Modularize crypto signing and verification operations.

Signed-off-by: Markus Sabadello <[email protected]>

Author: peacekeeper

src/main/java/com/danubetech/verifiablecredentials/jwt/JwtObject.java

@@ -0,0 +1,198 @@
+package com.danubetech.verifiablecredentials.jwt;
+
+import java.security.interfaces.RSAPrivateKey;
+import java.security.interfaces.RSAPublicKey;
+
+import org.bitcoinj.core.ECKey;
+
+import com.nimbusds.jose.JOSEException;
+import com.nimbusds.jose.JWSAlgorithm;
+import com.nimbusds.jose.JWSHeader;
+import com.nimbusds.jose.JWSObject;
+import com.nimbusds.jose.JWSSigner;
+import com.nimbusds.jose.JWSVerifier;
+import com.nimbusds.jose.Payload;
+import com.nimbusds.jwt.JWTClaimsSet;
+
+import info.weboftrust.ldsignatures.crypto.ByteSigner;
+import info.weboftrust.ldsignatures.crypto.ByteVerifier;
+import info.weboftrust.ldsignatures.crypto.adapter.JWSSignerAdapter;
+import info.weboftrust.ldsignatures.crypto.adapter.JWSVerifierAdapter;
+import info.weboftrust.ldsignatures.crypto.impl.Ed25519_EdDSA_PrivateKeySigner;
+import info.weboftrust.ldsignatures.crypto.impl.Ed25519_EdDSA_PublicKeyVerifier;
+import info.weboftrust.ldsignatures.crypto.impl.P256K_ES256K_PrivateKeySigner;
+import info.weboftrust.ldsignatures.crypto.impl.P256K_ES256K_PublicKeyVerifier;
+import info.weboftrust.ldsignatures.crypto.impl.RSA_RS256_PrivateKeySigner;
+import info.weboftrust.ldsignatures.crypto.impl.RSA_RS256_PublicKeyVerifier;
+
+abstract class JwtObject <T> {
+
+	private final JWTClaimsSet payload;
+	private final T payloadObject;
+
+	private JWSObject jwsObject;
+	private String compactSerialization;
+
+	protected JwtObject(JWTClaimsSet payload, T payloadObject, JWSObject jwsObject, String compactSerialization) {
+
+		if (payload == null) throw new NullPointerException();
+		if (payloadObject == null) throw new NullPointerException();
+
+		this.payload = payload;
+		this.payloadObject = payloadObject;
+		this.jwsObject = jwsObject;
+		this.compactSerialization = compactSerialization;
+	}
+
+	/*
+	 * Sign
+	 */
+
+	private String sign(JWSSigner jwsSigner, JWSAlgorithm alg) throws JOSEException {
+
+		JWSHeader jwsHeader = new JWSHeader.Builder(alg).build();
+		JWSObject jwsObject = new EscapedSlashWorkaroundJWSObject(jwsHeader, this.getPayload());
+
+		jwsObject.sign(jwsSigner);
+
+		this.jwsObject = jwsObject;
+		this.compactSerialization = jwsObject.serialize();
+
+		return this.compactSerialization;
+	}
+
+	public String sign_RSA_RS256(ByteSigner signer) throws JOSEException {
+
+		return this.sign(new JWSSignerAdapter(signer, JWSAlgorithm.RS256), JWSAlgorithm.RS256);
+	}
+
+	public String sign_RSA_RS256(RSAPrivateKey privateKey) throws JOSEException {
+
+		return this.sign_RSA_RS256(new RSA_RS256_PrivateKeySigner(privateKey));
+	}
+
+	public String sign_RSA_RS256(com.nimbusds.jose.jwk.RSAKey privateKey) throws JOSEException {
+
+		return this.sign(new com.nimbusds.jose.crypto.RSASSASigner(privateKey), JWSAlgorithm.RS256);
+	}
+
+	public String sign_Ed25519_EdDSA(ByteSigner signer) throws JOSEException {
+
+		return this.sign(new JWSSignerAdapter(signer, JWSAlgorithm.EdDSA), JWSAlgorithm.EdDSA);
+	}
+
+	public String sign_Ed25519_EdDSA(byte[] privateKey) throws JOSEException {
+
