-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
25 changed files
with
302 additions
and
1,158 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -22,3 +22,4 @@ captures | |
/.temp/ | ||
/.run/* | ||
kotlin-js-store/ | ||
.env |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
33 changes: 28 additions & 5 deletions
33
modules/openid-federation-client/src/commonMain/kotlin/com/sphereon/oid/fed/client/Client.kt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,11 +1,34 @@ | ||
package com.sphereon.oid.fed.client | ||
|
||
import com.sphereon.oid.fed.client.service.DefaultCallbacks | ||
import com.sphereon.oid.fed.client.trustchain.ITrustChainCallbackService | ||
import com.sphereon.oid.fed.client.crypto.ICryptoService | ||
import com.sphereon.oid.fed.client.crypto.cryptoService | ||
import com.sphereon.oid.fed.client.fetch.IFetchService | ||
import com.sphereon.oid.fed.client.fetch.fetchService | ||
import com.sphereon.oid.fed.client.trustchain.TrustChain | ||
import kotlin.js.JsExport | ||
|
||
class FederationClient(val trustChainService: ITrustChainCallbackService? = DefaultCallbacks.trustChainService()) { | ||
@JsExport.Ignore | ||
interface IFederationClient { | ||
val fetchServiceCallback: IFetchService? | ||
val cryptoServiceCallback: ICryptoService? | ||
} | ||
|
||
@JsExport.Ignore | ||
class FederationClient( | ||
override val fetchServiceCallback: IFetchService? = null, | ||
override val cryptoServiceCallback: ICryptoService? = null | ||
) : IFederationClient { | ||
private val fetchService: IFetchService = | ||
fetchServiceCallback ?: fetchService() | ||
private val cryptoService: ICryptoService = cryptoServiceCallback ?: cryptoService() | ||
|
||
private val trustChainService: TrustChain = TrustChain(fetchService, cryptoService) | ||
|
||
suspend fun resolveTrustChain(entityIdentifier: String, trustAnchors: Array<String>): MutableList<String>? { | ||
return trustChainService?.resolve(entityIdentifier, trustAnchors) | ||
suspend fun resolveTrustChain( | ||
entityIdentifier: String, | ||
trustAnchors: Array<String>, | ||
maxDepth: Int = 5 | ||
): MutableList<String>? { | ||
return trustChainService.resolve(entityIdentifier, trustAnchors, maxDepth) | ||
} | ||
} |
82 changes: 3 additions & 79 deletions
82
...enid-federation-client/src/commonMain/kotlin/com/sphereon/oid/fed/client/crypto/Crypto.kt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,90 +1,14 @@ | ||
package com.sphereon.oid.fed.client.crypto | ||
|
||
import com.sphereon.oid.fed.client.mapper.decodeJWTComponents | ||
import com.sphereon.oid.fed.client.service.DefaultCallbacks | ||
import com.sphereon.oid.fed.client.service.ICallbackService | ||
import com.sphereon.oid.fed.openapi.models.Jwk | ||
import kotlinx.serialization.json.Json | ||
import kotlinx.serialization.json.JsonArray | ||
import kotlinx.serialization.json.jsonArray | ||
import kotlinx.serialization.json.jsonObject | ||
import kotlinx.serialization.json.jsonPrimitive | ||
import kotlin.js.JsExport | ||
|
||
expect interface ICryptoCallbackMarkerType | ||
interface ICryptoMarkerType | ||
|
||
@JsExport.Ignore | ||
interface ICryptoCallbackService: ICryptoCallbackMarkerType { | ||
suspend fun verify( | ||
jwt: String, | ||
key: Jwk, | ||
): Boolean | ||
} | ||
|
||
@JsExport.Ignore | ||
interface ICryptoService: ICryptoMarkerType { | ||
interface ICryptoService { | ||
suspend fun verify( | ||
jwt: String, | ||
key: Jwk, | ||
key: Jwk | ||
): Boolean | ||
} | ||
|
||
expect fun cryptoService(platformCallback: ICryptoCallbackMarkerType = DefaultCallbacks.jwtService()): ICryptoService | ||
|
||
abstract class AbstractCryptoService<CallbackServiceType>(open val platformCallback: CallbackServiceType?): ICallbackService<CallbackServiceType> { | ||
private var disabled = false | ||
|
||
override fun isEnabled(): Boolean { | ||
return !this.disabled | ||
} | ||
|
||
override fun disable() = apply { | ||
this.disabled = true | ||
} | ||
|
||
override fun enable() = apply { | ||
this.disabled = false | ||
} | ||
|
||
protected fun assertEnabled() { | ||
if (!isEnabled()) { | ||
CryptoConst.LOG.info("CRYPTO verify has been disabled") | ||
throw IllegalStateException("CRYPTO service is disable; cannot verify") | ||
} else if (this.platformCallback == null) { | ||
CryptoConst.LOG.error("CRYPTO callback is not registered") | ||
throw IllegalStateException("CRYPTO has not been initialized. Please register your CryptoCallback implementation, or register a default implementation") | ||
} | ||
} | ||
} | ||
|
||
class CryptoService(override val platformCallback: ICryptoCallbackService = DefaultCallbacks.jwtService()): AbstractCryptoService<ICryptoCallbackService>(platformCallback), ICryptoService { | ||
override fun platform(): ICryptoCallbackService { | ||
return this.platformCallback | ||
} | ||
|
||
override suspend fun verify(jwt: String, key: Jwk): Boolean { | ||
assertEnabled() | ||
return this.platformCallback.verify(jwt, key) | ||
