feat: sign claims and add entity attributes

Author: mrinalwadhwa

claim/claim.go

@@ -1,9 +1,9 @@
 package claim
 
 import (
-	"encoding/hex"
 	"encoding/json"
 	"strings"
+	"time"
 
 	"github.com/ockam-network/ockam"
 	"github.com/ockam-network/ockam/random"
@@ -14,10 +14,13 @@ type Data map[string]interface{}
 
 // Claim is
 type Claim struct {
-	id      string
-	data    Data
-	issuer  ockam.Entity
-	subject ockam.Entity
+	nonce      string
+	id         string
+	data       Data
+	_type      string
+	issuer     ockam.Entity
+	subject    ockam.Entity
+	signatures []ockam.Signature
 }
 
 // Option is
@@ -31,15 +34,16 @@ func New(data Data, options ...Option) (*Claim, error) {
 		option(c)
 	}
 
-	s, err := random.GenerateAlphaNumericString(31)
+	nonce, err := random.GenerateAlphaNumericString(10)
 	if err != nil {
 		return nil, err
 	}
+	c.nonce = nonce
 
 	if c.issuer != nil {
-		c.id = c.issuer.ID().String() + "/claim/" + s
+		c.id = c.issuer.ID().String() + "/claim/" + nonce
 	} else {
-		c.id = s
+		c.id = nonce
 	}
 
 	return c, nil
@@ -52,6 +56,13 @@ func ID(id string) Option {
 	}
 }
 
+// Type is
+func Type(t string) Option {
+	return func(c *Claim) {
+		c._type = t
+	}
+}
+
 // Issuer is
 func Issuer(e ockam.Entity) Option {
 	return func(c *Claim) {
@@ -71,9 +82,19 @@ func (c *Claim) ID() string {
 	return c.id
 }
 
-// SetID sets the claim's ID
-func (c *Claim) SetID(id string) {
-	c.id = id
+// Nonce returns the claim's Nonce
+func (c *Claim) Nonce() string {
+	return c.nonce
+}
+
+// Type returns the claim's Type
+func (c *Claim) Type() string {
+	return c._type
+}
+
+// SetType sets the claim's Type
+func (c *Claim) SetType(t string) {
+	c._type = t
 }
 
 // Issuer returns the claim's Issuer entity
@@ -119,15 +140,44 @@ func (c *Claim) Signatures() []ockam.Signature {
 }
 
 // AddSignature is
-func (c *Claim) AddSignature(ockam.Signature) {
-}
+func (c *Claim) AddSignature(s ockam.Signature) {
+	c.signatures = append(c.signatures, s)
+}
+
+// MarshalJSON is
+func (c *Claim) MarshalJSON() ([]byte, error) {
+	type j struct {
+		Context    []string                 `json:"@context"`
+		ID         string                   `json:"id"`
+		Type       []string                 `json:"type"`
+		Issuer     string                   `json:"issuer"`
+		Issued     string                   `json:"issued"`
+		Claim      map[string]interface{}   `json:"claim"`
+		Signatures []map[string]interface{} `json:"signatures,omitempty"`
+	}
 
-// MarshalBinary is
-func (c Claim) MarshalBinary() ([]byte, error) {
-	b, err := json.Marshal(c.data)
-	if err != nil {
-		return nil, err
+	vc := &j{
+		Context: []string{"https://w3id.org/identity/v1", "https://w3id.org/security/v1"},
+		ID:      c.ID(),
+		Type:    []string{c.Type()},
+		Issuer:  c.Issuer().ID().String(),
+		Issued:  time.Now().UTC().Format("2006-01-02"),
 	}
-	s := hex.EncodeToString(b)
-	return []byte(c.id + "=" + s), nil
+
+	vc.Claim = c.Data()
+	vc.Claim["id"] = c.Subject().ID().String()
+
+	for _, s := range c.signatures {
+		sj := map[string]interface{}{
+			"type":           s.Type(),
+			"created":        s.Created(),
+			"creator":        s.Creator(),
+			"domain":         s.Domain(),
+			"nonce":          s.Nonce(),
+			"signatureValue": s.SignatureValue(),
+		}
+		vc.Signatures = append(vc.Signatures, sj)
+	}
+
+	return json.Marshal(vc)
 }

entity/entity.go

@@ -1,22 +1,28 @@
 package entity
 
 import (
+	"strconv"
+
 	"github.com/ockam-network/did"
 	"github.com/ockam-network/ockam"
 )
 