+		return this.sign_Ed25519_EdDSA(new Ed25519_EdDSA_PrivateKeySigner(privateKey));
+	}
+
+	public String sign_Ed25519_EdDSA(com.nimbusds.jose.jwk.OctetKeyPair privateKey) throws JOSEException {
+
+		return this.sign(new com.nimbusds.jose.crypto.Ed25519Signer(privateKey), JWSAlgorithm.EdDSA);
+	}
+
+	public String sign_P256K_ES256K(ByteSigner signer) throws JOSEException {
+
+		return this.sign(new JWSSignerAdapter(signer, JWSAlgorithm.ES256K), JWSAlgorithm.ES256K);
+	}
+
+	public String sign_P256K_ES256K(ECKey privateKey) throws JOSEException {
+
+		return this.sign_P256K_ES256K(new P256K_ES256K_PrivateKeySigner(privateKey));
+	}
+
+	public String sign_P256K_ES256K(com.nimbusds.jose.jwk.ECKey privateKey) throws JOSEException {
+
+		return this.sign(new com.nimbusds.jose.crypto.ECDSASigner(privateKey), JWSAlgorithm.ES256K);
+	}
+
+	/*
+	 * Verify
+	 */
+
+	private boolean verify(JWSVerifier jwsVerifier) throws JOSEException {
+
+		return this.jwsObject.verify(jwsVerifier);
+	}
+
+	public boolean verify_RSA_RS256(ByteVerifier verifier) throws JOSEException {
+
+		return this.verify(new JWSVerifierAdapter(verifier, JWSAlgorithm.RS256));
+	}
+
+	public boolean verify_RSA_RS256(RSAPublicKey publicKey) throws JOSEException {
+
+		return this.verify_RSA_RS256(new RSA_RS256_PublicKeyVerifier(publicKey));
+	}
+
+	public boolean verify_RSA_RS256(com.nimbusds.jose.jwk.RSAKey publicKey) throws JOSEException {
+
+		return this.verify(new com.nimbusds.jose.crypto.RSASSAVerifier(publicKey));
+	}
+
+	public boolean verify_Ed25519_EdDSA(ByteVerifier verifier) throws JOSEException {
+
+		return this.verify(new JWSVerifierAdapter(verifier, JWSAlgorithm.EdDSA));
+	}
+
+	public boolean verify_Ed25519_EdDSA(byte[] publicKey) throws JOSEException {
+
+		return this.verify_Ed25519_EdDSA(new Ed25519_EdDSA_PublicKeyVerifier(publicKey));
+	}
+
+	public boolean verify_Ed25519_EdDSA(com.nimbusds.jose.jwk.OctetKeyPair publicKey) throws JOSEException {
+
+		return this.verify(new com.nimbusds.jose.crypto.Ed25519Verifier(publicKey));
+	}
+
+	public boolean verify_P256K_ES256K(ByteVerifier verifier) throws JOSEException {
+
+		return this.verify(new JWSVerifierAdapter(verifier, JWSAlgorithm.ES256K));
+	}
+
+	public boolean verify_P256K_ES256K(ECKey publicKey) throws JOSEException {
+
+		return this.verify_P256K_ES256K(new P256K_ES256K_PublicKeyVerifier(publicKey));
+	}
+
+	public boolean verify_P256K_ES256K(com.nimbusds.jose.jwk.ECKey publicKey) throws JOSEException {
+
+		return this.verify(new com.nimbusds.jose.crypto.ECDSAVerifier(publicKey));
+	}
+
+	/*
+	 * Helper class
+	 */
+	
+	private static class EscapedSlashWorkaroundJWSObject extends JWSObject {
+
+		public EscapedSlashWorkaroundJWSObject(final JWSHeader header, final JWTClaimsSet claimsSet) {
+
+			super(header, new Payload(claimsSet.toJSONObject().toJSONString().replace("\\/", "/")));
+		}
+	}
+	
+	/*
+	 * Getters
+	 */
+
+	public JWTClaimsSet getPayload() {
+
+		return this.payload;
+	}
+
+	public T getPayloadObject() {
+
+		return this.payloadObject;
+	}
+
+	public JWSObject getJwsObject() {
+
+		return this.jwsObject;
+	}
+
+	public String getCompactSerialization() {
+
+		return this.compactSerialization;
+	}
+}

src/main/java/com/danubetech/verifiablecredentials/jwt/JwtVerifiableCredential.java

