| 1 | package org.cardanofoundation.explorer.api.util; | |
| 2 | ||
| 3 | import java.nio.charset.StandardCharsets; | |
| 4 | ||
| 5 | import lombok.extern.log4j.Log4j2; | |
| 6 | ||
| 7 | import com.nimbusds.jose.JWSAlgorithm; | |
| 8 | import com.nimbusds.jose.JWSHeader; | |
| 9 | import com.nimbusds.jose.JWSVerifier; | |
| 10 | import com.nimbusds.jose.Payload; | |
| 11 | import com.nimbusds.jose.crypto.Ed25519Verifier; | |
| 12 | import com.nimbusds.jose.jwk.Curve; | |
| 13 | import com.nimbusds.jose.jwk.OctetKeyPair; | |
| 14 | import com.nimbusds.jose.util.Base64URL; | |
| 15 | import org.apache.commons.codec.binary.Hex; | |
| 16 | import org.erdtman.jcs.JsonCanonicalizer; | |
| 17 | ||
| 18 | @Log4j2 | |
| 19 | public class JwsUtils { | |
| 20 | ||
| 21 | public static boolean verifySignatureWithEd25519( | |
| 22 | String publicKey, String signature, String jsonData) { | |
| 23 | try { | |
| 24 | Base64URL pubKeyBase64URL = Base64URL.encode(Hex.decodeHex(publicKey)); | |
| 25 | Base64URL sigBase64URL = Base64URL.encode(Hex.decodeHex(signature)); | |
| 26 | ||
| 27 | JsonCanonicalizer jc = new JsonCanonicalizer(jsonData); | |
| 28 | Base64URL offchainBase64url = Base64URL.encode(jc.getEncodedString()); | |
| 29 | ||
| 30 | OctetKeyPair publicJWK = | |
| 31 | new OctetKeyPair.Builder(Curve.Ed25519, pubKeyBase64URL).build().toPublicJWK(); | |
| 32 | JWSHeader jwsHeader = new JWSHeader(JWSAlgorithm.EdDSA); | |
| 33 | JWSVerifier verifier = new Ed25519Verifier(publicJWK); | |
| 34 |
2
1. verifySignatureWithEd25519 : replaced boolean return with true for org/cardanofoundation/explorer/api/util/JwsUtils::verifySignatureWithEd25519 → SURVIVED 2. verifySignatureWithEd25519 : replaced boolean return with false for org/cardanofoundation/explorer/api/util/JwsUtils::verifySignatureWithEd25519 → KILLED |
return verifier.verify( |
| 35 | jwsHeader, | |
| 36 | composeSigningInput(jwsHeader, new Payload(offchainBase64url)) | |
| 37 | .getBytes(StandardCharsets.UTF_8), | |
| 38 | sigBase64URL); | |
| 39 | } catch (Exception e) { | |
| 40 | log.error("Error while verifying signature", e); | |
| 41 |
1
1. verifySignatureWithEd25519 : replaced boolean return with true for org/cardanofoundation/explorer/api/util/JwsUtils::verifySignatureWithEd25519 → KILLED |
return false; |
| 42 | } | |
| 43 | } | |
| 44 | ||
| 45 | private static String composeSigningInput(JWSHeader jwsHeader, Payload payload) { | |
| 46 | ||
| 47 |
1
1. composeSigningInput : negated conditional → KILLED |
if (jwsHeader.isBase64URLEncodePayload()) { |
| 48 |
1
1. composeSigningInput : replaced return value with "" for org/cardanofoundation/explorer/api/util/JwsUtils::composeSigningInput → KILLED |
return jwsHeader.toBase64URL().toString() + '.' + payload.toBase64URL().toString(); |
| 49 | } else { | |
| 50 |
1
1. composeSigningInput : replaced return value with "" for org/cardanofoundation/explorer/api/util/JwsUtils::composeSigningInput → NO_COVERAGE |
return jwsHeader.toBase64URL().toString() + '.' + payload.toString(); |
| 51 | } | |
| 52 | } | |
| 53 | } | |
Mutations | ||
| 34 |
1.1 2.2 |
|
| 41 |
1.1 |
|
| 47 |
1.1 |
|
| 48 |
1.1 |
|
| 50 |
1.1 |