import { com, Nullable } from '@sphereon/kmp-mdoc-core' import { calculateJwkThumbprint, globalCrypto, verifyRawSignature } from '@sphereon/ssi-sdk-ext.key-utils' import { CertificateInfo, derToPEM, getCertificateInfo, getSubjectDN, pemOrDerToX509Certificate, validateX509CertificateChain, X509ValidationResult, } from '@sphereon/ssi-sdk-ext.x509-utils' import { JWK } from '@sphereon/ssi-types' import * as crypto from 'crypto' import { Certificate, CryptoEngine, setEngine } from 'pkijs' // @ts-ignore import { fromString } from 'uint8arrays/from-string' import { IRequiredContext, VerifyCertificateChainArgs } from '../types/ImDLMdoc' type CoseKeyCbor = com.sphereon.crypto.cose.CoseKeyCbor type ICoseKeyCbor = com.sphereon.crypto.cose.ICoseKeyCbor type ToBeSignedCbor = com.sphereon.crypto.cose.ToBeSignedCbor const CoseJoseKeyMappingService = com.sphereon.crypto.CoseJoseKeyMappingService type SignatureAlgorithm = com.sphereon.crypto.generic.SignatureAlgorithm type ICoseCryptoCallbackJS = com.sphereon.crypto.ICoseCryptoCallbackJS type IKey = com.sphereon.crypto.IKey type IX509ServiceJS = com.sphereon.crypto.IX509ServiceJS type Jwk = com.sphereon.crypto.jose.Jwk const KeyInfo = com.sphereon.crypto.KeyInfo type X509VerificationProfile = com.sphereon.crypto.X509VerificationProfile const DateTimeUtils = com.sphereon.kmp.DateTimeUtils const decodeFrom = com.sphereon.kmp.decodeFrom const encodeTo = com.sphereon.kmp.encodeTo const Encoding = com.sphereon.kmp.Encoding type LocalDateTimeKMP = com.sphereon.kmp.LocalDateTimeKMP const SignatureAlgorithm = com.sphereon.crypto.generic.SignatureAlgorithm const DefaultCallbacks = com.sphereon.crypto.DefaultCallbacks export class CoseCryptoService implements ICoseCryptoCallbackJS { constructor(private context?: IRequiredContext) {} setContext(context: IRequiredContext) { this.context = context } async signAsync(input: ToBeSignedCbor, requireX5Chain: Nullable): Promise { if (!this.context) { throw Error('No context provided. Please provide a context with the setContext method or constructor') } const { keyInfo, alg, value } = input let kmsKeyRef = keyInfo.kmsKeyRef ?? undefined if (!kmsKeyRef) { const key = keyInfo.key if (key == null) { return Promise.reject(Error('No key present in keyInfo. This implementation cannot sign without a key!')) } const resolvedKeyInfo = com.sphereon.crypto.ResolvedKeyInfo.Static.fromKeyInfo(keyInfo, key) const jwkKeyInfo: com.sphereon.crypto.ResolvedKeyInfo = CoseJoseKeyMappingService.toResolvedJwkKeyInfo(resolvedKeyInfo) const kid = jwkKeyInfo.kid ?? calculateJwkThumbprint({ jwk: jwkKeyInfo.key.toJsonDTO() }) ?? jwkKeyInfo.key.getKidAsString(true) if (!kid) { return Promise.reject(Error('No kid present and not kmsKeyRef provided')) } kmsKeyRef = kid } const result = await this.context.agent.keyManagerSign({ algorithm: alg.jose!!.value, data: encodeTo(value, Encoding.UTF8), encoding: 'utf-8', keyRef: kmsKeyRef!!, }) return decodeFrom(result, Encoding.UTF8) } async verify1Async( input: com.sphereon.crypto.cose.CoseSign1Cbor, keyInfo: com.sphereon.crypto.IKeyInfo, requireX5Chain: Nullable, ): Promise> { const getCertAndKey = async ( x5c: Nullable>, ): Promise<{ issuerCert?: Certificate issuerJwk?: Jwk }> => { if (requireX5Chain && (!x5c || x5c.length === 0)) { // We should not be able to get here anyway, as the MLD-mdoc library already validated at this point. But let's make sure return Promise.reject(new Error(`No x5chain was present in the CoseSign headers!