Skip to content

Commit

Permalink
Refactor RQESService to make defaultSigningAlgorithmOID optional and …
Browse files Browse the repository at this point in the history 
…get it from the rssp metadata.
  • Loading branch information
@phisakel
phisakel committed Nov 25, 2024
1 parent 975fcb1 commit d7b0ef7
Show file tree
Hide file tree
Showing 6 changed files with 25 additions and 12 deletions.
3 changes: 1 addition & 2 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -65,8 +65,7 @@ let cscClientConfig = CSCClientConfig(
)
var rqesService = RQESService(
clientConfig: cscClientConfig,
defaultHashAlgorithmOID: .SHA256,
defaultSigningAlgorithmOID: .RSA
defaultHashAlgorithmOID: .SHA256
)
```

Expand Down
6 changes: 3 additions & 3 deletions Sources/RqesKit/RQESService.swift
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,18 +32,17 @@ public class RQESService: RQESServiceProtocol, @unchecked Sendable {
var state: String?
var rqes: RQES!
var defaultHashAlgorithmOID: HashAlgorithmOID
var defaultSigningAlgorithmOID: SigningAlgorithmOID
var defaultSigningAlgorithmOID: SigningAlgorithmOID?
var fileExtension: String

/// Initialize the RQES service
/// - Parameter clientConfig: CSC client configuration
/// - Parameter defaultHashAlgorithmOID: The default hash algorithm OID
/// - Parameter defaultSigningAlgorithmOID: The default signing algorithm OID
/// - Parameter fileExtension: The file extension to be used for the signed documents
required public init(clientConfig: CSCClientConfig, defaultHashAlgorithmOID: HashAlgorithmOID = .SHA256, defaultSigningAlgorithmOID: SigningAlgorithmOID = .RSA, fileExtension: String = ".pdf") {
required public init(clientConfig: CSCClientConfig, defaultHashAlgorithmOID: HashAlgorithmOID = .SHA256, fileExtension: String = ".pdf") {
self.clientConfig = clientConfig
self.defaultHashAlgorithmOID = defaultHashAlgorithmOID
self.defaultSigningAlgorithmOID = defaultSigningAlgorithmOID
self.fileExtension = fileExtension
}

Expand All @@ -55,6 +54,7 @@ public class RQESService: RQESServiceProtocol, @unchecked Sendable {
// STEP 2: Retrieve service information using the InfoService
let request = InfoServiceRequest(lang: "en-US")
let response = try await rqes.getInfo(request: request)
if let algo = response.signAlgorithms.algos.first { defaultSigningAlgorithmOID = SigningAlgorithmOID(rawValue: algo) }
return response
}

Expand Down
4 changes: 2 additions & 2 deletions Sources/RqesKit/RQESServiceAuthorized.swift
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,10 +33,10 @@ public class RQESServiceAuthorized: RQESServiceAuthorizedProtocol, @unchecked Se
var authorizationDetailsJsonString: String?
var hashAlgorithmOID: HashAlgorithmOID?
var defaultHashAlgorithmOID: HashAlgorithmOID
var defaultSigningAlgorithmOID: SigningAlgorithmOID
var defaultSigningAlgorithmOID: SigningAlgorithmOID?
var fileExtension: String

public init(_ rqes: RQES, clientConfig: CSCClientConfig, defaultHashAlgorithmOID: HashAlgorithmOID, defaultSigningAlgorithmOID: SigningAlgorithmOID, fileExtension: String, state: String, accessToken: String) {
public init(_ rqes: RQES, clientConfig: CSCClientConfig, defaultHashAlgorithmOID: HashAlgorithmOID, defaultSigningAlgorithmOID: SigningAlgorithmOID?, fileExtension: String, state: String, accessToken: String) {
self.rqes = rqes
self.clientConfig = clientConfig
self.defaultHashAlgorithmOID = defaultHashAlgorithmOID
Expand Down
7 changes: 4 additions & 3 deletions Sources/RqesKit/RQESServiceCredentialAuthorized.swift
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,10 +31,10 @@ public class RQESServiceCredentialAuthorized: RQESServiceCredentialAuthorizedPro
var documents: [Document]
var calculateHashResponse: CalculateHashResponse
var hashAlgorithmOID: HashAlgorithmOID
var defaultSigningAlgorithmOID: SigningAlgorithmOID
var defaultSigningAlgorithmOID: SigningAlgorithmOID?
