Feature/signature services

dif-data-classes/src/commonMain/kotlin/at/asitplus/dif/InputDescriptor.kt

@@ -2,8 +2,8 @@
 
 package at.asitplus.dif
 
-import at.asitplus.dif.rqes.Base64URLTransactionDataSerializer
-import at.asitplus.dif.rqes.TransactionDataEntry
+import at.asitplus.dif.rqes.Serializer.Base64URLTransactionDataSerializer
+import at.asitplus.dif.rqes.CollectionEntries.TransactionData
 import com.benasher44.uuid.uuid4
 import kotlinx.serialization.SerialName
 import kotlinx.serialization.Serializable
@@ -63,13 +63,6 @@ data class QesInputDescriptor(
     @SerialName("constraints")
     override val constraints: Constraint? = null,
     @SerialName("transaction_data")
-    val transactionData: List<@Serializable(Base64URLTransactionDataSerializer::class) TransactionDataEntry>,
+    val transactionData: List<@Serializable(Base64URLTransactionDataSerializer::class) TransactionData>,
 ) : InputDescriptor
 
-
-object InputDescriptorSerializer : JsonContentPolymorphicSerializer<InputDescriptor>(InputDescriptor::class) {
-    override fun selectDeserializer(element: JsonElement) = when {
-        "transaction_data" in element.jsonObject -> QesInputDescriptor.serializer()
-        else -> DifInputDescriptor.serializer()
-    }
-}

dif-data-classes/src/commonMain/kotlin/at/asitplus/dif/InputDescriptorSerializer.kt

@@ -0,0 +1,13 @@
+package at.asitplus.dif
+
+import kotlinx.serialization.json.JsonContentPolymorphicSerializer
+import kotlinx.serialization.json.JsonElement
+import kotlinx.serialization.json.jsonObject
+
+
+object InputDescriptorSerializer : JsonContentPolymorphicSerializer<InputDescriptor>(InputDescriptor::class) {
+    override fun selectDeserializer(element: JsonElement) = when {
+        "transaction_data" in element.jsonObject -> QesInputDescriptor.serializer()
+        else -> DifInputDescriptor.serializer()
+    }
+}

dif-data-classes/src/commonMain/kotlin/at/asitplus/dif/rqes/CollectionEntries/Document.kt

@@ -0,0 +1,111 @@
+package at.asitplus.dif.rqes.CollectionEntries
+
+import at.asitplus.dif.rqes.Enums.ConformanceLevelEnum
+import at.asitplus.dif.rqes.Enums.SignatureFormat
+import at.asitplus.dif.rqes.Enums.SignedEnvelopeProperty
+import at.asitplus.dif.rqes.Serializer.Asn1EncodableBase64Serializer
+import at.asitplus.signum.indispensable.Digest
+import at.asitplus.signum.indispensable.SignatureAlgorithm
+import at.asitplus.signum.indispensable.X509SignatureAlgorithm
+import at.asitplus.signum.indispensable.asn1.Asn1Element
+import at.asitplus.signum.indispensable.asn1.ObjectIdentifier
+import at.asitplus.signum.indispensable.asn1.encoding.Asn1
+import at.asitplus.signum.indispensable.io.ByteArrayBase64Serializer
+import io.github.aakira.napier.Napier
+import kotlinx.serialization.SerialName
+import kotlinx.serialization.Serializable
+import kotlinx.serialization.Transient
+import kotlinx.serialization.json.JsonObject
+
+/**
+ * CSC: Class used as part of [SignatureRequestParameters]
+ */
+@Serializable
+data class Document(
+    /**
+     * base64-encoded document content to be signed, testcases weird so for now string
+     */
+    @SerialName("document")
+    @Serializable(ByteArrayBase64Serializer::class)
+    val document: ByteArray,
+
+    /**
+     * Requested Signature Format
+     */
+    @SerialName("signature_format")
+    val signatureFormat: SignatureFormat,
+
+    /**
+     * Requested conformance level. If omitted its value is "Ades-B-B"
+     */
+    @SerialName("conformance_level")
+    val conformanceLevel: ConformanceLevelEnum? = null,
+
+    /**
+     * The OID of the algorithm to use for signing
+     */
+    @SerialName("signAlgo")
+    val signAlgoOid: ObjectIdentifier,
+
+    /**
+     * The Base64-encoded DER-encoded ASN.1 signature parameters
+     */
+    @SerialName("signAlgoParams")
+    @Serializable(Asn1EncodableBase64Serializer::class)
+    val signAlgoParams: Asn1Element? = null,
+
+    /**
+     * Defined in CSC v2.0.0.2 P. 81
+     * Defines a second way to encode all attributes, none of which are necessary
+     * Will be ignored until use-case arises
+     */
+    @SerialName("signed_props")
+    val signedProps: List<JsonObject>? = null,
+
+    /**
+     * if omitted/null it is assumed to have value
+     * `SignedEnvelopeProperty.defaultProperty(signatureFormat)`
+     */
+    @SerialName("signed_envelope_property")
+    val signedEnvelopeProperty: SignedEnvelopeProperty? = null,
+) {
+    @Transient
+    val signAlgorithm: SignatureAlgorithm? =
+        kotlin.runCatching {
+            X509SignatureAlgorithm.doDecode(Asn1.Sequence {
+                +signAlgoOid
+                +(signAlgoParams ?: Asn1.Null())
+            }).also {
+                require(it.digest != Digest.SHA1)
+            }.algorithm
+        }.getOrElse {
+            Napier.w { "Could not resolve $signAlgoOid" }
+            null
+        }
+
+    override fun equals(other: Any?): Boolean {
+        if (this === other) return true
+        if (other == null || this::class != other::class) return false
+
+        other as Document
+
+        if (!document.contentEquals(other.document)) return false
+        if (signatureFormat != other.signatureFormat) return false
+        if (conformanceLevel != other.conformanceLevel) return false
+        if (signAlgoOid != other.signAlgoOid) return false
+        if (signAlgoParams != other.signAlgoParams) return false
+        if (signedProps != other.signedProps) return false
+
+        return true
+    }
+
+    override fun hashCode(): Int {
+        var result = document.contentHashCode()
+        result = 31 * result + signatureFormat.hashCode()
+        result = 31 * result + conformanceLevel.hashCode()
+        result = 31 * result + signAlgoOid.hashCode()
+        result = 31 * result + (signAlgoParams?.hashCode() ?: 0)
+        result = 31 * result + (signedProps?.hashCode() ?: 0)
+        return result
+    }
+}

