Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SIOP: Multiple VP Tokens #138

Merged
merged 6 commits into from
Sep 27, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,11 @@ Release NEXT:
- Introudce `OAuth2Client` to extract creating authentication requests and token requests from OID4VCI `WalletService`
- Refactor `SimpleAuthorizationService` to extract actual authentication and authorization into `AuthorizationServiceStrategy`
- Implement JWE encryption with AES-CBC-HMAC algorithms
- SIOPv2/OpenID4VP: Support requesting and receiving claims from different credentials, i.e. a combined presentation
- Require request options on every method in `OidcSiopVerifier`
- Move `credentialScheme`, `representation`, `requestedAttributes` from `RequestOptions` to `RequestOptionsCredentials`
- In `OidcSiopVerifier` move `responseUrl` from constructor parameter to `RequestOptions`
- Add `IdToken` as result case to `OidcSiopVerifier.AuthnResponseResult`, when only an `id_token` is requested and received

Release 4.1.2:
* In `OidcSiopVerifier` add parameter `nonceService` to externalize creation and validation of nonces, e.g. for deployments in load-balanced environments
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -20,11 +20,13 @@ data class PresentationDefinition(
val purpose: String? = null,
@SerialName("input_descriptors")
val inputDescriptors: Collection<InputDescriptor>,
@Deprecated(message = "Removed in DIF Presentation Exchange 2.0.0", ReplaceWith("inputDescriptors.format"))
@SerialName("format")
val formats: FormatHolder? = null,
@SerialName("submission_requirements")
val submissionRequirements: Collection<SubmissionRequirement>? = null,
) {
@Deprecated(message = "Removed in DIF Presentation Exchange 2.0.0")
constructor(
inputDescriptors: Collection<InputDescriptor>,
formats: FormatHolder
Expand Down
Original file line number Diff line number Diff line change
@@ -1,31 +1,14 @@
package at.asitplus.wallet.lib.aries

import at.asitplus.dif.*
import at.asitplus.signum.indispensable.josef.JsonWebKey
import at.asitplus.signum.indispensable.josef.JwsAlgorithm
import at.asitplus.wallet.lib.agent.Holder
import at.asitplus.wallet.lib.agent.Verifier
import at.asitplus.wallet.lib.data.AriesGoalCodeParser
import at.asitplus.wallet.lib.data.ConstantIndex
import at.asitplus.wallet.lib.data.SchemaIndex
import at.asitplus.dif.Constraint
import at.asitplus.dif.ConstraintField
import at.asitplus.dif.ConstraintFilter
import at.asitplus.dif.DifInputDescriptor
import at.asitplus.dif.FormatContainerJwt
import at.asitplus.dif.FormatHolder
import at.asitplus.dif.PresentationDefinition
import at.asitplus.wallet.lib.msg.AttachmentFormatReference
import at.asitplus.wallet.lib.msg.JsonWebMessage
import at.asitplus.wallet.lib.msg.JwmAttachment
import at.asitplus.wallet.lib.msg.OutOfBandInvitation
import at.asitplus.wallet.lib.msg.OutOfBandInvitationBody
import at.asitplus.wallet.lib.msg.OutOfBandService
import at.asitplus.wallet.lib.msg.Presentation
import at.asitplus.wallet.lib.msg.PresentationBody
import at.asitplus.wallet.lib.msg.RequestPresentation
import at.asitplus.wallet.lib.msg.RequestPresentationAttachment
import at.asitplus.wallet.lib.msg.RequestPresentationAttachmentOptions
import at.asitplus.wallet.lib.msg.RequestPresentationBody
import at.asitplus.wallet.lib.msg.*
import com.benasher44.uuid.uuid4
import io.github.aakira.napier.Napier
import kotlinx.serialization.encodeToString
Expand Down Expand Up @@ -203,6 +186,7 @@ class PresentProofProtocol(
.also { this.state = State.REQUEST_PRESENTATION_SENT }
}

@Suppress("DEPRECATION")
private fun buildRequestPresentationMessage(
credentialScheme: ConstantIndex.CredentialScheme,
parentThreadId: String? = null,
Expand Down

Large diffs are not rendered by default.

