feat: complete revocation in Rust and Java SDKs

feat: complete revocation in Rust and Java SDKs

Author: rmhrisk

java/src/main/java/com/peculiarventures/mtaqr/issuer/Issuer.java

@@ -1,6 +1,7 @@
 package com.peculiarventures.mtaqr.issuer;
 
 import com.fasterxml.jackson.databind.ObjectMapper;
+import com.peculiarventures.mtaqr.cascade.Cascade;
 import com.peculiarventures.mtaqr.signing.Signer;
 import com.peculiarventures.mtaqr.trust.TrustConfig;
 
@@ -107,6 +108,8 @@ private record WitnessCosig(byte[] keyId, long timestamp, byte[] signature) {}
     private List<Batch>      batches      = new ArrayList<>();
     private List<LogEntry>   currentBatch = new ArrayList<>();
     private SignedCheckpoint latestCkpt;
+    private final Set<Long>  revokedIndices = new HashSet<>();
+    private volatile String  latestRevArtifact;
 
     private Issuer(String origin, long schemaId, int mode, int batchSize, int witnessCount, Signer signer) {
         this.origin       = origin;
@@ -191,6 +194,7 @@ public String trustConfigJson(String checkpointUrl) {
                     Map.entry("sig_alg",            signer.getAlg()),
                     Map.entry("witness_quorum",     witnesses.size()),
                     Map.entry("checkpoint_url",     checkpointUrl),
+                    Map.entry("revocation_url",    revocationUrlFrom(checkpointUrl)),
                     Map.entry("batch_size",         batchSize),
                     Map.entry("witnesses",          wList)
                 ));
@@ -278,6 +282,7 @@ private CompletableFuture<Void> publishCheckpoint() {
             }
             synchronized (lock) {
                 latestCkpt = new SignedCheckpoint(treeSize, parentRoot, body, issuerSig, cosigs);
+                latestRevArtifact = buildRevocationArtifact(treeSize);
             }
         });
     }
@@ -330,6 +335,69 @@ public static byte[] encodeTbsForTest(long issuedAt, long expiresAt, long schema
         return encodeTbsStatic(issuedAt, expiresAt, schemaId, claims);
     }
 
+    public void revoke(long entryIndex) {
+        synchronized (lock) {
+            if (entryIndex == 0)
+                throw new IllegalArgumentException("entry_index=0 is the null entry");
+            if (entryIndex >= totalEntriesLocked())
+                throw new IllegalArgumentException("entry_index " + entryIndex + " not yet issued");
+            revokedIndices.add(entryIndex);
+            if (latestCkpt != null)
+                latestRevArtifact = buildRevocationArtifact(latestCkpt.treeSize());
+        }
+    }
+
+    public String revocationArtifact() { return latestRevArtifact; }
+
+    private static String revocationUrlFrom(String checkpointUrl) {
+        return checkpointUrl.endsWith("/checkpoint")
+            ? checkpointUrl.substring(0, checkpointUrl.length() - 11) + "/revoked"
+            : checkpointUrl.replace("checkpoint", "revoked");
+    }
+
+    private String buildRevocationArtifact(long treeSize) {
+        long now = Instant.now().getEpochSecond();
+        List<Long> revoked = new ArrayList<>(), valid = new ArrayList<>();
+        List<LogEntry> all = new ArrayList<>();
+        synchronized (lock) {
+            for (Batch b : batches) all.addAll(b.entries());
+            all.addAll(currentBatch);
+        }
+        for (LogEntry e : all) {
+            if (e.index() == 0) continue;
+            if (revokedIndices.contains(e.index())) { revoked.add(e.index()); continue; }
+            long exp = entryExpiryTimestamp(e.tbs());
+            if (exp > 0 && exp < now) continue;
+            valid.add(e.index());
+        }
+        long[] r = revoked.stream().mapToLong(Long::longValue).toArray();
+        long[] v = valid.stream().mapToLong(Long::longValue).toArray();
+        Cascade casc = Cascade.build(r, v);
+        String cascB64 = Base64.getEncoder().encodeToString(casc.encode());
+        String body = origin + "\n" + treeSize + "\nmta-qr-revocation-v1\n" + cascB64 + "\n";
+        byte[] bodyBytes = body.getBytes(StandardCharsets.UTF_8);
+        byte[] sig;
+        try { sig = signer.sign(bodyBytes).get(); }
+        catch (Exception e) { throw new RuntimeException("revocation sign failed", e); }
+        byte[] keyId = witnessKeyId(signer.getKeyName(), issuerPub);
+        byte[] payload = new byte[4 + sig.length];
+        System.arraycopy(keyId, 0, payload, 0, 4);
+        System.arraycopy(sig,   0, payload, 4, sig.length);
+        String sigLine = "\n\u2014 " + signer.getKeyName() + " " +
+            Base64.getEncoder().encodeToString(payload) + "\n";
+        return body + sigLine;
+    }
+
+    private static long entryExpiryTimestamp(byte[] tbs) {
+        if (tbs == null || tbs.length < 2 || tbs[0] != ENTRY_TYPE_DATA) return 0;
+        try {
+            var obj = com.upokecenter.cbor.CBORObject.DecodeFromBytes(
+                java.util.Arrays.copyOfRange(tbs, 1, tbs.length));
+            var times = obj.get(com.upokecenter.cbor.CBORObject.FromObject(2));
+            return (times != null && times.size() >= 2) ? times.get(1).AsInt64Value() : 0;
+        } catch (Exception e) { return 0; }
+    }
+
     private static byte[] entryHash(byte[] tbs) {
         return hashLeaf(tbs);
     }

