-
Notifications
You must be signed in to change notification settings - Fork 18
/
Copy pathlinked_data_proof.go
111 lines (89 loc) · 3.73 KB
/
linked_data_proof.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
/*
Copyright SecureKey Technologies Inc. All Rights Reserved.
SPDX-License-Identifier: Apache-2.0
*/
package verifiable
import (
"fmt"
"time"
ldprocessor "github.com/trustbloc/did-go/doc/ld/processor"
"github.com/trustbloc/did-go/doc/ld/proof"
"github.com/trustbloc/kms-go/spi/kms"
"github.com/trustbloc/vc-go/verifiable/lddocument"
)
// SignatureRepresentation is a signature value holder type (e.g. "proofValue" or "jws").
type SignatureRepresentation int
const (
// SignatureProofValue uses "proofValue" field in a Proof to put/read a digital signature.
SignatureProofValue SignatureRepresentation = iota
// SignatureJWS uses "jws" field in a Proof as an element for representation of detached JSON Web Signatures.
SignatureJWS
)
// LinkedDataProofContext holds options needed to build a Linked Data Proof.
type LinkedDataProofContext struct {
// TODO: rename to ProofType
SignatureType string // required
ProofCreator lddocument.ProofCreator // required
KeyType kms.KeyType // required
SignatureRepresentation SignatureRepresentation // required
Created *time.Time // optional
VerificationMethod string // optional
Challenge string // optional
Domain string // optional
Purpose string // optional
// CapabilityChain must be an array. Each element is either a string or an object.
CapabilityChain []interface{}
}
func checkLinkedDataProof(jsonldBytes map[string]interface{},
proofChecker lddocument.ProofChecker, expectedProofIssuer *string, jsonldOpts *jsonldCredentialOpts) error {
documentVerifier := lddocument.NewDocumentVerifier(proofChecker)
processorOpts := mapJSONLDProcessorOpts(jsonldOpts)
err := documentVerifier.VerifyObject(jsonldBytes, expectedProofIssuer, processorOpts...)
if err != nil {
return fmt.Errorf("check linked data proof: %w", err)
}
return nil
}
func mapJSONLDProcessorOpts(jsonldOpts *jsonldCredentialOpts) []ldprocessor.Opts {
var processorOpts []ldprocessor.Opts
if jsonldOpts.jsonldDocumentLoader != nil {
processorOpts = append(processorOpts, ldprocessor.WithDocumentLoader(jsonldOpts.jsonldDocumentLoader))
}
if jsonldOpts.jsonldOnlyValidRDF {
processorOpts = append(processorOpts, ldprocessor.WithRemoveAllInvalidRDF())
} else {
processorOpts = append(processorOpts, ldprocessor.WithValidateRDF())
}
return processorOpts
}
type rawProof struct {
Proof JSONObject `json:"proof,omitempty"`
}
// addLinkedDataProof adds a new proof to the JSON-LD document (VC or VP). It returns a slice
// of the proofs which were already present appended with a newly created proof.
func addLinkedDataProof(context *LinkedDataProofContext, jsonld JSONObject,
opts ...ldprocessor.Opts) ([]Proof, error) {
documentSigner := lddocument.NewDocumentSigner(context.ProofCreator)
err := documentSigner.Sign(mapContext(context), jsonld, opts...)
if err != nil {
return nil, fmt.Errorf("add linked data proof: %w", err)
}
proofs, err := parseLDProof(jsonld[jsonFldLDProof])
if err != nil {
return nil, err
}
return proofs, nil
}
func mapContext(context *LinkedDataProofContext) *lddocument.SigningContext {
return &lddocument.SigningContext{
SignatureType: context.SignatureType,
SignatureRepresentation: proof.SignatureRepresentation(context.SignatureRepresentation),
KeyType: context.KeyType,
Created: context.Created,
VerificationMethod: context.VerificationMethod,
Challenge: context.Challenge,
Domain: context.Domain,
Purpose: context.Purpose,
CapabilityChain: context.CapabilityChain,
}
}