+// Attributes is
+type Attributes map[string]interface{}
+
 // Entity is
 type Entity struct {
-	id      *did.DID
-	signers []ockam.Signer
+	id         *did.DID
+	signers    []ockam.Signer
+	attributes Attributes
 }
 
 // Option is
 type Option func(*Entity)
 
 // New creates
-func New(options ...Option) (*Entity, error) {
-	e := &Entity{}
+func New(attributes Attributes, options ...Option) (*Entity, error) {
+	e := &Entity{attributes: attributes}
 
 	for _, option := range options {
 		option(e)
@@ -42,6 +48,7 @@ func ID(did *did.DID) Option {
 func Signer(s ockam.Signer) Option {
 	return func(e *Entity) {
 		// s.PublicKey().SetOwner(e)
+		s.PublicKey().SetLabel("#key-" + strconv.Itoa(len(e.signers)+1))
 		e.signers = append(e.signers, s)
 	}
 }
@@ -51,6 +58,11 @@ func (e *Entity) ID() *did.DID {
 	return e.id
 }
 
+// Attributes is
+func (e *Entity) Attributes() map[string]interface{} {
+	return e.attributes
+}
+
 // Signers is
 func (e *Entity) Signers() []ockam.Signer {
 	return e.signers

example/02_register_entity.go

@@ -30,14 +30,21 @@ func main() {
 	exitOnError(err)
 
 	// create a new ockam entity to represent a temperature sensor
-	temperatureSensor, err := entity.New(entity.Signer(signer))
+	temperatureSensor, err := entity.New(
+		entity.Attributes{
+			"name":         "Temperature Sensor",
+			"manufacturer": "Element 14",
+			"model":        "Raspberry Pi 3 Model B+",
+		},
+		entity.Signer(signer),
+	)
 	exitOnError(err)
 
 	// register the ockam
 	registrationClaim, err := ockamChain.Register(temperatureSensor)
 	exitOnError(err)
 
-	fmt.Printf("registrationClaim - %s\n", registrationClaim)
+	fmt.Printf("registrationClaim - %s\n", registrationClaim.ID())
 }
 
 func exitOnError(err error) {

example/03_submit_claim.go

@@ -31,7 +31,10 @@ func main() {
 	exitOnError(err)
 
 	// create a new ockam entity to represent a temperature sensor
-	temperatureSensor, err := entity.New(entity.Signer(signer))
+	temperatureSensor, err := entity.New(
+		entity.Attributes{"name": "Temperature Sensor"},
+		entity.Signer(signer),
+	)
 	exitOnError(err)
 
 	// create a temperature claim with this new sensor entity as both the issuer and the subject of the claim

go.mod

@@ -5,6 +5,7 @@ require (
 	github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf // indirect
 	github.com/mr-tron/base58 v1.1.0
 	github.com/ockam-network/did v0.1.3
+	github.com/piprate/json-gold v0.1.1
 	github.com/pkg/errors v0.8.0
 	golang.org/x/crypto v0.0.0-20190103213133-ff983b9c42bc
 		github.com/tendermint/go-amino v0.14.1

go.sum

@@ -6,8 +6,12 @@ github.com/mr-tron/base58 v1.1.0 h1:Y51FGVJ91WBqCEabAi5OPUz38eAx8DakuAm5svLcsfQ=
 github.com/mr-tron/base58 v1.1.0/go.mod h1:xcD2VGqlgYjBdcBLw+TuYLr8afG+Hj8g2eTVqeSzSU8=
 github.com/ockam-network/did v0.1.3 h1:qJGdccOV4bLfsS/eFM+Aj+CdCRJKNMxbmJevQclw44k=
 github.com/ockam-network/did v0.1.3/go.mod h1:ZsbTIuVGt8OrQEbqWrSztUISN4joeMabdsinbLubbzw=
+github.com/piprate/json-gold v0.1.1 h1:gEWltb371VE5Uo8FBB+CfQIfLmUVPfcvjcPeml2wLbw=
+github.com/piprate/json-gold v0.1.1/go.mod h1:5EEeMX0Gg1CyQxoy4QRhufCfMSCOvcRAaqwkrn6NqqY=
 github.com/pkg/errors v0.8.0 h1:WdK/asTD0HN+q6hsWO3/vpuAkAr+tw6aNJNDFFf0+qw=
 github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/pquerna/cachecontrol v0.0.0-20180517163645-1555304b9b35 h1:J9b7z+QKAmPf4YLrFg6oQUotqHQeUNWwkvo7jZp1GLU=
+github.com/pquerna/cachecontrol v0.0.0-20180517163645-1555304b9b35/go.mod h1:prYjPmNq4d1NPVmpShWobRqXY3q7Vp+80DqgxxUrUIA=
 golang.org/x/crypto v0.0.0-20190103213133-ff983b9c42bc h1:F5tKCVGp+MUAHhKp5MZtGqAlGX3+oCsiL1Q629FL90M=
 golang.org/x/crypto v0.0.0-20190103213133-ff983b9c42bc/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 github.com/tendermint/go-amino v0.14.1 h1:o2WudxNfdLNBwMyl2dqOJxiro5rfrEaU0Ugs6offJMk=

