weboftrustinfo / ld-signatures-java Goto Github PK

View Code? Open in Web Editor NEW

16.0 10.0 15.0 414 KB

Java implementation of Linked Data Signatures

License: Apache License 2.0

Java 100.00%

ld-signatures-java's Introduction

ld-signatures-java

Information

This is an implementation of the following cryptographic suites for Linked Data Proofs:

Maven

Build:

mvn clean install

Dependency:

<repositories>
	<repository>
		<id>danubetech-maven-public</id>
		<url>https://repo.danubetech.com/repository/maven-public/</url>
	</repository>
</repositories>

<dependency>
	<groupId>info.weboftrust</groupId>
	<artifactId>ld-signatures-java</artifactId>
	<version>1.6.0</version>
</dependency>

Example

Example JSON-LD document:

{
	"@context": {
		"schema": "http://schema.org/",
		"name": "schema:name",
		"homepage": "schema:url",
		"image": "schema:image"
	},
	"name": "Manu Sporny",
	"homepage": "https://manu.sporny.org/",
	"image": "https://manu.sporny.org/images/manu.png"
}

Example code:

JsonLDObject jsonLdObject = JsonLDObject.fromJson(new FileReader("input.jsonld"));

byte[] testEd25519PrivateKey = Hex.decodeHex("984b589e121040156838303f107e13150be4a80fc5088ccba0b0bdc9b1d89090de8777a28f8da1a74e7a13090ed974d879bf692d001cddee16e4cc9f84b60580".toCharArray());

Ed25519Signature2018LdSigner signer = new Ed25519Signature2018LdSigner(testEd25519PrivateKey);
signer.setCreated(new Date());
signer.setProofPurpose(LDSecurityKeywords.JSONLD_TERM_ASSERTIONMETHOD);
signer.setVerificationMethod(URI.create("https://example.com/jdoe/keys/1"));
signer.setDomain("example.com");
signer.setNonce("343s$FSFDa-");
LdProof ldProof = signer.sign(jsonLdObject);

System.out.println(jsonLdObject.toJson(true));

Example Linked Data Proof:

{
    "type": "Ed25519Signature2018",
    "created": "2020-10-15T09:42:46Z",
    "domain": "example.com",
    "nonce" : "343s$FSFDa-",
    "proofPurpose": "assertionMethod",
    "verificationMethod": "https://example.com/jdoe/keys/1",
    "jws": "eyJiNjQiOmZhbHNlLCJjcml0IjpbImI2NCJdLCJhbGciOiJFZERTQSJ9..8sFJcDtO_pYLjIkJNKfIOL3IOgm_bpbOqqr8ha0ZDa-e6XorbywVQmFCATNXPqMV10deru-zajF79tVelKo-Bw"
}

About

Danube Tech - https://danubetech.com/

Originally built during Rebooting Web-of-Trust in Paris on April 21st 2017.

This software library is part of a project that has received funding from the European Union's Horizon 2020 research and innovation programme under grant agreement No 871932

ld-signatures-java's People

Contributors

Stargazers

Watchers

Forkers

dwking2000 vascoinnofactor lulzzz johncallahan apoupard smartbcity baiyuqi bernhardfuchs jackjet mtlsn 0pen5ource ludeng123 janardhanbs-syncbyte rkxx richardbergquist

ld-signatures-java's Issues

Crashing during JsonLD signing on Android

Is this library able to be used in an Android device? I am getting exception for the instantiation of com.danubetech.keyformats.crypto.provider.impl.NaClSodiumEd25519Provider when running in Android.

