feat: Support for DataIntegrityProof

peacekeeper · peacekeeper · commit 659e56c59c3f · 2025-02-28T00:48:10.000+01:00
diff --git a/pom.xml b/pom.xml
@@ -187,7 +187,7 @@
 		<dependency>
 			<groupId>com.danubetech</groupId>
 			<artifactId>key-formats-java</artifactId>
-			<version>1.20.0</version>
+			<version>1.21-SNAPSHOT</version>
 		</dependency>
 		<dependency>
 			<groupId>io.setl</groupId>
diff --git a/src/main/java/com/danubetech/dataintegrity/signer/BbsBlsSignature2020LdSigner.java b/src/main/java/com/danubetech/dataintegrity/signer/BbsBlsSignature2020LdSigner.java
@@ -27,7 +27,7 @@ public BbsBlsSignature2020LdSigner() {
         this((ByteSigner) null);
     }
 
-    public Canonicalizer getCanonicalizer() {
+    public Canonicalizer getCanonicalizer(DataIntegrityProof dataIntegrityProof) {
         return URDNA2015Canonicalizer.getInstance();
     }
 
diff --git a/src/main/java/com/danubetech/dataintegrity/signer/DataIntegrityProofLdSigner.java b/src/main/java/com/danubetech/dataintegrity/signer/DataIntegrityProofLdSigner.java
@@ -2,15 +2,11 @@
 
 import com.danubetech.dataintegrity.DataIntegrityProof;
 import com.danubetech.dataintegrity.canonicalizer.Canonicalizer;
-import com.danubetech.dataintegrity.canonicalizer.JCSCanonicalizer;
 import com.danubetech.dataintegrity.canonicalizer.RDFC10Canonicalizer;
-import com.danubetech.dataintegrity.canonicalizer.URDNA2015Canonicalizer;
 import com.danubetech.dataintegrity.suites.DataIntegrityProofDataIntegritySuite;
 import com.danubetech.dataintegrity.suites.DataIntegritySuites;
-import com.danubetech.dataintegrity.suites.Ed25519Signature2020DataIntegritySuite;
 import com.danubetech.keyformats.crypto.ByteSigner;
 import com.danubetech.keyformats.crypto.impl.Ed25519_EdDSA_PrivateKeySigner;
-import com.danubetech.keyformats.jose.JWSAlgorithm;
 import io.ipfs.multibase.Multibase;
 
 import java.security.GeneralSecurityException;
@@ -29,17 +25,35 @@ public DataIntegrityProofLdSigner() {
         this((ByteSigner) null);
     }
 
-    public Canonicalizer getCanonicalizer() {
-        return RDFC10Canonicalizer.getInstance();
+    public Canonicalizer getCanonicalizer(DataIntegrityProof dataIntegrityProof) {
+        String cryptosuite = dataIntegrityProof.getCryptosuite();
+        if (cryptosuite == null) return RDFC10Canonicalizer.getInstance();
+        return DataIntegrityProofDataIntegritySuite.findCanonicalizerByCryptosuite(cryptosuite);
     }
 
     public static void sign(DataIntegrityProof.Builder<? extends DataIntegrityProof.Builder<?>> ldProofBuilder, byte[] signingInput, ByteSigner signer) throws GeneralSecurityException {
 
+        // determine algorithm and cryptosuite
+
+        String algorithm;
+        String cryptosuite;
+
+        algorithm = signer.getAlgorithm();
+        cryptosuite = ldProofBuilder.build().getCryptosuite();
+        if (cryptosuite != null) {
+            if (! DataIntegrityProofDataIntegritySuite.findCryptosuitesByJwsAlgorithm(algorithm).contains(cryptosuite)) {
+                throw new GeneralSecurityException("Algorithm " + algorithm + " is not supported by cryptosuite " + cryptosuite);
+            }
+        } else {
+            cryptosuite = DataIntegrityProofDataIntegritySuite.findDefaultCryptosuiteByJwsAlgorithm(algorithm);
+            ldProofBuilder.cryptosuite(cryptosuite);
+        }
+
         // sign
 
         String proofValue;
 
