Merge pull request #99 from niscy-eudiw/feature/wallet-metadat-post-updates

Implement JAR encryption

Author: dtsiflit

Package.resolved

@@ -59,6 +59,12 @@ public enum AuthorizationError: LocalizedError {
   /// Non dispatchable error.
   case nonDispatchableError
 
+  /// JWT decryption failed.
+  case jwtDecryptionFailed
+  
+  /// Invalid algorithms.
+  case invalidAlgorithms
+  
   /// A localized description of the error.
   public var errorDescription: String? {
     switch self {
@@ -90,6 +96,10 @@ public enum AuthorizationError: LocalizedError {
       return ".invalidTransactionData"
     case .nonDispatchableError:
       return ".nonDispatchableError"
+    case .jwtDecryptionFailed:
+      return ".jwtDecryptionFailed"
+    case .invalidAlgorithms:
+      return ".invalidAlgorithms"
     }
   }
 }

Sources/Entities/AuthorisationRequest/AuthorizationError.swift

@@ -45,17 +45,17 @@ public enum SupportedClientIdScheme {
       * The Client Identifier is known to the Wallet in advance of the Authorization Request.
       */
     case .preregistered:
-      return "preRegistered"
+      return "pre-registered"
     case .x509SanUri:
-      return "x509SanUri"
+      return "x509_san_url"
     case .x509SanDns:
-      return "x509SanDns"
+      return "x509_san_dns"
     case .did:
       return "did"
     case .verifierAttestation:
-      return "verifierAttestation"
+      return "verifier_attestation"
     case .redirectUri:
-      return "redirectUri"
+      return "redirect_uri"
     }
   }
 

Sources/Entities/ClientMetaData/SupportedClientIdScheme.swift

@@ -192,7 +192,7 @@ public struct VpFormats: Equatable {
     }
 
     let vpFormatsDictionary: JSON = JSON(dictionaryObject)[Self.vpFormats]
-    if let formats = try? vpFormatsDictionary.decoded(as: [VpFormatsTO].self) {
+    if let formats = try? vpFormatsDictionary.decoded(as: VpFormatsTO.self) {
       try? self.init(from: formats)
     } else {
       return nil
@@ -332,14 +332,18 @@ public extension VpFormats {
 
   // Convert VpFormats to JSON
   func toJSON() -> JSON {
-    var jsonArray: [JSON] = []
+    var mergedFormats: [String: JSON] = [:]
 
     for format in values {
       let jsonFormat = format.toJSON()
-      jsonArray.append(jsonFormat)
+      
+      // Assuming jsonFormat is [String: JSON] — merge it in
+      for (key, value) in jsonFormat {
+        mergedFormats[key] = value
+      }
     }
 
-    return JSON([Self.vpFormats: jsonArray])
+    return JSON([Self.vpFormats: mergedFormats])
   }
 }
 
@@ -348,13 +352,16 @@ extension VpFormat {
   func toJSON() -> JSON {
     switch self {
     case .sdJwtVc(let sdJwtAlgorithms, let kbJwtAlgorithms):
-      return JSON(["sdJwtVc": [
+      return JSON(["vc+sd-jwt": [
         "sd-jwt_alg_values": sdJwtAlgorithms.map { $0.name },
         "kb-jwt_alg_values": kbJwtAlgorithms.map { $0.name }
       ]]
       )
-    case .msoMdoc:
-      return JSON(["msoMdoc": JSON()])
+    case .msoMdoc(let algorithms):
+      return JSON(["mso_mdoc": [
+        "alg": algorithms.map { $0.name }
+      ]
+                  ])
 
