eudi-lib-jvm-openid4vci-kt/src/main/kotlin/eu/europa/ec/eudi/openid4vci/QueryForDeferredCredential.kt at 2f8fde61134a7824fa73872686b7175b52ccf461 · niscy-eudiw/eudi-lib-jvm-openid4vci-kt · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
/*
 * Copyright (c) 2023-2026 European Commission
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package eu.europa.ec.eudi.openid4vci

import eu.europa.ec.eudi.openid4vci.CredentialIssuanceError.IssuerDoesNotSupportDeferredIssuance
import eu.europa.ec.eudi.openid4vci.internal.RefreshAccessToken
import eu.europa.ec.eudi.openid4vci.internal.http.DeferredEndPointClient
import kotlin.time.Duration

sealed interface DeferredCredentialQueryOutcome : java.io.Serializable {

    data class Issued(
        val credentials: List<IssuedCredential>,
        val notificationId: NotificationId?,
    ) : DeferredCredentialQueryOutcome

    data class IssuancePending(
        val transactionId: TransactionId,
        val interval: Duration,
    ) : DeferredCredentialQueryOutcome {
        init {
            require(interval.isPositive()) { "interval must be positive" }
        }
    }

    data class Errored(
        val error: String,
        val errorDescription: String? = null,
    ) : DeferredCredentialQueryOutcome
}

/**
 * An interface for querying credential issuer deferred endpoint.
 */
fun interface QueryForDeferredCredential {

    /**
     * Given an authorized request submits a deferred credential request for an identifier of a Deferred Issuance transaction.
     *
     * @param transactionId The identifier of a Deferred Issuance transaction.
     * @return The result of the query and a possibly refreshed [AuthorizedRequest]
     */
    suspend fun AuthorizedRequest.queryForDeferredCredential(
        transactionId: TransactionId,
    ): Result<AuthorizedRequestAnd<DeferredCredentialQueryOutcome>>

    companion object {
        /**
         * An implementation that fails
         * To be used in case credential issuer doesn't advertise a deferred endpoint
         */
        val NotSupported: QueryForDeferredCredential =
            QueryForDeferredCredential { Result.failure(IssuerDoesNotSupportDeferredIssuance()) }

        /**
         * Factory method that produces a [QueryForDeferredCredential]
         * that is capable of refreshing the access_token if needed, and if possible.
         *
         * @param refreshAccessToken the ability to refresh the [AuthorizedRequest]
         * @param deferredEndPointClient client of the deferred endpoint
         * @param exchangeEncryptionSpecification encryption specifications for encrypted request and response
         * that has been sent to the credential issuer
         */
        internal operator fun invoke(
            refreshAccessToken: RefreshAccessToken,
            deferredEndPointClient: DeferredEndPointClient,
            exchangeEncryptionSpecification: ExchangeEncryptionSpecification,
        ): QueryForDeferredCredential = object : QueryForDeferredCredential {

            override suspend fun AuthorizedRequest.queryForDeferredCredential(
                transactionId: TransactionId,
            ): Result<AuthorizedRequestAnd<DeferredCredentialQueryOutcome>> = runCatchingCancellable {
                val refreshed = refreshIfNeeded(this)
                val (outcome, newResourceServerDpopNonce) = placeDeferredCredentialRequest(refreshed, transactionId)
                refreshed.withResourceServerDpopNonce(newResourceServerDpopNonce) to outcome
            }

            private suspend fun refreshIfNeeded(authorizedRequest: AuthorizedRequest): AuthorizedRequest =
                with(refreshAccessToken) {
                    authorizedRequest.refreshIfNeeded().getOrThrow()
                }

            private suspend fun placeDeferredCredentialRequest(
                authorizedRequest: AuthorizedRequest,
                transactionId: TransactionId,
            ): Pair<DeferredCredentialQueryOutcome, Nonce?> =
                deferredEndPointClient.placeDeferredCredentialRequest(
                    authorizedRequest.accessToken,
                    authorizedRequest.resourceServerDpopNonce,
                    transactionId,
                    exchangeEncryptionSpecification,
                ).getOrThrow()
        }
    }
}