-        byte[] bytes = signer.sign(signingInput, signer.getAlgorithm());
+        byte[] bytes = signer.sign(signingInput, algorithm);
         proofValue = Multibase.encode(Multibase.Base.Base58BTC, bytes);
 
         // done
diff --git a/src/main/java/com/danubetech/dataintegrity/signer/EcdsaKoblitzSignature2016LdSigner.java b/src/main/java/com/danubetech/dataintegrity/signer/EcdsaKoblitzSignature2016LdSigner.java
@@ -33,7 +33,7 @@ public EcdsaKoblitzSignature2016LdSigner() {
         this((ByteSigner) null);
     }
 
-    public Canonicalizer getCanonicalizer() {
+    public Canonicalizer getCanonicalizer(DataIntegrityProof dataIntegrityProof) {
         return URDNA2015Canonicalizer.getInstance();
     }
 
diff --git a/src/main/java/com/danubetech/dataintegrity/signer/EcdsaSecp256k1Signature2019LdSigner.java b/src/main/java/com/danubetech/dataintegrity/signer/EcdsaSecp256k1Signature2019LdSigner.java
@@ -33,7 +33,7 @@ public EcdsaSecp256k1Signature2019LdSigner() {
         this((ByteSigner) null);
     }
 
-    public Canonicalizer getCanonicalizer() {
+    public Canonicalizer getCanonicalizer(DataIntegrityProof dataIntegrityProof) {
         return URDNA2015Canonicalizer.getInstance();
     }
 
diff --git a/src/main/java/com/danubetech/dataintegrity/signer/Ed25519Signature2018LdSigner.java b/src/main/java/com/danubetech/dataintegrity/signer/Ed25519Signature2018LdSigner.java
@@ -32,7 +32,7 @@ public Ed25519Signature2018LdSigner() {
         this((ByteSigner) null);
     }
 
-    public Canonicalizer getCanonicalizer() {
+    public Canonicalizer getCanonicalizer(DataIntegrityProof dataIntegrityProof) {
         return URDNA2015Canonicalizer.getInstance();
     }
 
diff --git a/src/main/java/com/danubetech/dataintegrity/signer/Ed25519Signature2020LdSigner.java b/src/main/java/com/danubetech/dataintegrity/signer/Ed25519Signature2020LdSigner.java
@@ -26,7 +26,7 @@ public Ed25519Signature2020LdSigner() {
         this((ByteSigner) null);
     }
 
-    public Canonicalizer getCanonicalizer() {
+    public Canonicalizer getCanonicalizer(DataIntegrityProof dataIntegrityProof) {
         return URDNA2015Canonicalizer.getInstance();
     }
 
diff --git a/src/main/java/com/danubetech/dataintegrity/signer/JcsEcdsaSecp256k1Signature2019LdSigner.java b/src/main/java/com/danubetech/dataintegrity/signer/JcsEcdsaSecp256k1Signature2019LdSigner.java
@@ -29,7 +29,7 @@ public JcsEcdsaSecp256k1Signature2019LdSigner() {
         this((ByteSigner) null);
     }
 
-    public Canonicalizer getCanonicalizer() {
+    public Canonicalizer getCanonicalizer(DataIntegrityProof dataIntegrityProof) {
         return JCSCanonicalizer.getInstance();
     }
 
diff --git a/src/main/java/com/danubetech/dataintegrity/signer/JcsEd25519Signature2020LdSigner.java b/src/main/java/com/danubetech/dataintegrity/signer/JcsEd25519Signature2020LdSigner.java
@@ -27,7 +27,7 @@ public JcsEd25519Signature2020LdSigner() {
         this((ByteSigner) null);
     }
 
