Merge pull request #105 from niscy-eudiw/feature/draft25-updates

Draft 24 updates

Author: dtsiflit

Gemfile

@@ -1,3 +1,4 @@
 source "https://rubygems.org"
 
-gem "fastlane"
+gem "fastlane"
+gem "xcov"

Gemfile.lock

@@ -184,6 +184,7 @@ GEM
     simctl (1.6.10)
       CFPropertyList
       naturally
+    slack-notifier (2.4.0)
     terminal-notifier (2.0.0)
     terminal-table (3.0.2)
       unicode-display_width (>= 1.1.1, < 3)
@@ -202,17 +203,26 @@ GEM
       colored2 (~> 3.1)
       nanaimo (~> 0.3.0)
       rexml (>= 3.3.6, < 4.0)
+    xcov (1.8.1)
+      fastlane (>= 2.141.0, < 3.0.0)
+      multipart-post
+      slack-notifier
+      terminal-table
+      xcodeproj
+      xcresult (~> 0.2.0)
     xcpretty (0.3.0)
       rouge (~> 2.0.7)
     xcpretty-travis-formatter (1.0.1)
       xcpretty (~> 0.2, >= 0.0.7)
+    xcresult (0.2.2)
 
 PLATFORMS
   arm64-darwin-23
   universal-darwin-21
 
 DEPENDENCIES
   fastlane
+  xcov
 
 BUNDLED WITH
    2.4.22

README.md

@@ -1,4 +1,4 @@
-# SIOPv2 OpenID4VP 
+# OpenID4VP / SIOPv2 
 
 :heavy_exclamation_mark: **Important!** Before you proceed, please read
 the [EUDI Wallet Reference Implementation project description](https://github.com/eu-digital-identity-wallet/.github/blob/main/profile/reference-implementation.md)
@@ -18,6 +18,12 @@ the [EUDI Wallet Reference Implementation project description](https://github.co
 
 OpenID4VP is a Protocol that enables the presentation of Verifiable Credentials. It is built on top of OAuth 2.0 and supports multiple credential formats, including W3C Verifiable Credentials Data Model, ISO mdoc, and AnonCreds. This protocol allows for simple, secure, and developer-friendly credential presentation and can be used to support credential presentation and the issuance of access tokens for access to APIs based on Verifiable Credentials in the wallet
 
+This is a swift library that supports 
+the [SIOPv2 (draft 13)](https://openid.github.io/SIOPv2/openid-connect-self-issued-v2-wg-draft.html) 
+and [OpenId4VP (draft 24)](https://openid.net/specs/openid-4-verifiable-presentations-1_0-24.html) protocols.
+In particular, the library focus on the wallet's role using those two protocols with constraints
+included in ISO 23220-4 and ISO-18013-7.
+
 OpenID Connect for Verifiable Presentations (OIDC4VP) and Self-Issued OpenID Provider v2 (SIOP v2) are two specifications that have been approved as OpenID Implementer’s Drafts by the OpenID Foundation membership 1. SIOP v2 is an OpenID specification that allows end-users to act as their own OpenID Providers (OPs). Using Self-Issued OPs, end-users can authenticate themselves and present claims directly to a Relying Party (RP), typically a webapp, without involving a third-party Identity Provider 2. OIDC4VP enables the presentation of Verifiable Credentials using the OpenID Connect protocol.
 
 ## Disclaimer

Sources/DCQL/DCQL.swift

@@ -29,6 +29,7 @@ public enum DCQLError: Error {
   case emptyNamespace
   case emptyClaimName
   case emptyDocType
+  case error(String)
 }
 
 public struct CredentialQuery: Codable, Equatable, Sendable {
@@ -166,8 +167,8 @@ internal struct DCQLId {
       throw ValidationError.emptyValue
     }
 
-    let regex = "^[a-zA-Z0-9_-]+$" // Alphanumeric, underscore, hyphen
-    let predicate = NSPredicate(format: "SELF MATCHES %@", regex)
+    let regex = "^[a-zA-Z0-9_-]+$"
+    let predicate: NSPredicate = .init(format: "SELF MATCHES %@", regex)
 
     guard predicate.evaluate(with: value) else {
       throw ValidationError.invalidFormat
@@ -195,6 +196,9 @@ public struct DCQL: Codable, Equatable, Sendable {
     if let credentialSets = credentialSets {
       try credentialSets.ensureValid(knownIds: uniqueIds)
     }
+    
+    try credentials.ensureFormatsValid()
+    
     self.credentials = credentials
     self.credentialSets = credentialSets
   }
@@ -225,6 +229,16 @@ public extension Credentials {
     guard uniqueIds.count == count else { throw DCQLError.duplicateQueryId }
     return uniqueIds
   }
+  
+  func ensureFormatsValid() throws {
+    try self.forEach { credentialQuery in
+      let credentialQueryFormat = credentialQuery.format
+      switch credentialQueryFormat.format {
+      case OpenId4VPSpec.FORMAT_MSO_MDOC: try credentialQuery.claims?.forEach { try _ = $0.ensureMsoMdoc() }
+      default: try credentialQuery.claims?.forEach { try _ = $0.ensureNotMsoMdoc() }
+      }
+    }
+  }
 }
 
