issuance: Propogate WalletApplicationCapabilities. (#713)

At issuance time, we need to know whether StrongBox is available on the device. Test: ./gradlew check Test: ./gradlew connectedCheck Signed-off-by: David Zeuthen <[email protected]>
openwallet-foundation-labs · Aug 21, 2024 · 377b753 · 377b753
1 parent 73677cd
commit 377b753
Show file tree

Hide file tree

Showing 3 changed files with 36 additions and 1 deletion.
diff --git a/...y-issuance/src/main/java/com/android/identity/issuance/hardcoded/IssuingAuthorityState.kt b/...y-issuance/src/main/java/com/android/identity/issuance/hardcoded/IssuingAuthorityState.kt
@@ -42,6 +42,7 @@ import com.android.identity.issuance.MdocDocumentConfiguration
 import com.android.identity.issuance.RegistrationResponse
 import com.android.identity.issuance.IssuingAuthorityNotification
 import com.android.identity.issuance.SdJwtVcDocumentConfiguration
+import com.android.identity.issuance.WalletApplicationCapabilities
 import com.android.identity.issuance.WalletServerSettings
 import com.android.identity.issuance.common.AbstractIssuingAuthorityState
 import com.android.identity.issuance.common.cache
@@ -50,6 +51,7 @@ import com.android.identity.issuance.evidence.EvidenceResponseGermanEidResolved
 import com.android.identity.issuance.evidence.EvidenceResponseIcaoNfcTunnelResult
 import com.android.identity.issuance.evidence.EvidenceResponseIcaoPassiveAuthentication
 import com.android.identity.issuance.evidence.EvidenceResponseQuestionMultipleChoice
+import com.android.identity.issuance.fromCbor
 import com.android.identity.issuance.proofing.defaultCredentialConfiguration
 import com.android.identity.mdoc.mso.MobileSecurityObjectGenerator
 import com.android.identity.mdoc.mso.StaticAuthDataGenerator
@@ -60,6 +62,7 @@ import com.android.identity.sdjwt.Issuer
 import com.android.identity.sdjwt.SdJwtVcGenerator
 import com.android.identity.sdjwt.util.JsonWebKey
 import com.android.identity.util.Logger
+import kotlinx.coroutines.runBlocking
 import kotlinx.datetime.Clock
 import kotlinx.datetime.DateTimeUnit
 import kotlinx.datetime.Instant
@@ -223,7 +226,7 @@ class IssuingAuthorityState(
         issuerDocument.collectedEvidence.clear()
         // TODO: propagate developer mode
         val settings = WalletServerSettings(env.getInterface(Configuration::class)!!)
-        return ProofingState(documentId, authorityId, settings.developerMode)
+        return ProofingState(clientId, documentId, authorityId, settings.developerMode)
     }
 
     @FlowJoin
@@ -252,8 +255,20 @@ class IssuingAuthorityState(
         val issuerDocument = loadIssuerDocument(env, documentId)
         check(issuerDocument.state == DocumentCondition.READY)
 
+        val storage = env.getInterface(Storage::class)!!
+        val walletApplicationCapabilities = runBlocking {
+            storage.get(
+                "WalletApplicationCapabilities",
+                "",
+                clientId
+            )?.let {
+                WalletApplicationCapabilities.fromCbor(it.toByteArray())
+            } ?: throw IllegalStateException("WalletApplicationCapabilities not found")
+        }
+
         val credentialConfiguration = defaultCredentialConfiguration(
             documentId,
+            walletApplicationCapabilities,
             issuerDocument.collectedEvidence
         )
         return RequestCredentialsState(

