Merge branch 'EWC-consortium:main' into main

Author: josmilan

Sources/eudiWalletOidcIos/Helper/EncryptionKeyHandler/Crypto Kit/CryptoKitHandler.swift

@@ -11,17 +11,26 @@ import CryptoKit
 public class CryptoKitHandler:NSObject, SecureKeyProtocol{
 
     public var keyStorageType: SecureKeyTypes = .cryptoKit
+    var secureKeyData: SecureKeyData? = nil
 
-    public func generateSecureKey() -> SecureKeyData?{
-        let privateKey =  P256.Signing.PrivateKey()
-        return SecureKeyData(publicKey: privateKey.publicKey.rawRepresentation, privateKey: privateKey.rawRepresentation)
+    public init(secureKeyData: SecureKeyData? = nil) {
+        super.init()
+        self.secureKeyData = secureKeyData
+        self.keyStorageType = .cryptoKit
     }
 
-
+    public func generateSecureKey() -> SecureKeyData?{
+        if let keys = secureKeyData{
+          return keys
+        } else {
+          let privateKey = P256.Signing.PrivateKey()
+          return SecureKeyData(publicKey: privateKey.publicKey.rawRepresentation, privateKey: privateKey.rawRepresentation)
+        }
+      }
+    
     public func sign(payload: String, header: Data, withKey privateKey: Data?) -> String?{
         if let privateKeyData = privateKey{
             do{
-
                 let payloadData = Data(payload.utf8)
                 let unsignedToken = "\(header.base64URLEncodedString()).\(payloadData.base64URLEncodedString())"
                 if let data = unsignedToken.data(using: .utf8){
@@ -30,7 +39,6 @@ public class CryptoKitHandler:NSObject, SecureKeyProtocol{
                     let idToken = "\(unsignedToken).\(signedData.rawRepresentation.base64URLEncodedString())"
                     return idToken
                 }
-
             }
             catch{
                 return nil

Sources/eudiWalletOidcIos/Helper/EncryptionKeyHandler/EDDSA/EDDSAKeyHandler.swift

@@ -11,17 +11,26 @@ import Crypto
 public class EDDSAKeyHandler:NSObject, SecureKeyProtocol{
 
     public var keyStorageType: SecureKeyTypes = .eddsa
+    var secureKeyData: SecureKeyData? = nil
+    
+    public init(secureKeyData: SecureKeyData? = nil) {
+        super.init()
+        self.secureKeyData = secureKeyData
+        self.keyStorageType = .eddsa
+    }
 
     public func generateSecureKey() -> SecureKeyData?{
-        let privateKey = Curve25519.Signing.PrivateKey()
-        return SecureKeyData(publicKey: privateKey.publicKey.rawRepresentation, privateKey: privateKey.rawRepresentation)
+        if let keys = secureKeyData{
+          return keys
+        } else {
+            let privateKey = Curve25519.Signing.PrivateKey()
+            return SecureKeyData(publicKey: privateKey.publicKey.rawRepresentation, privateKey: privateKey.rawRepresentation)
+        }
     }
 
-
     public func sign(payload: String, header: Data, withKey privateKey: Data?) -> String?{
         if let privateKeyData = privateKey{
             do{
-
                 let payloadData = Data(payload.utf8)
                 let unsignedToken = "\(header.base64URLEncodedString()).\(payloadData.base64URLEncodedString())"
                 if let data = unsignedToken.data(using: .utf8){
@@ -30,7 +39,6 @@ public class EDDSAKeyHandler:NSObject, SecureKeyProtocol{
                     let idToken = "\(unsignedToken).\(signedData.urlSafeBase64EncodedString()))"
                     return idToken
                 }
-
             }
             catch{
                 return nil

Sources/eudiWalletOidcIos/Helper/EncryptionKeyHandler/Secure Enclave/SecureEnclaveHandler.swift

@@ -11,21 +11,21 @@ public class SecureEnclaveHandler: NSObject, SecureKeyProtocol{
 
     var privateKeyLabel = ""
     var publicKeyLabel = ""
-    var organisationID = ""
+    var keyID = ""
     var secureEnclaveHandler: SecureEnclave?
     public var keyStorageType: SecureKeyTypes = .cryptoKit
 
-    public init(organisationID: String) {
+    public init(keyID: String) {
         super.init()
-        self.organisationID = organisationID
+        self.keyID = keyID
         self.keyStorageType = .secureEnclave
     }
 
