Skip to content

Commit

Permalink
When the owner requests his data, it is changed so that it is not
Browse files Browse the repository at this point in the history 
verified
  • Loading branch information
@YoungBaeJeon
YoungBaeJeon committed Mar 20, 2020
1 parent 22511f6 commit d56b9ea
Show file tree
Hide file tree
Showing 3 changed files with 77 additions and 65 deletions.
6 changes: 3 additions & 3 deletions pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@

<groupId>com.metaidum</groupId>
<artifactId>identity-hub-client-java</artifactId>
<version>0.1.5</version>
<version>0.1.6</version>
<packaging>jar</packaging>

<name>identity-hub-client-java</name>
Expand Down Expand Up @@ -45,13 +45,13 @@
<dependency>
<groupId>com.github.METADIUM</groupId>
<artifactId>did-resolver-java-client</artifactId>
<version>0.1.3</version>
<version>0.1.4</version>
</dependency>

<dependency>
<groupId>com.github.METADIUM</groupId>
<artifactId>verifiable-credential-java</artifactId>
<version>0.1.4</version>
<version>0.1.7</version>
</dependency>

<dependency>
Expand Down
94 changes: 43 additions & 51 deletions src/main/java/com/metaidum/identity/hub/client/IdentityHub.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -388,11 +388,7 @@ private CommitObject decryptAndVerifyCommitQueryResponse(String subjectOwnerDid,
// Verify commit content
JWSObject commitObject;
try {
commitObject = new JWSObject(
new Base64URL(commit.getProtectedHeader()),
new Base64URL(commit.getPayload()),
new Base64URL(commit.getSignature())
);
commitObject = new JWSObject(new Base64URL(commit.getProtectedHeader()), new Base64URL(commit.getPayload()), new Base64URL(commit.getSignature()));
}
catch (ParseException e1) {
throw new CommitObjectException("Commit is not JWS", e1);
Expand All @@ -402,22 +398,10 @@ private CommitObject decryptAndVerifyCommitQueryResponse(String subjectOwnerDid,
logger.log(Level.INFO, "Hub-Response CommitedObject\nHeader "+commitObject.getHeader().toString()+"\nPayload "+commitObject.getPayload().toString());
}

// 요청자와 owner 가 같으면 검증 하지 않음
String resKid = commitObject.getHeader().getKeyID();
DidDocument didDocument = DIDResolverAPI.getInstance().getDocument(resKid.split("#")[0]);
PublicKey publicKey = didDocument.getPublicKey(resKid);
ECDSAVerifier verifier;
try {
verifier = new ECDSAVerifier((ECPublicKey)publicKey.getPublicKey());
verifier.getJCAContext().setProvider(new BouncyCastleProvider());
} catch (JOSEException e1) {
throw new CommitObjectException("Invalid public key. "+publicKey.getPublicKeyHex(), e1);
}
try {
if (!commitObject.verify(verifier)) {
throw new CommitObjectException("Verify failed commit");
}
} catch (JOSEException e1) {
throw new CommitObjectException("Error when verifying commit", e1);
if (!clientDid.equals(subjectOwnerDid) || !resKid.equals(clientKeyId)) {
verifyJws(commitObject);
}

// Verify encrypted content
Expand All @@ -430,16 +414,10 @@ private CommitObject decryptAndVerifyCommitQueryResponse(String subjectOwnerDid,
if (bDebug) {
logger.log(Level.INFO, "Hub-Response EncryptVerifiable\nHeader "+encryptedJWT.getHeader().toString());
}
didDocument = DIDResolverAPI.getInstance().getDocument(encryptedJWT.getHeader().getKeyID().split("#")[0]);
publicKey = didDocument.getPublicKey(encryptedJWT.getHeader().getKeyID());
try {
verifier = new ECDSAVerifier((ECPublicKey)publicKey.getPublicKey());
verifier.getJCAContext().setProvider(new BouncyCastleProvider());
if (!encryptedJWT.verify(verifier)) {
throw new CommitObjectException("Verify failed payload in commit");
}
} catch (JOSEException e1) {
throw new CommitObjectException("Error when verifying payload in commit", e1);

resKid = encryptedJWT.getHeader().getKeyID();
if (!clientDid.equals(subjectOwnerDid) || !resKid.equals(clientKeyId)) {
verifyJws(encryptedJWT);
}

