Align mdoc response with oid4vp1.0 (#394) (#426)

* Introduce the new mDoc presentation structure



* Remove Test Dependencies from SdJwtLib



* change target framework of core project to net8



* change target framework of mdocLib project to net8



* clean



* implemented requested changes



* xml comment indendation



* move handover types to constants file



* revert the Handover union type



* fix requested nit



---------


(cherry picked from commit bfeaf9b)

Signed-off-by: Johannes Tuerk <[email protected]>

Author: JoTiTu

src/WalletFramework.Oid4Vc/Oid4Vci/CredRequest/Implementations/CredentialRequestService.cs

@@ -1,5 +1,6 @@
 using System.Text;
 using LanguageExt;
+using Microsoft.IdentityModel.Tokens;
 using OneOf;
 using WalletFramework.Core.Cryptography.Abstractions;
 using WalletFramework.Core.Cryptography.Models;
@@ -69,8 +70,13 @@ await authorizationRequest.Match(
             Some: _ =>
             {
                 if (format == Constants.MdocFormat)
-                    sessionTranscript = authorizationRequest.UnwrapOrThrow(new Exception()).ToVpHandover()
-                        .ToSessionTranscript();
+                {
+                    var handover = OpenId4VpHandover.FromAuthorizationRequest(
+                        authorizationRequest.UnwrapOrThrow(new Exception()),
+                        Option<JsonWebKey>.None);
+                    sessionTranscript = handover.ToSessionTranscript();
+                }
+                
                 return Task.CompletedTask;
             },
             None: async () => await keyId.IfSomeAsync(async id => 

src/WalletFramework.Oid4Vc/Oid4Vp/DcApi/Models/OpenId4VpDcApiHandover.cs

@@ -1,40 +1,38 @@
 using LanguageExt;
+using Microsoft.IdentityModel.Tokens;
 using PeterO.Cbor;
 using WalletFramework.Core.Cryptography.Models;
+using WalletFramework.Core.Functional;
 using WalletFramework.MdocLib.Device;
 using WalletFramework.MdocLib.Security;
 using WalletFramework.MdocLib.Security.Abstractions;
+using WalletFramework.Oid4Vc.Oid4Vp.Jwk;
 using WalletFramework.Oid4Vc.Oid4Vp.Models;
 using static WalletFramework.Oid4Vc.Oid4Vp.Models.Nonce;
 
 namespace WalletFramework.Oid4Vc.Oid4Vp.DcApi.Models;
 
 /// <summary>
-/// Represents OpenID4VPDCAPIHandover according to the OpenID4VP specification.
-/// Contains a fixed identifier and the SHA-256 hash of OpenID4VPDCAPIHandoverInfo
-/// Structure: ["OpenID4VPDCAPIHandover", OpenID4VPDCAPIHandoverInfoHash]
+///     Represents OpenID4VPDCAPIHandover according to the OpenID4VP specification.
+///     Contains a fixed identifier and the SHA-256 hash of OpenID4VPDCAPIHandoverInfo
+///     Structure: ["OpenID4VPDCAPIHandover", OpenID4VPDCAPIHandoverInfoHash]
 /// </summary>
 public record OpenId4VpDcApiHandover(OpenId4VpDcApiHandoverInfo HandoverInfo) : IHandover
 {
     /// <summary>
-    /// Mdoc generated nonce created during handover initialization
+    ///     Mdoc generated nonce created during handover initialization
     /// </summary>
     public Nonce MdocGeneratedNonce { get; } = GenerateNonce();
-
-    /// <summary>
-    /// Fixed identifier for this handover type
-    /// </summary>
-    public const string HandoverTypeIdentifier = "OpenID4VPDCAPIHandover";
 
     /// <summary>
-    /// Converts the handover to CBOR representation as an array
+    ///     Converts the handover to CBOR representation as an array
     /// </summary>
     /// <returns>CBOR array containing [identifier, hash]</returns>
     public CBORObject ToCbor()
     {
         var result = CBORObject.NewArray();
-        
-        result.Add(HandoverTypeIdentifier);
+
+        result.Add(HandoverConstants.DcApiHandoverTypeIdentifier);
         result.Add(HandoverInfo.ToHash().AsBytes);
 
         return result;
@@ -55,4 +53,16 @@ public SessionTranscript ToSessionTranscript()
         );
     }
 
+    public static OpenId4VpDcApiHandover FromAuthorizationRequest(AuthorizationRequest request, Origin origin, Option<JsonWebKey> verifierPublicKey)
+    {
+        var encryptionKey = verifierPublicKey.OnSome(JwkFun.GetThumbprint);
+        
+        var handoverInfo = new OpenId4VpDcApiHandoverInfo(
+            origin,
+            request.Nonce,
+            encryptionKey
+            );
+
+        return new OpenId4VpDcApiHandover(handoverInfo);
+    }
 } 

src/WalletFramework.Oid4Vc/Oid4Vp/DcApi/Models/OpenId4VpDcApiHandoverInfo.cs

@@ -5,16 +5,16 @@
 namespace WalletFramework.Oid4Vc.Oid4Vp.DcApi.Models;
 
