-
Notifications
You must be signed in to change notification settings - Fork 27
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[INJICERT-585] refactor VC Sign algo impl & add Ed25519Signature2020 (#…
…128) * [INJICERT-585] refactor VC Sign algo impl & add Ed25519Signature2020 Signed-off-by: Harsh Vardhan <[email protected]> * [INJICERT-585] rename proof interface impl Signed-off-by: Harsh Vardhan <[email protected]> * [INJICERT-585] re-organize packages & make obj singleton Signed-off-by: Harsh Vardhan <[email protected]> * [INJICERT-585] refactor proof signing move SignatureServiceX calls to ProofStrategy Signed-off-by: Harsh Vardhan <[email protected]> * [INJICERT-585] bump up keymanager version * add support for Ed25519-2020 signing to keymanager Signed-off-by: Harsh Vardhan <[email protected]> * [INJICERT-585] remove unused class Signed-off-by: Harsh Vardhan <[email protected]> --------- Signed-off-by: Harsh Vardhan <[email protected]>
- Loading branch information
Showing
12 changed files
with
262 additions
and
89 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
3 changes: 1 addition & 2 deletions
3
certify-integration-api/src/main/java/io/mosip/certify/api/spi/VCSigner.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,11 +1,10 @@ | ||
package io.mosip.certify.api.spi; | ||
|
||
import io.mosip.certify.api.dto.VCResult; | ||
import java.util.Map; | ||
|
||
/** | ||
* VCSigner can sign any VC provided a vcHash & Signer inputs | ||
*/ | ||
public interface VCSigner { | ||
VCResult<?> perform(String templatedVC, Map<String, String> params); | ||
VCResult<?> perform(String templatedVC); | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
59 changes: 59 additions & 0 deletions
59
...y-service/src/main/java/io/mosip/certify/services/ldsigner/Ed25519ProofSignature2018.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,59 @@ | ||
package io.mosip.certify.services.ldsigner; | ||
|
||
import com.danubetech.keyformats.jose.JWSAlgorithm; | ||
import info.weboftrust.ldsignatures.LdProof; | ||
import info.weboftrust.ldsignatures.canonicalizer.Canonicalizer; | ||
import info.weboftrust.ldsignatures.canonicalizer.URDNA2015Canonicalizer; | ||
import io.mosip.certify.core.constants.SignatureAlg; | ||
import io.mosip.certify.services.KeyManagerConstants; | ||
import io.mosip.kernel.signature.dto.JWSSignatureRequestDto; | ||
import io.mosip.kernel.signature.dto.JWTSignatureResponseDto; | ||
import io.mosip.kernel.signature.service.SignatureService; | ||
import org.springframework.beans.factory.annotation.Autowired; | ||
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty; | ||
import org.springframework.stereotype.Component; | ||
|
||
/** | ||
* Ed25519SignatureAlgorithm2018 as per https://w3c-ccg.github.io/lds-ed25519-2018/ | ||
*/ | ||
@Component | ||
@ConditionalOnProperty(name = "mosip.certify.issuer.vc-sign-algo", havingValue = SignatureAlg.ED25519_SIGNATURE_SUITE) | ||
public class Ed25519ProofSignature2018 implements ProofSignatureStrategy { | ||
@Autowired | ||
SignatureService signatureService; | ||
|
||
Canonicalizer canonicalizer = new URDNA2015Canonicalizer(); | ||
|
||
@Override | ||
public String getName() { | ||
return SignatureAlg.ED25519_SIGNATURE_SUITE; | ||
} | ||
|
||
@Override | ||
public Canonicalizer getCanonicalizer() { | ||
return canonicalizer; | ||
} | ||
|
||
@Override | ||
public String getProof(String vcEncodedHash) { | ||
JWSSignatureRequestDto payload = new JWSSignatureRequestDto(); | ||
payload.setDataToSign(vcEncodedHash); | ||
payload.setApplicationId(KeyManagerConstants.CERTIFY_MOCK_ED25519); | ||
