diff --git a/src/main/java/info/weboftrust/ldsignatures/crypto/ByteSigner.java b/src/main/java/info/weboftrust/ldsignatures/crypto/ByteSigner.java new file mode 100644 index 0000000..6a70ec5 --- /dev/null +++ b/src/main/java/info/weboftrust/ldsignatures/crypto/ByteSigner.java @@ -0,0 +1,27 @@ +package info.weboftrust.ldsignatures.crypto; + +import java.security.GeneralSecurityException; + +public abstract class ByteSigner { + + private final String algorithm; + + protected ByteSigner(String algorithm) { + + this.algorithm = algorithm; + } + + public final byte[] sign(byte[] content, String algorithm) throws GeneralSecurityException { + + if (! algorithm.equals(this.algorithm)) throw new GeneralSecurityException("Unexpected algorithm " + algorithm + " is different from " + this.algorithm); + + return this.sign(content); + } + + protected abstract byte[] sign(byte[] content) throws GeneralSecurityException; + + public String getAlgorithm() { + + return this.algorithm; + } +} diff --git a/src/main/java/info/weboftrust/ldsignatures/crypto/ByteVerifier.java b/src/main/java/info/weboftrust/ldsignatures/crypto/ByteVerifier.java new file mode 100644 index 0000000..f4fe4f5 --- /dev/null +++ b/src/main/java/info/weboftrust/ldsignatures/crypto/ByteVerifier.java @@ -0,0 +1,27 @@ +package info.weboftrust.ldsignatures.crypto; + +import java.security.GeneralSecurityException; + +public abstract class ByteVerifier { + + private final String algorithm; + + protected ByteVerifier(String algorithm) { + + this.algorithm = algorithm; + } + + public final boolean verify(byte[] content, byte[] signature, String algorithm) throws GeneralSecurityException { + + if (! algorithm.equals(this.algorithm)) throw new GeneralSecurityException("Unexpected algorithm " + algorithm + " is different from " + this.algorithm); + + return this.verify(content, signature); + } + + protected abstract boolean verify(byte[] content, byte[] signature) throws GeneralSecurityException; + + public String getAlgorithm() { + + return this.algorithm; + } +} diff --git a/src/main/java/info/weboftrust/ldsignatures/crypto/PrivateKeySigner.java b/src/main/java/info/weboftrust/ldsignatures/crypto/PrivateKeySigner.java new file mode 100644 index 0000000..869b1de --- /dev/null +++ b/src/main/java/info/weboftrust/ldsignatures/crypto/PrivateKeySigner.java @@ -0,0 +1,18 @@ +package info.weboftrust.ldsignatures.crypto; + +public abstract class PrivateKeySigner extends ByteSigner { + + private T privateKey; + + protected PrivateKeySigner(T privateKey, String algorithm) { + + super(algorithm); + + this.privateKey = privateKey; + } + + protected T getPrivateKey() { + + return this.privateKey; + } +} diff --git a/src/main/java/info/weboftrust/ldsignatures/crypto/PrivateKeySignerFactory.java b/src/main/java/info/weboftrust/ldsignatures/crypto/PrivateKeySignerFactory.java new file mode 100644 index 0000000..a65951e --- /dev/null +++ b/src/main/java/info/weboftrust/ldsignatures/crypto/PrivateKeySignerFactory.java @@ -0,0 +1,39 @@ +package info.weboftrust.ldsignatures.crypto; + +import java.security.interfaces.RSAPrivateKey; + +import org.bitcoinj.core.ECKey; + +import com.nimbusds.jose.JOSEException; +import com.nimbusds.jose.JWSAlgorithm; +import com.nimbusds.jose.jwk.Curve; +import com.nimbusds.jose.jwk.KeyType; + +import info.weboftrust.ldsignatures.crypto.impl.Ed25519_EdDSA_PrivateKeySigner; +import info.weboftrust.ldsignatures.crypto.impl.P256K_ES256K_PrivateKeySigner; +import info.weboftrust.ldsignatures.crypto.impl.RSA_PS256_PrivateKeySigner; +import info.weboftrust.ldsignatures.crypto.impl.RSA_RS256_PrivateKeySigner; + +public class PrivateKeySignerFactory { + + public static PrivateKeySigner privateKeySignerForKey(String keyType, String algorithm, Object privateKey) throws JOSEException { + + if (keyType == null) throw new NullPointerException("No key type provided."); + if (algorithm == null) throw new NullPointerException("No algorithm provided."); + if (privateKey == null) throw new NullPointerException("No private key provided."); + + if (KeyType.RSA.getValue().equals(keyType)) { + + if (JWSAlgorithm.RS256.getName().equals(algorithm)) return new RSA_RS256_PrivateKeySigner((RSAPrivateKey) privateKey); + if (JWSAlgorithm.PS256.getName().equals(algorithm)) return new RSA_PS256_PrivateKeySigner((RSAPrivateKey) privateKey); + } else if (Curve.P_256K.getName().equals(keyType)) { + + if (JWSAlgorithm.ES256K.getName().equals(algorithm)) return new P256K_ES256K_PrivateKeySigner((ECKey) privateKey); + } else if (Curve.Ed25519.getName().equals(keyType)) { + + if (JWSAlgorithm.EdDSA.getName().equals(algorithm)) return new Ed25519_EdDSA_PrivateKeySigner((byte[]) privateKey); + } + + throw new IllegalArgumentException("Unsupported key " + keyType + " and/or algorithm " + algorithm); + } +} diff --git a/src/main/java/info/weboftrust/ldsignatures/crypto/PublicKeyVerifier.java b/src/main/java/info/weboftrust/ldsignatures/crypto/PublicKeyVerifier.java new file mode 100644 index 0000000..fc4c37a --- /dev/null +++ b/src/main/java/info/weboftrust/ldsignatures/crypto/PublicKeyVerifier.java @@ -0,0 +1,18 @@ +package info.weboftrust.ldsignatures.crypto; + +public abstract class PublicKeyVerifier extends ByteVerifier { + + private T publicKey; + + protected PublicKeyVerifier(T publicKey, String algorithm) { + + super(algorithm); + + this.publicKey = publicKey; + } + + protected T getPublicKey() { + + return this.publicKey; + } +} diff --git a/src/main/java/info/weboftrust/ldsignatures/crypto/PublicKeyVerifierFactory.java b/src/main/java/info/weboftrust/ldsignatures/crypto/PublicKeyVerifierFactory.java new file mode 100644 index 0000000..8a8a0b9 --- /dev/null +++ b/src/main/java/info/weboftrust/ldsignatures/crypto/PublicKeyVerifierFactory.java @@ -0,0 +1,39 @@ +package info.weboftrust.ldsignatures.crypto; + +import java.security.interfaces.RSAPublicKey; + +import org.bitcoinj.core.ECKey; + +import com.nimbusds.jose.JOSEException; +import com.nimbusds.jose.JWSAlgorithm; +import com.nimbusds.jose.jwk.Curve; +import com.nimbusds.jose.jwk.KeyType; + +import info.weboftrust.ldsignatures.crypto.impl.Ed25519_EdDSA_PublicKeyVerifier; +import info.weboftrust.ldsignatures.crypto.impl.P256K_ES256K_PublicKeyVerifier; +import info.weboftrust.ldsignatures.crypto.impl.RSA_PS256_PublicKeyVerifier; +import info.weboftrust.ldsignatures.crypto.impl.RSA_RS256_PublicKeyVerifier; + +public class PublicKeyVerifierFactory { + + public static PublicKeyVerifier publicKeyVerifierForKey(String keyType, String algorithm, Object publicKey) throws JOSEException { + + if (keyType == null) throw new NullPointerException("No key type provided."); + if (algorithm == null) throw new NullPointerException("No algorithm provided."); + if (publicKey == null) throw new NullPointerException("No public key provided."); + + if (KeyType.RSA.getValue().equals(keyType)) { + + if (JWSAlgorithm.RS256.getName().equals(algorithm)) return new RSA_RS256_PublicKeyVerifier((RSAPublicKey) publicKey); + if (JWSAlgorithm.PS256.getName().equals(algorithm)) return new RSA_PS256_PublicKeyVerifier((RSAPublicKey) publicKey); + } else