Full stack trace below

java.util.ServiceConfigurationError: com.danubetech.keyformats.crypto.provider.Ed25519Provider: Provider com.danubetech.keyformats.crypto.provider.impl.NaClSodiumEd25519Provider could not be instantiated
	at java.util.ServiceLoader.fail(ServiceLoader.java:233)
	at java.util.ServiceLoader.-$$Nest$smfail(Unknown Source:0)
	at java.util.ServiceLoader$LazyIterator.nextService(ServiceLoader.java:392)
	at java.util.ServiceLoader$LazyIterator.next(ServiceLoader.java:416)
	at java.util.ServiceLoader$1.next(ServiceLoader.java:494)
	at com.danubetech.keyformats.crypto.provider.Ed25519Provider.get(Ed25519Provider.java:27)
	at com.danubetech.keyformats.crypto.impl.Ed25519_EdDSA_PrivateKeySigner.sign(Ed25519_EdDSA_PrivateKeySigner.java:19)
	at com.danubetech.keyformats.crypto.ByteSigner.sign(ByteSigner.java:18)
	at info.weboftrust.ldsignatures.signer.Ed25519Signature2020LdSigner.sign(Ed25519Signature2020LdSigner.java:37)
	at info.weboftrust.ldsignatures.signer.Ed25519Signature2020LdSigner.sign(Ed25519Signature2020LdSigner.java:48)
	at info.weboftrust.ldsignatures.signer.LdSigner.sign(LdSigner.java:99)
	at info.weboftrust.ldsignatures.signer.LdSigner.sign(LdSigner.java:123)
	at com.example.FirstFragmentViewModel.webOfTrustSigner(FirstFragmentViewModel.kt:484)
	at com.example.FirstFragmentViewModel.access$webOfTrustSigner(FirstFragmentViewModel.kt:45)
	at com.example.FirstFragmentViewModel$createSignVP$1.invokeSuspend(FirstFragmentViewModel.kt:399)
	at kotlin.coroutines.jvm.internal.BaseContinuationImpl.resumeWith(ContinuationImpl.kt:33)
	at kotlinx.coroutines.DispatchedTask.run(DispatchedTask.kt:106)
	at kotlinx.coroutines.internal.LimitedDispatcher.run(LimitedDispatcher.kt:42)
	at kotlinx.coroutines.scheduling.TaskImpl.run(Tasks.kt:95)
	at kotlinx.coroutines.scheduling.CoroutineScheduler.runSafely(CoroutineScheduler.kt:570)
	at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.executeTask(CoroutineScheduler.kt:750)
	at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.runWorker(CoroutineScheduler.kt:677)
	at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.run(CoroutineScheduler.kt:664)
	Suppressed: kotlinx.coroutines.DiagnosticCoroutineContextException: [StandaloneCoroutine{Cancelling}@d91dd9a, Dispatchers.IO]
Caused by: java.lang.ExceptionInInitializerError
	at java.lang.Class.newInstance(Native Method)
	at java.util.ServiceLoader$LazyIterator.nextService(ServiceLoader.java:388)
	... 20 more
Caused by: java.lang.NullPointerException: Attempt to invoke virtual method 'java.lang.String java.net.URL.getFile()' on a null object reference
	at com.goterl.resourceloader.ResourceLoader.getFileFromFileSystem(ResourceLoader.java:234)
	at com.goterl.resourceloader.ResourceLoader.copyToTempDirectory(ResourceLoader.java:88)
	at com.goterl.resourceloader.SharedLibraryLoader.load(SharedLibraryLoader.java:53)
	at com.goterl.lazysodium.utils.LibraryLoader.loadBundledLibrary(LibraryLoader.java:134)
	at com.goterl.lazysodium.utils.LibraryLoader.loadLibrary(LibraryLoader.java:95)
	at com.goterl.lazysodium.SodiumJava.<init>(SodiumJava.java:34)
	at com.goterl.lazysodium.SodiumJava.<init>(SodiumJava.java:23)
	at com.danubetech.keyformats.crypto.provider.impl.NaClSodiumEd25519Provider.<clinit>(NaClSodiumEd25519Provider.java:15)
	... 22 more

Determining algorithm value when using `PublicKeyVerifierFactory.publicKeyVerifierForJWK()`

Hi currently i am creating my verifier like below.


val jsonLdObject =  getJsonLDObjectFromString(jsonLdString)
val ldProof = LdProof.getFromJsonLDObject(jsonLdObject)

val verifier =
            try {
                LdVerifierRegistry.getLdVerifierBySignatureSuiteTerm(ldProof.type)
            } catch (ex: Exception) {
                Log.d("webOfTrustVerifyJsonLd", "Unable to get verifier: ${ex::class.java.simpleName} - ${ex.message}")
                null
            }

After creating the verifier i understand that the publicKeyVerifier needs to be created. I have the publicKey JWK.
My questions is, what is the way to determine the algorithm String when creating the PublicKeyVerifier below?
My JWK alg is null.

val parsedJwk = JWK.fromJson(publicJwkJsonObject.toString().replace("\\", ""))
val byteVerifier = PublicKeyVerifierFactory.publicKeyVerifierForJWK(parsedJwk, "some Algorithm")  <----- here

BbsBlsSignature : Selective Disclosure

Hi,

I am interested to do some selective disclosure by using the Bbs algorithm.
I noticed that this Bbs/Bls feature is not supported by your library. So I am trying to implement it.

Are you agree if I do this :

I create a byte[][] for the result of canonicalization function and it will contain the hash of each canonicalized attribute
Example :

// The result of the json-ld after the canonicalization
// each line will be hashed (byte[i] = sha256(line[i]_bellow)) with sha256 return an array of byte
<did:example:ebfeb1f712ebc6f1c276e12ec21> <http://schema.org/familyName> "Sporny" .
<did:example:ebfeb1f712ebc6f1c276e12ec21> <http://schema.org/givenName> "Manu" .
<did:example:ebfeb1f712ebc6f1c276e12ec21> <https://example.org/examples#college> <did:example:c276e12ec21ebfeb1f712ebc6f1> .
<http://example.edu/credentials/1872> <http://www.w3.org/1999/02/22-rdf-syntax-ns#type> <https://example.org/examples#UniversityDegreeCredential> .
<http://example.edu/credentials/1872> <http://www.w3.org/1999/02/22-rdf-syntax-ns#type> <https://www.w3.org/2018/credentials#VerifiableCredential> .
<http://example.edu/credentials/1872> <https://www.w3.org/2018/credentials#credentialSubject> <did:example:ebfeb1f712ebc6f1c276e12ec21> .
<http://example.edu/credentials/1872> <https://www.w3.org/2018/credentials#issuanceDate> "2010-01-01T19:73:24Z"^^<http://www.w3.org/2001/XMLSchema#dateTime> .
<http://example.edu/credentials/1872> <https://www.w3.org/2018/credentials#issuer> <https://example.edu/issuers/565049> .

