fedimovies/src/json_signatures/verify.rs

use rsa::RsaPublicKey;
use serde_json::Value;

use crate::ethereum::identity::verify_eip191_signature;
use crate::identity::{
    did::Did,
    did_key::DidKey,
    did_pkh::DidPkh,
    minisign::verify_ed25519_signature,
    signatures::{
        PROOF_TYPE_JCS_ED25519,
        PROOF_TYPE_JCS_EIP191,
        PROOF_TYPE_JCS_RSA,
    },
};
use crate::utils::{
    canonicalization::{
        canonicalize_object,
        CanonicalizationError,
    },
    crypto_rsa::verify_rsa_signature,
    multibase::{decode_multibase_base58btc, MultibaseError},
};
use super::create::{
    IntegrityProof,
    PROOF_KEY,
    PROOF_PURPOSE,
};

#[derive(Debug, PartialEq)]
pub enum JsonSigner {
    ActorKeyId(String),
    Did(Did),
}

pub struct SignatureData {
    pub signer: JsonSigner,
    pub message: String,
    pub signature: Vec<u8>,
}

#[derive(thiserror::Error, Debug)]
pub enum JsonSignatureVerificationError {
    #[error("invalid object")]
    InvalidObject,

    #[error("no proof")]
    NoProof,

    #[error("{0}")]
    InvalidProof(&'static str),

    #[error(transparent)]
    CanonicalizationError(#[from] CanonicalizationError),

    #[error("invalid encoding")]
    InvalidEncoding(#[from] MultibaseError),

    #[error("invalid signature")]
    InvalidSignature,
}

type VerificationError = JsonSignatureVerificationError;

pub fn get_json_signature(
    object: &Value,
) -> Result<SignatureData, VerificationError> {
    let mut object = object.clone();
    let object_map = object.as_object_mut()
        .ok_or(VerificationError::InvalidObject)?;
    let proof_value = object_map.remove(PROOF_KEY)
        .ok_or(VerificationError::NoProof)?;
    let proof: IntegrityProof = serde_json::from_value(proof_value)
        .map_err(|_| VerificationError::InvalidProof("invalid proof"))?;
    if proof.proof_purpose != PROOF_PURPOSE {
        return Err(VerificationError::InvalidProof("invalid proof purpose"));
    };
    let signer = match proof.proof_type.as_str() {
        PROOF_TYPE_JCS_EIP191 => {
            let did_pkh: DidPkh = proof.verification_method.parse()
                .map_err(|_| VerificationError::InvalidProof("invalid DID"))?;
            JsonSigner::Did(Did::Pkh(did_pkh))
        },
        PROOF_TYPE_JCS_ED25519 => {
            let did_key: DidKey = proof.verification_method.parse()
                .map_err(|_| VerificationError::InvalidProof("invalid DID"))?;
            JsonSigner::Did(Did::Key(did_key))
        },
        PROOF_TYPE_JCS_RSA => {
            JsonSigner::ActorKeyId(proof.verification_method)
        },
        _ => {
            return Err(VerificationError::InvalidProof("unsupported proof type"));
        },
    };
    let message = canonicalize_object(&object)?;
    let signature = decode_multibase_base58btc(&proof.proof_value)?;
    let signature_data = SignatureData {
        signer: signer,
        message: message,
        signature: signature,
    };
    Ok(signature_data)
}

pub fn verify_rsa_json_signature(
    signature_data: &SignatureData,
    signer_key: &RsaPublicKey,
) -> Result<(), VerificationError> {
    let is_valid_signature = verify_rsa_signature(
        signer_key,
        &signature_data.message,
        &signature_data.signature,
    );
    if !is_valid_signature {
        return Err(VerificationError::InvalidSignature);
    };
    Ok(())
}

pub fn verify_eip191_json_signature(
    signer: &DidPkh,
    message: &str,
    signature: &[u8],
) -> Result<(), VerificationError> {
    let signature_hex = hex::encode(signature);
    verify_eip191_signature(signer, message, &signature_hex)
        .map_err(|_| VerificationError::InvalidSignature)
}

pub fn verify_ed25519_json_signature(
    signer: &DidKey,
    message: &str,
    signature: &[u8],
) -> Result<(), VerificationError> {
    verify_ed25519_signature(signer, message, signature)
        .map_err(|_| VerificationError::InvalidSignature)
}