if (Curve.P_256K.getName().equals(keyType)) { + + if (JWSAlgorithm.ES256K.getName().equals(algorithm)) return new P256K_ES256K_PublicKeyVerifier((ECKey) publicKey); + } else if (Curve.Ed25519.getName().equals(keyType)) { + + if (JWSAlgorithm.EdDSA.getName().equals(algorithm)) return new Ed25519_EdDSA_PublicKeyVerifier((byte[]) publicKey); + } + + throw new IllegalArgumentException("Unsupported key " + keyType + " and/or algorithm " + algorithm); + } +} diff --git a/src/main/java/info/weboftrust/ldsignatures/crypto/adapter/JWSSignerAdapter.java b/src/main/java/info/weboftrust/ldsignatures/crypto/adapter/JWSSignerAdapter.java new file mode 100644 index 0000000..69436c6 --- /dev/null +++ b/src/main/java/info/weboftrust/ldsignatures/crypto/adapter/JWSSignerAdapter.java @@ -0,0 +1,53 @@ +package info.weboftrust.ldsignatures.crypto.adapter; + +import java.security.GeneralSecurityException; +import java.util.Collections; + +import com.nimbusds.jose.JOSEException; +import com.nimbusds.jose.JWSAlgorithm; +import com.nimbusds.jose.JWSHeader; +import com.nimbusds.jose.JWSSigner; +import com.nimbusds.jose.crypto.impl.BaseJWSProvider; +import com.nimbusds.jose.util.Base64URL; + +import info.weboftrust.ldsignatures.crypto.ByteSigner; + +public class JWSSignerAdapter extends BaseJWSProvider implements JWSSigner { + + private ByteSigner signer; + + public JWSSignerAdapter(ByteSigner signer, JWSAlgorithm algorithm) { + + super(Collections.singleton(algorithm)); + + this.signer = signer; + } + + @Override + public Base64URL sign(final JWSHeader header, final byte[] signingInput) throws JOSEException { + + if (! this.supportedJWSAlgorithms().contains(header.getAlgorithm())) throw new JOSEException("Unexpected algorithm: " + header.getAlgorithm()); + + try { + + return Base64URL.encode(this.signer.sign(signingInput, header.getAlgorithm().getName())); + } catch (GeneralSecurityException ex) { + + throw new JOSEException(ex.getMessage(), ex); + } + } + + /* + * Getters and setters + */ + + public ByteSigner getSigner() { + + return this.signer; + } + + public void setSigner(ByteSigner signer) { + + this.signer = signer; + } +} \ No newline at end of file diff --git a/src/main/java/info/weboftrust/ldsignatures/crypto/adapter/JWSVerifierAdapter.java b/src/main/java/info/weboftrust/ldsignatures/crypto/adapter/JWSVerifierAdapter.java new file mode 100644 index 0000000..e29a402 --- /dev/null +++ b/src/main/java/info/weboftrust/ldsignatures/crypto/adapter/JWSVerifierAdapter.java @@ -0,0 +1,39 @@ +package info.weboftrust.ldsignatures.crypto.adapter; + +import java.security.GeneralSecurityException; +import java.util.Collections; + +import com.nimbusds.jose.JOSEException; +import com.nimbusds.jose.JWSAlgorithm; +import com.nimbusds.jose.JWSHeader; +import com.nimbusds.jose.JWSVerifier; +import com.nimbusds.jose.crypto.impl.BaseJWSProvider; +import com.nimbusds.jose.util.Base64URL; + +import info.weboftrust.ldsignatures.crypto.ByteVerifier; + +public class JWSVerifierAdapter extends BaseJWSProvider implements JWSVerifier { + + private ByteVerifier verifier; + + public JWSVerifierAdapter(ByteVerifier verifier, JWSAlgorithm algorithm) { + + super(Collections.singleton(algorithm)); + + this.verifier = verifier; + } + + @Override + public boolean verify(JWSHeader header, byte[] signingInput, Base64URL signature) throws JOSEException { + + if (! this.supportedJWSAlgorithms().contains(header.getAlgorithm())) throw new JOSEException("Unexpected algorithm: " + header.getAlgorithm()); + + try { + + return this.verifier.verify(signingInput, signature.decode(), header.getAlgorithm().getName()); + } catch (GeneralSecurityException ex) { + + throw new JOSEException(ex.getMessage(), ex); + } + } +} \ No newline at end of file diff --git a/src/main/java/info/weboftrust/ldsignatures/crypto/impl/Ed25519_EdDSA_LibIndySigner.java b/src/main/java/info/weboftrust/ldsignatures/crypto/impl/Ed25519_EdDSA_LibIndySigner.java new file mode 100644 index 0000000..986faac --- /dev/null +++ b/src/main/java/info/weboftrust/ldsignatures/crypto/impl/Ed25519_EdDSA_LibIndySigner.java @@ -0,0 +1,36 @@ +package info.weboftrust.ldsignatures.crypto.impl; + +import java.security.GeneralSecurityException; +import java.util.concurrent.ExecutionException; + +import org.hyperledger.indy.sdk.IndyException; +import org.hyperledger.indy.sdk.crypto.Crypto; +import org.hyperledger.indy.sdk.wallet.Wallet; + +import info.weboftrust.ldsignatures.crypto.ByteSigner; + +public class Ed25519_EdDSA_LibIndySigner extends ByteSigner { + + private Wallet wallet; + private String signerVk; + + public Ed25519_EdDSA_LibIndySigner(byte[] privateKey, Wallet wallet, String signerVk) { + + super("EdDSA"); + + this.wallet = wallet; + this.signerVk = signerVk; + } + + @Override + public byte[] sign(byte[] content) throws GeneralSecurityException { + + try { + + return Crypto.cryptoSign(this.wallet, this.signerVk, content).get(); + } catch (InterruptedException | ExecutionException | IndyException ex) { + + throw new GeneralSecurityException(ex.getMessage(), ex); + } + } +} diff --git a/src/main/java/info/weboftrust/ldsignatures/crypto/impl/Ed25519_EdDSA_PrivateKeySigner.java b/src/main/java/info/weboftrust/ldsignatures/crypto/impl/Ed25519_EdDSA_PrivateKeySigner.java new file mode 100644 index 0000000..a71e565 --- /dev/null +++ b/src/main/java/info/weboftrust/ldsignatures/crypto/impl/Ed25519_EdDSA_PrivateKeySigner.java @@ -0,0 +1,20 @@ +package info.weboftrust.ldsignatures.crypto.impl; + +import java.security.GeneralSecurityException; + +import info.weboftrust.ldsignatures.crypto.PrivateKeySigner; +import info.weboftrust.ldsignatures.crypto.provider.EC25519Provider; + +public class Ed25519_EdDSA_PrivateKeySigner extends PrivateKeySigner { + + public Ed25519_EdDSA_PrivateKeySigner(byte[] privateKey) { + + super(privateKey, "EdDSA"); + } + + @Override + public byte[] sign(byte[] content) throws GeneralSecurityException { + + return EC25519Provider.get().sign(content, this.getPrivateKey()); + } +} diff --git a/src/main/java/info/weboftrust/ldsignatures/crypto/impl/Ed25519_EdDSA_PublicKeyVerifier.java b/src/main/java/info/weboftrust/ldsignatures/crypto/impl/Ed25519_EdDSA_PublicKeyVerifier.java new file mode 100644 index 0000000..d392b09 --- /dev/null +++ b/src/main/java/info/weboftrust/ldsignatures/crypto/impl/Ed25519_EdDSA_PublicKeyVerifier.java @@ -0,0 +1,20 @@ +package info.weboftrust.ldsignatures.crypto.impl; + +import java.security.GeneralSecurityException; + +import info.weboftrust.ldsignatures.crypto.PublicKeyVerifier; +import info.weboftrust.ldsignatures.crypto.provider.EC25519Provider; + +public class Ed25519_EdDSA_PublicKeyVerifier extends PublicKeyVerifier { + + public Ed25519_EdDSA_PublicKeyVerifier(byte[] publicKey) { + + super(publicKey, "EdDSA"); + } + + @Override + public boolean verify(byte[] content, byte[] signature) throws GeneralSecurityException { + + return EC25519Provider.get().verify(content, signature, this.getPublicKey()); + } +} diff --git a/src/main/java/info/weboftrust/ldsignatures/crypto/impl/P256K_ES256K_PrivateKeySigner.java