key/ed25519/ed25519.go

@@ -4,13 +4,14 @@ import (
 	"crypto/rand"
 	"crypto/sha512"
 	"encoding/hex"
+	"encoding/json"
 	"hash"
 	"time"
 
 	"github.com/ockam-network/did"
 	"github.com/ockam-network/ockam"
 	"github.com/ockam-network/ockam/entity"
-	"github.com/ockam-network/ockam/random"
+	"github.com/piprate/json-gold/ld"
 	"github.com/pkg/errors"
 	"golang.org/x/crypto/ed25519"
 )
@@ -41,25 +42,41 @@ func (k *Ed25519) PublicKey() ockam.PublicKey {
 
 // Sign is
 func (k *Ed25519) Sign(c ockam.Claim) error {
-	binary, err := c.MarshalBinary()
+	claimJSON, err := c.MarshalJSON()
 	if err != nil {
 		return err
 	}
 
-	k.hasher.Write(binary)
-	signature := ed25519.Sign(k.private, k.hasher.Sum(nil))
+	var claimMap map[string]interface{}
+	err = json.Unmarshal(claimJSON, &claimMap)
+	if err != nil {
+		return errors.WithStack(err)
+	}
+
+	delete(claimMap, "signatures")
+
+	proc := ld.NewJsonLdProcessor()
+	options := ld.NewJsonLdOptions("")
+	options.Format = "application/nquads"
+	options.Algorithm = "URDNA2015"
 
-	nonce, err := random.GenerateBytes(20)
+	canonicalized, err := proc.Normalize(claimMap, options)
 	if err != nil {
-		return err
+		return errors.WithStack(err)
 	}
 
+	toSign := []byte(canonicalized.(string))
+
+	k.hasher.Write(toSign)
+	signature := ed25519.Sign(k.private, k.hasher.Sum(nil))
+
 	s := &Signature{
 		t:              "Ed25519Signature2018",
-		creator:        k.PublicKey(),
-		created:        time.Now(),
-		nonce:          nonce,
+		creator:        c.Issuer().ID().String() + k.PublicKey().Label(),
+		created:        time.Now().UTC().Format(time.RFC3339),
+		nonce:          c.Nonce(),
 		signatureValue: signature,
+		signedValue:    toSign,
 	}
 
 	c.AddSignature(s)

key/ed25519/signature.go

@@ -1,19 +1,14 @@
 package ed25519
 
-import (
-	"time"
-
-	"github.com/ockam-network/ockam"
-)
-
 // Signature is
 type Signature struct {
 	t              string
-	creator        ockam.PublicKey
-	created        time.Time
+	creator        string
+	created        string
 	domain         string
-	nonce          []byte
+	nonce          string
 	signatureValue []byte
+	signedValue    []byte
 }
 
 // Type is
@@ -23,23 +18,23 @@ func (s *Signature) Type() string {
 }
 
 // Creator is
-func (s *Signature) Creator() ockam.PublicKey {
+func (s *Signature) Creator() string {
 	return s.creator
 }
 
 // Created is
-func (s *Signature) Created() time.Time {
+func (s *Signature) Created() string {
 	return s.created
 }
 
 // Domain is
 func (s *Signature) Domain() string {
-	return s.domain
+	return "ockam"
 }
 
 // Nonce is
 // https://web-payments.org/vocabs/security#nonce
-func (s *Signature) Nonce() []byte {
+func (s *Signature) Nonce() string {
 	return s.nonce
 }
 
@@ -48,3 +43,7 @@ func (s *Signature) Nonce() []byte {
 func (s *Signature) SignatureValue() []byte {
 	return s.signatureValue
 }
+
+func (s *Signature) SignedValue() []byte {
+	return s.signedValue
+}