     //Creating secure enclave instance with unique identifer for the keys
     private func createSecureEnclaveHandlerFor() -> Bool{
-        if !organisationID.isEmpty{
+        if !keyID.isEmpty{
             secureEnclaveHandler = nil
-            privateKeyLabel = "com.EudiWallet.\(organisationID).PrivateKey"
+            privateKeyLabel = "com.EudiWallet.\(keyID).PrivateKey"
             secureEnclaveHandler = SecureEnclave(privateKeyApplicationTag: privateKeyLabel)
             return true
             } else{

Sources/eudiWalletOidcIos/Model/PresentationDefinitionModel.swift

@@ -47,6 +47,7 @@ public struct Field: Codable {
 public struct Filter: Codable {
     public let type: String?
     public let contains: Contains?
+    public let const: String?
     public let pattern: String?
 }
 // MARK: - Contains

Sources/eudiWalletOidcIos/Model/PresentationRequest.swift

@@ -12,6 +12,7 @@ public struct PresentationRequest: Codable {
     public var clientMetaData: String?
     public var presentationDefinitionUri: String?
     public var clientMetaDataUri: String?
+    public var transactionData: [String]?
     enum CodingKeys: String, CodingKey {
         case state = "state"
         case clientId = "client_id"
@@ -27,8 +28,9 @@ public struct PresentationRequest: Codable {
         case clientMetaData = "client_metadata"
         case presentationDefinitionUri = "presentation_definition_uri"
         case clientMetaDataUri = "client_metadata_uri"
+        case transactionData = "transaction_data"
     }
-    public init(state: String?, clientId: String?, redirectUri: String?, responseUri: String?, responseType: String?, responseMode: String?, scope: String?, nonce: String?, requestUri: String?, presentationDefinition: String?, clientMetaData:  String?, presentationDefinitionUri: String?, clientMetaDataUri: String?, clientIDScheme: String?) {
+    public init(state: String?, clientId: String?, redirectUri: String?, responseUri: String?, responseType: String?, responseMode: String?, scope: String?, nonce: String?, requestUri: String?, presentationDefinition: String?, clientMetaData:  String?, presentationDefinitionUri: String?, clientMetaDataUri: String?, clientIDScheme: String?, transactionData: [String]) {
         self.state = state
         self.clientId = clientId
         self.redirectUri = redirectUri
@@ -43,6 +45,7 @@ public struct PresentationRequest: Codable {
         self.presentationDefinitionUri = presentationDefinitionUri
         self.clientMetaDataUri = clientMetaDataUri
         self.clientIDScheme = clientIDScheme
+        self.transactionData = transactionData
     }
 
     public init(from decoder: Decoder) throws {
@@ -65,11 +68,15 @@ public struct PresentationRequest: Codable {
         } else {
             presentationDefinition = nil
         }
-        if let clientMetaDataModel = try? container.decode(ClientMetaData.self, forKey: . clientMetaData) {
+        if let clientMetaDataModel = try? container.decode(ClientMetaData.self, forKey: .clientMetaData) {
             clientMetaData = clientMetaDataModel.toJSONString()
         }
         presentationDefinitionUri = try container.decodeIfPresent(String.self, forKey: .presentationDefinitionUri)
         clientMetaDataUri = try container.decodeIfPresent(String.self, forKey: .clientMetaDataUri)
+        transactionData = try container.decodeIfPresent([String].self, forKey: .transactionData)
+//        if let transactionDataModel = try? container.decode(TransactionData.self, forKey: .transactionData) {
+//            transactionData = transactionDataModel.toJSONString()
+//        }
     }
 }
 public struct ClientMetaData: Codable {
@@ -99,3 +106,64 @@ public struct ClientMetaData: Codable {
     }
 
