Add C'' (#169)

* c'' interfaces

Signed-off-by: Johannes Tuerk <johannes.tuerk@lissi.id>

* issuance + wip presentation

Signed-off-by: Johannes Tuerk <johannes.tuerk@lissi.id>

* apply merge changes to current state

Signed-off-by: Johannes Tuerk <johannes.tuerk@lissi.id>

* c'' vp and fix encryptedAuthResponse alg

Signed-off-by: Johannes Tuerk <johannes.tuerk@lissi.id>

* clean code + fix test

Signed-off-by: Johannes Tuerk <johannes.tuerk@lissi.id>

* fix test

Signed-off-by: Johannes Tuerk <johannes.tuerk@lissi.id>

---------

Signed-off-by: Johannes Tuerk <johannes.tuerk@lissi.id>

Author: JoTiTu

src/WalletFramework.Oid4Vc/Oid4Vci/Abstractions/IOid4VciClientService.cs

@@ -3,8 +3,11 @@
 using OneOf;
 using WalletFramework.Core.Functional;
 using WalletFramework.Core.Localization;
+using WalletFramework.MdocLib;
 using WalletFramework.MdocVc;
 using WalletFramework.Oid4Vc.Oid4Vci.AuthFlow.Models;
+using WalletFramework.Oid4Vc.Oid4Vp.Models;
+using WalletFramework.SdJwtVc.Models;
 using WalletFramework.SdJwtVc.Models.Records;
 
 namespace WalletFramework.Oid4Vc.Oid4Vci.Abstractions;
@@ -40,6 +43,17 @@ public interface IOid4VciClientService
     /// </returns>
     Task<Validation<List<OneOf<SdJwtRecord, MdocRecord>>>> RequestCredential(IssuanceSession issuanceSession);
 
+    /// <summary>
+    ///     Requests a verifiable credential using the authorization code flow and C''.
+    /// </summary>
+    /// <param name="issuanceSession">Holds authorization session relevant information.</param>
+    /// <param name="authorizationRequest">The AuthorizationRequest that is associated witht the ad-hoc crednetial issuance</param>
+    /// <param name="credentialType">Specifies whether Sd-Jwt or MDoc should be issued</param>
+    /// <returns>
+    /// A list of credentials.
+    /// </returns>
+    Task<Validation<List<OneOf<SdJwtRecord, MdocRecord>>>> RequestOnDemandCredential(IssuanceSession issuanceSession, AuthorizationRequest authorizationRequest, OneOf<Vct, DocType> credentialType);
+    
     /// <summary>
     ///     Processes a credential offer
     /// </summary>

src/WalletFramework.Oid4Vc/Oid4Vci/AuthFlow/Abstractions/IAuthFlowSessionStorage.cs

@@ -25,6 +25,14 @@ public interface IAuthFlowSessionStorage
     /// <param name="authFlowSessionState">Session State Identifier of a Authorization Code Flow session</param>
     /// <returns></returns>
     Task<AuthFlowSessionRecord> GetAsync(IAgentContext context, AuthFlowSessionState authFlowSessionState);
+    
+    /// <summary>
+    ///     Updates the authorization session record by the session identifier.
+    /// </summary>
+    /// <param name="context">Agent Context</param>
+    /// <param name="record">the updated Authorization Session Record</param>
+    /// <returns></returns>
+    Task UpdateAsync(IAgentContext context, AuthFlowSessionRecord record);
 
     /// <summary>
     ///     Stores the authorization session record.

src/WalletFramework.Oid4Vc/Oid4Vci/AuthFlow/Implementations/AuthFlowSessionStorage.cs

@@ -48,4 +48,8 @@ public async Task<AuthFlowSessionRecord> GetAsync(IAgentContext context, AuthFlo
     /// <inheritdoc />
     public async Task<bool> DeleteAsync(IAgentContext context, AuthFlowSessionState authFlowSessionState) => 
         await _recordService.DeleteAsync<AuthFlowSessionRecord>(context.Wallet, authFlowSessionState);
+    
+    /// <inheritdoc />
+    public async Task UpdateAsync(IAgentContext context, AuthFlowSessionRecord record) => 
+        await _recordService.UpdateAsync(context.Wallet, record);
 }

src/WalletFramework.Oid4Vc/Oid4Vci/AuthFlow/Models/AuthorizationData.cs

@@ -1,4 +1,5 @@
 using System.Globalization;
+using LanguageExt;
 using Newtonsoft.Json.Linq;
 using WalletFramework.Core.Functional;
 using WalletFramework.Oid4Vc.Oid4Vci.Authorization.Models;
@@ -11,13 +12,15 @@ public record AuthorizationData(
     ClientOptions ClientOptions,
     IssuerMetadata IssuerMetadata,
     AuthorizationServerMetadata AuthorizationServerMetadata,
+    Option<OAuthToken> OAuthToken,
     List<CredentialConfigurationId> CredentialConfigurationIds);
 