#[cfg(test)]
mod tests {
    use serde_json::json;
    use crate::json_signatures::create::sign_object;
    use crate::utils::crypto_rsa::generate_weak_rsa_key;
    use crate::utils::currencies::Currency;
    use super::*;

    #[test]
    fn test_get_json_signature_eip191() {
        let signed_object = json!({
            "type": "Test",
            "id": "https://example.org/objects/1",
            "proof": {
                "type": "JcsEip191Signature2022",
                "proofPurpose": "assertionMethod",
                "verificationMethod": "did:pkh:eip155:1:0xb9c5714089478a327f09197987f16f9e5d936e8a",
                "created": "2020-11-05T19:23:24Z",
                "proofValue": "zE5J",
            },
        });
        let signature_data = get_json_signature(&signed_object).unwrap();
        let expected_signer = JsonSigner::Did(Did::Pkh(DidPkh::from_address(
            &Currency::Ethereum,
            "0xb9c5714089478a327f09197987f16f9e5d936e8a",
        )));
        assert_eq!(signature_data.signer, expected_signer);
        assert_eq!(hex::encode(signature_data.signature), "abcd");
    }

    #[test]
    fn test_create_and_verify_signature() {
        let signer_key = generate_weak_rsa_key().unwrap();
        let signer_key_id = "https://example.org/users/test#main-key";
        let object = json!({
            "type": "Create",
            "actor": "https://example.org/users/test",
            "id": "https://example.org/objects/1",
            "to": [
                "https://example.org/users/yyy",
                "https://example.org/users/xxx",
            ],
            "object": {
                "type": "Note",
                "content": "test",
            },
        });
        let signed_object = sign_object(
            &object,
            &signer_key,
            signer_key_id,
        ).unwrap();

        let signature_data = get_json_signature(&signed_object).unwrap();
        let expected_signer = JsonSigner::ActorKeyId(signer_key_id.to_string());
        assert_eq!(signature_data.signer, expected_signer);

        let signer_public_key = RsaPublicKey::from(signer_key);
        let result = verify_rsa_json_signature(
            &signature_data,
            &signer_public_key,
        );
        assert_eq!(result.is_ok(), true);
    }
}
Verify signed activities 2022-10-23 23:46:51 +00:00			`use rsa::RsaPublicKey;`
			`use serde_json::Value;`

Refactor signature verifiers 2022-11-10 21:52:45 +00:00			`use crate::ethereum::identity::verify_eip191_signature;`
Move signature suites to identity::signatures module 2022-11-10 19:06:10 +00:00			`use crate::identity::{`
Support integrity proofs created with minisign 2022-11-10 18:47:22 +00:00			`did::Did,`
			`did_key::DidKey,`
Move signature suites to identity::signatures module 2022-11-10 19:06:10 +00:00			`did_pkh::DidPkh,`
Change signature format in minisign integrity proofs 2022-11-19 14:54:33 +00:00			`minisign::verify_ed25519_signature,`
Support integrity proofs created with minisign 2022-11-10 18:47:22 +00:00			`signatures::{`
Change signature format in minisign integrity proofs 2022-11-19 14:54:33 +00:00			`PROOF_TYPE_JCS_ED25519,`
Support integrity proofs created with minisign 2022-11-10 18:47:22 +00:00			`PROOF_TYPE_JCS_EIP191,`
			`PROOF_TYPE_JCS_RSA,`
			`},`
Move signature suites to identity::signatures module 2022-11-10 19:06:10 +00:00			`};`
Use multibase encoding for integrity proofs 2022-11-19 15:08:40 +00:00			`use crate::utils::{`
			`canonicalization::{`
			`canonicalize_object,`
			`CanonicalizationError,`
			`},`
			`crypto_rsa::verify_rsa_signature,`
			`multibase::{decode_multibase_base58btc, MultibaseError},`
Use canonicalized JSON for identity claims 2022-11-10 16:44:05 +00:00			`};`
Create function for inserting integrity proofs into JSON objects 2022-11-01 17:39:42 +00:00			`use super::create::{`
			`IntegrityProof,`
			`PROOF_KEY,`
			`PROOF_PURPOSE,`
			`};`
Verify signed activities 2022-10-23 23:46:51 +00:00
Rewrite get_json_signature to return signer type along with other info 2022-11-02 17:15:15 +00:00			`#[derive(Debug, PartialEq)]`
			`pub enum JsonSigner {`
			`ActorKeyId(String),`
Support integrity proofs created with minisign 2022-11-10 18:47:22 +00:00			`Did(Did),`
Rewrite get_json_signature to return signer type along with other info 2022-11-02 17:15:15 +00:00			`}`