 public extension CredentialSets {
@@ -248,57 +262,36 @@ public extension CredentialSetQuery {
 
 public struct ClaimsQuery: Codable, Equatable, Sendable {
   public let id: ClaimId?
-  public let path: ClaimPath?
+  public let path: ClaimPath
   public let values: [String]?
-  public let namespace: MsoMdocNamespace?
-  public let claimName: MsoMdocClaimName?
+  public let intentToRetain: Bool?
 
   enum CodingKeys: String, CodingKey {
     case id
     case path
     case values
-    case namespace = "namespace"
-    case claimName = "claim_name"
+    case intentToRetain = "intent_to_retain"
   }
 
   public init(
     id: ClaimId?,
-    path: ClaimPath?,
+    path: ClaimPath,
     values: [String]?,
-    namespace: MsoMdocNamespace?,
-    claimName: MsoMdocClaimName?
+    intentToRetain: Bool? = nil
   ) {
     self.id = id
     self.path = path
     self.values = values
-    self.namespace = namespace
-    self.claimName = claimName
+    self.intentToRetain = intentToRetain
   }
 
   public init(from decoder: Decoder) throws {
     let container = try decoder.container(keyedBy: CodingKeys.self)
 
     self.id = try container.decodeIfPresent(ClaimId.self, forKey: .id)
-    self.path = try container.decodeIfPresent(ClaimPath.self, forKey: .path)
+    self.path = try container.decode(ClaimPath.self, forKey: .path)
     self.values = try container.decodeIfPresent([String].self, forKey: .values)
-    self.namespace = try container.decodeIfPresent(MsoMdocNamespace.self, forKey: .namespace)
-    self.claimName = try container.decodeIfPresent(MsoMdocClaimName.self, forKey: .claimName)
-    
-    if namespace == nil && claimName != nil {
-      throw DecodingError.dataCorruptedError(
-        forKey: .path,
-        in: container,
-        debugDescription: "Namespace must be present when claim name is present"
-      )
-    }
-    
-    if namespace != nil && claimName == nil {
-      throw DecodingError.dataCorruptedError(
-        forKey: .path,
-        in: container,
-        debugDescription: "Claim name must be present when namespace is present"
-      )
-    }
+    self.intentToRetain = try container.decodeIfPresent(Bool.self, forKey: .intentToRetain)
   }
 
   public func encode(to encoder: Encoder) throws {
@@ -307,112 +300,83 @@ public struct ClaimsQuery: Codable, Equatable, Sendable {
     try container.encodeIfPresent(id, forKey: .id)
     try container.encodeIfPresent(values, forKey: .values)
     try container.encodeIfPresent(path, forKey: .path)
-    
-    // Enforce consistency: either both namespace and claimName must be present or both absent
-    switch (namespace, claimName) {
-    case (.some(let ns), .some(let name)):
-      try container.encode(ns, forKey: .namespace)
-      try container.encode(name, forKey: .claimName)
-    case (nil, nil): break
-    default:
-      throw EncodingError.invalidValue(
-        self,
-        EncodingError.Context(
-          codingPath: container.codingPath,
-          debugDescription: "Namespace and claim name must either both be present or both be nil."
-        )
-      )
-    }
+    try container.encodeIfPresent(intentToRetain, forKey: .intentToRetain)
   }
 
   public static func sdJwtVc(
     id: ClaimId? = nil,
     path: ClaimPath,
     values: [String]? = nil
-  ) -> ClaimsQuery {
-    ClaimsQuery(
+  ) throws -> ClaimsQuery {
+    try ClaimsQuery(
       id: id,
       path: path,
+      values: values
+    ).ensureNotMsoMdoc()
+  }
+  
+  public static func mdoc(
+    id: ClaimId? = nil,
+    values: [String]? = nil,
+    namespace: String,
+    claimName: String,
+    intentToRetain: Bool? = nil
+  ) throws -> ClaimsQuery {
+    try ClaimsQuery(
+      id: id,
+      path: .claim(namespace).claim(claimName),
       values: values,
-      namespace: nil,
-      claimName: nil
-    )
+      intentToRetain: intentToRetain
+    ).ensureMsoMdoc()
   }
 
   public static func mdoc(
     id: ClaimId? = nil,
     values: [String]? = nil,
-    namespace: MsoMdocNamespace,
-    claimName: MsoMdocClaimName
-  ) -> ClaimsQuery {
-    ClaimsQuery(
+    path: ClaimPath,
+    intentToRetain: Bool? = nil
+  ) throws -> ClaimsQuery {
+    try ClaimsQuery(
       id: id,
-      path: nil,
+      path: path,
       values: values,
-      namespace: namespace,
-      claimName: claimName
-    )
+      intentToRetain: intentToRetain
+    ).ensureMsoMdoc()
   }
 }
 
