feat: add default_subject_syntax_type

impierce · Apr 11, 2024 · 986af6e · 986af6e
1 parent 3a9dc39
commit 986af6e
Show file tree

Hide file tree

Showing 10 changed files with 59 additions and 36 deletions.
diff --git a/oid4vc-manager/src/managers/presentation.rs b/oid4vc-manager/src/managers/presentation.rs
@@ -9,7 +9,7 @@ use oid4vp::{
 // TODO: make VP/VC fromat agnostic. In current form only jwt_vp_json + jwt_vc_json are supported.
 pub fn create_presentation_submission(
     presentation_definition: &PresentationDefinition,
-    credentials: Vec<serde_json::Value>,
+    credentials: &[serde_json::Value],
 ) -> Result<PresentationSubmission> {
     let id = "Submission ID".to_string();
     let definition_id = presentation_definition.id().clone();

diff --git a/oid4vc-manager/src/managers/relying_party.rs b/oid4vc-manager/src/managers/relying_party.rs
@@ -3,7 +3,7 @@ use oid4vc_core::{
     authorization_request::{AuthorizationRequest, Object},
     authorization_response::AuthorizationResponse,
     openid4vc_extension::{Extension, ResponseHandle},
-    Subject,
+    Subject, SubjectSyntaxType,
 };
 use siopv2::RelyingParty;
 use std::sync::Arc;
@@ -14,9 +14,12 @@ pub struct RelyingPartyManager {
 }
 
 impl RelyingPartyManager {
-    pub fn new(subject: Arc<dyn Subject>, subject_syntax_type: String) -> Result<Self> {
+    pub fn new(
+        subject: Arc<dyn Subject>,
+        default_subject_syntax_type: impl TryInto<SubjectSyntaxType>,
+    ) -> Result<Self> {
         Ok(Self {
-            relying_party: RelyingParty::new(subject, subject_syntax_type)?,
+            relying_party: RelyingParty::new(subject, default_subject_syntax_type)?,
         })
     }
 

diff --git a/oid4vc-manager/src/methods/key_method.rs b/oid4vc-manager/src/methods/key_method.rs
@@ -151,8 +151,7 @@ mod tests {
             .unwrap();
 
         // Let the relying party validate the authorization_response.
-        let relying_party_manager =
-            RelyingPartyManager::new(Arc::new(KeySubject::new()), "did:key".to_string()).unwrap();
+        let relying_party_manager = RelyingPartyManager::new(Arc::new(KeySubject::new()), "did:key").unwrap();
         assert!(relying_party_manager
             .validate_response(&authorization_response)
             .await

diff --git a/oid4vc-manager/tests/oid4vci/authorization_code.rs b/oid4vc-manager/tests/oid4vci/authorization_code.rs
@@ -41,7 +41,7 @@ async fn test_authorization_code_flow() {
     let subject_did = subject.identifier("did:key").unwrap();
 
     // Create a new wallet.
-    let wallet = Wallet::new(Arc::new(subject), "did:key".to_string());
+    let wallet = Wallet::new(Arc::new(subject), "did:key").unwrap();
 
     // Get the credential issuer url.
     let credential_issuer_url = credential_issuer

diff --git a/oid4vc-manager/tests/oid4vci/pre_authorized_code.rs b/oid4vc-manager/tests/oid4vci/pre_authorized_code.rs
@@ -45,7 +45,7 @@ async fn test_pre_authorized_code_flow(#[case] batch: bool, #[case] by_reference
     let subject_did = subject.identifier("did:key").unwrap();
 
     // Create a new wallet.
-    let wallet: Wallet = Wallet::new(Arc::new(subject), "did:key".to_string());
+    let wallet: Wallet = Wallet::new(Arc::new(subject), "did:key").unwrap();
 
     // Get the credential offer url.
     let credential_offer_query = credential_issuer

diff --git a/oid4vc-manager/tests/oid4vp/implicit.rs b/oid4vc-manager/tests/oid4vp/implicit.rs
@@ -89,7 +89,7 @@ async fn test_implicit_flow() {
     // Create a new relying party.
     let relying_party = Arc::new(KeySubject::new());
     let relying_party_did = relying_party.identifier("did:key").unwrap();
-    let relying_party_manager = RelyingPartyManager::new(relying_party, "did:key".to_string()).unwrap();
+    let relying_party_manager = RelyingPartyManager::new(relying_party, "did:key").unwrap();
 