@@ -2,73 +2,36 @@
 
 import java.io.IOException;
 import java.security.GeneralSecurityException;
-import java.security.PublicKey;
-import java.security.interfaces.RSAPublicKey;
 import java.text.ParseException;
 import java.util.Date;
 
 import com.danubetech.verifiablecredentials.VerifiableCredential;
 import com.fasterxml.jackson.core.JsonParseException;
 import com.nimbusds.jose.JOSEException;
-import com.nimbusds.jose.JWSAlgorithm;
-import com.nimbusds.jose.JWSHeader;
-import com.nimbusds.jose.JWSSigner;
-import com.nimbusds.jose.JWSVerifier;
-import com.nimbusds.jose.crypto.ECDSASigner;
-import com.nimbusds.jose.crypto.Ed25519Signer;
-import com.nimbusds.jose.crypto.RSASSASigner;
-import com.nimbusds.jose.crypto.RSASSAVerifier;
-import com.nimbusds.jose.jwk.ECKey;
-import com.nimbusds.jose.jwk.OctetKeyPair;
-import com.nimbusds.jose.jwk.RSAKey;
+import com.nimbusds.jose.JWSObject;
 import com.nimbusds.jwt.JWTClaimsSet;
 import com.nimbusds.jwt.SignedJWT;
 
 import net.minidev.json.JSONObject;
 
-public class JwtVerifiableCredential {
+public class JwtVerifiableCredential extends JwtObject<VerifiableCredential> {
 
 	public static final String JWT_CLAIM_VC = "vc";
 
-	private final JWTClaimsSet payload;
-	private final VerifiableCredential payloadVerifiableCredential;
+	private JwtVerifiableCredential(JWTClaimsSet payload, VerifiableCredential payloadObject, JWSObject jwsObject, String compactSerialization) {
 
-	private String compactSerialization;
-
-	private JwtVerifiableCredential(JWTClaimsSet payload, VerifiableCredential payloadVerifiableCredential, String compactSerialization) {
-
-		if (payload == null) throw new NullPointerException();
-		if (payloadVerifiableCredential == null) throw new NullPointerException();
-
-		this.payload = payload;
-		this.payloadVerifiableCredential = payloadVerifiableCredential;
-		this.compactSerialization = compactSerialization;
+		super(payload, payloadObject, jwsObject, compactSerialization);
 	}
 
-	public static JwtVerifiableCredential fromJwt(String jwt, String algorithm, PublicKey publicKey, boolean doValidate) throws GeneralSecurityException, ParseException, JOSEException, JsonParseException, IOException {
-
-		boolean validate;
-
-		SignedJWT signedJWT = SignedJWT.parse(jwt);
+	public static JwtVerifiableCredential fromCompactSerialization(String compactSerialization) throws GeneralSecurityException, ParseException, JOSEException, JsonParseException, IOException {
 
-		if (doValidate) {
+		SignedJWT signedJWT = SignedJWT.parse(compactSerialization);
 
-			JWSVerifier verifier = new RSASSAVerifier((RSAPublicKey) publicKey);
-			validate = signedJWT.verify(verifier);
-
-			if (! validate) throw new GeneralSecurityException("Invalid signature: " + jwt);
-		}
-
-		JWTClaimsSet jwtPayload = signedJWT.getJWTClaimsSet();
-		JSONObject jsonLdObject = (JSONObject) jwtPayload.getClaims().get(JWT_CLAIM_VC);
+		JWTClaimsSet payload = signedJWT.getJWTClaimsSet();
+		JSONObject jsonLdObject = (JSONObject) payload.getClaims().get(JWT_CLAIM_VC);
 		VerifiableCredential payloadVerifiableCredential = VerifiableCredential.fromJsonString(jsonLdObject.toJSONString(), false);
 
