Migrate iOS library & showcase app

Author: timothee-haudebourg

ios/MobileSdk/Sources/MobileSdk/KeyManager.swift

@@ -53,10 +53,10 @@ public class KeyManager: NSObject, SpruceIDMobileSdkRs.KeyStore, ObservableObjec
 
     public func getSigningKey(alias: SpruceIDMobileSdkRs.KeyAlias) throws -> any SpruceIDMobileSdkRs
         .SigningKey {
-        guard let jwkString = Self.getJwk(id: alias) else {
+        guard let jwk = Self.getJwk(id: alias) else {
             throw KeyManError.missing
         }
-        return P256SigningKey(alias: alias, jwkString: jwkString)
+            return P256SigningKey(alias: alias, jwkString: jwk.description)
     }
 
     /**
@@ -156,9 +156,9 @@ public class KeyManager: NSObject, SpruceIDMobileSdkRs.KeyStore, ObservableObjec
     }
 
     /**
-     * Returns a JWK for a particular secret key by key id.
+     * Returns a JWK for a particular sec
      */
-    public static func getJwk(id: String, accessGroup: String? = nil) -> String? {
+    public static func getJwk(id: String, accessGroup: String? = nil) -> Jwk? {
         guard let key = getSecretKey(id: id, accessGroup: accessGroup) else { return nil }
 
         guard let publicKey = SecKeyCopyPublicKey(key) else {
@@ -174,22 +174,20 @@ public class KeyManager: NSObject, SpruceIDMobileSdkRs.KeyStore, ObservableObjec
         let xDataRaw: Data = fullData.subdata(in: 0..<32)
         let yDataRaw: Data = fullData.subdata(in: 32..<64)
 
-        let xCoordinate = xDataRaw.base64EncodedUrlSafe
-        let yCoordinate = yDataRaw.base64EncodedUrlSafe
-
-        let jsonObject: [String: Any] = [
-            "kty": "EC",
-            "crv": "P-256",
-            "alg": "ES256",
-            "x": xCoordinate,
-            "y": yCoordinate
-        ]
-
-        guard let jsonData = try? JSONSerialization.data(withJSONObject: jsonObject, options: [])
-        else { return nil }
-        let jsonString = String(data: jsonData, encoding: String.Encoding.ascii)!
+        return jwkFromPublicP256(x: xDataRaw, y: yDataRaw)
+    }
+        
+    /**
+     * Returns the public key of the given key pair as a JWK.
+     *
+     * Creates the key if it doesn't exist.
+     */
+    public static func getOrInsertJwk(id: String) -> Jwk {
+        if !KeyManager.keyExists(id: id) {
+            _ = KeyManager.generateSigningKey(id: id)
+        }
 
-        return jsonString
+        return KeyManager.getJwk(id: id)!
     }
 
     /**

ios/Showcase/Targets/App/Sources/App.swift

@@ -9,3 +9,4 @@ struct AppApp: App {
         }
     }
 }
+

ios/Showcase/Targets/AppUIKit/Sources/dataStores/HacApplicationObservable.swift

@@ -55,7 +55,7 @@ class HacApplicationObservable: ObservableObject {
         if !KeyManager.keyExists(id: DEFAULT_SIGNING_KEY_ID) {
             _ = KeyManager.generateSigningKey(id: DEFAULT_SIGNING_KEY_ID)
         }
-        return KeyManager.getJwk(id: DEFAULT_SIGNING_KEY_ID)
+        return KeyManager.getJwk(id: DEFAULT_SIGNING_KEY_ID)?.description
     }
 
