Skip to content

Commit

Permalink
Update Kmp-Crypto
Browse files Browse the repository at this point in the history
  • Loading branch information
n0900 committed Dec 22, 2023
1 parent 0c6ce78 commit 3633904
Show file tree
Hide file tree
Showing 22 changed files with 33 additions and 51 deletions.
2 changes: 1 addition & 1 deletion kmp-crypto
Original file line number Diff line number Diff line change
Expand Up @@ -232,7 +232,7 @@ class IssueCredentialProtocol(

// TODO Is there a way to transport the format, i.e. JWT-VC or SD-JWT?
val cryptoPublicKey =
requestCredentialAttachment.credentialManifest.subject?.let { kotlin.runCatching { CryptoPublicKey.fromKeyId(it) }.getOrNull()}
requestCredentialAttachment.credentialManifest.subject?.let { kotlin.runCatching { CryptoPublicKey.fromDid(it) }.getOrNull()}
?: senderKey.toCryptoPublicKey().getOrNull()
?: return problemReporter.problemInternal(lastMessage.threadId, "no-sender-key")
val issuedCredentials = issuer?.issueCredential(
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,7 @@ class MessageWrapper(
val message = JsonWebMessage.deserialize(payloadString)
?: return ReceivedMessage.Error
.also { Napier.w("Could not parse plain message") }
return ReceivedMessage.Success(message, joseObject.header.publicKey?.toJsonWebKey()?.getOrNull()!!)
return ReceivedMessage.Success(message, joseObject.header.publicKey?.toJsonWebKey())
}
return ReceivedMessage.Error
.also { Napier.w("ContentType not matching") }
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ package at.asitplus.wallet.lib.aries

