trustbloc · fqutishat · Mar 26, 2024 · Mar 26, 2024
diff --git a/api/spec/openapi.gen.go b/api/spec/openapi.gen.go
diff --git a/docs/v1/openapi.yaml b/docs/v1/openapi.yaml
@@ -1470,9 +1470,9 @@ components:
  description: ID of the credential template.
  nullable: true
  override_issuer:
-  type: boolean
-  description: Override issuer.
-  nullable: true
+ type: boolean
+ description: Override issuer.
+ nullable: true
  override_subject_did:
  type: boolean
  description: Override credential subject did.
@@ -2097,21 +2097,21 @@ components:
  description: A JSON string identifying the scope value that this Credential Issuer supports for this particular credential.
  cryptographic_binding_methods_supported:
  type: array
+ description: Array of case sensitive strings that identify how the Credential is bound to the identifier of the End-User who possesses the Credential.
  items:
  type: string
- description: Array of case sensitive strings that identify how the Credential is bound to the identifier of the End-User who possesses the Credential.
- cryptographic_suites_supported:
+ credential_signing_alg_values_supported:
  type: array
+ description: Array of case sensitive strings that identify the algorithms that the Issuer uses to sign the issued Credential.
  items:
  type: string
- description: Array of case sensitive strings that identify the cryptographic suites that are supported for the cryptographic_binding_methods_supported.
  credential_definition:
  $ref: ./common.yaml#/components/schemas/CredentialDefinition
  order:
  type: array
+ description: Array of the claim name values that lists them in the order they should be displayed by the Wallet.
  items:
  type: string
- description: Array of the claim name values that lists them in the order they should be displayed by the Wallet.
  doctype:
  type: string
  description: 'For mso_mdoc vc only. String identifying the Credential type, as defined in [ISO.18013-5].'
@@ -2121,18 +2121,32 @@ components:
  claims:
  type: object
  description: 'For mso_mdoc and vc+sd-jwt vc only. Object containing a list of name/value pairs, where each name identifies a claim about the subject offered in the Credential. The value can be another such object (nested data structures), or an array of such objects.'
- proof_types:
- type: array
- items:
-  type: string
- description: 'A JSON array of case sensitive strings, each representing proof_type that the Credential Issuer supports. If omitted, the default value is jwt.'
+ proof_types_supported:
+ description: 'Object that describes specifics of the key proof(s) that the Credential Issuer supports.'
+ type: object
+ additionalProperties:
+  $ref: '#/components/schemas/ProofTypeSupported'
  display:
  type: array
  description: 'An array of objects, where each object contains the display properties of the supported credential for a certain language.'
  items:
  $ref: '#/components/schemas/CredentialDisplay'
  required:
  - format
+ ProofTypeSupported:
+ title: ProofTypeSupported
+ x-tags:
+ - issuer
+ type: object
+ description: Object that contains metadata about the proof type that the Credential Issuer supports.
+ properties:
+ proof_signing_alg_values_supported:
+ type: array
+ description: Array of case sensitive strings that identify the algorithms that the Issuer supports for this proof type.
+ items:
+ type: string
+ required:
+ - proof_signing_alg_values_supported
  InitiateIssuanceCredentialConfiguration:
  title: InitiateIssuanceCredentialConfiguration object definition.
  x-tags:

diff --git a/pkg/kms/aws/service_mocks.go b/pkg/kms/aws/service_mocks.go
diff --git a/pkg/kms/mocks/kms_mocks.go b/pkg/kms/mocks/kms_mocks.go
diff --git a/pkg/restapi/v1/issuer/openapi.gen.go b/pkg/restapi/v1/issuer/openapi.gen.go
diff --git a/pkg/service/wellknown/provider/wellknown_service.go b/pkg/service/wellknown/provider/wellknown_service.go
@@ -229,26 +229,34 @@ func (s *Service) buildCredentialConfigurationsSupported(
  }
 
  for credentialConfigurationID, credentialSupported := range credentialConfSupported {
- var cryptographicBindingMethodsSupported, cryptographicSuitesSupported []string
+ var cryptographicBindingMethodsSupported, signingAlgValuesSupported []string
 
  if issuerProfile.VCConfig != nil {
  cryptographicBindingMethodsSupported = []string{string(issuerProfile.VCConfig.DIDMethod)}
- cryptographicSuitesSupported = []string{string(issuerProfile.VCConfig.KeyType)}
+ signingAlgValuesSupported = []string{string(issuerProfile.VCConfig.KeyType)}
  }
 
  display := s.buildCredentialConfigurationsSupportedDisplay(credentialSupported.Display)
  credentialDefinition := s.buildCredentialDefinition(credentialSupported.CredentialDefinition)
 
+ proofTypeSupported := &issuer.CredentialConfigurationsSupported_ProofTypesSupported{
+ AdditionalProperties: map[string]issuer.ProofTypeSupported{
+ "jwt": {
+ ProofSigningAlgValuesSupported: []string{string(issuerProfile.VCConfig.KeyType)},
+ },
+ },
+ }
+
  credentialsConfigurationSupported.Set(credentialConfigurationID, issuer.CredentialConfigurationsSupported{
  Claims: lo.ToPtr(credentialSupported.Claims),
  CredentialDefinition: credentialDefinition,
  CryptographicBindingMethodsSupported: lo.ToPtr(cryptographicBindingMethodsSupported),
- CryptographicSuitesSupported:  lo.ToPtr(cryptographicSuitesSupported),
+ CredentialSigningAlgValuesSupported: lo.ToPtr(signingAlgValuesSupported),
  Display: lo.ToPtr(display),
  Doctype: lo.ToPtr(credentialSupported.Doctype),
  Format: string(credentialSupported.Format),
  Order: lo.ToPtr(credentialSupported.Order),
- ProofTypes:  lo.ToPtr([]string{"jwt"}),
+ ProofTypesSupported: proofTypeSupported,
  Scope: lo.ToPtr(credentialSupported.Scope),
  Vct: lo.ToPtr(credentialSupported.Vct),
  })

diff --git a/pkg/service/wellknown/provider/wellknown_service_test.go b/pkg/service/wellknown/provider/wellknown_service_test.go
@@ -227,7 +227,7 @@ func checkWellKnownOpenIDIssuerConfiguration(
  assert.Equal(t, []string{"https://example.com/context/1"}, lo.FromPtr(definition.Context))
 
  assert.Equal(t, []string{"orb"}, lo.FromPtr(credentialConfigurationSupported.CryptographicBindingMethodsSupported))
- assert.Equal(t, []string{"ECDSASecp256k1DER"}, lo.FromPtr(credentialConfigurationSupported.CryptographicSuitesSupported))
+ assert.Equal(t, []string{"ECDSASecp256k1DER"}, lo.FromPtr(credentialConfigurationSupported.CredentialSigningAlgValuesSupported))
 
  credentialConfigurationSupportedDisplay := lo.FromPtr(credentialConfigurationSupported.Display)
  assert.Equal(t, 1, len(credentialConfigurationSupportedDisplay))
@@ -244,7 +244,16 @@ func checkWellKnownOpenIDIssuerConfiguration(
  assert.Equal(t, "doctype1", lo.FromPtr(credentialConfigurationSupported.Doctype))
  assert.Equal(t, "ldp_vc", credentialConfigurationSupported.Format)
  assert.Equal(t, []string{"claimName1", "claimName2", "claimName3"}, lo.FromPtr(credentialConfigurationSupported.Order))
- assert.Equal(t, []string{"jwt"}, lo.FromPtr(credentialConfigurationSupported.ProofTypes))
+
+ expectedProofTypeSupported := issuer.CredentialConfigurationsSupported_ProofTypesSupported{
+ AdditionalProperties: map[string]issuer.ProofTypeSupported{
+ "jwt": {
+ ProofSigningAlgValuesSupported: []string{"ECDSASecp256k1DER"},
+ },
+ },
+ }
+
+ assert.Equal(t, expectedProofTypeSupported, lo.FromPtr(credentialConfigurationSupported.ProofTypesSupported))
  assert.Equal(t, "VerifiedEmployeeCredential", lo.FromPtr(credentialConfigurationSupported.Scope))
  assert.Equal(t, "vct1", lo.FromPtr(credentialConfigurationSupported.Vct))
  }