vck/at.asitplus.wallet.lib.agent

Package-level declarations

Types

Link copied to clipboard
data class ClaimToBeIssued(val name: String, val value: Any, val selectivelyDisclosable: Boolean = true)

Represents a claim that shall be issued to the holder, i.e., serialized into the appropriate credential format.

Link copied to clipboard
data class ClaimToBeIssuedArrayElement(val value: Any, val selectivelyDisclosable: Boolean = true)

Represents an element of an array inside an SD-JWT that shall be issued to the holder. Use this in any collection inside ClaimToBeIssued.value to correctly serialize the array.

Link copied to clipboard
sealed interface CreatePresentationResult
Link copied to clipboard
@Serializable
data class CredentialRenewalInfo(val refreshToken: String?, val issuerMetadata: IssuerMetadata, val oauthMetadata: OAuth2AuthorizationServerMetadata, val credentialFormat: SupportedCredentialFormat, val credentialIdentifier: String)

Holds all information needed to refresh a credential, pass it to OpenId4VciClient.refreshCredentialReturningResult.

Link copied to clipboard
sealed class CredentialToBeIssued
Link copied to clipboard
class EphemeralKeyWithoutCert @JvmOverloads constructor(val key: EphemeralKey = EphemeralKey { ec { curve = ECCurve.SECP_256_R_1 digests = setOf(Digest.SHA256) } }.getOrThrow(), val customKeyId: String = Random.nextBytes(8).encodeToString(Base16Strict).lowercase()) : KeyMaterial, Signer

Generate new key material with a random key, e.g. used in tests

Link copied to clipboard
class EphemeralKeyWithSelfSignedCert @JvmOverloads constructor(val key: EphemeralKey = EphemeralKey { ec { curve = ECCurve.SECP_256_R_1 digests = setOf(Digest.SHA256) } }.getOrThrow(), extensions: List<X509CertificateExtension> = listOf(), customKeyId: String = Random.nextBytes(8).encodeToString(Base16Strict).lowercase(), lifetimeInSeconds: Long = 30) : KeyWithSelfSignedCert, Signer

Generate new key material with a random key, and a self-signed certificate, e.g. used in tests

Link copied to clipboard
class FixedTimeClock(epochMilliseconds: Long) : Clock
Link copied to clipboard
Link copied to clipboard
interface Holder

Summarizes operations for a Holder in the sense of the W3C VC Data Model.

Link copied to clipboard
class HolderAgent @JvmOverloads constructor(val keyMaterial: KeyMaterial, subjectCredentialStore: SubjectCredentialStore = InMemorySubjectCredentialStore(), validator: Validator = Validator(), validatorVcJws: ValidatorVcJws = ValidatorVcJws(validator = validator), validatorSdJwt: ValidatorSdJwt = ValidatorSdJwt(validator = validator), validatorMdoc: ValidatorMdoc = ValidatorMdoc(validator = validator), signVerifiablePresentation: SignJwtFun<VerifiablePresentationJws> = SignJwt(keyMaterial, JwsHeaderCertOrJwk()), signKeyBinding: SignJwtFun<KeyBindingJws> = SignJwt(keyMaterial, JwsHeaderNone()), verifiablePresentationFactory: VerifiablePresentationFactory = VerifiablePresentationFactory(keyMaterial, signVerifiablePresentation, signKeyBinding), difInputEvaluator: PresentationExchangeInputEvaluator = PresentationExchangeInputEvaluator) : Holder

An agent that only implements Holder, i.e. it can receive credentials from other agents and present credentials to other agents.

Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
class InMemoryIssuerCredentialStore @JvmOverloads constructor(val tokenStatusBitSize: TokenStatusBitSize = TokenStatusBitSize.ONE) : IssuerCredentialStore, ReferencedTokenStore
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
class InvalidMacException @JvmOverloads constructor(message: String, cause: Throwable? = null) : Throwable
Link copied to clipboard
data class IsoDeviceSignatureInput(val docType: String, val deviceNameSpaceBytes: ByteStringWrapper<DeviceNameSpaces>)
Link copied to clipboard
interface Issuer : ReferencedTokenIssuer<CredentialToBeIssued, KmmResult<Issuer.IssuedCredential>>

Summarizes operations for an Issuer in the sense of the W3C VC Data Model.

Link copied to clipboard
class IssuerAgent @JvmOverloads constructor(val keyMaterial: KeyMaterial = EphemeralKeyWithoutCert(), issuerCredentialStore: IssuerCredentialStore = InMemoryIssuerCredentialStore(), statusListBaseUrl: String = "https://wallet.a-sit.at/backend/credentials/status", identifierListBaseUrl: String = "https://wallet.a-sit.at/backend/credentials/identifier", clock: Clock = Clock.System, issuanceOffset: Duration = (-3).minutes, val cryptoAlgorithms: Set<SignatureAlgorithm> = setOf(keyMaterial.signatureAlgorithm), timePeriodProvider: TimePeriodProvider = FixedTimePeriodProvider, identifier: UniformResourceIdentifier, signIssuedSdJwt: SignJwtExtFun<JsonObject> = SignJwtExt(keyMaterial, JwsHeaderCertOrJwk()), signIssuedVc: SignJwtFun<VerifiableCredentialJws> = SignJwt(keyMaterial, JwsHeaderCertOrJwk()), signMobileSecurityObject: SignCoseFun<MobileSecurityObject> = SignCose(keyMaterial, CoseHeaderNone(), CoseHeaderCertificate()), randomSource: RandomSource = RandomSource.Secure) : Issuer

An agent that implements Issuer, i.e., it issues credentials for other agents.

