feat: apply canonical JSON Format (#117)

inchori · web-flow · commit a6604c55b61c · 2023-03-20T17:59:59.000+09:00
diff --git a/go.mod b/go.mod
@@ -56,6 +56,7 @@ require (
 	github.com/cosmos/gorocksdb v1.2.0 // indirect
 	github.com/cosmos/iavl v0.19.4 // indirect
 	github.com/cosmos/ledger-cosmos-go v0.12.2 // indirect
+	github.com/cyberphone/json-canonicalization v0.0.0-20220623050100-57a0ce2678a7 // indirect
 	github.com/danieljoos/wincred v1.1.2 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/decred/dcrd/dcrec/secp256k1/v4 v4.1.0 // indirect
diff --git a/go.sum b/go.sum
@@ -146,6 +146,8 @@ github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46t
 github.com/creachadair/taskgroup v0.3.2 h1:zlfutDS+5XG40AOxcHDSThxKzns8Tnr9jnr6VqkYlkM=
 github.com/creack/pty v1.1.11 h1:07n33Z8lZxZ2qwegKbObQohDhXDQxiMMz1NOUGYlesw=
 github.com/creack/pty v1.1.11/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
+github.com/cyberphone/json-canonicalization v0.0.0-20220623050100-57a0ce2678a7 h1:vU+EP9ZuFUCYE0NYLwTSob+3LNEJATzNfP/DC7SWGWI=
+github.com/cyberphone/json-canonicalization v0.0.0-20220623050100-57a0ce2678a7/go.mod h1:uzvlm1mxhHkdfqitSA92i7Se+S9ksOn3a3qmv/kyOCw=
 github.com/cyphar/filepath-securejoin v0.2.3/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4=
 github.com/danieljoos/wincred v1.1.2 h1:QLdCxFs1/Yl4zduvBdcHB8goaYk9RARS2SgLLRuAyr0=
 github.com/danieljoos/wincred v1.1.2/go.mod h1:GijpziifJoIBfYh+S7BbkdUTU4LfM+QnGqR5Vl2tAx0=
diff --git a/server/service/datadeal/json_canononical_test.go b/server/service/datadeal/json_canononical_test.go
@@ -0,0 +1,122 @@
+package datadeal
+
+import (
+	"crypto/sha256"
+	"testing"
+
+	"github.com/cyberphone/json-canonicalization/go/src/webpki.org/jsoncanonicalizer"
+	"github.com/stretchr/testify/require"
+)
+
+func TestCanonicalJSON(t *testing.T) {
+	jsonDataBz := []byte(
+		`
+		{
+			"invalid_key_name": "name",
+			"invalid_key_description": "description",
+			"invalid_key_body": [{ "type": "markdown", "attributes": { "value": "val1" } }]
+		}
+		`)
+
+	// WhiteSpace before "name"
+	jsonDataBzSpace := []byte(
+		`
+		{
+			"invalid_key_name":  "name",
+			"invalid_key_description": "description",
+			"invalid_key_body": [{ "type": "markdown", "attributes": { "value": "val1" } }]
+		}
+		`)
+
+	// WhiteSpace before "}" bracket
+	jsonDataBzBracket := []byte(
+		`
+		{
+			"invalid_key_name": "name",
+			"invalid_key_description": "description",
+			"invalid_key_body": [{ "type": "markdown", "attributes": { "value": "val1" } }]
+		 }
+		`)
+
+	jsonDataBzOrder := []byte(
+		`
+		{
+			"invalid_key_description": "description",
+			"invalid_key_name": "name",
+			"invalid_key_body": [{ "type": "markdown", "attributes": { "value": "val1" } }]
+		}
+		`)
+
+	jsonData, err := jsoncanonicalizer.Transform(jsonDataBz)
+	require.NoError(t, err)
+	dataHash := sha256.Sum256(jsonData)
+
+	jsonDataSpace, err := jsoncanonicalizer.Transform(jsonDataBzSpace)
+	require.NoError(t, err)
+	dataHashSpace := sha256.Sum256(jsonDataSpace)
+
+	jsonDataOrder, err := jsoncanonicalizer.Transform(jsonDataBzOrder)
+	require.NoError(t, err)
+	dataHashOrder := sha256.Sum256(jsonDataOrder)
+
+	jsonDataBracket, err := jsoncanonicalizer.Transform(jsonDataBzBracket)
+	require.NoError(t, err)
+	dataHashBracket := sha256.Sum256(jsonDataBracket)
+
+	require.Equal(t, dataHash, dataHashOrder)
+	require.Equal(t, dataHash, dataHashSpace)
+	require.Equal(t, dataHashOrder, dataHashSpace)
+	require.Equal(t, dataHash, dataHashBracket)
+}
+
+func TestCanonicalJSON_DataHash_Not_Equal(t *testing.T) {
+	jsonDataBz := []byte(
+		`
+		{
+			"invalid_key_name": "name",
+			"invalid_key_description": "description",
+			"invalid_key_body": [{ "type": "markdown", "attributes": { "value": "val1" } }]
+		}
+		`)
+
+	// WhiteSpace before "name"
+	jsonDataBzSpace := []byte(
+		`
+		{
+			"invalid_key_name":  "name",
+			"invalid_key_description": "description",
+			"invalid_key_body": [{ "type": "markdown", "attributes": { "value": "val1" } }]
+		}
+		`)
+
+	// WhiteSpace before "}" bracket
+	jsonDataBzBracket := []byte(
+		`
+		{
+			"invalid_key_name": "name",
+			"invalid_key_description": "description",
+			"invalid_key_body": [{ "type": "markdown", "attributes": { "value": "val1" } }]
+		 }
+		`)
+
+	jsonDataBzOrder := []byte(
+		`
+		{
+			"invalid_key_description": "description",
+			"invalid_key_name": "name",
+			"invalid_key_body": [{ "type": "markdown", "attributes": { "value": "val1" } }]
+		}
+		`)
+
+	jsonData, err := jsoncanonicalizer.Transform(jsonDataBz)
+	require.NoError(t, err)
+	dataHash := sha256.Sum256(jsonData)
+
+	dataHashSpace := sha256.Sum256(jsonDataBzSpace)
+	dataHashBracket := sha256.Sum256(jsonDataBzBracket)
+	dataHashOrder := sha256.Sum256(jsonDataBzOrder)
+
+	require.NotEqual(t, dataHash, dataHashSpace)
+	require.NotEqual(t, dataHash, dataHashBracket)
+	require.NotEqual(t, dataHash, dataHashOrder)
+}
diff --git a/server/service/datadeal/service_data_validation.go b/server/service/datadeal/service_data_validation.go
@@ -8,6 +8,7 @@ import (
 	"github.com/medibloc/vc-sdk/pkg/vdr"
 