 public static class AuthorizationDataFun
 {
     private const string ClientOptionsJsonKey = "client_options";
     private const string IssuerMetadataJsonKey = "issuer_metadata";
     private const string AuthorizationServerMetadataJsonKey = "authorization_server_metadata";
+    private const string CredentialOAuthToken = "credential_oauth_token";
     private const string CredentialConfigurationIdsJsonKey = "credential_configuration_ids";
 
     public static JObject EncodeToJson(this AuthorizationData data)
@@ -27,6 +30,10 @@ public static JObject EncodeToJson(this AuthorizationData data)
         var issuerMetadata = data.IssuerMetadata.EncodeToJson();
 
         var authServerMetadata = JObject.FromObject(data.AuthorizationServerMetadata);
+
+        var oAuthToken = data.OAuthToken.MatchUnsafe(
+            Some: JObject.FromObject,
+            None: () => null);
 
         var ids = data.CredentialConfigurationIds.Select(id => id.ToString());
         var idsArray = new JArray(ids);
@@ -36,6 +43,7 @@ public static JObject EncodeToJson(this AuthorizationData data)
             { ClientOptionsJsonKey, clientOptions },
             { IssuerMetadataJsonKey, issuerMetadata },
             { AuthorizationServerMetadataJsonKey, authServerMetadata },
+            { CredentialOAuthToken, oAuthToken },
             { CredentialConfigurationIdsJsonKey, idsArray }
         };
     }
@@ -50,6 +58,8 @@ public static AuthorizationData DecodeFromJson(JObject json)
 
         var authServerMetadata = json[AuthorizationServerMetadataJsonKey]!.ToObject<AuthorizationServerMetadata>()!;
 
+        var credentialOAuthToken  = json[CredentialOAuthToken]!.ToObject<OAuthToken>()!;
+        
         var configIds = json[CredentialConfigurationIdsJsonKey]!.Cast<JValue>().Select(value =>
         {
             var str = value.ToString(CultureInfo.InvariantCulture);
@@ -59,6 +69,6 @@ public static AuthorizationData DecodeFromJson(JObject json)
 
         }).ToList();
 
-        return new AuthorizationData(clientOptions, issuerMetadata, authServerMetadata, configIds);
+        return new AuthorizationData(clientOptions, issuerMetadata, authServerMetadata, credentialOAuthToken, configIds);
     }
 }

src/WalletFramework.Oid4Vc/Oid4Vci/AuthFlow/Records/AuthFlowSessionRecord.cs

@@ -31,7 +31,7 @@ public AuthFlowSessionState AuthFlowSessionState
     /// <summary>
     ///     The authorization data.
     /// </summary>
-    public AuthorizationData AuthorizationData { get; }
+    public AuthorizationData AuthorizationData { get; set; }
 
     /// <summary>
     ///     The parameters for the 'authorization_code' grant type.

src/WalletFramework.Oid4Vc/Oid4Vci/CredRequest/Abstractions/ICredentialRequestService.cs

@@ -8,6 +8,7 @@
 using WalletFramework.Oid4Vc.Oid4Vci.CredConfiguration.Models.SdJwt;
 using WalletFramework.Oid4Vc.Oid4Vci.CredResponse;
 using WalletFramework.Oid4Vc.Oid4Vci.Issuer.Models;
+using WalletFramework.Oid4Vc.Oid4Vp.Models;
 
 namespace WalletFramework.Oid4Vc.Oid4Vci.CredRequest.Abstractions;
 
@@ -17,5 +18,6 @@ public Task<Validation<CredentialResponse>> RequestCredentials(
         OneOf<SdJwtConfiguration, MdocConfiguration> configuration,
         IssuerMetadata issuerMetadata,
         OneOf<OAuthToken, DPopToken> token,
-        Option<ClientOptions> clientOptions);
+        Option<ClientOptions> clientOptions,
+        Option<AuthorizationRequest> authorizationRequest);
 }

src/WalletFramework.Oid4Vc/Oid4Vci/CredRequest/Implementations/CredentialRequestService.cs

@@ -6,6 +6,7 @@
 using WalletFramework.Core.Functional;
 using WalletFramework.Core.Json;
 using WalletFramework.Core.Uri;
+using WalletFramework.MdocLib.Security;
 using WalletFramework.Oid4Vc.Oid4Vci.AuthFlow.Models;
 using WalletFramework.Oid4Vc.Oid4Vci.Authorization.DPop.Abstractions;
 using WalletFramework.Oid4Vc.Oid4Vci.Authorization.DPop.Models;
@@ -20,6 +21,7 @@
 using WalletFramework.Oid4Vc.Oid4Vci.Issuer.Models;
 using WalletFramework.Oid4Vc.Oid4Vci.CredRequest.Models.SdJwt;
 using WalletFramework.Oid4Vc.Oid4Vci.CredResponse;
+using WalletFramework.Oid4Vc.Oid4Vp.Models;
 using WalletFramework.SdJwtVc.Services.SdJwtVcHolderService;
 
 namespace WalletFramework.Oid4Vc.Oid4Vci.CredRequest.Implementations;
@@ -46,9 +48,10 @@ public CredentialRequestService(
     private async Task<CredentialRequest> CreateCredentialRequest(
         KeyId keyId,
         Format format,
-        IssuerMetadata issuerMetadata,
         OneOf<OAuthToken, DPopToken> token,
-        Option<ClientOptions> clientOptions)
+        IssuerMetadata issuerMetadata,
+        Option<ClientOptions> clientOptions,
+        Option<AuthorizationRequest> authorizationRequest)
     {
         var cNonce = token.Match(
             oauthToken => oauthToken.CNonce,
@@ -61,21 +64,34 @@ private async Task<CredentialRequest> CreateCredentialRequest(
             "openid4vci-proof+jwt",
             null,
             clientOptions.ToNullable()?.ClientId);
+        
+        var proof = Option<ProofOfPossession>.None;
+        var sessionTranscript = Option<SessionTranscript>.None;
 
