wip to test issuance

Author: Pflanzmann

wallet-core/src/main/java/eu/europa/ec/eudi/wallet/EudiWallet.kt

@@ -35,12 +35,12 @@ import eu.europa.ec.eudi.wallet.document.sample.SampleDocumentManager
 import eu.europa.ec.eudi.wallet.internal.getCertificate
 import eu.europa.ec.eudi.wallet.internal.mainExecutor
 import eu.europa.ec.eudi.wallet.issue.openid4vci.*
+import eu.europa.ec.eudi.wallet.keystore.KeyGenerator
+import eu.europa.ec.eudi.wallet.keystore.KeyGeneratorImpl
 import eu.europa.ec.eudi.wallet.transfer.openid4vp.OpenId4VpCBORResponse
-import eu.europa.ec.eudi.wallet.transfer.openid4vp.responseGenerator.OpenId4VpResponseGeneratorDelegator
 import eu.europa.ec.eudi.wallet.transfer.openid4vp.OpenId4vpManager
+import eu.europa.ec.eudi.wallet.transfer.openid4vp.responseGenerator.OpenId4VpResponseGeneratorDelegator
 import eu.europa.ec.eudi.wallet.util.DefaultNfcEngagementService
-import eu.europa.ec.eudi.wallet.keystore.KeyGenerator
-import eu.europa.ec.eudi.wallet.keystore.KeyGeneratorImpl
 import java.security.cert.X509Certificate
 import java.util.concurrent.Executor
 
@@ -229,7 +229,10 @@ object EudiWallet : KeyGenerator by KeyGeneratorImpl {
      * @return [StoreDocumentResult]
      * @throws IllegalStateException if [EudiWallet] is not firstly initialized via the [init] method
      */
-    fun storeIssuedDocument(unsignedDocument: UnsignedDocument, data: ByteArray): StoreDocumentResult =
+    fun storeIssuedDocument(
+        unsignedDocument: UnsignedDocument,
+        data: ByteArray
+    ): StoreDocumentResult =
         documentManager.storeIssuedDocument(unsignedDocument, data)
 
     private var openId4VciManager: OpenId4VciManager? = null
@@ -285,7 +288,15 @@ object EudiWallet : KeyGenerator by KeyGeneratorImpl {
                     config(config)
                     logger = this@EudiWallet.logger
                     ktorHttpClientFactory = _config.ktorHttpClientFactory
-                }.also { it.issueDocumentByDocType(docType, txCode, executor, authorizationHandler, onEvent) }
+                }.also {
+                    it.issueDocumentByDocType(
+                        docType,
+                        txCode,
+                        executor,
+                        authorizationHandler,
+                        onEvent
+                    )
+                }
             } ?: run {
                 (executor ?: context.mainExecutor()).execute {
                     onEvent(IssueEvent.failure(IllegalStateException("OpenId4Vci config is not set in configuration")))
@@ -321,7 +332,15 @@ object EudiWallet : KeyGenerator by KeyGeneratorImpl {
                     config(config)
                     logger = this@EudiWallet.logger
                     ktorHttpClientFactory = _config.ktorHttpClientFactory
-                }.also { it.issueDocumentByOffer(offer, txCode, executor, authorizationHandler, onEvent) }
+                }.also {
+                    it.issueDocumentByOffer(
+                        offer,
+                        txCode,
+                        executor,
+                        authorizationHandler,
+                        onEvent
+                    )
+                }
             } ?: run {
                 (executor ?: context.mainExecutor()).execute {
                     onEvent(IssueEvent.failure(IllegalStateException("OpenId4Vci config is not set in configuration")))
@@ -356,7 +375,15 @@ object EudiWallet : KeyGenerator by KeyGeneratorImpl {
                     config(config)
                     logger = this@EudiWallet.logger
                     ktorHttpClientFactory = _config.ktorHttpClientFactory
-                }.also { it.issueDocumentByOfferUri(offerUri, txCode, executor, authorizationHandler, onEvent) }
+                }.also {
+                    it.issueDocumentByOfferUri(
+                        offerUri,
+                        txCode,
+                        executor,
+                        authorizationHandler,
+                        onEvent
+                    )
+                }
             } ?: run {
                 (executor ?: context.mainExecutor()).execute {
                     onEvent(IssueEvent.failure(IllegalStateException("OpenId4Vci config is not set in configuration")))
@@ -388,7 +415,12 @@ object EudiWallet : KeyGenerator by KeyGeneratorImpl {
                     ktorHttpClientFactory = _config.ktorHttpClientFactory
                 }.also {
                     when (val document = documentManager.getDocumentById(documentId)) {
-                        is DeferredDocument -> it.issueDeferredDocument(document, executor, onResult)
+                        is DeferredDocument -> it.issueDeferredDocument(
+                            document,
+                            executor,
+                            onResult
+                        )
+
                         else -> (executor ?: context.mainExecutor()).execute {
                             onResult(
                                 DeferredIssueResult.DocumentFailed(
@@ -479,8 +511,16 @@ object EudiWallet : KeyGenerator by KeyGeneratorImpl {
      * @return [EudiWallet]
      */
     fun setTrustedReaderCertificates(trustedReaderCertificates: List<X509Certificate>) = apply {
-        deviceResponseGenerator.setReaderTrustStore(ReaderTrustStore.getDefault(trustedReaderCertificates))
-        openId4VpCBORResponseGenerator.setReaderTrustStore(ReaderTrustStore.getDefault(trustedReaderCertificates))
+        deviceResponseGenerator.setReaderTrustStore(
+            ReaderTrustStore.getDefault(
+                trustedReaderCertificates
+            )
+        )
+        openId4VpCBORResponseGenerator.setReaderTrustStore(
+            ReaderTrustStore.getDefault(
+                trustedReaderCertificates
+            )
+        )
     }
 
