From 9d2af140aff597b7b0b59e26cd10c5c00bf82939 Mon Sep 17 00:00:00 2001 From: Dimitris ZARRAS Date: Wed, 21 Jan 2026 13:00:46 +0200 Subject: [PATCH 1/3] Cleanup MsoMdocCredential --- .../openid4vci/CredentialConfiguration.kt | 5 --- .../eu/europa/ec/eudi/openid4vci/Types.kt | 17 ---------- .../CredentialIssuerMetadataJsonParser.kt | 31 ++----------------- .../eu/europa/ec/eudi/openid4vci/MockData.kt | 3 -- ...al_issuer_metadata_no_asymmetric_algs.json | 6 ++-- ...issuer_metadata_no_request_encryption.json | 6 ++-- ...ssuer_metadata_no_response_encryption.json | 6 ++-- .../credential_issuer_metadata_valid.json | 6 ++-- ...ntial_issuer_metadata_with_signed_full.txt | 2 +- ...al-issuer_attestation_proof_supported.json | 10 +++--- ...issuer_contains_invalid_configuration.json | 4 +-- ...ential-issuer_encrypted_requests_only.json | 10 +++--- ...credential-issuer_encrypted_responses.json | 10 +++--- ...ential-issuer_encryption_not_required.json | 10 +++--- ...ntial-issuer_encryption_not_supported.json | 10 +++--- ...ntial-issuer_key_attestation_required.json | 10 +++--- ...d-credential-issuer_no_nonce_endpoint.json | 10 +++--- .../openid-credential-issuer_no_scopes.json | 10 +++--- 18 files changed, 58 insertions(+), 108 deletions(-) diff --git a/src/main/kotlin/eu/europa/ec/eudi/openid4vci/CredentialConfiguration.kt b/src/main/kotlin/eu/europa/ec/eudi/openid4vci/CredentialConfiguration.kt index 039145ee..542e9da5 100644 --- a/src/main/kotlin/eu/europa/ec/eudi/openid4vci/CredentialConfiguration.kt +++ b/src/main/kotlin/eu/europa/ec/eudi/openid4vci/CredentialConfiguration.kt @@ -217,8 +217,6 @@ data class Claim( ) : Serializable } -data class MsoMdocPolicy(val oneTimeUse: Boolean, val batchSize: Int?) : Serializable - /** * The data of a Verifiable Credentials issued as an ISO MDOC. */ @@ -226,9 +224,6 @@ data class MsoMdocCredential( override val scope: String? = null, override val cryptographicBindingMethodsSupported: List = emptyList(), override val credentialSigningAlgorithmsSupported: List = emptyList(), - val isoCredentialSigningAlgorithmsSupported: List = emptyList(), - val isoCredentialCurvesSupported: List = emptyList(), - val isoPolicy: MsoMdocPolicy?, override val proofTypesSupported: ProofTypesSupported = ProofTypesSupported.Empty, override val credentialMetadata: CredentialMetadata?, val docType: String, diff --git a/src/main/kotlin/eu/europa/ec/eudi/openid4vci/Types.kt b/src/main/kotlin/eu/europa/ec/eudi/openid4vci/Types.kt index 87bf6b20..fa6dab90 100644 --- a/src/main/kotlin/eu/europa/ec/eudi/openid4vci/Types.kt +++ b/src/main/kotlin/eu/europa/ec/eudi/openid4vci/Types.kt @@ -345,9 +345,7 @@ val CIAuthorizationServerMetadata.clientAttestationPOPJWSAlgs: List - alg.takeIf { knownName == name } - } } } internal fun CoseAlgorithm.name(): String? = CoseAlgorithm.Names[this] -@JvmInline -value class CoseCurve(val value: Int) { - - companion object { - val P_256 = CoseCurve(1) - val P_384 = CoseCurve(2) - val P_521 = CoseCurve(3) - } -} - /** * Nonce (single use) value provided either by the Authorization or Resource server. */ diff --git a/src/main/kotlin/eu/europa/ec/eudi/openid4vci/internal/http/CredentialIssuerMetadataJsonParser.kt b/src/main/kotlin/eu/europa/ec/eudi/openid4vci/internal/http/CredentialIssuerMetadataJsonParser.kt index f3266e35..3d04ea35 100644 --- a/src/main/kotlin/eu/europa/ec/eudi/openid4vci/internal/http/CredentialIssuerMetadataJsonParser.kt +++ b/src/main/kotlin/eu/europa/ec/eudi/openid4vci/internal/http/CredentialIssuerMetadataJsonParser.kt @@ -84,12 +84,6 @@ private data class KeyAttestationRequirementTO( @SerialName("user_authentication") val userAuthentication: List? = null, ) -@Serializable -private data class PolicyTO( - @SerialName("one_time_use") val oneTimeUse: Boolean, - @SerialName("batch_size") val batchSize: Int? = null, -) - /** * The data of a Verifiable Credentials issued as an ISO mDL. */ @@ -102,10 +96,7 @@ private data class MsdMdocCredentialTO( @SerialName("cryptographic_binding_methods_supported") override val cryptographicBindingMethodsSupported: List? = null, @SerialName("credential_signing_alg_values_supported") - val credentialSigningAlgorithmsSupported: List? = null, - @SerialName("credential_alg_values_supported") val isoCredentialSigningAlgorithmsSupported: List? = null, - @SerialName("credential_crv_values_supported") val isoCredentialCurvesSupported: List? = null, - @SerialName("policy") val isoPolicy: PolicyTO? = null, + val credentialSigningAlgorithmsSupported: List? = null, @SerialName("proof_types_supported") override val proofTypesSupported: Map? = null, @SerialName("doctype") @Required val docType: String, @@ -120,13 +111,8 @@ private data class MsdMdocCredentialTO( .map { cryptographicBindingMethodOf(it) } val proofTypesSupported = proofTypesSupported.toProofTypes() - val cryptographicSuitesSupported = credentialSigningAlgorithmsSupported - .orEmpty().mapNotNull { it.toCoseAlgorithm()?.name() } - val coseAlgs = isoCredentialSigningAlgorithmsSupported.orEmpty().map { - requireNotNull(it.toCoseAlgorithm()) { "Expecting COSE algorithm, yet got $it" } - } - val coseCurves = isoCredentialCurvesSupported.orEmpty().map { CoseCurve(it) } - val policy = isoPolicy?.let { policy -> MsoMdocPolicy(policy.oneTimeUse, policy.batchSize) } + val cryptographicSuitesSupported = credentialSigningAlgorithmsSupported.orEmpty() + .mapNotNull { CoseAlgorithm(it).name() } if (bindingMethods.isNotEmpty()) { require(proofTypesSupported.values.isNotEmpty()) { @@ -142,9 +128,6 @@ private data class MsdMdocCredentialTO( scope, bindingMethods, cryptographicSuitesSupported, - coseAlgs, - coseCurves, - policy, proofTypesSupported, credentialMetadata?.toDomain(), docType, @@ -633,14 +616,6 @@ private fun cryptographicBindingMethodOf(s: String): CryptographicBindingMethod else -> CryptographicBindingMethod.Other(s) } -private fun JsonPrimitive.toCoseAlgorithm(): CoseAlgorithm? { - fun