 /// <summary>
-/// Represents OpenID4VPDCAPIHandoverInfo according to the OpenID4VP specification.
-/// Contains the handover parameters as a CBOR array: [origin, nonce, jwkThumbprint]
+///     Represents OpenID4VPDCAPIHandoverInfo according to the OpenID4VP specification.
+///     Contains the handover parameters as a CBOR array: [origin, nonce, jwkThumbprint]
 /// </summary>
 public record OpenId4VpDcApiHandoverInfo(
     Origin Origin,
     string Nonce,
     Option<byte[]> JwkThumbprint)
 {
     /// <summary>
-    /// Converts the handover info to CBOR representation as an array
+    ///     Converts the handover info to CBOR representation as an array
     /// </summary>
     /// <returns>CBOR array containing [origin, nonce, jwkThumbprint]</returns>
     public CBORObject ToCbor()
@@ -33,13 +33,13 @@ public CBORObject ToCbor()
     }
 
     /// <summary>
-    /// Encodes the handover info as CBOR bytes
+    ///     Encodes the handover info as CBOR bytes
     /// </summary>
     /// <returns>CBOR-encoded bytes of the handover info</returns>
     public byte[] ToCborBytes() => ToCbor().EncodeToBytes();
 
     /// <summary>
-    /// Computes the SHA-256 hash of the handover info CBOR bytes
+    ///     Computes the SHA-256 hash of the handover info CBOR bytes
     /// </summary>
     /// <returns>SHA-256 hash of the CBOR-encoded handover info</returns>
     public Sha256Hash ToHash()

src/WalletFramework.Oid4Vc/Oid4Vp/HandoverConstants.cs

@@ -0,0 +1,8 @@
+namespace WalletFramework.Oid4Vc.Oid4Vp;
+
+public static class HandoverConstants
+{
+    public const string BasicHandoverTypeIdentifier = "OpenID4VPHandover";
+    
+    public const string DcApiHandoverTypeIdentifier = "OpenID4VPDCAPIHandover";
+}

src/WalletFramework.Oid4Vc/Oid4Vp/Models/Oid4VpHandover.cs

@@ -0,0 +1,70 @@
+using LanguageExt;
+using Microsoft.IdentityModel.Tokens;
+using PeterO.Cbor;
+using WalletFramework.Core.Cryptography.Models;
+using WalletFramework.Core.Functional;
+using WalletFramework.MdocLib.Device;
+using WalletFramework.MdocLib.Security;
+using WalletFramework.MdocLib.Security.Abstractions;
+using WalletFramework.Oid4Vc.Oid4Vp.Jwk;
+using static WalletFramework.Oid4Vc.Oid4Vp.Models.Nonce;
+
+namespace WalletFramework.Oid4Vc.Oid4Vp.Models;
+
+/// <summary>
+///     Represents OpenID4VPHandover according to the OpenID4VP specification.
+///     Contains a fixed identifier and the SHA-256 hash of OpenID4VPDCAPIHandoverInfo
+///     Structure: ["OpenID4VPHandover", OpenID4VPHandoverInfoHash]
+/// </summary>
+public record OpenId4VpHandover(OpenId4VpHandoverInfo HandoverInfo) : IHandover
+{
+    /// <summary>
+    ///     Mdoc generated nonce created during handover initialization
+    /// </summary>
+    public Nonce MdocGeneratedNonce { get; } = GenerateNonce();
+    
+    /// <summary>
+    ///     Converts the handover to CBOR representation as an array
+    /// </summary>
+    /// <returns>CBOR array containing [identifier, hash]</returns>
+    public CBORObject ToCbor()
+    {
+        var result = CBORObject.NewArray();
+        
+        result.Add(HandoverConstants.BasicHandoverTypeIdentifier);
+        result.Add(HandoverInfo.ToHash().AsBytes);
+        
+        return result;
+    }
+    
+    /// <summary>
+    ///     Encodes the handover as CBOR bytes
+    /// </summary>
+    /// <returns>CBOR-encoded bytes of the handover</returns>
+    public byte[] ToCborBytes() => ToCbor().EncodeToBytes();
+
+    public SessionTranscript ToSessionTranscript()
+    {
+        return new SessionTranscript(
+            Option<DeviceEngagement>.None,
+            Option<PublicKey>.None,
+            this
+        );
+    }
+
+    public static OpenId4VpHandover FromAuthorizationRequest(AuthorizationRequest request, Option<JsonWebKey> verifierPublicKey)
+    {
+        var encryptionKey = verifierPublicKey.OnSome(JwkFun.GetThumbprint);
+        
+        var handoverInfo = new OpenId4VpHandoverInfo(
+            request.ClientIdScheme != null
+                ? $"{request.ClientIdScheme.AsString()}:{request.ClientId}"
+                : request.ClientId!,
+            request.Nonce,
+            request.ResponseUri,
+            encryptionKey
+            );
+        
+        return new OpenId4VpHandover(handoverInfo);
+    }
+} 

