refactor: Various updates to signature suites and tests

Author: peacekeeper

src/main/java/com/danubetech/dataintegrity/canonicalizer/JCSCanonicalizer.java

@@ -3,7 +3,10 @@
 import com.danubetech.dataintegrity.DataIntegrityProof;
 import foundation.identity.jsonld.JsonLDException;
 import foundation.identity.jsonld.JsonLDObject;
+import org.apache.commons.codec.binary.Hex;
 import org.erdtman.jcs.JsonCanonicalizer;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 import java.io.IOException;
 import java.nio.charset.StandardCharsets;
@@ -12,6 +15,8 @@
 
 public abstract class JCSCanonicalizer extends Canonicalizer {
 
+    private static final Logger log = LoggerFactory.getLogger(JCSCanonicalizer.class);
+
     public JCSCanonicalizer() {
         super(List.of("jcs"));
     }
@@ -46,13 +51,14 @@ public byte[] canonicalize(DataIntegrityProof dataIntegrityProof, JsonLDObject j
         // canonicalize the LD object and LD proof options
 
         String canonicalizedJsonLdObjectWithoutProof = this.canonicalize(jsonLdObjectWithoutProof);
+        byte[] canonicalizedJsonLdObjectWithoutProofHash = this.hash(canonicalizedJsonLdObjectWithoutProof.getBytes(StandardCharsets.UTF_8));
+        if (log.isDebugEnabled()) log.debug("Canonicalized LD object without proof: {}", canonicalizedJsonLdObjectWithoutProof);
+        if (log.isDebugEnabled()) log.debug("Hashed canonicalized LD object without proof: {}", Hex.encodeHexString(canonicalizedJsonLdObjectWithoutProofHash));
 
         String canonicalizedLdProofWithoutProofValues = this.canonicalize(dataIntegrityProofWithoutProofValues);
-
-        // hashing
-
-        byte[] canonicalizedJsonLdObjectWithoutProofHash = this.hash(canonicalizedJsonLdObjectWithoutProof.getBytes(StandardCharsets.UTF_8));
         byte[] canonicalizedLdProofWithoutProofValuesHash = this.hash(canonicalizedLdProofWithoutProofValues.getBytes(StandardCharsets.UTF_8));
+        if (log.isDebugEnabled()) log.debug("Canonicalized LD proof without proof value: {}", canonicalizedLdProofWithoutProofValues);
+        if (log.isDebugEnabled()) log.debug("Hashed canonicalized LD proof without proof value: {}", Hex.encodeHexString(canonicalizedLdProofWithoutProofValuesHash));
 
         // construct the canonicalization result
 

src/main/java/com/danubetech/dataintegrity/canonicalizer/JCSSHA512Canonicalizer.java

@@ -13,7 +13,7 @@ public static JCSSHA512Canonicalizer getInstance() {
     }
 
     public int hashLength() {
-        return 48;
+        return 64;
     }
 
     public byte[] hash(byte[] input) throws GeneralSecurityException {

src/main/java/com/danubetech/dataintegrity/canonicalizer/RDFC10Canonicalizer.java

@@ -1,25 +1,27 @@
 package com.danubetech.dataintegrity.canonicalizer;
 
-import com.apicatalog.jsonld.lang.Keywords;
 import com.apicatalog.rdf.RdfDataset;
 import com.apicatalog.rdf.RdfNQuad;
 import com.apicatalog.rdf.canon.RdfCanonicalizer;
 import com.apicatalog.rdf.io.nquad.NQuadsWriter;
 import com.danubetech.dataintegrity.DataIntegrityProof;
 import foundation.identity.jsonld.JsonLDException;
 import foundation.identity.jsonld.JsonLDObject;
-import foundation.identity.jsonld.JsonLDUtils;
+import org.apache.commons.codec.binary.Hex;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 import java.io.IOException;
 import java.io.StringWriter;
 import java.nio.charset.StandardCharsets;
 import java.security.GeneralSecurityException;
 import java.util.Collection;
 import java.util.List;
-import java.util.Objects;
 