// get encrypted secret key
Expand Down Expand Up @@ -503,27 +481,19 @@ private CommitObject decryptAndVerifyCommitQueryResponse(String subjectOwnerDid,
}

// Verify verifiable
didDocument = DIDResolverAPI.getInstance().getDocument(verifierKeyId.split("#")[0]);
publicKey = didDocument.getPublicKey(verifierKeyId);
try {
verifier = new ECDSAVerifier((ECPublicKey)publicKey.getPublicKey());
verifier.getJCAContext().setProvider(new BouncyCastleProvider());
if (verifiableJwts.verify(verifier)) {
// protected + header
JWSHeader.Builder headerBuilder = new JWSHeader.Builder(commitObject.getHeader());
headerBuilder.customParams(new HashMap<>(commitObject.getHeader().getCustomParams()));
for (String key : commit.getHeader().keySet()) {
headerBuilder.customParam(key, commit.getHeader().get(key));
}

return new CommitObject(headerBuilder.build(), new Payload(verifiableJsonString));
}
else {
throw new CommitObjectException("Verify failed verifiable");
}
} catch (JOSEException e) {
throw new CommitObjectException("Error when verifying verifiable", e);
if (!clientDid.equals(subjectOwnerDid)) {
verifyJws(verifiableJwts);
}


// protected + header
JWSHeader.Builder headerBuilder = new JWSHeader.Builder(commitObject.getHeader());
headerBuilder.customParams(new HashMap<>(commitObject.getHeader().getCustomParams()));
for (String key : commit.getHeader().keySet()) {
headerBuilder.customParam(key, commit.getHeader().get(key));
}

return new CommitObject(headerBuilder.build(), new Payload(verifiableJsonString));
}


Expand Down Expand Up @@ -801,7 +771,29 @@ public WriteObjectResponse writeRequestForPermission(String subjectOwnerDid, Str




private void verifyJws(JWSObject jwsObject) throws CommitObjectException {
String did = (String)jwsObject.getHeader().getCustomParam("iss");
if (did == null) {
did = jwsObject.getHeader().getKeyID().split("#")[0];
}

DidDocument didDocument = DIDResolverAPI.getInstance().getDocument(did);
PublicKey publicKey = didDocument.getPublicKey(jwsObject.getHeader().getKeyID());
ECDSAVerifier verifier;
try {
verifier = new ECDSAVerifier((ECPublicKey)publicKey.getPublicKey());
verifier.getJCAContext().setProvider(new BouncyCastleProvider());
} catch (JOSEException e1) {
throw new CommitObjectException("Invalid public key. "+publicKey.getPublicKeyHex(), e1);
}
try {
if (!jwsObject.verify(verifier)) {
throw new CommitObjectException("Verify failed");
}
} catch (JOSEException e1) {
throw new CommitObjectException("Error when verifying", e1);
}
}


}
42 changes: 31 additions & 11 deletions src/test/java/com/metadium/identity/hub/client/HubTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@
import java.security.GeneralSecurityException;
import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Calendar;
import java.util.Collections;
import java.util.LinkedHashMap;
Expand All @@ -25,7 +26,6 @@
import com.metadium.vc.VerifiablePresentation;
import com.metadium.vc.VerifiableSignedJWT;
import com.metadium.vc.util.ECKeyUtils;
import com.metaidum.did.resolver.client.DIDResolverAPI;
import com.metaidum.identity.hub.client.IdentityHub;
import com.metaidum.identity.hub.client.crypto.AES;
import com.metaidum.identity.hub.client.request.BasicRequest;
Expand All @@ -43,13 +43,12 @@
public class HubTest {
static {
IdentityHub.setDebug(true);
DIDResolverAPI.setDebug(true);
}

