Skip to content

Commit

Permalink
Merge branch 'PVW-2865-implement-http-layer-in-openid4vp' into 'main'
Browse files Browse the repository at this point in the history 
PVW-2865: switch to OpenID4VP protocol in wallet and wallet server

See merge request wallet/nl-wallet!945
  • Loading branch information
@sietseringers
sietseringers committed Jul 1, 2024
2 parents 65d7cf2 + 6edfe86 commit 90b6526
Show file tree
Hide file tree
Showing 43 changed files with 1,271 additions and 808 deletions.
19 changes: 13 additions & 6 deletions wallet_core/flutter_api/src/errors.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ use serde::Serialize;

use wallet::errors::{
mdoc::{self, HolderError},
openid4vc::{IssuanceSessionError, OidcError},
openid4vc::{IssuanceSessionError, OidcError, VpClientError},
reqwest, AccountProviderError, DigidSessionError, DisclosureError, HistoryError, InstructionError,
PidIssuanceError, ResetError, UriIdentificationError, WalletInitError, WalletRegistrationError, WalletUnlockError,
};
Expand Down Expand Up @@ -199,11 +199,17 @@ impl FlutterApiErrorFields for DisclosureError {
DisclosureError::NotRegistered | DisclosureError::Locked | DisclosureError::SessionState => {
FlutterApiErrorType::WalletState
}
DisclosureError::DisclosureSession(mdoc::Error::Holder(HolderError::ReaderEnagementSourceMismatch(
DisclosureError::IsoDisclosureSession(mdoc::Error::Holder(HolderError::DisclosureUriSourceMismatch(
_,
_,
))) => FlutterApiErrorType::DisclosureSourceMismatch,
DisclosureError::DisclosureSession(error) => {
)))
| DisclosureError::VpDisclosureSession(VpClientError::DisclosureUriSourceMismatch(_, _)) => {
FlutterApiErrorType::DisclosureSourceMismatch
}
DisclosureError::IsoDisclosureSession(error) => {
detect_networking_error(error).unwrap_or(FlutterApiErrorType::Generic)
}
DisclosureError::VpDisclosureSession(error) => {
detect_networking_error(error).unwrap_or(FlutterApiErrorType::Generic)
}
DisclosureError::Instruction(error) => FlutterApiErrorType::from(error),
Expand All @@ -213,10 +219,11 @@ impl FlutterApiErrorFields for DisclosureError {

fn data(&self) -> Option<serde_json::Value> {
match self {
DisclosureError::DisclosureSession(mdoc::Error::Holder(HolderError::ReaderEnagementSourceMismatch(
DisclosureError::IsoDisclosureSession(mdoc::Error::Holder(HolderError::DisclosureUriSourceMismatch(
session_type,
_,
))) => {
)))
| DisclosureError::VpDisclosureSession(VpClientError::DisclosureUriSourceMismatch(session_type, _)) => {
[("session_type", serde_json::to_value(session_type).unwrap())] // This conversion should never fail.
.into_iter()
.collect::<serde_json::Value>()
Expand Down
2 changes: 1 addition & 1 deletion wallet_core/mdoc/src/holder/disclosure/mod.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ use super::Mdoc;
pub use disclosure_request_match::DisclosureRequestMatch;
pub use proposed_document::{ProposedDocument, ProposedDocumentAttributes};
pub use session::{
DisclosureMissingAttributes, DisclosureProposal, DisclosureSession, ProposedAttributes, ReaderEngagementSource,
DisclosureMissingAttributes, DisclosureProposal, DisclosureSession, DisclosureUriSource, ProposedAttributes,
};

mod device_signed;
Expand Down
68 changes: 34 additions & 34 deletions wallet_core/mdoc/src/holder/disclosure/session.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -87,7 +87,7 @@ struct CommonDisclosureData<H> {

