Skip to content

Commit

Permalink
Remove didkit, rename crate, add missing metadata.
Browse files Browse the repository at this point in the history
  • Loading branch information
@cobward
cobward committed Oct 13, 2023
1 parent 4d3f29e commit da43e65
Show file tree
Hide file tree
Showing 10 changed files with 74 additions and 50 deletions.
6 changes: 3 additions & 3 deletions Cargo.toml
View file
Original file line number Diff line number Diff line change
@@ -1,19 +1,18 @@
[package]
name = "oidc4vp"
name = "oid4vp"
version = "0.1.0"
edition = "2021"
authors = ["Spruce Systems, Inc."]
license = "MIT OR Apache-2.0"
description = "OpenID Connect for Verifiable Presentations"
repository = "https://github.com/spruceid/oidc4vp-rs/"
documentation = "https://docs.rs/oidc4vp/"
documentation = "https://docs.rs/oid4vp/"

[dependencies]
anyhow = "1.0.75"
async-trait = "0.1.73"
base64 = "0.21.4"
did-web = "0.2.2"
didkit = "0.6.0"
isomdl = { git = "https://[email protected]/spruceid/isomdl", rev = "b2324b7" }
josekit = { git = "https://github.com/cobward/josekit-rs", rev = "635c8a7" }
p256 = { version = "0.13.2", features = ["jwk"] }
Expand All @@ -23,6 +22,7 @@ serde_cbor = "0.11.2"
serde_json = "1.0.107"
serde_qs = "0.12.0"
serde_urlencoded = "0.7.1"
ssi = "0.7.0"
thiserror = "1.0.49"
tracing = "0.1.37"
url = { version = "2.4.1", features = ["serde"] }
Expand Down
25 changes: 3 additions & 22 deletions src/core/authorization_request/verification/did.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,27 +5,8 @@ use crate::core::{
};
use anyhow::{bail, Context, Result};
use base64::prelude::*;
use didkit::{resolve_key, DIDResolver};
use serde_json::{Map, Value as Json};

/// Default implementation of request verification for `client_id_scheme` `did`.
///
/// Uses the default didkit [DIDResolver].
pub async fn verify(
wallet_metadata: &WalletMetadata,
request_object: &AuthorizationRequestObject,
request_jwt: String,
trusted_dids: Option<&[String]>,
) -> Result<()> {
verify_with_resolver(
wallet_metadata,
request_object,
request_jwt,
trusted_dids,
didkit::DID_METHODS.to_resolver(),
)
.await
}
use ssi::did_resolve::{resolve_key, DIDResolver};

/// Default implementation of request validation for `client_id_scheme` `did`.
pub async fn verify_with_resolver(
Expand All @@ -35,7 +16,7 @@ pub async fn verify_with_resolver(
trusted_dids: Option<&[String]>,
resolver: &dyn DIDResolver,
) -> Result<()> {
let (headers_b64, _, _) = didkit::ssi::jws::split_jws(&request_jwt)?;
let (headers_b64, _, _) = ssi::jws::split_jws(&request_jwt)?;

let headers_json_bytes = BASE64_URL_SAFE_NO_PAD
.decode(headers_b64)
Expand Down Expand Up @@ -87,7 +68,7 @@ pub async fn verify_with_resolver(
.await
.context("unable to resolve verification method from 'kid' header")?;

let _: Json = didkit::ssi::jwt::decode_verify(&request_jwt, &jwk)
let _: Json = ssi::jwt::decode_verify(&request_jwt, &jwk)
.context("request signature could not be verified")?;

Ok(())
Expand Down
7 changes: 3 additions & 4 deletions src/core/authorization_request/verification/mod.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -74,10 +74,9 @@ pub(crate) async fn verify_request<WP: WalletProfile + ?Sized>(
profile: &WP,
jwt: String,
) -> Result<AuthorizationRequestObject> {
let request: AuthorizationRequestObject =
didkit::ssi::jwt::decode_unverified::<UntypedObject>(&jwt)
.context("unable to decode Authorization Request Object JWT")?
.try_into()?;
let request: AuthorizationRequestObject = ssi::jwt::decode_unverified::<UntypedObject>(&jwt)
.context("unable to decode Authorization Request Object JWT")?
.try_into()?;

let client_id_scheme = request.client_id_scheme();

Expand Down
2 changes: 1 addition & 1 deletion src/core/authorization_request/verification/x509_san_dns.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ pub fn validate<V: Verifier>(
trusted_roots: Option<&[Certificate]>,
) -> Result<()> {
let client_id = request_object.client_id().0.as_str();
let (headers_b64, body_b64, sig_b64) = didkit::ssi::jws::split_jws(&request_jwt)?;
let (headers_b64, body_b64, sig_b64) = ssi::jws::split_jws(&request_jwt)?;

let headers_json_bytes = BASE64_URL_SAFE_NO_PAD
.decode(headers_b64)
Expand Down
2 changes: 1 addition & 1 deletion src/core/authorization_request/verification/x509_san_uri.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ pub fn validate<V: Verifier>(
trusted_roots: Option<&[Certificate]>,
) -> Result<()> {
let client_id = request_object.client_id().0.as_str();
let (headers_b64, body_b64, sig_b64) = didkit::ssi::jws::split_jws(&request_jwt)?;
let (headers_b64, body_b64, sig_b64) = ssi::jws::split_jws(&request_jwt)?;

let headers_json_bytes = BASE64_URL_SAFE_NO_PAD
.decode(headers_b64)
Expand Down
56 changes: 56 additions & 0 deletions src/core/metadata/parameters/verifier.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,48 @@ impl From<RequireSignedRequestObject> for Json {
}
}

#[derive(Debug, Clone)]
pub struct AuthorizationEncryptedResponseAlg(pub String);

impl TypedParameter for AuthorizationEncryptedResponseAlg {
const KEY: &'static str = "authorization_encrypted_response_alg";
}

impl TryFrom<Json> for AuthorizationEncryptedResponseAlg {
type Error = Error;

fn try_from(value: Json) -> Result<Self, Self::Error> {
Ok(Self(serde_json::from_value(value)?))
}
}

impl From<AuthorizationEncryptedResponseAlg> for Json {
fn from(value: AuthorizationEncryptedResponseAlg) -> Json {
Json::String(value.0)
}
}

#[derive(Debug, Clone)]
pub struct AuthorizationEncryptedResponseEnc(pub String);

impl TypedParameter for AuthorizationEncryptedResponseEnc {
const KEY: &'static str = "authorization_encrypted_response_enc";
}

impl TryFrom<Json> for AuthorizationEncryptedResponseEnc {
type Error = Error;

fn try_from(value: Json) -> Result<Self, Self::Error> {
Ok(Self(serde_json::from_value(value)?))
}
}

impl From<AuthorizationEncryptedResponseEnc> for Json {
fn from(value: AuthorizationEncryptedResponseEnc) -> Json {
Json::String(value.0)
}
}

#[cfg(test)]
mod test {
use serde_json::json;
Expand Down Expand Up @@ -109,4 +151,18 @@ mod test {
let RequireSignedRequestObject(b) = metadata().get().unwrap().unwrap();
assert_eq!(b, exp);
}

#[test]
fn authorization_encrypted_response_alg() {
let exp = "ECDH-ES";
let AuthorizationEncryptedResponseAlg(s) = metadata().get().unwrap().unwrap();
assert_eq!(s, exp);
}

#[test]
fn authorization_encrypted_response_enc() {
let exp = "A256GCM";
let AuthorizationEncryptedResponseEnc(s) = metadata().get().unwrap().unwrap();
assert_eq!(s, exp);
}
}
16 changes: 2 additions & 14 deletions src/core/verifier/builder/mod.rs
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
use anyhow::{bail, Context, Result};
use didkit::{DIDResolver, DID_METHODS};
use ssi::did_resolve::DIDResolver;
use tracing::{debug, warn};
use url::Url;
use x509_cert::{
Expand Down Expand Up @@ -117,18 +117,6 @@ impl<S: RequestSigner> SessionBuilder<S> {
self
}

/// Configure the [ClientId] and set the [ClientIdScheme] to `did`.
///
/// Uses the default didkit [DIDResolver].
pub async fn with_did_client_id<T: RequestSigner>(
self,
vm: String,
signer: T,
) -> Result<SessionBuilder<T>> {
self.with_did_client_id_and_resolver(vm, signer, DID_METHODS.to_resolver())
.await
}

/// Configure the [ClientId] and set the [ClientIdScheme] to `did`.
pub async fn with_did_client_id_and_resolver<T: RequestSigner>(
self,
Expand All @@ -140,7 +128,7 @@ impl<S: RequestSigner> SessionBuilder<S> {
"expected a DID verification method, received '{vm}'"
))?;

let key = didkit::resolve_key(&vm, resolver)
let key = ssi::did_resolve::resolve_key(&vm, resolver)
.await
.context("unable to resolve key from verification method")?;

Expand Down
2 changes: 1 addition & 1 deletion src/core/verifier/request_signer.rs
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
use anyhow::Result;
use async_trait::async_trait;
use didkit::JWK;
use p256::ecdsa::{signature::Signer, Signature, SigningKey};
use ssi::jwk::JWK;

#[async_trait]
pub trait RequestSigner {
Expand Down
2 changes: 1 addition & 1 deletion src/mdl_request.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,10 +5,10 @@ use crate::{
},
utils::NonEmptyVec,
};
use didkit::ssi::jwk::JWK;
use isomdl::definitions::helpers::NonEmptyMap;
use serde::{Deserialize, Serialize};
use serde_json::{json, Value};
use ssi::jwk::JWK;
use std::collections::BTreeMap;
use x509_cert::der::referenced::OwnedToRef;
use x509_cert::der::Decode;
Expand Down
6 changes: 3 additions & 3 deletions src/utils.rs
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,4 @@
use anyhow;
use didkit::ssi::jws::Error as JwsError;
use isomdl::definitions::helpers::non_empty_map::Error as NonEmptyMapError;
use isomdl::definitions::Error as IsomdlDefinitionError;
use isomdl::presentation::reader::oid4vp::Error as IsomdlError;
Expand All @@ -8,6 +7,7 @@ use josekit::JoseError;
use reqwest::Error as ReqwestError;
use serde::{Deserialize, Serialize};
use serde_cbor::Error as CborError;
use ssi::jws::Error as JwsError;
use std::ops::Deref;

// #[derive(Clone)]
Expand Down Expand Up @@ -200,8 +200,8 @@ impl From<x509_cert::der::Error> for Openid4vpError {
}
}

impl From<didkit::ssi::jwk::Error> for Openid4vpError {
fn from(_value: didkit::ssi::jwk::Error) -> Self {
impl From<ssi::jwk::Error> for Openid4vpError {
fn from(_value: ssi::jwk::Error) -> Self {
Openid4vpError::InvalidRequest
}
}
Expand Down

0 comments on commit da43e65

Please sign in to comment.