From e5fa044f10217202b43cdf6f36e526646cd1c557 Mon Sep 17 00:00:00 2001
From: Misha Sizov <mykhailo.sizov@securekey.com>
Date: Thu, 5 Dec 2024 17:02:51 +0200
Subject: [PATCH] feat: add ability to pass WithMessageDigestAlgorithm to
 canonization algo

Signed-off-by: Misha Sizov <mykhailo.sizov@securekey.com>
---
 doc/ld/processor/processor.go                 | 23 +++++++++++++++----
 doc/ld/processor/processor_test.go            | 11 ++++++++-
 .../canonized_json_credential_2_sha384.nq     | 10 ++++++++
 go.mod                                        |  2 +-
 go.sum                                        |  4 ++--
 5 files changed, 41 insertions(+), 9 deletions(-)
 create mode 100644 doc/ld/processor/testdata/canonized_json_credential_2_sha384.nq

diff --git a/doc/ld/processor/processor.go b/doc/ld/processor/processor.go
index 4dc0f34..f23b232 100644
--- a/doc/ld/processor/processor.go
+++ b/doc/ld/processor/processor.go
@@ -37,11 +37,12 @@ var ErrInvalidRDFFound = errors.New("invalid JSON-LD context")
 
 // processorOpts holds options for canonicalization of JSON LD docs.
 type processorOpts struct {
-	removeInvalidRDF bool
-	frameBlankNodes  bool
-	validateRDF      bool
-	documentLoader   ld.DocumentLoader
-	externalContexts []string
+	removeInvalidRDF       bool
+	frameBlankNodes        bool
+	validateRDF            bool
+	documentLoader         ld.DocumentLoader
+	externalContexts       []string
+	messageDigestAlgorithm ld.MessageDigestAlgorithm
 }
 
 // Opts are the options for JSON LD operations on docs (like canonicalization or compacting).
@@ -84,6 +85,14 @@ func WithValidateRDF() Opts {
 	}
 }
 
+// WithMessageDigestAlgorithm option is for defining another
+// message digest algorithm than default ld.MessageDigestAlgorithmSHA256.
+func WithMessageDigestAlgorithm(mda ld.MessageDigestAlgorithm) Opts {
+	return func(opts *processorOpts) {
+		opts.messageDigestAlgorithm = mda
+	}
+}
+
 // Processor is JSON-LD processor for aries.
 // processing mode JSON-LD 1.0 {RFC: https://www.w3.org/TR/2014/REC-json-ld-20140116}
 type Processor struct {
@@ -119,6 +128,10 @@ func (p *Processor) GetCanonicalDocument(doc map[string]interface{}, opts ...Opt
 		doc["@context"] = AppendExternalContexts(doc["@context"], procOptions.externalContexts...)
 	}
 
+	if procOptions.messageDigestAlgorithm != "" {
+		ldOptions.MessageDigestAlgorithm = procOptions.messageDigestAlgorithm
+	}
+
 	proc := ld.NewJsonLdProcessor()
 
 	view, err := proc.Normalize(doc, ldOptions)
diff --git a/doc/ld/processor/processor_test.go b/doc/ld/processor/processor_test.go
index 3375133..47977f1 100644
--- a/doc/ld/processor/processor_test.go
+++ b/doc/ld/processor/processor_test.go
@@ -12,6 +12,7 @@ import (
 	"log"
 	"testing"
 
+	"github.com/piprate/json-gold/ld"
 	"github.com/stretchr/testify/require"
 