#[derive(Debug, Clone, Copy, PartialEq, Eq, strum::Display)]
#[strum(serialize_all = "snake_case")] // Symmetrical to `SessionType`.
pub enum ReaderEngagementSource {
pub enum DisclosureUriSource {
Link,
QrCode,
}
Expand All @@ -97,7 +97,7 @@ enum VerifierSessionDataCheckResult<I> {
ProposedDocuments(Vec<ProposedDocument<I>>),
}

impl ReaderEngagementSource {
impl DisclosureUriSource {
pub fn new(is_qr_code: bool) -> Self {
if is_qr_code {
Self::QrCode
Expand All @@ -107,7 +107,7 @@ impl ReaderEngagementSource {
}

/// Returns the expected session type for a source of the received [`ReaderEngagement`].
fn session_type(&self) -> SessionType {
pub fn session_type(&self) -> SessionType {
match self {
Self::Link => SessionType::SameDevice,
Self::QrCode => SessionType::CrossDevice,
Expand All @@ -122,7 +122,7 @@ where
pub async fn start<'a, S>(
client: H,
reader_engagement_bytes: &[u8],
reader_engagement_source: ReaderEngagementSource,
disclosure_uri_source: DisclosureUriSource,
mdoc_data_source: &S,
trust_anchors: &[TrustAnchor<'a>],
) -> Result<Self>
Expand All @@ -142,11 +142,11 @@ where
serde_urlencoded::from_str(verifier_url.query().ok_or(HolderError::MissingSessionType)?)
.map_err(HolderError::MalformedSessionType)?;

// Check the `SessionType` that was contained in the verifier URL against the source of the reader engagement.
// Check the `SessionType` that was contained in the verifier URL against the source of the URI.
// A same-device session is expected to come from a Universal Link,
// while a cross-device session should come from a scanned QR code.
if reader_engagement_source.session_type() != session_type {
return Err(HolderError::ReaderEnagementSourceMismatch(session_type, reader_engagement_source).into());
if disclosure_uri_source.session_type() != session_type {
return Err(HolderError::DisclosureUriSourceMismatch(session_type, disclosure_uri_source).into());
}

// Create a new `DeviceEngagement` message and private key. Use a
Expand Down Expand Up @@ -363,7 +363,7 @@ where
.collect()
}

pub async fn disclose<KF, K>(&self, key_factory: &KF) -> DisclosureResult<()>
pub async fn disclose<KF, K>(&self, key_factory: &KF) -> DisclosureResult<(), Error>
where
KF: KeyFactory<Key = K>,
K: MdocEcdsaKey,
Expand Down Expand Up @@ -481,7 +481,7 @@ mod tests {
let mut payloads = Vec::with_capacity(1);
let (disclosure_session, verifier_session, mut payload_receiver) = disclosure_session_start(
SessionType::SameDevice,
ReaderEngagementSource::Link,
DisclosureUriSource::Link,
ReaderCertificateKind::WithReaderRegistration,
&mut payloads,
identity,
Expand Down Expand Up @@ -605,7 +605,7 @@ mod tests {
let mut payloads = Vec::with_capacity(1);
let (disclosure_session, verifier_session, _) = disclosure_session_start(
SessionType::CrossDevice,
ReaderEngagementSource::QrCode,
DisclosureUriSource::QrCode,
ReaderCertificateKind::WithReaderRegistration,
&mut payloads,
identity,
Expand Down Expand Up @@ -661,7 +661,7 @@ mod tests {
let mut payloads = Vec::with_capacity(1);
let (disclosure_session, verifier_session, _) = disclosure_session_start(
SessionType::SameDevice,
ReaderEngagementSource::Link,
DisclosureUriSource::Link,
ReaderCertificateKind::WithReaderRegistration,
&mut payloads,
identity,
Expand Down Expand Up @@ -713,7 +713,7 @@ mod tests {
let mut payloads = Vec::with_capacity(1);
let (disclosure_session, verifier_session, _) = disclosure_session_start(
SessionType::SameDevice,
ReaderEngagementSource::Link,
DisclosureUriSource::Link,
ReaderCertificateKind::WithReaderRegistration,
&mut payloads,
identity,
Expand Down Expand Up @@ -766,7 +766,7 @@ mod tests {
let mut payloads = Vec::new();
let error = disclosure_session_start(
SessionType::SameDevice,
ReaderEngagementSource::Link,
DisclosureUriSource::Link,
ReaderCertificateKind::WithReaderRegistration,
&mut payloads,
|mut verifier_session| {
Expand All @@ -791,7 +791,7 @@ mod tests {
let mut payloads = Vec::new();
let error = disclosure_session_start(
SessionType::SameDevice,
ReaderEngagementSource::Link,
DisclosureUriSource::Link,
ReaderCertificateKind::WithReaderRegistration,
&mut payloads,
|mut verifier_session| {
Expand All @@ -818,7 +818,7 @@ mod tests {
let mut payloads = Vec::new();
let error = disclosure_session_start(
SessionType::SameDevice,
ReaderEngagementSource::Link,
DisclosureUriSource::Link,
ReaderCertificateKind::WithReaderRegistration,
&mut payloads,
|mut verifier_session| {
Expand Down Expand Up @@ -846,7 +846,7 @@ mod tests {
let mut payloads = Vec::new();
let error = disclosure_session_start(
SessionType::SameDevice,
ReaderEngagementSource::Link,
DisclosureUriSource::Link,
ReaderCertificateKind::WithReaderRegistration,
&mut payloads,
|mut verifier_session| {
Expand All @@ -867,19 +867,19 @@ mod tests {
}