Verify signed activities 2022-10-23 23:46:51 +00:00			`pub struct SignatureData {`
Rewrite get_json_signature to return signer type along with other info 2022-11-02 17:15:15 +00:00			`pub signer: JsonSigner,`
Verify signed activities 2022-10-23 23:46:51 +00:00			`pub message: String,`
Use multibase encoding for integrity proofs 2022-11-19 15:08:40 +00:00			`pub signature: Vec<u8>,`
Verify signed activities 2022-10-23 23:46:51 +00:00			`}`

			`#[derive(thiserror::Error, Debug)]`
			`pub enum JsonSignatureVerificationError {`
			`#[error("invalid object")]`
			`InvalidObject,`

			`#[error("no proof")]`
			`NoProof,`

			`#[error("{0}")]`
			`InvalidProof(&'static str),`

Add canonicalize_object function 2022-10-31 20:12:19 +00:00			`#[error(transparent)]`
			`CanonicalizationError(#[from] CanonicalizationError),`
Verify signed activities 2022-10-23 23:46:51 +00:00
			`#[error("invalid encoding")]`
Use multibase encoding for integrity proofs 2022-11-19 15:08:40 +00:00			`InvalidEncoding(#[from] MultibaseError),`
Verify signed activities 2022-10-23 23:46:51 +00:00
			`#[error("invalid signature")]`
			`InvalidSignature,`
			`}`

			`type VerificationError = JsonSignatureVerificationError;`

			`pub fn get_json_signature(`
			`object: &Value,`
			`) -> Result<SignatureData, VerificationError> {`
			`let mut object = object.clone();`
			`let object_map = object.as_object_mut()`
			`.ok_or(VerificationError::InvalidObject)?;`
Return error if trying to sign activity which is already signed 2022-11-01 00:02:25 +00:00			`let proof_value = object_map.remove(PROOF_KEY)`
Verify signed activities 2022-10-23 23:46:51 +00:00			`.ok_or(VerificationError::NoProof)?;`
Create function for inserting integrity proofs into JSON objects 2022-11-01 17:39:42 +00:00			`let proof: IntegrityProof = serde_json::from_value(proof_value)`
Verify signed activities 2022-10-23 23:46:51 +00:00			`.map_err(\|_\| VerificationError::InvalidProof("invalid proof"))?;`
Rewrite get_json_signature to return signer type along with other info 2022-11-02 17:15:15 +00:00			`if proof.proof_purpose != PROOF_PURPOSE {`
			`return Err(VerificationError::InvalidProof("invalid proof purpose"));`
			`};`
Verify activities containing EIP-155 integrity proof 2022-11-02 12:16:10 +00:00			`let signer = match proof.proof_type.as_str() {`
			`PROOF_TYPE_JCS_EIP191 => {`
Support integrity proofs created with minisign 2022-11-10 18:47:22 +00:00			`let did_pkh: DidPkh = proof.verification_method.parse()`
Verify activities containing EIP-155 integrity proof 2022-11-02 12:16:10 +00:00			`.map_err(\|_\| VerificationError::InvalidProof("invalid DID"))?;`
Support integrity proofs created with minisign 2022-11-10 18:47:22 +00:00			`JsonSigner::Did(Did::Pkh(did_pkh))`
			`},`
Change signature format in minisign integrity proofs 2022-11-19 14:54:33 +00:00			`PROOF_TYPE_JCS_ED25519 => {`
Support integrity proofs created with minisign 2022-11-10 18:47:22 +00:00			`let did_key: DidKey = proof.verification_method.parse()`
			`.map_err(\|_\| VerificationError::InvalidProof("invalid DID"))?;`
			`JsonSigner::Did(Did::Key(did_key))`
Verify activities containing EIP-155 integrity proof 2022-11-02 12:16:10 +00:00			`},`
			`PROOF_TYPE_JCS_RSA => {`
			`JsonSigner::ActorKeyId(proof.verification_method)`
			`},`
			`_ => {`
			`return Err(VerificationError::InvalidProof("unsupported proof type"));`
			`},`
Verify signed activities 2022-10-23 23:46:51 +00:00			`};`
Add canonicalize_object function 2022-10-31 20:12:19 +00:00			`let message = canonicalize_object(&object)?;`
Use multibase encoding for integrity proofs 2022-11-19 15:08:40 +00:00			`let signature = decode_multibase_base58btc(&proof.proof_value)?;`
Verify signed activities 2022-10-23 23:46:51 +00:00			`let signature_data = SignatureData {`
Rewrite get_json_signature to return signer type along with other info 2022-11-02 17:15:15 +00:00			`signer: signer,`
Add canonicalize_object function 2022-10-31 20:12:19 +00:00			`message: message,`
Use multibase encoding for integrity proofs 2022-11-19 15:08:40 +00:00			`signature: signature,`
Verify signed activities 2022-10-23 23:46:51 +00:00			`};`
			`Ok(signature_data)`
			`}`

