Merge pull request #243 from qiluge/master

fix compile bug; split verify date interface

src/main/java/com/github/ontio/ontid/OntId2.java

@@ -303,30 +303,65 @@ public boolean verifyCredDate(VerifiableCredential cred) throws Exception {
         }
         if (cred.issuanceDate != null && !cred.issuanceDate.isEmpty()) {
             Date issuanceDate = formatter.parse(cred.issuanceDate);
-            return !issuanceDate.after(current);
+            return issuanceDate.before(current);
+        }
+        return true;
+    }
+
+    public boolean verifyCredExp(VerifiableCredential cred) throws Exception {
+        DateFormat formatter = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'Z'");
+        formatter.setTimeZone(TimeZone.getTimeZone("UTC"));
+        Date current = new Date();
+        if (cred.expirationDate != null && !cred.expirationDate.isEmpty()) {
+            Date expiration = formatter.parse(cred.expirationDate);
+            return expiration.after(current);
+        }
+        return true;
+    }
+
+    public boolean verifyCredIssuanceDate(VerifiableCredential cred) throws Exception {
+        DateFormat formatter = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'Z'");
+        formatter.setTimeZone(TimeZone.getTimeZone("UTC"));
+        Date current = new Date();
+        if (cred.issuanceDate != null && !cred.issuanceDate.isEmpty()) {
+            Date issuanceDate = formatter.parse(cred.issuanceDate);
+            return issuanceDate.before(current);
         }
         return true;
     }
 
     public boolean verifyJWTCredDate(String cred) throws Exception {
         JWTCredential jwtCred = JWTCredential.deserializeToJWTCred(cred);
-        if (jwtCred.payload.exp == 0) {
-            return true;
-        }
         return verifyJWTCredDate(jwtCred);
     }
 
+    public boolean verifyJWTCredExp(String cred) throws Exception {
+        JWTCredential jwtCred = JWTCredential.deserializeToJWTCred(cred);
+        return verifyJWTCredExp(jwtCred);
+    }
+
+    public boolean verifyJWTCredIssuanceDate(String cred) throws Exception {
+        JWTCredential jwtCred = JWTCredential.deserializeToJWTCred(cred);
+        return verifyJWTCredIssuanceDate(jwtCred);
+    }
+
     private boolean verifyJWTCredDate(JWTCredential jwtCred) {
+        return verifyJWTCredExp(jwtCred) && verifyJWTCredIssuanceDate(jwtCred);
+    }
+
+    // if jwtCred.payload.exp < 0, consider it is invalid
+    private boolean verifyJWTCredExp(JWTCredential jwtCred) {
+        return jwtCred.payload.exp == 0 || jwtCred.payload.exp > System.currentTimeMillis() / 1000;
+    }
+
+    private boolean verifyJWTCredIssuanceDate(JWTCredential jwtCred) {
         long current = System.currentTimeMillis() / 1000;
-        if (jwtCred.payload.exp > 0 && current > jwtCred.payload.exp) {
+        if (jwtCred.payload.iat < 0 || jwtCred.payload.nbf < 0) {
             return false;
         }
-        if (jwtCred.payload.nbf > 0 && current < jwtCred.payload.nbf) {
+        if (current < jwtCred.payload.nbf) {
             return false;
         }
-        if (jwtCred.payload.iat <= 0) {
-            return true;
-        }
         return current >= jwtCred.payload.iat;
     }
 
@@ -437,6 +472,22 @@ public String createJWTPresentation(String[] creds, String[] context, String[] t
         return jwtCred.toString();
     }
 
+    // creds: old version jwt cred array
+    public String createPresentationFromOldCred(String[] creds, String[] context, String[] type, Object holder,
+                                                String challenge, Object domain, ProofPurpose purpose)
+            throws Exception {
+        JWTHeader header = new JWTHeader(signer.pubKey.type.getAlg(), this.signer.pubKey.id);
+
+        DateFormat formatter = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'Z'");
+        formatter.setTimeZone(TimeZone.getTimeZone("UTC"));
+        String created = formatter.format(new Date());
+        Proof proof = new Proof(signer.pubKey.id, created, signer.pubKey.type, purpose, challenge, domain);
+        JWTPayload payload = new JWTPayload(genPresentationWithoutProof(null, context, type, holder), proof);
+        payload.vp.verifiableCredential = creds;
+        JWTCredential jwtCred = new JWTCredential(header, payload, signer.signer);
+        return jwtCred.toString();
+    }
+
     private VerifiablePresentation genPresentationWithoutProof(VerifiableCredential[] creds, String[] context,
                                                                String[] type, Object holder) {
         VerifiablePresentation presentation = new VerifiablePresentation();
@@ -567,16 +618,16 @@ public String removeJWTCred(String cred, Account payer, long gasLimit, long gasP
         return "";
     }
 