payload.setReferenceId(KeyManagerConstants.ED25519_REF_ID); // alg, empty = RSA | ||
payload.setIncludePayload(false); | ||
payload.setIncludeCertificate(false); | ||
payload.setIncludeCertHash(true); | ||
payload.setValidateJson(false); | ||
payload.setB64JWSHeaderParam(false); | ||
payload.setCertificateUrl(""); | ||
payload.setSignAlgorithm(JWSAlgorithm.EdDSA); // RSSignature2018 --> RS256, PS256, ES256 | ||
JWTSignatureResponseDto jwsSignedData = signatureService.jwsSign(payload); | ||
return jwsSignedData.getJwtSignedData(); | ||
} | ||
|
||
@Override | ||
public LdProof buildProof(LdProof vcLdProof, String sign) { | ||
return LdProof.builder().base(vcLdProof).defaultContexts(false) | ||
.jws(sign).build(); | ||
} | ||
} |
56 changes: 56 additions & 0 deletions
56
...y-service/src/main/java/io/mosip/certify/services/ldsigner/Ed25519ProofSignature2020.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,56 @@ | ||
package io.mosip.certify.services.ldsigner; | ||
|
||
import com.danubetech.keyformats.jose.JWSAlgorithm; | ||
import info.weboftrust.ldsignatures.LdProof; | ||
import info.weboftrust.ldsignatures.canonicalizer.Canonicalizer; | ||
import info.weboftrust.ldsignatures.canonicalizer.URDNA2015Canonicalizer; | ||
import io.mosip.certify.core.constants.SignatureAlg; | ||
import io.mosip.certify.services.KeyManagerConstants; | ||
import io.mosip.kernel.signature.dto.SignRequestDtoV2; | ||
import io.mosip.kernel.signature.dto.SignResponseDto; | ||
import io.mosip.kernel.signature.service.SignatureServicev2; | ||
import org.springframework.beans.factory.annotation.Autowired; | ||
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty; | ||
import org.springframework.stereotype.Component; | ||
|
||
/** | ||
* Ed25519SignatureAlgorithm2020 as per | ||
* https://www.w3.org/community/reports/credentials/CG-FINAL-di-eddsa-2020-20220724/ | ||
*/ | ||
@Component | ||
@ConditionalOnProperty(name = "mosip.certify.issuer.vc-sign-algo", havingValue = SignatureAlg.ED25519_SIGNATURE_SUITE_2020) | ||
public class Ed25519ProofSignature2020 implements ProofSignatureStrategy { | ||
|
||
@Autowired | ||
SignatureServicev2 signatureService; | ||
|
||
Canonicalizer canonicalizer = new URDNA2015Canonicalizer(); | ||
|
||
@Override | ||
public String getName() { | ||
return SignatureAlg.ED25519_SIGNATURE_SUITE_2020; | ||
} | ||
|
||
@Override | ||
public Canonicalizer getCanonicalizer() { | ||
return canonicalizer; | ||
} | ||
|
||
@Override | ||
public String getProof(String vcEncodedHash) { | ||
SignRequestDtoV2 srd = new SignRequestDtoV2(); | ||
srd.setApplicationId(KeyManagerConstants.CERTIFY_MOCK_ED25519); | ||
srd.setReferenceId(KeyManagerConstants.ED25519_REF_ID); | ||
srd.setDataToSign(vcEncodedHash); | ||
srd.setResponseEncodingFormat("base58btc"); | ||
srd.setSignAlgorithm(JWSAlgorithm.EdDSA); | ||
SignResponseDto s = signatureService.signv2(srd); | ||
return s.getSignature(); | ||
} | ||
|
||
@Override | ||
public LdProof buildProof(LdProof vcLdProof, String sign) { | ||
return LdProof.builder().base(vcLdProof).defaultContexts(false) | ||
.proofValue(sign).build(); | ||
} | ||
} |
37 changes: 37 additions & 0 deletions
37
certify-service/src/main/java/io/mosip/certify/services/ldsigner/ProofSignatureStrategy.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,37 @@ | ||
package io.mosip.certify.services.ldsigner; | ||
|
||
import info.weboftrust.ldsignatures.LdProof; | ||
import info.weboftrust.ldsignatures.canonicalizer.Canonicalizer; | ||
|
||
import java.util.Map; | ||
|
||
/** | ||
* ProofSignatureStrategy is a helper class for KeymanagerLibSigner | ||
* to better deal with multiple signature algorithms for JSON-LD VCs. | ||
