CredentialIssuer
constructor(statusListTokenResolver: StatusListTokenResolver? = null, authorizationService: OAuth2AuthorizationServerAdapter, issuer: Issuer, keyMaterial: Set<KeyMaterial> = setOf(issuer.keyMaterial), cryptoAlgorithms: Set<SignatureAlgorithm> = keyMaterial.map { it.signatureAlgorithm }.toSet(), credentialSchemes: Set<ConstantIndex.CredentialScheme>, publicContext: String = "https://wallet.a-sit.at/credential-issuer", credentialEndpointPath: String = "/credential", nonceEndpointPath: String = "/nonce", requireKeyAttestation: Boolean = false, proofValidator: ProofValidator = ProofValidator(
publicContext = publicContext,
requireKeyAttestation = requireKeyAttestation,
verifyAttestationProof = {
val tokenStatusValid = runCatching {
it.payload.status?.get(StatusListInfo.SerialNames.STATUS_LIST_INFO)?.let { statusList ->
Json.decodeFromJsonElement<StatusListInfo>(statusList).let { statusListInfo ->
if (statusListTokenResolver?.toTokenStatusResolver()
?.invoke(statusListInfo as RevocationListInfo)
?.getOrThrow() == TokenStatus.Invalid
) throw Throwable("TokenStatus invalid")
}
}
}.isSuccess
val signatureValid = runCatching {
VerifyJwsObject().verifyJwsSignature(it, it.header.publicKey!!).isSuccess
}.getOrDefault(false)
return@ProofValidator (tokenStatusValid && signatureValid)
}
), signMetadata: SignJwtFun<IssuerMetadata> = SignJwt(EphemeralKeyWithoutCert(), JwsHeaderCertOrJwk()), encryptionService: IssuerEncryptionService = IssuerEncryptionService(), credentialSchemeMapper: CredentialSchemeMapper = DefaultCredentialSchemeMapper())(source)