 public abstract class RDFC10Canonicalizer extends Canonicalizer {
 
+    private static final Logger log = LoggerFactory.getLogger(RDFC10Canonicalizer.class);
+
     public RDFC10Canonicalizer() {
         super(List.of("RDFC-1.0"));
     }
@@ -59,14 +61,15 @@ public byte[] canonicalize(DataIntegrityProof dataIntegrityProof, JsonLDObject j
 
         jsonLdObjectWithoutProof.setDocumentLoader(jsonLdObject.getDocumentLoader());
         String canonicalizedJsonLdObjectWithoutProof = this.canonicalize(jsonLdObjectWithoutProof);
+        byte[] canonicalizedJsonLdObjectWithoutProofHash = this.hash(canonicalizedJsonLdObjectWithoutProof.getBytes(StandardCharsets.UTF_8));
+        if (log.isDebugEnabled()) log.debug("Canonicalized LD object without proof: {}", canonicalizedJsonLdObjectWithoutProof);
+        if (log.isDebugEnabled()) log.debug("Hashed canonicalized LD object without proof: {}", Hex.encodeHexString(canonicalizedJsonLdObjectWithoutProofHash));
 
         dataIntegrityProofWithoutProofValues.setDocumentLoader(jsonLdObject.getDocumentLoader());
         String canonicalizedLdProofWithoutProofValues = this.canonicalize(dataIntegrityProofWithoutProofValues);
-
-        // hashing
-
-        byte[] canonicalizedJsonLdObjectWithoutProofHash = this.hash(canonicalizedJsonLdObjectWithoutProof.getBytes(StandardCharsets.UTF_8));
         byte[] canonicalizedLdProofWithoutProofValuesHash = this.hash(canonicalizedLdProofWithoutProofValues.getBytes(StandardCharsets.UTF_8));
+        if (log.isDebugEnabled()) log.debug("Canonicalized LD proof without proof value: {}", canonicalizedLdProofWithoutProofValues);
+        if (log.isDebugEnabled()) log.debug("Hashed canonicalized LD proof without proof value: {}", Hex.encodeHexString(canonicalizedLdProofWithoutProofValuesHash));
 
         // construct the canonicalization result
 

src/main/java/com/danubetech/dataintegrity/canonicalizer/URDNA2015Canonicalizer.java

@@ -7,6 +7,9 @@
 import foundation.identity.jsonld.JsonLDException;
 import foundation.identity.jsonld.JsonLDObject;
 import io.setl.rdf.normalization.RdfNormalize;
+import org.apache.commons.codec.binary.Hex;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 import java.io.IOException;
 import java.io.StringWriter;
@@ -16,6 +19,8 @@
 
 public class URDNA2015Canonicalizer extends Canonicalizer {
 
+    private static final Logger log = LoggerFactory.getLogger(RDFC10Canonicalizer.class);
+
     public static final URDNA2015Canonicalizer INSTANCE = new URDNA2015Canonicalizer();
 
     public URDNA2015Canonicalizer() {
@@ -61,14 +66,15 @@ public byte[] canonicalize(DataIntegrityProof dataIntegrityProof, JsonLDObject j
 
         jsonLdObjectWithoutProof.setDocumentLoader(jsonLdObject.getDocumentLoader());
         String canonicalizedJsonLdObjectWithoutProof = this.canonicalize(jsonLdObjectWithoutProof);
+        byte[] canonicalizedJsonLdObjectWithoutProofHash = SHAUtil.sha256(canonicalizedJsonLdObjectWithoutProof);
+        if (log.isDebugEnabled()) log.debug("Canonicalized LD object without proof: {}", canonicalizedJsonLdObjectWithoutProof);
+        if (log.isDebugEnabled()) log.debug("Hashed canonicalized LD object without proof: {}", Hex.encodeHexString(canonicalizedJsonLdObjectWithoutProofHash));
 