 }
+public struct TransactionData: Codable {
+    public var type: String?
+    public var credentialIDs: [String]?
+    public var paymentData: PaymentData?
+    enum CodingKeys: String, CodingKey {
+        case type = "type"
+        case credentialIDs = "credential_ids"
+        case paymentData = "payment_data"
+    }
+    public init(type: String?, credentialIDs: [String]?, paymentData: PaymentData?) {
+        self.type = type
+        self.credentialIDs = credentialIDs
+        self.paymentData = paymentData
+    }
+    
+    public init(from decoder: Decoder) throws {
+        let container = try decoder.container(keyedBy: CodingKeys.self)
+        type = try container.decodeIfPresent(String.self, forKey: .type)
+        credentialIDs = try container.decodeIfPresent([String].self, forKey: .credentialIDs)
+        paymentData = try container.decodeIfPresent(PaymentData.self, forKey: .paymentData)
+    }
+    
+}
+public struct PaymentData: Codable {
+    public var payee: String?
+    public var currencyAmount: CurrencyAmount?
+    
+    enum CodingKeys: String, CodingKey {
+        case payee = "payee"
+        case currencyAmount = "currency_amount"
+    }
+    public init(payee: String?, currencyAmount: CurrencyAmount?) {
+        self.payee = payee
+        self.currencyAmount = currencyAmount
+    }
+    
+    public init(from decoder: Decoder) throws {
+        let container = try decoder.container(keyedBy: CodingKeys.self)
+        payee = try container.decodeIfPresent(String.self, forKey: .payee)
+        currencyAmount = try container.decodeIfPresent(CurrencyAmount.self, forKey: .currencyAmount)
+    }
+}
+public struct CurrencyAmount: Codable {
+    public var currency: String?
+    public var value: Double?
+    
+    enum CodingKeys: String, CodingKey {
+        case currency = "currency"
+        case value = "value"
+    }
+    public init(currency: String?, value: Double?) {
+        self.currency = currency
+        self.value = value
+    }
+    
+    public init(from decoder: Decoder) throws {
+        let container = try decoder.container(keyedBy: CodingKeys.self)
+        currency = try container.decodeIfPresent(String.self, forKey: .currency)
+        value = try container.decodeIfPresent(Double.self, forKey: .value)
+    }
+}

Sources/eudiWalletOidcIos/Service/CredentialValidation/CredentialValidatorService.swift

@@ -16,7 +16,7 @@ public class CredentialValidatorService: CredentialValidaorProtocol {
     public init() {}
 
     public func validateCredential(jwt: String?, jwksURI: String?, format: String) async throws {
-        let isJWTExpired = ExpiryValidator.validateExpiryDate(jwt: jwt, format: format) ?? false
+        let isJWTExpired = ExpiryValidator().validateExpiryDate(jwt: jwt, format: format) ?? false
         let isSignatureExpied = try await SignatureValidator.validateSign(jwt: jwt, jwksURI: jwksURI, format: format) ?? false
         if isJWTExpired {
             throw ValidationError.JWTExpired

Sources/eudiWalletOidcIos/Service/CredentialValidation/ExpiryValidator.swift

@@ -4,31 +4,29 @@
 //
 //  Created by iGrant on 25/07/24.
 //
-
 import Foundation
 import SwiftCBOR
-
-
-class ExpiryValidator {
-
-    static func validateExpiryDate(jwt: String?, format: String) -> Bool? {
-    var expirationDate: String = ""
-    if format == "mso_mdoc" {
-        if let issuerAuthData = getIssuerAuth(credential: jwt ?? "") {
-            expirationDate = getExpiryFromIssuerAuth(cborData: issuerAuthData) ?? ""
+public class ExpiryValidator {
+    
+    public init () {}
+    
+    public func validateExpiryDate(jwt: String?, format: String) -> Bool? {
+        var expirationDate: String = ""
+        if format == "mso_mdoc" {
+            if let issuerAuthData = ExpiryValidator.getIssuerAuth(credential: jwt ?? "") {
+                expirationDate = ExpiryValidator.getExpiryFromIssuerAuth(cborData: issuerAuthData) ?? ""
+            } else {
+                return false
+            }
         } else {
-            return false
+            guard let split = jwt?.split(separator: "."), split.count > 1,  let jsonString = "\(split[1])".decodeBase64(),
+                  let jsonObject = UIApplicationUtils.shared.convertStringToDictionary(text: jsonString) else { return false }
+            guard let vc = jsonObject["vc"] as? [String: Any], let expiryDate = vc["expirationDate"] as? String else { return false }
+            expirationDate = expiryDate
         }
-    } else {
-
-        guard let split = jwt?.split(separator: "."), split.count > 1,  let jsonString = "\(split[1])".decodeBase64(),
-              let jsonObject = UIApplicationUtils.shared.convertStringToDictionary(text: jsonString) else { return false }
-        guard let vc = jsonObject["vc"] as? [String: Any], let expiryDate = vc["expirationDate"] as? String else { return false }
-        expirationDate = expiryDate
-    }
-    let dateFormatter = DateFormatter()
+        let dateFormatter = DateFormatter()
         dateFormatter.dateFormat = "yyyy-MM-dd'T'HH:mm:ss'Z'"
-    dateFormatter.timeZone = TimeZone(secondsFromGMT: 0)
+        dateFormatter.timeZone = TimeZone(secondsFromGMT: 0)
         guard let expiryDate = dateFormatter.date(from: expirationDate) else { return false}
         let currentDate = Date()
         if currentDate <= expiryDate {
@@ -37,9 +35,7 @@ class ExpiryValidator {
             return true
         }
     }
-
-
-static func getIssuerAuth(credential: String) -> CBOR? {
+    static func getIssuerAuth(credential: String) -> CBOR? {
         // Convert the base64 URL encoded credential to Data
         if let data = Data(base64URLEncoded: credential) {
             do {
@@ -63,60 +59,57 @@ static func getIssuerAuth(credential: String) -> CBOR? {
 
