vck/at.asitplus.wallet.lib.agent

Package-level declarations

Types

Link copied to clipboard
data class ClaimToBeIssued(val name: String, val value: Any, val selectivelyDisclosable: Boolean = true)

Represents a claim that shall be issued to the holder, i.e. serialized into the appropriate credential format.

Link copied to clipboard
Link copied to clipboard
sealed class CredentialToBeIssued
Link copied to clipboard
interface EphemeralKeyHolder
Link copied to clipboard
class EphemeralKeyWithoutCert(val key: EphemeralKey = EphemeralKey { ec { curve = ECCurve.SECP_256_R_1 digests = setOf(Digest.SHA256) } }.getOrThrow(), val customKeyId: String? = null) : KeyMaterial, Signer

Generate new key material with a random key, e.g. used in tests

Link copied to clipboard
class EphemeralKeyWithSelfSignedCert(val key: EphemeralKey = EphemeralKey { ec { curve = ECCurve.SECP_256_R_1 digests = setOf(Digest.SHA256) } }.getOrThrow(), extensions: List<X509CertificateExtension> = listOf(), val customKeyId: String? = null, val lifetimeInSeconds: Long = 30) : KeyWithSelfSignedCert, Signer

Generate new key material with a random key, and a self-signed certificate, e.g. used in tests

Link copied to clipboard
class FixedTimeClock(epochMilliseconds: Long) : Clock
Link copied to clipboard
Link copied to clipboard
interface Holder

Summarizes operations for a Holder in the sense of the W3C VC Data Model.

Link copied to clipboard
class HolderAgent(val keyMaterial: KeyMaterial, subjectCredentialStore: SubjectCredentialStore = InMemorySubjectCredentialStore(), validator: Validator = Validator(), signVerifiablePresentation: SignJwtFun<VerifiablePresentationJws> = SignJwt( keyMaterial, JwsHeaderKeyId(), ), signKeyBinding: SignJwtFun<KeyBindingJws> = SignJwt(keyMaterial, JwsHeaderNone()), verifiablePresentationFactory: VerifiablePresentationFactory = VerifiablePresentationFactory(keyMaterial.identifier, signVerifiablePresentation, signKeyBinding), difInputEvaluator: PresentationExchangeInputEvaluator = PresentationExchangeInputEvaluator) : Holder

An agent that only implements Holder, i.e. it can receive credentials from other agents and present credentials to other agents.

Link copied to clipboard
class InMemoryIssuerCredentialStore(val tokenStatusBitSize: TokenStatusBitSize = TokenStatusBitSize.ONE) : IssuerCredentialStore
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
interface Issuer : ReferencedTokenIssuer<CredentialToBeIssued, KmmResult<Issuer.IssuedCredential>> , StatusIssuer<JwsSigned<StatusListTokenPayload>, CoseSigned<StatusListTokenPayload>> , StatusProvider<StatusListToken>

Summarizes operations for an Issuer in the sense of the W3C VC Data Model.

Link copied to clipboard
class IssuerAgent(val keyMaterial: KeyMaterial = EphemeralKeyWithoutCert(), validator: Validator = Validator(), issuerCredentialStore: IssuerCredentialStore = InMemoryIssuerCredentialStore(), statusListBaseUrl: String = "https://wallet.a-sit.at/backend/credentials/status", statusListAggregationUrl: String? = null, zlibService: ZlibService = DefaultZlibService(), revocationListLifetime: Duration = 48.hours, clock: Clock = Clock.System, val cryptoAlgorithms: Set<SignatureAlgorithm> = setOf(keyMaterial.signatureAlgorithm), timePeriodProvider: TimePeriodProvider = FixedTimePeriodProvider, identifier: String = keyMaterial.identifier, signIssuedSdJwt: SignJwtFun<JsonObject> = SignJwt(keyMaterial, JwsHeaderCertOrJwk()), signIssuedVc: SignJwtFun<VerifiableCredentialJws> = SignJwt(keyMaterial, JwsHeaderKeyId()), signStatusListJwt: SignJwtFun<StatusListTokenPayload> = SignJwt(keyMaterial, JwsHeaderCertOrJwk()), signMobileSecurityObject: SignCoseFun<MobileSecurityObject> = SignCose(keyMaterial, CoseHeaderNone(), CoseHeaderCertificate()), signStatusListCwt: SignCoseFun<StatusListTokenPayload> = SignCose(keyMaterial, CoseHeaderKeyId(), CoseHeaderCertificate())) : Issuer

An agent that only implements Issuer, i.e. it issues credentials for other agents.

Link copied to clipboard
interface IssuerCredentialStore

Stores all issued credentials, keeps track of the index for the revocation list

Link copied to clipboard
interface KeyMaterial : Signer

Abstracts the management of key material away from cryptographic functions.

Link copied to clipboard
class KeyStoreMaterial @JvmOverloads constructor(keyStore: KeyStore, keyAlias: String, privateKeyPassword: CharArray, providerName: String? = null, certAlias: String? = null, val customKeyId: String? = null) : SignerBasedKeyMaterial

KeyMaterial based on an initialized, loaded KeyStore object.

Link copied to clipboard
abstract class KeyWithSelfSignedCert(extensions: List<X509CertificateExtension>, val customKeyId: String? = null, val lifetimeInSeconds: Long = 30) : KeyMaterial
Link copied to clipboard
class Parser(timeLeewaySeconds: Long = 300, clock: Clock = Clock.System)

Parses Verifiable Credentials and Verifiable Presentations. Does not verify the cryptographic authenticity of the data. Does not verify the revocation status of the data.

