Fix the presentation submission in the oid4vp-rs e2e test.

Cargo.toml

@@ -9,27 +9,28 @@ repository = "https://github.com/spruceid/oidc4vp-rs/"
 documentation = "https://docs.rs/oid4vp/"
 
 [features]
+default = []
 reqwest = ["dep:reqwest"]
 p256 = ["dep:p256"]
+rand = ["dep:rand"]
 
 [dependencies]
 anyhow = "1.0.75"
 async-trait = "0.1.73"
 base64 = "0.21.4"
-did-web = "0.2.2"
 http = "1.1.0"
 jsonpath_lib = "0.3.0"
 jsonschema = "0.18.0"
 p256 = { version = "0.13.2", features = ["jwk"], optional = true }
-regex = "1.10.6"
+rand = { version = "0.8.5", optional = true }
 reqwest = { version = "0.12.5", features = ["rustls-tls"], optional = true }
 serde = "1.0.188"
-serde_cbor = "0.11.2"
 serde_json = "1.0.107"
-serde_qs = "0.12.0"
 serde_urlencoded = "0.7.1"
-ssi = "0.7"
-thiserror = "1.0.49"
+ssi-claims = "0.1.0"
+ssi-dids = "0.2.0"
+ssi-jwk = { version = "0.2.1", features = ["secp256r1"] }
+ssi-verification-methods = "0.1.1"
 tokio = "1.32.0"
 tracing = "0.1.37"
 url = { version = "2.4.1", features = ["serde"] }
@@ -46,3 +47,9 @@ uuid = { version = "1.2", features = ["v4", "serde", "js"] }
 
 [target.'cfg(not(target_arch = "wasm32"))'.dependencies]
 uuid = { version = "1.2", features = ["v4", "serde"] }
+
+# For Development Purpose, patch the ssi* crates to use the local versions
+# [patch.crates-io]
+# ssi-claims = { path = "../ssi/crates/claims" }
+# ssi-dids = { path = "../ssi/crates/dids" }
+# ssi-jwk = { path = "../ssi/crates/jwk" }

src/core/authorization_request/parameters.rs

@@ -1,4 +1,4 @@
-use std::fmt;
+use std::{fmt, ops::Deref};
 
 use crate::core::{
     object::{ParsingErrorContext, TypedParameter, UntypedObject},
@@ -193,7 +193,42 @@ impl TryFrom<Json> for ClientMetadataUri {
 }
 
 #[derive(Debug, Clone, Serialize, Deserialize)]
-pub struct Nonce(pub String);
+pub struct Nonce(String);
+
+impl From<String> for Nonce {
+    fn from(value: String) -> Self {
+        Self(value)
+    }
+}
+
+impl From<&str> for Nonce {
+    fn from(value: &str) -> Self {
+        Self(value.to_string())
+    }
+}
+
+impl Deref for Nonce {
+    type Target = String;
+
+    fn deref(&self) -> &Self::Target {
+        &self.0
+    }
+}
+
+impl std::fmt::Display for Nonce {
+    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
+        self.0.fmt(f)
+    }
+}
+
+impl Nonce {
+    #[cfg(feature = "rand")]
+    pub fn random(rng: &mut impl rand::Rng) -> Self {
+        use rand::distributions::Alphanumeric;
+
+        Self((0..16).map(|_| rng.sample(Alphanumeric) as char).collect())
+    }
+}
 
 impl TypedParameter for Nonce {
     const KEY: &'static str = "nonce";

src/core/authorization_request/verification/did.rs

@@ -6,17 +6,18 @@ use crate::core::{
 use anyhow::{bail, Context, Result};
 use base64::prelude::*;
 use serde_json::{Map, Value as Json};
-use ssi::did_resolve::{resolve_key, DIDResolver};
+
+use ssi_jwk::JWKResolver;
 
 /// Default implementation of request validation for `client_id_scheme` `did`.
 pub async fn verify_with_resolver(
     wallet_metadata: &WalletMetadata,
     request_object: &AuthorizationRequestObject,
     request_jwt: String,
     trusted_dids: Option<&[String]>,
-    resolver: &dyn DIDResolver,
+    resolver: impl JWKResolver,
 ) -> Result<()> {
-    let (headers_b64, _, _) = ssi::jws::split_jws(&request_jwt)?;
+    let (headers_b64, _, _) = ssi_claims::jws::split_jws(&request_jwt)?;
 
     let headers_json_bytes = BASE64_URL_SAFE_NO_PAD
         .decode(headers_b64)
@@ -64,11 +65,12 @@ pub async fn verify_with_resolver(
         }
     }
 
-    let jwk = resolve_key(&kid, resolver)
+    let jwk = resolver
+        .fetch_public_jwk(Some(&kid))
         .await
-        .context("unable to resolve verification method from 'kid' header")?;
+        .context("unable to resolve key from verification method")?;
 
-    let _: Json = ssi::jwt::decode_verify(&request_jwt, &jwk)
+    let _: Json = ssi_claims::jwt::decode_verify(&request_jwt, &jwk)
         .context("request signature could not be verified")?;
 
     Ok(())

src/core/authorization_request/verification/mod.rs

@@ -105,9 +105,10 @@ pub(crate) async fn verify_request<W: Wallet + ?Sized>(
     wallet: &W,
     jwt: String,
 ) -> Result<AuthorizationRequestObject> {
-    let request: AuthorizationRequestObject = ssi::jwt::decode_unverified::<UntypedObject>(&jwt)
-        .context("unable to decode Authorization Request Object JWT")?
-        .try_into()?;
+    let request: AuthorizationRequestObject =
+        ssi_claims::jwt::decode_unverified::<UntypedObject>(&jwt)
+            .context("unable to decode Authorization Request Object JWT")?
+            .try_into()?;
 
     validate_request_against_metadata(wallet, &request).await?;
 

src/core/authorization_request/verification/x509_san.rs

@@ -28,7 +28,7 @@ pub fn validate<V: Verifier>(
     trusted_roots: Option<&[Certificate]>,
 ) -> Result<()> {
     let client_id = request_object.client_id().0.as_str();
-    let (headers_b64, body_b64, sig_b64) = ssi::jws::split_jws(&request_jwt)?;
+    let (headers_b64, body_b64, sig_b64) = ssi_claims::jws::split_jws(&request_jwt)?;
 
     let headers_json_bytes = BASE64_URL_SAFE_NO_PAD
         .decode(headers_b64)

src/core/metadata/mod.rs

@@ -3,7 +3,9 @@ use std::ops::{Deref, DerefMut};
 use anyhow::Error;
 use parameters::wallet::{RequestObjectSigningAlgValuesSupported, ResponseTypesSupported};
 use serde::{Deserialize, Serialize};
-use serde_json::{Map, Value as Json};
+use ssi_jwk::Algorithm;
+
+use crate::presentation_exchange::{ClaimFormatDesignation, ClaimFormatMap, ClaimFormatPayload};
 
 use self::parameters::wallet::{AuthorizationEndpoint, VpFormatsSupported};
 
@@ -39,6 +41,11 @@ impl WalletMetadata {
         &self.2
     }
 
+    /// Returns whether the claim format is supported.
+    pub fn is_claim_format_supported(&self, designation: &ClaimFormatDesignation) -> bool {
+        self.vp_formats_supported().0.contains_key(designation)
+    }
+
     /// The static wallet metadata bound to `openid4vp:`:
     /// ```json
     /// {
@@ -65,19 +72,21 @@ impl WalletMetadata {
 
         let response_types_supported = ResponseTypesSupported(vec![ResponseType::VpToken]);
 
