rename

services/src/main/java/org/keycloak/protocol/oidc4vp/OIDC4VPWellKnownProvider.java

@@ -21,55 +21,44 @@
 
 public class OIDC4VPWellKnownProvider extends OIDC4VPAbstractWellKnownProvider {
 
-	public OIDC4VPWellKnownProvider(KeycloakSession keycloakSession, ObjectMapper objectMapper) {
-		super(keycloakSession, objectMapper);
-	}
+    public OIDC4VPWellKnownProvider(KeycloakSession keycloakSession, ObjectMapper objectMapper) {
+        super(keycloakSession, objectMapper);
+    }
 
-	@Override public void close() {
-		// no-op
-	}
+    @Override
+    public void close() {
+        // no-op
+    }
 
-	@Override public Object getConfig() {
-		// some wallets use the openid-config well-known to also gather the issuer metadata. In
-		// the future(when everyone uses .well-known/openid-credential-issuer), that can be removed.
-		Map<String, Object> configAsMap = objectMapper.convertValue(
-				new OIDCWellKnownProvider(keycloakSession, null, false).getConfig(),
-				Map.class);
+    @Override
+    public Object getConfig() {
+        // some wallets use the openid-config well-known to also gather the issuer metadata. In
+        // the future(when everyone uses .well-known/openid-credential-issuer), that can be removed.
+        Map<String, Object> configAsMap = objectMapper.convertValue(
+                new OIDCWellKnownProvider(keycloakSession, null, false).getConfig(),
+                Map.class);
 
-		List<String> supportedGrantTypes = Optional.ofNullable(configAsMap.get("grant_types_supported"))
-				.map(grantTypesObject -> objectMapper.convertValue(
-						grantTypesObject, new TypeReference<List<String>>() {
-						})).orElse(new ArrayList<>());
-		// newly invented by OIDC4VCI and supported by this implementation
-		supportedGrantTypes.add(GRANT_TYPE_PRE_AUTHORIZED_CODE);
-		configAsMap.put("grant_types_supported", supportedGrantTypes);
-		configAsMap.put("credential_endpoint", getCredentialsEndpoint(keycloakSession.getContext()));
+        List<String> supportedGrantTypes = Optional.ofNullable(configAsMap.get("grant_types_supported"))
+                .map(grantTypesObject -> objectMapper.convertValue(
+                        grantTypesObject, new TypeReference<List<String>>() {
+                        })).orElse(new ArrayList<>());
+        // newly invented by OIDC4VCI and supported by this implementation
+        supportedGrantTypes.add(GRANT_TYPE_PRE_AUTHORIZED_CODE);
+        configAsMap.put("grant_types_supported", supportedGrantTypes);
+        configAsMap.put("credential_endpoint", getCredentialsEndpoint(keycloakSession.getContext()));
+
+        return configAsMap;
+    }
 
-		FormatObject ldpVC = new FormatObject(new ArrayList<>());
-		FormatObject jwtVC = new FormatObject(new ArrayList<>());
-
-		getCredentialsFromModels(
-				keycloakSession.getContext().getRealm().getClientsStream().toList())
-				.forEach(supportedCredential -> {
-					if (supportedCredential.getFormat() == LDP_VC) {
-						ldpVC.getTypes().addAll(supportedCredential.getTypes());
-					} else {
-						jwtVC.getTypes().addAll(supportedCredential.getTypes());
-					}
-				});
-
-		return configAsMap;
-	}
-
-	// filter the client models for supported verifable credentials
-	private List<SupportedCredential> getCredentialsFromModels(List<ClientModel> clientModels) {
-		return List.copyOf(clientModels.stream()
-				.map(ClientModel::getAttributes)
-				.filter(Objects::nonNull)
-				.flatMap(attrs -> attrs.entrySet().stream())
-				.filter(attr -> attr.getKey().startsWith(VC_TYPES_PREFIX))
-				.flatMap(entry -> mapAttributeEntryToSc(entry).stream())
-				.collect(Collectors.toSet()));
-	}
+    // filter the client models for supported verifable credentials
+    private List<SupportedCredential> getCredentialsFromModels(List<ClientModel> clientModels) {
+        return List.copyOf(clientModels.stream()
+                .map(ClientModel::getAttributes)
+                .filter(Objects::nonNull)
+                .flatMap(attrs -> attrs.entrySet().stream())
+                .filter(attr -> attr.getKey().startsWith(VC_TYPES_PREFIX))
+                .flatMap(entry -> mapAttributeEntryToSc(entry).stream())
+                .collect(Collectors.toSet()));
+    }
 
 }

services/src/main/java/org/keycloak/protocol/oidc4vp/model/sdjwt/ArrayDigest.java → services/src/main/java/org/keycloak/protocol/oidc4vp/model/sd_jwt_vc/ArrayDigest.java

@@ -1,4 +1,4 @@
-package org.keycloak.protocol.oidc4vp.model.sdjwt;
+package org.keycloak.protocol.oidc4vp.model.sd_jwt_vc;
 
 import com.fasterxml.jackson.annotation.JsonProperty;
 

services/src/main/java/org/keycloak/protocol/oidc4vp/model/sdjwt/ArrayDisclosureClaim.java → services/src/main/java/org/keycloak/protocol/oidc4vp/model/sd_jwt_vc/ArrayDisclosureClaim.java

@@ -1,6 +1,4 @@
-package org.keycloak.protocol.oidc4vp.model.sdjwt;
-
-import com.fasterxml.jackson.databind.annotation.JsonSerialize;
+package org.keycloak.protocol.oidc4vp.model.sd_jwt_vc;
 
 import java.util.ArrayList;
 import java.util.List;

services/src/main/java/org/keycloak/protocol/oidc4vp/model/sdjwt/ArrayElement.java → services/src/main/java/org/keycloak/protocol/oidc4vp/model/sd_jwt_vc/ArrayElement.java

@@ -1,6 +1,4 @@
-package org.keycloak.protocol.oidc4vp.model.sdjwt;
-
-import java.util.Map;
+package org.keycloak.protocol.oidc4vp.model.sd_jwt_vc;
 
 public class ArrayElement {
 

services/src/main/java/org/keycloak/protocol/oidc4vp/model/sdjwt/DisclosureClaim.java → services/src/main/java/org/keycloak/protocol/oidc4vp/model/sd_jwt_vc/DisclosureClaim.java

@@ -1,6 +1,4 @@
-package org.keycloak.protocol.oidc4vp.model.sdjwt;
-
-import com.fasterxml.jackson.databind.annotation.JsonSerialize;
+package org.keycloak.protocol.oidc4vp.model.sd_jwt_vc;
 
 public class DisclosureClaim {
 

services/src/main/java/org/keycloak/protocol/oidc4vp/model/sdjwt/SdClaim.java → services/src/main/java/org/keycloak/protocol/oidc4vp/model/sd_jwt_vc/SdClaim.java

@@ -1,10 +1,4 @@
-package org.keycloak.protocol.oidc4vp.model.sdjwt;
-
-import org.keycloak.common.util.Base64;
-import org.keycloak.protocol.oidc4vp.signing.SigningServiceException;
-
-import java.io.IOException;
-import java.security.SecureRandom;
+package org.keycloak.protocol.oidc4vp.model.sd_jwt_vc;
 
 import static org.keycloak.protocol.oidc4vp.signing.SdJwtSigningService.generateSalt;
 

services/src/main/java/org/keycloak/protocol/oidc4vp/model/sdjwt/SdCredential.java → services/src/main/java/org/keycloak/protocol/oidc4vp/model/sd_jwt_vc/SdCredential.java

@@ -1,4 +1,4 @@
-package org.keycloak.protocol.oidc4vp.model.sdjwt;
+package org.keycloak.protocol.oidc4vp.model.sd_jwt_vc;
 
 import com.fasterxml.jackson.annotation.JsonIgnore;
 

services/src/main/java/org/keycloak/protocol/oidc4vp/signing/JwtSigningService.java

