WIP: Can't decode IssuerSigned

vck/src/commonMain/kotlin/at/asitplus/wallet/lib/agent/IssuerAgent.kt

@@ -4,6 +4,8 @@ import at.asitplus.KmmResult
 import at.asitplus.catching
 import at.asitplus.signum.indispensable.SignatureAlgorithm
 import at.asitplus.signum.indispensable.asn1.BitSet
+import at.asitplus.signum.indispensable.cosef.io.ByteStringWrapper
+import at.asitplus.signum.indispensable.cosef.io.ByteStringWrapperSerializer
 import at.asitplus.signum.indispensable.cosef.toCoseKey
 import at.asitplus.signum.indispensable.io.Base64Strict
 import at.asitplus.signum.indispensable.josef.ConfirmationClaim
@@ -118,8 +120,8 @@ class IssuerAgent(
         val issuerSigned = IssuerSigned.fromIssuerSignedItems(
             namespacedItems = mapOf(credential.scheme.isoNamespace!! to credential.issuerSignedItems),
             issuerAuth = coseService.createSignedCose(
-                payload = mso,
-                serializer = MobileSecurityObject.serializer(),
+                payload = ByteStringWrapper(mso),
+                serializer = ByteStringWrapperSerializer(MobileSecurityObject.serializer()),
                 addKeyId = false,
                 addCertificate = true,
             ).getOrThrow(),

vck/src/commonMain/kotlin/at/asitplus/wallet/lib/agent/Validator.kt

@@ -5,6 +5,7 @@ import at.asitplus.signum.indispensable.asn1.BitSet
 import at.asitplus.signum.indispensable.asn1.toBitSet
 import at.asitplus.signum.indispensable.cosef.CoseKey
 import at.asitplus.signum.indispensable.cosef.io.ByteStringWrapper
+import at.asitplus.signum.indispensable.cosef.io.ByteStringWrapperSerializer
 import at.asitplus.signum.indispensable.cosef.toCoseKey
 import at.asitplus.signum.indispensable.io.Base64Strict
 import at.asitplus.signum.indispensable.josef.JwsHeader
@@ -296,13 +297,12 @@ class Validator(
             throw IllegalArgumentException("issuerKey")
         }
 
-        if (verifierCoseService.verifyCose(issuerAuth, issuerKey, MobileSecurityObject.serializer()).isFailure) {
+        if (verifierCoseService.verifyCose(issuerAuth, issuerKey, ByteStringWrapperSerializer(MobileSecurityObject.serializer())).isFailure) {
             Napier.w("IssuerAuth not verified: $issuerAuth")
             throw IllegalArgumentException("issuerAuth")
         }
 
-        val mso: MobileSecurityObject? = issuerSigned.issuerAuth.payload
-        if (mso == null) {
+        val mso: MobileSecurityObject = issuerSigned.issuerAuth.payload?.value ?: run {
             Napier.w("MSO is null: $issuerAuth")
             throw IllegalArgumentException("mso")
         }
@@ -470,7 +470,7 @@ class Validator(
                 it.serialize().encodeToString(Base16(strict = true))
             )
         }
-        val result = verifierCoseService.verifyCose(it.issuerAuth, issuerKey, MobileSecurityObject.serializer())
+        val result = verifierCoseService.verifyCose(it.issuerAuth, issuerKey, ByteStringWrapperSerializer(MobileSecurityObject.serializer()))
         if (result.isFailure) {
             Napier.w("ISO: Could not verify credential", result.exceptionOrNull())
             return Verifier.VerifyCredentialResult.InvalidStructure(

vck/src/commonMain/kotlin/at/asitplus/wallet/lib/iso/IssuerSigned.kt

@@ -2,6 +2,7 @@ package at.asitplus.wallet.lib.iso
 
 import at.asitplus.KmmResult.Companion.wrap
 import at.asitplus.signum.indispensable.cosef.CoseSigned
+import at.asitplus.signum.indispensable.cosef.io.ByteStringWrapper
 import kotlinx.serialization.*
 
 /**
@@ -13,7 +14,7 @@ data class IssuerSigned private constructor(
     @Serializable(with = NamespacedIssuerSignedListSerializer::class)
     val namespaces: Map<String, @Contextual IssuerSignedList>? = null,
     @SerialName("issuerAuth")
-    val issuerAuth: CoseSigned<MobileSecurityObject>,
+    val issuerAuth: CoseSigned<ByteStringWrapper<MobileSecurityObject>>,
 ) {
 
     fun serialize() = vckCborSerializer.encodeToByteArray(this)
@@ -54,7 +55,7 @@ data class IssuerSigned private constructor(
          */
         fun fromIssuerSignedItems(
             namespacedItems: Map<String, List<IssuerSignedItem>>,
-            issuerAuth: CoseSigned<MobileSecurityObject>,
+            issuerAuth: CoseSigned<ByteStringWrapper<MobileSecurityObject>>,
         ): IssuerSigned = IssuerSigned(
             namespaces = namespacedItems.map { (namespace, value) ->
                 namespace to IssuerSignedList.fromIssuerSignedItems(value, namespace)

vck/src/commonTest/kotlin/at/asitplus/wallet/lib/cbor/DeviceSignedItemSerializationTest.kt

@@ -48,7 +48,7 @@ class DeviceSignedItemSerializationTest : FreeSpec({
             value = Random.nextBytes(32),
         )
         val protectedHeader = ByteStringWrapper(CoseHeader(), CoseHeader().serialize())
-        val issuerAuth = CoseSigned<MobileSecurityObject>(protectedHeader, null, null, byteArrayOf())
+        val issuerAuth = CoseSigned<ByteStringWrapper<MobileSecurityObject>>(protectedHeader, null, null, byteArrayOf())
         val deviceAuth = CoseSigned<ByteArray>(protectedHeader, null, null, byteArrayOf())
 
         val doc = Document(

vck/src/commonTest/kotlin/at/asitplus/wallet/lib/cbor/IssuerSignedItemSerializationTest.kt