-        let mut format_definition = Map::new();
-        format_definition.insert(
-            "alg_values_supported".to_owned(),
-            Json::Array(vec![Json::String("ES256".to_owned())]),
+        let alg_values_supported = vec![Algorithm::ES256.to_string()];
+
+        let mut vp_formats_supported = ClaimFormatMap::new();
+        vp_formats_supported.insert(
+            ClaimFormatDesignation::JwtVpJson,
+            ClaimFormatPayload::AlgValuesSupported(alg_values_supported.clone()),
+        );
+        vp_formats_supported.insert(
+            ClaimFormatDesignation::JwtVcJson,
+            ClaimFormatPayload::AlgValuesSupported(alg_values_supported.clone()),
         );
-        let format_definition = Json::Object(format_definition);
-        let mut vp_formats_supported = Map::new();
-        vp_formats_supported.insert("jwt_vp_json".to_owned(), format_definition.clone());
-        vp_formats_supported.insert("jwt_vc_json".to_owned(), format_definition.clone());
         let vp_formats_supported = VpFormatsSupported(vp_formats_supported);
 
         let request_object_signing_alg_values_supported =
-            RequestObjectSigningAlgValuesSupported(vec!["ES256".to_owned()]);
+            RequestObjectSigningAlgValuesSupported(alg_values_supported);
 
         let mut object = UntypedObject::default();
 

src/core/metadata/parameters/verifier.rs

@@ -1,11 +1,11 @@
-use anyhow::Error;
-use serde::Deserialize;
+use anyhow::{Context, Error};
+use serde::{Deserialize, Serialize};
 use serde_json::{Map, Value as Json};
 
-use crate::core::object::TypedParameter;
+use crate::{core::object::TypedParameter, presentation_exchange::ClaimFormatMap};
 
-#[derive(Debug, Clone, Deserialize)]
-pub struct VpFormats(pub Map<String, Json>);
+#[derive(Debug, Clone, Serialize, Deserialize)]
+pub struct VpFormats(pub ClaimFormatMap);
 
 impl TypedParameter for VpFormats {
     const KEY: &'static str = "vp_formats";
@@ -19,9 +19,11 @@ impl TryFrom<Json> for VpFormats {
     }
 }
 
-impl From<VpFormats> for Json {
-    fn from(value: VpFormats) -> Json {
-        value.0.into()
+impl TryFrom<VpFormats> for Json {
+    type Error = Error;
+
+    fn try_from(value: VpFormats) -> Result<Json, Self::Error> {
+        serde_json::to_value(value.0).context("Failed to serialize VpFormats")
     }
 }
 
@@ -119,6 +121,7 @@ mod test {
     use serde_json::json;
 
     use crate::core::object::UntypedObject;
+    use crate::presentation_exchange::{ClaimFormatDesignation, ClaimFormatPayload};
 
     use super::*;
 
@@ -148,9 +151,16 @@ mod test {
 
     #[test]
     fn vp_formats() {
-        let VpFormats(fnd) = metadata().get().unwrap().unwrap();
-        let exp = json!({"mso_mdoc": {}}).as_object().unwrap().clone();
-        assert_eq!(fnd, exp)
+        let VpFormats(formats) = metadata().get().unwrap().unwrap();
+
+        let mso_doc = formats
+            .get(&ClaimFormatDesignation::MsoMDoc)
+            .expect("failed to find mso doc");
+
+        assert_eq!(
+            mso_doc,
+            &ClaimFormatPayload::Json(serde_json::Value::Object(Default::default()))
+        )
     }
 
     #[test]

src/core/metadata/parameters/wallet.rs

@@ -1,9 +1,12 @@
-use crate::core::{
-    authorization_request::parameters::{ClientIdScheme, ResponseType},
-    object::TypedParameter,
+use crate::{
+    core::{
+        authorization_request::parameters::{ClientIdScheme, ResponseType},
+        object::TypedParameter,
+    },
+    presentation_exchange::ClaimFormatMap,
 };
 use anyhow::{bail, Error, Result};
-use serde_json::{Map, Value as Json};
+use serde_json::Value as Json;
 use url::Url;
 
 #[derive(Debug, Clone)]
@@ -134,7 +137,7 @@ impl From<RequestObjectSigningAlgValuesSupported> for Json {
 