b/src/main/java/info/weboftrust/ldsignatures/crypto/impl/P256K_ES256K_PrivateKeySigner.java new file mode 100644 index 0000000..bb67085 --- /dev/null +++ b/src/main/java/info/weboftrust/ldsignatures/crypto/impl/P256K_ES256K_PrivateKeySigner.java @@ -0,0 +1,22 @@ +package info.weboftrust.ldsignatures.crypto.impl; + +import java.security.GeneralSecurityException; + +import org.bitcoinj.core.ECKey; +import org.bitcoinj.core.Sha256Hash; + +import info.weboftrust.ldsignatures.crypto.PrivateKeySigner; + +public class P256K_ES256K_PrivateKeySigner extends PrivateKeySigner { + + public P256K_ES256K_PrivateKeySigner(ECKey privateKey) { + + super(privateKey, "ES256K"); + } + + @Override + public byte[] sign(byte[] content) throws GeneralSecurityException { + + return this.getPrivateKey().sign(Sha256Hash.of(content)).encodeToDER(); + } +} diff --git a/src/main/java/info/weboftrust/ldsignatures/crypto/impl/P256K_ES256K_PublicKeyVerifier.java b/src/main/java/info/weboftrust/ldsignatures/crypto/impl/P256K_ES256K_PublicKeyVerifier.java new file mode 100644 index 0000000..2dd1563 --- /dev/null +++ b/src/main/java/info/weboftrust/ldsignatures/crypto/impl/P256K_ES256K_PublicKeyVerifier.java @@ -0,0 +1,29 @@ +package info.weboftrust.ldsignatures.crypto.impl; + +import java.security.GeneralSecurityException; + +import org.bitcoinj.core.ECKey; +import org.bitcoinj.core.Sha256Hash; +import org.bitcoinj.core.SignatureDecodeException; + +import info.weboftrust.ldsignatures.crypto.PublicKeyVerifier; + +public class P256K_ES256K_PublicKeyVerifier extends PublicKeyVerifier { + + public P256K_ES256K_PublicKeyVerifier(ECKey publicKey) { + + super(publicKey, "ES256K"); + } + + @Override + public boolean verify(byte[] content, byte[] signature) throws GeneralSecurityException { + + try { + + return this.getPublicKey().verify(Sha256Hash.hash(content), signature); + } catch (SignatureDecodeException ex) { + + throw new GeneralSecurityException(ex.getMessage(), ex); + } + } +} diff --git a/src/main/java/info/weboftrust/ldsignatures/crypto/impl/RSA_PS256_PrivateKeySigner.java b/src/main/java/info/weboftrust/ldsignatures/crypto/impl/RSA_PS256_PrivateKeySigner.java new file mode 100644 index 0000000..75d00ea --- /dev/null +++ b/src/main/java/info/weboftrust/ldsignatures/crypto/impl/RSA_PS256_PrivateKeySigner.java @@ -0,0 +1,31 @@ +package info.weboftrust.ldsignatures.crypto.impl; + +import java.security.GeneralSecurityException; +import java.security.Signature; +import java.security.interfaces.RSAPrivateKey; +import java.security.spec.MGF1ParameterSpec; +import java.security.spec.PSSParameterSpec; + +import info.weboftrust.ldsignatures.crypto.PrivateKeySigner; + +public class RSA_PS256_PrivateKeySigner extends PrivateKeySigner { + + public RSA_PS256_PrivateKeySigner(RSAPrivateKey privateKey) { + + super(privateKey, "PS256"); + } + + @Override + public byte[] sign(byte[] content) throws GeneralSecurityException { + + PSSParameterSpec pssParameterSpec = new PSSParameterSpec("SHA256", "MGF1", MGF1ParameterSpec.SHA256, 32, 1); + + Signature jcaSignature = Signature.getInstance("SHA256withRSAandMGF1"); + jcaSignature.setParameter(pssParameterSpec); + + jcaSignature.initSign(this.getPrivateKey()); + jcaSignature.update(content); + + return jcaSignature.sign(); + } +} diff --git a/src/main/java/info/weboftrust/ldsignatures/crypto/impl/RSA_PS256_PublicKeyVerifier.java b/src/main/java/info/weboftrust/ldsignatures/crypto/impl/RSA_PS256_PublicKeyVerifier.java new file mode 100644 index 0000000..5180f99 --- /dev/null +++ b/src/main/java/info/weboftrust/ldsignatures/crypto/impl/RSA_PS256_PublicKeyVerifier.java @@ -0,0 +1,31 @@ +package info.weboftrust.ldsignatures.crypto.impl; + +import java.security.GeneralSecurityException; +import java.security.Signature; +import java.security.interfaces.RSAPublicKey; +import java.security.spec.MGF1ParameterSpec; +import java.security.spec.PSSParameterSpec; + +import info.weboftrust.ldsignatures.crypto.PublicKeyVerifier; + +public class RSA_PS256_PublicKeyVerifier extends PublicKeyVerifier { + + public RSA_PS256_PublicKeyVerifier(RSAPublicKey publicKey) { + + super(publicKey, "RS256"); + } + + @Override + public boolean verify(byte[] content, byte[] signature) throws GeneralSecurityException { + + PSSParameterSpec pssParameterSpec = new PSSParameterSpec("SHA256", "MGF1", MGF1ParameterSpec.SHA256, 32, 1); + + Signature jcaSignature = Signature.getInstance("SHA256withRSAandMGF1"); + jcaSignature.setParameter(pssParameterSpec); + + jcaSignature.initVerify(this.getPublicKey()); + jcaSignature.update(content); + + return jcaSignature.verify(signature); + } +} diff --git a/src/main/java/info/weboftrust/ldsignatures/crypto/impl/RSA_RS256_PrivateKeySigner.java b/src/main/java/info/weboftrust/ldsignatures/crypto/impl/RSA_RS256_PrivateKeySigner.java new file mode 100644 index 0000000..24b83df --- /dev/null +++ b/src/main/java/info/weboftrust/ldsignatures/crypto/impl/RSA_RS256_PrivateKeySigner.java @@ -0,0 +1,26 @@ +package info.weboftrust.ldsignatures.crypto.impl; + +import java.security.GeneralSecurityException; +import java.security.Signature; +import java.security.interfaces.RSAPrivateKey; + +import info.weboftrust.ldsignatures.crypto.PrivateKeySigner; + +public class RSA_RS256_PrivateKeySigner extends PrivateKeySigner { + + public RSA_RS256_PrivateKeySigner(RSAPrivateKey privateKey) { + + super(privateKey, "RS256"); + } + + @Override + public byte[] sign(byte[] content) throws GeneralSecurityException { + + Signature jcaSignature = Signature.getInstance("SHA256withRSA"); + + jcaSignature.initSign(this.getPrivateKey()); + jcaSignature.update(content); + + return jcaSignature.sign(); + } +} diff --git a/src/main/java/info/weboftrust/ldsignatures/crypto/impl/RSA_RS256_PublicKeyVerifier.java b/src/main/java/info/weboftrust/ldsignatures/crypto/impl/RSA_RS256_PublicKeyVerifier.java new file mode 100644 index 0000000..8e82d5c --- /dev/null +++ b/src/main/java/info/weboftrust/ldsignatures/crypto/impl/RSA_RS256_PublicKeyVerifier.java @@ -0,0 +1,26 @@ +package info.weboftrust.ldsignatures.crypto.impl; + +import java.security.GeneralSecurityException; +import java.security.Signature; +import java.security.interfaces.RSAPublicKey; + +import info.weboftrust.ldsignatures.crypto.PublicKeyVerifier; + +public class RSA_RS256_PublicKeyVerifier extends PublicKeyVerifier { + + public RSA_RS256_PublicKeyVerifier(RSAPublicKey publicKey) { + + super(publicKey, "RS256"); + } + + @Override + public boolean verify(byte[] content, byte[] signature) throws GeneralSecurityException { + + Signature jcaSignature = Signature.getInstance("SHA256withRSA"); + + jcaSignature.initVerify(this.getPublicKey()); + jcaSignature.update(content); + + return jcaSignature.verify(signature); + } +} diff --git a/src/main/java/info/weboftrust/ldsignatures/crypto/EC25519Provider.java b/src/main/java/info/weboftrust/ldsignatures/crypto/provider/EC25519Provider.java similarity index 96% rename from src/main/java/info/weboftrust/ldsignatures/crypto/EC25519Provider.java rename to src/main/java/info/weboftrust/ldsignatures/crypto/provider/EC25519Provider.java index d897f4c..aebc1f2 