java/src/main/java/com/peculiarventures/mtaqr/verifier/Verifier.java

@@ -3,6 +3,7 @@
 import com.peculiarventures.mtaqr.issuer.Issuer;
 import com.peculiarventures.mtaqr.signing.Signer;
 import com.peculiarventures.mtaqr.signing.SignatureVerifier;
+import com.peculiarventures.mtaqr.cascade.Cascade;
 import com.peculiarventures.mtaqr.trust.TrustConfig;
 
 import java.net.URI;
@@ -94,24 +95,27 @@ public record TraceResult(
     public static Builder builder() { return new Builder(); }
 
     public static final class Builder {
-        private TrustConfig   trust;
-        private HttpClient    httpClient;
-        private NoteProvider  noteProvider;
+        private TrustConfig         trust;
+        private HttpClient          httpClient;
+        private NoteProvider        noteProvider;
+        private RevocationProvider  revocationProvider;
 
         public Builder trust(TrustConfig v)       { trust = v; return this; }
         public Builder httpClient(HttpClient v)    { httpClient = v; return this; }
         /** Inject a note provider for testing — bypasses HTTP. */
         public Builder noteProvider(NoteProvider v){ noteProvider = v; return this; }
+        /** Inject a revocation provider for testing — bypasses HTTP. */
+        public Builder revocationProvider(RevocationProvider v){ revocationProvider = v; return this; }
 
         public Verifier build() {
             Objects.requireNonNull(trust, "trust is required");
             return new Verifier(trust,
                 httpClient != null ? httpClient :
-                    // 10-second connect timeout prevents indefinite hangs on slow issuers.
                     HttpClient.newBuilder()
                         .connectTimeout(Duration.ofSeconds(10))
                         .build(),
-                noteProvider);
+                noteProvider,
+                revocationProvider);
         }
     }
 
@@ -121,14 +125,21 @@ public interface NoteProvider {
         CompletableFuture<String> fetchNote(String url);
     }
 
+    /** Provides revocation artifacts without HTTP. Used in tests. */
+    @FunctionalInterface
+    public interface RevocationProvider {
+        CompletableFuture<String> fetchArtifact(String url);
+    }
+
     // --- internals ---
 
     private static final int GRACE      = 600; // seconds
 
-    private final TrustConfig  trust;
-    private final int batchSize; // read from trust.batchSize at construction
-    private final HttpClient   httpClient;
-    private final NoteProvider noteProvider;
+    private final TrustConfig          trust;
+    private final int                  batchSize;
+    private final HttpClient           httpClient;
+    private final NoteProvider         noteProvider;
+    private final RevocationProvider   revocationProvider;
     private static final int MAX_CACHE_ENTRIES = 1000;
     // Bounded insertion-order cache — evicts oldest entry when full.
     // Prevents memory exhaustion from payloads with rapidly incrementing tree_size.
@@ -140,11 +151,16 @@ public interface NoteProvider {
         }
     );
 