dif-data-classes/src/commonMain/kotlin/at/asitplus/dif/rqes/CollectionEntries/DocumentDigestEntries/CscDocumentDigest.kt

@@ -0,0 +1,147 @@
+package at.asitplus.dif.rqes.CollectionEntries.DocumentDigestEntries
+
+import at.asitplus.dif.rqes.Enums.ConformanceLevelEnum
+import at.asitplus.dif.rqes.Enums.SignatureFormat
+import at.asitplus.dif.rqes.Enums.SignedEnvelopeProperty
+import at.asitplus.dif.rqes.Hashes
+import at.asitplus.dif.rqes.Serializer.Asn1EncodableBase64Serializer
+import at.asitplus.dif.rqes.contentEquals
+import at.asitplus.dif.rqes.contentHashCode
+import at.asitplus.signum.indispensable.Digest
+import at.asitplus.signum.indispensable.SignatureAlgorithm
+import at.asitplus.signum.indispensable.X509SignatureAlgorithm
+import at.asitplus.signum.indispensable.asn1.Asn1Element
+import at.asitplus.signum.indispensable.asn1.ObjectIdentifier
+import at.asitplus.signum.indispensable.asn1.encoding.Asn1
+import io.github.aakira.napier.Napier
+import io.ktor.util.reflect.*
+import kotlinx.serialization.SerialName
+import kotlinx.serialization.Serializable
+import kotlinx.serialization.Transient
+import kotlinx.serialization.json.JsonObject
+
+
+/**
+ * CSC: Class used as part of [SignatureRequestParameters]
+ * TODO finish member description
+ */
+@Serializable
+data class CscDocumentDigest(
+    /**
+     * One or more hash values representing one or more SDRs. This
+     * parameter SHALL contain the Base64-encoded hash(es) of the
+     * documents to be signed.
+     * Does not use hashes serializer as it is defined as array of string instead of string.
+     */
+    @SerialName("hashes")
+    val hashes: Hashes,
+
+    /**
+     * Hashing algorithm OID used to calculate document(s) hash(es). This
+     * parameter MAY be omitted or ignored if the hash algorithm is
+     * implicitly specified by the signAlgo algorithm. Only hashing algorithms
+     * as strong or stronger than SHA256 SHALL be used
+     */
+    @SerialName("hashAlgorithmOID")
+    val hashAlgorithmOid: ObjectIdentifier? = null,
+
+    /**
+     * Requested Signature Format
+     */
+    @SerialName("signature_format")
+    val signatureFormat: SignatureFormat,
+
+    /**
+     * Requested conformance level. If omitted its value is "AdES-B-B"
+     */
+    @SerialName("conformance_level")
+    val conformanceLevel: ConformanceLevelEnum? = null,
+
+    /**
+     * The OID of the algorithm to use for signing
+     */
+    @SerialName("signAlgo")
+    val signAlgoOid: ObjectIdentifier,
+
+    /**
+     * The Base64-encoded DER-encoded ASN.1 signature algorithm parameters if required by
+     * the signature algorithm - Necessary for RSASSA-PSS for example
+     */
+    @SerialName("signAlgoParams")
+    @Serializable(with = Asn1EncodableBase64Serializer::class)
+    val signAlgoParams: Asn1Element? = null,
+
+    /**
+     * Defined in CSC v2.0.0.2 P. 81
+     * Defines a second way to encode all attributes, none of which are necessary
+     * Will be ignored until use-case arises
+     */
+    @SerialName("signed_props")
+    val signedProps: List<JsonObject>? = null,
+
+    /**
+     * if omitted/null it is assumed to have value
+     * `SignedEnvelopeProperty.defaultProperty(signatureFormat)`
+     */
+    @SerialName("signed_envelope_property")
+    val signedEnvelopeProperty: SignedEnvelopeProperty? = null,
+) {
+
+    @Transient
+    val signAlgorithm: SignatureAlgorithm? =