import at.asitplus.KmmResult
import at.asitplus.crypto.datatypes.CryptoPublicKey
import at.asitplus.crypto.datatypes.jws.jwkId
import at.asitplus.crypto.datatypes.jws.toJsonWebKey
import at.asitplus.wallet.lib.agent.ClaimToBeIssued
import at.asitplus.wallet.lib.agent.CredentialToBeIssued
Expand Down Expand Up @@ -31,8 +32,7 @@ class DummyCredentialDataProvider(
if (credentialScheme != ConstantIndex.AtomicAttribute2023) {
return KmmResult.failure(UnsupportedOperationException("no data"))
}
val subjectId = subjectPublicKey.toJsonWebKey()
.fold(onSuccess = { it.keyId!! }, onFailure = { return KmmResult.failure(it) })
val subjectId = subjectPublicKey.didEncoded
val expiration = clock.now() + defaultLifetime
val claims = listOf(
ClaimToBeIssued("given-name", "Susanne"),
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ class PresentProofMessengerTest : FreeSpec() {
issuerCryptoService = DefaultCryptoService()
holderCredentialStore = InMemorySubjectCredentialStore()
holder = HolderAgent.newDefaultInstance(holderCryptoService, subjectCredentialStore = holderCredentialStore)
verifier = VerifierAgent.newDefaultInstance(verifierCryptoService.jsonWebKey.identifier)
verifier = VerifierAgent.newDefaultInstance(verifierCryptoService.publicKey.didEncoded)
issuer = IssuerAgent.newDefaultInstance(issuerCryptoService, dataProvider = DummyCredentialDataProvider())
verifierChallenge = uuid4().toString()
holderServiceEndpoint = "https://example.com/present-proof?${uuid4()}"
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ class PresentProofProtocolTest : FreeSpec({
holderCryptoService = DefaultCryptoService()
verifierCryptoService = DefaultCryptoService()
holder = HolderAgent.newDefaultInstance(holderCryptoService)
verifier = VerifierAgent.newDefaultInstance(verifierCryptoService.jsonWebKey.identifier)
verifier = VerifierAgent.newDefaultInstance(verifierCryptoService.publicKey.didEncoded)
holderProtocol = PresentProofProtocol.newHolderInstance(
holder = holder,
serviceEndpoint = "https://example.com/",
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -180,7 +180,7 @@ class OidcSiopVerifier(
)
val metadata = RelyingPartyMetadata(
redirectUris = arrayOf(relyingPartyUrl),
jsonWebKeySet = JsonWebKeySet(arrayOf(agentPublicKey.toJsonWebKey().getOrNull()!!)),
jsonWebKeySet = JsonWebKeySet(arrayOf(agentPublicKey.toJsonWebKey())),
subjectSyntaxTypesSupported = arrayOf(URN_TYPE_JWK_THUMBPRINT, PREFIX_DID_KEY),
vpFormats = vpFormats,
)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -221,9 +221,9 @@ class OidcSiopWallet(
val now = clock.now()
// we'll assume jwk-thumbprint
val idToken = IdToken(
issuer = agentPublicKey.toJsonWebKey().getOrNull()!!.jwkThumbprint,
subject = agentPublicKey.toJsonWebKey().getOrNull()!!.jwkThumbprint,
subjectJwk = agentPublicKey.toJsonWebKey().getOrNull()!!,
issuer = agentPublicKey.toJsonWebKey().jwkThumbprint,
subject = agentPublicKey.toJsonWebKey().jwkThumbprint,
subjectJwk = agentPublicKey.toJsonWebKey(),
audience = params.redirectUrl,
issuedAt = now,
expiration = now + 60.seconds,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@ class DummyCredentialDataProvider(
val expiration = clock.now() + defaultLifetime
val credentials = mutableListOf<CredentialToBeIssued>()
if (credentialScheme == ConstantIndex.AtomicAttribute2023) {
val subjectId = subjectPublicKey.toJsonWebKey().getOrNull()!!.identifier
val subjectId = subjectPublicKey.didEncoded
val claims = listOfNotNull(
optionalClaim(claimNames, "given-name", "Susanne"),
optionalClaim(claimNames, "family-name", "Meier"),
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ class OidcSiopIsoProtocolTest : FreeSpec({
relyingPartyUrl = "https://example.com/rp/${uuid4()}"
walletUrl = "https://example.com/wallet/${uuid4()}"
holderAgent = HolderAgent.newDefaultInstance(holderCryptoService)
verifierAgent = VerifierAgent.newDefaultInstance(verifierCryptoService.jsonWebKey.identifier)
verifierAgent = VerifierAgent.newDefaultInstance(verifierCryptoService.publicKey.didEncoded)
runBlocking {
val issuerAgent = IssuerAgent.newDefaultInstance(
DefaultCryptoService(),
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@ class OidcSiopProtocolTest : FreeSpec({
relyingPartyUrl = "https://example.com/rp/${uuid4()}"
walletUrl = "https://example.com/wallet/${uuid4()}"
holderAgent = HolderAgent.newDefaultInstance(holderCryptoService)
verifierAgent = VerifierAgent.newDefaultInstance(verifierCryptoService.jsonWebKey.identifier)
verifierAgent = VerifierAgent.newDefaultInstance(verifierCryptoService.publicKey.didEncoded)
runBlocking {
holderAgent.storeCredentials(
IssuerAgent.newDefaultInstance(
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ class OidcSiopSdJwtProtocolTest : FreeSpec({
relyingPartyUrl = "https://example.com/rp/${uuid4()}"
walletUrl = "https://example.com/wallet/${uuid4()}"
holderAgent = HolderAgent.newDefaultInstance(holderCryptoService)
verifierAgent = VerifierAgent.newDefaultInstance(verifierCryptoService.jsonWebKey.identifier)
verifierAgent = VerifierAgent.newDefaultInstance(verifierCryptoService.publicKey.didEncoded)
runBlocking {
holderAgent.storeCredentials(
IssuerAgent.newDefaultInstance(
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@ class HolderAgent(
subjectCredentialStore = subjectCredentialStore,
jwsService = DefaultJwsService(cryptoService),
coseService = DefaultCoseService(cryptoService),
identifier = cryptoService.publicKey.keyId,
identifier = cryptoService.publicKey.didEncoded,
)