100644 --- a/src/main/java/info/weboftrust/ldsignatures/crypto/EC25519Provider.java +++ b/src/main/java/info/weboftrust/ldsignatures/crypto/provider/EC25519Provider.java @@ -1,4 +1,4 @@ -package info.weboftrust.ldsignatures.crypto; +package info.weboftrust.ldsignatures.crypto.provider; import java.security.GeneralSecurityException; import java.util.Iterator; diff --git a/src/main/java/info/weboftrust/ldsignatures/crypto/RandomProvider.java b/src/main/java/info/weboftrust/ldsignatures/crypto/provider/RandomProvider.java similarity index 94% rename from src/main/java/info/weboftrust/ldsignatures/crypto/RandomProvider.java rename to src/main/java/info/weboftrust/ldsignatures/crypto/provider/RandomProvider.java index 2504360..68df138 100644 --- a/src/main/java/info/weboftrust/ldsignatures/crypto/RandomProvider.java +++ b/src/main/java/info/weboftrust/ldsignatures/crypto/provider/RandomProvider.java @@ -1,4 +1,4 @@ -package info.weboftrust.ldsignatures.crypto; +package info.weboftrust.ldsignatures.crypto.provider; import java.security.GeneralSecurityException; import java.util.Iterator; diff --git a/src/main/java/info/weboftrust/ldsignatures/crypto/SHA256Provider.java b/src/main/java/info/weboftrust/ldsignatures/crypto/provider/SHA256Provider.java similarity index 94% rename from src/main/java/info/weboftrust/ldsignatures/crypto/SHA256Provider.java rename to src/main/java/info/weboftrust/ldsignatures/crypto/provider/SHA256Provider.java index 145a0a3..7f1e6b7 100644 --- a/src/main/java/info/weboftrust/ldsignatures/crypto/SHA256Provider.java +++ b/src/main/java/info/weboftrust/ldsignatures/crypto/provider/SHA256Provider.java @@ -1,4 +1,4 @@ -package info.weboftrust.ldsignatures.crypto; +package info.weboftrust.ldsignatures.crypto.provider; import java.security.GeneralSecurityException; import java.util.Iterator; diff --git a/src/main/java/info/weboftrust/ldsignatures/crypto/impl/NaClSodiumEC25519Provider.java b/src/main/java/info/weboftrust/ldsignatures/crypto/provider/impl/NaClSodiumEC25519Provider.java similarity index 93% rename from src/main/java/info/weboftrust/ldsignatures/crypto/impl/NaClSodiumEC25519Provider.java rename to src/main/java/info/weboftrust/ldsignatures/crypto/provider/impl/NaClSodiumEC25519Provider.java index 6322e67..8a9a496 100644 --- a/src/main/java/info/weboftrust/ldsignatures/crypto/impl/NaClSodiumEC25519Provider.java +++ b/src/main/java/info/weboftrust/ldsignatures/crypto/provider/impl/NaClSodiumEC25519Provider.java @@ -1,4 +1,4 @@ -package info.weboftrust.ldsignatures.crypto.impl; +package info.weboftrust.ldsignatures.crypto.provider.impl; import java.security.GeneralSecurityException; import java.util.Arrays; @@ -6,9 +6,9 @@ import org.abstractj.kalium.NaCl; import org.abstractj.kalium.NaCl.Sodium; -import info.weboftrust.ldsignatures.crypto.EC25519Provider; -import info.weboftrust.ldsignatures.crypto.RandomProvider; -import info.weboftrust.ldsignatures.crypto.SHA256Provider; +import info.weboftrust.ldsignatures.crypto.provider.EC25519Provider; +import info.weboftrust.ldsignatures.crypto.provider.RandomProvider; +import info.weboftrust.ldsignatures.crypto.provider.SHA256Provider; import jnr.ffi.byref.LongLongByReference; public class NaClSodiumEC25519Provider extends EC25519Provider { diff --git a/src/main/java/info/weboftrust/ldsignatures/crypto/impl/NaClSodiumRandomProvider.java b/src/main/java/info/weboftrust/ldsignatures/crypto/provider/impl/NaClSodiumRandomProvider.java similarity index 79% rename from src/main/java/info/weboftrust/ldsignatures/crypto/impl/NaClSodiumRandomProvider.java rename to src/main/java/info/weboftrust/ldsignatures/crypto/provider/impl/NaClSodiumRandomProvider.java index cb720d2..d7a80c8 100644 --- a/src/main/java/info/weboftrust/ldsignatures/crypto/impl/NaClSodiumRandomProvider.java +++ b/src/main/java/info/weboftrust/ldsignatures/crypto/provider/impl/NaClSodiumRandomProvider.java @@ -1,11 +1,11 @@ -package info.weboftrust.ldsignatures.crypto.impl; +package info.weboftrust.ldsignatures.crypto.provider.impl; import java.security.GeneralSecurityException; import org.abstractj.kalium.NaCl; import org.abstractj.kalium.NaCl.Sodium; -import info.weboftrust.ldsignatures.crypto.RandomProvider; +import info.weboftrust.ldsignatures.crypto.provider.RandomProvider; public class NaClSodiumRandomProvider extends RandomProvider { diff --git a/src/main/java/info/weboftrust/ldsignatures/crypto/impl/NaClSodiumSHA256Provider.java b/src/main/java/info/weboftrust/ldsignatures/crypto/provider/impl/NaClSodiumSHA256Provider.java similarity index 79% rename from src/main/java/info/weboftrust/ldsignatures/crypto/impl/NaClSodiumSHA256Provider.java rename to src/main/java/info/weboftrust/ldsignatures/crypto/provider/impl/NaClSodiumSHA256Provider.java index c4840ad..0d31668 100644 --- a/src/main/java/info/weboftrust/ldsignatures/crypto/impl/NaClSodiumSHA256Provider.java +++ b/src/main/java/info/weboftrust/ldsignatures/crypto/provider/impl/NaClSodiumSHA256Provider.java @@ -1,11 +1,11 @@ -package info.weboftrust.ldsignatures.crypto.impl; +package info.weboftrust.ldsignatures.crypto.provider.impl; import java.security.GeneralSecurityException; import org.abstractj.kalium.NaCl; import org.abstractj.kalium.NaCl.Sodium; -import info.weboftrust.ldsignatures.crypto.SHA256Provider; +import info.weboftrust.ldsignatures.crypto.provider.SHA256Provider; public class NaClSodiumSHA256Provider extends SHA256Provider { diff --git a/src/main/java/info/weboftrust/ldsignatures/signer/EcdsaKoblitzSignature2016LdSigner.java b/src/main/java/info/weboftrust/ldsignatures/signer/EcdsaKoblitzSignature2016LdSigner.java index d5f9db1..61af4c6 100644 --- a/src/main/java/info/weboftrust/ldsignatures/signer/EcdsaKoblitzSignature2016LdSigner.java +++ b/src/main/java/info/weboftrust/ldsignatures/signer/EcdsaKoblitzSignature2016LdSigner.java @@ -5,16 +5,17 @@ import org.apache.commons.codec.binary.Base64; import org.bitcoinj.core.ECKey; -import org.bitcoinj.core.Sha256Hash; +import info.weboftrust.ldsignatures.crypto.ByteSigner; +import info.weboftrust.ldsignatures.crypto.impl.P256K_ES256K_PrivateKeySigner; import info.weboftrust.ldsignatures.suites.EcdsaKoblitzSignature2016SignatureSuite; import info.weboftrust.ldsignatures.suites.SignatureSuites; public class EcdsaKoblitzSignature2016LdSigner extends LdSigner { - private Signer signer; + private ByteSigner signer; - public EcdsaKoblitzSignature2016LdSigner(Signer signer) { + public EcdsaKoblitzSignature2016LdSigner(ByteSigner signer) { super(SignatureSuites.SIGNATURE_SUITE_ECDSAKOBLITZSIGNATURE2016); @@ -23,20 +24,20 @@ public EcdsaKoblitzSignature2016LdSigner(Signer signer) { public EcdsaKoblitzSignature2016LdSigner(ECKey privateKey) { - this(new PrivateKeySigner(privateKey)); + this(new P256K_ES256K_PrivateKeySigner(privateKey)); } public EcdsaKoblitzSignature2016LdSigner() { - this((Signer) null); + this((ByteSigner) null); } - public static String sign(String canonicalizedDocument, Signer signer) throws GeneralSecurityException { + public static String sign(String canonicalizedDocument, ByteSigner signer) throws GeneralSecurityException { // sign byte[] canonicalizedDocumentBytes = canonicalizedDocument.getBytes(StandardCharsets.UTF_8); - byte[] signatureBytes = signer.sign(canonicalizedDocumentBytes); + byte[] signatureBytes = signer.sign(canonicalizedDocumentBytes, "ES256K"); String signatureString = Base64.encodeBase64String(signatureBytes); // done @@ -50,40 +51,16 @@ public String sign(String canonicalizedDocument) throws GeneralSecurityException return sign(canonicalizedDocument, this.getSigner()); } - /* - * Helper class - */ - - public interface Signer { - - public byte[] sign(byte[] content) throws GeneralSecurityException; - } - - public static class PrivateKeySigner implements Signer { - - private ECKey privateKey; - - public PrivateKeySigner(ECKey privateKey) { - - this.privateKey = privateKey; - } - - public byte[] sign(byte[] content) throws GeneralSecurityException { - - return this.privateKey.sign(Sha256Hash.of(content)).encodeToDER(); - } - } - /* * Getters and setters */ - public Signer getSigner() { + public ByteSigner getSigner() { return this.signer; } - public void setSigner(Signer signer) { + public void setSigner(ByteSigner signer) { this.signer = signer; } diff --git a/src/main/java/info/weboftrust/ldsignatures/signer/EcdsaSecp256k1Signature2019LdSigner.java b/src/main/java/info/weboftrust/ldsignatures/signer/EcdsaSecp256k1Signature2019LdSigner.java index 3958aa9..f9d76e4 100644 --- a/src/main/java/info/weboftrust/ldsignatures/signer/EcdsaSecp256k1Signature2019LdSigner.java +++ b/src/main/java/info/weboftrust/ldsignatures/signer/EcdsaSecp256k1Signature2019LdSigner.java @@ -5,16 +5,17 @@ import org.apache.commons.codec.binary.Base64; import org.bitcoinj.core.ECKey; -import org.bitcoinj.core.Sha256Hash; +import info.weboftrust.ldsignatures.crypto.ByteSigner; +import info.weboftrust.ldsignatures.crypto.impl.P256K_ES256K_PrivateKeySigner; import info.weboftrust.ldsignatures.suites.EcdsaSecp256k1Signature2019SignatureSuite; import info.weboftrust.ldsignatures.suites.SignatureSuites; public class EcdsaSecp256k1Signature2019LdSigner extends LdSigner { - private Signer signer; + private ByteSigner signer; - public EcdsaSecp256k1Signature2019LdSigner(Signer signer) { + public EcdsaSecp256k1Signature2019LdSigner(ByteSigner signer) { super(SignatureSuites.SIGNATURE_SUITE_ECDSASECP256L1SIGNATURE2019); @@ -23,20 +24,20 @@ public EcdsaSecp256k1Signature2019LdSigner(Signer signer) { public EcdsaSecp256k1Signature2019LdSigner(ECKey privateKey) { - this(new PrivateKeySigner(privateKey)); + this(new P256K_ES256K_PrivateKeySigner(privateKey)); } public EcdsaSecp256k1Signature2019LdSigner() { - this((Signer) null); + this((ByteSigner) null); } - public static String sign(String canonicalizedDocument, Signer signer) throws GeneralSecurityException { + public static String sign(String canonicalizedDocument, ByteSigner signer) throws GeneralSecurityException { // sign byte[] canonicalizedDocumentBytes = canonicalizedDocument.getBytes(StandardCharsets.UTF_8); - byte[] signatureBytes = signer.sign(canonicalizedDocumentBytes); + byte[] signatureBytes = signer.sign(canonicalizedDocumentBytes, "ES256K"); String signatureString = Base64.encodeBase64String(signatureBytes); // done @@ -50,40 +51,16 @@ public String sign(String canonicalizedDocument) throws GeneralSecurityException return sign(canonicalizedDocument, this.getSigner()); } - /* - * Helper class - */ - - public interface Signer { - - public byte[] sign(byte[] content) throws GeneralSecurityException; - } - - public static class PrivateKeySigner implements Signer { - - private ECKey privateKey; - - public PrivateKeySigner(ECKey privateKey) { - - this.privateKey = privateKey; - } - - public byte[] sign(byte[] content) throws GeneralSecurityException { - - return this.privateKey.sign(Sha256Hash.of(content)).encodeToDER(); - } - } - /* * Getters and setters */ - public Signer getSigner() { + public ByteSigner getSigner() { return this.signer; } - public void setSigner(Signer signer) { + public void setSigner(ByteSigner signer) { this.signer = signer; } diff --git a/src/main/java/info/weboftrust/ldsignatures/signer/Ed25519Signature2018LdSigner.java b/src/main/java/info/weboftrust/ldsignatures/signer/Ed25519Signature2018LdSigner.java index 8aa8075..b2661f6 100644 --- a/src/main/java/info/weboftrust/ldsignatures/signer/Ed25519Signature2018LdSigner.java +++ b/src/main/java/info/weboftrust/ldsignatures/signer/Ed25519Signature2018LdSigner.java @@ -2,22 +2,19 @@ import java.nio.charset.StandardCharsets; import java.security.GeneralSecurityException; -import java.util.concurrent.ExecutionException; import org.apache.commons.codec.binary.Base64; -import org.hyperledger.indy.sdk.IndyException; -import org.hyperledger.indy.sdk.crypto.Crypto; -import org.hyperledger.indy.sdk.wallet.Wallet; -import info.weboftrust.ldsignatures.crypto.EC25519Provider; +import info.weboftrust.ldsignatures.crypto.ByteSigner; +import info.weboftrust.ldsignatures.crypto.impl.Ed25519_EdDSA_PrivateKeySigner; import info.weboftrust.ldsignatures.suites.Ed25519Signature2018SignatureSuite; import info.weboftrust.ldsignatures.suites.SignatureSuites; public class Ed25519Signature2018LdSigner extends LdSigner { - private Signer signer; + private ByteSigner signer; - public Ed25519Signature2018LdSigner(Signer signer) { + public Ed25519Signature2018LdSigner(ByteSigner signer) { super(SignatureSuites.SIGNATURE_SUITE_ED25519SIGNATURE2018); @@ -26,20 +23,20 @@ public Ed25519Signature2018LdSigner(Signer signer) { public Ed25519Signature2018LdSigner(byte[] privateKey) { - this(new PrivateKeySigner(privateKey)); + this(new Ed25519_EdDSA_PrivateKeySigner(privateKey)); } public Ed25519Signature2018LdSigner() { - this((Signer) null); + this((ByteSigner) null); } - public static String sign(String canonicalizedDocument, Signer signer) throws GeneralSecurityException { + public static String sign(String canonicalizedDocument, ByteSigner signer) throws GeneralSecurityException { // sign byte[] canonicalizedDocumentBytes = canonicalizedDocument.getBytes(StandardCharsets.UTF_8); - byte[] signatureBytes = signer.sign(canonicalizedDocumentBytes); + byte[] signatureBytes = signer.sign(canonicalizedDocumentBytes, "EdDSA"); String signatureString = Base64.encodeBase64String(signatureBytes); // done @@ -53,65 +50,16 @@ public String sign(String canonicalizedDocument) throws GeneralSecurityException return sign(canonicalizedDocument, this.getSigner()); } - /* - * Helper class - */ - - public interface Signer { - - public byte[] sign(byte[] content) throws GeneralSecurityException; - } - - public static class PrivateKeySigner implements Signer { - - private byte[] privateKey; - - public PrivateKeySigner(byte[] privateKey) { - - this.privateKey = privateKey; - } - - @Override - public byte[] sign(byte[] content) throws GeneralSecurityException { - - return EC25519Provider.get().sign(content, this.privateKey); - } - } - - public static class LibIndySigner implements Signer { - - private Wallet wallet; - private String signerVk; - - public LibIndySigner(Wallet wallet, String signerVk) { - - this.wallet = wallet; - this.signerVk = signerVk; - } - - @Override - public byte[] sign(byte[] content) throws GeneralSecurityException { - - try { - - return Crypto.cryptoSign(this.wallet, this.signerVk, content).get(); - } catch (InterruptedException | ExecutionException | IndyException ex) { - - throw new GeneralSecurityException(ex.getMessage(), ex); - } - } - } - /* * Getters and setters */ - public Signer getSigner() { + public ByteSigner getSigner() { return this.signer; } - public void setSigner(Signer signer) { + public void setSigner(ByteSigner signer) { this.signer = signer; } diff --git a/src/main/java/info/weboftrust/ldsignatures/signer/RsaSignature2018LdSigner.java b/src/main/java/info/weboftrust/ldsignatures/signer/RsaSignature2018LdSigner.java index 7b8098c..0eaf9e2 100644 --- a/src/main/java/info/weboftrust/ldsignatures/signer/RsaSignature2018LdSigner.java +++ b/src/main/java/info/weboftrust/ldsignatures/signer/RsaSignature2018LdSigner.java @@ -10,18 +10,18 @@ import com.nimbusds.jose.JWSObject; import com.nimbusds.jose.JWSSigner; import com.nimbusds.jose.Payload; -import com.nimbusds.jose.crypto.RSASSASigner; -import com.nimbusds.jose.crypto.impl.RSASSAProvider; -import com.nimbusds.jose.util.Base64URL; +import info.weboftrust.ldsignatures.crypto.ByteSigner; +import info.weboftrust.ldsignatures.crypto.adapter.JWSSignerAdapter; +import info.weboftrust.ldsignatures.crypto.impl.RSA_RS256_PrivateKeySigner; import info.weboftrust.ldsignatures.suites.RsaSignature2018SignatureSuite; import info.weboftrust.ldsignatures.suites.SignatureSuites; public class RsaSignature2018LdSigner extends LdSigner { - private Signer signer; + private ByteSigner signer; - public RsaSignature2018LdSigner(Signer signer) { + public RsaSignature2018LdSigner(ByteSigner signer) { super(SignatureSuites.SIGNATURE_SUITE_RSASIGNATURE2018); @@ -30,15 +30,15 @@ public RsaSignature2018LdSigner(Signer signer) { public RsaSignature2018LdSigner(RSAPrivateKey privateKey) { - this(new PrivateKeySigner(privateKey)); + this(new RSA_RS256_PrivateKeySigner(privateKey)); } public RsaSignature2018LdSigner() { - this((Signer) null); + this((ByteSigner) null); } - public static String sign(String canonicalizedDocument, Signer signer) throws GeneralSecurityException { + public static String sign(String canonicalizedDocument, ByteSigner signer) throws GeneralSecurityException { // build the payload @@ -59,7 +59,7 @@ public static String sign(String canonicalizedDocument, Signer signer) throws Ge JWSObject jwsObject = new JWSObject(jwsHeader, payload); - JWSSigner jwsSigner = new JWSSignerAdapter(signer); + JWSSigner jwsSigner = new JWSSignerAdapter(signer, JWSAlgorithm.RS256); jwsObject.sign(jwsSigner); signatureValue = jwsObject.serialize(true); @@ -87,70 +87,16 @@ public String sign(String canonicalizedDocument) throws GeneralSecurityException return sign(canonicalizedDocument, this.getSigner()); } - /* - * Helper class - */ - - public interface Signer { - - public byte[] sign(byte[] content) throws GeneralSecurityException; - } - - public static class PrivateKeySigner extends RSASSASigner implements Signer { - - public PrivateKeySigner(RSAPrivateKey privateKey) { - - super(privateKey); - } - - public byte[] sign(byte[] content) throws GeneralSecurityException { - - JWSHeader jwsHeader = new JWSHeader(JWSAlgorithm.RS256); - - try { - - return super.sign(jwsHeader, content).decode(); - } catch (JOSEException ex) { - - throw new GeneralSecurityException(ex.getMessage(), ex); - } - } - } - - private static class JWSSignerAdapter extends RSASSAProvider implements JWSSigner { - - private Signer signer; - - private JWSSignerAdapter(Signer signer) { - - this.signer = signer; - } - - @Override - public Base64URL sign(final JWSHeader header, final byte[] signingInput) throws JOSEException { - - if (! JWSAlgorithm.RS256.equals(header.getAlgorithm())) throw new JOSEException("Unexpected algorithm: " + header.getAlgorithm()); - - try { - - return Base64URL.encode(this.signer.sign(signingInput)); - } catch (GeneralSecurityException ex) { - - throw new JOSEException(ex.getMessage(), ex); - } - } - } - /* * Getters and setters */ - public Signer getSigner() { + public ByteSigner getSigner() { return this.signer; } - public void setSigner(Signer signer) { + public void setSigner(ByteSigner signer) { this.signer = signer; } diff --git a/src/main/java/info/weboftrust/ldsignatures/verifier/EcdsaKoblitzSignature2016LdVerifier.java b/src/main/java/info/weboftrust/ldsignatures/verifier/EcdsaKoblitzSignature2016LdVerifier.java index 6d4dc3b..e47b8a4 100644 --- a/src/main/java/info/weboftrust/ldsignatures/verifier/EcdsaKoblitzSignature2016LdVerifier.java +++ b/src/main/java/info/weboftrust/ldsignatures/verifier/EcdsaKoblitzSignature2016LdVerifier.java @@ -5,18 +5,18 @@ import org.apache.commons.codec.binary.Base64; import org.bitcoinj.core.ECKey; -import org.bitcoinj.core.Sha256Hash; -import org.bitcoinj.core.SignatureDecodeException; import info.weboftrust.ldsignatures.LdSignature; +import info.weboftrust.ldsignatures.crypto.ByteVerifier; +import info.weboftrust.ldsignatures.crypto.impl.P256K_ES256K_PublicKeyVerifier; import info.weboftrust.ldsignatures.suites.EcdsaKoblitzSignature2016SignatureSuite; import info.weboftrust.ldsignatures.suites.SignatureSuites; public class EcdsaKoblitzSignature2016LdVerifier extends LdVerifier { - private Verifier verifier; + private ByteVerifier verifier; - public EcdsaKoblitzSignature2016LdVerifier(Verifier verifier) { + public EcdsaKoblitzSignature2016LdVerifier(ByteVerifier verifier) { super(SignatureSuites.SIGNATURE_SUITE_ECDSAKOBLITZSIGNATURE2016); @@ -25,21 +25,21 @@ public EcdsaKoblitzSignature2016LdVerifier(Verifier verifier) { public EcdsaKoblitzSignature2016LdVerifier(ECKey publicKey) { - this(new PublicKeyVerifier(publicKey)); + this(new P256K_ES256K_PublicKeyVerifier(publicKey)); } public EcdsaKoblitzSignature2016LdVerifier() { - this((Verifier) null); + this((ByteVerifier) null); } - public static boolean verify(String canonicalizedDocument, LdSignature ldSignature, Verifier verifier) throws GeneralSecurityException { + public static boolean verify(String canonicalizedDocument, LdSignature ldSignature, ByteVerifier verifier) throws GeneralSecurityException { // verify byte[] canonicalizedDocumentBytes = canonicalizedDocument.getBytes(StandardCharsets.UTF_8); byte[] signatureValueBytes = Base64.decodeBase64(ldSignature.getSignatureValue()); - boolean verify = verifier.verify(canonicalizedDocumentBytes, signatureValueBytes); + boolean verify = verifier.verify(canonicalizedDocumentBytes, signatureValueBytes, "ES256K"); // done @@ -52,47 +52,16 @@ public boolean verify(String canonicalizedDocument, LdSignature ldSignature) thr return verify(canonicalizedDocument, ldSignature, this.getVerifier()); } - /* - * Helper class - */ - - public interface Verifier { - - public boolean verify(byte[] content, byte[] signature) throws GeneralSecurityException; - } - - public static class PublicKeyVerifier implements Verifier { - - private ECKey publicKey; - - public PublicKeyVerifier(ECKey publicKey) { - - this.publicKey = publicKey; - } - - @Override - public boolean verify(byte[] content, byte[] signature) throws GeneralSecurityException { - - try { - - return this.publicKey.verify(Sha256Hash.hash(content), signature); - } catch (SignatureDecodeException ex) { - - throw new GeneralSecurityException(ex.getMessage(), ex); - } - } - } - /* * Getters and setters */ - public Verifier getVerifier() { + public ByteVerifier getVerifier() { return this.verifier; } - public void setVerifier(Verifier verifier) { + public void setVerifier(ByteVerifier verifier) { this.verifier = verifier; } diff --git a/src/main/java/info/weboftrust/ldsignatures/verifier/EcdsaSecp256k1Signature2019LdVerifier.java b/src/main/java/info/weboftrust/ldsignatures/verifier/EcdsaSecp256k1Signature2019LdVerifier.java index 4f5413f..4f51266 100644 --- a/src/main/java/info/weboftrust/ldsignatures/verifier/EcdsaSecp256k1Signature2019LdVerifier.java +++ b/src/main/java/info/weboftrust/ldsignatures/verifier/EcdsaSecp256k1Signature2019LdVerifier.java @@ -5,18 +5,18 @@ import org.apache.commons.codec.binary.Base64; import org.bitcoinj.core.ECKey; -import org.bitcoinj.core.Sha256Hash; -import org.bitcoinj.core.SignatureDecodeException; import info.weboftrust.ldsignatures.LdSignature; +import info.weboftrust.ldsignatures.crypto.ByteVerifier; +import info.weboftrust.ldsignatures.crypto.impl.P256K_ES256K_PublicKeyVerifier; import info.weboftrust.ldsignatures.suites.EcdsaSecp256k1Signature2019SignatureSuite; import info.weboftrust.ldsignatures.suites.SignatureSuites; public class EcdsaSecp256k1Signature2019LdVerifier extends LdVerifier { - private Verifier verifier; + private ByteVerifier verifier; - public EcdsaSecp256k1Signature2019LdVerifier(Verifier verifier) { + public EcdsaSecp256k1Signature2019LdVerifier(ByteVerifier verifier) { super(SignatureSuites.SIGNATURE_SUITE_ECDSASECP256L1SIGNATURE2019); @@ -25,21 +25,21 @@ public EcdsaSecp256k1Signature2019LdVerifier(Verifier verifier) { public EcdsaSecp256k1Signature2019LdVerifier(ECKey publicKey) { - this(new PublicKeyVerifier(publicKey)); + this(new P256K_ES256K_PublicKeyVerifier(publicKey)); } public EcdsaSecp256k1Signature2019LdVerifier() { - this((Verifier) null); + this((ByteVerifier) null); } - public static boolean verify(String canonicalizedDocument, LdSignature ldSignature, Verifier verifier) throws GeneralSecurityException { + public static boolean verify(String canonicalizedDocument, LdSignature ldSignature, ByteVerifier verifier) throws GeneralSecurityException { // verify byte[] canonicalizedDocumentBytes = canonicalizedDocument.getBytes(StandardCharsets.UTF_8); byte[] signatureValueBytes = Base64.decodeBase64(ldSignature.getSignatureValue()); - boolean verify = verifier.verify(canonicalizedDocumentBytes, signatureValueBytes); + boolean verify = verifier.verify(canonicalizedDocumentBytes, signatureValueBytes, "ES256K"); // done @@ -52,47 +52,16 @@ public boolean verify(String canonicalizedDocument, LdSignature ldSignature) thr return verify(canonicalizedDocument, ldSignature, this.getVerifier()); } - /* - * Helper class - */ - - public interface Verifier { - - public boolean verify(byte[] content, byte[] signature) throws GeneralSecurityException; - } - - public static class PublicKeyVerifier implements Verifier { - - private ECKey publicKey; - - public PublicKeyVerifier(ECKey publicKey) { - - this.publicKey = publicKey; - } - - @Override - public boolean verify(byte[] content, byte[] signature) throws GeneralSecurityException { - - try { - - return this.publicKey.verify(Sha256Hash.hash(content), signature); - } catch (SignatureDecodeException ex) { - - throw new GeneralSecurityException(ex.getMessage(), ex); - } - } - } - /* * Getters and setters */ - public Verifier getVerifier() { + public ByteVerifier getVerifier() { return this.verifier; } - public void setVerifier(Verifier verifier) { + public void setVerifier(ByteVerifier verifier) { this.verifier = verifier; } diff --git a/src/main/java/info/weboftrust/ldsignatures/verifier/Ed25519Signature2018LdVerifier.java b/src/main/java/info/weboftrust/ldsignatures/verifier/Ed25519Signature2018LdVerifier.java index 1aaa056..0aec83e 100644 --- a/src/main/java/info/weboftrust/ldsignatures/verifier/Ed25519Signature2018LdVerifier.java +++ b/src/main/java/info/weboftrust/ldsignatures/verifier/Ed25519Signature2018LdVerifier.java @@ -6,15 +6,16 @@ import org.apache.commons.codec.binary.Base64; import info.weboftrust.ldsignatures.LdSignature; -import info.weboftrust.ldsignatures.crypto.EC25519Provider; +import info.weboftrust.ldsignatures.crypto.ByteVerifier; +import info.weboftrust.ldsignatures.crypto.impl.Ed25519_EdDSA_PublicKeyVerifier; import info.weboftrust.ldsignatures.suites.Ed25519Signature2018SignatureSuite; import info.weboftrust.ldsignatures.suites.SignatureSuites; public class Ed25519Signature2018LdVerifier extends LdVerifier { - private Verifier verifier; + private ByteVerifier verifier; - public Ed25519Signature2018LdVerifier(Verifier verifier) { + public Ed25519Signature2018LdVerifier(ByteVerifier verifier) { super(SignatureSuites.SIGNATURE_SUITE_ED25519SIGNATURE2018); @@ -23,21 +24,21 @@ public Ed25519Signature2018LdVerifier(Verifier verifier) { public Ed25519Signature2018LdVerifier(byte[] publicKey) { - this(new PublicKeyVerifier(publicKey)); + this(new Ed25519_EdDSA_PublicKeyVerifier(publicKey)); } public Ed25519Signature2018LdVerifier() { - this((Verifier) null); + this((ByteVerifier) null); } - public static boolean verify(String canonicalizedDocument, LdSignature ldSignature, Verifier verifier) throws GeneralSecurityException { + public static boolean verify(String canonicalizedDocument, LdSignature ldSignature, ByteVerifier verifier) throws GeneralSecurityException { // verify byte[] canonicalizedDocumentBytes = canonicalizedDocument.getBytes(StandardCharsets.UTF_8); byte[] signatureValueBytes = Base64.decodeBase64(ldSignature.getSignatureValue()); - boolean verify = verifier.verify(canonicalizedDocumentBytes, signatureValueBytes); + boolean verify = verifier.verify(canonicalizedDocumentBytes, signatureValueBytes, "EdDSA"); // done @@ -50,41 +51,16 @@ public boolean verify(String canonicalizedDocument, LdSignature ldSignature) thr return verify(canonicalizedDocument, ldSignature, this.getVerifier()); } - /* - * Helper class - */ - - public interface Verifier { - - public boolean verify(byte[] content, byte[] signature) throws GeneralSecurityException; - } - - public static class PublicKeyVerifier implements Verifier { - - private byte[] publicKey; - - public PublicKeyVerifier(byte[] publicKey) { - - this.publicKey = publicKey; - } - - @Override - public boolean verify(byte[] content, byte[] signature) throws GeneralSecurityException { - - return EC25519Provider.get().verify(content, signature, this.publicKey); - } - } - /* * Getters and setters */ - public Verifier getVerifier() { + public ByteVerifier getVerifier() { return this.verifier; } - public void setVerifier(Verifier verifier) { + public void setVerifier(ByteVerifier verifier) { this.verifier = verifier; } diff --git a/src/main/java/info/weboftrust/ldsignatures/verifier/RsaSignature2018LdVerifier.java