Refactor signature verifiers 2022-11-10 21:52:45 +00:00			`pub fn verify_rsa_json_signature(`
Verify signed activities 2022-10-23 23:46:51 +00:00			`signature_data: &SignatureData,`
			`signer_key: &RsaPublicKey,`
			`) -> Result<(), VerificationError> {`
Rename utils::crypto module to crypto_rsa 2022-11-13 18:43:57 +00:00			`let is_valid_signature = verify_rsa_signature(`
Verify signed activities 2022-10-23 23:46:51 +00:00			`signer_key,`
			`&signature_data.message,`
Use multibase encoding for integrity proofs 2022-11-19 15:08:40 +00:00			`&signature_data.signature,`
Move base64 encoding/decoding out of RSA signing functions 2022-11-18 23:22:24 +00:00			`);`
Verify signed activities 2022-10-23 23:46:51 +00:00			`if !is_valid_signature {`
			`return Err(VerificationError::InvalidSignature);`
			`};`
			`Ok(())`
			`}`

Refactor signature verifiers 2022-11-10 21:52:45 +00:00			`pub fn verify_eip191_json_signature(`
Implement EIP-191 integrity proofs 2022-10-29 00:24:17 +00:00			`signer: &DidPkh,`
			`message: &str,`
Use multibase encoding for integrity proofs 2022-11-19 15:08:40 +00:00			`signature: &[u8],`
Implement EIP-191 integrity proofs 2022-10-29 00:24:17 +00:00			`) -> Result<(), VerificationError> {`
Use multibase encoding for integrity proofs 2022-11-19 15:08:40 +00:00			`let signature_hex = hex::encode(signature);`
Use base64 encoding for JcsEip191Signature2022 integrity proofs 2022-11-19 12:38:23 +00:00			`verify_eip191_signature(signer, message, &signature_hex)`
Refactor signature verifiers 2022-11-10 21:52:45 +00:00			`.map_err(\|_\| VerificationError::InvalidSignature)`
Implement EIP-191 integrity proofs 2022-10-29 00:24:17 +00:00			`}`

Change signature format in minisign integrity proofs 2022-11-19 14:54:33 +00:00			`pub fn verify_ed25519_json_signature(`
Support integrity proofs created with minisign 2022-11-10 18:47:22 +00:00			`signer: &DidKey,`
			`message: &str,`
Use multibase encoding for integrity proofs 2022-11-19 15:08:40 +00:00			`signature: &[u8],`
Support integrity proofs created with minisign 2022-11-10 18:47:22 +00:00			`) -> Result<(), VerificationError> {`
Use multibase encoding for integrity proofs 2022-11-19 15:08:40 +00:00			`verify_ed25519_signature(signer, message, signature)`
Support integrity proofs created with minisign 2022-11-10 18:47:22 +00:00			`.map_err(\|_\| VerificationError::InvalidSignature)`
			`}`

