
@ -20,8 +22,10 @@ import com.apicatalog.multicodec.Multicodec.Codec;
import info.weboftrust.ldsignatures.LdProof; import info.weboftrust.ldsignatures.LdProof;
import info.weboftrust.ldsignatures.verifier.Ed25519Signature2020LdVerifier; import info.weboftrust.ldsignatures.verifier.Ed25519Signature2020LdVerifier;
import jakarta.json.JsonArray;
import jakarta.json.JsonObject; import jakarta.json.JsonObject;
import jakarta.json.JsonStructure; import jakarta.json.JsonStructure;
import jakarta.json.JsonValue;
/** /**
* A Probe that verifies a credential's embedded proof. * A Probe that verifies a credential's embedded proof.
@ -75,6 +79,7 @@ public class EmbeddedProofProbe extends Probe<VerifiableCredential> {
// //
// [controller]#[publicKeyMultibase] // [controller]#[publicKeyMultibase]
// did:key:[publicKeyMultibase] // did:key:[publicKeyMultibase]
// did:web:[url-encoded domain-name][:path]*
// http/s://[location of a Ed25519VerificationKey2020 document] // http/s://[location of a Ed25519VerificationKey2020 document]
// http/s://[location of a controller document with a 'verificationMethod' with a Ed25519VerificationKey2020] // http/s://[location of a controller document with a 'verificationMethod' with a Ed25519VerificationKey2020]
@ -92,6 +97,63 @@ public class EmbeddedProofProbe extends Probe<VerifiableCredential> {
} else if (method.getScheme().equals("did")) { } else if (method.getScheme().equals("did")) {
if (method.getSchemeSpecificPart().startsWith("key:")) { if (method.getSchemeSpecificPart().startsWith("key:")) {
publicKeyMultibase = method.getSchemeSpecificPart().substring("key:".length()); publicKeyMultibase = method.getSchemeSpecificPart().substring("key:".length());
} else if (method.getSchemeSpecificPart().startsWith("web:")) {
String specificId = method.getSchemeSpecificPart().substring("web:".length());
// read algorithm at https://w3c-ccg.github.io/did-method-web/#read-resolve. Steps in comments
// 1. Replace ":" with "/" in the method specific identifier to obtain the fully qualified domain name and optional path.
specificId = specificId.replaceAll(":", "/");
// 2. If the domain contains a port percent decode the colon.
String portPercentEncoded = URLEncoder.encode(":", Charset.forName("UTF-8"));
int index = specificId.indexOf(portPercentEncoded);
if (index >= 0 && index < specificId.indexOf("/")) {
specificId = specificId.replace(portPercentEncoded, ":");
}
// 3. Generate an HTTPS URL to the expected location of the DID document by prepending https://.
URI uri = new URI("https://" + specificId);
// 4. If no path has been specified in the URL, append /.well-known.
if (uri.getPath() == null) {
uri = uri.resolve("/well-known");
}
// 5. Append /did.json to complete the URL.
uri = uri.resolve("/did.json");
// 6. Perform an HTTP GET request to the URL using an agent that can successfully negotiate a secure HTTPS connection, which enforces the security requirements as described in 2.6 Security and privacy considerations.
// 7. When performing the DNS resolution during the HTTP GET request, the client SHOULD utilize [RFC8484] in order to prevent tracking of the identity being resolved.
Document keyDocument = credentiaHolder.getCredential().getDocumentLoader().loadDocument(uri, new DocumentLoaderOptions());
Optional<JsonStructure> keyStructure = keyDocument.getJsonContent();
if (keyStructure.isEmpty()) {
return error("Key document not found at " + method + ". Uri " + uri + " doesn't return a valid document", ctx);
}
// check did in "assertionMethod"
JsonArray assertionMethod = keyStructure.get().asJsonObject()
.getJsonArray("assertionMethod");
if (assertionMethod != null && !assertionMethod.stream().anyMatch(n -> n.toString().equals(method.toString()))) {
return error("Assertion method " + method + " not found in DID document.", ctx);
}
// get keys from "verificationMethod"
JsonArray keyVerificationMethod = keyStructure.get().asJsonObject()
.getJsonArray("verificationMethod");
if (keyVerificationMethod == null) {
return error("Document doesn't have a list of verification methods at uri " + uri, ctx);
}
Optional<JsonValue> verificationMethodMaybe = keyVerificationMethod.stream().filter(n -> n.asJsonObject().getString("id").equals(method.toString()))
.findFirst();
if (verificationMethodMaybe.isEmpty()) {
return error("Verification method " + method + " not found in DID document.", ctx);
}
JsonObject verificationMethod = verificationMethodMaybe.get().asJsonObject();
// assuming a Ed25519VerificationKey2020 document
controller = verificationMethod.getString("controller");
publicKeyMultibase = verificationMethod.getString("publicKeyMultibase");
} else { } else {
return error("Unknown verification method: " + method, ctx); return error("Unknown verification method: " + method, ctx);
} }