diff --git a/identity-issuance/src/main/java/com/android/identity/issuance/hardcoded/ProofingState.kt b/identity-issuance/src/main/java/com/android/identity/issuance/hardcoded/ProofingState.kt
@@ -5,7 +5,9 @@ import com.android.identity.flow.annotation.FlowMethod
 import com.android.identity.flow.annotation.FlowState
 import com.android.identity.flow.server.Configuration
 import com.android.identity.flow.server.FlowEnvironment
+import com.android.identity.flow.server.Storage
 import com.android.identity.issuance.ProofingFlow
+import com.android.identity.issuance.WalletApplicationCapabilities
 import com.android.identity.issuance.WalletServerSettings
 import com.android.identity.issuance.common.cache
 import com.android.identity.issuance.evidence.EvidenceRequest
@@ -15,13 +17,15 @@ import com.android.identity.issuance.evidence.EvidenceResponseGermanEidResolved
 import com.android.identity.issuance.evidence.EvidenceResponseIcaoNfcTunnel
 import com.android.identity.issuance.evidence.EvidenceResponseIcaoNfcTunnelResult
 import com.android.identity.issuance.evidence.EvidenceResponseQuestionString
+import com.android.identity.issuance.fromCbor
 import com.android.identity.issuance.proofing.ProofingGraph
 import com.android.identity.issuance.proofing.defaultGraph
 import com.android.identity.issuance.tunnel.inProcessMrtdNfcTunnelFactory
 import com.android.identity.mrtd.MrtdAccessDataCan
 import io.ktor.client.HttpClient
 import io.ktor.client.request.get
 import io.ktor.client.statement.readBytes
+import kotlinx.coroutines.runBlocking
 import java.net.URLEncoder
 
 /**
@@ -30,6 +34,7 @@ import java.net.URLEncoder
 @FlowState(flowInterface = ProofingFlow::class)
 @CborSerializable
 class ProofingState(
+    val clientId: String,
     val documentId: String = "",
     val issuingAuthorityId: String = "",
     val developerModeEnabled: Boolean = false,
@@ -124,12 +129,24 @@ class ProofingState(
     }
 
     private fun getGraph(env: FlowEnvironment): ProofingGraph {
+        val storage = env.getInterface(Storage::class)!!
+        val walletApplicationCapabilities = runBlocking {
+            storage.get(
+                "WalletApplicationCapabilities",
+                "",
+                clientId
+            )?.let {
+                WalletApplicationCapabilities.fromCbor(it.toByteArray())
+            } ?: throw IllegalStateException("WalletApplicationCapabilities not found")
+        }
+
         val key = GraphKey(issuingAuthorityId, documentId, developerModeEnabled)
         return env.cache(ProofingGraph::class, key) { configuration, resources ->
             val cloudSecureAreaUrl = WalletServerSettings(configuration).cloudSecureAreaUrl
             defaultGraph(
                 documentId,
                 resources,
+                walletApplicationCapabilities,
                 developerModeEnabled,
                 cloudSecureAreaUrl,
                 resources.getStringResource("$issuingAuthorityId/tos.html")!!,

diff --git a/identity-issuance/src/main/java/com/android/identity/issuance/proofing/defaultGraph.kt b/identity-issuance/src/main/java/com/android/identity/issuance/proofing/defaultGraph.kt
@@ -5,6 +5,7 @@ import com.android.identity.cbor.CborMap
 import com.android.identity.crypto.EcCurve
 import com.android.identity.flow.server.Resources
 import com.android.identity.issuance.CredentialConfiguration
+import com.android.identity.issuance.WalletApplicationCapabilities
 import com.android.identity.issuance.evidence.EvidenceResponse
 import com.android.identity.issuance.evidence.EvidenceResponseCreatePassphrase
 import com.android.identity.issuance.evidence.EvidenceResponseQuestionMultipleChoice
@@ -18,6 +19,7 @@ import java.net.URLEncoder
 fun defaultGraph(
     documentId: String,
     resources: Resources,
+    walletApplicationCapabilities: WalletApplicationCapabilities,
     developerModeEnabled: Boolean,
     cloudSecureAreaUrl: String,
     tosText: String,
@@ -229,6 +231,7 @@ fun defaultGraph(
 
 fun defaultCredentialConfiguration(
     documentId: String,
+    walletApplicationCapabilities: WalletApplicationCapabilities,
     collectedEvidence: Map<String, EvidenceResponse>
 ): CredentialConfiguration {
     val challenge = byteArrayOf(1, 2, 3)