feat: add cosekey decode support

Author: sloops77

inspector-vc/pom.xml

@@ -99,5 +99,12 @@
 			<artifactId>bcprov-jdk18on</artifactId>
 			<version>1.80</version>
 		</dependency>
+
+		<!-- Cose -->
+		<dependency>
+			<groupId>com.authlete</groupId>
+			<artifactId>cbor</artifactId>
+			<version>1.19</version>
+		</dependency>
 	</dependencies>
 </project>

inspector-vc/src/main/java/org/velocitynetwork/contracts/AesGcmEncryptor.java

@@ -4,7 +4,6 @@
 import javax.crypto.spec.GCMParameterSpec;
 import javax.crypto.spec.PBEKeySpec;
 import javax.crypto.spec.SecretKeySpec;
-import java.nio.charset.StandardCharsets;
 import java.security.SecureRandom;
 
 public class AesGcmEncryptor {
@@ -15,7 +14,7 @@ public class AesGcmEncryptor {
     private static final int KEY_LENGTH_BIT = 256;
     private static final int PBKDF2_ITERATIONS = 2145;
 
-    public static byte[] encrypt(String plaintext, String secret) throws Exception {
+    public static byte[] encrypt(byte[] buffer, String secret) throws Exception {
         byte[] salt = new byte[SALT_LENGTH];
         byte[] iv = new byte[IV_LENGTH];
         SecureRandom random = new SecureRandom();
@@ -28,7 +27,7 @@ public static byte[] encrypt(String plaintext, String secret) throws Exception {
         GCMParameterSpec gcmSpec = new GCMParameterSpec(TAG_LENGTH_BIT, iv);
         cipher.init(Cipher.ENCRYPT_MODE, key, gcmSpec);
 
-        byte[] ciphertext = cipher.doFinal(plaintext.getBytes(StandardCharsets.UTF_8));
+        byte[] ciphertext = cipher.doFinal(buffer);
         byte[] tag = cipher.getIV(); // tag is internally appended in GCM
         byte[] authTag = cipher.getParameters().getParameterSpec(GCMParameterSpec.class).getIV(); // not always reliable
 
@@ -41,7 +40,7 @@ public static byte[] encrypt(String plaintext, String secret) throws Exception {
         return full;
     }
 
-    public static String decrypt(byte[] data, String secret) throws Exception {
+    public static byte[] decrypt(byte[] data, String secret) throws Exception {
         byte[] salt = new byte[SALT_LENGTH];
         byte[] iv = new byte[IV_LENGTH];
         byte[] tag = new byte[TAG_LENGTH_BIT / 8];
@@ -59,7 +58,7 @@ public static String decrypt(byte[] data, String secret) throws Exception {
         cipher.init(Cipher.DECRYPT_MODE, key, gcmSpec);
         cipher.updateAAD(tag); // Optional, depending on tagging mode
 
-        return new String(cipher.doFinal(ciphertext), StandardCharsets.UTF_8);
+        return cipher.doFinal(ciphertext);
     }
 
     private static SecretKey deriveKey(String password, byte[] salt) throws Exception {

inspector-vc/src/main/java/org/velocitynetwork/contracts/COSERSAKey.java

@@ -0,0 +1,82 @@
+package org.velocitynetwork.contracts;
+
+import com.authlete.cbor.*;
+import com.authlete.cose.COSEKey;
+
+import java.util.Base64;
+import java.util.List;
+import java.util.Map;
+
+public class COSERSAKey extends COSEKey {
+    private byte[] n;
+    private byte[] e;
+
+    public COSERSAKey(List<? extends CBORPair> pairs) {
+        super(pairs);
+        this.validateParameters(pairs);
+    }
+
+    private void validateParameters(List<? extends CBORPair> pairs) {
+        for(CBORPair pair : pairs) {
+            this.validateParameter(pair);
+        }
+    }
+
+    private void validateParameter(CBORPair pair) {
+        CBORItem label = pair.getKey();
+        if (label instanceof CBORInteger) {
+            this.validateKnownParameter((Integer)((CBORInteger)label).getValue(), pair.getValue());
+        }
+    }
+
+    private void validateKnownParameter(int label, CBORItem value) {
+        switch (label) {
+            case -1:
+                this.n = validateN(value);
+                break;
+            case -2:
+                this.e = validateE(value);
+                break;
+            default:
+                throw new IllegalArgumentException("RSA private keys are not supported");
+        }
+    }
+
+    private static byte[] validateN(CBORItem value) {
+        if (value instanceof CBORByteArray) {
+            return (byte[])getRawValue(value);
+        } else {
+            throw new IllegalArgumentException("n (-1) must be a byte string.");
+        }
+    }
+
+    private static byte[] validateE(CBORItem value) {
+        if (value instanceof CBORByteArray) {
+            return (byte[])getRawValue(value);
+        } else {
+            throw new IllegalArgumentException("e (-1) must be a byte string.");
+        }
+    }
+
+    public boolean isPrivate() {
+        return false;
+    }
+
+    protected void addJwkProperties(Map<String, Object> map) {
+        if (this.n != null) {
+            map.put("x", encodeByBase64Url(this.n));
+        }
+
+        if (this.e != null) {
+            map.put("d", encodeByBase64Url(this.e));
+        }
+    }
+
+    static Object getRawValue(CBORItem item) {
+        return ((CBORValue)item).getValue();
+    }
+
+    static String encodeByBase64Url(byte[] bytes) {
+        return Base64.getUrlEncoder().withoutPadding().encodeToString(bytes);
+    }
+}

inspector-vc/src/main/java/org/velocitynetwork/contracts/VelocityNetworkDidResolver.java

