PYIC-5099: Enable RSA signature validation #2001
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
MikeCollingwood
force-pushed
the
pyic-5099
branch
from
e7c6210
to
cda64b4
Compare
MikeCollingwood
commented
Jun 13, 2024
...uk/gov/di/ipv/core/library/verifiablecredential/validator/VerifiableCredentialValidator.java
Show resolved
Hide resolved
MikeCollingwood
force-pushed
the
pyic-5099
branch
from
e5bd3db
to
b9d91d1
Compare
DanCorderIPV
requested changes
Jun 14, 2024
...uk/gov/di/ipv/core/library/verifiablecredential/validator/VerifiableCredentialValidator.java
Outdated
Show resolved
Hide resolved
...common-services/src/main/java/uk/gov/di/ipv/core/library/exceptions/EncryptionAlgorithm.java
Outdated
Show resolved
Hide resolved
libs/cimit-service/src/test/java/uk/gov/di/ipv/core/library/service/CiMitServiceTest.java
Show resolved
Hide resolved
| throws ParseException, JOSEException { | ||
| return switch (signingAlgorithm) { | ||
| case EC -> new ECDSAVerifier(ECKey.parse(signingKey)); | ||
| case RSA -> new RSASSAVerifier(RSAKey.parse(signingKey)); |
There was a problem hiding this comment.
Digging a bit further into our libraries, it looks like you might be able to do this completely automatically.
Have a look at DefaultJWSVerifierFactory.createJWSVerifier() and JWK.parse()
There was a problem hiding this comment.
I saw JWK.parse, and am now updating to use the key to determine the algorithm. Will also look at createJWSVerifier
There was a problem hiding this comment.
Trying to play around with createJWSVerifier but it feels like it may not be as much of a simplification as wanted compared to the new version of the getVerifier method.
var signingKeyJws = JWSObject.parse(signingKey);
var keyFactory = KeyFactory.getInstance(signingKeyJws.getHeader().getAlgorithm().toString());
keyFactory.generatePublic(new PKCS8EncodedKeySpec(signingKey.getBytes())
);
new DefaultJWSVerifierFactory().createJWSVerifier(signingKeyJws.getHeader(), Key);
var formattedVc = EC.equals(signingKeyJws.getHeader().getAlgorithm()) ? transcodeSignatureIfDerFormat(vc) : vc;
shivanshuit914
force-pushed
the
pyic-5099
branch
4 times, most recently
from
9a83c92
to
5e5446c
Compare
shivanshuit914
force-pushed
the
pyic-5099
branch
from
5e5446c
to
7d08f34
Compare
blakeyp
reviewed
Jun 21, 2024
libs/common-services/src/test/java/uk/gov/di/ipv/core/library/fixtures/TestFixtures.java
Outdated
Show resolved
Hide resolved
blakeyp
reviewed
Jun 21, 2024
...uk/gov/di/ipv/core/library/verifiablecredential/validator/VerifiableCredentialValidator.java
Show resolved
Hide resolved
|
blakeyp
approved these changes
Jun 21, 2024
DanCorderIPV
approved these changes
Jun 24, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Proposed changes
What changed
Why did it change
Issue tracking
Remaining to do: