Merge branch 'main' into SessionEstablishment

Author: Thomas-Roehlich-esatus

src/WalletFramework.MdocLib/DocType.cs

@@ -6,7 +6,7 @@
 
 namespace WalletFramework.MdocLib;
 
-public readonly struct DocType
+public readonly record struct DocType
 {
     private string Value { get; }
 

src/WalletFramework.Oid4Vc/DependencyInjection/ServiceCollectionExtensions.cs

@@ -33,7 +33,6 @@
 using WalletFramework.Oid4Vc.RelyingPartyAuthentication.Implementations;
 using WalletFramework.SdJwtVc;
 using WalletFramework.SdJwtVc.Services;
-using IRpRegistrarService = WalletFramework.Oid4Vc.RelyingPartyAuthentication.Implementations.IRpRegistrarService;
 
 namespace WalletFramework.Oid4Vc.DependencyInjection;
 
@@ -47,15 +46,20 @@ public static IServiceCollection AddOpenIdServices(this IServiceCollection build
     {
         builder.AddSingleton<IAesGcmEncryption, AesGcmEncryption>();
         builder.AddSingleton<IAuthFlowSessionStorage, AuthFlowSessionStorage>();
-        builder.AddSingleton<IAuthorizationResponseEncryptionService, AuthorizationResponseEncryptionService>();
         builder.AddSingleton<IAuthorizationRequestService, AuthorizationRequestService>();
+        builder.AddSingleton<IAuthorizationResponseEncryptionService, AuthorizationResponseEncryptionService>();
+        builder.AddSingleton<IVerifierKeyService, VerifierKeyService>();
+        builder.AddSingleton<ICandidateQueryService, CandidateQueryService>();
+        builder.AddSingleton<IClientAttestationService, ClientAttestationService>();
         builder.AddSingleton<ICoseSign1Signer, CoseSign1Signer>();
+        builder.AddSingleton<ICredentialNonceService, CredentialNonceService>();
         builder.AddSingleton<ICredentialOfferService, CredentialOfferService>();
         builder.AddSingleton<ICredentialRequestService, CredentialRequestService>();
         builder.AddSingleton<ICredentialSetService, CredentialSetService>();
         builder.AddSingleton<ICredentialSetStorage, CredentialSetStorage>();
-        builder.AddSingleton<IDcqlService, DcqlService>();
         builder.AddSingleton<IDPopHttpClient, DPopHttpClient>();
+        builder.AddSingleton<IDcApiService, DcApiService>();
+        builder.AddSingleton<IDcqlService, DcqlService>();
         builder.AddSingleton<IIssuerMetadataService, IssuerMetadataService>();
         builder.AddSingleton<IMdocAuthenticationService, MdocAuthenticationService>();
         builder.AddSingleton<IMdocCandidateService, MdocCandidateService>();
@@ -66,15 +70,13 @@ public static IServiceCollection AddOpenIdServices(this IServiceCollection build
         builder.AddSingleton<IOid4VpHaipClient, Oid4VpHaipClient>();
         builder.AddSingleton<IOid4VpRecordService, Oid4VpRecordService>();
         builder.AddSingleton<IPexService, PexService>();
-        builder.AddSingleton<ICandidateQueryService, CandidateQueryService>();
+        builder.AddSingleton<IPresentationService, PresentationService>();
         builder.AddSingleton<IRecordsMigrationService, RecordsMigrationService>();
         builder.AddSingleton<IRpAuthService, RpAuthService>();
-        builder.AddSingleton<RelyingPartyAuthentication.Abstractions.IRpRegistrarService, IRpRegistrarService>();
+        builder.AddSingleton<IRpRegistrarService, RpRegistrarService>();
         builder.AddSingleton<IStatusListService, StatusListService>();
         builder.AddSingleton<ITokenService, TokenService>();
         builder.AddSingleton<IVctMetadataService, VctMetadataService>();
-        builder.AddSingleton<ICredentialNonceService, CredentialNonceService>();
-        builder.AddSingleton<IClientAttestationService, ClientAttestationService>();
 
         builder.AddSdJwtVcServices();
 

src/WalletFramework.Oid4Vc/Oid4Vci/Implementations/SdJwtRecordExtensions.cs

@@ -51,9 +51,4 @@ select displays.Select(credentialDisplay =>
 
         return record;
     }
-    
-    internal static SdJwtDoc ToSdJwtDoc(this SdJwtRecord record)
-    {
-        return new SdJwtDoc(record.EncodedIssuerSignedJwt + "~" + string.Join("~", record.Disclosures) + "~");
-    }
 }

src/WalletFramework.Oid4Vc/Oid4Vp/AuthResponse/Encryption/Abstractions/IVerifierKeyService.cs