Link copied to clipboard
typealias PathAuthorizationValidator = (credential: SubjectCredentialStore.StoreEntry, attributePath: NormalizedJsonPath) -> Boolean

Implementations should return true, when the credential attribute may be disclosed to the verifier.

Link copied to clipboard
Link copied to clipboard
@Serializable
data class PresentationExchangeCredentialDisclosure(val credential: SubjectCredentialStore.StoreEntry, val disclosedAttributes: Collection<NormalizedJsonPath>)
Link copied to clipboard
data class PresentationRequestParameters(val nonce: String, val audience: String, val transactionData: Pair<PresentationRequestParameters.Flow, List<TransactionDataBase64Url>>? = null, val calcIsoDeviceSignature: suspend (docType: String, deviceNameSpaceBytes: ByteStringWrapper<DeviceNameSpaces>) -> Pair<CoseSigned<ByteArray>, String?>? = { _, _ -> null }, val mdocGeneratedNonce: String? = null)

Input to create a verifiable presentation of credentials, i.e. contains input required to fill fields in the VP, like a challenge from the verifier, ot their identifier.

Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
class SdJwtValidator(sdJwtSigned: SdJwtSigned)

Decodes a SdJwtSigned, by substituting all blinded disclosure values (inside _sd elements of the payload) with the claims of the disclosures appended to the SD-JWT (by a ~).

Link copied to clipboard
abstract class SignerBasedKeyMaterial(val signer: Signer, val customKeyId: String? = null) : KeyMaterial, Signer
Link copied to clipboard
class StatusListTokenIntegrityValidator(verifyJwsObject: VerifyJwsObjectFun = VerifyJwsObject(), verifyCoseSignature: VerifyCoseSignatureFun<StatusListTokenPayload> = VerifyCoseSignature())

Parses and validates Status List Tokens Does verify the cryptographic authenticity of the data.

Link copied to clipboard
interface SubjectCredentialStore

Stores all credentials that a subject has received

Link copied to clipboard
interface TimePeriodProvider
Link copied to clipboard
class Validator(verifySignature: VerifySignatureFun = VerifySignature(), verifyJwsSignature: VerifyJwsSignatureFun = VerifyJwsSignature(verifySignature), verifyJwsObject: VerifyJwsObjectFun = VerifyJwsObject(verifyJwsSignature), verifyJwsSignatureWithCnf: VerifyJwsSignatureWithCnfFun = VerifyJwsSignatureWithCnf(verifyJwsSignature), verifyCoseSignature: VerifyCoseSignatureFun<StatusListTokenPayload> = VerifyCoseSignature(), verifyCoseSignatureWithKey: VerifyCoseSignatureWithKeyFun<MobileSecurityObject> = VerifyCoseSignatureWithKey(verifySignature), parser: Parser = Parser(), verifyTransactionData: Boolean = true, vcJwsInputValidator: VcJwsInputValidator = VcJwsInputValidator( verifyJwsObject = verifyJwsObject, ), sdJwtInputValidator: SdJwtInputValidator = SdJwtInputValidator( verifyJwsObject = verifyJwsObject, ), mdocInputValidator: MdocInputValidator = MdocInputValidator( verifyCoseSignatureWithKey = verifyCoseSignatureWithKey, ), timeLeeway: Duration = 300.seconds, clock: Clock = Clock.System, zlibService: ZlibService = DefaultZlibService(), resolveStatusListToken: StatusListTokenResolver? = null, tokenStatusResolver: TokenStatusResolver = resolveStatusListToken?.toTokenStatusResolver( verifyJwsObjectIntegrity = verifyJwsObject, zlibService = zlibService, verifyCoseSignature = verifyCoseSignature, clock = clock, ) ?: TokenStatusResolver { KmmResult.success(TokenStatus.Valid) }, acceptedTokenStatuses: Set<TokenStatus> = setOf(TokenStatus.Valid), tokenStatusValidator: TokenStatusValidator = tokenStatusResolver.toTokenStatusValidator( acceptedTokenStatuses ), credentialTimelinessValidator: CredentialTimelinessValidator = CredentialTimelinessValidator( clock = clock, timeLeeway = timeLeeway, ))

Parses and validates Verifiable Credentials and Verifiable Presentations. Does verify the cryptographic authenticity of the data. Does verify the revocation status of the data (when a status information is encoded in the credential).

Link copied to clipboard
class VerifiablePresentationFactory(identifier: String, signVerifiablePresentation: SignJwtFun<VerifiablePresentationJws>, signKeyBinding: SignJwtFun<KeyBindingJws>)
Link copied to clipboard
Link copied to clipboard
interface Verifier

Summarizes operations for a Verifier in the sense of the W3C VC Data Model.

Link copied to clipboard
class VerifierAgent(identifier: String, validator: Validator = Validator()) : Verifier

An agent that only implements Verifier, i.e. it can only verify credentials of other agents.

Link copied to clipboard
Link copied to clipboard
fun interface VerifySignatureFun

Functions

Link copied to clipboard
suspend fun X509Certificate.Companion.generateSelfSignedCertificate(publicKey: CryptoPublicKey, algorithm: X509SignatureAlgorithm, lifetimeInSeconds: Long = 30, extensions: List<X509CertificateExtension> = listOf(), signer: suspend (ByteArray) -> KmmResult<CryptoSignature>): KmmResult<X509Certificate>
Link copied to clipboard
fun CryptoPublicKey.matchesIdentifier(input: String): Boolean

Verifies that input is a valid identifier for this key

Link copied to clipboard
Link copied to clipboard