Fix #54 - Support for ES384 during verification

decentralised-dataexchange · Aug 30, 2024 · 5c94971 · 5c94971
1 parent 9ea9b43
commit 5c94971
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 9 deletions.
diff --git a/...java/com/ewc/eudi_wallet_oidc_android/services/credentialValidation/SignatureValidator.kt b/...java/com/ewc/eudi_wallet_oidc_android/services/credentialValidation/SignatureValidator.kt
@@ -16,8 +16,6 @@ import com.nimbusds.jose.util.Base64URL
 import kotlinx.coroutines.Dispatchers
 import kotlinx.coroutines.withContext
 import java.net.URL
-import com.google.gson.JsonArray
-import com.google.gson.JsonParser
 import com.nimbusds.jose.JOSEException
 import com.nimbusds.jose.JWSAlgorithm
 import com.nimbusds.jose.JWSVerifier
@@ -43,10 +41,11 @@ class SignatureValidator {
                 val jwsObject = JWSObject.parse(jwt)
                 val header = jwsObject.header
                 val kid = header.keyID
+                val algorithm = jwsObject.header.algorithm
 
                 // Check the format of kid and process accordingly
                 val response = if ( kid !=null && kid.startsWith("did:key:z")) {
-                    processJWKFromKID(kid)
+                    processJWKFromKID(kid,algorithm)
                 } else if ( kid !=null && kid.startsWith("did:ebsi:z")){
                     processEbsiJWKFromKID(kid)
                 }
@@ -130,7 +129,7 @@ class SignatureValidator {
      * @param did
      * @return
      */
-    private fun processJWKFromKID(did: String?): JWK? {
+    private fun processJWKFromKID(did: String?, algorithm: JWSAlgorithm): JWK? {
         try {
             if (did == null || !did.startsWith("did:key:z")) {
                 throw IllegalArgumentException("Invalid DID format")
@@ -142,7 +141,7 @@ class SignatureValidator {
                 did.substring("did:key:z".length)
             }
             // Call convertDIDToJWK function from DIDService
-            return DIDService().convertDIDToJWK(multiBaseEncoded)
+            return DIDService().convertDIDToJWK(multiBaseEncoded,algorithm)
         } catch (e: IllegalArgumentException) {
             // Handle specific exception if needed
             throw IllegalArgumentException("Error converting DID to JWK", e)

diff --git a/...et-oidc-android/src/main/java/com/ewc/eudi_wallet_oidc_android/services/did/DIDService.kt b/...et-oidc-android/src/main/java/com/ewc/eudi_wallet_oidc_android/services/did/DIDService.kt
@@ -2,6 +2,9 @@ package com.ewc.eudi_wallet_oidc_android.services.did
 
 import com.ewc.eudi_wallet_oidc_android.CryptographicAlgorithms
 import com.mediaparkpk.base58android.Base58
+import com.nimbusds.jose.JOSEException
+import com.nimbusds.jose.JWSAlgorithm
+import com.nimbusds.jose.crypto.ECDSAVerifier
 import com.nimbusds.jose.jwk.Curve
 import com.nimbusds.jose.jwk.ECKey
 import com.nimbusds.jose.jwk.JWK
@@ -211,7 +214,7 @@ class DIDService : DIDServiceInterface {
      * @return JWK object
      * @throws IllegalArgumentException if the DID format is invalid, decoding fails, or JSON parsing errors occur
      */
-    override fun convertDIDToJWK(did: String): JWK {
+    override fun convertDIDToJWK(did: String, algorithm: JWSAlgorithm,): JWK {
         val multiCodecBytes = try {
             Base58.decode(did)
         } catch (e: IllegalArgumentException) {
@@ -233,7 +236,13 @@ class DIDService : DIDServiceInterface {
         val y = jsonObject.get("y") as String
 
         // Create ECKey using Curve.P_256 (or appropriate curve)
-        val ecKey = ECKey.Builder(Curve.P_256, Base64URL.from(x), Base64URL.from(y))
+        val curve=  when (algorithm) {
+            JWSAlgorithm.ES256 -> Curve.P_256
+            JWSAlgorithm.ES384 -> Curve.P_384
+            JWSAlgorithm.ES512 -> Curve.P_521
+            else -> throw JOSEException("Unsupported JWS algorithm $algorithm")
+        }
+        val ecKey = ECKey.Builder(curve, Base64URL.from(x), Base64URL.from(y))
             .build()
 
         // Return as JWK

diff --git a/...ndroid/src/main/java/com/ewc/eudi_wallet_oidc_android/services/did/DIDServiceInterface.kt b/...ndroid/src/main/java/com/ewc/eudi_wallet_oidc_android/services/did/DIDServiceInterface.kt
@@ -1,9 +1,9 @@
 package com.ewc.eudi_wallet_oidc_android.services.did
 
 import com.ewc.eudi_wallet_oidc_android.CryptographicAlgorithms
+import com.nimbusds.jose.JWSAlgorithm
 import com.nimbusds.jose.jwk.ECKey
 import com.nimbusds.jose.jwk.JWK
-import com.nimbusds.jose.jwk.OctetKeyPair
 import com.nimbusds.jose.util.Base64URL
 
 interface DIDServiceInterface {
@@ -84,5 +84,5 @@ interface DIDServiceInterface {
      * @return JWK object
      * @throws IllegalArgumentException if the DID format is invalid or conversion fails
      */
-    fun convertDIDToJWK(did:String):JWK
+    fun convertDIDToJWK(did: String, algorithm: JWSAlgorithm):JWK
 }