     // Create authorization request with response_type `id_token vp_token`
     let authorization_request = AuthorizationRequest::<Object<OID4VP>>::builder()
@@ -134,7 +134,7 @@ async fn test_implicit_flow() {
     // Create presentation submission using the presentation definition and the verifiable credential.
     let presentation_submission = create_presentation_submission(
         &PRESENTATION_DEFINITION,
-        vec![serde_json::to_value(&verifiable_credential).unwrap()],
+        &vec![serde_json::to_value(&verifiable_credential).unwrap()],
     )
     .unwrap();
 

diff --git a/oid4vc-manager/tests/siopv2/implicit.rs b/oid4vc-manager/tests/siopv2/implicit.rs
@@ -24,6 +24,7 @@ use wiremock::{
     Mock, MockServer, ResponseTemplate,
 };
 
+/// A Subject that can sign and verify messages with multiple different DID Methods.
 pub struct MultiDidMethodSubject {
     pub test_subject: TestSubject,
     pub key_subject: KeySubject,
@@ -38,8 +39,12 @@ impl Sign for MultiDidMethodSubject {
         }
     }
 
-    fn sign(&self, message: &str, _subject_syntax_type: &str) -> anyhow::Result<Vec<u8>> {
-        self.test_subject.sign(message, _subject_syntax_type)
+    fn sign(&self, message: &str, subject_syntax_type: &str) -> anyhow::Result<Vec<u8>> {
+        match subject_syntax_type {
+            "did:test" => self.test_subject.sign(message, subject_syntax_type),
+            "did:key" => self.key_subject.sign(message, subject_syntax_type),
+            _ => Err(anyhow::anyhow!("Unsupported DID method.")),
+        }
     }
 
     fn external_signer(&self) -> Option<Arc<dyn ExternalSign>> {
@@ -95,8 +100,11 @@ lazy_static! {
     );
 }
 
+#[rstest::rstest]
+#[case("did:key")]
+#[case("did:test")]
 #[tokio::test]
-async fn test_implicit_flow() {
+async fn test_implicit_flow(#[case] did_method: &str) {
     // Create a new mock server and retreive it's url.
     let mock_server = MockServer::start().await;
     let server_url = mock_server.uri();
@@ -111,20 +119,22 @@ async fn test_implicit_flow() {
         key_subject: KeySubject::from_keypair(generate::<Ed25519KeyPair>(None), None),
     };
 
+    let client_id = subject.identifier(did_method).unwrap();
+
     // Create a new relying party manager.
-    let relying_party_manager = RelyingPartyManager::new(Arc::new(subject), "did:test".to_string()).unwrap();
+    let relying_party_manager = RelyingPartyManager::new(Arc::new(subject), did_method).unwrap();
 
     // Create a new RequestUrl with response mode `direct_post` for cross-device communication.
     let authorization_request: AuthorizationRequest<Object<SIOPv2>> = AuthorizationRequest::<Object<SIOPv2>>::builder()
-        .client_id("did:test:relyingparty".to_string())
+        .client_id(&client_id)
         .scope(Scope::from(vec![ScopeValue::OpenId, ScopeValue::Phone]))
         .redirect_uri(format!("{server_url}/redirect_uri").parse::<url::Url>().unwrap())
         .response_mode("direct_post".to_string())
         .client_metadata(ClientMetadataResource::<ClientMetadataParameters>::ClientMetadata {
             client_name: None,
             logo_uri: None,
             extension: ClientMetadataParameters {
-                subject_syntax_types_supported: vec![SubjectSyntaxType::Did(DidMethod::from_str("did:test").unwrap())],
+                subject_syntax_types_supported: vec![SubjectSyntaxType::Did(DidMethod::from_str(did_method).unwrap())],
             },
         })
         .claims(
@@ -162,17 +172,20 @@ async fn test_implicit_flow() {
     // Create a new storage for the user's claims.
     let storage = MemoryStorage::new(serde_json::from_value(USER_CLAIMS.clone()).unwrap());
 