*/ | ||
public interface ProofSignatureStrategy { | ||
/** | ||
* @return returns the name of the Algorithm | ||
*/ | ||
String getName(); | ||
|
||
/** | ||
* @return the Canonicalizer which will be used to Canonicalize the templated VC | ||
*/ | ||
Canonicalizer getCanonicalizer(); | ||
|
||
/** | ||
* getProof takes canonicalized VC hash and returns proof using a competent | ||
* SignatureService implementation | ||
* @param vcEncodedHash | ||
* @return | ||
*/ | ||
String getProof(String vcEncodedHash); | ||
/** | ||
* buildProof takes a proof String and attaches it to a proof object as per algorithm | ||
* @param vcLdProof the proof object of the VC | ||
* @param sign should be a string, can be a detached JWS, another proofString based on implementors choice | ||
* @return | ||
*/ | ||
LdProof buildProof(LdProof vcLdProof, String sign); | ||
} |
60 changes: 60 additions & 0 deletions
60
certify-service/src/main/java/io/mosip/certify/services/ldsigner/RsaProofSignature2018.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,60 @@ | ||
package io.mosip.certify.services.ldsigner; | ||
|
||
import com.danubetech.keyformats.jose.JWSAlgorithm; | ||
import info.weboftrust.ldsignatures.LdProof; | ||
import info.weboftrust.ldsignatures.canonicalizer.Canonicalizer; | ||
import info.weboftrust.ldsignatures.canonicalizer.URDNA2015Canonicalizer; | ||
import io.mosip.certify.core.constants.SignatureAlg; | ||
import io.mosip.certify.services.KeyManagerConstants; | ||
import io.mosip.kernel.signature.dto.JWSSignatureRequestDto; | ||
import io.mosip.kernel.signature.dto.JWTSignatureResponseDto; | ||
import io.mosip.kernel.signature.service.SignatureService; | ||
import org.springframework.beans.factory.annotation.Autowired; | ||
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty; | ||
import org.springframework.stereotype.Component; | ||
|
||
import java.nio.charset.StandardCharsets; | ||
import java.util.Base64; | ||
|
||
@Component | ||
@ConditionalOnProperty(name = "mosip.certify.issuer.vc-sign-algo", havingValue = SignatureAlg.RSA_SIGNATURE_SUITE) | ||
public class RsaProofSignature2018 implements ProofSignatureStrategy { | ||
@Autowired | ||
SignatureService signatureService; | ||
|
||
Canonicalizer canonicalizer = new URDNA2015Canonicalizer(); | ||
|
||
@Override | ||
public String getName() { | ||
return SignatureAlg.RSA_SIGNATURE_SUITE; | ||
} | ||
|
||
@Override | ||
public Canonicalizer getCanonicalizer() { | ||
return canonicalizer; | ||
} | ||
|
||
@Override | ||
public String getProof(String vcEncodedHash) { | ||
String vcEncodedData = Base64.getUrlEncoder().encodeToString(vcEncodedHash.getBytes(StandardCharsets.UTF_8)); | ||
JWSSignatureRequestDto payload = new JWSSignatureRequestDto(); | ||
payload.setDataToSign(vcEncodedData); | ||
payload.setApplicationId(KeyManagerConstants.CERTIFY_MOCK_RSA); | ||
payload.setReferenceId(KeyManagerConstants.EMPTY_REF_ID); // alg, empty = RSA | ||
payload.setIncludePayload(false); | ||
payload.setIncludeCertificate(false); | ||
payload.setIncludeCertHash(true); | ||
payload.setValidateJson(false); | ||
payload.setB64JWSHeaderParam(false); | ||
payload.setCertificateUrl(""); | ||
payload.setSignAlgorithm(JWSAlgorithm.RS256); // RSSignature2018 --> RS256, PS256, ES256 | ||
JWTSignatureResponseDto jwsSignedData = signatureService.jwsSign(payload); | ||
return jwsSignedData.getJwtSignedData(); | ||
} | ||
|
||
@Override | ||
public LdProof buildProof(LdProof vcLdProof, String sign) { | ||
return LdProof.builder().base(vcLdProof).defaultContexts(false) | ||
.jws(sign).build(); | ||
} | ||
} |
Oops, something went wrong.