     /**
@@ -635,9 +675,10 @@ object EudiWallet : KeyGenerator by KeyGeneratorImpl {
         // create response
         val responseResult = when (transferMode) {
             TransferMode.OPENID4VP ->
-                openId4vpManager?.responseGenerator?.createResponse(disclosedDocuments) ?: ResponseResult.Failure(
-                    Throwable("Openid4vpManager has not been initialized properly")
-                )
+                openId4vpManager?.responseGenerator?.createResponse(disclosedDocuments)
+                    ?: ResponseResult.Failure(
+                        Throwable("Openid4vpManager has not been initialized properly")
+                    )
 
             TransferMode.ISO_18013_5, TransferMode.REST_API ->
                 transferManager.responseGenerator.createResponse(disclosedDocuments)
@@ -701,14 +742,22 @@ object EudiWallet : KeyGenerator by KeyGeneratorImpl {
     private val transferManagerDocumentsResolver: DocumentsResolver
         get() = DocumentsResolver { req ->
 
-            //When()
-            //get sdJwt docs
-            //SdJwt filter
+            DocumentManagerSdJwt
+                .getAllDocuments()
+                .filter { doc -> doc.vct == req.docType }
+                .map { doc ->
+                    RequestDocument(
+                        documentId = doc.id,
+                        docType = doc.vct,
+                        docName = doc.docName,
+                        userAuthentication = doc.requiresUserAuth,
+                        docRequest = req
+                    )
+                }.takeIf { it.isNotEmpty() }?.let { return@DocumentsResolver it }
 
-            //Mdoc filter
-            documentManager.getDocuments(Document.State.ISSUED)
+            return@DocumentsResolver documentManager.getDocuments(Document.State.ISSUED)
                 .filterIsInstance<IssuedDocument>()
-                .filter { doc -> doc.docType == req.docType }
+//                .filter { doc -> doc.docType == req.docType }
                 .map { doc ->
                     RequestDocument(
                         documentId = doc.id,

wallet-core/src/main/java/eu/europa/ec/eudi/wallet/issue/openid4vci/ProcessResponse.kt

@@ -16,32 +16,28 @@
 
 package eu.europa.ec.eudi.wallet.issue.openid4vci
 
-import com.android.identity.util.CborUtil
 import com.nimbusds.jose.crypto.ECDSAVerifier
-import com.nimbusds.jose.crypto.RSASSAVerifier
 import com.nimbusds.jose.jwk.ECKey
-import com.nimbusds.jose.jwk.RSAKey
 import eu.europa.ec.eudi.openid4vci.IssuedCredential
 import eu.europa.ec.eudi.openid4vci.SubmissionOutcome
-import eu.europa.ec.eudi.sdjwt.SdJwtFactory
-import eu.europa.ec.eudi.sdjwt.SdJwtIssuer
 import eu.europa.ec.eudi.sdjwt.SdJwtVerifier
 import eu.europa.ec.eudi.sdjwt.asJwtVerifier
-import eu.europa.ec.eudi.sdjwt.nimbus
 import eu.europa.ec.eudi.wallet.document.DocumentId
 import eu.europa.ec.eudi.wallet.document.DocumentManager
 import eu.europa.ec.eudi.wallet.document.StoreDocumentResult
 import eu.europa.ec.eudi.wallet.document.UnsignedDocument
 import eu.europa.ec.eudi.wallet.issue.openid4vci.IssueEvent.Companion.documentFailed
 import eu.europa.ec.eudi.wallet.logging.Logger
-import eu.europa.ec.eudi.wallet.util.CBOR
+import eu.europa.ec.eudi.wallet.logging.d
+import eu.europa.ec.eudi.wallet.transfer.openid4vp.OpenId4vpManager.Companion.TAG
 import kotlinx.coroutines.CancellableContinuation
 import kotlinx.coroutines.CoroutineScope
 import kotlinx.coroutines.Dispatchers
 import kotlinx.coroutines.launch
 import kotlinx.coroutines.runBlocking
 import kotlinx.coroutines.suspendCancellableCoroutine
 import kotlinx.serialization.json.Json
+import org.bouncycastle.util.encoders.Hex
 import org.json.JSONObject
 import java.io.ByteArrayInputStream
 import java.io.Closeable
@@ -65,10 +61,6 @@ internal class ProcessResponse(
     }
 
