/* * mxisd - Matrix Identity Server Daemon * Copyright (C) 2019 Kamax Sàrl * * https://www.kamax.io/ * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU Affero General Public License as * published by the Free Software Foundation, either version 3 of the * License, or (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU Affero General Public License for more details. * * You should have received a copy of the GNU Affero General Public License * along with this program. If not, see . */ package io.kamax.mxisd.crypto; import com.google.gson.JsonElement; import com.google.gson.JsonObject; import io.kamax.matrix.event.EventKey; import io.kamax.matrix.json.MatrixJson; import java.nio.charset.StandardCharsets; import java.security.PublicKey; import java.util.Objects; public interface SignatureManager { /** * Sign the message with the default domain and add the signature to the signatures key. *

* If the key does not exist yet, it is created. If the key exist, the produced signature will be merged with any * existing ones. * * @param message The message to sign with the default domain and add the produced signature to * @return The provided message with the new signature * @throws IllegalArgumentException If the signatures key exists and its value is not a JSON object */ JsonObject signMessageGson(JsonObject message) throws IllegalArgumentException; /** * Sign the message and add the signature to the signatures key. *

* If the key does not exist yet, it is created. If the key exist, the produced signature will be merged with any * existing ones. * * @param domain The domain under which the signature should be added * @param message The message to sign and add the produced signature to * @return The provided message with the new signature * @throws IllegalArgumentException If the signatures key exists and its value is not a JSON object */ default JsonObject signMessageGson(String domain, JsonObject message) throws IllegalArgumentException { JsonElement signEl = message.remove(EventKey.Signatures.get()); JsonObject oldSigns = new JsonObject(); if (!Objects.isNull(signEl)) { if (!signEl.isJsonObject()) { throw new IllegalArgumentException("Message contains a signatures key that is not a JSON object value"); } oldSigns = signEl.getAsJsonObject(); } JsonObject newSigns = signMessageGson(domain, MatrixJson.encodeCanonical(message)); oldSigns.entrySet().forEach(entry -> newSigns.add(entry.getKey(), entry.getValue())); message.add(EventKey.Signatures.get(), newSigns); return message; } /** * Sign the message and produce a signatures object that can directly be added to the object being signed. * * @param domain The domain under which the signature should be added * @param message The message to sign * @return The signatures object */ JsonObject signMessageGson(String domain, String message); /** * Sign the canonical form of a JSON object. * * @param obj The JSON object to canonicalize and sign * @return The signature */ Signature sign(JsonObject obj); /** * Sign the message, using UTF-8 as decoding character set. * * @param message The UTF-8 encoded message * @return The signature */ default Signature sign(String message) { return sign(message.getBytes(StandardCharsets.UTF_8)); } /** * Sign the data. * * @param data The data to sign * @return The signature */ Signature sign(byte[] data); /** * Verify the data. * * @param publicKey public key to verify * @param signature signature to verify * @param data the data to verify * @return {@code true} if signature is valid, else {@code false} */ boolean verify(PublicKey publicKey, String signature, byte[] data); }