In order to push the jar file to our maven repository, I ran added a maven configuration file to
java/canonicalizer/dist
and from there, you can run
mvn deploy:deploy-file -Dfile=./json-canonicalizer.jar -DgroupId=com.github.cyberphone -DartifactId=json-canonicalizer -Dversion=1.0.0 -Dpackaging=jar -Durl="scp://[email protected]/srv/volumes/maven/app/mavenrepo"
substituting the version that you tagged into the appropriate command line option.
Cryptographic operations like hashing and signing depend on that the target
data does not change during serialization, transport, or parsing.
By applying the rules defined by JCS (JSON Canonicalization Scheme),
data provided in the JSON [RFC8259]
format can be exchanged "as is", while still being subject to secure cryptographic operations.
JCS achieves this by building on the serialization formats for JSON
primitives as defined by ECMAScript [ES6],
constraining JSON data to the
I-JSON [RFC7493] subset,
and through a platform independent property sorting scheme.
Working document: https://cyberphone.github.io/ietf-json-canon
Published IETF Draft: https://tools.ietf.org/html/draft-rundgren-json-canonicalization-scheme-05
The JSON Canonicalization Scheme concept in a nutshell:
- Serialization of primitive JSON data types using methods compatible with ECMAScript's
JSON.stringify()
- Lexicographic sorting of JSON
Object
properties in a recursive process - JSON
Array
data is also subject to canonicalization, but element order remains untouched
{
"numbers": [333333333.33333329, 1E30, 4.50, 2e-3, 0.000000000000000000000000001],
"string": "\u20ac$\u000F\u000aA'\u0042\u0022\u005c\\\"\/",
"literals": [null, true, false]
}
{"literals":[null,true,false],"numbers":[333333333.3333333,1e+30,4.5,0.002,1e-27],"string":"€$\u000f\nA'B\"\\\\\"/"}
Note: for platform interoperable canonicalization, the output must be converted to UTF-8 as well, here shown in hexadecimal notation:
7b 22 6c 69 74 65 72 61 6c 73 22 3a 5b 6e 75 6c 6c 2c 74 72 75 65 2c 66 61 6c 73 65 5d 2c 22 6e
75 6d 62 65 72 73 22 3a 5b 33 33 33 33 33 33 33 33 33 2e 33 33 33 33 33 33 33 2c 31 65 2b 33 30
2c 34 2e 35 2c 30 2e 30 30 32 2c 31 65 2d 32 37 5d 2c 22 73 74 72 69 6e 67 22 3a 22 e2 82 ac 24
5c 75 30 30 30 66 5c 6e 41 27 42 5c 22 5c 5c 5c 5c 5c 22 2f 22 7d
https://cyberphone.github.io/doc/security/browser-json-canonicalization.html
https://tools.ietf.org/html/draft-staykov-hu-json-canonical-form-00
http://wiki.laptop.org/go/Canonical_JSON
https://gibson042.github.io/canonicaljson-spec/
https://gist.github.com/mikesamuel/20710f94a53e440691f04bf79bc3d756