-    private Verifier(TrustConfig trust, HttpClient httpClient, NoteProvider noteProvider) {
-        this.trust        = trust;
-        this.batchSize    = trust.batchSize > 0 ? trust.batchSize : 16;
-        this.httpClient   = httpClient;
-        this.noteProvider = noteProvider;
+    private record CachedRevocation(Cascade cascade, long treeSize) {}
+    private final Map<String, CachedRevocation> revocCache = new java.util.concurrent.ConcurrentHashMap<>();
+
+    private Verifier(TrustConfig trust, HttpClient httpClient,
+                     NoteProvider noteProvider, RevocationProvider revocationProvider) {
+        this.trust               = trust;
+        this.batchSize           = trust.batchSize > 0 ? trust.batchSize : 16;
+        this.httpClient          = httpClient;
+        this.noteProvider        = noteProvider;
+        this.revocationProvider  = revocationProvider;
     }
 
     /**
@@ -312,13 +328,14 @@ private TraceResult runProofAndClaimsChecks(DecodedPayload p, byte[] rootHash, L
         steps.add(new Step("cbor decode", true,
             "schema_id=" + schemaId + " issued=" + issuedAt + " expires=" + expiresAt));
 
-        // Revocation check — not yet implemented.
-        // The revocation protocol is fully specified in SPEC.md §Revocation:
-        // a Bloom filter cascade over revoked/valid entry indices, signed with
-        // the issuer key, served at GET /revoked (trust.revocationUrl).
-        // TODO: implement cascade fetch, cache, staleness check, and query.
-        // Fail-open is NOT the correct default. See issue #14.
-        steps.add(new Step("revocation check", false, "not implemented — stub only, revocation not checked"));
+        // 10. Revocation check — SPEC.md §Revocation.
+        try {
+            String revocMsg = checkRevocation(p.entryIndex, p.treeSize).get();
+            steps.add(new Step("revocation check", true, revocMsg));
+        } catch (Exception e) {
+            String reason = e.getCause() != null ? e.getCause().getMessage() : e.getMessage();
+            return fail(steps, "revocation check", reason);
+        }
 
         // Expiry
         long now = Instant.now().getEpochSecond();
@@ -337,6 +354,98 @@ private TraceResult runProofAndClaimsChecks(DecodedPayload p, byte[] rootHash, L
 
     // --- checkpoint fetch and note verification ---
 
+    // --- Revocation ---
+
+    private static final long STALE_THRESHOLD = 32L;
+
+    private CompletableFuture<String> checkRevocation(long entryIndex, long checkpointTreeSize) {
+        if (trust.revocationUrl == null || trust.revocationUrl.isEmpty())
+            return CompletableFuture.completedFuture(
+                "skipped — no revocation_url in trust config (fail-open)");
+
+        CachedRevocation cached = revocCache.get(trust.origin);
+        if (cached != null && checkpointTreeSize > cached.treeSize() &&
+                checkpointTreeSize - cached.treeSize() > STALE_THRESHOLD)
+            cached = null;
+
+        final CachedRevocation fresh = cached;
+        if (fresh == null) {
+            return fetchRevocationArtifact().thenApply(art -> {
+                revocCache.put(trust.origin, art);
+                return queryRevocation(art, entryIndex);
+            });
+        }
+        return CompletableFuture.completedFuture(queryRevocation(fresh, entryIndex));
+    }
+
+    private String queryRevocation(CachedRevocation art, long entryIndex) {
+        if (art.treeSize() <= entryIndex)
+            throw new IllegalStateException("entry_index=" + entryIndex +
+                " not covered by artifact (tree_size=" + art.treeSize() + ") — fail-closed");
+        if (art.cascade().query(entryIndex))
+            throw new IllegalStateException("entry_index=" + entryIndex + " is revoked");
+        return "entry_index=" + entryIndex + " not revoked (cascade checked, artifact tree_size=" +
+            art.treeSize() + ")";
+    }
+
+    private CompletableFuture<CachedRevocation> fetchRevocationArtifact() {
+        String url = trust.revocationUrl;
+        if (revocationProvider != null)
+            return revocationProvider.fetchArtifact(url)
+                .thenApply(this::parseRevocationArtifact);
+        HttpRequest req = HttpRequest.newBuilder()
+            .uri(URI.create(url))
+            .timeout(Duration.ofSeconds(10))
+            .GET().build();
+        return httpClient.sendAsync(req, HttpResponse.BodyHandlers.ofString())
+            .thenApply(resp -> {
+                if (resp.statusCode() != 200)
+                    throw new IllegalStateException("GET " + url + " → " + resp.statusCode());
+                if (resp.body().length() > 64 * 1024)
+                    throw new IllegalStateException("revocation artifact too large");
+                return parseRevocationArtifact(resp.body());
+            });
+    }
+
+    private CachedRevocation parseRevocationArtifact(String text) {
+        int sep = text.indexOf("\n\n");
+        if (sep < 0) throw new IllegalArgumentException("revocation artifact: missing blank line");
+        String bodyPart = text.substring(0, sep);
+        String sigPart  = text.substring(sep + 2);
+        String body     = bodyPart + "\n";
+
+        String[] lines = bodyPart.split("\n", -1);
+        if (lines.length != 4)
+            throw new IllegalArgumentException("revocation artifact: expected 4 body lines, got " + lines.length);
+        if (!lines[0].equals(trust.origin))
+            throw new IllegalArgumentException("revocation artifact: origin mismatch");
+        if (!"mta-qr-revocation-v1".equals(lines[2]))
+            throw new IllegalArgumentException("revocation artifact: unknown type: " + lines[2]);
+        long treeSize = Long.parseLong(lines[1]);
+        if (treeSize <= 0)
+            throw new IllegalArgumentException("revocation artifact: tree_size must be > 0");
+
+        byte[] cascBytes = Base64.getDecoder().decode(lines[3]);
+        Cascade cascade  = Cascade.decode(cascBytes);
+
+        // Verify signature — algorithm binding per SPEC.md.
+        byte[] bodyBytes = body.getBytes(StandardCharsets.UTF_8);
+        String keyPrefix = "\u2014 " + trust.issuerKeyName + " ";
+        boolean sigOk = false;
+        for (String line : sigPart.split("\n")) {
+            if (!line.startsWith(keyPrefix)) continue;
+            byte[] sigPayload = Base64.getDecoder().decode(line.substring(keyPrefix.length()).trim());
+            if (sigPayload.length < 4) continue;
+            byte[] sig = Arrays.copyOfRange(sigPayload, 4, sigPayload.length);
+            if (SignatureVerifier.verify(trust.sigAlg, bodyBytes, sig, trust.issuerPubKey)) {
+                sigOk = true; break;
+            }
+        }
+        if (!sigOk) throw new IllegalArgumentException("revocation artifact: signature verification failed");
+
+        return new CachedRevocation(cascade, treeSize);
+    }
+
     private record CheckpointResult(byte[] rootHash, long treeSize) {}
 