 	"github.com/btcsuite/btcd/btcec"
+	"github.com/cyberphone/json-canonicalization/go/src/webpki.org/jsoncanonicalizer"
 	"github.com/gogo/protobuf/proto"
 	datadealtypes "github.com/medibloc/panacea-core/v2/x/datadeal/types"
 	"github.com/medibloc/panacea-oracle/crypto"
@@ -81,8 +82,14 @@ func (s *dataDealServiceServer) ValidateData(ctx context.Context, req *datadeal.
 		return nil, fmt.Errorf("failed to decrypt data")
 	}
 
+	decryptedDataBz, err := jsoncanonicalizer.Transform(decryptedData)
+	if err != nil {
+		log.Debugf("invalid JSON format: %s", err.Error())
+		return nil, fmt.Errorf("invalid JSON format")
+	}
+
 	// Validate data hash
-	dataHashBz := crypto.KDFSHA256(decryptedData)
+	dataHashBz := crypto.KDFSHA256(decryptedDataBz)
 	dataHash := hex.EncodeToString(dataHashBz)
 
 	if req.DataHash != dataHash {
diff --git a/server/service/datadeal/service_data_validation_test.go b/server/service/datadeal/service_data_validation_test.go
@@ -11,6 +11,7 @@ import (
 	cryptotypes "github.com/cosmos/cosmos-sdk/crypto/types"
 	sdk "github.com/cosmos/cosmos-sdk/types"
 	authtypes "github.com/cosmos/cosmos-sdk/x/auth/types"
+	"github.com/cyberphone/json-canonicalization/go/src/webpki.org/jsoncanonicalizer"
 	datadealtypes "github.com/medibloc/panacea-core/v2/x/datadeal/types"
 	"github.com/medibloc/panacea-oracle/crypto"
 	"github.com/medibloc/panacea-oracle/mocks"
@@ -77,7 +78,9 @@ func (suite *dataDealServiceServerTestSuite) TestValidateDataSuccess() {
 	encryptedData, err := crypto.Encrypt(sharedKey, nil, jsonDataBz)
 	suite.Require().NoError(err)
 
-	dataHash := sha256.Sum256(jsonDataBz)
+	jsonData, err := jsoncanonicalizer.Transform(jsonDataBz)
+	suite.Require().NoError(err)
+	dataHash := sha256.Sum256(jsonData)
 
 	req := &datadeal.ValidateDataRequest{
 		DealId:          1,
@@ -294,7 +297,9 @@ func (suite *dataDealServiceServerTestSuite) TestValidateDataInvalidJSONSchema()
 	encryptedData, err := crypto.Encrypt(sharedKey, nil, jsonDataBz)
 	suite.Require().NoError(err)
 
-	dataHash := sha256.Sum256(jsonDataBz)
+	jsonData, err := jsoncanonicalizer.Transform(jsonDataBz)
+	suite.Require().NoError(err)
+	dataHash := sha256.Sum256(jsonData)
 
 	req := &datadeal.ValidateDataRequest{
 		DealId:          1,
