Revert "Align mdoc response with oid4vp1.0 (#394)" (#414)

* Revert "Align mdoc response with oid4vp1.0 (#394)"

This reverts commit bfeaf9b.

Signed-off-by: Johannes Tuerk <[email protected]>

* add TargetFramework adjustments and SdJwtLib fix

Signed-off-by: Johannes Tuerk <[email protected]>

---------

Signed-off-by: Johannes Tuerk <[email protected]>

Author: JoTiTu

src/WalletFramework.Oid4Vc/Oid4Vci/CredRequest/Implementations/CredentialRequestService.cs

@@ -1,6 +1,5 @@
 using System.Text;
 using LanguageExt;
-using Microsoft.IdentityModel.Tokens;
 using OneOf;
 using WalletFramework.Core.Cryptography.Abstractions;
 using WalletFramework.Core.Cryptography.Models;
@@ -70,13 +69,8 @@ await authorizationRequest.Match(
             Some: _ =>
             {
                 if (format == Constants.MdocFormat)
-                {
-                    var handover = OpenId4VpHandover.FromAuthorizationRequest(
-                        authorizationRequest.UnwrapOrThrow(new Exception()),
-                        Option<JsonWebKey>.None);
-                    sessionTranscript = handover.ToSessionTranscript();
-                }
-                
+                    sessionTranscript = authorizationRequest.UnwrapOrThrow(new Exception()).ToVpHandover()
+                        .ToSessionTranscript();
                 return Task.CompletedTask;
             },
             None: async () => await keyId.IfSomeAsync(async id => 

src/WalletFramework.Oid4Vc/Oid4Vp/DcApi/Models/OpenId4VpDcApiHandover.cs

@@ -1,38 +1,40 @@
 using LanguageExt;
-using Microsoft.IdentityModel.Tokens;
 using PeterO.Cbor;
 using WalletFramework.Core.Cryptography.Models;
-using WalletFramework.Core.Functional;
 using WalletFramework.MdocLib.Device;
 using WalletFramework.MdocLib.Security;
 using WalletFramework.MdocLib.Security.Abstractions;
-using WalletFramework.Oid4Vc.Oid4Vp.Jwk;
 using WalletFramework.Oid4Vc.Oid4Vp.Models;
 using static WalletFramework.Oid4Vc.Oid4Vp.Models.Nonce;
 
 namespace WalletFramework.Oid4Vc.Oid4Vp.DcApi.Models;
 
 /// <summary>
-///     Represents OpenID4VPDCAPIHandover according to the OpenID4VP specification.
-///     Contains a fixed identifier and the SHA-256 hash of OpenID4VPDCAPIHandoverInfo
-///     Structure: ["OpenID4VPDCAPIHandover", OpenID4VPDCAPIHandoverInfoHash]
+/// Represents OpenID4VPDCAPIHandover according to the OpenID4VP specification.
+/// Contains a fixed identifier and the SHA-256 hash of OpenID4VPDCAPIHandoverInfo
+/// Structure: ["OpenID4VPDCAPIHandover", OpenID4VPDCAPIHandoverInfoHash]
 /// </summary>
 public record OpenId4VpDcApiHandover(OpenId4VpDcApiHandoverInfo HandoverInfo) : IHandover
 {
     /// <summary>
-    ///     Mdoc generated nonce created during handover initialization
+    /// Mdoc generated nonce created during handover initialization
     /// </summary>
     public Nonce MdocGeneratedNonce { get; } = GenerateNonce();
+
+    /// <summary>
+    /// Fixed identifier for this handover type
+    /// </summary>
+    public const string HandoverTypeIdentifier = "OpenID4VPDCAPIHandover";
 
     /// <summary>
-    ///     Converts the handover to CBOR representation as an array
+    /// Converts the handover to CBOR representation as an array
     /// </summary>
     /// <returns>CBOR array containing [identifier, hash]</returns>
     public CBORObject ToCbor()
     {
         var result = CBORObject.NewArray();
-
-        result.Add(HandoverConstants.DcApiHandoverTypeIdentifier);
+        
+        result.Add(HandoverTypeIdentifier);
         result.Add(HandoverInfo.ToHash().AsBytes);
 
         return result;
@@ -53,16 +55,4 @@ public SessionTranscript ToSessionTranscript()
         );
     }
 