     @MainActor func getNonce() async -> String? {

ios/Showcase/Targets/AppUIKit/Sources/wallet/HandleOID4VCIView.swift

@@ -26,64 +26,64 @@ struct HandleOID4VCIView: View {
 
     func getCredential(credentialOffer: String) {
         loading = true
-        let client = Oid4vciAsyncHttpClient()
-        let oid4vciSession = Oid4vci.newWithAsyncClient(client: client)
+        
+        // Setup HTTP client.
+        let httpClient = Oid4vciAsyncHttpClient()
+        
+        // Setup signer.
+        let jwk = KeyManager.getOrInsertJwk(id: DEFAULT_SIGNING_KEY_ID)
+        let didUrl = generateDidJwkUrl(jwk: jwk)
+        jwk.setKid(kid: didUrl.description)
+        let signer = KeyManagerJwkSigner(id: DEFAULT_SIGNING_KEY_ID, jwk: jwk)
+        
+        let clientId = didUrl.did().description
+        let oid4vciClient = Oid4vciClient(clientId: clientId)
+
         Task {
             do {
-                try await oid4vciSession.initiateWithOffer(
-                    credentialOffer: credentialOffer,
-                    clientId: "skit-demo-wallet",
-                    redirectUrl: "https://spruceid.com"
-                )
-
-                let nonce = try await oid4vciSession.exchangeToken()
-
-                let metadata = try oid4vciSession.getMetadata()
-
-                if !KeyManager.keyExists(id: DEFAULT_SIGNING_KEY_ID) {
-                    _ = KeyManager.generateSigningKey(
-                        id: DEFAULT_SIGNING_KEY_ID
-                    )
+                let offerUrl = if url.starts(with: "openid-credential-offer://") {
+                    url
+                } else {
+                    "openid-credential-offer://\(url)"
                 }
-
-                let jwk = KeyManager.getJwk(id: DEFAULT_SIGNING_KEY_ID)
-
-                let signingInput =
-                    try await SpruceIDMobileSdkRs.generatePopPrepare(
-                        audience: metadata.issuer(),
-                        nonce: nonce,
-                        didMethod: .jwk,
-                        publicJwk: jwk!,
-                        durationInSecs: nil
-                    )
-
-                let signature = KeyManager.signPayload(
-                    id: DEFAULT_SIGNING_KEY_ID,
-                    payload: [UInt8](signingInput)
-                )
-
-                let pop = try SpruceIDMobileSdkRs.generatePopComplete(
-                    signingInput: signingInput,
-                    signatureDer: Data(signature!)
-                )
-
-                try oid4vciSession.setContextMap(
-                    values: getVCPlaygroundOID4VCIContext()
-                )
-
-                self.credentialPack = CredentialPack()
-                let credentials = try await oid4vciSession.exchangeCredential(
-                    proofsOfPossession: [pop],
-                    options: Oid4vciExchangeOptions(verifyAfterExchange: false)
-                )
-
-                credentials.forEach {
-                    let cred = String(decoding: Data($0.payload), as: UTF8.self)
-                    self.credential = cred
+                
+                let credentialOffer = try await oid4vciClient.resolveOfferUrl(httpClient: httpClient, credentialOfferUrl: offerUrl)
+                let credentialIssuer = credentialOffer.credentialIssuer()
+                
+                let state = try await oid4vciClient.acceptOffer(httpClient: httpClient, credentialOffer: credentialOffer)
+                
+                switch state {
+                case .requiresAuthorizationCode(_):
+                    err = "Authorization Code Grant not supported"
+                case .requiresTxCode(_):
+                    err = "Transaction Code not supported"
+                case .ready(let credentialToken):
+                    let credentialId = try credentialToken.defaultCredentialId()
+                
+                    // Generate Proof of Possession.
+                    let nonce = try await credentialToken.getNonce(httpClient: httpClient)
+                    let jwt = try await createJwtProof(issuer: clientId, audience: credentialIssuer, expireInSecs: nil, nonce: nonce, signer: signer)
+                    let proofs = Proofs.jwt([jwt])
+                
+                    // Exchange token against credential.
+                    let response = try await oid4vciClient.exchangeCredential(httpClient: httpClient, token: credentialToken, credential: credentialId, proofs: proofs)
+                    
+                    switch response {
+                    case .deferred(_):
+                        err = "Deferred credentials not supported"
+                    case .immediate(let response):
+                        guard let rawCredential = response.credentials.first else {
+                            throw NSError(domain: "OID4VCI", code: 0, userInfo: [
+                                "CredentialOfferUrl": offerUrl,
+                                "CredentialIssuer": credentialIssuer
+                            ])
+                        }
+                        
+                        credential = String(decoding: Data(rawCredential.payload), as: UTF8.self)
+                        
+                        onSuccess?()
+                    }
                 }
-
-                onSuccess?()
-
             } catch {
                 err = error.localizedDescription
                 print(error)
@@ -119,6 +119,27 @@ struct HandleOID4VCIView: View {
     }
 }
 
+class KeyManagerJwkSigner: JwsSigner, @unchecked Sendable {
+    let id: String
+    let jwk: Jwk
+    
+    init(id: String, jwk: Jwk) {
+        self.id = id
+        self.jwk = jwk
+    }
+    
+    func fetchInfo() async throws -> JwsSignerInfo {
+        return try await jwk.fetchInfo()
+    }
+    
+    func signBytes(signingBytes: Data) async throws -> Data {
+        return try decodeDerSignature(signatureDer: Data(KeyManager.signPayload(
+            id: DEFAULT_SIGNING_KEY_ID,
+            payload: [UInt8](signingBytes)
+        )!))
+    }
+}
+
 func getVCPlaygroundOID4VCIContext() throws -> [String: String] {
     var context: [String: String] = [:]
 

ios/Showcase/Targets/AppUIKit/Sources/wallet/HandleOID4VPView.swift

@@ -28,7 +28,7 @@ class Signer: PresentationSigner {
             throw Oid4vpSignerError.illegalArgumentException(
                 reason: "Invalid kid")
         } else {
-            self._jwk = jwk!
+            self._jwk = jwk!.description
         }
     }