#[rstest]
#[case(SessionType::SameDevice, ReaderEngagementSource::QrCode)]
#[case(SessionType::CrossDevice, ReaderEngagementSource::Link)]
#[case(SessionType::SameDevice, DisclosureUriSource::QrCode)]
#[case(SessionType::CrossDevice, DisclosureUriSource::Link)]
#[tokio::test]
async fn test_disclosure_session_start_error_reader_engagement_source_mismatch(
#[case] session_type: SessionType,
#[case] reader_engagement_source: ReaderEngagementSource,
#[case] uri_source: DisclosureUriSource,
) {
// Starting a `DisclosureSession` with a `ReaderEngagement` that contains a
// `SessionType` that is incompatible with its source should result in an error.
let mut payloads = Vec::new();
let error = disclosure_session_start(
session_type,
reader_engagement_source,
uri_source,
ReaderCertificateKind::WithReaderRegistration,
&mut payloads,
identity,
Expand All @@ -891,10 +891,10 @@ mod tests {

assert_matches!(
error,
Error::Holder(HolderError::ReaderEnagementSourceMismatch(
Error::Holder(HolderError::DisclosureUriSourceMismatch(
typ,
source
)) if typ == session_type && source == reader_engagement_source
)) if typ == session_type && source == uri_source
);
assert!(payloads.is_empty());
}
Expand All @@ -906,7 +906,7 @@ mod tests {
let mut payloads = Vec::new();
let error = disclosure_session_start(
SessionType::SameDevice,
ReaderEngagementSource::Link,
DisclosureUriSource::Link,
ReaderCertificateKind::WithReaderRegistration,
&mut payloads,
|mut verifier_session| {
Expand All @@ -931,7 +931,7 @@ mod tests {
let mut payloads = Vec::new();
let error = disclosure_session_start(
SessionType::SameDevice,
ReaderEngagementSource::QrCode,
DisclosureUriSource::QrCode,
ReaderCertificateKind::WithReaderRegistration,
&mut payloads,
|mut verifier_session| {
Expand Down Expand Up @@ -972,7 +972,7 @@ mod tests {
let error = DisclosureSession::start(
client,
&serialization::cbor_serialize(&reader_engagement).unwrap(),
ReaderEngagementSource::Link,
DisclosureUriSource::Link,
&mdoc_data_source,
&[],
)
Expand Down Expand Up @@ -1056,7 +1056,7 @@ mod tests {
let mut payloads = Vec::with_capacity(2);
let error = disclosure_session_start(
SessionType::SameDevice,
ReaderEngagementSource::Link,
DisclosureUriSource::Link,
ReaderCertificateKind::WithReaderRegistration,
&mut payloads,
|mut verifier_session| {
Expand All @@ -1080,7 +1080,7 @@ mod tests {
let mut payloads = Vec::with_capacity(2);
let error = disclosure_session_start(
SessionType::SameDevice,
ReaderEngagementSource::Link,
DisclosureUriSource::Link,
ReaderCertificateKind::WithReaderRegistration,
&mut payloads,
|mut verifier_session| {
Expand All @@ -1107,7 +1107,7 @@ mod tests {
let mut payloads = Vec::with_capacity(2);
let error = disclosure_session_start(
SessionType::SameDevice,
ReaderEngagementSource::Link,
DisclosureUriSource::Link,
ReaderCertificateKind::WithReaderRegistration,
&mut payloads,