-    public Canonicalizer getCanonicalizer() {
+    public Canonicalizer getCanonicalizer(DataIntegrityProof dataIntegrityProof) {
         return JCSCanonicalizer.getInstance();
     }
 
diff --git a/src/main/java/com/danubetech/dataintegrity/signer/JsonWebSignature2020LdSigner.java b/src/main/java/com/danubetech/dataintegrity/signer/JsonWebSignature2020LdSigner.java
@@ -1,19 +1,18 @@
 package com.danubetech.dataintegrity.signer;
 
 import com.danubetech.dataintegrity.DataIntegrityProof;
+import com.danubetech.dataintegrity.adapter.JWSSignerAdapter;
 import com.danubetech.dataintegrity.canonicalizer.Canonicalizer;
-import com.danubetech.dataintegrity.canonicalizer.JCSCanonicalizer;
+import com.danubetech.dataintegrity.canonicalizer.URDNA2015Canonicalizer;
+import com.danubetech.dataintegrity.suites.DataIntegritySuites;
+import com.danubetech.dataintegrity.suites.JsonWebSignature2020DataIntegritySuite;
+import com.danubetech.dataintegrity.util.JWSUtil;
 import com.danubetech.keyformats.crypto.ByteSigner;
 import com.nimbusds.jose.JOSEException;
 import com.nimbusds.jose.JWSAlgorithm;
 import com.nimbusds.jose.JWSHeader;
 import com.nimbusds.jose.JWSSigner;
 import com.nimbusds.jose.util.Base64URL;
-import com.danubetech.dataintegrity.adapter.JWSSignerAdapter;
-import com.danubetech.dataintegrity.canonicalizer.URDNA2015Canonicalizer;
-import com.danubetech.dataintegrity.suites.JsonWebSignature2020DataIntegritySuite;
-import com.danubetech.dataintegrity.suites.DataIntegritySuites;
-import com.danubetech.dataintegrity.util.JWSUtil;
 
 import java.security.GeneralSecurityException;
 import java.util.Collections;
@@ -28,22 +27,26 @@ public JsonWebSignature2020LdSigner() {
         this(null);
     }
 
-    public Canonicalizer getCanonicalizer() {
+    public Canonicalizer getCanonicalizer(DataIntegrityProof dataIntegrityProof) {
         return URDNA2015Canonicalizer.getInstance();
     }
 
     public static void sign(DataIntegrityProof.Builder<? extends DataIntegrityProof.Builder<?>> ldProofBuilder, byte[] signingInput, ByteSigner signer) throws GeneralSecurityException {
 
+        // determine algorithm
+
+        String algorithm = signer.getAlgorithm();
+
         // build the JWS and sign
 
         String jws;
 
         try {
 
-            JWSHeader jwsHeader = new JWSHeader.Builder(JWSAlgorithm.parse(signer.getAlgorithm())).base64URLEncodePayload(false).criticalParams(Collections.singleton("b64")).build();
+            JWSHeader jwsHeader = new JWSHeader.Builder(JWSAlgorithm.parse(algorithm)).base64URLEncodePayload(false).criticalParams(Collections.singleton("b64")).build();
             byte[] jwsSigningInput = JWSUtil.getJwsSigningInput(jwsHeader, signingInput);
 
-            JWSSigner jwsSigner = new JWSSignerAdapter(signer, JWSAlgorithm.parse(signer.getAlgorithm()));
+            JWSSigner jwsSigner = new JWSSignerAdapter(signer, JWSAlgorithm.parse(algorithm));
             Base64URL signature = jwsSigner.sign(jwsHeader, jwsSigningInput);
             jws = JWSUtil.serializeDetachedJws(jwsHeader, signature);
         } catch (JOSEException ex) {
diff --git a/src/main/java/com/danubetech/dataintegrity/signer/LdSigner.java b/src/main/java/com/danubetech/dataintegrity/signer/LdSigner.java
@@ -89,7 +89,7 @@ public DataIntegrityProof sign(JsonLDObject jsonLdObject, boolean addToJsonLdObj
 
         // obtain the canonicalized document
 
-        byte[] canonicalizationResult = this.getCanonicalizer().canonicalize(dataIntegrityProof, jsonLdObject);
+        byte[] canonicalizationResult = this.getCanonicalizer(dataIntegrityProof).canonicalize(dataIntegrityProof, jsonLdObject);
 
         // sign
 
@@ -127,7 +127,7 @@ public DataIntegritySuite getDataIntegritySuite() {
         return this.dataIntegritySuite;
     }
 
-    public abstract Canonicalizer getCanonicalizer();
+    public abstract Canonicalizer getCanonicalizer(DataIntegrityProof dataIntegrityProof);
 