-    private boolean verifyPubKeyIdSignature(String ontId, String pubKeyId, byte[] needSignData,
-                                            byte[] signature) throws Exception {
+    public boolean verifyPubKeyIdSignature(String ontId, String pubKeyId, byte[] needSignData,
+                                           byte[] signature) throws Exception {
         if (!pubKeyId.startsWith(ontId)) {
             return false;
         }
         return verifyPubKeyIdSignature(pubKeyId, needSignData, signature);
     }
 
-    private boolean verifyPubKeyIdSignature(String pubKeyId, byte[] needSignData,
-                                            byte[] signature) throws Exception {
+    public boolean verifyPubKeyIdSignature(String pubKeyId, byte[] needSignData,
+                                           byte[] signature) throws Exception {
         String ontId = Util.getOntIdFromPubKeyURI(pubKeyId);
         String allPubKeysJson = ontIdContract.sendGetPublicKeys(ontId);
         ArrayList<OntIdPubKey> allPubKeys = new ArrayList<>(JSON.parseArray(allPubKeysJson, OntIdPubKey.class));
@@ -590,7 +641,7 @@ private boolean verifyPubKeyIdSignature(String pubKeyId, byte[] needSignData,
         return false;
     }
 
-    private boolean verifyOntIdSignature(String ontId, byte[] needSignData, byte[] signature) throws Exception {
+    public boolean verifyOntIdSignature(String ontId, byte[] needSignData, byte[] signature) throws Exception {
         String allPubKeysJson = ontIdContract.sendGetPublicKeys(ontId);
         ArrayList<OntIdPubKey> allPubKeys = new ArrayList<>(JSON.parseArray(allPubKeysJson, OntIdPubKey.class));
         for (OntIdPubKey pubKey :

src/main/java/com/github/ontio/ontid/jwt/JWTVP.java

@@ -34,12 +34,14 @@ public JWTVP(VerifiablePresentation presentation, Proof proof) throws Exception
         }
         this.context = presentation.context;
         this.type = presentation.type;
-        String[] verifiableCredential = new String[presentation.verifiableCredential.length];
-        for (int i = 0; i < presentation.verifiableCredential.length; i++) {
-            JWTCredential jwtCred = new JWTCredential(presentation.verifiableCredential[i]);
-            verifiableCredential[i] = jwtCred.toString();
+        if (presentation.verifiableCredential != null) {
+            String[] verifiableCredential = new String[presentation.verifiableCredential.length];
+            for (int i = 0; i < presentation.verifiableCredential.length; i++) {
+                JWTCredential jwtCred = new JWTCredential(presentation.verifiableCredential[i]);
+                verifiableCredential[i] = jwtCred.toString();
+            }
+            this.verifiableCredential = verifiableCredential;
         }
-        this.verifiableCredential = verifiableCredential;
         this.proof = proof.genJWTProof();
     }
 }

src/main/java/com/github/ontio/smartcontract/NeoVm.java

@@ -25,6 +25,7 @@
 import com.github.ontio.core.transaction.Transaction;
 import com.github.ontio.ontid.OntId2;
 import com.github.ontio.smartcontract.neovm.*;
+import com.github.ontio.smartcontract.neovm.Record;
 import com.github.ontio.smartcontract.neovm.abi.AbiFunction;
 import com.github.ontio.sdk.exception.SDKException;
 import com.github.ontio.smartcontract.neovm.abi.BuildParams;