/**
Expand All @@ -53,7 +53,7 @@ class HolderAgent(
subjectCredentialStore = subjectCredentialStore,
jwsService = DefaultJwsService(cryptoService),
coseService = DefaultCoseService(cryptoService),
identifier = cryptoService.publicKey.keyId,
identifier = cryptoService.publicKey.didEncoded,
)
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -63,7 +63,7 @@ class IssuerAgent(
jwsService = DefaultJwsService(cryptoService),
coseService = DefaultCoseService(cryptoService),
dataProvider = dataProvider,
identifier = cryptoService.jsonWebKey.identifier,
identifier = cryptoService.publicKey.didEncoded,
timePeriodProvider = timePeriodProvider,
clock = clock,
)
Expand Down Expand Up @@ -225,16 +225,7 @@ class IssuerAgent(
val vcId = "urn:uuid:${uuid4()}"
val expirationDate = credential.expiration
val timePeriod = timePeriodProvider.getTimePeriodFor(issuanceDate)
val subjectId = subjectPublicKey.toJsonWebKey().getOrElse {
return Issuer.IssuedCredentialResult(
failed = listOf(
Issuer.FailedAttribute(
scheme.vcType,
DataSourceProblem("subjectPublicKey transformation error")
)
)
).also { Napier.w("subjectPublicKey could not be transformed to a JWK") }
}.keyId ?: return Issuer.IssuedCredentialResult(
val subjectId = subjectPublicKey.toJsonWebKey().keyId ?: return Issuer.IssuedCredentialResult(
failed = listOf(
Issuer.FailedAttribute(
scheme.vcType,
Expand Down Expand Up @@ -268,9 +259,7 @@ class IssuerAgent(
disclosureDigests = disclosureDigests,
type = arrayOf(VcDataModelConstants.VERIFIABLE_CREDENTIAL, scheme.vcType),
selectiveDisclosureAlgorithm = "sha-256",
confirmationKey = subjectPublicKey.toJsonWebKey().getOrElse { return Issuer.IssuedCredentialResult(
failed = listOf(Issuer.FailedAttribute(scheme.vcType, DataSourceProblem("confirmationKey transformation failed")))
).also { Napier.w("Could not transform subjectPublicKey to JWK") } },
confirmationKey = subjectPublicKey.toJsonWebKey(),
credentialStatus = credentialStatus,
).serialize().encodeToByteArray()
// TODO Which content type to use for SD-JWT inside an JWS?
Expand Down Expand Up @@ -372,6 +361,4 @@ class IssuerAgent(
expiration = expirationDate,
jwtId = id
)


}
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,7 @@ class VerifierAgent private constructor(
*/
fun newRandomInstance(): VerifierAgent = VerifierAgent(
validator = Validator.newDefaultInstance(),
identifier = DefaultCryptoService().jsonWebKey.identifier,
identifier = DefaultCryptoService().publicKey.didEncoded,
)
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,7 @@ class DefaultCoseService(private val cryptoService: CryptoService) : CoseService
): KmmResult<CoseSigned> {
var copyProtectedHeader = protectedHeader.copy(algorithm = cryptoService.algorithm.toCoseAlgorithm())
if (addKeyId) copyProtectedHeader =
copyProtectedHeader.copy(kid = cryptoService.jsonWebKey.identifier.encodeToByteArray())
copyProtectedHeader.copy(kid = cryptoService.publicKey.didEncoded.encodeToByteArray())

val copyUnprotectedHeader = if (addCertificate) {
(unprotectedHeader ?: CoseHeader()).copy(certificateChain = cryptoService.certificate.encodeToDer())
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -67,7 +67,7 @@ class DefaultJwsService(private val cryptoService: CryptoService) : JwsService {
): JwsSigned? {
val jwsHeader = JwsHeader(
algorithm = cryptoService.algorithm.toJwsAlgorithm(),
keyId = cryptoService.publicKey.keyId,
keyId = cryptoService.publicKey.didEncoded,
type = type,
contentType = contentType
)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ class AgentRevocationTest : FreeSpec({
dataProvider = DummyCredentialDataProvider()
)
verifierCryptoService = DefaultCryptoService()
verifier = VerifierAgent.newDefaultInstance(verifierCryptoService.jsonWebKey.identifier)
verifier = VerifierAgent.newDefaultInstance(verifierCryptoService.publicKey.didEncoded)
expectedRevokedIndexes = issuerCredentialStore.revokeRandomCredentials()
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ class DummyCredentialDataProvider(
ClaimToBeIssued("family-name", "Meier"),
ClaimToBeIssued("date-of-birth", "1990-01-01"),
)
val subjectId = subjectPublicKey.toJsonWebKey().getOrNull()!!.identifier
val subjectId = subjectPublicKey.didEncoded
val credentials = when (representation) {
ConstantIndex.CredentialRepresentation.SD_JWT -> listOf(
CredentialToBeIssued.VcSd(
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@ class ValidatorVcTest : FreeSpec() {
)
issuerJwsService = DefaultJwsService(issuerCryptoService)
verifierCryptoService = DefaultCryptoService()
verifier = VerifierAgent.newDefaultInstance(verifierCryptoService.jsonWebKey.identifier)
verifier = VerifierAgent.newDefaultInstance(verifierCryptoService.publicKey.didEncoded)
}