-		return new JwtVerifiableCredential(jwtPayload, payloadVerifiableCredential, jwt);
-	}
-
-	public static JwtVerifiableCredential fromJwt(String jwt, String algorithm, PublicKey publicKey) throws GeneralSecurityException, ParseException, JOSEException, JsonParseException, IOException {
-
-		return fromJwt(jwt, algorithm, publicKey, true);
+		return new JwtVerifiableCredential(payload, payloadVerifiableCredential, signedJWT, compactSerialization);
 	}
 
 	public static JwtVerifiableCredential fromVerifiableCredential(VerifiableCredential verifiableCredential, String aud) {
@@ -122,75 +85,23 @@ public static JwtVerifiableCredential fromVerifiableCredential(VerifiableCredent
 
 		payloadBuilder.claim(JWT_CLAIM_VC, payloadVerifiableCredential.getJsonLdObject());
 
-		return new JwtVerifiableCredential(payloadBuilder.build(), payloadVerifiableCredential, null);
+		JWTClaimsSet payload = payloadBuilder.build();
+
+		return new JwtVerifiableCredential(payload, payloadVerifiableCredential, null, null);
 	}
 
 	public static JwtVerifiableCredential fromVerifiableCredential(VerifiableCredential verifiableCredential) {
 
 		return fromVerifiableCredential(verifiableCredential, null);
 	}
 
-	public JWTClaimsSet getPayload() {
-
-		return this.payload;
-	}
-
-	public VerifiableCredential getPayloadVerifiableCredential() {
-
-		return this.payloadVerifiableCredential;
-	}
-
-	public String getCompactSerialization() {
-
-		return this.compactSerialization;
-	}
-
-	public String toJwt(RSAKey rsaKey) throws JOSEException {
-
-		JWSHeader jwsHeader = new JWSHeader.Builder(JWSAlgorithm.RS256).build();
-		SignedJWT signedJWT = new SignedJWT(jwsHeader, this.getPayload());
-
-		JWSSigner signer = new RSASSASigner(rsaKey);
-
-		signedJWT.sign(signer);
-
-		this.compactSerialization = signedJWT.serialize();
-		return compactSerialization;
-	}
-
-	public String toJwt(OctetKeyPair octetKeyPair) throws JOSEException {
-
-		JWSHeader jwsHeader = new JWSHeader.Builder(JWSAlgorithm.EdDSA).build();
-		SignedJWT signedJWT = new SignedJWT(jwsHeader, this.getPayload());
-
-		JWSSigner signer = new Ed25519Signer(octetKeyPair);
-
-		signedJWT.sign(signer);
-
-		this.compactSerialization = signedJWT.serialize();
-		return compactSerialization;
-	}
-
-	public String toJwt(ECKey ecKey) throws JOSEException {
-
-		JWSHeader jwsHeader = new JWSHeader.Builder(JWSAlgorithm.ES256K).build();
-		SignedJWT signedJWT = new SignedJWT(jwsHeader, this.getPayload());
-
-		JWSSigner signer = new ECDSASigner(ecKey);
-
-		signedJWT.sign(signer);
-
-		this.compactSerialization = signedJWT.serialize();
-		return compactSerialization;
-	}
-
 	public VerifiableCredential toVerifiableCredential() {
 
 		VerifiableCredential verifiableCredential;
 
 		try {
 
-			verifiableCredential = VerifiableCredential.fromJsonString(this.getPayloadVerifiableCredential().toJsonString(), false);
+			verifiableCredential = VerifiableCredential.fromJsonString(this.getPayloadObject().toJsonString(), false);
 		} catch (IOException ex) {
 
 			throw new RuntimeException(ex.getMessage(), ex);