private static final String did = "did:meta:testnet:000000000000000000000000000000000000000000000000000000000000054b";
private static final String keyId = "did:meta:testnet:000000000000000000000000000000000000000000000000000000000000054b#MetaManagementKey#cfd31afff25b2260ea15ef59f2d5d7dfe8c13511";
private static final String privateKeyHex = "86975dca6a36062768cf4b648b5b3f712caa2d1d61fa42520624a8e574788822";
private static final String publicKeyHex = "d3e33a1791e77362130f9c11352933ea035e6fa3079610aa60ba800c9b963e132ed8db542d305027c4f1738efbed15bc63dc9f619c74c8e68287576769f5da3e";
private static final String did = "did:meta:testnet:000000000000000000000000000000000000000000000000000000000000087a";
private static final String keyId = "did:meta:testnet:000000000000000000000000000000000000000000000000000000000000087a#MetaManagementKey#d364fbce2b48d1b61b70d55464a00692c16c1953";
private static final String privateKeyHex = "cbf5bda2fc9e22472e7ae6159d9045269a8c07ac103dbbb10f2c3a230f68841f";
private static final String publicKeyHex = "e6e8bab06a42e37badab2226a5d899cf936694a8a3dbe4d9a3cd13c260f4979edf2737dc453f987f66800c79365982ee80ac0c255781e37b1e77f6522b62dfdf";
private static final BCECPrivateKey privateKey = ECKeyUtils.toECPrivateKey(Numeric.toBigInt(privateKeyHex), "secp256k1");
private static final BCECPublicKey publicKey = ECKeyUtils.toECPublicKey(Numeric.toBigInt(publicKeyHex), "secp256k1");
private IdentityHub hubClient;
Expand All @@ -68,8 +67,8 @@ public void setup() throws Exception {
System.setOut(System.out);
System.setErr(System.err);

IdentityHub.setUrl("https://testnetih.metadium.com/");
DIDResolverAPI.getInstance().setResolverUrl("http://13.125.251.87:3006/1.0/");
// IdentityHub.setUrl("https://testnetih.metadium.com/");
// DIDResolverAPI.getInstance().setResolverUrl("http://13.125.251.87:3006/1.0/");

if (hubClient == null) {
hubClient = new IdentityHub(true, did, keyId, new ECDSASigner(privateKey));
Expand Down Expand Up @@ -138,7 +137,7 @@ public void presentationTest() throws Exception {
VerifiablePresentation vp = (VerifiablePresentation)VerifiableSignedJWT.toVerifiable(signedVp);

// write vp
WriteObjectResponse writeResponse = hubClient.writeRequestForVerifiableObject(did, publicKey, signedVp, Operation.create, null, null);
WriteObjectResponse writeResponse = hubClient.writeRequestForVerifiableObject(did, publicKey, signedVp, Operation.create, null, Collections.singletonList(spDid));
assertNotNull(writeResponse.getRevisions());
assertEquals(1, writeResponse.getRevisions().size());

Expand All @@ -156,6 +155,24 @@ public void presentationTest() throws Exception {
SignedJWT readSignedJWT = commitObjects.get(0).getPayload().toSignedJWT();
assertEquals(signedVp.serialize(), readSignedJWT.serialize());

// add permission for sp
PermissionGrantPayload permissionPayload = new PermissionGrantPayload();
permissionPayload.setContext(BasicRequest.context);
permissionPayload.setAllow("-R--");
permissionPayload.setOwner(did);
permissionPayload.setGrantee(spDid);
permissionPayload.setType( new ArrayList<>(vp.getTypes()));
WriteObjectResponse writePermissionResponse = hubClient.writeRequestForPermission(did, writeResponse.getRevisions().get(0), Operation.create, permissionPayload);
assertNotNull(writePermissionResponse.getRevisions());
assertEquals(1, writePermissionResponse.getRevisions().size());

commitObjects = spHubClient.getDecryptedCommitsOfObjects(did, new ArrayList<>(vp.getTypes()), spPrivateKey);
assertTrue(commitObjects.size() == 1);
assertEquals(objectId, commitObjects.get(0).getHeader().getCustomParam("object_id"));
readSignedJWT = commitObjects.get(0).getPayload().toSignedJWT();
assertEquals(signedVp.serialize(), readSignedJWT.serialize());


// replace vp
signedVp = makeTestVP();
vp = (VerifiablePresentation)VerifiableSignedJWT.toVerifiable(signedVp);
Expand Down Expand Up @@ -292,7 +309,10 @@ public void eciesTest() throws GeneralSecurityException {

assertArrayEquals(message, decryptedText);
}


}

@Test
public void getVPTest() throws Exception {
List<CommitObject> vpList = hubClient.getDecryptedCommitsOfObjects(did, Arrays.asList(VerifiablePresentation.JSONLD_TYPE_PRESENTATION, "AA", "coinplug", "email"), privateKey);
}
}

0 comments on commit d56b9ea

Please sign in to comment.