-    public static OpenId4VpDcApiHandover FromAuthorizationRequest(AuthorizationRequest request, Origin origin, Option<JsonWebKey> verifierPublicKey)
-    {
-        var encryptionKey = verifierPublicKey.OnSome(JwkFun.GetThumbprint);
-        
-        var handoverInfo = new OpenId4VpDcApiHandoverInfo(
-            origin,
-            request.Nonce,
-            encryptionKey
-            );
-
-        return new OpenId4VpDcApiHandover(handoverInfo);
-    }
 } 

src/WalletFramework.Oid4Vc/Oid4Vp/DcApi/Models/OpenId4VpDcApiHandoverInfo.cs

@@ -5,16 +5,16 @@
 namespace WalletFramework.Oid4Vc.Oid4Vp.DcApi.Models;
 
 /// <summary>
-///     Represents OpenID4VPDCAPIHandoverInfo according to the OpenID4VP specification.
-///     Contains the handover parameters as a CBOR array: [origin, nonce, jwkThumbprint]
+/// Represents OpenID4VPDCAPIHandoverInfo according to the OpenID4VP specification.
+/// Contains the handover parameters as a CBOR array: [origin, nonce, jwkThumbprint]
 /// </summary>
 public record OpenId4VpDcApiHandoverInfo(
     Origin Origin,
     string Nonce,
     Option<byte[]> JwkThumbprint)
 {
     /// <summary>
-    ///     Converts the handover info to CBOR representation as an array
+    /// Converts the handover info to CBOR representation as an array
     /// </summary>
     /// <returns>CBOR array containing [origin, nonce, jwkThumbprint]</returns>
     public CBORObject ToCbor()
@@ -33,13 +33,13 @@ public CBORObject ToCbor()
     }
 
     /// <summary>
-    ///     Encodes the handover info as CBOR bytes
+    /// Encodes the handover info as CBOR bytes
     /// </summary>
     /// <returns>CBOR-encoded bytes of the handover info</returns>
     public byte[] ToCborBytes() => ToCbor().EncodeToBytes();
 
     /// <summary>
-    ///     Computes the SHA-256 hash of the handover info CBOR bytes
+    /// Computes the SHA-256 hash of the handover info CBOR bytes
     /// </summary>
     /// <returns>SHA-256 hash of the CBOR-encoded handover info</returns>
     public Sha256Hash ToHash()

src/WalletFramework.Oid4Vc/Oid4Vp/HandoverConstants.cs

@@ -0,0 +1,62 @@
+using LanguageExt;
+using PeterO.Cbor;
+using WalletFramework.Core.Cryptography.Models;
+using WalletFramework.Core.Encoding;
+using WalletFramework.MdocLib.Device;
+using WalletFramework.MdocLib.Security;
+using WalletFramework.MdocLib.Security.Abstractions;
+using static WalletFramework.Core.Encoding.Sha256Hash;
+using static WalletFramework.Oid4Vc.Oid4Vp.Models.Nonce;
+
+namespace WalletFramework.Oid4Vc.Oid4Vp.Models;
+
+public record Oid4VpHandover(
+    Sha256Hash ClientIdSha256Hash,
+    Sha256Hash ResponseUriSha256Hash,
+    // TODO: Nonce from AuthRequest has weak type
+    string Nonce,
+    Nonce MdocGeneratedNonce) : IHandover
+{
+    public CBORObject ToCbor()
+    {
+        var result = CBORObject.NewArray();
+        
+        result.Add(ClientIdSha256Hash.AsBytes);
+        result.Add(ResponseUriSha256Hash.AsBytes);
+        result.Add(Nonce);
+
+        return result;
+    }
+
+    public SessionTranscript ToSessionTranscript() => new(
+        Option<DeviceEngagement>.None,
+        Option<PublicKey>.None,
+        this);
+}
+
+public static class Oid4VpHandoverFun
+{
+    public static Oid4VpHandover ToVpHandover(this AuthorizationRequest request)
+    {
+        var mdocGeneratedNonce = GenerateNonce();
+
+        var clientIdToHash = CBORObject.NewArray();
+        var clientId = CBORObject.FromObject(request.ClientId);
+        
+        clientIdToHash.Add(clientId);
+        clientIdToHash.Add(mdocGeneratedNonce.AsHex);
+        var clientIdToHashBytes = clientIdToHash.EncodeToBytes();
+        
+        var responseUriToHash = CBORObject.NewArray();
+        var responseUri = CBORObject.FromObject(request.ResponseUri);
+        
+        responseUriToHash.Add(responseUri);
+        responseUriToHash.Add(mdocGeneratedNonce.AsHex);
+        var responseUriToHashBytes = responseUriToHash.EncodeToBytes();
+
+        var clientIdHash = ComputeHash(clientIdToHashBytes);
+        var responseUriHash = ComputeHash(responseUriToHashBytes);
+
+        return new Oid4VpHandover(clientIdHash, responseUriHash, request.Nonce, mdocGeneratedNonce);
+    }
+}