     /*
      * Getters and setters
diff --git a/src/main/java/com/danubetech/dataintegrity/signer/RsaSignature2018LdSigner.java b/src/main/java/com/danubetech/dataintegrity/signer/RsaSignature2018LdSigner.java
@@ -33,7 +33,7 @@ public RsaSignature2018LdSigner() {
         this((ByteSigner) null);
     }
 
-    public Canonicalizer getCanonicalizer() {
+    public Canonicalizer getCanonicalizer(DataIntegrityProof dataIntegrityProof) {
         return URDNA2015Canonicalizer.getInstance();
     }
 
diff --git a/src/main/java/com/danubetech/dataintegrity/suites/DataIntegrityProofDataIntegritySuite.java b/src/main/java/com/danubetech/dataintegrity/suites/DataIntegrityProofDataIntegritySuite.java
@@ -20,25 +20,13 @@ public class DataIntegrityProofDataIntegritySuite extends DataIntegritySuite {
 			"eddsa-jcs-2022", JCSCanonicalizer.getInstance()
 	);
 
-	private static final Map<String, Map<KeyTypeName, String>> JWS_ALGORITHM_BY_CRYPTOSUITE_AND_KEY_TYPE_NAME = Map.of(
-			"ecdsa-rdfc-2019", Map.of(
-					KeyTypeName.secp256k1, JWSAlgorithm.ES256K,
-					KeyTypeName.P_256, JWSAlgorithm.ES256,
-					KeyTypeName.P_384, JWSAlgorithm.ES384,
-					KeyTypeName.P_521, JWSAlgorithm.ES512
-			),
-			"ecdsa-jcs-2019", Map.of(
-					KeyTypeName.Ed25519, JWSAlgorithm.EdDSA
-			),
-			"eddsa-rdfc-2022", Map.of(
-					KeyTypeName.secp256k1, JWSAlgorithm.ES256K,
-					KeyTypeName.P_256, JWSAlgorithm.ES256,
-					KeyTypeName.P_384, JWSAlgorithm.ES384,
-					KeyTypeName.P_521, JWSAlgorithm.ES512
-			),
-			"eddsa-jcs-2022", Map.of(
-					KeyTypeName.Ed25519, JWSAlgorithm.EdDSA
-			)
+	private static final Map<String, List<String>> CRYPTOSUITES_BY_JWS_ALGORITHM = Map.of(
+			JWSAlgorithm.EdDSA, List.of("eddsa-rdfc-2022", "eddsa-jcs-2022"),
+			JWSAlgorithm.ES256K, List.of("ecdsa-rdfc-2019", "ecdsa-jcs-2019"),
+			JWSAlgorithm.ES256KS, List.of("schnorr-secp256k1-rdfc-2025", "schnorr-secp256k1-jcs-2025"),
+			JWSAlgorithm.ES256, List.of("ecdsa-rdfc-2019", "ecdsa-jcs-2019"),
+			JWSAlgorithm.ES384, List.of("ecdsa-rdfc-2019", "ecdsa-jcs-2019"),
+			JWSAlgorithm.ES512, List.of("ecdsa-rdfc-2019", "ecdsa-jcs-2019")
 	);
 
 	DataIntegrityProofDataIntegritySuite() {
@@ -52,4 +40,17 @@ public class DataIntegrityProofDataIntegritySuite extends DataIntegritySuite {
 						KeyTypeName.P_521, List.of(JWSAlgorithm.ES512)),
                 List.of(LDSecurityContexts.JSONLD_CONTEXT_W3ID_DATAINTEGRITY_V2));
 	}
+
+	public static Canonicalizer findCanonicalizerByCryptosuite(String cryptosuite) {
+		return CANONICALIZERS_BY_CRYPTOSUITE.get(cryptosuite);
+	}
+
+	public static List<String> findCryptosuitesByJwsAlgorithm(String jwsAlgorithm) {
+		return CRYPTOSUITES_BY_JWS_ALGORITHM.get(jwsAlgorithm);
+	}
+
+	public static String findDefaultCryptosuiteByJwsAlgorithm(String jwsAlgorithm) {
+		List<String> foundCryptosuiteByJwsAlgorithm = findCryptosuitesByJwsAlgorithm(jwsAlgorithm);
+		return foundCryptosuiteByJwsAlgorithm == null ? null : foundCryptosuiteByJwsAlgorithm.get(0);
+	}
 }