@@ -0,0 +1,9 @@
+using Microsoft.IdentityModel.Tokens;
+using WalletFramework.Oid4Vc.Oid4Vp.Models;
+
+namespace WalletFramework.Oid4Vc.Oid4Vp.AuthResponse.Encryption.Abstractions;
+
+public interface IVerifierKeyService
+{
+    Task<JsonWebKey> GetPublicKey(AuthorizationRequest request);
+} 

src/WalletFramework.Oid4Vc/Oid4Vp/AuthResponse/Encryption/Implementations/AuthorizationResponseEncryptionService.cs

@@ -1,40 +1,18 @@
 using LanguageExt;
-using Microsoft.IdentityModel.Tokens;
-using WalletFramework.Core.Functional;
 using WalletFramework.Oid4Vc.Oid4Vp.AuthResponse.Encryption.Abstractions;
-using WalletFramework.Oid4Vc.Oid4Vp.Jwk;
 using WalletFramework.Oid4Vc.Oid4Vp.Models;
 
 namespace WalletFramework.Oid4Vc.Oid4Vp.AuthResponse.Encryption.Implementations;
 
-public class AuthorizationResponseEncryptionService
-    (IHttpClientFactory httpClientFactory): IAuthorizationResponseEncryptionService
+public class AuthorizationResponseEncryptionService(IVerifierKeyService verifierKeyService)
+    : IAuthorizationResponseEncryptionService
 {
     public async Task<EncryptedAuthorizationResponse> Encrypt(
         AuthorizationResponse response,
         AuthorizationRequest request,
         Option<Nonce> mdocNonce)
     {
-        var hasJwksUri = request.ClientMetadata?.JwksUri is not null;
-        var hasJwksInMetadata = request.ClientMetadata?.JwkSet.IsSome ?? false;
-
-        JsonWebKey verifierPubKey;
-        switch (hasJwksUri, hasJwksInMetadata)
-        {
-            case (true, false):
-            case (true, true):
-                var httpClient = httpClientFactory.CreateClient();
-                httpClient.DefaultRequestHeaders.Clear();
-                var httpResponseMessage = await httpClient.GetAsync(request.ClientMetadata!.JwksUri);
-                var jwkSetJsonStr = await httpResponseMessage.Content.ReadAsStringAsync();
-                verifierPubKey = JwkSet.FromJsonStr(jwkSetJsonStr).UnwrapOrThrow().GetEcP256Jwk();
-                break;
-            case (false, true):
-                verifierPubKey = request.ClientMetadata!.JwkSet.UnwrapOrThrow().GetEcP256Jwk();
-                break;
-            default:
-                throw new InvalidOperationException("Neither jwks or jwk_uri found");
-        }
+        var verifierPubKey = await verifierKeyService.GetPublicKey(request);
 
         return response.Encrypt(
             verifierPubKey,

src/WalletFramework.Oid4Vc/Oid4Vp/AuthResponse/Encryption/Implementations/VerifierKeyService.cs

@@ -0,0 +1,32 @@
+using Microsoft.IdentityModel.Tokens;
+using WalletFramework.Core.Functional;
+using WalletFramework.Oid4Vc.Oid4Vp.AuthResponse.Encryption.Abstractions;
+using WalletFramework.Oid4Vc.Oid4Vp.Jwk;
+using WalletFramework.Oid4Vc.Oid4Vp.Models;
+
+namespace WalletFramework.Oid4Vc.Oid4Vp.AuthResponse.Encryption.Implementations;
+
+public class VerifierKeyService(IHttpClientFactory httpClientFactory) : IVerifierKeyService
+{
+    public async Task<JsonWebKey> GetPublicKey(AuthorizationRequest request)
+    {
+        var hasJwksUri = request.ClientMetadata?.JwksUri is not null;
+        var hasJwksInMetadata = request.ClientMetadata?.JwkSet.IsSome ?? false;
+
+        return (hasJwksUri, hasJwksInMetadata) switch
+        {
+            (true, false) or (true, true) => await GetKeyFromJwksUri(request.ClientMetadata!.JwksUri!),
+            (false, true) => request.ClientMetadata!.JwkSet.UnwrapOrThrow().GetEcP256Jwk(),
+            _ => throw new InvalidOperationException("Neither jwks or jwk_uri found")
+        };
+    }
+
+    private async Task<JsonWebKey> GetKeyFromJwksUri(string jwksUri)
+    {
+        var httpClient = httpClientFactory.CreateClient();
+        httpClient.DefaultRequestHeaders.Clear();
+        var httpResponseMessage = await httpClient.GetAsync(jwksUri);
+        var jwkSetJsonStr = await httpResponseMessage.Content.ReadAsStringAsync();
+        return JwkSet.FromJsonStr(jwkSetJsonStr).UnwrapOrThrow().GetEcP256Jwk();
+    }
+} 