+        kotlin.runCatching {
+            X509SignatureAlgorithm.doDecode(Asn1.Sequence {
+                +signAlgoOid
+                +(signAlgoParams ?: Asn1.Null())
+            }).also {
+                require(it.digest != Digest.SHA1)
+            }.algorithm
+        }.getOrElse {
+            Napier.w { "Could not resolve $signAlgoOid" }
+            null
+        }
+
+    @Transient
+    val hashAlgorithm: Digest = hashAlgorithmOid?.let {
+        Digest.entries.find { digest -> digest.oid == it }
+    } ?: when(signAlgorithm) {
+        //TODO change as soon as digest is a member of the interface
+        is SignatureAlgorithm.ECDSA -> signAlgorithm.digest
+        is SignatureAlgorithm.HMAC -> signAlgorithm.digest
+        is SignatureAlgorithm.RSA -> signAlgorithm.digest
+        null -> null
+    } ?: throw Exception("Unknown hashing algorithm in $hashAlgorithmOid and $signAlgoOid")
+
+    override fun equals(other: Any?): Boolean {
+        if (this === other) return true
+        if (other == null || this::class != other::class) return false
+
+        other as CscDocumentDigest
+
+        if (!hashes.contentEquals(other.hashes)) return false
+        if (hashAlgorithmOid != other.hashAlgorithmOid) return false
+        if (signatureFormat != other.signatureFormat) return false
+        if (conformanceLevel != other.conformanceLevel) return false
+        if (signAlgoOid != other.signAlgoOid) return false
+        if (signAlgoParams != other.signAlgoParams) return false
+        if (signedProps != other.signedProps) return false
+        if (signedEnvelopeProperty != other.signedEnvelopeProperty) return false
+
+        return true
+    }
+
+    override fun hashCode(): Int {
+        var result = hashes.contentHashCode()
+        result = 31 * result + (hashAlgorithmOid?.hashCode() ?: 0)
+        result = 31 * result + signatureFormat.hashCode()
+        result = 31 * result + conformanceLevel.hashCode()
+        result = 31 * result + signAlgoOid.hashCode()
+        result = 31 * result + (signAlgoParams?.hashCode() ?: 0)
+        result = 31 * result + (signedProps?.hashCode() ?: 0)
+        result = 31 * result + signedEnvelopeProperty.hashCode()
+        return result
+    }
+}
+
+
+

openid-data-classes/src/commonMain/kotlin/at/asitplus/openid/DocumentDigestCSCEntry.kt → dif-data-classes/src/commonMain/kotlin/at/asitplus/dif/rqes/CollectionEntries/DocumentDigestEntries/OAuthDocumentDigest.kt

@@ -1,14 +1,15 @@
-package at.asitplus.openid
+package at.asitplus.dif.rqes.CollectionEntries.DocumentDigestEntries
 
 import at.asitplus.signum.indispensable.io.ByteArrayBase64Serializer
 import kotlinx.serialization.SerialName
 import kotlinx.serialization.Serializable
 
 /**
  * CSC: Entry for document to be signed
+ * Used as part of [AuthorizationDetails]
  */
 @Serializable
-data class DocumentDigestCSCEntry (
+data class OAuthDocumentDigest (
     /**
      * CSC: Conditional String containing the actual Base64-
      * encoded octet-representation of the hash of the document
@@ -28,7 +29,7 @@ data class DocumentDigestCSCEntry (
         if (this === other) return true
         if (other == null || this::class != other::class) return false
 
-        other as DocumentDigestCSCEntry
+        other as OAuthDocumentDigest
 
         if (!hash.contentEquals(other.hash)) return false
         if (label != other.label) return false