         return nil // Return nil if "issuerAuth" is not found
     }
-
-
-static  func getExpiryFromIssuerAuth(cborData: CBOR) -> String? {
-    guard case let CBOR.array(elements) = cborData else {
-        print("Expected CBOR array, but got something else.")
-        return nil
-    }
-    var docType: String? = ""
-    for element in elements {
-        if case let CBOR.byteString(byteString) = element {
-            if let nestedCBOR = try? CBOR.decode(byteString) {
-        if case let CBOR.tagged(tag, item) = nestedCBOR, tag.rawValue == 24 {
-            if case let CBOR.byteString(data) = item {
-                if let decodedInnerCBOR = try? CBOR.decode([UInt8](data)) {
-            docType = extractExpiry(cborData: decodedInnerCBOR )
+    static  func getExpiryFromIssuerAuth(cborData: CBOR) -> String? {
+        guard case let CBOR.array(elements) = cborData else {
+            print("Expected CBOR array, but got something else.")
+            return nil
+        }
+        var docType: String? = ""
+        for element in elements {
+            if case let CBOR.byteString(byteString) = element {
+                if let nestedCBOR = try? CBOR.decode(byteString) {
+                    if case let CBOR.tagged(tag, item) = nestedCBOR, tag.rawValue == 24 {
+                        if case let CBOR.byteString(data) = item {
+                            if let decodedInnerCBOR = try? CBOR.decode([UInt8](data)) {
+                                docType = extractExpiry(cborData: decodedInnerCBOR )
+                            } else {
+                                print("Failed to decode inner ByteString under Tag 24.")
+                            }
+                        }
+                    }
                 } else {
-                    print("Failed to decode inner ByteString under Tag 24.")
+                    print("Could not decode ByteString as CBOR, inspecting data directly.")
+                    print("ByteString data: \(byteString)")
                 }
-            }
-        }
             } else {
-                print("Could not decode ByteString as CBOR, inspecting data directly.")
-                print("ByteString data: \(byteString)")
+                print("Element: \(element)")
             }
-        } else {
-            print("Element: \(element)")
         }
+        return docType ?? ""
     }
-    return docType ?? ""
-}
-
-static func extractExpiry(cborData: CBOR) -> String? {
-    guard case let CBOR.map(map) = cborData else {
-        return nil
-    }
-   for (key, value) in map {
-        if case let CBOR.utf8String(keyString) = key, keyString == "validityInfo" {
-            if case let CBOR.map(validityMap) = value {
-                for (validityKey, validityValue) in validityMap {
-                    if case let CBOR.utf8String(validityKeyString) = validityKey, validityKeyString == "validUntil" {
-                        if case let CBOR.tagged(_, CBOR.utf8String(validUntilString)) = validityValue {
-                            return validUntilString
-                        } else {
-                            print("The value associated with 'validUntil' is not in the expected format.")
+    static func extractExpiry(cborData: CBOR) -> String? {
+        guard case let CBOR.map(map) = cborData else {
+            return nil
+        }
+        for (key, value) in map {
+            if case let CBOR.utf8String(keyString) = key, keyString == "validityInfo" {
+                if case let CBOR.map(validityMap) = value {
+                    for (validityKey, validityValue) in validityMap {
+                        if case let CBOR.utf8String(validityKeyString) = validityKey, validityKeyString == "validUntil" {
+                            if case let CBOR.tagged(_, CBOR.utf8String(validUntilString)) = validityValue {
+                                return validUntilString
+                            } else {
+                                print("The value associated with 'validUntil' is not in the expected format.")
+                            }
                         }
                     }
+                } else {
+                    print("The value associated with 'validityInfo' is not a map.")
                 }
-            } else {
-                print("The value associated with 'validityInfo' is not a map.")
             }
         }
+        print("validityInfo not found in the CBOR map.")
+        return nil
     }
-    print("validityInfo not found in the CBOR map.")
-    return nil
-}
 
 }