src/WalletFramework.Oid4Vc/Oid4Vp/AuthResponse/VpToken.cs

@@ -0,0 +1,135 @@
+using Newtonsoft.Json;
+using Newtonsoft.Json.Linq;
+using WalletFramework.Oid4Vc.Oid4Vp.Dcql.CredentialQueries;
+using OneOf;
+using WalletFramework.Core.Functional;
+using WalletFramework.Oid4Vc.Oid4Vp.Models;
+
+namespace WalletFramework.Oid4Vc.Oid4Vp.AuthResponse;
+
+// Second Parameter is for PEX which will be deprecated soon
+[JsonConverter(typeof(VpTokenConverter))]
+public record VpToken(OneOf<DcqlVpToken, string> Value)
+{
+    public string AsString()
+    {
+        return Value.Match(
+            dcql => dcql.AsJsonString(),
+            pex => pex
+        );
+    }
+
+    public JObject AsJObject()
+    {
+        return Value.Match(
+            dcql => dcql.AsJObject(),
+pex => throw new ArgumentException("PEX is not supported")
+        );
+    }
+}
+
+public class VpTokenConverter : JsonConverter<VpToken>
+{
+    public override void WriteJson(JsonWriter writer, VpToken? value, JsonSerializer serializer)
+    {
+        value!.Value.Switch(
+            dcql =>
+            {
+                var jObject = new JObject();
+                foreach (var pair in dcql.Presentations)
+                {
+                    jObject[pair.Key.AsString()] = new JArray(pair.Value.Select(presentation => presentation.Value));
+                }
+                jObject.WriteTo(writer);
+                // writer.WriteValue(dcql.AsString());
+            },
+            writer.WriteValue
+        );
+    }
+
+    public override VpToken ReadJson(JsonReader reader, Type objectType, VpToken? existingValue, bool hasExistingValue, JsonSerializer serializer)
+    {
+        var token = JToken.Load(reader);
+        
+        if (token.Type == JTokenType.String)
+        {
+            // It's a PEX string
+            return new VpToken(token.ToString());
+        }
+        else if (token.Type == JTokenType.Object)
+        {
+            // It's a DCQL VP Token
+            var jObject = (JObject)token;
+            var presentations = new Dictionary<CredentialQueryId, List<Presentation>>();
+            
+            foreach (var property in jObject.Properties())
+            {
+                var credentialQueryId = CredentialQueryId.Create(property.Name).UnwrapOrThrow();
+                var presentationList = new List<Presentation>();
+                
+                if (property.Value is JArray array)
+                {
+                    foreach (var item in array)
+                    {
+                        presentationList.Add(new Presentation(item.ToString()));
+                    }
+                }
+                
+                presentations[credentialQueryId] = presentationList;
+            }
+            
+            return new VpToken(new DcqlVpToken(presentations));
+        }
+        else
+        {
+            throw new JsonSerializationException($"Unexpected token type: {token.Type}");
+        } 
+    }
+}
+
+// VP Draft 29; This is the correct one
+public record DcqlVpToken(Dictionary<CredentialQueryId, List<Presentation>> Presentations)
+{
+    public string AsJsonString()
+    {
+        var jObject = new JObject();
+        
+        foreach (var pair in Presentations)
+        {
+            jObject[pair.Key.AsString()] = new JArray(pair.Value.Select(presentation => presentation.Value));
+        }
+        
+        return jObject.ToString();
+    }
+
+    public JObject AsJObject()
+    {
+        var jObject = new JObject();
+        foreach (var pair in Presentations)
+        {
+            jObject[pair.Key.AsString()] = new JArray(pair.Value.Select(presentation => presentation.Value));
+        }
+        return jObject;
+    }
+}
+
+public static class DcqlVpTokenFun
+{
+    public static DcqlVpToken FromPresentationMaps(IEnumerable<PresentationMap> maps)
+    {
+        var dict = maps
+            .GroupBy(map => CredentialQueryId.Create(map.Identifier).UnwrapOrThrow())
+            .ToDictionary(
+                map => map.Key,
+                map => map
+                    .Select(presentationMap => new Presentation(presentationMap.Presentation))
+                    .ToList()
+            );
+        
+        return new DcqlVpToken(dict);
+    }
+}
+
+// Can be either Mdoc DeviceResponse or SD-JWT Presentation Format; we are currently lacking a strong type
+// for this
+public record Presentation(string Value);