} | ||
|
||
} | ||
|
||
fun findKeyInJwks(keys: JsonArray, kid: String): Jwk? { | ||
val key = keys.firstOrNull { it.jsonObject["kid"]?.jsonPrimitive?.content?.trim() == kid.trim() } | ||
|
||
if (key == null) return null | ||
|
||
return Json.decodeFromJsonElement(Jwk.serializer(), key) | ||
} | ||
|
||
fun getKeyFromJwt(jwt: String): Jwk { | ||
val decodedJwt = decodeJWTComponents(jwt) | ||
|
||
val key = findKeyInJwks( | ||
decodedJwt.payload["jwks"]?.jsonObject?.get("keys")?.jsonArray ?: JsonArray(emptyList()), | ||
decodedJwt.header.kid | ||
) ?: throw IllegalStateException("Key not found") | ||
|
||
return key | ||
} | ||
expect fun cryptoService(): ICryptoService |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
62 changes: 2 additions & 60 deletions
62
...openid-federation-client/src/commonMain/kotlin/com/sphereon/oid/fed/client/fetch/Fetch.kt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,70 +1,12 @@ | ||
package com.sphereon.oid.fed.client.fetch | ||
|
||
import com.sphereon.oid.fed.client.service.DefaultCallbacks | ||
import com.sphereon.oid.fed.client.service.ICallbackService | ||
import io.ktor.client.* | ||
import kotlin.js.JsExport | ||
|
||
expect interface IFetchCallbackMarkerType | ||
interface IFetchMarkerType | ||
|
||
@JsExport.Ignore | ||
interface IFetchCallbackService: IFetchCallbackMarkerType { | ||
interface IFetchService { | ||
suspend fun fetchStatement( | ||
endpoint: String | ||
): String | ||
suspend fun getHttpClient(): HttpClient | ||
} | ||
|
||
@JsExport.Ignore | ||
interface IFetchService: IFetchMarkerType { | ||
suspend fun fetchStatement( | ||
endpoint: String | ||
): String | ||
suspend fun getHttpClient(): HttpClient | ||
} | ||
|
||
expect fun fetchService(platformCallback: IFetchCallbackMarkerType = DefaultCallbacks.fetchService()): IFetchService | ||
|
||
abstract class AbstractFetchService<CallbackServiceType>(open val platformCallback: CallbackServiceType): ICallbackService<CallbackServiceType> { | ||
private var disabled = false | ||
|
||
override fun isEnabled(): Boolean { | ||
return !this.disabled | ||
} | ||
|
||
override fun disable() = apply { | ||
this.disabled = true | ||
} | ||
|
||
override fun enable() = apply { | ||
this.disabled = false | ||
} | ||
|
||
protected fun assertEnabled() { | ||
if (!isEnabled()) { | ||
FetchConst.LOG.info("CRYPTO verify has been disabled") | ||
throw IllegalStateException("CRYPTO service is disable; cannot verify") | ||
} else if (this.platformCallback == null) { | ||
FetchConst.LOG.error("CRYPTO callback is not registered") | ||
throw IllegalStateException("CRYPTO has not been initialized. Please register your CryptoCallback implementation, or register a default implementation") | ||
} | ||
} | ||
} | ||
|
||
class FetchService(override val platformCallback: IFetchCallbackService = DefaultCallbacks.fetchService()): AbstractFetchService<IFetchCallbackService>(platformCallback), IFetchService { | ||
|
||
override fun platform(): IFetchCallbackService { | ||
return this.platformCallback | ||
} | ||
|
||
override suspend fun fetchStatement(endpoint: String): String { | ||
assertEnabled() | ||
return this.platformCallback.fetchStatement(endpoint) | ||
} | ||
|
||
override suspend fun getHttpClient(): HttpClient { | ||
assertEnabled() | ||
return this.platformCallback.getHttpClient() | ||
} | ||
} | ||
expect fun fetchService(): IFetchService |
23 changes: 23 additions & 0 deletions
23
...id-federation-client/src/commonMain/kotlin/com/sphereon/oid/fed/client/helpers/Helpers.kt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,9 +1,32 @@ | ||
package com.sphereon.oid.fed.client.helpers | ||
|
||
import com.sphereon.oid.fed.openapi.models.Jwk | ||
import kotlinx.serialization.json.Json | ||
import kotlinx.serialization.json.JsonArray | ||
import kotlinx.serialization.json.jsonObject | ||
import kotlinx.serialization.json.jsonPrimitive | ||
|
||
fun getEntityConfigurationEndpoint(iss: String): String { | ||
return "${if (iss.endsWith("/")) iss.dropLast(1) else iss}/.well-known/openid-federation" | ||
} | ||
|
||
fun getSubordinateStatementEndpoint(fetchEndpoint: String, sub: String, iss: String): String { | ||
return "${fetchEndpoint}?sub=$sub&iss=$iss" | ||
} | ||
|
||
fun findKeyInJwks(keys: JsonArray, kid: String): Jwk? { | ||
val key = keys.firstOrNull { it.jsonObject["kid"]?.jsonPrimitive?.content?.trim() == kid.trim() } | ||
|
||
if (key == null) return null | ||
|
||
return Json.decodeFromJsonElement(Jwk.serializer(), key) | ||
} | ||
|
||
fun checkKidInJwks(keys: Array<Jwk>, kid: String): Boolean { | ||
for (key in keys) { | ||
if (key.kid == kid) { | ||
return true | ||
} | ||
} | ||
return false | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
70 changes: 0 additions & 70 deletions
70
...on-client/src/commonMain/kotlin/com/sphereon/oid/fed/client/service/OIDFClientServices.kt
This file was deleted.
Oops, something went wrong.
Oops, something went wrong.