Skip to content

Commit

Permalink
Merge pull request #122 from niscy-eudiw/SecureArea
Browse files Browse the repository at this point in the history
Refactoring for SecureArea functionality
  • Loading branch information
phisakel authored Nov 28, 2024
2 parents 7fae108 + dd1406b commit 7dd9b27
Show file tree
Hide file tree
Showing 21 changed files with 331 additions and 227 deletions.
2 changes: 0 additions & 2 deletions .devcontainer/devcontainer.json
Original file line number Diff line number Diff line change
Expand Up @@ -5,8 +5,6 @@
"ghcr.io/devcontainers/features/common-utils:2": {
"installZsh": "false",
"username": "vscode",
"userUid": "1000",
"userGid": "1000",
"upgradePackages": "false"
},
"ghcr.io/devcontainers/features/git:1": {
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/swift.yml
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ jobs:
steps:
- uses: maxim-lobanov/setup-xcode@v1
with:
xcode-version: '16.0'
xcode-version: '16.1'
- name: Get swift version
run: swift --version
- uses: actions/checkout@v4
Expand Down
34 changes: 17 additions & 17 deletions Package.resolved
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
{
"originHash" : "d38f85b065a32877c668f73f6814a437fd82f13d6bf2d947c60a917106f9ce7b",
"originHash" : "3c60eb55cb4a02f67cb382900b7e167b7d424741343da03faed156ca08377032",
"pins" : [
{
"identity" : "blueecc",
Expand All @@ -24,35 +24,35 @@
"kind" : "remoteSourceControl",
"location" : "https://github.com/eu-digital-identity-wallet/eudi-lib-ios-iso18013-data-model.git",
"state" : {
"revision" : "c1b4383d6fc3387a8ed4c79177548624c4e34e3a",
"version" : "0.3.3"
"revision" : "29f30a92427733db0c7b9cea9616607a1df24284",
"version" : "0.4.0"
}
},
{
"identity" : "eudi-lib-ios-iso18013-data-transfer",
"kind" : "remoteSourceControl",
"location" : "https://github.com/eu-digital-identity-wallet/eudi-lib-ios-iso18013-data-transfer.git",
"state" : {
"revision" : "25a71bea1d4bddd7faf8490f39dbf52ef902b671",
"version" : "0.3.8"
"revision" : "b774365cae01babdc2807d602e53ac2ddb7c6958",
"version" : "0.4.0"
}
},
{
"identity" : "eudi-lib-ios-iso18013-security",
"kind" : "remoteSourceControl",
"location" : "https://github.com/eu-digital-identity-wallet/eudi-lib-ios-iso18013-security.git",
"state" : {
"revision" : "13d65a1010ee9e6219f8bccbab6eb32f67405d86",
"version" : "0.2.6"
"revision" : "6d335f19cb5bdb590bf2f5557c4d91dda146555b",
"version" : "0.3.0"
}
},
{
"identity" : "eudi-lib-ios-openid4vci-swift",
"kind" : "remoteSourceControl",
"location" : "https://github.com/eu-digital-identity-wallet/eudi-lib-ios-openid4vci-swift.git",
"state" : {
"revision" : "5483f37046bcd5607af5b817cea3147257b3f3c6",
"version" : "0.7.0"
"revision" : "18f4906739cebedf63cbf57002d313dc5ab8e087",
"version" : "0.8.0"
}
},
{
Expand All @@ -69,17 +69,17 @@
"kind" : "remoteSourceControl",
"location" : "https://github.com/eu-digital-identity-wallet/eudi-lib-ios-siop-openid4vp-swift.git",
"state" : {
"revision" : "f103311dd3bd975b12919d4c3c1e099b6cb40330",
"version" : "0.6.0"
"revision" : "1049277d9b5818416b313f58a5eaf139de9881b3",
"version" : "0.6.1"
}
},
{
"identity" : "eudi-lib-ios-wallet-storage",
"kind" : "remoteSourceControl",
"location" : "https://github.com/eu-digital-identity-wallet/eudi-lib-ios-wallet-storage.git",
"state" : {
"revision" : "9fe492a8648877cd3bc39baed50a1b85d4a50273",
"version" : "0.3.0"
"revision" : "32079a4b2425886a864efaaf2beeee234cb53efc",
"version" : "0.4.0"
}
},
{
Expand Down Expand Up @@ -177,17 +177,17 @@
"kind" : "remoteSourceControl",
"location" : "https://github.com/apple/swift-crypto.git",
"state" : {
"revision" : "06dc63c6d8da54ee11ceb268cde1fa68161afc96",
"version" : "3.9.1"
"revision" : "ff0f781cf7c6a22d52957e50b104f5768b50c779",
"version" : "3.10.0"
}
},
{
"identity" : "swift-log",
"kind" : "remoteSourceControl",
"location" : "https://github.com/apple/swift-log.git",
"state" : {
"revision" : "9cb486020ebf03bfa5b5df985387a14a98744537",
"version" : "1.6.1"
"revision" : "96a2f8a0fa41e9e09af4585e2724c4e825410b91",
"version" : "1.6.2"
}
},
{
Expand Down
8 changes: 4 additions & 4 deletions Package.swift
Original file line number Diff line number Diff line change
Expand Up @@ -15,10 +15,10 @@ let package = Package(
dependencies: [
.package(url: "https://github.com/apple/swift-log.git", from: "1.5.3"),
.package(url: "https://github.com/crspybits/swift-log-file", from: "0.1.0"),
.package(url: "https://github.com/eu-digital-identity-wallet/eudi-lib-ios-iso18013-data-transfer.git", exact: "0.3.8"),
.package(url: "https://github.com/eu-digital-identity-wallet/eudi-lib-ios-wallet-storage.git", exact: "0.3.0"),
.package(url: "https://github.com/eu-digital-identity-wallet/eudi-lib-ios-siop-openid4vp-swift.git", exact: "0.6.0"),
.package(url: "https://github.com/eu-digital-identity-wallet/eudi-lib-ios-openid4vci-swift.git", exact: "0.7.0"),
.package(url: "https://github.com/eu-digital-identity-wallet/eudi-lib-ios-iso18013-data-transfer.git", exact: "0.4.0"),
.package(url: "https://github.com/eu-digital-identity-wallet/eudi-lib-ios-wallet-storage.git", exact: "0.4.0"),
.package(url: "https://github.com/eu-digital-identity-wallet/eudi-lib-ios-siop-openid4vp-swift.git", exact: "0.6.1"),
.package(url: "https://github.com/eu-digital-identity-wallet/eudi-lib-ios-openid4vci-swift.git", exact: "0.8.0"),
],
targets: [
// Targets are the basic building blocks of a package, defining a module or a test suite.
Expand Down
36 changes: 12 additions & 24 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -100,17 +100,11 @@ Detailed documentation is provided in the DocC documentation [here](https://eu-d
## Initialization
The [EudiWallet](https://eu-digital-identity-wallet.github.io/eudi-lib-ios-wallet-kit/documentation/eudiwalletkit/eudiwallet) class provides a unified API for the two user attestation presentation flows. It is initialized with a document storage manager instance. For SwiftUI apps, the wallet instance can be added as an ``environmentObject`` to be accessible from all views. A KeyChain implementation of document storage is available.