         dataIntegrityProofWithoutProofValues.setDocumentLoader(jsonLdObject.getDocumentLoader());
         String canonicalizedLdProofWithoutProofValues = this.canonicalize(dataIntegrityProofWithoutProofValues);
-
-        // hashing
-
-        byte[] canonicalizedJsonLdObjectWithoutProofHash = SHAUtil.sha256(canonicalizedJsonLdObjectWithoutProof);
         byte[] canonicalizedLdProofWithoutProofValuesHash = SHAUtil.sha256(canonicalizedLdProofWithoutProofValues);
+        if (log.isDebugEnabled()) log.debug("Canonicalized LD proof without proof value: {}", canonicalizedLdProofWithoutProofValues);
+        if (log.isDebugEnabled()) log.debug("Hashed canonicalized LD proof without proof value: {}", Hex.encodeHexString(canonicalizedLdProofWithoutProofValuesHash));
 
         // construct the canonicalization result
 

src/main/java/com/danubetech/dataintegrity/signer/DataIntegrityProofLdSigner.java

@@ -50,6 +50,7 @@ public Canonicalizer getCanonicalizer(DataIntegrityProof dataIntegrityProof) {
         if (algorithm == null) throw new IllegalStateException("No algorithm: " + this.getSigner());
         Canonicalizer canonicalizer = DataIntegritySuites.DATA_INTEGRITY_SUITE_DATAINTEGRITYPROOF.findCanonicalizerForCryptosuiteAndAlgorithm(cryptosuite, algorithm);
         if (canonicalizer == null) throw new IllegalArgumentException("No canonicalizer for cryptosuite " + cryptosuite + " and algorithm " + algorithm + ": " + canonicalizer);
+        if (log.isDebugEnabled()) log.debug("Determined canonicalizer for algorithm {} and cryptosuite {}: {}", algorithm, cryptosuite, canonicalizer.getClass().getSimpleName());
         return canonicalizer;
     }
 

src/main/java/com/danubetech/dataintegrity/signer/LdSigner.java

@@ -16,6 +16,7 @@
 import java.net.URI;
 import java.security.GeneralSecurityException;
 import java.util.Date;
+import java.util.Objects;
 
 public abstract class LdSigner<DATAINTEGRITYSUITE extends DataIntegritySuite> {
 
@@ -106,7 +107,7 @@ public DataIntegrityProof sign(JsonLDObject jsonLdObject, boolean addToJsonLdObj
         // add LD contexts to LD proof options if missing
 
         if (dataIntegrityProof.getContexts() == null || dataIntegrityProof.getContexts().isEmpty()) {
-            JsonLDUtils.jsonLdAdd(dataIntegrityProof, Keywords.CONTEXT, jsonLdObject.getContexts().stream().map(JsonLDUtils::uriToString).toList());
+            JsonLDUtils.jsonLdAdd(dataIntegrityProof, Keywords.CONTEXT, jsonLdObject.getContexts().stream().map(JsonLDUtils::uriToString).filter(Objects::nonNull).toList());
         }
 
         // obtain the canonicalized document

src/main/java/com/danubetech/dataintegrity/verifier/DataIntegrityProofLdVerifier.java

@@ -46,6 +46,7 @@ public Canonicalizer getCanonicalizer(DataIntegrityProof dataIntegrityProof) {
         if (algorithm == null) throw new IllegalStateException("No algorithm: " + this.getVerifier());
         Canonicalizer canonicalizer = DataIntegritySuites.DATA_INTEGRITY_SUITE_DATAINTEGRITYPROOF.findCanonicalizerForCryptosuiteAndAlgorithm(cryptosuite, algorithm);
         if (canonicalizer == null) throw new IllegalArgumentException("No canonicalizer for cryptosuite " + cryptosuite + " and algorithm " + algorithm + ": " + canonicalizer);
+        if (log.isDebugEnabled()) log.debug("Determined canonicalizer for algorithm {} and cryptosuite {}: {}", algorithm, cryptosuite, canonicalizer.getClass().getSimpleName());
         return canonicalizer;
     }
 

src/main/java/com/danubetech/dataintegrity/verifier/LdVerifier.java

@@ -1,17 +1,20 @@
 package com.danubetech.dataintegrity.verifier;
 