b/src/main/java/info/weboftrust/ldsignatures/verifier/RsaSignature2018LdVerifier.java index 45f478e..c38917f 100644 --- a/src/main/java/info/weboftrust/ldsignatures/verifier/RsaSignature2018LdVerifier.java +++ b/src/main/java/info/weboftrust/ldsignatures/verifier/RsaSignature2018LdVerifier.java @@ -3,27 +3,25 @@ import java.security.GeneralSecurityException; import java.security.interfaces.RSAPublicKey; import java.text.ParseException; -import java.util.Collections; import com.nimbusds.jose.JOSEException; import com.nimbusds.jose.JWSAlgorithm; -import com.nimbusds.jose.JWSHeader; import com.nimbusds.jose.JWSVerifier; import com.nimbusds.jose.Payload; -import com.nimbusds.jose.crypto.RSASSAVerifier; -import com.nimbusds.jose.crypto.impl.RSASSAProvider; -import com.nimbusds.jose.util.Base64URL; import info.weboftrust.ldsignatures.LdSignature; +import info.weboftrust.ldsignatures.crypto.ByteVerifier; +import info.weboftrust.ldsignatures.crypto.adapter.JWSVerifierAdapter; +import info.weboftrust.ldsignatures.crypto.impl.RSA_RS256_PublicKeyVerifier; import info.weboftrust.ldsignatures.suites.RsaSignature2018SignatureSuite; import info.weboftrust.ldsignatures.suites.SignatureSuites; import info.weboftrust.ldsignatures.util.DetachedJWSObject; public class RsaSignature2018LdVerifier extends LdVerifier { - private Verifier verifier; + private ByteVerifier verifier; - public RsaSignature2018LdVerifier(Verifier verifier) { + public RsaSignature2018LdVerifier(ByteVerifier verifier) { super(SignatureSuites.SIGNATURE_SUITE_RSASIGNATURE2018); @@ -32,15 +30,15 @@ public RsaSignature2018LdVerifier(Verifier verifier) { public RsaSignature2018LdVerifier(RSAPublicKey publicKey) { - this(new PublicKeyVerifier(publicKey)); + this(new RSA_RS256_PublicKeyVerifier(publicKey)); } public RsaSignature2018LdVerifier() { - this((Verifier) null); + this((ByteVerifier) null); } - public static boolean verify(String canonicalizedDocument, LdSignature ldSignature, Verifier verifier) throws GeneralSecurityException { + public static boolean verify(String canonicalizedDocument, LdSignature ldSignature, ByteVerifier verifier) throws GeneralSecurityException { // build the payload @@ -57,7 +55,7 @@ public static boolean verify(String canonicalizedDocument, LdSignature ldSignatu DetachedJWSObject jwsObject = DetachedJWSObject.parse(signatureValue, jwsPayload); - JWSVerifier jwsVerifier = new JWSVerifierAdapter(verifier); + JWSVerifier jwsVerifier = new JWSVerifierAdapter(verifier, JWSAlgorithm.RS256); verify = jwsVerifier.verify(jwsObject.getHeader(), jwsObject.getSigningInput(), jwsObject.getParsedSignature()); /* JsonWebSignature jws = new JsonWebSignature(); @@ -83,71 +81,16 @@ public boolean verify(String canonicalizedDocument, LdSignature ldSignature) thr return verify(canonicalizedDocument, ldSignature, this.getVerifier()); } - /* - * Helper class - */ - - public interface Verifier { - - public boolean verify(String algorithm, byte[] content, byte[] signature) throws GeneralSecurityException; - } - - public static class PublicKeyVerifier extends RSASSAVerifier implements Verifier { - - public PublicKeyVerifier(RSAPublicKey publicKey) { - - super(publicKey, Collections.singleton("b64")); - } - - @Override - public boolean verify(String algorithm, byte[] content, byte[] signature) throws GeneralSecurityException { - - JWSHeader jwsHeader = new JWSHeader(new JWSAlgorithm(algorithm)); - - try { - - return super.verify(jwsHeader, content, Base64URL.encode(signature)); - } catch (JOSEException ex) { - - throw new GeneralSecurityException(ex.getMessage(), ex); - } - } - } - - private static class JWSVerifierAdapter extends RSASSAProvider implements JWSVerifier { - - private Verifier verifier; - - private JWSVerifierAdapter(Verifier verifier) { - - this.verifier = verifier; - } - - @Override - public boolean verify(JWSHeader header, byte[] signingInput, Base64URL signature) throws JOSEException { - - String algorithm = header.getAlgorithm().getName(); - - try { - - return this.verifier.verify(algorithm, signingInput, signature.decode()); - } catch (GeneralSecurityException ex) { - - throw new JOSEException(ex.getMessage(), ex); - } - } - } - /* * Getters and setters */ - public Verifier getVerifier() { + public ByteVerifier getVerifier() { return this.verifier; } - public void setVerifier(Verifier verifier) { + public void setVerifier(ByteVerifier verifier) { this.verifier = verifier; } diff --git a/src/main/resources/META-INF/services/info.weboftrust.ldsignatures.crypto.EC25519Provider b/src/main/resources/META-INF/services/info.weboftrust.ldsignatures.crypto.EC25519Provider deleted file mode 100644 index e847eaa..0000000 --- a/src/main/resources/META-INF/services/info.weboftrust.ldsignatures.crypto.EC25519Provider +++ /dev/null @@ -1 +0,0 @@ -info.weboftrust.ldsignatures.crypto.impl.NaClSodiumEC25519Provider diff --git a/src/main/resources/META-INF/services/info.weboftrust.ldsignatures.crypto.RandomProvider b/src/main/resources/META-INF/services/info.weboftrust.ldsignatures.crypto.RandomProvider deleted file mode 100644 index 8a0d4e7..0000000 --- a/src/main/resources/META-INF/services/info.weboftrust.ldsignatures.crypto.RandomProvider +++ /dev/null @@ -1 +0,0 @@ -info.weboftrust.ldsignatures.crypto.impl.NaClSodiumRandomProvider diff --git a/src/main/resources/META-INF/services/info.weboftrust.ldsignatures.crypto.SHA256Provider b/src/main/resources/META-INF/services/info.weboftrust.ldsignatures.crypto.SHA256Provider deleted file mode 100644 index c11fe95..0000000 --- a/src/main/resources/META-INF/services/info.weboftrust.ldsignatures.crypto.SHA256Provider +++ /dev/null @@ -1 +0,0 @@ -info.weboftrust.ldsignatures.crypto.impl.NaClSodiumSHA256Provider diff --git a/src/main/resources/META-INF/services/info.weboftrust.ldsignatures.crypto.provider.EC25519Provider b/src/main/resources/META-INF/services/info.weboftrust.ldsignatures.crypto.provider.EC25519Provider new file mode 100644 index 0000000..13279f0 --- /dev/null +++ b/src/main/resources/META-INF/services/info.weboftrust.ldsignatures.crypto.provider.EC25519Provider @@ -0,0 +1 @@ +info.weboftrust.ldsignatures.crypto.provider.impl.NaClSodiumEC25519Provider diff --git a/src/main/resources/META-INF/services/info.weboftrust.ldsignatures.crypto.provider.RandomProvider b/src/main/resources/META-INF/services/info.weboftrust.ldsignatures.crypto.provider.RandomProvider new file mode 100644 index 0000000..7ea195c --- /dev/null +++ b/src/main/resources/META-INF/services/info.weboftrust.ldsignatures.crypto.provider.RandomProvider @@ -0,0 +1 @@ +info.weboftrust.ldsignatures.crypto.provider.impl.NaClSodiumRandomProvider diff --git a/src/main/resources/META-INF/services/info.weboftrust.ldsignatures.crypto.provider.SHA256Provider b/src/main/resources/META-INF/services/info.weboftrust.ldsignatures.crypto.provider.SHA256Provider new file mode 100644 index 0000000..1e9142e --- /dev/null +++ b/src/main/resources/META-INF/services/info.weboftrust.ldsignatures.crypto.provider.SHA256Provider @@ -0,0 +1 @@ +info.weboftrust.ldsignatures.crypto.provider.impl.NaClSodiumSHA256Provider