@@ -9,7 +9,7 @@
 import org.keycloak.crypto.*;
 import org.keycloak.jose.jws.JWSBuilder;
 import org.keycloak.protocol.oidc4vp.model.VerifiableCredential;
-import org.keycloak.protocol.oidc4vp.signing.signatures.EdDSASignatureSignerContext;
+import org.keycloak.protocol.oidc4vp.signing.jwt_vc.EdDSASignatureSignerContext;
 import org.keycloak.representations.JsonWebToken;
 
 import java.io.IOException;
@@ -20,13 +20,12 @@
 import java.security.spec.PKCS8EncodedKeySpec;
 import java.security.spec.X509EncodedKeySpec;
 import java.time.Clock;
-import java.time.temporal.ChronoUnit;
 import java.util.ArrayList;
 import java.util.List;
 import java.util.Optional;
 import java.util.UUID;
 
-import static org.keycloak.protocol.oidc4vp.signing.signatures.EdDSASignatureSignerContext.ED_25519;
+import static org.keycloak.protocol.oidc4vp.signing.jwt_vc.EdDSASignatureSignerContext.ED_25519;
 
 public class JwtSigningService extends SigningService<String> {
 

services/src/main/java/org/keycloak/protocol/oidc4vp/signing/LDSigningService.java

@@ -6,9 +6,9 @@
 import org.keycloak.common.util.Base64;
 import org.keycloak.protocol.oidc4vp.model.vcdm.LdProof;
 import org.keycloak.protocol.oidc4vp.model.VerifiableCredential;
-import org.keycloak.protocol.oidc4vp.signing.signatures.Ed255192018Suite;
-import org.keycloak.protocol.oidc4vp.signing.signatures.RsaSignature2018Suite;
-import org.keycloak.protocol.oidc4vp.signing.signatures.SecuritySuite;
+import org.keycloak.protocol.oidc4vp.signing.vcdm.Ed255192018Suite;
+import org.keycloak.protocol.oidc4vp.signing.vcdm.RsaSignature2018Suite;
+import org.keycloak.protocol.oidc4vp.signing.vcdm.SecuritySuite;
 
 import java.io.IOException;
 import java.time.Clock;

services/src/main/java/org/keycloak/protocol/oidc4vp/signing/SdJwtSigningService.java

@@ -7,10 +7,9 @@
 import org.keycloak.crypto.JavaAlgorithmHashProvider;
 import org.keycloak.protocol.oidc4vp.model.CredentialSubject;
 import org.keycloak.protocol.oidc4vp.model.VerifiableCredential;
-import org.keycloak.protocol.oidc4vp.model.sdjwt.*;
+import org.keycloak.protocol.oidc4vp.model.sd_jwt_vc.*;
 import org.keycloak.representations.JsonWebToken;
 
-import java.io.IOException;
 import java.nio.charset.StandardCharsets;
 import java.security.SecureRandom;
 import java.time.Clock;

services/src/main/java/org/keycloak/protocol/oidc4vp/signing/signatures/EdDSASignatureSignerContext.java → services/src/main/java/org/keycloak/protocol/oidc4vp/signing/jwt_vc/EdDSASignatureSignerContext.java

@@ -1,11 +1,9 @@
-package org.keycloak.protocol.oidc4vp.signing.signatures;
+package org.keycloak.protocol.oidc4vp.signing.jwt_vc;
 
-import org.bouncycastle.jcajce.interfaces.EdDSAPrivateKey;
 import org.keycloak.crypto.KeyWrapper;
 import org.keycloak.crypto.SignatureException;
 import org.keycloak.crypto.SignatureSignerContext;
 
-import java.security.NoSuchAlgorithmException;
 import java.security.PrivateKey;
 import java.security.Signature;
 

services/src/main/java/org/keycloak/protocol/oidc4vp/signing/signatures/Ed255192018Suite.java → services/src/main/java/org/keycloak/protocol/oidc4vp/signing/vcdm/Ed255192018Suite.java