Verify signed activities 2022-10-23 23:46:51 +00:00			`#[cfg(test)]`
			`mod tests {`
			`use serde_json::json;`
			`use crate::json_signatures::create::sign_object;`
Rename utils::crypto module to crypto_rsa 2022-11-13 18:43:57 +00:00			`use crate::utils::crypto_rsa::generate_weak_rsa_key;`
Verify activities containing EIP-155 integrity proof 2022-11-02 12:16:10 +00:00			`use crate::utils::currencies::Currency;`
Verify signed activities 2022-10-23 23:46:51 +00:00			`use super::*;`

Verify activities containing EIP-155 integrity proof 2022-11-02 12:16:10 +00:00			`#[test]`
Move password utils to utils::passwords module 2022-11-13 18:15:56 +00:00			`fn test_get_json_signature_eip191() {`
Verify activities containing EIP-155 integrity proof 2022-11-02 12:16:10 +00:00			`let signed_object = json!({`
			`"type": "Test",`
			`"id": "https://example.org/objects/1",`
			`"proof": {`
			`"type": "JcsEip191Signature2022",`
			`"proofPurpose": "assertionMethod",`
			`"verificationMethod": "did:pkh:eip155:1:0xb9c5714089478a327f09197987f16f9e5d936e8a",`
			`"created": "2020-11-05T19:23:24Z",`
Use multibase encoding for integrity proofs 2022-11-19 15:08:40 +00:00			`"proofValue": "zE5J",`
Verify activities containing EIP-155 integrity proof 2022-11-02 12:16:10 +00:00			`},`
			`});`
			`let signature_data = get_json_signature(&signed_object).unwrap();`
Support integrity proofs created with minisign 2022-11-10 18:47:22 +00:00			`let expected_signer = JsonSigner::Did(Did::Pkh(DidPkh::from_address(`
Verify activities containing EIP-155 integrity proof 2022-11-02 12:16:10 +00:00			`&Currency::Ethereum,`
			`"0xb9c5714089478a327f09197987f16f9e5d936e8a",`
Support integrity proofs created with minisign 2022-11-10 18:47:22 +00:00			`)));`
Verify activities containing EIP-155 integrity proof 2022-11-02 12:16:10 +00:00			`assert_eq!(signature_data.signer, expected_signer);`
Use multibase encoding for integrity proofs 2022-11-19 15:08:40 +00:00			`assert_eq!(hex::encode(signature_data.signature), "abcd");`
Verify activities containing EIP-155 integrity proof 2022-11-02 12:16:10 +00:00			`}`

Verify signed activities 2022-10-23 23:46:51 +00:00			`#[test]`
			`fn test_create_and_verify_signature() {`
Rename utils::crypto module to crypto_rsa 2022-11-13 18:43:57 +00:00			`let signer_key = generate_weak_rsa_key().unwrap();`
Verify signed activities 2022-10-23 23:46:51 +00:00			`let signer_key_id = "https://example.org/users/test#main-key";`
			`let object = json!({`
			`"type": "Create",`
			`"actor": "https://example.org/users/test",`
			`"id": "https://example.org/objects/1",`
			`"to": [`
			`"https://example.org/users/yyy",`
			`"https://example.org/users/xxx",`
			`],`
			`"object": {`
			`"type": "Note",`
			`"content": "test",`
			`},`
			`});`
			`let signed_object = sign_object(`
			`&object,`
			`&signer_key,`
			`signer_key_id,`
			`).unwrap();`

			`let signature_data = get_json_signature(&signed_object).unwrap();`
Rewrite get_json_signature to return signer type along with other info 2022-11-02 17:15:15 +00:00			`let expected_signer = JsonSigner::ActorKeyId(signer_key_id.to_string());`
			`assert_eq!(signature_data.signer, expected_signer);`
Verify signed activities 2022-10-23 23:46:51 +00:00
			`let signer_public_key = RsaPublicKey::from(signer_key);`
Refactor signature verifiers 2022-11-10 21:52:45 +00:00			`let result = verify_rsa_json_signature(`
Rewrite get_json_signature to return signer type along with other info 2022-11-02 17:15:15 +00:00			`&signature_data,`
			`&signer_public_key,`
			`);`
Verify signed activities 2022-10-23 23:46:51 +00:00			`assert_eq!(result.is_ok(), true);`
			`}`
			`}`