Int.toCose() = CoseAlgorithm(this) - fun String.toCoseByName() = CoseAlgorithm.byName(this) - fun String.toCodeByValue() = toIntOrNull()?.toCose() - val strOrNull by lazy { contentOrNull } - return intOrNull?.toCose() ?: strOrNull?.toCodeByValue() ?: strOrNull?.toCoseByName() -} - /** * Converts and validates [CredentialIssuerMetadataTO] as [CredentialIssuerMetadata] instance. */ diff --git a/src/test/kotlin/eu/europa/ec/eudi/openid4vci/MockData.kt b/src/test/kotlin/eu/europa/ec/eudi/openid4vci/MockData.kt index 4aa7d904..c9f226a1 100644 --- a/src/test/kotlin/eu/europa/ec/eudi/openid4vci/MockData.kt +++ b/src/test/kotlin/eu/europa/ec/eudi/openid4vci/MockData.kt @@ -248,9 +248,6 @@ internal fun mobileDrivingLicense() = MsoMdocCredential( "MobileDrivingLicense_msoMdoc", emptyList(), listOf("ES256", "ES384", "ES512"), - emptyList(), - emptyList(), - null, ProofTypesSupported.Empty, CredentialMetadata( listOf( diff --git a/src/test/resources/eu/europa/ec/eudi/openid4vci/internal/credential_issuer_metadata_no_asymmetric_algs.json b/src/test/resources/eu/europa/ec/eudi/openid4vci/internal/credential_issuer_metadata_no_asymmetric_algs.json index 963ec665..532ce3f7 100644 --- a/src/test/resources/eu/europa/ec/eudi/openid4vci/internal/credential_issuer_metadata_no_asymmetric_algs.json +++ b/src/test/resources/eu/europa/ec/eudi/openid4vci/internal/credential_issuer_metadata_no_asymmetric_algs.json @@ -132,9 +132,9 @@ "cose_key" ], "credential_signing_alg_values_supported": [ - "ES256", - "ES384", - "ES512" + -7, + -35, + -36 ], "proof_types_supported": { "jwt": { diff --git a/src/test/resources/eu/europa/ec/eudi/openid4vci/internal/credential_issuer_metadata_no_request_encryption.json b/src/test/resources/eu/europa/ec/eudi/openid4vci/internal/credential_issuer_metadata_no_request_encryption.json index d8bc8e58..80c7ac64 100644 --- a/src/test/resources/eu/europa/ec/eudi/openid4vci/internal/credential_issuer_metadata_no_request_encryption.json +++ b/src/test/resources/eu/europa/ec/eudi/openid4vci/internal/credential_issuer_metadata_no_request_encryption.json @@ -116,9 +116,9 @@ "scope": "MobileDrivingLicense_msoMdoc", "doctype": "org.iso.18013.5.1.mDL", "credential_signing_alg_values_supported": [ - "ES256", - "ES384", - "ES512" + -7, + -35, + -36 ], "credential_metadata": { "display": [ diff --git a/src/test/resources/eu/europa/ec/eudi/openid4vci/internal/credential_issuer_metadata_no_response_encryption.json b/src/test/resources/eu/europa/ec/eudi/openid4vci/internal/credential_issuer_metadata_no_response_encryption.json index 752fd5c3..c101b83d 100644 --- a/src/test/resources/eu/europa/ec/eudi/openid4vci/internal/credential_issuer_metadata_no_response_encryption.json +++ b/src/test/resources/eu/europa/ec/eudi/openid4vci/internal/credential_issuer_metadata_no_response_encryption.json @@ -121,9 +121,9 @@ "scope": "MobileDrivingLicense_msoMdoc", "doctype": "org.iso.18013.5.1.mDL", "credential_signing_alg_values_supported": [ - "ES256", - "ES384", - "ES512" + -7, + -35, + -36 ], "credential_metadata": { "display": [ diff --git a/src/test/resources/eu/europa/ec/eudi/openid4vci/internal/credential_issuer_metadata_valid.json b/src/test/resources/eu/europa/ec/eudi/openid4vci/internal/credential_issuer_metadata_valid.json index e4a19f0b..084650d0 100644 --- a/src/test/resources/eu/europa/ec/eudi/openid4vci/internal/credential_issuer_metadata_valid.json +++ b/src/test/resources/eu/europa/ec/eudi/openid4vci/internal/credential_issuer_metadata_valid.json @@ -139,9 +139,9 @@ "scope": "MobileDrivingLicense_msoMdoc", "doctype": "org.iso.18013.5.1.mDL", "credential_signing_alg_values_supported": [ - "ES256", - "ES384", - "ES512" + -7, + -35, + -36 ], "credential_metadata": { "display": [ diff --git a/src/test/resources/eu/europa/ec/eudi/openid4vci/internal/credential_issuer_metadata_with_signed_full.txt b/src/test/resources/eu/europa/ec/eudi/openid4vci/internal/credential_issuer_metadata_with_signed_full.txt index ccaeb217..26c2bcdb 100644 --- a/src/test/resources/eu/europa/ec/eudi/openid4vci/internal/credential_issuer_metadata_with_signed_full.txt +++ b/src/test/resources/eu/europa/ec/eudi/openid4vci/internal/credential_issuer_metadata_with_signed_full.txt @@ -1 +1 @@ -eyJ0eXAiOiJvcGVuaWR2Y2ktaXNzdWVyLW1ldGFkYXRhK2p3dCIsImFsZyI6IkVTMjU2IiwiandrIjp7Imt0eSI6IkVDIiwiY3J2IjoiUC0yNTYiLCJ4IjoiaWx6dDBhX3VrRVgtbmwwUzA1UzJSQWxiUUZMMkRTT3BUalQzeGY1MkpCWSIsInkiOiJxLWZOdl9kMG5sWmZfU18zUy1LbXJrdElzeWxCMGN5YlJpTDZyWk1MWkhJIn19.eyJzdWIiOiJodHRwczovL2NyZWRlbnRpYWwtaXNzdWVyLmV4YW1wbGUuY29tIiwiZGlzcGxheSI6W3sibmFtZSI6ImNyZWRlbnRpYWwtaXNzdWVyLmV4YW1wbGUuY29tIiwibG9jYWxlIjoiZW4tVVMiLCJsb2dvIjp7InVyaSI6Imh0dHBzOi8vY3JlZGVudGlhbC1pc3N1ZXIuZXhhbXBsZS5jb20vbG9nby5wbmciLCJhbHRfdGV4dCI6IkNyZWRlbnRpYWwgSXNzdWVyIExvZ28ifX1dLCJpc3MiOiJodHRwczovL2NyZWRlbnRpYWwtaXNzdWVyLmV4YW1wbGUuY29tIiwiY3JlZGVudGlhbF9yZXF1ZXN0X2VuY3J5cHRpb24iOnsiandrcyI6eyJrZXlzIjpbeyJrdHkiOiJFQyIsInVzZSI6ImVuYyIsImNydiI6IlAtMjU2Iiwia2lkIjoiZW5jS2V5LTAiLCJ4IjoiVG1jc05GNkpwV2pQODV3S2ZCWEt5YkhhSk5vd3RwNmpDdVRvcHBEb3NkdyIsInkiOiJlZ3pEdUp1U3h5eXBDRTBxVW9vMW9LT25zbHBhdzFPbS1mbFE0a25hZmFzIiwiYWxnIjoiRUNESC1FUyIsImlhdCI6MTc1NTM1MjU4OH1dfSwiZW5jX3ZhbHVlc19zdXBwb3J0ZWQiOlsiWEMyMFAiXSwiemlwX3ZhbHVlc19zdXBwb3J0ZWQiOlsiREVGIl0sImVuY3J5cHRpb25fcmVxdWlyZWQiOnRydWV9LCJiYXRjaF9jcmVkZW50aWFsX2lzc3VhbmNlIjp7ImJhdGNoX3NpemUiOjE1fSwiY3JlZGVudGlhbF9jb25maWd1cmF0aW9uc19zdXBwb3J0ZWQiOnsiVW5pdmVyc2l0eURlZ3JlZV9KV1QiOnsiZm9ybWF0Ijoiand0X3ZjX2pzb24iLCJzY29wZSI6IlVuaXZlcnNpdHlEZWdyZWVfSldUIiwiY3J5cHRvZ3JhcGhpY19iaW5kaW5nX21ldGhvZHNfc3VwcG9ydGVkIjpbImRpZDpleGFtcGxlIl0sImNyZWRlbnRpYWxfc2lnbmluZ19hbGdfdmFsdWVzX3N1cHBvcnRlZCI6WyJFUzI1NksiXSwicHJvb2ZfdHlwZXNfc3VwcG9ydGVkIjp7Imp3dCI6eyJwcm9vZl9zaWduaW5nX2FsZ192YWx1ZXNfc3VwcG9ydGVkIjpbIlJTMjU2IiwiRVMyNTYiXX19LCJjcmVkZW50aWFsX2RlZmluaXRpb24iOnsidHlwZSI6WyJWZXJpZmlhYmxlQ3JlZGVudGlhbCIsIlVuaXZlcnNpdHlEZWdyZWVDcmVkZW50aWFsIl19LCJjcmVkZW50aWFsX21ldGFkYXRhIjp7ImRpc3BsYXkiOlt7Im5hbWUiOiJVbml2ZXJzaXR