src/WalletFramework.Oid4Vc/Oid4Vp/Models/OpenId4VpHandover.cs

@@ -0,0 +1,54 @@
+using LanguageExt;
+using PeterO.Cbor;
+using WalletFramework.Core.Encoding;
+using WalletFramework.Oid4Vc.Oid4Vp.DcApi.Models;
+
+namespace WalletFramework.Oid4Vc.Oid4Vp.Models;
+
+/// <summary>
+/// Represents OpenID4VPDCAPIHandoverInfo according to the OpenID4VP specification.
+/// Contains the handover parameters as a CBOR array: [origin, nonce, jwkThumbprint]
+/// </summary>
+public record OpenId4VpHandoverInfo(
+    string ClientId,
+    string Nonce,
+    string ResponseUri,
+    Option<byte[]> JwkThumbprint)
+{
+    /// <summary>
+    /// Converts the handover info to CBOR representation as an array
+    /// </summary>
+    /// <returns>CBOR array containing [origin, nonce, jwkThumbprint]</returns>
+    public CBORObject ToCbor()
+    {
+        var result = CBORObject.NewArray();
+        
+        result.Add(ClientId);
+        result.Add(Nonce);
+
+        JwkThumbprint.Match(
+            thumbprint => result.Add(thumbprint),
+            () => result.Add(CBORObject.Null)
+        );
+        
+        result.Add(ResponseUri);
+        
+        return result;
+    }
+    
+    /// <summary>
+    /// Encodes the handover info as CBOR bytes
+    /// </summary>
+    /// <returns>CBOR-encoded bytes of the handover info</returns>
+    public byte[] ToCborBytes() => ToCbor().EncodeToBytes();
+    
+    /// <summary>
+    /// Computes the SHA-256 hash of the handover info CBOR bytes
+    /// </summary>
+    /// <returns>SHA-256 hash of the CBOR-encoded handover info</returns>
+    public Sha256Hash ToHash()
+    {
+        var handoverInfoBytes = ToCborBytes();
+        return Sha256Hash.ComputeHash(handoverInfoBytes);
+    }
+} 

src/WalletFramework.Oid4Vc/Oid4Vp/Models/OpenId4VpHandoverInfo.cs

@@ -75,6 +75,7 @@ public Oid4VpClientService(
         IOid4VpHaipClient oid4VpHaipClient,
         IOid4VpRecordService oid4VpRecordService,
         IPresentationService presentationService,
+        IVerifierKeyService verifierKeyService,
         ISdJwtVcHolderService sdJwtVcHolderService)
     {
         _agentProvider = agentProvider;
@@ -89,6 +90,7 @@ public Oid4VpClientService(
         _oid4VpHaipClient = oid4VpHaipClient;
         _oid4VpRecordService = oid4VpRecordService;
         _presentationService = presentationService;
+        _verifierKeyService = verifierKeyService;
         _sdJwtVcHolderService = sdJwtVcHolderService;
     }
 
@@ -104,6 +106,7 @@ public Oid4VpClientService(
     private readonly IOid4VpHaipClient _oid4VpHaipClient;
     private readonly IOid4VpRecordService _oid4VpRecordService;
     private readonly IPresentationService _presentationService;
+    private readonly IVerifierKeyService _verifierKeyService;
     private readonly ISdJwtVcHolderService _sdJwtVcHolderService;
 
     public async Task<Option<Uri>> AbortAuthorizationRequest(AuthorizationRequestCancellation cancellation)
@@ -221,7 +224,7 @@ await credentialSetMdocRecords.Match(
 
             switch (presentation.PresentedCredential)
             {
-                case SdJwtRecord sdJwtRecord:
+                case SdJwtRecord sdJwtRecord: 
                     var issuanceSdJwtDoc = sdJwtRecord.ToSdJwtDoc();
                     var sdJwtDoc = new SdJwtDoc(presentation.PresentationMap.Presentation);
 
@@ -239,7 +242,7 @@ from claim in sdJwtRecord.Claims
                             key = claim.Key,
                             value = new PresentedClaim { Value = claim.Value }
                         };
-
+                    
                     result = new PresentedCredentialSet
                     {
                         SdJwtCredentialType = Vct.ValidVct(sdJwtRecord.Vct).UnwrapOrThrow(),
@@ -408,7 +411,14 @@ public async Task<Option<Uri>> AcceptOnDemandRequest(
 
                     var mdoc = mdocRecord.Mdoc.SelectivelyDisclose(toDisclose);
 
-                    var handover = authorizationRequest.ToVpHandover();
+                    var responseEncryptionKey = authorizationRequest.ResponseMode == AuthorizationRequest.DirectPostJwt
+                        ? await _verifierKeyService.GetPublicKey(authorizationRequest)
+                        : Option<JsonWebKey>.None;
+                    
+                    var handover = OpenId4VpHandover.FromAuthorizationRequest(
+                        authorizationRequest,
+                        responseEncryptionKey);
+                    
                     mdocNonce = handover.MdocGeneratedNonce;
                     var sessionTranscript = handover.ToSessionTranscript();