Package-level declarations

Types

Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
interface CodeService
Link copied to clipboard

Provide authentication and authorization for credential issuance.

Link copied to clipboard

Provides the actual data of the user as a credential that shall be issued

Link copied to clipboard
data class CredentialDataProviderInput(val userInfo: OidcUserInfoExtended, val subjectPublicKey: CryptoPublicKey, val credentialScheme: ConstantIndex.CredentialScheme, val credentialRepresentation: ConstantIndex.CredentialRepresentation)

Input for CredentialDataProviderFun to resolve the actual data of the user:

Link copied to clipboard
class CredentialIssuer(authorizationService: OAuth2AuthorizationServerAdapter, issuer: Issuer = IssuerAgent(), keyMaterial: Set<KeyMaterial> = setOf(issuer.keyMaterial), cryptoAlgorithms: Set<SignatureAlgorithm> = keyMaterial.map { it.signatureAlgorithm }.toSet(), credentialSchemes: Set<ConstantIndex.CredentialScheme>, publicContext: String = "https://wallet.a-sit.at/credential-issuer", credentialEndpointPath: String = "/credential", nonceEndpointPath: String = "/nonce", credentialProvider: CredentialIssuerDataProvider = FallbackCredentialIssuerDataProvider(), verifyJwsObject: VerifyJwsObjectFun = VerifyJwsObject(), supportedAlgorithms: Collection<JwsAlgorithm.Signature> = listOf(JwsAlgorithm.Signature.ES256), clock: Clock = System, timeLeeway: Duration = 5.minutes, verifyAttestationProof: (JwsSigned<KeyAttestationJwt>) -> Boolean = { true }, requireKeyAttestation: Boolean = false, clientNonceService: NonceService = DefaultNonceService(), encryptCredentialRequest: EncryptJweFun = EncryptJwe(EphemeralKeyWithoutCert()), requireEncryption: Boolean = false, supportedJweAlgorithms: Set<JweAlgorithm> = setOf(JweAlgorithm.ECDH_ES), supportedJweEncryptionAlgorithms: Set<JweEncryption> = setOf(JweEncryption.A256GCM), proofValidator: ProofValidator = ProofValidator( publicContext = publicContext, verifyJwsObject = verifyJwsObject, supportedAlgorithms = supportedAlgorithms, clock = clock, timeLeeway = timeLeeway, verifyAttestationProof = verifyAttestationProof, requireKeyAttestation = requireKeyAttestation, clientNonceService = clientNonceService, ))

Server implementation to issue credentials using OID4VCI.

Link copied to clipboard
Link copied to clipboard

Adapter for deprecated code, to be removed 5.8.0

Link copied to clipboard
Link copied to clipboard
class DefaultMapStore<T, U> : MapStore<T, U>

Holds simple map in memory, protected with a Mutex, to ensure a basic form of thread-safety.

Link copied to clipboard

Holds valid random values in memory, protected with a Mutex, to ensure a basic form of thread-safety.

Link copied to clipboard
Link copied to clipboard
interface MapStore<T, U>

Provides a simple map of keys of type T to values of type U. Mainly used in OID4VCI to hold state in at.asitplus.wallet.lib.oauth2.SimpleAuthorizationService and WalletService. Can be implemented to provide replication across different instances of the enclosing application.

Link copied to clipboard
interface NonceService

Provides generation, storage and validation of challenges used throughout the code, e.g. as challenges for presentation of credentials. Can be implemented to provide replication across different instances of the enclosing application.

Link copied to clipboard

Used in OID4VCI by CredentialIssuer to obtain user data when issuing credentials using OID4VCI.

Link copied to clipboard
fun interface OAuth2DataProvider

Interface used in CredentialAuthorizationServiceStrategy to actually load user data during the OAuth 2.0 flow, after an authn request (see AuthenticationRequestParameters) has been validated.

Link copied to clipboard
@Serializable
data class OAuth2Error(val error: String, val errorDescription: String? = null, val errorUri: String? = null, val state: String? = null)

Source: https://openid.net/specs/openid-4-verifiable-credential-issuance-1_0.html OpenID for Verifiable Credential Issuance Published: 3 February 2023

Link copied to clipboard
@Serializable
sealed class OAuth2Exception : Throwable
Link copied to clipboard
object OAuth2ExceptionSerializer : JsonContentPolymorphicSerializer<OAuth2Exception>
Link copied to clipboard
fun interface OAuth2LoadUserFun

Interface used in at.asitplus.wallet.lib.oauth2.AuthorizationService to actually load user data during the OAuth 2.0 flow, after an authn request (see AuthenticationRequestParameters) has been validated.

Link copied to clipboard
Link copied to clipboard
typealias Parameters = Map<String, String>
Link copied to clipboard
class ProofValidator(publicContext: String = "https://wallet.a-sit.at/credential-issuer", verifyJwsObject: VerifyJwsObjectFun = VerifyJwsObject(), supportedAlgorithms: Collection<JwsAlgorithm.Signature> = listOf(JwsAlgorithm.Signature.ES256), clock: Clock = Clock.System, timeLeeway: Duration = 5.minutes, verifyAttestationProof: (JwsSigned<KeyAttestationJwt>) -> Boolean = { true }, requireKeyAttestation: Boolean = false, clientNonceService: NonceService = DefaultNonceService())

Server implementation to issue credentials using OID4VCI.

Link copied to clipboard
class WalletService(val clientId: String = "https://wallet.a-sit.at/app", redirectUrl: String = "/callback", keyMaterial: KeyMaterial = EphemeralKeyWithoutCert(), remoteResourceRetriever: RemoteResourceRetrieverFunction = { null }, loadKeyAttestation: suspend (WalletService.KeyAttestationInput) -> KmmResult<JwsSigned<KeyAttestationJwt>>? = null, requestEncryption: Boolean = false, decryptionKeyMaterial: KeyMaterial? = null, supportedJweAlgorithm: JweAlgorithm = JweAlgorithm.ECDH_ES, supportedJweEncryptionAlgorithm: JweEncryption = JweEncryption.A256GCM, val oauth2Client: OAuth2Client = OAuth2Client(clientId, redirectUrl))

Client service to retrieve credentials using OID4VCI

Properties

Link copied to clipboard
val json: Json

Functions

Link copied to clipboard
inline fun <T> Parameters.decode(): T
Link copied to clipboard
inline fun <T> String.decodeFromPostBody(): T
Link copied to clipboard
inline fun <T> String.decodeFromUrlQuery(): T
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard

Returns true if the other authorization detail is semantically the same, i.e. it has either the same OpenIdAuthorizationDetails.credentialConfigurationId or the same OpenIdAuthorizationDetails.format plus format-specific properties.

Link copied to clipboard

Empty strings can not be decoded by decodeURLQueryComponent, so we'll need to filter it.