Link copied to clipboard
interface IssuerCredentialStore

Stores all issued credentials, keeps track of the index for the revocation list

Link copied to clipboard
interface KeyMaterial : Signer

Abstracts the management of key material away from cryptographic functions.

Link copied to clipboard
class KeyStoreMaterial @JvmOverloads constructor(keyStore: KeyStore, keyAlias: String, privateKeyPassword: CharArray, providerName: String? = null, certAlias: String? = null, customKeyId: String = Random.nextBytes(8).encodeToString(Base16Strict).lowercase()) : SignerBasedKeyMaterial

KeyMaterial based on an initialized, loaded KeyStore object.

Link copied to clipboard
abstract class KeyWithSelfSignedCert(extensions: List<X509CertificateExtension>, customKeyId: String, lifetimeInSeconds: Long) : KeyMaterial
Link copied to clipboard
typealias PathAuthorizationValidator = (credential: SubjectCredentialStore.StoreEntry, attributePath: NormalizedJsonPath) -> Boolean

Implementations should return true, when the credential attribute may be disclosed to the verifier.

Link copied to clipboard
Link copied to clipboard
@Serializable
data class PresentationExchangeCredentialDisclosure<Credential : Any>(val credential: Credential, val disclosedAttributes: Collection<NormalizedJsonPath>)
Link copied to clipboard
data class PresentationExchangeQueryMatchingResult(val inputDescriptorMatchingResults: Map<String, List<KmmResult<InputDescriptorMatching>>>)
Link copied to clipboard
data class PresentationRequestParameters(val nonce: String, val audience: String, val transactionData: List<TransactionDataBase64Url>? = null, val calcIsoDeviceSignaturePlain: suspend (input: IsoDeviceSignatureInput) -> CoseSigned<ByteArray>? = { null }, val returnOneDeviceResponse: Boolean = false)

Input to create a verifiable presentation of credentials, i.e. contains input required to fill fields in the VP, like a challenge from the verifier, ot their identifier.

Link copied to clipboard
Link copied to clipboard
interface PublishedKeyMaterial : KeyMaterial

Key material referenced by a key id in identifier, which can be fetched by clients from keySetUrl.

Link copied to clipboard
class PublishedKeyStoreMaterial @JvmOverloads constructor(keyStore: KeyStore, keyAlias: String, privateKeyPassword: CharArray, providerName: String? = null, certAlias: String? = null, keySetUrl: String?, customKeyId: String) : SignerBasedPublishedKeyMaterial

KeyMaterial based on an initialized, loaded KeyStore object, which will use PublishedKeyMaterial.

Link copied to clipboard
sealed class RandomSource
Link copied to clipboard
Link copied to clipboard
class SdJwtDecoded(sdJwtSigned: SdJwtSigned)

Decodes a SdJwtSigned, by substituting all blinded disclosure values (inside _sd elements of the payload) with the claims of the disclosures appended to the SD-JWT (by a ~).

Link copied to clipboard
abstract class SignerBasedKeyMaterial @JvmOverloads constructor(val signer: Signer, val customKeyId: String = Random.nextBytes(8).encodeToString(Base16Strict).lowercase()) : KeyMaterial, Signer

Key that will be referenced by its getCertificate or the jsonWebKey directly embedded in proofs.

Link copied to clipboard
abstract class SignerBasedPublishedKeyMaterial(val signer: Signer, val customKeyId: String, val keySetUrl: String?) : PublishedKeyMaterial, Signer

Key that will be referenced by customKeyId in the key set published under keySetUrl, which will both be embedded in proofs.

Link copied to clipboard
class StatusListAgent @JvmOverloads constructor(keyMaterial: KeyMaterial = EphemeralKeyWithSelfSignedCert(), issuerCredentialStore: ReferencedTokenStore = InMemoryIssuerCredentialStore(), statusListBaseUrl: String = "https://wallet.a-sit.at/backend/credentials/status", identifierListBaseUrl: String = "https://wallet.a-sit.at/backend/credentials/identifier", statusListAggregationUrl: String? = null, identifierListAggregationUrl: String? = null, zlibService: ZlibService = DefaultZlibService(), revocationListLifetime: Duration = 48.hours, clock: Clock = Clock.System, timePeriodProvider: TimePeriodProvider = FixedTimePeriodProvider, signStatusListJwt: SignJwtFun<StatusListTokenPayload> = SignJwt(keyMaterial, JwsHeaderCertOrJwk()), signStatusListCwt: SignCoseFun<ByteArray> = SignCose(keyMaterial, CoseHeaderKeyIdForKeyMaterial(), CoseHeaderCertificate())) : StatusListIssuer

An agent that implements StatusListIssuer, i.e. it manages status of credentials and status lists.

