WIP

FelixRedAndroid · FelixRedAndroid · commit c37947441a20 · 2024-08-13T15:17:16.000+02:00
diff --git a/wallet-core/src/main/java/eu/europa/ec/eudi/wallet/keystore/KeyGenerator.kt b/wallet-core/src/main/java/eu/europa/ec/eudi/wallet/keystore/KeyGenerator.kt
@@ -3,15 +3,20 @@ package eu.europa.ec.eudi.wallet.keystore
 import android.os.Build
 import android.security.keystore.KeyGenParameterSpec
 import android.security.keystore.KeyProperties
+import android.util.Base64
 import androidx.annotation.RequiresApi
 import eu.europa.ec.eudi.wallet.keystore.KeyGenerator.SigningKeyConfig
 import java.io.IOException
 import java.security.InvalidAlgorithmParameterException
+import java.security.InvalidKeyException
 import java.security.KeyPairGenerator
 import java.security.KeyStore
 import java.security.KeyStoreException
 import java.security.NoSuchAlgorithmException
 import java.security.NoSuchProviderException
+import java.security.PrivateKey
+import java.security.Signature
+import java.security.SignatureException
 import java.security.UnrecoverableEntryException
 import java.security.cert.CertificateException
 
@@ -23,6 +28,9 @@ interface KeyGenerator {
     @Throws(KeyStoreException::class)
     fun getSigningKey(config: SigningKeyConfig): KeyStore.PrivateKeyEntry
 
+    @Throws(SignatureException::class)
+    fun sign(key: PrivateKey, data: ByteArray): String
+
     data class SigningKeyConfig(
         val keyType: Int,
         val timeoutSeconds: Int,
@@ -38,6 +46,32 @@ internal object KeyGeneratorImpl : KeyGenerator {
         return entry
     }
 
+    private const val SIGNATURE_ALGORITHM = "SHA256withECDSA"
+
+    @Throws(SignatureException::class)
+   override fun sign(
+        key: PrivateKey,
+        data: ByteArray,
+    ) = try {
+        Signature
+            .getInstance(SIGNATURE_ALGORITHM)
+            .run {
+                initSign(key)
+                update(data)
+                sign()
+            }.toBase64String()
+    } catch (exception: NoSuchAlgorithmException) {
+        throw SignatureException(exception)
+//        throw SigningException("Signing failed.", exception)
+    } catch (exception: InvalidKeyException) {
+        throw SignatureException(exception)
+//        throw SigningException("Signing failed.", exception)
+//    } catch (exception: SignatureException) {
+//        throw SigningException("Signing failed.", exception)
+    }
+
+    private fun ByteArray.toBase64String() = String(Base64.encode(this, Base64.DEFAULT))
+
     @RequiresApi(Build.VERSION_CODES.R)
     @Throws(KeyStoreException::class)
     private fun getKeyStoreEntry(config: SigningKeyConfig) = try {
diff --git a/wallet-core/src/main/java/eu/europa/ec/eudi/wallet/transfer/openid4vp/responseGenerator/OpenId4VpSdJwtResponseGeneratorImpl.kt b/wallet-core/src/main/java/eu/europa/ec/eudi/wallet/transfer/openid4vp/responseGenerator/OpenId4VpSdJwtResponseGeneratorImpl.kt
@@ -55,7 +55,7 @@ class OpenId4VpSdJwtResponseGeneratorImpl(
         val disclosedDocument = disclosedDocuments.documents.first()
 
         val credentials = DocumentManagerSdJwt.getDocumentById(disclosedDocument.documentId)?.data
-            ?: throw IllegalArgumentException()
+                          ?: throw IllegalArgumentException()
 
         val sdJwt = getSdJwtFromCredentials(credentials)
 
@@ -67,8 +67,8 @@ class OpenId4VpSdJwtResponseGeneratorImpl(
 
 //        val ecKey = ECKey.load(KeyGeneratorImpl.getKeyStore(), DEV_KEY_ALIAS, null)
 
-        val key= if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.R) {
-            KeyGeneratorImpl.getSigningKey(KeyGenerator.SigningKeyConfig(KeyProperties.AUTH_DEVICE_CREDENTIAL,60))
+        val key = if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.R) {
+            KeyGeneratorImpl.getSigningKey(KeyGenerator.SigningKeyConfig(KeyProperties.AUTH_DEVICE_CREDENTIAL, 60))
         } else {
             throw Exception()
         }
@@ -78,16 +78,21 @@ class OpenId4VpSdJwtResponseGeneratorImpl(
             certificateFactory.generateCertificate(ByteArrayInputStream(key.certificate.encoded)) as X509Certificate
         val ecKey = ECKey.parse(certificate)
 
-        val signer = ECDSASigner(ecKey)
+//        val signer = ECDSASigner(ecKey)
 
         val string = presentationSdJwt!!.serializeWithKeyBinding(
             jwtSerializer = { it.first },
             hashAlgorithm = HashAlgorithm.SHA_256,
             keyBindingSigner = object : KeyBindingSigner {
                 override val signAlgorithm: JWSAlgorithm = JWSAlgorithm.ES256
                 override val publicKey: AsymmetricJWK = ecKey.toPublicJWK()
-                override fun getJCAContext(): JCAContext = signer.jcaContext
-                override fun sign(p0: JWSHeader?, p1: ByteArray?): Base64URL = signer.sign(p0, p1)
+                override fun getJCAContext(): JCAContext = JCAContext()
+                @Throws(java.security.SignatureException::class)
+                override fun sign(p0: JWSHeader?, p1: ByteArray?): Base64URL =
+                    Base64URL(KeyGeneratorImpl.sign(key.privateKey, p1 ?: ByteArray(0)))
+//                override val publicKey: AsymmetricJWK = ecKey.toPublicJWK()
+//                override fun getJCAContext(): JCAContext = signer.jcaContext
+//                override fun sign(p0: JWSHeader?, p1: ByteArray?): Base64URL = signer.sign(p0, p1)
             },
             claimSetBuilderAction = { }
         )
@@ -176,8 +181,8 @@ class OpenId4VpSdJwtResponseGeneratorImpl(
         println(keyString)
 
         val pemString = "-----BEGIN CERTIFICATE-----\n" +
-                "${keyString}\n" +
-                "-----END CERTIFICATE-----"
+                        "${keyString}\n" +
+                        "-----END CERTIFICATE-----"
 
         val certificateFactory: CertificateFactory = CertificateFactory.getInstance("X.509")
         val certificate =