     case .jwtVp(let algorithms):
       return JSON([

Sources/Entities/Types/Configuration/VpFormats.swift

@@ -0,0 +1,70 @@
+/*
+ * Copyright (c) 2023 European Commission
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+import Foundation
+import JOSESwift
+
+public struct EncryptionRequirementSpecification: Equatable {
+  public let supportedEncryptionAlgorithm: KeyManagementAlgorithm
+  public let supportedEncryptionMethod: ContentEncryptionAlgorithm
+  public let ephemeralEncryptionKeyCurve: ECCurveType
+  
+  public init(
+    supportedEncryptionAlgorithm: KeyManagementAlgorithm = .ECDH_ES,
+    supportedEncryptionMethod: ContentEncryptionAlgorithm = .A128CBCHS256,
+    ephemeralEncryptionKeyCurve: ECCurveType = .P256
+  ) throws {
+    self.supportedEncryptionAlgorithm = supportedEncryptionAlgorithm
+    self.supportedEncryptionMethod = supportedEncryptionMethod
+    self.ephemeralEncryptionKeyCurve = ephemeralEncryptionKeyCurve
+    
+    if supportedEncryptionAlgorithm != .ECDH_ES {
+      throw ValidationError.validationError("Unsupported encryption algorithm \(supportedEncryptionAlgorithm.rawValue)")
+    }
+    
+    if supportedEncryptionMethod != .A128CBCHS256 {
+      throw ValidationError.validationError("Unsupported encryption method \(supportedEncryptionMethod.rawValue)")
+    }
+    
+    if ephemeralEncryptionKeyCurve != .P256 {
+      throw ValidationError.validationError("Unsupported ephemeral encryption key curve \(ephemeralEncryptionKeyCurve.rawValue)")
+    }
+  }
+}
+
+public enum EncryptionRequirement: Equatable {
+  /**
+    * Encryption is not required.
+    */
+  case notRequired
+  
+  /**
+    * Encryption is required.
+    *
+    * @property EncryptionRequirementSpecification: encryption algorithms supported by the Wallet, only asymmetric
+    * KeyManagementAlgorithm are supported, supportedEncryptionMethods encryption methods supported by the Wallet,
+    * the [ECCurveType] to use for generating the ephemeral encryption key
+    */
+  case required(
+    encryptionRequirementSpecification: EncryptionRequirementSpecification
+  )
+  
+  public var isNotRequired: Bool {
+    return switch self {
+    case .notRequired: true
+    case .required: false
+    }
+  }
+}

Sources/Entities/Types/EncryptionRequirement.swift

@@ -15,36 +15,57 @@
  */
 import Foundation
 
+public struct PostOptions {
+  public let includeWalletMetadata: Bool
+  public let useWalletNonce: NonceOption
+  public let jarEncryption: EncryptionRequirement
+  
+  public init(
+    includeWalletMetadata: Bool = false,
+    useWalletNonce: NonceOption = .doNotUse,
+    jarEncryption: EncryptionRequirement = .notRequired
+  ) throws {
+    self.includeWalletMetadata = includeWalletMetadata
+    self.useWalletNonce = useWalletNonce
+    self.jarEncryption = jarEncryption
+    
+    if jarEncryption != .notRequired && includeWalletMetadata == false {
+      throw ValidationError.validationError(
+        "Wallet Metadata must be included when JAR encryption is required"
+      )
+    }
+  }
+}
+
 public enum SupportedRequestUriMethod {
   case get
   case post(
     postOptions: PostOptions
   )
   case both(
-    post: PostOptions
+    postOptions: PostOptions
   )
 
-  public init?(method: String, includeWalletMetadata: Bool = true, useWalletNonce: NonceOption = .use(byteLength: 32)) {
+  public init?(
+    method: String,
+    includeWalletMetadata: Bool = true,
+    useWalletNonce: NonceOption = .use(byteLength: 32)
+  ) throws {
     switch method.uppercased() {
     case "GET":
       self = .get
     case "POST":
-      self = .post(postOptions: .init(
+      guard let options: PostOptions = try? .init(
         includeWalletMetadata: includeWalletMetadata,
         useWalletNonce: useWalletNonce
-      ))
+      ) else {
+        return nil
+      }
+      self = .post(
+        postOptions:options
+      )
     default:
-      return nil // Invalid input returns nil
-    }
-  }
-  
-  public struct PostOptions {
-    public let includeWalletMetadata: Bool
-    public let useWalletNonce: NonceOption
-    
-    public init(includeWalletMetadata: Bool, useWalletNonce: NonceOption) {
-      self.includeWalletMetadata = includeWalletMetadata
-      self.useWalletNonce = useWalletNonce
+      return nil
     }
   }
 
@@ -63,18 +84,32 @@ public enum SupportedRequestUriMethod {
     switch self {
     case .both(let postOptions):
       return postOptions
-    case .post(let options):
-      return options
+    case .post(let postOptions):
+      return postOptions
     case .get:
       return nil
     }
   }
 
-  /// Default instance
-  public static let defaultOption: SupportedRequestUriMethod = .both(
-    post: PostOptions(
+  public static let encryptionOption: SupportedRequestUriMethod = .both(
+    postOptions: try! PostOptions(
+      includeWalletMetadata: true,
+      useWalletNonce: NonceOption.use(byteLength: 32),
+      jarEncryption: .required(
+        encryptionRequirementSpecification: .init(
+          supportedEncryptionAlgorithm: .ECDH_ES,
+          supportedEncryptionMethod: .A128CBCHS256,
+          ephemeralEncryptionKeyCurve: .P256
+        )
+      )
+    )
+  )
+  
+  public static let noEncryptionOption: SupportedRequestUriMethod = .both(
+    postOptions: try! PostOptions(
       includeWalletMetadata: true,
-      useWalletNonce: NonceOption.use(byteLength: 32)
+      useWalletNonce: NonceOption.use(byteLength: 32),
+      jarEncryption: .notRequired
     )
   )
 }