5IENyZWRlbnRpYWwiLCJsb2NhbGUiOiJlbi1VUyIsImxvZ28iOnsidXJpIjoiaHR0cHM6Ly9leGFtcGxldW5pdmVyc2l0eS5jb20vcHVibGljL2xvZ28ucG5nIiwiYWx0X3RleHQiOiJhIHNxdWFyZSBsb2dvIG9mIGEgdW5pdmVyc2l0eSJ9LCJiYWNrZ3JvdW5kX2NvbG9yIjoiIzEyMTA3YyIsImJhY2tncm91bmRfaW1hZ2UiOnsidXJpIjoiaHR0cHM6Ly9leGFtcGxlc3RhdGUuY29tL3B1YmxpYy9iYWNrZ3JvdW5kLnBuZyJ9LCJ0ZXh0X2NvbG9yIjoiI0ZGRkZGRiJ9XSwiY2xhaW1zIjpbeyJwYXRoIjpbImdpdmVuX25hbWUiXSwiZGlzcGxheSI6W3sibmFtZSI6IkdpdmVuIE5hbWUiLCJsb2NhbGUiOiJlbi1VUyJ9XX0seyJwYXRoIjpbImZhbWlseV9uYW1lIl0sImRpc3BsYXkiOlt7Im5hbWUiOiJTdXJuYW1lIiwibG9jYWxlIjoiZW4tVVMifV19LHsicGF0aCI6WyJkZWdyZWUiXX0seyJwYXRoIjpbImdwYSJdLCJkaXNwbGF5IjpbeyJuYW1lIjoibmFtZSIsImxvY2FsZSI6IkdQQSJ9XX1dfX0sIk1vYmlsZURyaXZpbmdMaWNlbnNlX21zb01kb2MiOnsiZm9ybWF0IjoibXNvX21kb2MiLCJzY29wZSI6Ik1vYmlsZURyaXZpbmdMaWNlbnNlX21zb01kb2MiLCJjcmVkZW50aWFsX3NpZ25pbmdfYWxnX3ZhbHVlc19zdXBwb3J0ZWQiOlsiRVMyNTYiLCJFUzM4NCIsIkVTNTEyIl0sImRvY3R5cGUiOiJvcmcuaXNvLjE4MDEzLjUuMS5tREwiLCJjcmVkZW50aWFsX21ldGFkYXRhIjp7ImRpc3BsYXkiOlt7Im5hbWUiOiJNb2JpbGUgRHJpdmluZyBMaWNlbnNlIiwibG9jYWxlIjoiZW4tVVMiLCJsb2dvIjp7InVyaSI6Imh0dHBzOi8vZXhhbXBsZXN0YXRlLmNvbS9wdWJsaWMvbWRsLnBuZyIsImFsdF90ZXh0IjoiYSBzcXVhcmUgZmlndXJlIG9mIGEgbW9iaWxlIGRyaXZpbmcgbGljZW5zZSJ9LCJiYWNrZ3JvdW5kX2NvbG9yIjoiIzEyMTA3YyIsImJhY2tncm91bmRfaW1hZ2UiOnsidXJpIjoiaHR0cHM6Ly9leGFtcGxlc3RhdGUuY29tL3B1YmxpYy9iYWNrZ3JvdW5kLnBuZyJ9LCJ0ZXh0X2NvbG9yIjoiI0ZGRkZGRiJ9XSwiY2xhaW1zIjpbeyJwYXRoIjpbIm9yZy5pc28uMTgwMTMuNS4xIiwiZ2l2ZW5fbmFtZSJdLCJkaXNwbGF5IjpbeyJuYW1lIjoiR2l2ZW4gTmFtZSIsImxvY2FsZSI6ImVuLVVTIn1dfSx7InBhdGgiOlsib3JnLmlzby4xODAxMy41LjEiLCJmYW1pbHlfbmFtZSJdLCJkaXNwbGF5IjpbeyJuYW1lIjoiU3VybmFtZSIsImxvY2FsZSI6ImVuLVVTIn1dfSx7InBhdGgiOlsib3JnLmlzby4xODAxMy41LjEiLCJiaXJ0aF9kYXRlIl19LHsicGF0aCI6WyJvcmcuaXNvLjE4MDEzLjUuMS5hYW12YSIsIm9yZ2FuX2Rvbm9yIl19XX19LCJVbml2ZXJzaXR5RGVncmVlX0xEUF9WQyI6eyJmb3JtYXQiOiJsZHBfdmMiLCJzY29wZSI6IlVuaXZlcnNpdHlEZWdyZWVfTERQX1ZDIiwiY3J5cHRvZ3JhcGhpY19iaW5kaW5nX21ldGhvZHNfc3VwcG9ydGVkIjpbImRpZDpleGFtcGxlIl0sImNyZWRlbnRpYWxfc2lnbmluZ19hbGdfdmFsdWVzX3N1cHBvcnRlZCI6WyJFZDI1NTE5U2lnbmF0dXJlMjAxOCJdLCJwcm9vZl90eXBlc19zdXBwb3J0ZWQiOnsiand0Ijp7InByb29mX3NpZ25pbmdfYWxnX3ZhbHVlc19zdXBwb3J0ZWQiOlsiUlMyNTYiLCJFUzI1NiJdLCJrZXlfYXR0ZXN0YXRpb25zX3JlcXVpcmVkIjp7ImtleV9zdG9yYWdlIjpbImlzb18xODA0NV9oaWdoIiwiaXNvXzE4MDQ1X2VuaGFuY2VkLWJhc2ljIl19fX0sImNyZWRlbnRpYWxfZGVmaW5pdGlvbiI6eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvMjAxOC9jcmVkZW50aWFscy92MSIsImh0dHBzOi8vd3d3LnczLm9yZy8yMDE4L2NyZWRlbnRpYWxzL2V4YW1wbGVzL3YxIl0sInR5cGUiOlsiVmVyaWZpYWJsZUNyZWRlbnRpYWxfTERQX1ZDIiwiVW5pdmVyc2l0eURlZ3JlZUNyZWRlbnRpYWxfTERQX1ZDIl19LCJjcmVkZW50aWFsX21ldGFkYXRhIjp7ImRpc3BsYXkiOlt7Im5hbWUiOiJVbml2ZXJzaXR5IENyZWRlbnRpYWwiLCJsb2NhbGUiOiJlbi1VUyIsImxvZ28iOnsidXJpIjoiaHR0cHM6Ly9leGFtcGxldW5pdmVyc2l0eS5jb20vcHVibGljL2xvZ28ucG5nIiwiYWx0X3RleHQiOiJhIHNxdWFyZSBsb2dvIG9mIGEgdW5pdmVyc2l0eSJ9LCJiYWNrZ3JvdW5kX2NvbG9yIjoiIzEyMTA3YyIsInRleHRfY29sb3IiOiIjRkZGRkZGIn1dLCJjbGFpbXMiOlt7InBhdGgiOlsiZ2l2ZW5fbmFtZSJdLCJkaXNwbGF5IjpbeyJuYW1lIjoiR2l2ZW4gTmFtZSIsImxvY2FsZSI6ImVuLVVTIn1dfSx7InBhdGgiOlsiZmFtaWx5X25hbWUiXSwiZGlzcGxheSI6W3sibmFtZSI6IlN1cm5hbWUiLCJsb2NhbGUiOiJlbi1VUyJ9XX0seyJwYXRoIjpbImRlZ3JlZSJdfSx7InBhdGgiOlsiZ3BhIl0sImRpc3BsYXkiOlt7Im5hbWUiOiJuYW1lIiwibG9jYWxlIjoiR1BBIn1dfV19fSwiVW5pdmVyc2l0eURlZ3JlZV9KV1RfVkNfSlNPTi1MRCI6eyJmb3JtYXQiOiJqd3RfdmNfanNvbi1sZCIsInNjb3BlIjoiVW5pdmVyc2l0eURlZ3JlZV9KV1RfVkNfSlNPTi1MRCIsImNyeXB0b2dyYXBoaWNfYmluZGluZ19tZXRob2RzX3N1cHBvcnRlZCI6WyJkaWQ6ZXhhbXBsZSJdLCJjcmVkZW50aWFsX3NpZ25pbmdfYWxnX3ZhbHVlc19zdXBwb3J0ZWQiOlsiRWQyNTUxOVNpZ25hdHVyZTIwMTgiXSwicHJvb2ZfdHlwZXNfc3VwcG9ydGVkIjp7Imp3dCI6eyJwcm9vZl9zaWduaW5nX2FsZ192YWx1ZXNfc3VwcG9ydGVkIjpbIlJTMjU2IiwiRVMyNTYiXSwia2V5X2F0dGVzdGF0aW9uc19yZXF1aXJlZCI6eyJrZXlfc3RvcmFnZSI6WyJpc29fMTgwNDVfaGlnaCIsImlzb18xODA0NV9lbmhhbmNlZC1iYXNpYyJdLCJ1c2VyX2F1dGhlbnRpY2F0aW9uIjpbImlzb18xODA0NV9oaWdoIiwiaXNvXzE4MDQ1X2VuaGFuY2VkLWJhc2ljIl19fX0sImNyZWRlbnRpYWxfZGVmaW5pdGlvbiI6eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvMjAxOC9jcmVkZW50aWFscy92MSIsImh0dHBzOi8vd3d3LnczLm9yZy8yMDE4L2NyZWRlbnRpYWxzL2V4YW1wbGVzL3YxIl0sInR5cGUiOlsiVmVyaWZpYWJsZUNyZWRlbnRpYWxfSldUX1ZDX0pTT04tTEQiLCJVbml2ZXJzaXR5RGVncmVlQ3JlZGVudGlhbF9KV1RfVkNfSlNPTi1MRCJdfSwiY3JlZGVudGlhbF9tZXRhZGF0YSI6eyJkaXNwbGF5IjpbeyJuYW1lIjoiVW5pdmVyc2l0eSBDcmVkZW50aWFsIiwibG9jYWxlIjoiZW4tVVMiLCJsb2dvIjp7InVyaSI6Imh0dHBzOi8vZXhhbXBsZXVuaXZlcnNpdHkuY29tL3B1YmxpYy9sb2dvLnBuZyIsImFsdF90ZXh0IjoiYSBzcXVhcmUgbG9nbyBvZiBhIHVuaXZlcnNpdHkifSwiYmFja2dyb3VuZF9jb2xvciI6IiMxMjEwN2MiLCJ0ZXh0X2NvbG9yIjoiI0ZGRkZGRiJ9XSwiY2xhaW1zIjpbeyJwYXRoIjpbImdpdmVuX25hbWUiXSwiZGlzcGxheSI6W3sibmFtZSI6IkdpdmVuIE5hbWUiLCJsb2NhbGUiOiJlbi1VUyJ9XX0seyJwYXRoIjpbImZhbWlseV9uYW1lIl0sImRpc3BsYXkiOlt7Im5hbWUiOiJTdXJuYW1lIiwibG9jYWxlIjoiZW4tVVMifV19LHsicGF0aCI6WyJkZWdyZWUiXX0seyJwYXRoIjpbImdwYSJdLCJkaXNwbGF5IjpbeyJuYW1lIjoibmFtZSIsImxvY2FsZSI6IkdQQSJ9XX1dfX19LCJub25jZV9lbmRwb2ludCI6Imh0dHBzOi8vY3JlZGVudGlhbC1pc3N1ZXIuZXhhbXBsZS5jb20vc2lnbmVkL25vbmNlIiwiY3JlZGVudGlhbF9pc3N1ZXIiOiJodHRwczovL2NyZWRlbnRpYWwtaXNzdWVyLmV4YW1wbGUuY29tIiwiY3JlZGVudGlhbF9yZXNwb25zZV9lbmNyeXB0aW9uIjp7ImFsZ192YWx1ZXNfc3VwcG9ydGVkIjpbIlJTQS1PQUVQLTI1NiJdLCJlbmNfdmFsdWVzX3N1cHBvcnRlZCI6WyJYQzIwUCJdLCJlbmNyeXB0aW9uX3JlcXVpcmVkIjp0cnVlfSwibm90aWZpY2F0aW9uX2VuZHBvaW50IjoiaHR0cHM6Ly9jcmVkZW50aWFsLWlzc3Vlci5leGFtcGxlLmNvbS9zaWduZWQvbm90aWZpY2F0aW9uIiwiaWF0IjoxNzQxMjYxMTA1LCJkZWZlcnJlZF9jcmVkZW50aWFsX2VuZHBvaW50IjoiaHR0cHM6Ly9jcmVkZW50aWFsLWlzc3Vlci5leGFtcGxlLmNvbS9zaWduZWQvY3JlZGVudGlhbHMvZGVmZXJyZWQiLCJhdXRob3JpemF0aW9uX3NlcnZlcnMiOlsiaHR0cHM6Ly9rZXljbG9hay1ldWRpLm5ldGNvbXBhbnktaW50cmFzb2Z0LmNvbS9yZWFsbXMvcGlkLWlzc3Vlci1yZWFsbSJdLCJjcmVkZW50aWFsX2VuZHBvaW50IjoiaHR0cHM6Ly9jcmVkZW50aWFsLWlzc3Vlci5leGFtcGxlLmNvbS9zaWduZWQvY3JlZGVudGlhbHMifQ.U8bgMkA_9ACxBeixYsjA6VrSS4lLaaWiSUs-FH63ratfljyFza-pAVe-PX3U57lPVMQB6bpmg4fFsrE_JNl6fQ \ No newline at end of file +eyJ0eXAiOiJvcGVuaWR2Y2ktaXNzdWVyLW1ldGFkYXRhK2p3dCIsImFsZyI6IkVTMjU2IiwiandrIjp7Imt0eSI6IkVDIiwiY3J2IjoiUC0yNTYiLCJ4IjoiaWx6dDBhX3VrRVgtbmwwUzA1UzJSQWxiUUZMMkRTT3BUalQzeGY1MkpCWSIsInkiOiJxLWZOdl9kMG5sWmZfU18zUy1LbXJrdElzeWxCMGN5YlJpTDZyWk1MWkhJIn19.eyJzdWIiOiJodHRwczovL2NyZWRlbnRpYWwtaXNzdWVyLmV4YW1wbGUuY29tIiwiZGlzcGxheSI6W3sibmFtZSI6ImNyZWRlbnRpYWwtaXNzdWVyLmV4YW1wbGUuY29tIiwibG9jYWxlIjoiZW4tVVMiLCJsb2dvIjp7InVyaSI6Imh0dHBzOi8vY3JlZGVudGlhbC1pc3N1ZXIuZXhhbXBsZS5jb20vbG9nby5wbmciLCJhbHRfdGV4dCI6IkNyZWRlbnRpYWwgSXNzdWVyIExvZ28ifX1dLCJpc3MiOiJodHRwczovL2NyZWRlbnRpYWwtaXNzdWVyLmV4YW1wbGUuY29tIiwiY3JlZGVudGlhbF9yZXF1ZXN0X2VuY3J5cHRpb24iOnsiandrcyI6eyJrZXlzIjpbeyJrdHkiOiJFQyIsInVzZSI6ImVuYyIsImNydiI6IlAtMjU2Iiwia2lkIjoiZW5jS2V5LTAiLCJ4IjoiVG1jc05GNkpwV2pQODV3S2ZCWEt5YkhhSk5vd3RwNmpDdVRvcHBEb3NkdyIsInkiOiJlZ3pEdUp1U3h5eXBDRTBxVW9vMW9LT25zbHBhdzFPbS1mbFE0a25hZmFzIiwiYWxnIjoiRUNESC1FUyIsImlhdCI6MTc1NTM1MjU4OH1dfSwiZW5jX3ZhbHVlc19zdXBwb3J0ZWQiOlsiWEMyMFAiXSwiemlwX3ZhbHVlc19zdXBwb3J0ZWQiOlsiREVGIl0sImVuY3J5cHRpb25fcmVxdWlyZWQiOnRydWV9LCJiYXRjaF9jcmVkZW50aWFsX2lzc3VhbmNlIjp7ImJhdGNoX3NpemUiOjE1fSwiY3JlZGVudGlhbF9jb25maWd1cmF0aW9uc19zdXBwb3J0ZWQiOnsiVW5pdmVyc2l0eURlZ3JlZV9KV1QiOnsiZm9ybWF0Ijoiand0X3ZjX2pzb24iLCJzY29wZSI6IlVuaXZlcnNpdHlEZWdyZWVfSldUIiwiY3J5cHRvZ3JhcGhpY19iaW5kaW5nX21ldGhvZHNfc3VwcG9ydGVkIjpbImRpZDpleGFtcGxlIl0sImNyZWRlbnRpYWxfc2lnbmluZ19hbGdfdmFsdWVzX3N1cHBvcnRlZCI6WyJFUzI1NksiXSwicHJvb2ZfdHlwZXNfc3VwcG9ydGVkIjp7Imp3dCI6eyJwcm9vZl9zaWduaW5nX2FsZ192YWx1ZXNfc3VwcG9ydGVkIjpbIlJTMjU2IiwiRVMyNTYiXX19LCJjcmVkZW50aWFsX2RlZmluaXRpb24iOnsidHlwZSI6WyJWZXJpZmlhYmxlQ3JlZGVudGlhbCIsIlVuaXZlcnNpdHlEZWdyZWVDcmVkZW50aWFsIl19LCJjcmVkZW50aWFsX21ldGFkYXRhIjp7ImRpc3BsYXkiOlt7Im5hbWUiOiJVbml2ZXJzaXR5IENyZWRlbnRpYWwiLCJsb2NhbGUiOiJlbi1VUyIsImxvZ28iOnsidXJpIjoiaHR0cHM6Ly9leGFtcGxldW5pdmVyc2l0eS5jb20vcHVibGljL2xvZ28ucG5nIiwiYWx0X3RleHQiOiJhIHNxdWFyZSBsb2dvIG9mIGEgdW5pdmVyc2l0eSJ9LCJiYWNrZ3JvdW5kX2NvbG9yIjoiIzEyMTA3YyIsImJhY2tncm91bmRfaW1hZ2UiOnsidXJpIjoiaHR0cHM6Ly9leGFtcGxlc3RhdGUuY29tL3B1YmxpYy9iYWNrZ3JvdW5kLnBuZyJ9LCJ0ZXh0X2NvbG9yIjoiI0ZGRkZGRiJ9XSwiY2xhaW1zIjpbeyJwYXRoIjpbImdpdmVuX25hbWUiXSwiZGlzcGxheSI6W3sibmFtZSI6IkdpdmVuIE5hbWUiLCJsb2NhbGUiOiJlbi1VUyJ9XX0seyJwYXRoIjpbImZhbWlseV9uYW1lIl0sImRpc3BsYXkiOlt7Im5hbWUiOiJTdXJuYW1lIiwibG9jYWxlIjoiZW4tVVMifV19LHsicGF0aCI6WyJkZWdyZWUiXX0seyJwYXRoIjpbImdwYSJdLCJkaXNwbGF5IjpbeyJuYW1lIjoibmFtZSIsImxvY2FsZSI6IkdQQSJ9XX1dfX0sIk1vYmlsZURyaXZpbmdMaWNlbnNlX21zb01kb2MiOnsiZm9ybWF0IjoibXNvX21kb2MiLCJzY29wZSI6Ik1vYmlsZURyaXZpbmdMaWNlbnNlX21zb01kb2MiLCJjcmVkZW50aWFsX3NpZ25pbmdfYWxnX3ZhbHVlc19zdXBwb3J0ZWQiOlstNywtMzUsLTM2XSwiZG9jdHlwZSI6Im9yZy5pc28uMTgwMTMuNS4xLm1ETCIsImNyZWRlbnRpYWxfbWV0YWRhdGEiOnsiZGlzcGxheSI6W3sibmFtZSI6Ik1vYmlsZSBEcml2aW5nIExpY2Vuc2UiLCJsb2NhbGUiOiJlbi1VUyIsImxvZ28iOnsidXJpIjoiaHR0cHM6Ly9leGFtcGxlc3RhdGUuY29tL3B1YmxpYy9tZGwucG5nIiwiYWx0X3RleHQiOiJhIHNxdWFyZSBmaWd1cmUgb2YgYSBtb2JpbGUgZHJpdmluZyBsaWNlbnNlIn0sImJhY2tncm91bmRfY29sb3IiOiIjMTIxMDdjIiwiYmFja2dyb3VuZF9pbWFnZSI6eyJ1cmkiOiJodHRwczovL2V4YW1wbGVzdGF0ZS5jb20vcHVibGljL2JhY2tncm91bmQucG5nIn0sInRleHRfY29sb3IiOiIjRkZGRkZGIn1dLCJjbGFpbXMiOlt7InBhdGgiOlsib3JnLmlzby4xODAxMy41LjEiLCJnaXZlbl9uYW1lIl0sImRpc3BsYXkiOlt7Im5hbWUiOiJHaXZlbiBOYW1lIiwibG9jYWxlIjoiZW4tVVMifV19LHsicGF0aCI6WyJvcmcuaXNvLjE4MDEzLjUuMSIsImZhbWlseV9uYW1lIl0sImRpc3BsYXkiOlt7Im5hbWUiOiJTdXJuYW1lIiwibG9jYWxlIjoiZW4tVVMifV19LHsicGF0aCI6WyJvcmcuaXNvLjE4MDEzLjUuMSIsImJpcnRoX2RhdGUiXX0seyJwYXRoIjpbIm9yZy5pc28uMTgwMTMuNS4xLmFhbXZhIiwib3JnYW5fZG9ub3IiXX1dfX0sIlVuaXZlcnNpdHlEZWdyZWVfTERQX1ZDIjp7ImZvcm1hdCI6ImxkcF92YyIsInNjb3BlIjoiVW5pdmVyc2l0eURlZ3JlZV9MRFBfVkMiLCJjcnlwdG9ncmFwaGljX2JpbmRpbmdfbWV0aG9kc19zdXBwb3J0ZWQiOlsiZGlkOmV4YW1wbGUiXSwiY3JlZGVudGlhbF9zaWduaW5nX2FsZ192YWx1ZXNfc3VwcG9ydGVkIjpbIkVkMjU1MTlTaWduYXR1cmUyMDE4Il0sInByb29mX3R5cGVzX3N1cHBvcnRlZCI6eyJqd3QiOnsicHJvb2Zfc2lnbmluZ19hbGdfdmFsdWVzX3N1cHBvcnRlZCI6WyJSUzI1NiIsIkVTMjU2Il0sImtleV9hdHRlc3RhdGlvbnNfcmVxdWlyZWQiOnsia2V5X3N0b3JhZ2UiOlsiaXNvXzE4MDQ1X2hpZ2giLCJpc29fMTgwNDVfZW5oYW5jZWQtYmFzaWMiXX19fSwiY3JlZGVudGlhbF9kZWZpbml0aW9uIjp7IkBjb250ZXh0IjpbImh0dHBzOi8vd3d3LnczLm9yZy8yMDE4L2NyZWRlbnRpYWxzL3YxIiwiaHR0cHM6Ly93d3cudzMub3JnLzIwMTgvY3JlZGVudGlhbHMvZXhhbXBsZXMvdjEiXSwidHlwZSI6WyJWZXJpZmlhYmxlQ3JlZGVudGlhbF9MRFBfVkMiLCJVbml2ZXJzaXR5RGVncmVlQ3JlZGVudGlhbF9MRFBfVkMiXX0sImNyZWRlbnRpYWxfbWV0YWRhdGEiOnsiZGlzcGxheSI6W3sibmFtZSI6IlVuaXZlcnNpdHkgQ3JlZGVudGlhbCIsImxvY2FsZSI6ImVuLVVTIiwibG9nbyI6eyJ1cmkiOiJodHRwczovL2V4YW1wbGV1bml2ZXJzaXR5LmNvbS9wdWJsaWMvbG9nby5wbmciLCJhbHRfdGV4dCI6ImEgc3F1YXJlIGxvZ28gb2YgYSB1bml2ZXJzaXR5In0sImJhY2tncm91bmRfY29sb3IiOiIjMTIxMDdjIiwidGV4dF9jb2xvciI6IiNGRkZGRkYifV0sImNsYWltcyI6W3sicGF0aCI6WyJnaXZlbl9uYW1lIl0sImRpc3BsYXkiOlt7Im5hbWUiOiJHaXZlbiBOYW1lIiwibG9jYWxlIjoiZW4tVVMifV19LHsicGF0aCI6WyJmYW1pbHlfbmFtZSJdLCJkaXNwbGF5IjpbeyJuYW1lIjoiU3VybmFtZSIsImxvY2FsZSI6ImVuLVVTIn1dfSx7InBhdGgiOlsiZGVncmVlIl19LHsicGF0aCI6WyJncGEiXSwiZGlzcGxheSI6W3sibmFtZSI6Im5hbWUiLCJsb2NhbGUiOiJHUEEifV19XX19LCJVbml2ZXJzaXR5RGVncmVlX0pXVF9WQ19KU09OLUxEIjp7ImZvcm1hdCI6Imp3dF92Y19qc29uLWxkIiwic2NvcGUiOiJVbml2ZXJzaXR5RGVncmVlX0pXVF9WQ19KU09OLUxEIiwiY3J5cHRvZ3JhcGhpY19iaW5kaW5nX21ldGhvZHNfc3VwcG9ydGVkIjpbImRpZDpleGFtcGxlIl0sImNyZWRlbnRpYWxfc2lnbmluZ19hbGdfdmFsdWVzX3N1cHBvcnRlZCI6WyJFZDI1NTE5U2lnbmF0dXJlMjAxOCJdLCJwcm9vZl90eXBlc19zdXBwb3J0ZWQiOnsiand0Ijp7InByb29mX3NpZ25pbmdfYWxnX3ZhbHVlc19zdXBwb3J0ZWQiOlsiUlMyNTYiLCJFUzI1NiJdLCJrZXlfYXR0ZXN0YXRpb25zX3JlcXVpcmVkIjp7ImtleV9zdG9yYWdlIjpbImlzb18xODA0NV9oaWdoIiwiaXNvXzE4MDQ1X2VuaGFuY2VkLWJhc2ljIl0sInVzZXJfYXV0aGVudGljYXRpb24iOlsiaXNvXzE4MDQ1X2hpZ2giLCJpc29fMTgwNDVfZW5oYW5jZWQtYmFzaWMiXX19fSwiY3JlZGVudGlhbF9kZWZpbml0aW9uIjp7IkBjb250ZXh0IjpbImh0dHBzOi8vd3d3LnczLm9yZy8yMDE4L2NyZWRlbnRpYWxzL3YxIiwiaHR0cHM6Ly93d3cudzMub3JnLzIwMTgvY3JlZGVudGlhbHMvZXhhbXBsZXMvdjEiXSwidHlwZSI6WyJWZXJpZmlhYmxlQ3JlZGVudGlhbF9KV1RfVkNfSlNPTi1MRCIsIlVuaXZlcnNpdHlEZWdyZWVDcmVkZW50aWFsX0pXVF9WQ19KU09OLUxEIl19LCJjcmVkZW50aWFsX21ldGFkYXRhIjp7ImRpc3BsYXkiOlt7Im5hbWUiOiJVbml2ZXJzaXR5IENyZWRlbnRpYWwiLCJsb2NhbGUiOiJlbi1VUyIsImxvZ28iOnsidXJpIjoiaHR0cHM6Ly9leGFtcGxldW5pdmVyc2l0eS5jb20vcHVibGljL2xvZ28ucG5nIiwiYWx0X3RleHQiOiJhIHNxdWFyZSBsb2dvIG9mIGEgdW5pdmVyc2l0eSJ9LCJiYWNrZ3JvdW5kX2NvbG9yIjoiIzEyMTA3YyIsInRleHRfY29sb3IiOiIjRkZGRkZGIn1dLCJjbGFpbXMiOlt7InBhdGgiOlsiZ2l2ZW5fbmFtZSJdLCJkaXNwbGF5IjpbeyJuYW1lIjoiR2l2ZW4gTmFtZSIsImxvY2FsZSI6ImVuLVVTIn1dfSx7InBhdGgiOlsiZmFtaWx5X25hbWUiXSwiZGlzcGxheSI6W3sibmFtZSI6IlN1cm5hbWUiLCJsb2NhbGUiOiJlbi1VUyJ9XX0seyJwYXRoIjpbImRlZ3JlZSJdfSx7InBhdGgiOlsiZ3BhIl0sImRpc3BsYXkiOlt7Im5hbWUiOiJuYW1lIiwibG9jYWxlIjoiR1BBIn1dfV19fX0sIm5vbmNlX2VuZHBvaW50IjoiaHR0cHM6Ly9jcmVkZW50aWFsLWlzc3Vlci5leGFtcGxlLmNvbS9zaWduZWQvbm9uY2UiLCJjcmVkZW50aWFsX2lzc3VlciI6Imh0dHBzOi8vY3JlZGVudGlhbC1pc3N1ZXIuZXhhbXBsZS5jb20iLCJjcmVkZW50aWFsX3Jlc3BvbnNlX2VuY3J5cHRpb24iOnsiYWxnX3ZhbHVlc19zdXBwb3J0ZWQiOlsiUlNBLU9BRVAtMjU2Il0sImVuY192YWx1ZXNfc3VwcG9ydGVkIjpbIlhDMjBQIl0sImVuY3J5cHRpb25fcmVxdWlyZWQiOnRydWV9LCJub3RpZmljYXRpb25fZW5kcG9pbnQiOiJodHRwczovL2NyZWRlbnRpYWwtaXNzdWVyLmV4YW1wbGUuY29tL3NpZ25lZC9ub3RpZmljYXRpb24iLCJpYXQiOjE3NDEyNjExMDUsImRlZmVycmVkX2NyZWRlbnRpYWxfZW5kcG9pbnQiOiJodHRwczovL2NyZWRlbnRpYWwtaXNzdWVyLmV4YW1wbGUuY29tL3NpZ25lZC9jcmVkZW50aWFscy9kZWZlcnJlZCIsImF1dGhvcml6YXRpb25fc2VydmVycyI6WyJodHRwczovL2tleWNsb2FrLWV1ZGkubmV0Y29tcGFueS1pbnRyYXNvZnQuY29tL3JlYWxtcy9waWQtaXNzdWVyLXJlYWxtIl0sImNyZWRlbnRpYWxfZW5kcG9pbnQiOiJodHRwczovL2NyZWRlbnRpYWwtaXNzdWVyLmV4YW1wbGUuY29tL3NpZ25lZC9jcmVkZW50aWFscyJ9.dStrn21f2NMbYz68HpZzoKoynN4d2smmjwU53l8qpGYCfxyQA_895TYZI9y9bOPOyng_MVEZCkdlv-ls1X4u3A \ No newline at end of file diff --git a/src/test/resources/well-known/openid-credential-issuer_attestation_proof_supported.json b/src/test/resources/well-known/openid-credential-issuer_attestation_proof_supported.json index 6d58c04b..a892219c 100644 --- a/src/test/resources/well-known/openid-credential-issuer_attestation_proof_supported.json +++ b/src/test/resources/well-known/openid-credential-issuer_attestation_proof_supported.json @@ -104,7 +104,7 @@ "jwk" ], "credential_signing_alg_values_supported": [ - "RS256" + -257 ], "proof_types_supported": { "jwt": { @@ -178,7 +178,7 @@ "jwk" ], "credential_signing_alg_values_supported": [ - "RS256" + -257 ], "proof_types_supported": { "jwt": { @@ -327,9 +327,9 @@ "scope": "MobileDrivingLicense_msoMdoc", "doctype": "org.iso.18013.5.1.mDL", "credential_signing_alg_values_supported": [ - "ES256", - "ES384", - "ES512" + -7, + -35, + -36 ], "credential_metadata": { "display": [ diff --git a/src/test/resources/well-known/openid-credential-issuer_contains_invalid_configuration.json b/src/test/resources/well-known/openid-credential-issuer_contains_invalid_configuration.json index ae5c81ae..3acba0ff 100644 --- a/src/test/resources/well-known/openid-credential-issuer_contains_invalid_configuration.json +++ b/src/test/resources/well-known/openid-credential-issuer_contains_invalid_configuration.json @@ -109,7 +109,7 @@ "jwk" ], "credential_signing_alg_values_supported": [ - "RS256" + -257 ], "proof_types_supported": { "jwt": { @@ -183,7 +183,7 @@ "jwk" ], "credential_signing_alg_values_supported": [ - "RS256" + -257 ], "proof_types_supported": { "jwt": { diff --git a/src/test/resources/well-known/openid-credential-issuer_encrypted_requests_only.json b/src/test/resources/well-known/openid-credential-issuer_encrypted_requests_only.json index 0b02124d..82904a4c 100644 --- a/src/test/resources/well-known/openid-credential-issuer_encrypted_requests_only.json +++ b/src/test/resources/well-known/openid-credential-issuer_encrypted_requests_only.json @@ -99,7 +99,7 @@ "jwk" ], "credential_signing_alg_values_supported": [ - "RS256" + -257 ], "proof_types_supported": { "jwt": { @@ -161,7 +161,7 @@ "jwk" ], "credential_signing_alg_values_supported": [ - "RS256" + -257 ], "proof_types_supported": { "jwt": { @@ -290,9 +290,9 @@ "scope": "MobileDrivingLicense_msoMdoc", "doctype": "org.iso.18013.5.1.mDL", "credential_signing_alg_values_supported": [ - "ES256", - "ES384", - "ES512" + -7, + -35, + -36 ], "credential_metadata": { "display": [ diff --git a/src/test/resources/well-known/openid-credential-issuer_encrypted_responses.json b/src/test/resources/well-known/openid-credential-issuer_encrypted_responses.json index 97cf1a10..44f9a509 100644 --- a/src/test/resources/well-known/openid-credential-issuer_encrypted_responses.json +++ b/src/test/resources/well-known/openid-credential-issuer_encrypted_responses.json @@ -109,7 +109,7 @@ "jwk" ], "credential_signing_alg_values_supported": [ - "RS256" + -257 ], "proof_types_supported": { "jwt": { @@ -171,7 +171,7 @@ "jwk" ], "credential_signing_alg_values_supported": [ - "RS256" + -257 ], "proof_types_supported": { "jwt": { @@ -300,9 +300,9 @@ "scope": "MobileDrivingLicense_msoMdoc", "doctype": "org.iso.18013.5.1.mDL", "credential_signing_alg_values_supported": [ - "ES256", - "ES384", - "ES512" + -7, + -35, + -36 ], "credential_metadata": { "display": [ diff --git a/src/test/resources/well-known/openid-credential-issuer_encryption_not_required.json b/src/test/resources/well-known/openid-credential-issuer_encryption_not_required.json index f67daffd..894f8eb1 100644 --- a/src/test/resources/well-known/openid-credential-issuer_encryption_not_required.json +++ b/src/test/resources/well-known/openid-credential-issuer_encryption_not_required.json @@ -109,7 +109,7 @@ "jwk" ], "credential_signing_alg_values_supported": [ - "RS256" + -257 ], "proof_types_supported": { "jwt": { @@ -171,7 +171,7 @@ "jwk" ], "credential_signing_alg_values_supported": [ - "RS256" + -257 ], "proof_types_supported": { "jwt": { @@ -300,9 +300,9 @@ "scope": "MobileDrivingLicense_msoMdoc", "doctype": "org.iso.18013.5.1.mDL", "credential_signing_alg_values_supported": [ - "ES256", - "ES384", - "ES512" + -7, + -35, + -36 ], "credential_metadata": { "display": [ diff --git a/src/test/resources/well-known/openid-credential-issuer_encryption_not_supported.json b/src/test/resources/well-known/openid-credential-issuer_encryption_not_supported.json index cb3a60af..ac1f5d01 100644 --- a/src/test/resources/well-known/openid-credential-issuer_encryption_not_supported.json +++ b/src/test/resources/well-known/openid-credential-issuer_encryption_not_supported.json @@ -76,7 +76,7 @@ "jwk" ], "credential_signing_alg_values_supported": [ - "RS256" + -257 ], "proof_types_supported": { "jwt": { @@ -138,7 +138,7 @@ "jwk" ], "credential_signing_alg_values_supported": [ - "RS256" + -257 ], "proof_types_supported": { "jwt": { @@ -267,9 +267,9 @@ "scope": "MobileDrivingLicense_msoMdoc", "doctype": "org.iso.18013.5.1.mDL", "credential_signing_alg_values_supported": [ - "ES256", - "ES384", - "ES512" + -7, + -35, + -36 ], "credential_metadata": { "display": [ diff --git a/src/test/resources/well-known/openid-credential-issuer_key_attestation_required.json b/src/test/resources/well-known/openid-credential-issuer_key_attestation_required.json index 91d09872..38050912 100644 --- a/src/test/resources/well-known/openid-credential-issuer_key_attestation_required.json +++ b/src/test/resources/well-known/openid-credential-issuer_key_attestation_required.json @@ -90,7 +90,7 @@ "jwk" ], "credential_signing_alg_values_supported": [ - "RS256" + -257 ], "proof_types_supported": { "jwt": { @@ -164,7 +164,7 @@ "jwk" ], "credential_signing_alg_values_supported": [ - "RS256" + -257 ], "proof_types_supported": { "jwt": { @@ -313,9 +313,9 @@ "scope": "MobileDrivingLicense_msoMdoc", "doctype": "org.iso.18013.5.1.mDL", "credential_signing_alg_values_supported": [ - "ES256", - "ES384", - "ES512" + -7, + -35, + -36 ], "credential_metadata": { "display": [ diff --git a/src/test/resources/well-known/openid-credential-issuer_no_nonce_endpoint.json b/src/test/resources/well-known/openid-credential-issuer_no_nonce_endpoint.json index 6bab1ed7..df481c7a 100644 --- a/src/test/resources/well-known/openid-credential-issuer_no_nonce_endpoint.json +++ b/src/test/resources/well-known/openid-credential-issuer_no_nonce_endpoint.json @@ -75,7 +75,7 @@ "jwk" ], "credential_signing_alg_values_supported": [ - "RS256" + -257 ], "proof_types_supported": { "jwt": { @@ -137,7 +137,7 @@ "jwk" ], "credential_signing_alg_values_supported": [ - "RS256" + -257 ], "proof_types_supported": { "jwt": { @@ -266,9 +266,9 @@ "scope": "MobileDrivingLicense_msoMdoc", "doctype": "org.iso.18013.5.1.mDL", "credential_signing_alg_values_supported": [ - "ES256", - "ES384", - "ES512" + -7, + -35, + -36 ], "credential_metadata": { "display": [ diff --git a/src/test/resources/well-known/openid-credential-issuer_no_scopes.json b/src/test/resources/well-known/openid-credential-issuer_no_scopes.json index 50a3d390..c86cedb4 100644 --- a/src/test/resources/well-known/openid-credential-issuer_no_scopes.json +++ b/src/test/resources/well-known/openid-credential-issuer_no_scopes.json @@ -75,7 +75,7 @@ "jwk" ], "credential_signing_alg_values_supported": [ - "RS256" + -257 ], "proof_types_supported": { "jwt": { @@ -136,7 +136,7 @@ "jwk" ], "credential_signing_alg_values_supported": [ - "RS256" + -257 ], "proof_types_supported": { "jwt": { @@ -264,9 +264,9 @@ "format": "mso_mdoc", "doctype": "org.iso.18013.5.1.mDL", "credential_signing_alg_values_supported": [ - "ES256", - "ES384", - "ES512" + -7, + -35, + -36 ], "credential_metadata": { "display": [ From 8de7451c4ee5bbdb4844bb36a8ccb0b6e83eab80 Mon Sep 17 00:00:00 2001 From: Dimitris ZARRAS Date: Wed, 21 Jan 2026 17:49:19 +0200 Subject: [PATCH 2/3] Update handling of `credential_signing_alg_values_supported` --- .../openid4vci/CredentialConfiguration.kt | 49 ++++++++++++++++--- .../eu/europa/ec/eudi/openid4vci/Types.kt | 17 ------- .../CredentialIssuerMetadataJsonParser.kt | 11 ++--- .../eu/europa/ec/eudi/openid4vci/MockData.kt | 8 +-- 4 files changed, 51 insertions(+), 34 deletions(-) diff --git a/src/main/kotlin/eu/europa/ec/eudi/openid4vci/CredentialConfiguration.kt b/src/main/kotlin/eu/europa/ec/eudi/openid4vci/CredentialConfiguration.kt index 542e9da5..acc03471 100644 --- a/src/main/kotlin/eu/europa/ec/eudi/openid4vci/CredentialConfiguration.kt +++ b/src/main/kotlin/eu/europa/ec/eudi/openid4vci/CredentialConfiguration.kt @@ -185,13 +185,15 @@ data class CredentialMetadata( val claims: List? = emptyList(), ) +sealed interface Algorithm : Serializable + /** * Credentials supported by an Issuer. */ sealed interface CredentialConfiguration : Serializable { val scope: String? val cryptographicBindingMethodsSupported: List - val credentialSigningAlgorithmsSupported: List + val credentialSigningAlgorithmsSupported: List val proofTypesSupported: ProofTypesSupported val credentialMetadata: CredentialMetadata? } @@ -217,22 +219,45 @@ data class Claim( ) : Serializable } +/** + * COSE Algorithm value. + * + * @see CBOR Object Signing and Encryption (COSE) + */ +@JvmInline +value class CoseAlgorithm(val value: Int) : Algorithm { + override fun toString(): String = value.toString() +} + /** * The data of a Verifiable Credentials issued as an ISO MDOC. */ data class MsoMdocCredential( override val scope: String? = null, override val cryptographicBindingMethodsSupported: List = emptyList(), - override val credentialSigningAlgorithmsSupported: List = emptyList(), + override val credentialSigningAlgorithmsSupported: List = emptyList(), override val proofTypesSupported: ProofTypesSupported = ProofTypesSupported.Empty, override val credentialMetadata: CredentialMetadata?, val docType: String, ) : CredentialConfiguration +/** + * JWS Algorithm Name + * + * @see JSON Object Signing and Encryption (JOSE) + */ +@JvmInline +value class JwsAlgorithm(val name: String) : Algorithm { + override fun toString(): String = name +} + +/** + * The data of a Verifiable Credentials issued as an SD-JWT VC. + */ data class SdJwtVcCredential( override val scope: String? = null, override val cryptographicBindingMethodsSupported: List = emptyList(), - override val credentialSigningAlgorithmsSupported: List = emptyList(), + override val credentialSigningAlgorithmsSupported: List = emptyList(), override val proofTypesSupported: ProofTypesSupported = ProofTypesSupported.Empty, override val