Link copied to clipboard
interface StatusListIssuer : StatusIssuer, StatusProvider

Summarizes operations for an Issuer in the sense of the W3C VC Data Model.

Link copied to clipboard
interface SubjectCredentialStore

Stores all credentials that a subject has received

Link copied to clipboard
interface TimePeriodProvider
Link copied to clipboard
Link copied to clipboard
class Validator @JvmOverloads constructor(tokenStatusResolver: TokenStatusResolver = TokenStatusResolverNoop, acceptedTokenStatuses: Set<TokenStatus> = setOf(TokenStatus.Valid), tokenStatusValidator: TokenStatusValidator = tokenStatusResolver.toTokenStatusValidator(acceptedTokenStatuses), credentialTimelinessValidator: CredentialTimelinessValidator = CredentialTimelinessValidator())

Parses and validates Verifiable Credentials and Verifiable Presentations. Does verify the cryptographic authenticity of the data. Does verify the revocation status of the data (when a status information is encoded in the credential).

Link copied to clipboard
class ValidatorMdoc @JvmOverloads constructor(verifySignature: VerifySignatureFun = VerifySignature(), verifyCoseSignatureWithKey: VerifyCoseSignatureWithKeyFun<MobileSecurityObject> = VerifyCoseSignatureWithKey(verifySignature), mdocInputValidator: MdocInputValidator = MdocInputValidator(verifyCoseSignatureWithKey = verifyCoseSignatureWithKey), validator: Validator = Validator())
Link copied to clipboard
class ValidatorSdJwt @JvmOverloads constructor(verifySignature: VerifySignatureFun = VerifySignature(), verifyJwsSignature: VerifyJwsSignatureFun = VerifyJwsSignature(verifySignature), verifyJwsObject: VerifyJwsObjectFun = VerifyJwsObject(verifyJwsSignature), verifyJwsSignatureWithCnf: VerifyJwsSignatureWithCnfFun = VerifyJwsSignatureWithCnf(verifyJwsSignature), verifyTransactionData: Boolean = true, sdJwtInputValidator: SdJwtInputValidator = SdJwtInputValidator(verifyJwsObject = verifyJwsObject), validator: Validator = Validator())

Parses and validates Verifiable Credentials and Verifiable Presentations. Does verify the cryptographic authenticity of the data. Does verify the revocation status of the data (when a status information is encoded in the credential).

Link copied to clipboard
class ValidatorVcJws @JvmOverloads constructor(verifySignature: VerifySignatureFun = VerifySignature(), verifyJwsSignature: VerifyJwsSignatureFun = VerifyJwsSignature(verifySignature), verifyJwsObject: VerifyJwsObjectFun = VerifyJwsObject(verifyJwsSignature), vcJwsInputValidator: VcJwsInputValidator = VcJwsInputValidator(verifyJwsObject = verifyJwsObject), validator: Validator = Validator())

Parses and validates Verifiable Credentials and Verifiable Presentations. Does verify the cryptographic authenticity of the data. Does verify the revocation status of the data (when a status information is encoded in the credential).

Link copied to clipboard
class VerifiablePresentationFactory @JvmOverloads constructor(keyMaterial: KeyMaterial, signVerifiablePresentation: SignJwtFun<VerifiablePresentationJws> = SignJwt(keyMaterial, JwsHeaderCertOrJwk()), signKeyBinding: SignJwtFun<KeyBindingJws> = SignJwt(keyMaterial, JwsHeaderNone()))
Link copied to clipboard
interface Verifier

Summarizes operations for a Verifier in the sense of the W3C VC Data Model.

Link copied to clipboard
class VerifierAgent @JvmOverloads constructor(identifier: String, validatorVcJws: ValidatorVcJws = ValidatorVcJws(), validatorSdJwt: ValidatorSdJwt = ValidatorSdJwt(), validatorMdoc: ValidatorMdoc = ValidatorMdoc()) : Verifier

An agent that only implements Verifier, i.e. it can only verify credentials of other agents.

Link copied to clipboard
Link copied to clipboard
fun interface VerifyMacFun
Link copied to clipboard
Link copied to clipboard
fun interface VerifySignatureFun

Functions

Link copied to clipboard
suspend fun X509Certificate.Companion.generateSelfSignedCertificate(publicKey: CryptoPublicKey, algorithm: X509SignatureAlgorithm, lifetimeInSeconds: Long = 30, extensions: List<X509CertificateExtension> = listOf(), signer: suspend (ByteArray) -> KmmResult<CryptoSignature>): KmmResult<X509Certificate>
Link copied to clipboard
fun CryptoPublicKey.matchesIdentifier(input: String): Boolean

Verifies that input is a valid identifier for this key (that is not forgeable like a simple ID)

Link copied to clipboard
fun Digest.toIanaName(): String
Link copied to clipboard
Generated by Dokka
© 2026 Copyright