     suspend fun process(response: SubmitRequest.Response) {
-        //Get UUID from mDoc
-
-        //Give UUID into sdJwt process() call
-
         response.forEach { (unsignedDocument, result) ->
             process(unsignedDocument, result)
         }
@@ -104,32 +96,38 @@ internal class ProcessResponse(
         when (outcome) {
             is SubmissionOutcome.Success -> when (val credential = outcome.credentials[0]) {
                 is IssuedCredential.Issued -> try {
-                    // sdjwt
-
-                    val headerString = credential.credential.split(".").first()
-                    val headerJson = JSONObject(String(Base64.getUrlDecoder().decode(headerString)))
-                    val keyString = headerJson.getJSONArray("x5c").getString(0).replace("\n", "")
-
-                    val pemKey = "-----BEGIN CERTIFICATE-----\n" +
-                            "${keyString}\n" +
-                            "-----END CERTIFICATE-----"
-
-                    val certificateFactory: CertificateFactory = CertificateFactory.getInstance("X.509")
-                    val certificate =
-                        certificateFactory.generateCertificate(ByteArrayInputStream(pemKey.toByteArray())) as X509Certificate
-
-                    val ecKey = ECKey.parse(certificate)
-                    val jwtSignatureVerifier = ECDSAVerifier(ecKey).asJwtVerifier()
-
-                    CoroutineScope(Dispatchers.IO).launch {
-                        val verifiedIssuanceSdJwt = SdJwtVerifier.verifyIssuance(
-                            jwtSignatureVerifier,
-                            credential.credential
-                        ).getOrThrow()
-
-                    //store
-
-//                        logger?.d(TAG, "CBOR bytes: ${Hex.toHexString(cborBytes)}")
+                    if (isSdJwt(credential.credential)) {
+                        val headerString = credential.credential.split(".").first()
+                        val headerJson =
+                            JSONObject(String(Base64.getUrlDecoder().decode(headerString)))
+                        val keyString =
+                            headerJson.getJSONArray("x5c").getString(0).replace("\n", "")
+
+                        val pemKey = "-----BEGIN CERTIFICATE-----\n" +
+                                "${keyString}\n" +
+                                "-----END CERTIFICATE-----"
+
+                        val certificateFactory: CertificateFactory =
+                            CertificateFactory.getInstance("X.509")
+                        val certificate =
+                            certificateFactory.generateCertificate(ByteArrayInputStream(pemKey.toByteArray())) as X509Certificate
+
+                        val ecKey = ECKey.parse(certificate)
+                        val jwtSignatureVerifier = ECDSAVerifier(ecKey).asJwtVerifier()
+
+                        CoroutineScope(Dispatchers.IO).launch {
+                            SdJwtVerifier.verifyIssuance(
+                                jwtSignatureVerifier,
+                                credential.credential
+                            ).getOrThrow()
+
+                            DocumentManagerSdJwt.storeDocument(unsignedDocument.id, credential.credential)
+                        }
+
+                    } else {
+                        val cborBytes = Base64.getUrlDecoder().decode(credential.credential)
+
+                        logger?.d(TAG, "CBOR bytes: ${Hex.toHexString(cborBytes)}")
                         documentManager.storeIssuedDocument(
                             unsignedDocument,
                             credential.credential.toByteArray()
@@ -168,7 +166,13 @@ internal class ProcessResponse(
     }
 
     private fun isSdJwt(credential: String): Boolean {
-        return credential.contains("~")
+        return try {
+            val headerString = credential.split(".").first()
+            val headerJson = JSONObject(String(Base64.getUrlDecoder().decode(headerString)))
+            true
+        } catch (e: Exception) {
+            false
+        }
     }
 
     private fun UserAuthRequiredException.toIssueEvent(

wallet-core/src/main/java/eu/europa/ec/eudi/wallet/transfer/openid4vp/responseGenerator/OpenId4VpResponseGeneratorDelegator.kt

@@ -88,10 +88,7 @@ class OpenId4VpResponseGeneratorDelegator(
                 }
 
                 val openId4VpSdJwtResponseGeneratorImpl = OpenId4VpSdJwtResponseGeneratorImpl(
-                    documentsResolver,
-                    storageEngine,
-                    androidSecureArea,
-                    logger
+                    documentsResolver
                 ).apply {
                     readerTrustStore?.let { setReaderTrustStore(it) }
                 }