credentialMetadata: CredentialMetadata?, val type: String, @@ -244,12 +269,22 @@ data class W3CJsonLdCredentialDefinition( ) /** - * The data of a W3C Verifiable Credential issued as using Data Integrity and JSON-LD. + * Linked Data Algorithm Identifier + * + * @see Linked Data Cryptographic Suite Registry + */ +@JvmInline +value class LinkedDataAlgorithm(val identifier: String) : Algorithm { + override fun toString(): String = identifier +} + +/** + * The data of a W3C Verifiable Credential issued using Data Integrity and JSON-LD. */ data class W3CJsonLdDataIntegrityCredential( override val scope: String? = null, override val cryptographicBindingMethodsSupported: List = emptyList(), - override val credentialSigningAlgorithmsSupported: List = emptyList(), + override val credentialSigningAlgorithmsSupported: List = emptyList(), override val proofTypesSupported: ProofTypesSupported = ProofTypesSupported.Empty, override val credentialMetadata: CredentialMetadata?, val credentialDefinition: W3CJsonLdCredentialDefinition, @@ -261,7 +296,7 @@ data class W3CJsonLdDataIntegrityCredential( data class W3CJsonLdSignedJwtCredential( override val scope: String? = null, override val cryptographicBindingMethodsSupported: List = emptyList(), - override val credentialSigningAlgorithmsSupported: List = emptyList(), + override val credentialSigningAlgorithmsSupported: List = emptyList(), override val proofTypesSupported: ProofTypesSupported = ProofTypesSupported.Empty, override val credentialMetadata: CredentialMetadata?, val credentialDefinition: W3CJsonLdCredentialDefinition, @@ -273,7 +308,7 @@ data class W3CJsonLdSignedJwtCredential( data class W3CSignedJwtCredential( override val scope: String? = null, override val cryptographicBindingMethodsSupported: List = emptyList(), - override val credentialSigningAlgorithmsSupported: List = emptyList(), + override val credentialSigningAlgorithmsSupported: List = emptyList(), override val proofTypesSupported: ProofTypesSupported = ProofTypesSupported.Empty, override val credentialMetadata: CredentialMetadata?, val credentialDefinition: CredentialDefinition, diff --git a/src/main/kotlin/eu/europa/ec/eudi/openid4vci/Types.kt b/src/main/kotlin/eu/europa/ec/eudi/openid4vci/Types.kt index fa6dab90..9062faea 100644 --- a/src/main/kotlin/eu/europa/ec/eudi/openid4vci/Types.kt +++ b/src/main/kotlin/eu/europa/ec/eudi/openid4vci/Types.kt @@ -343,23 +343,6 @@ val CIAuthorizationServerMetadata.clientAttestationPOPJWSAlgs: List = mapOf( - ES256 to "ES256", - ES384 to "ES384", - ES512 to "ES512", - ) - } -} - -internal fun CoseAlgorithm.name(): String? = CoseAlgorithm.Names[this] - /** * Nonce (single use) value provided either by the Authorization or Resource server. */ diff --git a/src/main/kotlin/eu/europa/ec/eudi/openid4vci/internal/http/CredentialIssuerMetadataJsonParser.kt b/src/main/kotlin/eu/europa/ec/eudi/openid4vci/internal/http/CredentialIssuerMetadataJsonParser.kt index 3d04ea35..feaa27d0 100644 --- a/src/main/kotlin/eu/europa/ec/eudi/openid4vci/internal/http/CredentialIssuerMetadataJsonParser.kt +++ b/src/main/kotlin/eu/europa/ec/eudi/openid4vci/internal/http/CredentialIssuerMetadataJsonParser.kt @@ -111,8 +111,7 @@ private data class MsdMdocCredentialTO( .map { cryptographicBindingMethodOf(it) } val proofTypesSupported = proofTypesSupported.toProofTypes() - val cryptographicSuitesSupported = credentialSigningAlgorithmsSupported.orEmpty() - .mapNotNull { CoseAlgorithm(it).name() } + val cryptographicSuitesSupported = credentialSigningAlgorithmsSupported.orEmpty().map { CoseAlgorithm(it) } if (bindingMethods.isNotEmpty()) { require(proofTypesSupported.values.isNotEmpty()) { @@ -159,7 +158,7 @@ private data class SdJwtVcCredentialTO( .map { cryptographicBindingMethodOf(it) } val proofTypesSupported = proofTypesSupported.toProofTypes() - val cryptographicSuitesSupported = credentialSigningAlgorithmsSupported.orEmpty() + val cryptographicSuitesSupported = credentialSigningAlgorithmsSupported.orEmpty().map { JwsAlgorithm(it) } if (bindingMethods.isNotEmpty()) { require(proofTypesSupported.values.isNotEmpty()) { @@ -220,7 +219,7 @@ private data class W3CJsonLdDataIntegrityCredentialTO( val bindingMethods = cryptographicBindingMethodsSupported.orEmpty() .map { cryptographicBindingMethodOf(it) } val proofTypesSupported = proofTypesSupported.toProofTypes() - val cryptographicSuitesSupported = credentialSigningAlgorithmsSupported.orEmpty() + val cryptographicSuitesSupported = credentialSigningAlgorithmsSupported.orEmpty().map { LinkedDataAlgorithm(it) } if (bindingMethods.isNotEmpty()) { require(proofTypesSupported.values.isNotEmpty()) { @@ -270,7 +269,7 @@ private data class W3CJsonLdSignedJwtCredentialTO( .map { cryptographicBindingMethodOf(it) } val proofTypesSupported = proofTypesSupported.toProofTypes() - val cryptographicSuitesSupported = credentialSigningAlgorithmsSupported.orEmpty() + val cryptographicSuitesSupported = credentialSigningAlgorithmsSupported.orEmpty().map { LinkedDataAlgorithm(it) } if (bindingMethods.isNotEmpty()) { require(proofTypesSupported.values.isNotEmpty()) { @@ -331,7 +330,7 @@ private data class W3CSignedJwtCredentialTO( .map { cryptographicBindingMethodOf(it) } val proofTypesSupported = proofTypesSupported.toProofTypes() - val cryptographicSuitesSupported = credentialSigningAlgorithmsSupported.orEmpty() + val cryptographicSuitesSupported = credentialSigningAlgorithmsSupported.orEmpty().map { JwsAlgorithm(it) } if (bindingMethods.isNotEmpty()) { require(proofTypesSupported.values.isNotEmpty()) { diff --git a/src/test/kotlin/eu/europa/ec/eudi/openid4vci/MockData.kt b/src/test/kotlin/eu/europa/ec/eudi/openid4vci/MockData.kt index c9f226a1..ae5d1473 100644 --- a/src/test/kotlin/eu/europa/ec/eudi/openid4vci/MockData.kt +++ b/src/test/kotlin/eu/europa/ec/eudi/openid4vci/MockData.kt @@ -65,7 +65,7 @@ internal fun CredentialIssuerId.metaDataUrl() = HttpsUrl( internal fun