The wallet developer can customize cryptographic key operations by passing `SecureArea` instances to the wallet, otherwise the wallet-kit creates 'SecureEnclave' (default) and 'Software' secure areas. The wallet developer can specify key create options per doc-type such as curve type, secure area name, and key unlock policy.

```swift
let wallet = EudiWallet.standard
wallet.userAuthenticationRequired = true
wallet.trustedReaderCertificates = [...] // array of der certificate data
wallet.openId4VpVerifierApiUri = "https:// ... verifier api uri ..."
wallet.verifierApiUri = configLogic.verifierConfig.apiUri
wallet.verifierLegalName = configLogic.verifierConfig.legalName
wallet.openID4VciIssuerUrl = configLogic.vciConfig.issuerUrl
wallet.openID4VciClientId = configLogic.vciConfig.clientId
wallet.openID4VciRedirectUri = configLogic.vciConfig.redirectUri
wallet.loadAllDocuments()
let wallet = try! EudiWallet(serviceName: "my_wallet_app",
trustedReaderCertificates: [Data(name: "eudi_pid_issuer_ut", ext: "der")!] )
```


Expand Down Expand Up @@ -182,22 +176,15 @@ If ``userAuthenticationRequired`` is true, user authentication is required. The
After issuing a document, the document data and corresponding private key are stored in the wallet storage.