-        var proof = new ProofOfPossession
-        {
-            ProofType = "jwt",
-            Jwt = keyBindingJwt
-        };
+        authorizationRequest.Match(
+            Some: _ =>
+            {
+                if (format == "mso_mdoc")
+                    sessionTranscript = authorizationRequest.UnwrapOrThrow(new Exception()).ToVpHandover().ToSessionTranscript();
+            },
+            None: () =>
+            {
+                proof = new ProofOfPossession
+                {
+                    ProofType = "jwt",
+                    Jwt = keyBindingJwt
+                };
+            });
 
-        return new CredentialRequest(proof, format);
+        return new CredentialRequest(format, proof, sessionTranscript);
     }
 
     async Task<Validation<CredentialResponse>> ICredentialRequestService.RequestCredentials(
         OneOf<SdJwtConfiguration, MdocConfiguration> configuration,
         IssuerMetadata issuerMetadata,
         OneOf<OAuthToken, DPopToken> token,
-        Option<ClientOptions> clientOptions)
+        Option<ClientOptions> clientOptions,
+        Option<AuthorizationRequest> authorizationRequest)
     {
         var keyId = await _keyStore.GenerateKey();
 
@@ -85,9 +101,10 @@ async Task<Validation<CredentialResponse>> ICredentialRequestService.RequestCred
                 var vciRequest = await CreateCredentialRequest(
                     keyId,
                     sdJwt.Format,
-                    issuerMetadata,
                     token,
-                    clientOptions);
+                    issuerMetadata,
+                    clientOptions,
+                    authorizationRequest);
 
                 var result = new SdJwtCredentialRequest(vciRequest, sdJwt.Vct);
                 return result.EncodeToJson();
@@ -97,9 +114,10 @@ async Task<Validation<CredentialResponse>> ICredentialRequestService.RequestCred
                 var vciRequest = await CreateCredentialRequest(
                     keyId,
                     mdoc.Format,
-                    issuerMetadata,
                     token,
-                    clientOptions);
+                    issuerMetadata,
+                    clientOptions,
+                    authorizationRequest);
 
                 var result = new MdocCredentialRequest(vciRequest, mdoc);
                 return result.EncodeToJson();

src/WalletFramework.Oid4Vc/Oid4Vci/CredRequest/Models/CredentialRequest.cs

@@ -1,5 +1,7 @@
 using LanguageExt;
 using Newtonsoft.Json.Linq;
+using WalletFramework.Core.Base64Url;
+using WalletFramework.MdocLib.Security;
 using WalletFramework.Oid4Vc.Oid4Vci.CredConfiguration.Models;
 
 namespace WalletFramework.Oid4Vc.Oid4Vci.CredRequest.Models;
@@ -9,7 +11,7 @@ namespace WalletFramework.Oid4Vc.Oid4Vci.CredRequest.Models;
 ///     This request contains the format of the credential, the type of credential,
 ///     and a proof of possession of the key material the issued credential shall be bound to.
 /// </summary>
-public record CredentialRequest(Option<ProofOfPossession> Proof, Format Format)
+public record CredentialRequest(Format Format, Option<ProofOfPossession> Proof, Option<SessionTranscript> SessionTranscript)
 {
     /// <summary>
     ///     Gets the proof of possession of the key material the issued credential shall be bound to.
@@ -20,12 +22,15 @@ public record CredentialRequest(Option<ProofOfPossession> Proof, Format Format)
     ///     Gets the format of the credential to be issued.
     /// </summary>
     public Format Format { get; } = Format;
+
+    public Option<SessionTranscript> SessionTranscript { get; } = SessionTranscript;
 }
 
 public static class CredentialRequestFun
 {
     private const string ProofJsonKey = "proof";
     private const string FormatJsonKey = "format";
+    private const string SessionTranscriptKey = "session_transcript";
 
     public static JObject EncodeToJson(this CredentialRequest request)
     {
@@ -36,6 +41,11 @@ public static JObject EncodeToJson(this CredentialRequest request)
             result.Add(ProofJsonKey, JObject.FromObject(proof));
         });
 
+        request.SessionTranscript.IfSome(sessionTranscript =>
+        {
+            result.Add(SessionTranscriptKey, Base64UrlString.CreateBase64UrlString(sessionTranscript.ToCbor().ToJSONBytes()).ToString());
+        });
+        
         result.Add(FormatJsonKey, request.Format.ToString());
 
         return result;