-public struct MsoMdocNamespace: Codable, CustomStringConvertible, Equatable, Sendable {
-  public let namespace: String
+extension ClaimsQuery {
 
-  public init(_ namespace: String) throws {
-    guard !namespace.isEmpty else {
-      throw DCQLError.emptyNamespace
+  func ensureMsoMdoc() throws -> ClaimsQuery {
+    if path.value.count != 2 {
+      throw DCQLError.error(
+        "Claim paths for mso mdoc based must have exactly two elements"
+      )
     }
-    self.namespace = namespace
-  }
-  
-  enum CodingKeys: String, CodingKey {
-    case namespace = "namespace"
-  }
-  
-  public var description: String {
-    return namespace
-  }
-  
-  public init(from decoder: Decoder) throws {
-    let container = try decoder.singleValueContainer()
-    let namespace = try container.decode(String.self)
-    
-    if namespace.isEmpty {
-      throw DCQLError.emptyNamespace
+        
+    let claimsSatisfy = path.value.allSatisfy { element in
+      switch element {
+      case .claim:
+        return true
+      default:
+        return false
+      }
     }
-    
-    self.namespace = namespace
-  }
-}
-
-public struct MsoMdocClaimName: Codable, CustomStringConvertible, Equatable, Sendable {
-  
-  public let claimName: String
-  
-  public init(claimName: String) throws {
-    guard !claimName.isEmpty else {
-      throw DCQLError.emptyClaimName
+    if !claimsSatisfy {
+      throw DCQLError.error(
+        "ClaimPaths for MSO MDoc based formats must contain only Claim ClaimPathElements"
+      )
     }
-    self.claimName = claimName
+    return self
   }
 
-  public var description: String {
-    return claimName
-  }
-  
-  enum CodingKeys: String, CodingKey {
-    case claimName = "claim_name"
-  }
-  
-  public init(from decoder: Decoder) throws {
-    let container = try decoder.singleValueContainer()
-    let decodedValue = try container.decode(String.self)
-    
-    guard !decodedValue.isEmpty else {
-      throw DCQLError.emptyClaimName
+  func ensureNotMsoMdoc() throws -> ClaimsQuery {
+    if intentToRetain != nil {
+      throw DCQLError.error(
+        "\(OpenId4VPSpec.DCQL_MSO_MDOC_INTENT_TO_RETAIN) can be used only with msp mdoc based formats"
+      )
     }
-    
-    self.claimName = decodedValue
+    return self
   }
 }
 
@@ -457,14 +421,3 @@ public struct MsoMdocDocType: CustomStringConvertible {
     return value
   }
 }
-
-public struct MsoMdocClaimsQueryExtension: Decodable {
-  
-  public let namespace: MsoMdocNamespace?
-  public let claimName: MsoMdocClaimName?
-  
-  enum CodingKeys: String, CodingKey {
-    case namespace
-    case claimName = "claim_name"
-  }
-}

Sources/Entities/Types/OpenId4VPSpec.swift

@@ -23,6 +23,8 @@ public struct OpenId4VPSpec {
   public static let clientIdSchemeX509SanDns = "x509_san_dns"
   public static let clientIdSchemeVerifierAttestation = "verifier_attestation"
 
+  public static let AUTHORIZATION_REQUEST_OBJECT_TYPE = "oauth-authz-req+jwt"
+  
   public static let TRANSACTION_DATA_TYPE = "type"
   public static let TRANSACTION_DATA_CREDENTIAL_IDS = "credential_ids"
   public static let TRANSACTION_DATA_HASH_ALGORITHMS = "transaction_data_hashes_alg"
@@ -48,5 +50,7 @@ public struct OpenId4VPSpec {
   public static let DCQL_MSO_MDOC_DOCTYPE_VALUE: String = "doctype_value"
   public static let DCQL_MSO_MDOC_NAMESPACE: String = "namespace"
   public static let DCQL_MSO_MDOC_CLAIM_NAME: String = "claim_name"
+  
+  public static let DCQL_MSO_MDOC_INTENT_TO_RETAIN = "intent_to_retain"
 }