-    // Create a new subject and validator.
-    let subject = TestSubject::new("did:test:subject".to_string(), "did:test:subject#key_id".to_string()).unwrap();
+    // Create a new subject.
+    let subject = MultiDidMethodSubject {
+        test_subject: TestSubject::new("did:test:subject".to_string(), "did:test:subject#key_id".to_string()).unwrap(),
+        key_subject: KeySubject::from_keypair(generate::<Ed25519KeyPair>(None), None),
+    };
 
     // Create a new provider manager.
-    let provider_manager = ProviderManager::new(Arc::new(subject), "did:test").unwrap();
+    let provider_manager = ProviderManager::new(Arc::new(subject), did_method).unwrap();
 
     // Create a new RequestUrl which includes a `request_uri` pointing to the mock server's `request_uri` endpoint.
     let authorization_request = AuthorizationRequest::<ByReference> {
         custom_url_scheme: "openid".to_string(),
         body: ByReference {
-            client_id: "did:test:relyingparty".to_string(),
+            client_id,
             request_uri: format!("{server_url}/request_uri").parse::<url::Url>().unwrap(),
         },
     };

diff --git a/oid4vci/src/credential_issuer/credential_configurations_supported.rs b/oid4vci/src/credential_issuer/credential_configurations_supported.rs
@@ -10,7 +10,7 @@ use serde_with::skip_serializing_none;
 
 /// Credentials Supported object as described here: https://openid.net/specs/openid-4-verifiable-credential-issuance-1_0-13.html#section-11.2.3-2.11.1
 #[skip_serializing_none]
-#[derive(Serialize, Deserialize, Debug, Clone, PartialEq, Eq)]
+#[derive(Serialize, Deserialize, Debug, Clone, PartialEq, Eq, Default)]
 pub struct CredentialConfigurationsSupportedObject<CFC = CredentialFormats<WithParameters>>
 where
     CFC: CredentialFormatCollection,

diff --git a/oid4vci/src/wallet/mod.rs b/oid4vci/src/wallet/mod.rs
@@ -12,6 +12,7 @@ use crate::proof::{KeyProofType, ProofType};
 use crate::{credential_response::CredentialResponse, token_request::TokenRequest, token_response::TokenResponse};
 use anyhow::Result;
 use oid4vc_core::authentication::subject::SigningSubject;
+use oid4vc_core::SubjectSyntaxType;
 use reqwest::Url;
 use reqwest_middleware::{ClientBuilder, ClientWithMiddleware};
 use reqwest_retry::policies::ExponentialBackoff;
@@ -23,23 +24,28 @@ where
     CFC: CredentialFormatCollection,
 {
     pub subject: SigningSubject,
-    pub default_subject_syntax_type: String,
+    pub default_subject_syntax_type: SubjectSyntaxType,
     pub client: ClientWithMiddleware,
     phantom: std::marker::PhantomData<CFC>,
 }
 
 impl<CFC: CredentialFormatCollection + DeserializeOwned> Wallet<CFC> {
-    pub fn new(subject: SigningSubject, default_subject_syntax_type: String) -> Self {
+    pub fn new(
+        subject: SigningSubject,
+        default_subject_syntax_type: impl TryInto<SubjectSyntaxType>,
+    ) -> anyhow::Result<Self> {
         let retry_policy = ExponentialBackoff::builder().build_with_max_retries(5);
         let client = ClientBuilder::new(reqwest::Client::new())
             .with(RetryTransientMiddleware::new_with_policy(retry_policy))
             .build();
-        Self {
+        Ok(Self {
             subject,
-            default_subject_syntax_type,
+            default_subject_syntax_type: default_subject_syntax_type
+                .try_into()
+                .map_err(|_| anyhow::anyhow!("Invalid did method"))?,
             client,
             phantom: std::marker::PhantomData,
-        }
+        })
     }
 