src/WalletFramework.Oid4Vc/Oid4Vp/DcApi/DcApiConstants.cs

@@ -0,0 +1,8 @@
+namespace WalletFramework.Oid4Vc.Oid4Vp.DcApi;
+
+public static class DcApiConstants
+{
+    public const string SignedProtocol = "openid4vp-v1-signed";
+
+    public const string UnsignedProtocol = "openid4vp-v1-unsigned";
+}

src/WalletFramework.Oid4Vc/Oid4Vp/DcApi/Models/DcApiRequestBatch.cs

@@ -0,0 +1,63 @@
+using Newtonsoft.Json.Linq;
+using WalletFramework.Core.Functional;
+using WalletFramework.Core.Functional.Errors;
+using WalletFramework.Core.Json;
+using WalletFramework.Core.Json.Errors;
+using static WalletFramework.Core.Functional.ValidationFun;
+
+namespace WalletFramework.Oid4Vc.Oid4Vp.DcApi.Models;
+
+/// <summary>
+///     Represents a batch of DC-API requests.
+/// </summary>
+public record DcApiRequestBatch
+{
+    /// <summary>
+    ///     Gets the requests. Contains an array of DC-API request items.
+    /// </summary>
+    public DcApiRequestItem[] Requests { get; }
+
+    private DcApiRequestBatch(DcApiRequestItem[] requests)
+    {
+        Requests = requests;
+    }
+
+    private static DcApiRequestBatch Create(DcApiRequestItem[] requests) => new(requests);
+
+    public static Validation<DcApiRequestBatch> From(string requestBatchJson)
+    {
+        if (string.IsNullOrWhiteSpace(requestBatchJson))
+        {
+            return new StringIsNullOrWhitespaceError<DcApiRequestBatch>();
+        }
+
+        JObject jObject;
+        try
+        {
+            jObject = JObject.Parse(requestBatchJson);
+        }
+        catch (Exception e)
+        {
+            return new InvalidJsonError(requestBatchJson, e).ToInvalid<DcApiRequestBatch>();
+        }
+        
+        return From(jObject);
+    }
+
+    public static Validation<DcApiRequestBatch> From(JObject requestBatchJson)
+    {
+        var requestsValidation =
+            from jToken in requestBatchJson.GetByKey("requests")
+            from jArray in jToken.ToJArray()
+            from items in jArray.TraverseAll(token =>
+            {
+                return
+                    from jObject in token.ToJObject()
+                    from item in DcApiRequestItem.ValidDcApiRequestItem(jObject)
+                    select item;
+            })
+            select items.ToArray();
+
+        return Valid(Create).Apply(requestsValidation);
+    }
+} 

src/WalletFramework.Oid4Vc/Oid4Vp/DcApi/Models/DcApiRequestBatchFun.cs

@@ -0,0 +1,20 @@
+using LanguageExt;
+
+namespace WalletFramework.Oid4Vc.Oid4Vp.DcApi.Models;
+
+/// <summary>
+///     Functions for DcApiRequestBatch.
+/// </summary>
+public static class DcApiRequestBatchFun
+{
+    /// <summary>
+    ///     Gets the first request in the batch with the specified protocol.
+    /// </summary>
+    /// <param name="batch">The DC-API request batch.</param>
+    /// <returns>The first request item with the specified protocol, or None if not found.</returns>
+    public static Option<DcApiRequestItem> GetFirstVpRequest(this DcApiRequestBatch batch)
+    {
+        var firstRequest = batch.Requests.FirstOrDefault(request => request.Protocol.Contains("openid4vp"));
+        return firstRequest ?? Option<DcApiRequestItem>.None;
+    }
+}