var fileExtension: String

public init(rqes: RQES, clientConfig: CSCClientConfig, credentialInfo: CredentialInfo, credentialAccessToken: String, documents: [Document], calculateHashResponse: CalculateHashResponse, hashAlgorithmOID: HashAlgorithmOID, defaultSigningAlgorithmOID: SigningAlgorithmOID, fileExtension: String) {
public init(rqes: RQES, clientConfig: CSCClientConfig, credentialInfo: CredentialInfo, credentialAccessToken: String, documents: [Document], calculateHashResponse: CalculateHashResponse, hashAlgorithmOID: HashAlgorithmOID, defaultSigningAlgorithmOID: SigningAlgorithmOID?, fileExtension: String) {
self.rqes = rqes
self.clientConfig = clientConfig
self.credentialInfo = credentialInfo
Expand All @@ -58,7 +58,8 @@ public class RQESServiceCredentialAuthorized: RQESServiceCredentialAuthorizedPro
/// that were passed to the ``RQESServiceAuthorizedProtocol.getCredentialAuthorizationUrl`` method.
public func signDocuments(signAlgorithmOID: SigningAlgorithmOID? = nil, certificates: [X509.Certificate]? = nil) async throws -> [Document] {
// STEP 12: Sign the calculated hash with the credential
let signHashRequest = SignHashRequest(credentialID: credentialInfo.credentialID, hashes: calculateHashResponse.hashes, hashAlgorithmOID: hashAlgorithmOID, signAlgo: signAlgorithmOID ?? defaultSigningAlgorithmOID, operationMode: "S")
guard let signAlgo = signAlgorithmOID ?? defaultSigningAlgorithmOID else { throw NSError(domain: "RQES", code: 0, userInfo: [NSLocalizedDescriptionKey: "No signing algorithm provided"]) }
let signHashRequest = SignHashRequest(credentialID: credentialInfo.credentialID, hashes: calculateHashResponse.hashes, hashAlgorithmOID: hashAlgorithmOID, signAlgo: signAlgo, operationMode: "S")
let signHashResponse = try await rqes.signHash(request: signHashRequest, accessToken: credentialAccessToken)
let certs = certificates?.map(\.base64String) ?? credentialInfo.cert.certificates
// STEP 13: Obtain the signed document
Expand Down
3 changes: 1 addition & 2 deletions Sources/RqesKit/RqesProtocols.swift
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,9 +26,8 @@ public protocol RQESServiceProtocol {
/// Initialize the RQES service
/// - Parameter clientConfig: CSC client configuration
/// - Parameter defaultHashAlgorithmOID: The default hash algorithm OID
/// - Parameter defaultSigningAlgorithmOID: The default signing algorithm OID
/// - Parameter fileExtension: The file extension to be used for the signed documents
init(clientConfig: CSCClientConfig, defaultHashAlgorithmOID: HashAlgorithmOID, defaultSigningAlgorithmOID: SigningAlgorithmOID, fileExtension: String)
init(clientConfig: CSCClientConfig, defaultHashAlgorithmOID: HashAlgorithmOID, fileExtension: String)
/// Retrieve the RSSP metadata
func getRSSPMetadata() async throws -> RSSPMetadata
/// Retrieve the service authorization URL
Expand Down
14 changes: 14 additions & 0 deletions Tests/RqesKitTests/RqesKitTests.swift
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,3 +13,17 @@ import SwiftASN1
#expect(ser.serializedBytes == certData)
#expect(Data(ser.serializedBytes).base64EncodedString() == certBase64)
}

@Test func ensureDefaultSignAlgorithmExists() async throws {
let cscClientConfig = CSCClientConfig(
OAuth2Client: CSCClientConfig.OAuth2Client(clientId: "wallet-client", clientSecret: "somesecret2"),
authFlowRedirectionURI: "https://oauthdebugger.com/debug",
scaBaseURL: "https://walletcentric.signer.eudiw.dev"
)
let rqesService = RQESService(clientConfig: cscClientConfig, defaultHashAlgorithmOID: .SHA256)
let rsspMetadata = try await rqesService.getRSSPMetadata()
#expect(rsspMetadata.signAlgorithms.algos.count > 0)
#expect(rqesService.defaultSigningAlgorithmOID != nil)
print("Default signing algorithm: \(rsspMetadata.signAlgorithms.algos.first ?? "")")

}

0 comments on commit d7b0ef7

Please sign in to comment.