`)) } // TODO: According to the IETF spec there should be a x5t in case the x5chain is in the protected headers. In the Funke this does not seem to be done/used! issuerCert = x5c ? pemOrDerToX509Certificate(x5c[0]) : undefined let issuerJwk: Jwk | undefined if (issuerCert) { const info = await getCertificateInfo(issuerCert) issuerJwk = info.publicKeyJWK } return { issuerCert, issuerJwk } } const coseKeyInfo = CoseJoseKeyMappingService.toCoseKeyInfo(keyInfo) if (coseKeyInfo?.key?.d) { throw Error('Do not use private keys to verify!') } else if (!input.payload?.value) { return Promise.reject(Error('Signature validation without payload not supported')) } const sign1Json = input.toJson() // Let's make it a bit easier on ourselves, instead of working with CBOR const coseAlg = sign1Json.protectedHeader.alg if (!coseAlg) { return Promise.reject(Error('No alg protected header present')) } let issuerCert: Certificate | undefined let issuerCoseKey: CoseKeyCbor | undefined let kid = coseKeyInfo?.kid ?? sign1Json.protectedHeader.kid ?? sign1Json.unprotectedHeader?.kid // Please note this method does not perform chain validation. The MDL-MSO_MDOC library already performed this before this step const x5c = coseKeyInfo?.key?.getX509CertificateChain() ?? sign1Json.protectedHeader?.x5chain ?? sign1Json.unprotectedHeader?.x5chain if (!coseKeyInfo || !coseKeyInfo?.key || coseKeyInfo?.key?.x5chain) { const certAndKey = await getCertAndKey(x5c) issuerCoseKey = certAndKey.issuerJwk ? CoseJoseKeyMappingService.toCoseKey(certAndKey.issuerJwk) : undefined issuerCert = certAndKey.issuerCert } if (!issuerCoseKey) { if (!coseKeyInfo?.key) { return Promise.reject(Error(`Either a x5c needs to be in the headers, or you need to provide a key for verification`)) } if (kid === null) { kid = coseKeyInfo.key.getKidAsString(false) } issuerCoseKey = com.sphereon.crypto.cose.CoseKeyCbor.Static.fromDTO(coseKeyInfo.key) } const issuerCoseKeyInfo = new KeyInfo( kid, issuerCoseKey, coseKeyInfo.opts, coseKeyInfo.keyVisibility, issuerCoseKey.getSignatureAlgorithm() ?? coseKeyInfo.signatureAlgorithm, x5c, coseKeyInfo.kmsKeyRef, coseKeyInfo.kms, coseKeyInfo.keyType ?? issuerCoseKey.getKty(), ) const recalculatedToBeSigned = input.toBeSignedJson(issuerCoseKeyInfo, SignatureAlgorithm.Static.fromCose(coseAlg)) const key = CoseJoseKeyMappingService.toJoseJwk(issuerCoseKeyInfo.key!).toJsonDTO() const valid = await verifyRawSignature({ data: fromString(recalculatedToBeSigned.base64UrlValue, 'base64url'), signature: fromString(sign1Json.signature, 'base64url'), key, }) return { name: 'mdoc', critical: true, error: !valid, message: `Signature of '${issuerCert ? getSubjectDN(issuerCert).DN : kid}' was ${valid ? '' : 'in'}valid`, keyInfo: issuerCoseKeyInfo, } satisfies com.sphereon.crypto.generic.IVerifySignatureResult } resolvePublicKeyAsync( keyInfo: com.sphereon.crypto.IKeyInfo, ): Promise> { if (keyInfo.key) { return Promise.resolve(CoseJoseKeyMappingService.toResolvedKeyInfo(keyInfo, keyInfo.key)) } return Promise.reject(Error('No key present in keyInfo. This implementation cannot resolve public keys on its own currently!')) } } /** * This class can be used for X509 validations. * Either have an instance per