universityDegreeJwt() = W3CSignedJwtCredential( "UniversityDegree_JWT", listOf(CryptographicBindingMethod.DID("did:example")), - listOf("ES256K"), + listOf(JwsAlgorithm("ES256K")), ProofTypesSupported( setOf( ProofTypeMeta.Jwt( @@ -122,7 +122,7 @@ internal fun universityDegreeJwt() = W3CSignedJwtCredential( internal fun universityDegreeLdpVc() = W3CJsonLdDataIntegrityCredential( "UniversityDegree_LDP_VC", listOf(CryptographicBindingMethod.DID("did:example")), - listOf("Ed25519Signature2018"), + listOf(LinkedDataAlgorithm("Ed25519Signature2018")), ProofTypesSupported( setOf( ProofTypeMeta.Jwt( @@ -183,7 +183,7 @@ internal fun universityDegreeLdpVc() = W3CJsonLdDataIntegrityCredential( internal fun universityDegreeJwtVcJsonLD() = W3CJsonLdSignedJwtCredential( "UniversityDegree_JWT_VC_JSON-LD", listOf(CryptographicBindingMethod.DID("did:example")), - listOf("Ed25519Signature2018"), + listOf(LinkedDataAlgorithm("Ed25519Signature2018")), ProofTypesSupported( setOf( ProofTypeMeta.Jwt( @@ -247,7 +247,7 @@ internal fun universityDegreeJwtVcJsonLD() = W3CJsonLdSignedJwtCredential( internal fun mobileDrivingLicense() = MsoMdocCredential( "MobileDrivingLicense_msoMdoc", emptyList(), - listOf("ES256", "ES384", "ES512"), + listOf(CoseAlgorithm(-7), CoseAlgorithm(-35), CoseAlgorithm(-36)), ProofTypesSupported.Empty, CredentialMetadata( listOf( From 1548cd1ec6bb37fa2da0aeaabc3e928e22f9e2dd Mon Sep 17 00:00:00 2001 From: Dimitris ZARRAS Date: Thu, 22 Jan 2026 10:45:24 +0200 Subject: [PATCH 3/3] Remove Algorithm --- .../openid4vci/CredentialConfiguration.kt | 19 ++++++++----------- 1 file changed, 8 insertions(+), 11 deletions(-) diff --git a/src/main/kotlin/eu/europa/ec/eudi/openid4vci/CredentialConfiguration.kt b/src/main/kotlin/eu/europa/ec/eudi/openid4vci/CredentialConfiguration.kt index acc03471..fc522fa8 100644 --- a/src/main/kotlin/eu/europa/ec/eudi/openid4vci/CredentialConfiguration.kt +++ b/src/main/kotlin/eu/europa/ec/eudi/openid4vci/CredentialConfiguration.kt @@ -185,15 +185,12 @@ data class CredentialMetadata( val claims: List? = emptyList(), ) -sealed interface Algorithm : Serializable - /** * Credentials supported by an Issuer. */ sealed interface CredentialConfiguration : Serializable { val scope: String? val cryptographicBindingMethodsSupported: List - val credentialSigningAlgorithmsSupported: List val proofTypesSupported: ProofTypesSupported val credentialMetadata: CredentialMetadata? } @@ -225,7 +222,7 @@ data class Claim( * @see CBOR Object Signing and Encryption (COSE) */ @JvmInline -value class CoseAlgorithm(val value: Int) : Algorithm { +value class CoseAlgorithm(val value: Int) : Serializable { override fun toString(): String = value.toString() } @@ -235,7 +232,7 @@ value class CoseAlgorithm(val value: Int) : Algorithm { data class MsoMdocCredential( override val scope: String? = null, override val cryptographicBindingMethodsSupported: List = emptyList(), - override val credentialSigningAlgorithmsSupported: List = emptyList(), + val credentialSigningAlgorithmsSupported: List = emptyList(), override val proofTypesSupported: ProofTypesSupported = ProofTypesSupported.Empty, override val credentialMetadata: CredentialMetadata?, val docType: String, @@ -247,7 +244,7 @@ data class MsoMdocCredential( * @see JSON Object Signing and Encryption (JOSE) */ @JvmInline -value class JwsAlgorithm(val name: String) : Algorithm { +value class JwsAlgorithm(val name: String) : Serializable { override fun toString(): String = name } @@ -257,7 +254,7 @@ value class JwsAlgorithm(val name: String) : Algorithm { data class SdJwtVcCredential( override val scope: String? = null, override val cryptographicBindingMethodsSupported: List = emptyList(), - override val credentialSigningAlgorithmsSupported: List = emptyList(), + val credentialSigningAlgorithmsSupported: List = emptyList(), override val proofTypesSupported: ProofTypesSupported = ProofTypesSupported.Empty, override val credentialMetadata: CredentialMetadata?, val type: String, @@ -274,7 +271,7 @@ data class W3CJsonLdCredentialDefinition( * @see Linked Data Cryptographic Suite Registry */ @JvmInline -value class LinkedDataAlgorithm(val identifier: String) : Algorithm { +value class LinkedDataAlgorithm(val identifier: String) : Serializable { override fun toString(): String = identifier } @@ -284,7 +281,7 @@ value class LinkedDataAlgorithm(val identifier: String) : Algorithm { data class W3CJsonLdDataIntegrityCredential( override val scope: String? = null, override val cryptographicBindingMethodsSupported: List = emptyList(), - override val credentialSigningAlgorithmsSupported: List = emptyList(), + val credentialSigningAlgorithmsSupported: List = emptyList(), override val proofTypesSupported: ProofTypesSupported = ProofTypesSupported.Empty, override val credentialMetadata: CredentialMetadata?, val credentialDefinition: W3CJsonLdCredentialDefinition, @@ -296,7 +293,7 @@ data class W3CJsonLdDataIntegrityCredential( data class W3CJsonLdSignedJwtCredential( override val scope: String? = null, override val cryptographicBindingMethodsSupported: List = emptyList(), - override val credentialSigningAlgorithmsSupported: List = emptyList(), + val credentialSigningAlgorithmsSupported: List = emptyList(), override val proofTypesSupported: ProofTypesSupported = ProofTypesSupported.Empty, override val credentialMetadata: CredentialMetadata?, val credentialDefinition: W3CJsonLdCredentialDefinition, @@ -308,7 +305,7 @@ data class W3CJsonLdSignedJwtCredential( data class W3CSignedJwtCredential( override val scope: String? = null, override val cryptographicBindingMethodsSupported: List = emptyList(), - override val credentialSigningAlgorithmsSupported: List = emptyList(), + val credentialSigningAlgorithmsSupported: List = emptyList(), override val proofTypesSupported: ProofTypesSupported = ProofTypesSupported.Empty, override val credentialMetadata: CredentialMetadata?, val credentialDefinition: CredentialDefinition,