I reproduce the same thing for the ld-proof
I edit all the class to call the signing function.
The 'messages' is the result of the canonicalization (byte[][])

Bbs.blsSign(this.getPrivateKey().secretKey, this.getPrivateKey().publicKey, messages);

To do some selective disclosure I will do this

        byte[] nonce = getNonce();
        byte[][] messages = getMessages(); //
        byte[] publicKey = getPublicKey();
        byte[] signature = getSignature();

        ProofMessage[] proofMessage = {
                //if("to reveal")
                new ProofMessage(ProofMessage.PROOF_MESSAGE_TYPE_REVEALED, messages[i], new byte[0]),
                //else("to hide")
                // new ProofMessage(ProofMessage.PROOF_MESSAGE_TYPE_HIDDEN_PROOF_SPECIFIC_BLINDING, messages[i], new byte[0]),
        };

        byte[] proof = new byte[0];
        byte[] bbsPublicKey = Bbs.blsPublicToBbsPublicKey(publicKey, messages.length);

        try {
            proof = Bbs.createProof(bbsPublicKey, nonce, signature, proofMessage);
        } catch (Exception exception) {
            exception.printStackTrace();
        }

Best regards.

It support base58btc signing for proof?

BBS signatures suite

I see that there are api interfaces for BBS signature verification. Are BBS functionality working? I tried to verify some json-LD with bbs signatures, and the verification seems to always return false.

How to create a ByteVerifier within a JsonWebSignature2020LdVerifier?

Hi,

I'm currently developing the validation of a Linked Data Proof.
I followed the development examples to implement the code:

VerifiablePresentation presentation = VerifiablePresentation.fromJson(json);
LdVerifier verifier = new JsonWebSignature2020LdVerifier();
verifier.verify(presentation);

Unfortunately, the function verify throws a NullPointerException when getting the Algorithm from the verifier.

I would have thought that the suiting verifier is chosen automatically depending on the to-be-verified JWS.
Now I'm trying to generate the verifier manually. However, I fail to do it. I fail somewhere in generating the RSA Keys manually.
Also, it doesn't feel like doing it correctly since the algorithm might change in different JWSs.

Do I miss something here?
How can this issue be resolved?

I really appreciate any help you can provide.
Sebastian

Support 'proof' instead of 'signature'

See w3c-ccg/did-spec#15

URDNA2015Canonicalizer: Custom loader not being assigned to LdProof's object

Here a custom loader is correctly assigned to jsonLdObjectWithoutProof but not to ldProofWithoutProofValues. I am not sure why. But I think it is prudent to assign to both objects.

This has to do with not instantiating default DocumentLoaders to avoid the need for java.net.http.HttpClient on runtime (Android's don't have it)

RSA Canonicalization

Hi!

I recently ran into a canonicalization issue with the RsaSignature2018 suite.
I am using this library through verifiable-credentials-java for the java backend. On the other side, we are using digitalcredentials/vc for the react native application.

The canonicalization of the proof is different in both libraries.

Javascript:

_:c14n0 <http://purl.org/dc/terms/created> "2023-06-03T20:00:01Z"^^<xsd:dateTime> .
_:c14n0 <http://www.w3.org/1999/02/22-rdf-syntax-ns#type> <https://w3id.org/security#RsaSignature2018> .
_:c14n0 <sec:proofPurpose> <https://w3id.org/security#assertionMethod> .
_:c14n0 <sec:verificationMethod> <urn:oid:2.16.858.0.0.0.3.0#1> .

Java:

_:c14n0 <http://purl.org/dc/terms/created> "2023-06-03T20:00:01Z"^^<http://www.w3.org/2001/XMLSchema#dateTime> .
_:c14n0 <http://www.w3.org/1999/02/22-rdf-syntax-ns#type> <https://w3id.org/security#RsaSignature2018> .
_:c14n0 <https://w3id.org/security#proofPurpose> <https://w3id.org/security#assertionMethod> .
_:c14n0 <https://w3id.org/security#verificationMethod> <urn:oid:2.16.858.0.0.0.3.0#1> .

I opened an issue digitalbazaar/jsonld.js#524 and found out it is related to a problem with the spec.

I wanted to know what kind of workaround is being used in this Java library to bypass this bug (so I can also use it in JS), and if it is the expected thing to do. Which one is the solution that would guarantee more interoperability?

Thanks a lot!

RsaSignature2018 with RSA_PS256

Hi all!

I need a version of the RsaSignature2018LdVerifier with PS256 instead of RS256. Should I just send a PR with a copy of this class using a different algorithm name or should the RsaSignature2018LdVerifier itself handle multiple algorithms?

Thanks!