     private CompletableFuture<CheckpointResult> fetchAndVerifyCheckpoint(long requiredSize) {

java/src/test/java/com/peculiarventures/mtaqr/MlDsaVerifyTest.java

@@ -77,9 +77,11 @@ public void issueAndVerifyEndToEnd() throws Exception {
         System.out.println("note length: " + noteString.length());
 
         TrustConfig trust = TrustConfig.parse(trustJson);
+        String revArtifact = issuer.revocationArtifact();
         Verifier verifier = Verifier.builder()
                 .trust(trust)
                 .noteProvider(url -> java.util.concurrent.CompletableFuture.completedFuture(noteString))
+                .revocationProvider(url -> java.util.concurrent.CompletableFuture.completedFuture(revArtifact))
                 .build();
 
         // verify() returns VerifyOk on success, throws VerifyFail exceptionally on failure.

java/src/test/java/com/peculiarventures/mtaqr/SmokeTest.java

@@ -40,9 +40,11 @@ private void roundTrip(String label, LocalSigner signer) throws Exception {
         var qr = issuer.issue(Map.of("subject", "test"), Duration.ofHours(1)).get();
         TrustConfig trust = TrustConfig.parse(issuer.trustConfigJson("http://localhost:0/checkpoint"));
         String note = issuer.checkpointNote();
+        String revArtifact = issuer.revocationArtifact();
         Verifier v = Verifier.builder()
             .trust(trust)
             .noteProvider(url -> CompletableFuture.completedFuture(note))
+            .revocationProvider(url -> CompletableFuture.completedFuture(revArtifact))
             .build();
 
         var result = v.verify(qr.payload()).get();
@@ -61,9 +63,11 @@ private void rejectTampered(String label, LocalSigner signer) throws Exception {
 
         TrustConfig trust = TrustConfig.parse(issuer.trustConfigJson("http://localhost:0/checkpoint"));
         String note = issuer.checkpointNote();
+        String revArtifact = issuer.revocationArtifact();
         Verifier v = Verifier.builder()
             .trust(trust)
             .noteProvider(url -> CompletableFuture.completedFuture(note))
+            .revocationProvider(url -> CompletableFuture.completedFuture(revArtifact))
             .build();
 
         assertThrows(Exception.class, () -> v.verify(tampered).get(), label + ": tampered payload should fail");