Original file line number	Diff line number	Diff line change
`@@ -27,7 +27,7 @@ public BbsBlsSignature2020LdSigner() {`
`27`	`27`	`this((ByteSigner) null);`
`28`	`28`	`}`
`29`	`29`
`30`		`- public Canonicalizer getCanonicalizer() {`
	`30`	`+ public Canonicalizer getCanonicalizer(DataIntegrityProof dataIntegrityProof) {`
`31`	`31`	`return URDNA2015Canonicalizer.getInstance();`
`32`	`32`	`}`
`33`	`33`
Original file line number	Diff line number	Diff line change
`@@ -33,7 +33,7 @@ public EcdsaKoblitzSignature2016LdSigner() {`
`33`	`33`	`this((ByteSigner) null);`
`34`	`34`	`}`
`35`	`35`
`36`		`- public Canonicalizer getCanonicalizer() {`
	`36`	`+ public Canonicalizer getCanonicalizer(DataIntegrityProof dataIntegrityProof) {`
`37`	`37`	`return URDNA2015Canonicalizer.getInstance();`
`38`	`38`	`}`
`39`	`39`
Original file line number	Diff line number	Diff line change
`@@ -33,7 +33,7 @@ public EcdsaSecp256k1Signature2019LdSigner() {`
`33`	`33`	`this((ByteSigner) null);`
`34`	`34`	`}`
`35`	`35`
`36`		`- public Canonicalizer getCanonicalizer() {`
	`36`	`+ public Canonicalizer getCanonicalizer(DataIntegrityProof dataIntegrityProof) {`
`37`	`37`	`return URDNA2015Canonicalizer.getInstance();`
`38`	`38`	`}`
`39`	`39`
Original file line number	Diff line number	Diff line change
`@@ -32,7 +32,7 @@ public Ed25519Signature2018LdSigner() {`
`32`	`32`	`this((ByteSigner) null);`
`33`	`33`	`}`
`34`	`34`
`35`		`- public Canonicalizer getCanonicalizer() {`
	`35`	`+ public Canonicalizer getCanonicalizer(DataIntegrityProof dataIntegrityProof) {`
`36`	`36`	`return URDNA2015Canonicalizer.getInstance();`
`37`	`37`	`}`
`38`	`38`
Original file line number	Diff line number	Diff line change
`@@ -26,7 +26,7 @@ public Ed25519Signature2020LdSigner() {`
`26`	`26`	`this((ByteSigner) null);`
`27`	`27`	`}`
`28`	`28`
`29`		`- public Canonicalizer getCanonicalizer() {`
	`29`	`+ public Canonicalizer getCanonicalizer(DataIntegrityProof dataIntegrityProof) {`
`30`	`30`	`return URDNA2015Canonicalizer.getInstance();`
`31`	`31`	`}`
`32`	`32`
Original file line number	Diff line number	Diff line change
`@@ -29,7 +29,7 @@ public JcsEcdsaSecp256k1Signature2019LdSigner() {`
`29`	`29`	`this((ByteSigner) null);`
`30`	`30`	`}`
`31`	`31`
`32`		`- public Canonicalizer getCanonicalizer() {`
	`32`	`+ public Canonicalizer getCanonicalizer(DataIntegrityProof dataIntegrityProof) {`
`33`	`33`	`return JCSCanonicalizer.getInstance();`
`34`	`34`	`}`
`35`	`35`
Original file line number	Diff line number	Diff line change
`@@ -27,7 +27,7 @@ public JcsEd25519Signature2020LdSigner() {`
`27`	`27`	`this((ByteSigner) null);`
`28`	`28`	`}`
`29`	`29`
`30`		`- public Canonicalizer getCanonicalizer() {`
	`30`	`+ public Canonicalizer getCanonicalizer(DataIntegrityProof dataIntegrityProof) {`
`31`	`31`	`return JCSCanonicalizer.getInstance();`
`32`	`32`	`}`
`33`	`33`