[feature] OID4VCI / Credential Response Encryption

Author: TakahikoKawasaki

pom.xml

@@ -12,7 +12,7 @@
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
 
-    <authlete.java.common.version>3.83</authlete.java.common.version>
+    <authlete.java.common.version>3.86</authlete.java.common.version>
     <authlete.java.jaxrs.version>2.66</authlete.java.jaxrs.version>
     <javax.servlet-api.version>3.0.1</javax.servlet-api.version>
     <jersey.version>2.30.1</jersey.version>

src/main/java/com/authlete/jaxrs/server/api/vci/BatchCredentialEndpoint.java

@@ -137,6 +137,9 @@ private Response issue(
             case CALLER_ERROR:
                 return ResponseUtil.internalServerErrorJson(content, headers);
 
+            case BAD_REQUEST:
+                return ResponseUtil.badRequestJson(content, headers);
+
             case UNAUTHORIZED:
                 return ResponseUtil.unauthorized(accessToken, content, headers);
 
@@ -146,6 +149,9 @@ private Response issue(
             case OK:
                 return ResponseUtil.okJson(content, headers);
 
+            case OK_JWT:
+                return ResponseUtil.okJwt(content, headers);
+
             case INTERNAL_SERVER_ERROR:
             default:
                 return ResponseUtil.internalServerErrorJson(content, headers);

src/main/java/com/authlete/jaxrs/server/api/vci/CredentialEndpoint.java

@@ -139,6 +139,9 @@ private Response issue(
             case CALLER_ERROR:
                 return ResponseUtil.internalServerErrorJson(content, headers);
 
+            case BAD_REQUEST:
+                return ResponseUtil.badRequestJson(content, headers);
+
             case UNAUTHORIZED:
                 return ResponseUtil.unauthorized(accessToken, content, headers);
 
@@ -148,9 +151,15 @@ private Response issue(
             case OK:
                 return ResponseUtil.okJson(content, headers);
 
+            case OK_JWT:
+                return ResponseUtil.okJwt(content, headers);
+
             case ACCEPTED:
                 return ResponseUtil.acceptedJson(content, headers);
 
+            case ACCEPTED_JWT:
+                return ResponseUtil.acceptedJwt(content, headers);
+
             case INTERNAL_SERVER_ERROR:
             default:
                 return ResponseUtil.internalServerErrorJson(content, headers);

src/main/java/com/authlete/jaxrs/server/api/vci/CredentialOfferPageModel.java

@@ -21,6 +21,7 @@
 import java.io.IOException;
 import java.net.URLEncoder;
 import java.util.Base64;
+import java.util.List;
 import java.util.Map;
 import javax.imageio.ImageIO;
 import com.authlete.common.dto.CredentialOfferCreateRequest;
@@ -57,12 +58,7 @@ public class CredentialOfferPageModel extends AuthorizationPageModel
 
 
     private static final String DEFAULT_CREDENTIALS = "[\n" +
-            "  {\n" +
-            "    \"format\": \"vc+sd-jwt\",\n" +
-            "    \"credential_definition\": {\n" +
-            "      \"type\": \"IdentityCredential\"\n" +
-            "    }\n" +
-            "  }\n" +
+            "  \"IdentityCredential\"\n" +
             "]";
 
 
@@ -165,11 +161,53 @@ public CredentialOfferCreateRequest toRequest(final User user)
                 .setUserPinRequired(this.userPinRequired)
                 .setUserPinLength(this.userPinLength)
                 .setDuration(this.duration)
-                .setCredentials(this.credentials)
+                .setCredentials(parseAsStringArray("credentials", this.credentials))
                 .setSubject(user.getSubject());
     }
 
 
+    private String[] parseAsStringArray(String name, String json)
+    {
+        List<?> list = parseAsList(name, json);
+
+        if (list == null)
+        {
+            return null;
+        }
+
+        int size = list.size();
+
+        for (int i = 0; i < size; i++)
+        {
+            Object element = list.get(i);
+
+            if (!(element instanceof String))
+            {
+                throw ExceptionUtil.badRequestException(String.format(
+                        "All the elements in the '%s' array must be a string, but the element at the index %d is not.",
+                        name, i));
+            }
+        }
+
+        return list.stream().map(element -> (String)element).toArray(String[]::new);
+    }
+
+
+    private List<?> parseAsList(String name, String json)
+    {
+        try
+        {
+            // Parse as a JSON array.
+            return new Gson().fromJson(json, List.class);
+        }
+        catch (Exception cause)
+        {
+            throw ExceptionUtil.badRequestException(String.format(
+                    "The value of '%s' should be a JSON array.", name));
+        }
+    }
+
+
     public String getCredentials()
     {
         return credentials;

src/main/java/com/authlete/jaxrs/server/api/vci/DeferredCredentialEndpoint.java

@@ -147,12 +147,18 @@ private Response issue(
             case CALLER_ERROR:
                 return ResponseUtil.internalServerErrorJson(content, headers);
 
+            case BAD_REQUEST:
+                return ResponseUtil.badRequestJson(content, headers);
+
             case FORBIDDEN:
                 return ResponseUtil.forbiddenJson(content, headers);
 
             case OK:
                 return ResponseUtil.okJson(content, headers);
 
+            case OK_JWT:
+                return ResponseUtil.okJwt(content, headers);
+
             case INTERNAL_SERVER_ERROR:
             default:
                 return ResponseUtil.internalServerErrorJson(content, headers);

src/main/java/com/authlete/jaxrs/server/util/ProcessingUtil.java

@@ -15,6 +15,7 @@
 public class ProcessingUtil
 {
 
+    @SuppressWarnings("unchecked")
     public static <K, V> Map<K, V> flattenMultivaluedMap(final MultivaluedMap<K, V> multimap)
     {
         return multimap.entrySet().stream()

src/main/java/com/authlete/jaxrs/server/util/ResponseUtil.java

@@ -52,6 +52,13 @@ public class ResponseUtil
     private static final MediaType MEDIA_TYPE_JSON =
             MediaType.APPLICATION_JSON_TYPE.withCharset("UTF-8");
 
+    /**
+     * {@code "application/jwt"}
+     */
+    private static final MediaType MEDIA_TYPE_JWT =
+            new MediaType("application", "jwt");
+
+
 
     /**
      * Build a "text/plain" response of "200 OK".
@@ -95,6 +102,12 @@ public static Response okJson(String entity, Map<String, Object> headers)
     }
 
 
+    public static Response okJwt(String entity, Map<String, Object> headers)
+    {
+        return builderForJwt(Status.OK, entity, headers).build();
+    }
+
+
     /**
      * Build a "text/html" response of "200 OK".
      *
@@ -137,6 +150,12 @@ public static Response acceptedJson(String entity, Map<String, Object> headers)
     }
 
 
+    public static Response acceptedJwt(String entity, Map<String, Object> headers)
+    {
+        return builderForJwt(Status.ACCEPTED, entity, headers).build();
+    }
+
+
     /**
      * Build a response of "204 No Content".
      *
@@ -455,6 +474,13 @@ private static ResponseBuilder builderForJson(
     }
 
 
+    private static ResponseBuilder builderForJwt(
+            Status status, String entity, Map<String, Object> headers)
+    {
+        return builder(status, entity, MEDIA_TYPE_JWT, headers);
+    }
+
+
     private static ResponseBuilder builder(
             Status status, Object entity, MediaType type, Map<String, Object> headers)
     {