src/WalletFramework.Oid4Vc/Oid4Vp/Models/Oid4VpHandover.cs

@@ -75,7 +75,6 @@ public Oid4VpClientService(
         IOid4VpHaipClient oid4VpHaipClient,
         IOid4VpRecordService oid4VpRecordService,
         IPresentationService presentationService,
-        IVerifierKeyService verifierKeyService,
         ISdJwtVcHolderService sdJwtVcHolderService)
     {
         _agentProvider = agentProvider;
@@ -90,7 +89,6 @@ public Oid4VpClientService(
         _oid4VpHaipClient = oid4VpHaipClient;
         _oid4VpRecordService = oid4VpRecordService;
         _presentationService = presentationService;
-        _verifierKeyService = verifierKeyService;
         _sdJwtVcHolderService = sdJwtVcHolderService;
     }
 
@@ -106,7 +104,6 @@ public Oid4VpClientService(
     private readonly IOid4VpHaipClient _oid4VpHaipClient;
     private readonly IOid4VpRecordService _oid4VpRecordService;
     private readonly IPresentationService _presentationService;
-    private readonly IVerifierKeyService _verifierKeyService;
     private readonly ISdJwtVcHolderService _sdJwtVcHolderService;
 
     public async Task<Option<Uri>> AbortAuthorizationRequest(AuthorizationRequestCancellation cancellation)
@@ -224,7 +221,7 @@ await credentialSetMdocRecords.Match(
 
             switch (presentation.PresentedCredential)
             {
-                case SdJwtRecord sdJwtRecord: 
+                case SdJwtRecord sdJwtRecord:
                     var issuanceSdJwtDoc = sdJwtRecord.ToSdJwtDoc();
                     var sdJwtDoc = new SdJwtDoc(presentation.PresentationMap.Presentation);
 
@@ -242,7 +239,7 @@ from claim in sdJwtRecord.Claims
                             key = claim.Key,
                             value = new PresentedClaim { Value = claim.Value }
                         };
-                    
+
                     result = new PresentedCredentialSet
                     {
                         SdJwtCredentialType = Vct.ValidVct(sdJwtRecord.Vct).UnwrapOrThrow(),
@@ -411,14 +408,7 @@ public async Task<Option<Uri>> AcceptOnDemandRequest(
 
                     var mdoc = mdocRecord.Mdoc.SelectivelyDisclose(toDisclose);
 
-                    var responseEncryptionKey = authorizationRequest.ResponseMode == AuthorizationRequest.DirectPostJwt
-                        ? await _verifierKeyService.GetPublicKey(authorizationRequest)
-                        : Option<JsonWebKey>.None;
-                    
-                    var handover = OpenId4VpHandover.FromAuthorizationRequest(
-                        authorizationRequest,
-                        responseEncryptionKey);
-                    
+                    var handover = authorizationRequest.ToVpHandover();
                     mdocNonce = handover.MdocGeneratedNonce;
                     var sessionTranscript = handover.ToSessionTranscript();