@@ -1,5 +1,9 @@
 package org.velocitynetwork.contracts;
 
+import com.authlete.cbor.CBORDecoder;
+import com.authlete.cbor.CBORItem;
+import com.authlete.cose.COSEEC2Key;
+import com.authlete.cose.COSEKey;
 import jakarta.json.Json;
 import jakarta.json.JsonObject;
 import org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPublicKey;
@@ -59,10 +63,14 @@ public static JsonObject resolvePublicKey(String id, VelocityNetworkMetadataRegi
             }
 
             try {
-                String publicKey = AesGcmEncryptor.decrypt(entry.encryptedPublicKey, secret);
-                Secp256k1JWK publicKeyJwk = new Secp256k1JWK.Builder(fromRawPublicKey(publicKey.getBytes(StandardCharsets.UTF_8))).build();
+                byte[] publicKeyBytes = AesGcmEncryptor.decrypt(entry.encryptedPublicKey, secret);
+                CBORItem item = new CBORDecoder(publicKeyBytes).next();
+                COSEKey coseKey = COSEKey.build(item);
+                if ((Integer) coseKey.getKty() == 3) {
+                    coseKey = new COSERSAKey(coseKey.getPairs());
+                }
                 JsonObject issuerVcJwt = IssuerVc.deserializeIssuerVc(entry);
-                return VerificationMethod.buildVerificationMethod(id + "#key-1", issuerVcJwt.getJsonObject("payload").getString("iss"), publicKeyJwk);
+                return VerificationMethod.buildVerificationMethod(id + "#key-1", issuerVcJwt.getJsonObject("payload").getString("iss"), coseKey);
             } catch (Exception e) {
                 return VerificationMethod.buildVerificationMethod(id);
             }
@@ -82,7 +90,7 @@ public VelocityNetworkDidResolver(String rpcUrl, String privateKey, String contr
 
     public JsonObject resolveDid(String did) throws Exception {
         List<Tuple<VelocityNetworkMetadataRegistry.CredentialIdentifier, String>> parsedDid = parseVelocityV2Did(did);
-        TransactionReceipt transactionReceipt= this.metadataRegistryContract.getPaidEntries(parsedDid.stream().map(tuple -> tuple.t1).toList(), randomUUID().toString(), burnerDid, burnerDid).send();
+        TransactionReceipt transactionReceipt = this.metadataRegistryContract.getPaidEntries(parsedDid.stream().map(tuple -> tuple.t1).toList(), randomUUID().toString(), burnerDid, burnerDid).send();
         List<VelocityNetworkMetadataRegistry.CredentialMetadata> metadataEntries =
                 VelocityNetworkMetadataRegistry.getGotCredentialMetadataEvents(transactionReceipt).getLast().credentialMetadataList;
 

inspector-vc/src/main/java/org/velocitynetwork/contracts/VerificationMethod.java

@@ -1,21 +1,20 @@
 package org.velocitynetwork.contracts;
 
+import com.authlete.cose.COSEKey;
 import jakarta.json.Json;
 import jakarta.json.JsonObject;
 import jakarta.json.JsonObjectBuilder;
-import org.web3j.crypto.Secp256k1JWK;
+
+import java.util.Map;
 
 public class VerificationMethod {
-    public static JsonObject buildVerificationMethod(String id, String controller, Secp256k1JWK publicKeyJwk) {
-        JsonObjectBuilder publicKeyJwkJson = Json.createObjectBuilder()
-                .add("kty", publicKeyJwk.getKty())
-                .add("crv", publicKeyJwk.getCrv())
-                .add("x", publicKeyJwk.getX())
-                .add("y", publicKeyJwk.getY());
-        if (publicKeyJwk.getD() != null) {
-            publicKeyJwkJson.add("d", publicKeyJwk.getD());
-        }
-        return Json.createObjectBuilder().add("id", id).add("publicKeyJwk", publicKeyJwkJson).add("controller", controller).build();
+    public static JsonObject buildVerificationMethod(String id, String controller, COSEKey coseKey) {
+        Map<String, Object> jwk = coseKey.toJwk();
+        JsonObjectBuilder jwkJson = Json.createObjectBuilder()
+                .add("kty", (String) jwk.get("kty"))
+                .add("n", (String) jwk.get("n"))
+                .add("e", (String) jwk.get("e"));
+        return Json.createObjectBuilder().add("id", id).add("publicKeyJwk", jwkJson).add("controller", controller).build();
     }
 
     public static JsonObject buildVerificationMethod(String id) {