Original file line number Diff line number Diff line change
Expand Up @@ -2,24 +2,24 @@ package at.asitplus.wallet.lib.oidc.helper

import at.asitplus.KmmResult
import at.asitplus.catching
import at.asitplus.signum.indispensable.CryptoPublicKey
import at.asitplus.signum.indispensable.josef.JwsSigned
import at.asitplus.signum.indispensable.josef.toJsonWebKey
import at.asitplus.wallet.lib.agent.CredentialSubmission
import at.asitplus.wallet.lib.agent.Holder
import at.asitplus.wallet.lib.agent.toDefaultSubmission
import at.asitplus.dif.ClaimFormatEnum
import at.asitplus.dif.FormatHolder
import at.asitplus.dif.PresentationDefinition
import at.asitplus.wallet.lib.data.dif.PresentationSubmissionValidator
import at.asitplus.wallet.lib.jws.JwsService
import at.asitplus.openid.AuthenticationRequestParameters
import at.asitplus.wallet.lib.oidc.AuthenticationRequestParametersFrom
import at.asitplus.openid.IdToken
import at.asitplus.openid.OpenIdConstants.Errors
import at.asitplus.openid.OpenIdConstants.ID_TOKEN
import at.asitplus.openid.OpenIdConstants.VP_TOKEN
import at.asitplus.openid.RelyingPartyMetadata
import at.asitplus.signum.indispensable.CryptoPublicKey
import at.asitplus.signum.indispensable.josef.JwsSigned
import at.asitplus.signum.indispensable.josef.toJsonWebKey
import at.asitplus.wallet.lib.agent.CredentialSubmission
import at.asitplus.wallet.lib.agent.Holder
import at.asitplus.wallet.lib.agent.toDefaultSubmission
import at.asitplus.wallet.lib.data.dif.PresentationSubmissionValidator
import at.asitplus.wallet.lib.jws.JwsService
import at.asitplus.wallet.lib.oidc.AuthenticationRequestParametersFrom
import at.asitplus.wallet.lib.oidvci.OAuth2Exception
import io.github.aakira.napier.Napier
import kotlinx.datetime.Clock
Expand All @@ -44,7 +44,7 @@ internal class PresentationFactory(
val credentialSubmissions = inputDescriptorSubmissions
?: holder.matchInputDescriptorsAgainstCredentialStore(
inputDescriptors = presentationDefinition.inputDescriptors,
fallbackFormatHolder = presentationDefinition.formats ?: clientMetadata?.vpFormats,
fallbackFormatHolder = clientMetadata?.vpFormats,
).getOrThrow().toDefaultSubmission()

presentationDefinition.validateSubmission(
Expand Down Expand Up @@ -129,9 +129,9 @@ internal class PresentationFactory(
}

val constraintFieldMatches = holder.evaluateInputDescriptorAgainstCredential(
inputDescriptor,
submission.value.credential,
fallbackFormatHolder = this.formats ?: clientMetadata?.vpFormats,
inputDescriptor = inputDescriptor,
credential = submission.value.credential,
fallbackFormatHolder = clientMetadata?.vpFormats,
pathAuthorizationValidator = { true },
).getOrThrow()

Expand Down
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
package at.asitplus.wallet.lib.oidc

import at.asitplus.openid.AuthenticationRequestParameters
import at.asitplus.wallet.lib.agent.HolderAgent
import at.asitplus.wallet.lib.agent.EphemeralKeyWithoutCert
import at.asitplus.wallet.lib.agent.HolderAgent
import at.asitplus.wallet.lib.agent.VerifierAgent
import at.asitplus.wallet.lib.data.ConstantIndex
import at.asitplus.wallet.lib.oidvci.decodeFromUrlQuery
Expand All @@ -16,7 +16,6 @@ class AuthenticationRequestParameterFromSerializerTest : FreeSpec({

val relyingPartyUrl = "https://example.com/rp/${uuid4()}"
val walletUrl = "https://example.com/wallet/${uuid4()}"
val responseUrl = "https://example.com/rp/${uuid4()}"

val holderKeyMaterial = EphemeralKeyWithoutCert()
val oidcSiopWallet = OidcSiopWallet(
Expand All @@ -27,7 +26,6 @@ class AuthenticationRequestParameterFromSerializerTest : FreeSpec({
val verifierSiop = OidcSiopVerifier(
verifier = VerifierAgent(EphemeralKeyWithoutCert()),
relyingPartyUrl = relyingPartyUrl,
responseUrl = responseUrl,
)

val representations = listOf(
Expand All @@ -39,8 +37,11 @@ class AuthenticationRequestParameterFromSerializerTest : FreeSpec({

representations.forEach { representation ->
val reqOptions = OidcSiopVerifier.RequestOptions(
credentialScheme = ConstantIndex.AtomicAttribute2023,
representation = representation,
credentials = setOf(
OidcSiopVerifier.RequestOptionsCredential(
ConstantIndex.AtomicAttribute2023, representation
)
)
)

"URL test $representation" {
Expand Down
Loading
Loading