wip

EUDI.md

@@ -9,7 +9,7 @@ EUDI Architecture
 * eIDAS Node -- State Certificate Authority
 * EUID Wallet -- iOS/Android Application
 * EUDI Provider -- OpenID for Verifiable Credentials (OpenID4VC)
-* Personal Identification Data Provider (PP) -- Diia State Enterprise (PID) mDOC
+* Personal Identification Data Provider (PP) -- Diia State Enterprise (PID) MSO mDOC
 * Attestation Providers (AT) -- Qualified and Non-Qualified Electronic Attestation (QEAA) of Attributes Schema Providers
 * Qualifiied Electronic Signature Provider (QP) -- Qualified Certificates (QC)
 * EUDI Verifier -- Verifiable Presentations

priv/kep/DSTU.asn1 → priv/cms/DSTU.asn1

@@ -11,7 +11,7 @@ Certificate ::= SEQUENCE {
 Certificates ::= SEQUENCE OF Certificate
 
 TBSCertificate ::= SEQUENCE {
- version [0] Version,
+ version [0] Version DEFAULT v3,
  serialNumber CertificateSerialNumber,
  signature AlgorithmIdentifier,
  issuer Name,
@@ -23,7 +23,7 @@ TBSCertificate ::= SEQUENCE {
  extensions [3] EXPLICIT Extensions }
 
 UniqueIdentifier  ::=  BIT STRING
-Version ::= INTEGER {v3 (2)}
+Version ::= INTEGER { v1(0), v2(1), v3(2) }
 CertificateSerialNumber ::= INTEGER
 Name ::= CHOICE { rdnSequence RDNSequence }
 RDNSequence::= SEQUENCE OF RelativeDistinguishedName
@@ -40,7 +40,7 @@ Extension ::= SEQUENCE {
  extnvalue OCTET STRING }
 
 AttributeType ::= OBJECT IDENTIFIER
-AttributeValue ::= ANY -- DEFINED BY AttributeType
+AttributeValue ::= ANY --DEFINED BY AttributeType
 DirectoryString ::= CHOICE {
  printableString PrintableString,
  utf8String UTF8String,
@@ -60,6 +60,13 @@ SubjectPublicKeyInfo ::= SEQUENCE {
  algorithm AlgorithmIdentifier,
  subjectPublicKey BIT STRING }
 
+AlgorithmIdentifier ::= SEQUENCE {
+ algorithm OBJECT IDENTIFIER,
+ parameters ANY }
+-- DEFINED BY algorithm OPTIONAL
+
+OctetString ::= OCTET STRING
+
 DSTU4145Params::= SEQUENCE {
  definition CHOICE { ecbinary ECBinary, namedCurve OBJECT IDENTIFIER },
  dke OCTET STRING OPTIONAL }

priv/eudi/booking_registration_mdoc.json

@@ -0,0 +1,185 @@
+{
+"org.iso.18013.5.1.reservation_mdoc": {
+    "format": "mso_mdoc",
+    "doctype": "org.iso.18013.5.1.reservation",
+    "scope": "org.iso.18013.5.1.reservation",
+    "policy": {
+        "batch_size": 50,
+        "one_time_use": true
+    },
+    "cryptographic_binding_methods_supported": [
+      "jwk", "cose_key"
+    ],
+    "credential_alg_values_supported": [
+        -7
+      ],
+    "credential_crv_values_supported": [
+      1
+    ],
+    "credential_signing_alg_values_supported": [
+      "ES256"
+    ],
+    "proof_types_supported": {
+      "jwt": {
+        "proof_signing_alg_values_supported": [
+          "ES256"
+        ]
+      },
+      "cwt": {
+        "proof_signing_alg_values_supported": [
+          "ES256"
+        ],
+        "proof_alg_values_supported": [
+          -7
+        ],
+        "proof_crv_values_supported": [
+          1
+        ]
+      }
+    },
+    "display": [
+      {
+        "name": "Reservation",
+        "locale": "en",
+        "logo": {
+          "url": "https://examplestate.com/public/pid.png",
+          "alt_text": "A square figure of a PID"
+        }
+      }
+    ],
+    "claims": {
+      "org.iso.18013.5.reservation.1": {
+        "booking_service_name": {
+          "mandatory": true,
+          "value_type":"string",
+          "source":"user",
+          "display": [
+            {
+              "name": "The booking service providing the booking reservation.",
+              "locale": "en"            }
+          ]
+        },
+        "reservation_id": {
+          "mandatory": true,
+          "value_type":"string",
+          "source":"user",
+          "display": [
+            {
+              "name": "The identifier of the booking reservation from the booking service.",
+              "locale": "en"            }
+          ]
+        },
+        "reservation_date": {
+          "mandatory": true,
+          "value_type":"full-date",
+          "source":"user",
+          "display": [
+            {
+              "name": "Date of the reservation.",
+              "locale": "en"            }
+          ]
+        },
+        "service_provider_name": {
+          "mandatory": true,
+          "value_type":"string",
+          "source":"user",
+          "display": [
+            {
+              "name": "The name of the service provider (e.g. Hotel) the reservation refers to ",
+              "locale": "en"            }
+          ]
+        },
+        "location": {
+          "mandatory": true,
+          "value_type":"string",
+          "source":"user",
+          "display": [
+            {
+              "name": "The location or place the reservation refers to (e.g. city, service provider place, etc.)",
+              "locale": "en"            }
+          ]
+        },
+        "check_in_date": {
+          "mandatory": true,
+          "value_type":"full-date",
+          "source":"user",
+          "display": [
+            {
+              "name": "The check-in date for the reservation.",
+              "locale": "en"            }
+          ]
+        },
+        "check_out_date": {
+          "mandatory": true,
+          "value_type":"full-date",
+          "source":"user",
+          "display": [
+            {
+              "name": "The check-out date for the reservation.",
+              "locale": "en"            }
+          ]
+        },
+        "guests": {
+          "mandatory": true,
+          "value_type":"string",
+          "source":"user",
+          "display": [
+            {
+              "name": "The guest of the reservation (num of adults, num of children, etc).",
+              "locale": "en"            }
+          ]
+        },
+        "car_rental": {
+          "mandatory": true,
+          "value_type":"bool",
+          "source":"user",
+          "display": [
+            {
+              "name": "Indicates inclusion of car rental in the reservation.",
+              "locale": "en"            }
+          ]
+        },
+        "num_of_rooms": {
+          "mandatory": true,
+          "value_type":"string",
+          "source":"user",
+          "display": [
+            {
+              "name": "The number of rooms the reservation refers to.",
+              "locale": "en"            }
+          ]
+        },
+        "family_name": {
+          "mandatory": true,
+          "value_type":"string",
+          "source":"user",
+          "display": [
+            {
+              "name": "Current last name(s) or surname(s) of the holder. ",
+              "locale": "en"            }
+          ]
+        },
+        "given_name": {
+          "mandatory": true,
+          "value_type":"string",
+          "source":"user",
+          "display": [
+            {
+              "name": "Current first name(s), including middle name(s), of the holder. ",
+              "locale": "en"            }
+          ]
+        },
+        "birth_date": {
+          "mandatory": true,
+          "value_type":"full-date",
+          "source":"user",
+          "display": [
+            {
+              "name": "Day, month, and year on which the holder was born.",
+              "locale": "en"            }
+          ]
+        }
+      }
+    }
+  }
+}