"credentials are valid for" {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -72,7 +72,7 @@ actual class DefaultCryptoService : CryptoService {
override val certificate: X509Certificate

override val jsonWebKey: JsonWebKey
get() = publicKey.toJsonWebKey().getOrNull()!!
get() = publicKey.toJsonWebKey()

override val coseKey: CoseKey
get() = publicKey.toCoseKey(CoseAlgorithm.ES256).getOrNull()!!
Expand Down Expand Up @@ -221,8 +221,7 @@ actual class DefaultVerifierCryptoService : VerifierCryptoService {

data class DefaultEphemeralKeyHolder(val publicKey: SecKeyRef, val privateKey: SecKeyRef? = null) : EphemeralKeyHolder {

override val publicJsonWebKey = CryptoPublicKey.Ec.fromAnsiX963Bytes((CFBridgingRelease(SecKeyCopyExternalRepresentation(publicKey, null)) as NSData).toByteArray()).toJsonWebKey().getOrThrow()

override val publicJsonWebKey = CryptoPublicKey.Ec.fromAnsiX963Bytes((CFBridgingRelease(SecKeyCopyExternalRepresentation(publicKey, null)) as NSData).toByteArray()).toJsonWebKey()
}

inline fun MemScope.toData(array: ByteArray): NSData =
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -58,7 +58,7 @@ actual open class DefaultCryptoService : CryptoService {
this.privateKey = keyPair.private
this.algorithm = CryptoAlgorithm.ES256
this.publicKey = CryptoPublicKey.fromJcaPublicKey(keyPair.public).getOrThrow()
this.jsonWebKey = publicKey.toJsonWebKey().getOrThrow()
this.jsonWebKey = publicKey.toJsonWebKey()
this.coseKey = publicKey.toCoseKey(algorithm.toCoseAlgorithm()).getOrThrow()
this.certificate = generateSelfSignedCertificate()
}
Expand All @@ -73,7 +73,7 @@ actual open class DefaultCryptoService : CryptoService {
this.privateKey = keyPair.private
this.algorithm = algorithm
this.publicKey = CryptoPublicKey.fromJcaPublicKey(keyPair.public).getOrThrow()
this.jsonWebKey = publicKey.toJsonWebKey().getOrThrow()
this.jsonWebKey = publicKey.toJsonWebKey()
this.coseKey = publicKey.toCoseKey(algorithm.toCoseAlgorithm()).getOrThrow()
this.certificate =
certificate?.let { X509Certificate.decodeFromDer(it.encoded) } ?: generateSelfSignedCertificate()
Expand Down Expand Up @@ -110,11 +110,7 @@ actual open class DefaultCryptoService : CryptoService {
initSign(privateKey)
update(input)
}.sign()
//In Java EC signatures are returned as DER-encoded, RSA signatures however are raw bytearrays
if (algorithm.isEc)
CryptoSignature.decodeFromDer(sig)
else
CryptoSignature.RSAorHMAC(sig)
CryptoSignature.parseFromJca(sig, algorithm)
}.wrap()

override fun encrypt(
Expand Down Expand Up @@ -207,8 +203,8 @@ open class JvmEphemeralKeyHolder(private val ecCurve: EcCurve) : EphemeralKeyHol
val keyPair: KeyPair =
KeyPairGenerator.getInstance("EC").also { it.initialize(ecCurve.keyLengthBits.toInt()) }.genKeyPair()

override val publicJsonWebKey by lazy {
CryptoPublicKey.fromJcaPublicKey(keyPair.public).transform { it.toJsonWebKey() }.getOrNull()
override val publicJsonWebKey: JsonWebKey? by lazy {
CryptoPublicKey.fromJcaPublicKey(keyPair.public).map { it.toJsonWebKey() }.getOrNull()
}

}

0 comments on commit 3633904

Please sign in to comment.