@@ -46,7 +46,7 @@ class IssuerSignedItemSerializationTest : FreeSpec({
             elementValue = Random.nextBytes(32),
         )
         val protectedHeader = ByteStringWrapper(CoseHeader(), CoseHeader().serialize())
-        val issuerAuth = CoseSigned<MobileSecurityObject>(protectedHeader, null, null, byteArrayOf())
+        val issuerAuth = CoseSigned<ByteStringWrapper<MobileSecurityObject>>(protectedHeader, null, null, byteArrayOf())
         val doc = Document(
             docType = uuid4().toString(),
             issuerSigned = IssuerSigned.fromIssuerSignedItems(

vck/src/commonTest/kotlin/at/asitplus/wallet/lib/iso/IsoProcessTest.kt

@@ -4,6 +4,7 @@ import at.asitplus.signum.indispensable.cosef.CoseHeader
 import at.asitplus.signum.indispensable.cosef.CoseKey
 import at.asitplus.signum.indispensable.cosef.CoseSigned
 import at.asitplus.signum.indispensable.cosef.io.ByteStringWrapper
+import at.asitplus.signum.indispensable.cosef.io.ByteStringWrapperSerializer
 import at.asitplus.signum.indispensable.cosef.toCoseKey
 import at.asitplus.wallet.lib.agent.DefaultCryptoService
 import at.asitplus.wallet.lib.agent.EphemeralKeyWithoutCert
@@ -45,7 +46,7 @@ class Wallet {
     private val coseService = DefaultCoseService(cryptoService)
 
     val deviceKeyInfo = DeviceKeyInfo(cryptoService.keyMaterial.publicKey.toCoseKey().getOrThrow())
-    private var storedIssuerAuth: CoseSigned<MobileSecurityObject>? = null
+    private var storedIssuerAuth: CoseSigned<ByteStringWrapper<MobileSecurityObject>>? = null
     private var storedMdlItems: IssuerSignedList? = null
 
     fun storeMdl(deviceResponse: DeviceResponse) {
@@ -57,6 +58,7 @@ class Wallet {
         issuerAuth.payload.shouldNotBeNull()
         val mso = document.issuerSigned.issuerAuth
             .payload.shouldNotBeNull()
+            .value
 
         val mdlItems = document.issuerSigned.namespaces?.get(ConstantIndex.AtomicAttribute2023.isoNamespace)
             .shouldNotBeNull()
@@ -141,8 +143,8 @@ class Issuer {
                             ConstantIndex.AtomicAttribute2023.isoNamespace to issuerSigned
                         ),
                         issuerAuth = coseService.createSignedCose(
-                            payload = mso,
-                            serializer = MobileSecurityObject.serializer(),
+                            payload = ByteStringWrapper(mso),
+                            serializer = ByteStringWrapperSerializer(MobileSecurityObject.serializer()),
                             addKeyId = false,
                             addCertificate = true,
                         ).getOrThrow()
@@ -198,9 +200,9 @@ class Verifier {
         doc.errors.shouldBeNull()
         val issuerSigned = doc.issuerSigned
         val issuerAuth = issuerSigned.issuerAuth
-        verifierCoseService.verifyCose(issuerAuth, issuerKey, MobileSecurityObject.serializer()).isSuccess shouldBe true
+        verifierCoseService.verifyCose(issuerAuth, issuerKey, ByteStringWrapperSerializer(MobileSecurityObject.serializer())).isSuccess shouldBe true
         issuerAuth.payload.shouldNotBeNull()
-        val mso = issuerAuth.payload.shouldNotBeNull()
+        val mso = issuerAuth.payload.shouldNotBeNull().value
 
         mso.docType shouldBe ConstantIndex.AtomicAttribute2023.isoDocType
         val mdlItems = mso.valueDigests[ConstantIndex.AtomicAttribute2023.isoNamespace].shouldNotBeNull()

vck/src/commonTest/kotlin/at/asitplus/wallet/lib/iso/Tag24SerializationTest.kt

@@ -98,7 +98,7 @@ class Tag24SerializationTest : FreeSpec({
         ).getOrThrow().shouldBeInstanceOf<Issuer.IssuedCredential.Iso>()
 
         issuedCredential.issuerSigned.namespaces!!.shouldNotBeEmpty()
-        val numberOfClaims = issuedCredential.issuerSigned.namespaces!!.entries.fold(0) { acc, entry ->
+        val numberOfClaims = issuedCredential.issuerSigned.namespaces.entries.fold(0) { acc, entry ->
             acc + entry.value.entries.size
         }
         val serialized = issuedCredential.issuerSigned.serialize().encodeToString(Base16(true))
@@ -166,7 +166,7 @@ private fun MobileSecurityObject.Companion.deserializeFromIssuerAuth(it: ByteArr
 private fun deviceKeyInfo() =
     DeviceKeyInfo(CoseKey(CoseKeyType.EC2, keyParams = CoseKeyParams.EcYBoolParams(CoseEllipticCurve.P256)))
 
-private fun issuerAuth() = CoseSigned<MobileSecurityObject>(
+private fun issuerAuth() = CoseSigned<ByteStringWrapper<MobileSecurityObject>>(
     protectedHeader = ByteStringWrapper(CoseHeader()),
     unprotectedHeader = null,
     payload = null,