 // TODO: Better types
 #[derive(Debug, Clone)]
-pub struct VpFormatsSupported(pub Map<String, Json>);
+pub struct VpFormatsSupported(pub ClaimFormatMap);
 
 impl TypedParameter for VpFormatsSupported {
     const KEY: &'static str = "vp_formats_supported";
@@ -144,13 +147,15 @@ impl TryFrom<Json> for VpFormatsSupported {
     type Error = Error;
 
     fn try_from(value: Json) -> Result<Self, Self::Error> {
-        Ok(Self(serde_json::from_value(value)?))
+        serde_json::from_value(value).map(Self).map_err(Into::into)
     }
 }
 
-impl From<VpFormatsSupported> for Json {
-    fn from(value: VpFormatsSupported) -> Json {
-        Json::Object(value.0)
+impl TryFrom<VpFormatsSupported> for Json {
+    type Error = Error;
+
+    fn try_from(value: VpFormatsSupported) -> Result<Json, Self::Error> {
+        serde_json::to_value(value.0).map_err(Into::into)
     }
 }
 
@@ -200,7 +205,10 @@ impl From<AuthorizationEncryptionEncValuesSupported> for Json {
 mod test {
     use serde_json::json;
 
-    use crate::core::object::UntypedObject;
+    use crate::{
+        core::object::UntypedObject,
+        presentation_exchange::{ClaimFormatDesignation, ClaimFormatPayload},
+    };
 
     use super::*;
 
@@ -277,8 +285,8 @@ mod test {
         let VpFormatsSupported(mut m) = metadata().get().unwrap().unwrap();
         assert_eq!(m.len(), 1);
         assert_eq!(
-            m.remove("mso_mdoc").unwrap(),
-            Json::Object(Default::default())
+            m.remove(&ClaimFormatDesignation::MsoMDoc).unwrap(),
+            ClaimFormatPayload::Json(serde_json::Value::Object(Default::default()))
         );
     }
 

src/core/object/mod.rs

@@ -13,7 +13,7 @@ pub struct UntypedObject(pub(crate) Map<String, Json>);
 // TODO: Replace anyhow error type.
 /// A strongly typed parameter that can represent metadata entries or request parameters.
 pub trait TypedParameter:
-    TryFrom<Json, Error = anyhow::Error> + Into<Json> + Clone + std::fmt::Debug
+    TryFrom<Json, Error = anyhow::Error> + TryInto<Json> + Clone + std::fmt::Debug
 {
     const KEY: &'static str;
 }
@@ -51,12 +51,15 @@ impl UntypedObject {
     /// # Errors
     /// Returns an error if there was already an entry in the Object, but it could not be parsed from JSON.
     pub fn insert<T: TypedParameter>(&mut self, t: T) -> Option<Result<T>> {
-        Some(
-            self.0
-                .insert(T::KEY.to_owned(), t.into())?
-                .try_into()
-                .map_err(Into::into),
-        )
+        match t.try_into() {
+            Err(_) => Some(Err(Error::msg("failed to parse typed parameter"))),
+            Ok(value) => Some(
+                self.0
+                    .insert(T::KEY.to_owned(), value)?
+                    .try_into()
+                    .map_err(Into::into),
+            ),
+        }
     }
 
     /// Flatten the structure for posting as a form.

src/core/response/mod.rs

@@ -53,6 +53,16 @@ impl UnencodedAuthorizationResponse {
         serde_urlencoded::to_string(inner.flatten_for_form()?)
             .context("failed to encode response as 'application/x-www-form-urlencoded'")
     }
+
+    /// Return the Verifiable Presentation Token.
+    pub fn vp_token(&self) -> &VpToken {
+        &self.1
+    }
+
+    /// Return the Presentation Submission.
+    pub fn presentation_submission(&self) -> &PresentationSubmission {
+        &self.2
+    }
 }
 
 #[derive(Debug, Clone, Serialize, Deserialize)]

src/holder/mod.rs

@@ -0,0 +1 @@
+pub mod verifiable_presentation_builder;