+import com.apicatalog.jsonld.lang.Keywords;
 import com.danubetech.dataintegrity.DataIntegrityProof;
 import com.danubetech.dataintegrity.canonicalizer.Canonicalizer;
 import com.danubetech.dataintegrity.suites.DataIntegritySuite;
 import com.danubetech.keyformats.crypto.ByteVerifier;
 import foundation.identity.jsonld.JsonLDException;
 import foundation.identity.jsonld.JsonLDObject;
+import foundation.identity.jsonld.JsonLDUtils;
 import org.apache.commons.codec.binary.Hex;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
 import java.io.IOException;
 import java.security.GeneralSecurityException;
+import java.util.Objects;
 
 public abstract class LdVerifier<DATAINTEGRITYSUITE extends DataIntegritySuite> {
 
@@ -55,10 +58,16 @@ public boolean verify(JsonLDObject jsonLdObject, DataIntegrityProof dataIntegrit
 
         this.initialize(dataIntegrityProof);
 
+        // add LD contexts to LD proof options if missing
+
+        if (dataIntegrityProof.getContexts() == null || dataIntegrityProof.getContexts().isEmpty()) {
+            JsonLDUtils.jsonLdAdd(dataIntegrityProof, Keywords.CONTEXT, jsonLdObject.getContexts().stream().map(JsonLDUtils::uriToString).filter(Objects::nonNull).toList());
+        }
+
         // obtain the canonicalized document
 
         Canonicalizer canonicalizer = this.getCanonicalizer(dataIntegrityProof);
-        byte[] canonicalizationResult = this.getCanonicalizer(dataIntegrityProof).canonicalize(dataIntegrityProof, jsonLdObject);
+        byte[] canonicalizationResult = canonicalizer.canonicalize(dataIntegrityProof, jsonLdObject);
         if (log.isDebugEnabled()) log.debug("Canonicalization result with {}: {}", canonicalizer.getClass().getSimpleName(), Hex.encodeHexString(canonicalizationResult));
 
         // verify

src/test/java/com/danubetech/dataintegrity/BasicSignTest.java

@@ -1,5 +1,6 @@
 package com.danubetech.dataintegrity;
 
+import com.danubetech.dataintegrity.util.TestKeys;
 import com.nimbusds.jose.*;
 import com.nimbusds.jose.crypto.RSASSASigner;
 import org.junit.jupiter.api.Test;
@@ -30,7 +31,7 @@ public void testSign() throws Exception {
 
 		JWSObject jwsObject = new JWSObject(jwsHeader, payload);
 
-		JWSSigner jwsSigner = new RSASSASigner(TestUtil.testRSAPrivateKey.getPrivate());
+		JWSSigner jwsSigner = new RSASSASigner(TestKeys.testRSAPrivateKey.getPrivate());
 		jwsObject.sign(jwsSigner);
 		signatureValue = jwsObject.serialize(true);
 

src/test/java/com/danubetech/dataintegrity/BasicVerifyTest.java

@@ -1,9 +1,10 @@
 package com.danubetech.dataintegrity;
 
+import com.danubetech.dataintegrity.util.DetachedJWSObject;
+import com.danubetech.dataintegrity.util.TestKeys;
 import com.nimbusds.jose.JWSVerifier;
 import com.nimbusds.jose.Payload;
 import com.nimbusds.jose.crypto.RSASSAVerifier;
-import com.danubetech.dataintegrity.util.DetachedJWSObject;
 import org.junit.jupiter.api.Test;
 
 import java.util.Collections;
@@ -29,7 +30,7 @@ public void testVerify() throws Exception {
 
 		DetachedJWSObject jwsObject = DetachedJWSObject.parse(signatureValue, jwsPayload);
 
-		JWSVerifier jwsVerifier = new RSASSAVerifier(TestUtil.testRSAPublicKey, Collections.singleton("b64"));
+		JWSVerifier jwsVerifier = new RSASSAVerifier(TestKeys.testRSAPublicKey, Collections.singleton("b64"));
 		verify = jwsVerifier.verify(jwsObject.getHeader(), jwsObject.getSigningInput(), jwsObject.getParsedSignature());
 
 		// done