identity,
Expand All @@ -1134,7 +1134,7 @@ mod tests {
let mut payloads = Vec::with_capacity(2);
let error = disclosure_session_start(
SessionType::SameDevice,
ReaderEngagementSource::Link,
DisclosureUriSource::Link,
ReaderCertificateKind::WithReaderRegistration,
&mut payloads,
identity,
Expand Down Expand Up @@ -1162,7 +1162,7 @@ mod tests {
let mut payloads = Vec::with_capacity(2);
let error = disclosure_session_start(
SessionType::SameDevice,
ReaderEngagementSource::Link,
DisclosureUriSource::Link,
ReaderCertificateKind::WithReaderRegistration,
&mut payloads,
|mut verifier_session| {
Expand All @@ -1189,7 +1189,7 @@ mod tests {
let mut payloads = Vec::with_capacity(2);
let error = disclosure_session_start(
SessionType::SameDevice,
ReaderEngagementSource::Link,
DisclosureUriSource::Link,
ReaderCertificateKind::WithReaderRegistration,
&mut payloads,
|mut verifier_session| {
Expand Down Expand Up @@ -1223,7 +1223,7 @@ mod tests {
let mut payloads = Vec::with_capacity(2);
let error = disclosure_session_start(
SessionType::SameDevice,
ReaderEngagementSource::Link,
DisclosureUriSource::Link,
ReaderCertificateKind::WithReaderRegistration,
&mut payloads,
identity,
Expand Down Expand Up @@ -1253,7 +1253,7 @@ mod tests {
let mut payloads = Vec::with_capacity(2);
let error = disclosure_session_start(
SessionType::SameDevice,
ReaderEngagementSource::Link,
DisclosureUriSource::Link,
ReaderCertificateKind::WithReaderRegistration,
&mut payloads,
identity,
Expand Down Expand Up @@ -1283,7 +1283,7 @@ mod tests {
let mut payloads = Vec::with_capacity(2);
let error = disclosure_session_start(
SessionType::SameDevice,
ReaderEngagementSource::Link,
DisclosureUriSource::Link,
ReaderCertificateKind::NoReaderRegistration,
&mut payloads,
identity,
Expand Down
6 changes: 3 additions & 3 deletions wallet_core/mdoc/src/holder/disclosure/test.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ use crate::{

use super::{
proposed_document::ProposedDocument,
session::{DisclosureSession, ReaderEngagementSource, VerifierUrlParameters},
session::{DisclosureSession, DisclosureUriSource, VerifierUrlParameters},
MdocDataSource, StoredMdoc,
};

Expand Down Expand Up @@ -454,7 +454,7 @@ pub enum ReaderCertificateKind {
/// defaults just before they are actually used.
pub async fn disclosure_session_start<FS, FM, FD>(
session_type: SessionType,
reader_engagement_source: ReaderEngagementSource,
disclosure_uri_source: DisclosureUriSource,
certificate_kind: ReaderCertificateKind,
payloads: &mut Vec<Vec<u8>>,
transform_verfier_session: FS,
Expand Down Expand Up @@ -509,7 +509,7 @@ where
let result = DisclosureSession::start(
client,
&verifier_session.reader_engagement_bytes(),
reader_engagement_source,
disclosure_uri_source,
&mdoc_data_source,
&verifier_session.trust_anchors(),
)
Expand Down
Loading

0 comments on commit 90b6526

Please sign in to comment.