feat: add support for ES256 signature algorithm

Cargo.toml

@@ -8,15 +8,16 @@ tauri = { version = "=2.0.0-beta.19", features = [
     "rustls-tls",
 ] }
 
-oid4vc = { git = "https://git@github.com/impierce/openid4vc.git", rev = "7c6a6eb" }
-log = "^0.4"
-serde_json = "1.0"
-did_manager = { git = "https://github.com/impierce/did-manager.git", rev = "aacecc1" }
+did_manager = { git = "https://github.com/impierce/did-manager.git", rev = "d32ed05" }
 indoc = "2.0"
+jsonwebtoken = "9.3"
+log = "^0.4"
 rand = "0.8"
-wiremock = "0.5"
+serde_json = "1.0"
 serial_test = "2.0"
 tempfile = "3.5.0"
+oid4vc = { git = "https://git@github.com/impierce/openid4vc.git", rev = "274a3e9" }
+wiremock = "0.5"
 
 [workspace.package]
 name = "unime"

identity-wallet/Cargo.toml

@@ -6,35 +6,37 @@ rust-version = "1.75.0"
 
 [dependencies]
 tauri.workspace = true
-oid4vc.workspace = true
-log.workspace = true
-serde_json.workspace = true
-did_manager.workspace = true
 
-identity_credential = { version = "1.2.0", default-features = false, features = [
-    "validator",
-    "credential",
-    "presentation",
-] }
-identity_iota = { version = "1.2.0" }
-iota_stronghold = { version = "=2.0.0" }
-stronghold_engine = "=2.0.0"
 anyhow = "1.0"
 async-trait = "0.1"
 base64 = "0.22"
 chrono = "0.4"
 derivative = "2.2"
+did_manager.workspace = true
 downcast-rs = "1.2"
 futures = "0.3"
+identity_credential = { version = "1.2.0", default-features = false, features = [
+    "validator",
+    "credential",
+    "presentation",
+] }
+identity_iota = { version = "1.2" }
+iota_stronghold = { git = "https://github.com/iotaledger/stronghold.rs", branch = "2.0" }
 itertools = "0.10.5"
-jsonwebtoken = "8.2"
+jsonwebtoken.workspace = true
 lazy_static = "1.4.0"
+log.workspace = true
+oid4vc.workspace = true
+p256 = { version = "0.13", features = ["jwk"] }
 reqwest = { version = "0.11", default-features = false, features = [
     "json",
     "rustls-tls",
 ] }
 serde = { version = "1.0", features = ["derive"] }
+serde_json.workspace = true
 sha256 = "1.4"
+stronghold_engine = { git = "https://github.com/iotaledger/stronghold.rs", branch = "2.0" }
+stronghold_ext = { git = "https://github.com/tensor-programming/stronghold_ext", features = ["crypto"] }
 strum = { version = "0.25", features = ["derive"] }
 thiserror = "1.0"
 tokio = { version = "1.26.0", features = ["macros"] }

identity-wallet/src/state/common/reducers/unlock_storage.rs

@@ -3,7 +3,7 @@ use crate::state::actions::{listen, Action};
 use crate::state::common::actions::unlock_storage::UnlockStorage;
 use crate::state::core_utils::IdentityManager;
 use crate::state::user_prompt::CurrentUserPrompt;
-use crate::state::AppState;
+use crate::state::{AppState, SUPPORTED_SIGNING_ALGORITHMS};
 use crate::stronghold::StrongholdManager;
 use crate::subject::subject;
 
@@ -21,9 +21,18 @@ pub async fn unlock_storage(state: AppState, action: Action) -> Result<AppState,
 
         let subject = subject(stronghold_manager.clone(), password).await;
 
-        let provider_manager =
-            ProviderManager::new(subject.clone(), preferred_did_method).map_err(OID4VCProviderManagerError)?;
-        let wallet: Wallet = Wallet::new(subject.clone(), preferred_did_method).map_err(OID4VCWalletError)?;
+        let provider_manager = ProviderManager::new(
+            subject.clone(),
+            preferred_did_method,
+            Vec::from(SUPPORTED_SIGNING_ALGORITHMS),
+        )
+        .map_err(OID4VCProviderManagerError)?;
+        let wallet: Wallet = Wallet::new(
+            subject.clone(),
+            preferred_did_method,
+            Vec::from(SUPPORTED_SIGNING_ALGORITHMS),
+        )
+        .map_err(OID4VCWalletError)?;
 
         info!("loading credentials from stronghold");
         let credentials = stronghold_manager

identity-wallet/src/state/connections/reducers/handle_siopv2_authorization_request.rs

