frostfs-sdk-java/client/src/main/java/info/FrostFS/sdk/tools/Verifier.java

package info.FrostFS.sdk.tools;

import com.google.protobuf.Message;
import frostFS.session.Types;
import info.FrostFS.sdk.mappers.StatusMapper;
import org.apache.commons.codec.digest.DigestUtils;
import org.bouncycastle.asn1.sec.SECNamedCurves;
import org.bouncycastle.asn1.sec.SECObjectIdentifiers;
import org.bouncycastle.crypto.params.ECDomainParameters;
import org.bouncycastle.crypto.params.ECPublicKeyParameters;
import org.bouncycastle.crypto.signers.ECDSASigner;
import org.bouncycastle.crypto.signers.HMacDSAKCalculator;

import java.math.BigInteger;
import java.security.PublicKey;
import java.security.Signature;
import java.util.Arrays;

import static info.FrostFS.sdk.KeyExtension.getPublicKeyFromBytes;
import static info.FrostFS.sdk.constants.CryptoConst.SIGNATURE_ALGORITHM;
import static info.FrostFS.sdk.constants.FieldConst.*;
import static info.FrostFS.sdk.tools.MessageHelper.getField;
import static java.util.Objects.isNull;
import static org.bouncycastle.crypto.util.DigestFactory.createSHA256;
import static org.bouncycastle.util.BigIntegers.fromUnsignedByteArray;

public class Verifier {
    public static final String ERROR_WRONG_SIG_SIZE_TEMPLATE = "Wrong signature size. Expected length=%s, actual=%s";
    public static final String ERROR_INVALID_RESPONSE = "Invalid response";
    public static final int RFC6979_SIG_SIZE = 64;

    public static boolean verifyRFC6979(frostFS.refs.Types.SignatureRFC6979 signature, Message data) {
        return verifyRFC6979(signature.getKey().toByteArray(), data.toByteArray(), signature.getSign().toByteArray());
    }

    public static boolean verifyRFC6979(byte[] publicKey, byte[] data, byte[] sig) {
        if (isNull(publicKey) || isNull(data) || isNull(sig)) return false;

        var rs = decodeSignature(sig);
        var digest = createSHA256();
        var signer = new ECDSASigner(new HMacDSAKCalculator(digest));
        var secp256R1 = SECNamedCurves.getByOID(SECObjectIdentifiers.secp256r1);
        var ecParameters = new ECDomainParameters(secp256R1.getCurve(), secp256R1.getG(), secp256R1.getN());
        var ecPublicKey = new ECPublicKeyParameters(secp256R1.getCurve().decodePoint(publicKey), ecParameters);
        var hash = new byte[digest.getDigestSize()];
        digest.update(data, 0, data.length);
        digest.doFinal(hash, 0);
        signer.init(false, ecPublicKey);
        return signer.verifySignature(hash, rs[0], rs[1]);
    }

    private static BigInteger[] decodeSignature(byte[] sig) {
        if (sig.length != RFC6979_SIG_SIZE) {
            throw new IllegalArgumentException(
                    String.format(ERROR_WRONG_SIG_SIZE_TEMPLATE, RFC6979_SIG_SIZE, sig.length)
            );
        }

        var rs = new BigInteger[2];

        rs[0] = fromUnsignedByteArray(Arrays.copyOfRange(sig, 0, (RFC6979_SIG_SIZE / 2) - 1));
        rs[1] = fromUnsignedByteArray(Arrays.copyOfRange(sig, RFC6979_SIG_SIZE / 2, RFC6979_SIG_SIZE - 1));
        return rs;
    }

    public static void checkResponse(Message response) {
        if (!verify(response)) {
            throw new IllegalArgumentException(ERROR_INVALID_RESPONSE);
        }

        var metaHeader = (Types.ResponseMetaHeader) getField(response, META_HEADER_FIELD_NAME);
        var status = StatusMapper.toModel(metaHeader.getStatus());
        if (!status.isSuccess()) {
            throw new IllegalArgumentException(status.toString());
        }
    }

    public static boolean verify(Message response) {
        var body = getField(response, BODY_FIELD_NAME);
        var metaHeader = (Types.ResponseMetaHeader) getField(response, META_HEADER_FIELD_NAME);
        var verifyHeader = (Types.ResponseVerificationHeader) getField(response, VERIFY_HEADER_FIELD_NAME);

        return verifyMatryoshkaLevel(body, metaHeader, verifyHeader);
    }

    public static boolean verifyMatryoshkaLevel(Message data,
                                                frostFS.session.Types.ResponseMetaHeader meta,
                                                frostFS.session.Types.ResponseVerificationHeader verification) {
        if (!verifyMessagePart(verification.getMetaSignature(), meta)) return false;
        var origin = verification.getOrigin();
        if (!verifyMessagePart(verification.getOriginSignature(), origin)) return false;
        if (origin.getSerializedSize() == 0) {
            return verifyMessagePart(verification.getBodySignature(), data);
        }
        return verification.getBodySignature().getSerializedSize() == 0
                && verifyMatryoshkaLevel(data, meta.getOrigin(), origin);
    }

    public static boolean verifyMessagePart(frostFS.refs.Types.Signature sig, Message data) {
        if (sig.getSerializedSize() == 0 || sig.getKey().isEmpty() || sig.getSign().isEmpty()) return false;

        var publicKey = getPublicKeyFromBytes(sig.getKey().toByteArray());

        var data2Verify = data.getSerializedSize() == 0 ? new byte[]{} : data.toByteArray();
        return verifyData(publicKey, data2Verify, sig.getSign().toByteArray());
    }

    public static boolean verifyData(PublicKey publicKey, byte[] data, byte[] sig) {
        try {
            Signature signature = Signature.getInstance(SIGNATURE_ALGORITHM);
            signature.initVerify(publicKey);
            signature.update(DigestUtils.sha512(data));
            return signature.verify(Arrays.copyOfRange(sig, 1, sig.length));
        } catch (Exception exp) {
            throw new RuntimeException(exp);
        }
    }
}