### Issue document by docType
When the document docType to be issued use the `issueDocument(docType:format:)` method.

__Important Notes__:
When the document docType to be issued use the `issueDocument(docType:format:keyOptions:)` method.

- Currently, only mso_mdoc format is supported
- Currently, only ES256 algorithm is supported for signing OpenId4CVI proof of possession of the
publicKey.
* Currently, only mso_mdoc format is supported

The following example shows how to issue an EUDI Personal ID document using OpenID4VCI:

```swift
wallet.openID4VciIssuerUrl = "https://eudi.netcompany-intrasoft.com/pid-issuer"
wallet.openID4VciClientId = "wallet-dev"
wallet.openID4VciRedirectUri = "eudi-openid4ci://authorize/"
do {
let doc = try await userWallet.issueDocument(docType: EuPidModel.euPidDocType, format: .cbor)
let doc = try await userWallet.issueDocument(docType: EuPidModel.euPidDocType, format: .cbor, keyOptions: KeyOptions(secureAreaName: "SecureEnclave", accessControl: [.requireUserPresence])])
// document has been added to wallet storage, you can display it
}
catch {
Expand All @@ -218,11 +205,12 @@ The following example shows how to resolve a credential offer:
}
```

After user acceptance of the offer, the selected documents can be issued using the `issueDocumentsByOfferUrl(offerUri:docTypes:txCodeValue:format:)` method.
After user acceptance of the offer, the selected documents can be issued using the `issueDocumentsByOfferUrl(offerUri:docTypes:docTypeKeyOptions:txCodeValue:format:)` method.
The `txCodeValue` parameter is not used in the case of the authorization code flow.
The following example shows how to issue documents by offer URL:
```swift
let documents = try await walletController.issueDocumentsByOfferUrl(offerUri: uri, docTypes: docOffers, format: .cbor, txCodeValue: txCodeValue )
let documents = try await walletController.issueDocumentsByOfferUrl(offerUri: uri, docTypes: docOffers,
docTypeKeyOptions: [EuPidModel.euPidDocType : KeyOptions(secureAreaName: "SecureEnclave", accessControl: [.requireUserPresence])], format: .cbor, txCodeValue: txCodeValue )
```

### Authorization code flow
Expand All @@ -241,13 +229,13 @@ information. Specifically, the `txCodeSpec` field in the `OfferedIssuanceModel`

From the user's perspective, the application must provide a way to input the transaction code.

After user acceptance of the offer, the selected documents can be issued using the `issueDocumentsByOfferUrl(offerUri:docTypes:txCodeValue:format:)` method.
After user acceptance of the offer, the selected documents can be issued using the `issueDocumentsByOfferUrl(offerUri:docTypes:docTypeKeyOptions:txCodeValue:format:)` method.
When the transaction code is provided, the issuance process can be resumed by calling the above-mentioned method and passing the transaction code in the `txCodeValue` parameter.

### Dynamic issuance
Wallet kit supports the Dynamic [PID based issuance](https://github.com/eu-digital-identity-wallet/eudi-wallet-product-roadmap/issues/82)

After calling `issueDocument(docType:format:)` or `issueDocumentsByOfferUrl(offerUri:docTypes:txCodeValue:format:)` the wallet application need to check if the doc is pending and has a `authorizePresentationUrl` property. If the property is present, the application should perform the OpenID4VP presentation using the presentation URL. On success, the `resumePendingIssuance(pendingDoc:, webUrl:)` method should be called with the authorization URL provided by the server.
After calling `issueDocument(docType:format:keyOptions: KeyOptions:)` or `issueDocumentsByOfferUrl(offerUri:docTypes:docTypeKeyOptions:txCodeValue:format:)` the wallet application need to check if the doc is pending and has a `authorizePresentationUrl` property. If the property is present, the application should perform the OpenID4VP presentation using the presentation URL. On success, the `resumePendingIssuance(pendingDoc:, webUrl:)` method should be called with the authorization URL provided by the server.
```swift
if let urlString = newDocs.last?.authorizePresentationUrl {
// perform openid4vp presentation using the urlString
Expand Down
Loading

0 comments on commit 7dd9b27

Please sign in to comment.