Skip to content

Commit

Permalink
feat: Add trust-registry option in wallet-cli flows (#1594)
Browse files Browse the repository at this point in the history
Allow to substitute the default trust-registry client.

Signed-off-by: Bob Stasyszyn <Bob.Stasyszyn@securekey.com>
  • Loading branch information
bstasyszyn authored Feb 6, 2024
1 parent 41926f5 commit 8a09d1e
Show file tree
Hide file tree
Showing 2 changed files with 46 additions and 5 deletions.
25 changes: 23 additions & 2 deletions component/wallet-cli/pkg/oidc4vci/oidc4vci_flow.go
Original file line number Diff line number Diff line change
Expand Up @@ -64,6 +64,10 @@ const (
FlowTypePreAuthorizedCode = "pre-authorized_code"
)

type trustRegistry interface {
ValidateIssuer(issuerDID, issuerDomain, credentialType, credentialFormat string, clientAttestationRequested bool) error
}

type Flow struct {
httpClient *http.Client
documentLoader ld.DocumentLoader
Expand All @@ -73,6 +77,7 @@ type Flow struct {
wallet *wallet.Wallet
wellKnownService *wellknown.Service
trustRegistryURL string
trustRegistryClient trustRegistry
flowType FlowType
credentialOffer string
credentialType string
Expand Down Expand Up @@ -188,6 +193,14 @@ func NewFlow(p provider, opts ...Opt) (*Flow, error) {
}
}

var trustRegistry trustRegistry

if o.trustRegistry != nil {
trustRegistry = o.trustRegistry
} else if o.trustRegistryURL != "" {
trustRegistry = trustregistry.NewClient(p.HTTPClient(), o.trustRegistryURL)
}

return &Flow{
httpClient: p.HTTPClient(),
documentLoader: p.DocumentLoader(),
Expand All @@ -211,6 +224,7 @@ func NewFlow(p provider, opts ...Opt) (*Flow, error) {
issuerState: o.issuerState,
pin: o.pin,
trustRegistryURL: o.trustRegistryURL,
trustRegistryClient: trustRegistry,
perfInfo: &PerfInfo{},
}, nil
}
Expand Down Expand Up @@ -264,7 +278,7 @@ func (f *Flow) Run(ctx context.Context) (*verifiable.Credential, error) {
requireWalletAttestation := openIDConfig.TokenEndpointAuthMethodsSupported != nil &&
lo.Contains(openIDConfig.TokenEndpointAuthMethodsSupported, attestJWTClientAuthType)

if f.trustRegistryURL != "" {
if f.trustRegistryClient != nil {
if credentialOfferResponse == nil || len(credentialOfferResponse.Credentials) == 0 {
return nil, fmt.Errorf("credential offer is empty")
}
Expand All @@ -290,7 +304,7 @@ func (f *Flow) Run(ctx context.Context) (*verifiable.Credential, error) {

credentialFormat := string(credentialOffer.Format)

if err = trustregistry.NewClient(f.httpClient, f.trustRegistryURL).
if err = f.trustRegistryClient.
ValidateIssuer(
issuerDID,
"",
Expand Down Expand Up @@ -941,6 +955,7 @@ type options struct {
issuerState string
pin string
trustRegistryURL string
trustRegistry trustRegistry
walletDIDIndex int
}

Expand Down Expand Up @@ -1030,6 +1045,12 @@ func WithTrustRegistryURL(url string) Opt {
}
}

func WithTrustRegistry(value trustRegistry) Opt {
return func(opts *options) {
opts.trustRegistry = value
}
}

func WithWalletDIDIndex(idx int) Opt {
return func(opts *options) {
opts.walletDIDIndex = idx
Expand Down
26 changes: 23 additions & 3 deletions component/wallet-cli/pkg/oidc4vp/oidc4vp_flow.go
Original file line number Diff line number Diff line change
Expand Up @@ -53,6 +53,10 @@ const (
customScopeWalletDetails = "walletdetails"
)

type trustRegistry interface {
ValidateVerifier(verifierDID, verifierDomain string, credentials []*verifiable.Credential) error
}

type Flow struct {
httpClient *http.Client
documentLoader ld.DocumentLoader
Expand All @@ -67,6 +71,7 @@ type Flow struct {
disableSchemaValidation bool
trustRegistryURL string
perfInfo *PerfInfo
trustRegistryClient trustRegistry
}

type provider interface {
Expand Down Expand Up @@ -119,6 +124,14 @@ func NewFlow(p provider, opts ...Opt) (*Flow, error) {
kmssigner.NewKMSSigner(signer, signatureType, nil),
)

var trustRegistry trustRegistry

if o.trustRegistry != nil {
trustRegistry = o.trustRegistry
} else if o.trustRegistryURL != "" {
trustRegistry = trustregistry.NewClient(p.HTTPClient(), o.trustRegistryURL)
}

return &Flow{
httpClient: p.HTTPClient(),
documentLoader: p.DocumentLoader(),
Expand All @@ -131,7 +144,7 @@ func NewFlow(p provider, opts ...Opt) (*Flow, error) {
enableLinkedDomainVerification: o.enableLinkedDomainVerification,
disableDomainMatching: o.disableDomainMatching,
disableSchemaValidation: o.disableSchemaValidation,
trustRegistryURL: o.trustRegistryURL,
trustRegistryClient: trustRegistry,
perfInfo: &PerfInfo{},
}, nil
}
Expand Down Expand Up @@ -177,10 +190,10 @@ func (f *Flow) Run(ctx context.Context) error {
return fmt.Errorf("query wallet: %w", err)
}

if f.trustRegistryURL != "" {
if f.trustRegistryClient != nil {
slog.Info("validate verifier", "url", f.trustRegistryURL)

if err = trustregistry.NewClient(f.httpClient, f.trustRegistryURL).
if err = f.trustRegistryClient.
ValidateVerifier(
requestObject.ClientID,
"",
Expand Down Expand Up @@ -703,6 +716,7 @@ type options struct {
disableDomainMatching bool
disableSchemaValidation bool
trustRegistryURL string
trustRegistry trustRegistry
}

type Opt func(opts *options)
Expand Down Expand Up @@ -742,3 +756,9 @@ func WithTrustRegistryURL(url string) Opt {
opts.trustRegistryURL = url
}
}

func WithTrustRegistry(value trustRegistry) Opt {
return func(opts *options) {
opts.trustRegistry = value
}
}

0 comments on commit 8a09d1e

Please sign in to comment.