src/main/java/com/github/ontio/smartcontract/nativevm/OntId.java

@@ -2246,18 +2246,28 @@ public boolean verifyCredNotExpired(String cred) throws Exception {
         JSONObject payloadObj = JSON.parseObject(new String(payloadBytes));
         long currentTime = System.currentTimeMillis() / 1000;
         long expiration = payloadObj.getLong("exp");
-        if (expiration > 0 && expiration < currentTime) {
+        if (expiration < 0) {
             return false;
         }
-        long iat = payloadObj.getLong("iat");
-        if (iat > 0 && iat > currentTime) {
-            return false;
+        return expiration == 0 || expiration >= currentTime;
+    }
+
+    public boolean verifyCredIssuanceDate(String cred) throws Exception {
+        if ("".equals(cred)) {
+            throw new SDKException(ErrorCode.ParamErr("cred should not be null"));
+        }
+        String[] obj = cred.split("\\.");
+        if (obj.length != 3) {
+            throw new SDKException(ErrorCode.ParamError);
         }
-        long nbf = payloadObj.getLong("nbf");
-        if (nbf > 0 && nbf > currentTime) {
+        byte[] payloadBytes = Base64.getDecoder().decode(obj[1].getBytes());
+        JSONObject payloadObj = JSON.parseObject(new String(payloadBytes));
+        long currentTime = System.currentTimeMillis() / 1000;
+        long iat = payloadObj.getLong("iat");
+        if (iat < 0) {
             return false;
         }
-        return true;
+        return iat == 0 || iat <= currentTime;
     }
 
     public boolean verifyCredSignature(String cred) throws Exception {

src/main/java/demo/OntId2Demo.java

@@ -14,7 +14,7 @@
 
 public class OntId2Demo {
     static long gasLimit = 2000000;
-    static long gasPrice = 500;
+    static long gasPrice = 2500;
     static String password = "passwordtest";
 
     public static void main(String[] args) {

src/test/java/com/github/ontio/ontid/OntId2Test.java

@@ -5,6 +5,7 @@
 import com.github.ontio.account.Account;
 import com.github.ontio.common.Helper;
 import com.github.ontio.crypto.Digest;
+import com.github.ontio.ontid.jwt.JWTCredential;
 import com.github.ontio.sdk.wallet.Identity;
 import junit.framework.TestCase;
 
@@ -200,6 +201,31 @@ public void testJWTPresentation() {
         }
     }
 
+    public void testPresentationFromOldCred() throws Exception {
+        String oldCred = "";
+        String challenge = "d1b23d3...3d23d32d2";
+        String[] domain = new String[]{"https://example.com"};
+        String presentation = owner.createPresentationFromOldCred(new String[]{oldCred}, null,
+                null, ownerIdentity.ontid, challenge, domain, ProofPurpose.assertionMethod);
+        assertNotNull(presentation);
+        JWTCredential jwtCred = JWTCredential.deserializeToJWTCred(presentation);
+        // check jws
+//        byte[] needSignData = jwtCred.genNeedSignData();
+//        byte[] signature = jwtCred.parseSignature();
+//        boolean presentationSigValid = verifier.verifyPubKeyIdSignature(jwtCred.header.kid, needSignData, signature);
+//        assertTrue(presentationSigValid);
+        String[] credibleOntIds = new String[]{"did:ont:AHzUfrqpNwHBfXA72D9HciNAKuCr83SzDG"};
+        for (String vc : jwtCred.payload.vp.verifiableCredential) {
+//            assertTrue(ontSdk.nativevm().ontId().verifyCredNotExpired(vc));
+//            assertTrue(ontSdk.nativevm().ontId().verifyCredIssuanceDate(vc));
+//            assertTrue(ontSdk.nativevm().ontId().verifyCredOntIdCredible(vc, credibleOntIds));
+//            assertTrue(ontSdk.nativevm().ontId().verifyCredSignature(vc));
+            // use corresponding credential record contract to verify credential status
+//            ontSdk.neovm().credentialRecord().setContractAddress("36bb5c053b6b839c8f6b923fe852f91239b9fccc");
+//            assertTrue(ontSdk.nativevm().ontId().verifyCredNotRevoked(vc));
+        }
+    }
+
     public void testVerifyPresentationProof() {
         try {
             CredentialSubject subject1 = new CredentialSubject(ownerIdentity.ontid, "nnn", "sss");