priv/eudi/config/metadata_config.json

@@ -0,0 +1,11 @@
+{
+  "credential_issuer": "http://127.0.0.1:5000",
+  "credential_endpoint": "http://127.0.0.1:5000/credential",
+  "batch_credential_endpoint": "http://127.0.0.1:5000/batch_credential",
+  "notification_endpoint": "http://127.0.0.1:5000/notification",
+  "deferred_credential_endpoint": "http://127.0.0.1:5000/deferred_credential",
+  "credential_configurations_supported": {
+
+
+  }
+}

priv/eudi/config/openid-configuration.json

@@ -0,0 +1,90 @@
+{
+    "version": "3.0",
+    "token_endpoint_auth_methods_supported": [
+        "public"
+    ],
+    "claims_parameter_supported": true,
+    "request_parameter_supported": true,
+    "request_uri_parameter_supported": true,
+    "require_request_uri_registration": false,
+    "grant_types_supported": [
+        "authorization_code",
+        "implicit",
+        "urn:ietf:params:oauth:grant-type:jwt-bearer",
+        "refresh_token"
+    ],
+    "jwks_uri": "http://127.0.0.1:5000/priv/eudi/static/jwks.json",
+    "scopes_supported": [
+        "openid"
+    ],
+    "response_types_supported": [
+        "code"
+    ],
+    "response_modes_supported": [
+        "query",
+        "fragment",
+        "form_post"
+    ],
+    "subject_types_supported": [
+        "public",
+        "pairwise"
+    ],
+    "id_token_signing_alg_values_supported": [
+        "RS256",
+        "RS384",
+        "RS512",
+        "ES256",
+        "ES384",
+        "ES512",
+        "PS256",
+        "PS384",
+        "PS512",
+        "HS256",
+        "HS384",
+        "HS512"
+    ],
+    "userinfo_signing_alg_values_supported": [
+        "RS256",
+        "RS384",
+        "RS512",
+        "ES256",
+        "ES384",
+        "ES512",
+        "PS256",
+        "PS384",
+        "PS512",
+        "HS256",
+        "HS384",
+        "HS512"
+    ],
+    "request_object_signing_alg_values_supported": [
+        "RS256",
+        "RS384",
+        "RS512",
+        "ES256",
+        "ES384",
+        "ES512",
+        "HS256",
+        "HS384",
+        "HS512",
+        "PS256",
+        "PS384",
+        "PS512"
+    ],
+    "frontchannel_logout_supported": true,
+    "frontchannel_logout_session_required": true,
+    "backchannel_logout_supported": true,
+    "backchannel_logout_session_required": true,
+    "code_challenge_methods_supported": [
+        "S256"
+    ],
+    "issuer": "http://127.0.0.1:5000",
+    "registration_endpoint": "http://127.0.0.1:5000/registration",
+    "introspection_endpoint": "http://127.0.0.1:5000/introspection",
+    "authorization_endpoint": "http://127.0.0.1:5000/authorizationV3",
+    "token_endpoint": "http://127.0.0.1:5000/token",
+    "userinfo_endpoint": "http://127.0.0.1:5000/userinfo",
+    "end_session_endpoint": "http://127.0.0.1:5000/session",
+    "pushed_authorization_request_endpoint": "http://127.0.0.1:5000/pushed_authorizationv2",
+    "credential_endpoint": "http://127.0.0.1:5000/credential"
+}