@@ -102,21 +102,17 @@ pub fn get_siopv2_client_name_and_logo_uri(
     let client_id = siopv2_authorization_request.body.client_id.clone();
 
     // Get the client_name and logo_uri from the client_metadata if it exists.
-    siopv2_authorization_request
-        .body
-        .extension
-        .client_metadata
-        .as_ref()
-        .and_then(|client_metadata| match client_metadata {
-            ClientMetadataResource::ClientMetadata {
-                client_name, logo_uri, ..
-            } => {
-                let client_name = client_name.as_ref().cloned().unwrap_or(connection_url.to_string());
-                let logo_uri = logo_uri.as_ref().map(|logo_uri| logo_uri.to_string());
-                Some((client_name, logo_uri, connection_url.to_string(), client_id.clone()))
-            }
-            _ => None,
-        })
-        // Otherwise use the connection_url as the client_name.
-        .unwrap_or((connection_url.to_string(), None, connection_url.to_string(), client_id))
+    match &siopv2_authorization_request.body.extension.client_metadata {
+        ClientMetadataResource::ClientMetadata {
+            client_name, logo_uri, ..
+        } => {
+            let client_name = client_name.as_ref().cloned().unwrap_or(connection_url.to_string());
+            let logo_uri = logo_uri.as_ref().map(|logo_uri| logo_uri.to_string());
+            Some((client_name, logo_uri, connection_url.to_string(), client_id.clone()))
+        }
+        // TODO: support `client_metadata_uri`
+        ClientMetadataResource::ClientMetadataUri(_) => None,
+    }
+    // Otherwise use the connection_url as the client_name.
+    .unwrap_or((connection_url.to_string(), None, connection_url.to_string(), client_id))
 }

identity-wallet/src/state/credentials/reducers/handle_oid4vp_authorization_request.rs

@@ -16,14 +16,18 @@ use crate::{
 
 use identity_credential::{credential::Jwt, presentation::Presentation};
 use identity_iota::did::CoreDID;
+use jsonwebtoken::Algorithm;
 use log::info;
-use oid4vc::oid4vc_core::{
-    authorization_request::{AuthorizationRequest, Object},
-    client_metadata::ClientMetadataResource,
-};
 use oid4vc::oid4vc_manager::managers::presentation::create_presentation_submission;
 use oid4vc::oid4vp::oid4vp;
 use oid4vc::oid4vp::oid4vp::OID4VP;
+use oid4vc::{
+    oid4vc_core::{
+        authorization_request::{AuthorizationRequest, Object},
+        client_metadata::ClientMetadataResource,
+    },
+    oid4vp::{ClaimFormatDesignation, ClaimFormatProperty},
+};
 
 // Sends the authorization response including the verifiable credentials.
 pub async fn handle_oid4vp_authorization_request(mut state: AppState, action: Action) -> Result<AppState, AppError> {
@@ -84,9 +88,12 @@ pub async fn handle_oid4vp_authorization_request(mut state: AppState, action: Ac
             .as_ref()
             .ok_or(MissingManagerError("identity"))?;
 
+        let (client_name, logo_uri, connection_url, client_id, algorithm) =
+            get_oid4vp_client_name_and_logo_uri(&oid4vp_authorization_request);
+
         let subject_did = identity_manager
             .subject
-            .identifier(&state.profile_settings.preferred_did_method)
+            .identifier(&state.profile_settings.preferred_did_method, algorithm)
             .await
             .expect("No default DID method");
 
@@ -125,9 +132,6 @@ pub async fn handle_oid4vp_authorization_request(mut state: AppState, action: Ac
         }
         info!("response successfully sent");
 