trustedCerts and verification invocation or use a single instance and provide the trusted certs in the method argument * * The class is also registered with the low-level mDL/mdoc Kotlin Multiplatform library * Next to the specific function for the library it exports a more powerful version of the same verification method as well */ export class X509CallbackService implements IX509ServiceJS { private _trustedCerts?: Array constructor(trustedCerts?: Array) { this.setTrustedCerts(trustedCerts) } /** * A more powerful version of the method below. Allows to verify at a specific time and returns more information * @param chain * @param trustAnchors * @param verificationTime */ async verifyCertificateChain({ chain, trustAnchors = this.getTrustedCerts(), verificationTime, opts, }: VerifyCertificateChainArgs): Promise { return await validateX509CertificateChain({ chain, trustAnchors, verificationTime, opts, }) } /** * This method is the implementation used within the mDL/Mdoc library */ async verifyCertificateChainJS( chainDER: Nullable, chainPEM: Nullable, trustedCerts: Nullable, verificationProfile?: X509VerificationProfile | undefined, verificationTime?: Nullable, ): Promise> { const verificationAt = verificationTime ?? DateTimeUtils.Static.DEFAULT.dateTimeLocal() let chain: Array = [] if (chainDER && chainDER.length > 0) { chain = chainDER.map((der) => Uint8Array.from(der)) } if (chainPEM && chainPEM.length > 0) { chain = (chain ?? []).concat(chainPEM) } const result = await validateX509CertificateChain({ chain: chain, // The function will handle an empty array trustAnchors: trustedCerts ?? this.getTrustedCerts(), verificationTime: new Date(verificationAt.toEpochSeconds().toULong() * 1000), opts: { trustRootWhenNoAnchors: true }, }) const cert: CertificateInfo | undefined = result.certificateChain ? result.certificateChain[result.certificateChain.length - 1] : undefined return { publicKey: cert?.publicKeyJWK as KeyType, // fixme publicKeyAlgorithm: cert?.publicKeyJWK?.alg, name: 'x.509', critical: result.critical, message: result.message, error: result.error, verificationTime: verificationAt, } satisfies com.sphereon.crypto.IX509VerificationResult } setTrustedCerts = (trustedCertsInPEM?: Array) => { this._trustedCerts = trustedCertsInPEM?.map((cert) => { if (cert.includes('CERTIFICATE')) { // PEM return cert } return derToPEM(cert) }) } getTrustedCerts = () => this._trustedCerts } const defaultCryptoEngine = () => { // @ts-ignore if (typeof self !== 'undefined') { // @ts-ignore if ('crypto' in self) { let engineName = 'webcrypto' // @ts-ignore if ('webkitSubtle' in self.crypto) { engineName = 'safari' } // @ts-ignore setEngine(engineName, new CryptoEngine({ name: engineName, crypto: crypto })) } } else if (typeof crypto !== 'undefined' && 'webcrypto' in crypto) { const name = 'NodeJS ^15' const nodeCrypto = crypto.webcrypto // @ts-ignore setEngine(name, new CryptoEngine({ name, crypto: nodeCrypto })) } else { // @ts-ignore const name = 'crypto' setEngine(name, new CryptoEngine({ name, crypto: globalCrypto(false) })) } } defaultCryptoEngine() // We register the services with the mDL/mdoc library. Please note that the context is not passed in, meaning we cannot sign by default. DefaultCallbacks.setCoseCryptoDefault(new CoseCryptoService()) DefaultCallbacks.setX509Default(new X509CallbackService())