@@ -1,4 +1,4 @@
-package org.keycloak.protocol.oidc4vp.signing.signatures;
+package org.keycloak.protocol.oidc4vp.signing.vcdm;
 
 import com.apicatalog.jsonld.JsonLd;
 import com.apicatalog.jsonld.JsonLdError;

services/src/main/java/org/keycloak/protocol/oidc4vp/signing/LDSignatureType.java → services/src/main/java/org/keycloak/protocol/oidc4vp/signing/vcdm/LDSignatureType.java

@@ -1,4 +1,4 @@
-package org.keycloak.protocol.oidc4vp.signing;
+package org.keycloak.protocol.oidc4vp.signing.vcdm;
 
 public enum LDSignatureType {
 

services/src/main/java/org/keycloak/protocol/oidc4vp/signing/signatures/RsaSignature2018Suite.java → services/src/main/java/org/keycloak/protocol/oidc4vp/signing/vcdm/RsaSignature2018Suite.java

@@ -1,20 +1,6 @@
-package org.keycloak.protocol.oidc4vp.signing.signatures;
+package org.keycloak.protocol.oidc4vp.signing.vcdm;
 
-import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
-import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
-import org.bouncycastle.openssl.PEMKeyPair;
-import org.bouncycastle.openssl.PEMParser;
 import org.keycloak.protocol.oidc4vp.model.VerifiableCredential;
-import org.keycloak.protocol.oidc4vp.signing.SigningServiceException;
-
-import java.io.IOException;
-import java.io.StringReader;
-import java.security.*;
-import java.security.spec.InvalidKeySpecException;
-import java.security.spec.PKCS8EncodedKeySpec;
-import java.security.spec.X509EncodedKeySpec;
-import java.util.ArrayList;
-import java.util.List;
 
 public class RsaSignature2018Suite implements SecuritySuite {
 

services/src/main/java/org/keycloak/protocol/oidc4vp/signing/vcdm/SecuritySuite.java

@@ -0,0 +1,15 @@
+package org.keycloak.protocol.oidc4vp.signing.vcdm;
+
+import org.keycloak.protocol.oidc4vp.model.VerifiableCredential;
+
+public interface SecuritySuite {
+
+    byte[] transform(VerifiableCredential verifiableCredential);
+
+    byte[] digest(byte[] transformedData);
+
+    byte[] sign(byte[] hashData, String key);
+
+    String getProofType();
+
+}

services/src/test/java/org/keycloak/protocol/oidc4vp/signing/LDSigningServiceTest.java

@@ -1,20 +1,17 @@
 package org.keycloak.protocol.oidc4vp.signing;
 
 import com.fasterxml.jackson.databind.ObjectMapper;
-import com.fasterxml.jackson.databind.SerializationFeature;
-import com.fasterxml.jackson.databind.util.StdDateFormat;
 import org.bouncycastle.crypto.generators.Ed25519KeyPairGenerator;
 import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
 import org.bouncycastle.crypto.params.Ed25519KeyGenerationParameters;
 import org.bouncycastle.crypto.signers.Ed25519Signer;
 import org.bouncycastle.crypto.util.PrivateKeyInfoFactory;
 import org.bouncycastle.openssl.jcajce.JcaPEMWriter;
-import org.junit.jupiter.api.BeforeAll;
 import org.junit.jupiter.api.Test;
 import org.keycloak.common.util.Base64;
 import org.keycloak.protocol.oidc4vp.model.VerifiableCredential;
-import org.keycloak.protocol.oidc4vp.signing.signatures.Ed255192018Suite;
-import org.keycloak.protocol.oidc4vp.signing.signatures.SecuritySuite;
+import org.keycloak.protocol.oidc4vp.signing.vcdm.Ed255192018Suite;
+import org.keycloak.protocol.oidc4vp.signing.vcdm.SecuritySuite;
 
 import java.io.IOException;
 import java.io.StringWriter;