-        let (client_name, logo_uri, connection_url, client_id) =
-            get_oid4vp_client_name_and_logo_uri(&oid4vp_authorization_request);
-
         let did = CoreDID::parse(client_id).ok();
 
         let previously_connected = state.connections.contains(connection_url.as_str(), &client_name);
@@ -174,7 +178,7 @@ pub async fn handle_oid4vp_authorization_request(mut state: AppState, action: Ac
 /// Returns (client_name, logo_uri, connection_url, client_id)
 pub fn get_oid4vp_client_name_and_logo_uri(
     oid4vp_authorization_request: &AuthorizationRequest<Object<OID4VP>>,
-) -> (String, Option<String>, String, String) {
+) -> (String, Option<String>, String, String, Algorithm) {
     // Get the connection url from the redirect url host (or use the redirect url if it does not
     // contain a host).
     let redirect_uri = oid4vp_authorization_request.body.redirect_uri.clone();
@@ -183,21 +187,44 @@ pub fn get_oid4vp_client_name_and_logo_uri(
     let client_id = oid4vp_authorization_request.body.client_id.clone();
 
     // Get the client_name and logo_uri from the client_metadata if it exists.
-    oid4vp_authorization_request
-        .body
-        .extension
-        .client_metadata
-        .as_ref()
-        .and_then(|client_metadata| match client_metadata {
-            ClientMetadataResource::ClientMetadata {
-                client_name, logo_uri, ..
-            } => {
-                let client_name = client_name.as_ref().cloned().unwrap_or(connection_url.to_string());
-                let logo_uri = logo_uri.as_ref().map(|logo_uri| logo_uri.to_string());
-                Some((client_name, logo_uri, connection_url.to_string(), client_id.clone()))
-            }
-            _ => None,
-        })
-        // Otherwise use the connection_url as the client_name.
-        .unwrap_or((connection_url.to_string(), None, connection_url.to_string(), client_id))
+    match &oid4vp_authorization_request.body.extension.client_metadata {
+        ClientMetadataResource::ClientMetadata {
+            client_name,
+            logo_uri,
+            extension: oid4vc::oid4vp::authorization_request::ClientMetadataParameters { vp_formats },
+        } => {
+            let client_name = client_name.as_ref().cloned().unwrap_or(connection_url.to_string());
+            let logo_uri = logo_uri.as_ref().map(|logo_uri| logo_uri.to_string());
+
+            // TODO: These helper functions become more and more complicated. This functionality needs to be implemented
+            // in oid4vc-manager soon.
+            // Get the algorithm from the client_metadata if it exists or default to EdDSA.
+            let algorithm = vp_formats
+                .get(&ClaimFormatDesignation::JwtVcJson)
+                .and_then(|claim_format_property| match claim_format_property {
+                    ClaimFormatProperty::Alg(alg) => alg.first().cloned(),
+                    // TODO: implement `ProofType`.
+                    ClaimFormatProperty::ProofType(_) => None,
+                })
+                .unwrap_or(Algorithm::EdDSA);
+
+            Some((
+                client_name,
+                logo_uri,
+                connection_url.to_string(),
+                client_id.clone(),
+                algorithm,
+            ))
+        }
+        // TODO: support `client_metadata_uri`
+        ClientMetadataResource::ClientMetadataUri(_) => None,
+    }
+    // Otherwise use the connection_url as the client_name.
+    .unwrap_or((
+        connection_url.to_string(),
+        None,
+        connection_url.to_string(),
+        client_id,
+        Algorithm::EdDSA,
+    ))
 }

identity-wallet/src/state/credentials/reducers/send_credential_request.rs

@@ -135,17 +135,16 @@ pub async fn send_credential_request(mut state: AppState, action: Action) -> Res
             0 => vec![],
             1 => {
                 let credential_configuration_id = credential_configuration_ids[0].clone();
-                let credential_format = credential_configurations_supported
+
+                let credential_configuration = credential_configurations_supported
                     .get(&credential_configuration_id)
                     .ok_or(UnknownCredentialConfigurationIdError(
                         credential_configuration_id.clone(),
-                    ))?
-                    .credential_format
-                    .to_owned();
+                    ))?;
 
                 // Get the credential.
                 let credential_response = wallet
-                    .get_credential(credential_issuer_metadata, &token_response, credential_format)
+                    .get_credential(credential_issuer_metadata, &token_response, credential_configuration)
                     .await
                     .map_err(GetCredentialError)?;
 