 	ldcontext "github.com/trustbloc/did-go/doc/ld/context"
@@ -124,10 +125,16 @@ func TestGetCanonicalDocument(t *testing.T) {
 				opts:   []processor.Opts{processor.WithRemoveAllInvalidRDF()},
 			},
 			{
-				name:   "canonizing sample VC document with proper context 2",
+				name:   "canonizing sample VC document with proper context 2, default hash algo sha256",
 				doc:    vcWithProperContexts2,
 				result: canonizedJSONCredential2,
 			},
+			{
+				name:   "canonizing sample VC document with proper context 2, hash algo sha384",
+				doc:    vcWithProperContexts2,
+				opts:   []processor.Opts{processor.WithMessageDigestAlgorithm(ld.MessageDigestAlgorithmSHA384)},
+				result: canonizedJSONCredential2SHA384,
+			},
 			{
 				name:   "canonizing sample VC document with proper context 2 but remove all invalid RDF",
 				doc:    vcWithProperContexts2,
@@ -525,6 +532,8 @@ var (
 	canonizedJSONCredential string
 	//go:embed testdata/canonized_json_credential_2.nq
 	canonizedJSONCredential2 string
+	//go:embed testdata/canonized_json_credential_2_sha384.nq
+	canonizedJSONCredential2SHA384 string
 	//go:embed testdata/canonized_json_credential_filtered.nq
 	canonizedJSONCredentialFiltered string
 	//go:embed testdata/canonized_json_credential_not_filtered.nq
diff --git a/doc/ld/processor/testdata/canonized_json_credential_2_sha384.nq b/doc/ld/processor/testdata/canonized_json_credential_2_sha384.nq
new file mode 100644
index 0000000..f793e17
--- /dev/null
+++ b/doc/ld/processor/testdata/canonized_json_credential_2_sha384.nq
@@ -0,0 +1,10 @@
+<http://www.example.org/foo/documents/a3480d17-df7f-449f-9480-e2c35e20a865> <https://w3id.org/security#allowedAction> "read" .
+<http://www.example.org/foo/documents/a3480d17-df7f-449f-9480-e2c35e20a865> <https://w3id.org/security#allowedAction> "write" .
+<http://www.example.org/foo/documents/a3480d17-df7f-449f-9480-e2c35e20a865> <https://w3id.org/security#invocationTarget> _:c14n1 .
+<http://www.example.org/foo/documents/a3480d17-df7f-449f-9480-e2c35e20a865> <https://w3id.org/security#proof> _:c14n0 .
+_:c14n2 <http://purl.org/dc/terms/created> "2020-12-04T15:28:14.673975717-05:00"^^<http://www.w3.org/2001/XMLSchema#dateTime> _:c14n0 .
+_:c14n2 <http://www.w3.org/1999/02/22-rdf-syntax-ns#type> <https://w3id.org/security#Ed25519Signature2018> _:c14n0 .
+_:c14n2 <https://w3id.org/security#jws> "eyJhbGciOiJFZERTQSIsImI2NCI6ZmFsc2UsImNyaXQiOlsiYjY0Il19..6OfIULug35ZmoU7lysChVpD6sjYfV71UwxqIZ8u0woYSIzRtzCo3MsZJw6cGIZMEaMssnQyRqIzo8B0yHEL2Dw" _:c14n0 .
+_:c14n2 <https://w3id.org/security#nonce> "da7CcJahAdFG0GXN-JnS2f2mywcFNtaLyXtGVqku2DwVwUaJbGpUQjhlNi5kDbS4ZMi2cNhEN5ac6LponS-C9w" _:c14n0 .
+_:c14n2 <https://w3id.org/security#proofPurpose> <https://w3id.org/security#capabilityDelegationMethod> _:c14n0 .
+_:c14n2 <https://w3id.org/security#verificationMethod> <did:key:z6MkmkFTTczYKzU94t45sG65iZi2HA21tAU9ns8bXSmBEap4#z6MkmkFTTczYKzU94t45sG65iZi2HA21tAU9ns8bXSmBEap4> _:c14n0 .
diff --git a/go.mod b/go.mod
index 8cf1dd5..1bd28a7 100644
--- a/go.mod
+++ b/go.mod
@@ -48,4 +48,4 @@ require (
 	rsc.io/tmplfunc v0.0.3 // indirect
 )
 
-replace github.com/piprate/json-gold v0.5.1-0.20230111113000-6ddbe6e6f19f => github.com/skynet2/json-gold v0.6.0
+replace github.com/piprate/json-gold v0.5.1-0.20230111113000-6ddbe6e6f19f => github.com/trustbloc/json-gold v0.5.2-0.20241206130328-d2135d9f36a8
diff --git a/go.sum b/go.sum
index 029c63a..2469352 100644
--- a/go.sum
+++ b/go.sum
@@ -78,8 +78,6 @@ github.com/pquerna/cachecontrol v0.1.0 h1:yJMy84ti9h/+OEWa752kBTKv4XC30OtVVHYv/8
 github.com/pquerna/cachecontrol v0.1.0/go.mod h1:NrUG3Z7Rdu85UNR3vm7SOsl1nFIeSiQnrHV5K9mBcUI=
 github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M=
 github.com/rogpeppe/go-internal v1.11.0/go.mod h1:ddIwULY96R17DhadqLgMfk9H9tvdUzkipdSkR5nkCZA=
-github.com/skynet2/json-gold v0.6.0 h1:w64ixhVsG7eqJ/R69U1iyq8LtmBmz0gEzBF9os4DxA8=
-github.com/skynet2/json-gold v0.6.0/go.mod h1:RVhE35veDX19r5gfUAR+IYHkAUuPwJO8Ie/qVeFaIzw=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
@@ -89,6 +87,8 @@ github.com/teserakt-io/golang-ed25519 v0.0.0-20210104091850-3888c087a4c8 h1:RBka
 github.com/teserakt-io/golang-ed25519 v0.0.0-20210104091850-3888c087a4c8/go.mod h1:9PdLyPiZIiW3UopXyRnPYyjUXSpiQNHRLu8fOsR3o8M=
 github.com/trustbloc/bbs-signature-go v1.0.2 h1:gepEsbLiZHv/vva9FKG5gF38mGtOIyGez7desZxiI1o=
 github.com/trustbloc/bbs-signature-go v1.0.2/go.mod h1:xYotcXHAbcE0TO+SteW0J6XI3geQaXq4wdnXR2k+XCU=
+github.com/trustbloc/json-gold v0.5.2-0.20241206130328-d2135d9f36a8 h1:DomzdQu7D3CDBsMijT0E9uQl91iFcsIfYq1UKXmI/XQ=
+github.com/trustbloc/json-gold v0.5.2-0.20241206130328-d2135d9f36a8/go.mod h1:RVhE35veDX19r5gfUAR+IYHkAUuPwJO8Ie/qVeFaIzw=
 github.com/trustbloc/kms-go v1.2.0 h1:kM2mkK4vBT7MN18rE6cTEXtrnEo3Uc83F68UKakqeR4=
 github.com/trustbloc/kms-go v1.2.0/go.mod h1:OKOtsLbE6W5s4mpjWkvk8XEqcmt9vTgVmDNkHELpWO0=
 github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=