     pub async fn get_credential_offer(&self, credential_offer_uri: Url) -> Result<CredentialOfferParameters> {
@@ -107,7 +113,7 @@ impl<CFC: CredentialFormatCollection + DeserializeOwned> Wallet<CFC> {
             // TODO: must be `form`, but `AuthorizationRequest needs to be able to serilalize properly.
             .json(&AuthorizationRequest {
                 response_type: "code".to_string(),
-                client_id: self.subject.identifier(&self.default_subject_syntax_type)?,
+                client_id: self.subject.identifier(&self.default_subject_syntax_type.to_string())?,
                 redirect_uri: None,
                 scope: None,
                 state: None,
@@ -143,7 +149,7 @@ impl<CFC: CredentialFormatCollection + DeserializeOwned> Wallet<CFC> {
                 KeyProofType::builder()
                     .proof_type(ProofType::Jwt)
                     .signer(self.subject.clone())
-                    .iss(self.subject.identifier(&self.default_subject_syntax_type)?)
+                    .iss(self.subject.identifier(&self.default_subject_syntax_type.to_string())?)
                     .aud(credential_issuer_metadata.credential_issuer)
                     .iat(1571324800)
                     .exp(9999999999i64)
@@ -155,7 +161,7 @@ impl<CFC: CredentialFormatCollection + DeserializeOwned> Wallet<CFC> {
                             .ok_or(anyhow::anyhow!("No c_nonce found."))?
                             .clone(),
                     )
-                    .subject_syntax_type(&self.default_subject_syntax_type)
+                    .subject_syntax_type(self.default_subject_syntax_type.to_string())
                     .build()?,
             ),
         };
@@ -181,7 +187,7 @@ impl<CFC: CredentialFormatCollection + DeserializeOwned> Wallet<CFC> {
             KeyProofType::builder()
                 .proof_type(ProofType::Jwt)
                 .signer(self.subject.clone())
-                .iss(self.subject.identifier(&self.default_subject_syntax_type)?)
+                .iss(self.subject.identifier(&self.default_subject_syntax_type.to_string())?)
                 .aud(credential_issuer_metadata.credential_issuer)
                 .iat(1571324800)
                 .exp(9999999999i64)
@@ -193,7 +199,7 @@ impl<CFC: CredentialFormatCollection + DeserializeOwned> Wallet<CFC> {
                         .ok_or(anyhow::anyhow!("No c_nonce found."))?
                         .clone(),
                 )
-                .subject_syntax_type(&self.default_subject_syntax_type)
+                .subject_syntax_type(self.default_subject_syntax_type.to_string())
                 .build()?,
         );
 

diff --git a/siopv2/src/relying_party.rs b/siopv2/src/relying_party.rs
@@ -7,24 +7,26 @@ use oid4vc_core::{
     authorization_response::AuthorizationResponse,
     jwt,
     openid4vc_extension::{Extension, ResponseHandle},
-    Validator,
+    SubjectSyntaxType, Validator,
 };
 use std::collections::HashMap;
 
 pub struct RelyingParty {
     // TODO: Strictly speaking a relying party doesn't need to have a [`Subject`]. It just needs methods to
     // sign and verify tokens. For simplicity we use a [`Subject`] here for now but we should consider a cleaner solution.
     pub subject: SigningSubject,
-    pub default_subject_syntax_type: String,
+    pub default_subject_syntax_type: SubjectSyntaxType,
     pub sessions: HashMap<(String, String), AuthorizationRequest<Object<SIOPv2>>>,
 }
 
 impl RelyingParty {
     // TODO: Use RelyingPartyBuilder instead.
-    pub fn new(subject: SigningSubject, default_subject_syntax_type: String) -> Result<Self> {
+    pub fn new(subject: SigningSubject, default_subject_syntax_type: impl TryInto<SubjectSyntaxType>) -> Result<Self> {
         Ok(RelyingParty {
             subject,
-            default_subject_syntax_type,
+            default_subject_syntax_type: default_subject_syntax_type
+                .try_into()
+                .map_err(|_| anyhow::anyhow!("Invalid did method."))?,
             sessions: HashMap::new(),
         })
     }
@@ -34,7 +36,7 @@ impl RelyingParty {
             self.subject.clone(),
             Header::new(Algorithm::EdDSA),
             authorization_request,
-            &self.default_subject_syntax_type,
+            &self.default_subject_syntax_type.to_string(),
         )
     }