@@ -157,16 +156,11 @@ pub async fn send_credential_request(mut state: AppState, action: Action) -> Res
                 vec![(credential_configuration_id, credential)]
             }
             _batch => {
-                let (credential_configuration_ids, credential_formats): (Vec<_>, Vec<_>) =
-                    credential_configurations_supported
-                        .into_iter()
-                        .map(|(credential_configuration_id, credential_configuration)| {
-                            (credential_configuration_id, credential_configuration.credential_format)
-                        })
-                        .unzip();
+                let (credential_configuration_ids, credential_configurations): (Vec<_>, Vec<_>) =
+                    credential_configurations_supported.into_iter().unzip();
 
                 let batch_credential_response = wallet
-                    .get_batch_credential(credential_issuer_metadata, &token_response, credential_formats)
+                    .get_batch_credential(credential_issuer_metadata, &token_response, &credential_configurations)
                     .await
                     .map_err(GetBatchCredentialError)?;
 

identity-wallet/src/state/dev_mode/reducers/ferris_static_profile.rs

@@ -11,12 +11,13 @@ use crate::{
         dev_mode::DevMode,
         profile_settings::{AppTheme, Profile},
         user_prompt::CurrentUserPrompt,
-        AppState,
+        AppState, SUPPORTED_SIGNING_ALGORITHMS,
     },
     stronghold::StrongholdManager,
     subject::subject,
 };
 
+use jsonwebtoken::Algorithm;
 use lazy_static::lazy_static;
 use log::info;
 use oid4vc::{oid4vc_core::Subject, oid4vc_manager::ProviderManager, oid4vci::Wallet};
@@ -68,9 +69,18 @@ pub async fn load_ferris_profile() -> Result<AppState, AppError> {
     };
     state.profile_settings.profile.replace(profile);
 
-    let provider_manager =
-        ProviderManager::new(subject.clone(), preferred_did_method).map_err(OID4VCProviderManagerError)?;
-    let wallet: Wallet = Wallet::new(subject.clone(), preferred_did_method).map_err(OID4VCWalletError)?;
+    let provider_manager = ProviderManager::new(
+        subject.clone(),
+        preferred_did_method,
+        Vec::from(SUPPORTED_SIGNING_ALGORITHMS),
+    )
+    .map_err(OID4VCProviderManagerError)?;
+    let wallet: Wallet = Wallet::new(
+        subject.clone(),
+        preferred_did_method,
+        Vec::from(SUPPORTED_SIGNING_ALGORITHMS),
+    )
+    .map_err(OID4VCWalletError)?;
     let identity_manager = IdentityManager {
         subject: subject.clone(),
         provider_manager,
@@ -86,10 +96,18 @@ pub async fn load_ferris_profile() -> Result<AppState, AppError> {
         .replace(identity_manager);
 
     // Producing DIDs (`did:jwk`, `did:key`)
-    let did_jwk = subject.identifier("did:jwk").await.map_err(|e| Error(e.to_string()))?;
+    let did_jwk = subject
+        // TODO: make distinction between keys using the same DID Method but different algorithms.
+        .identifier("did:jwk", Algorithm::EdDSA)
+        .await
+        .map_err(|e| Error(e.to_string()))?;
     state.dids.insert("did:jwk".to_string(), did_jwk);
 
-    let did_key = subject.identifier("did:key").await.map_err(|e| Error(e.to_string()))?;
+    let did_key = subject
+        // TODO: make distinction between keys using the same DID Method but different algorithms.
+        .identifier("did:key", Algorithm::EdDSA)
+        .await
+        .map_err(|e| Error(e.to_string()))?;
     state.dids.insert("did:key".to_string(), did_key);
 
     vec![

identity-wallet/src/state/mod.rs

@@ -24,6 +24,7 @@ use derivative::Derivative;
 use downcast_rs::{impl_downcast, DowncastSync};
 use dyn_clone::DynClone;
 use futures::Future;
+use jsonwebtoken::Algorithm;
 use serde::{Deserialize, Serialize};
 use std::collections::HashMap;
 use std::{collections::VecDeque, pin::Pin};
@@ -73,6 +74,8 @@ impl AppStateContainer {
     }
 }
 
+pub const SUPPORTED_SIGNING_ALGORITHMS: &[Algorithm] = &[Algorithm::EdDSA, Algorithm::ES256];
+
 /// The inner state of the application managed by Tauri. When the state is serialized in order to be sent to the
 /// frontend, the `managers` and `active_connection_request` fields are skipped.
 #[derive(Default, Serialize, Deserialize, Derivative, TS, Clone)]