1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
|
// Copyright 2024 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef CONTENT_BROWSER_WEBID_SD_JWT_H_
#define CONTENT_BROWSER_WEBID_SD_JWT_H_
#include <optional>
#include <vector>
#include "base/base64url.h"
#include "base/functional/callback.h"
#include "base/memory/raw_ref.h"
#include "base/time/time.h"
#include "base/types/strong_alias.h"
#include "base/values.h"
#include "content/common/content_export.h"
/**
This a SD-JWT library for holders.
It has the necessary data structures and algorithms for:
- Key material preparation
- Parsing
- Selective disclosure
- Key binding
Jwks represent a public or private key as described in RFC7517.
This specific implementation focus on elliptic curves at the
moment, but could be extended to support other key types.
A public/private key generator can use a Jwk as an output and
later serialize it to JSON:
Jwk key = GenerateKeyPair();
auto json = key.Serialize();
The serialized json can be passed to a issuer to bind it to
a JWT.
Jwts represent a JSON Web Token as described in RFC7519.
This specific implementation focus on specific fields that are
useful for SD-JWT presentation, such as cnf, _sd, _sd_alg and
sd_hash.
Because JSON parsing isn't reversible with serialization
(i.e. JSON.serialize(JSON.parse("{foo: true}")) == "{foo:true}"),
when Jwts are parsed from their encoding, the original JSON
encoding of the header and the payload are kept, so that they
can (a) be interpreted but also (b) be reverted back to the Jwt's
original value. Reverting back to the original value is
important because they are signed and need to be verified.
So, a Jwt gets parsed into a JSON header and JSON payload,
which represent a string containing JSON, and a Base64
signature, which represents a string containing a base64url
encoded blob.
Jwt jwt = Jwt::From(Jwt::Parse(encoding))
You can get the encoded Jwt back by calling Jwt.Serialize().
To interpret the contents of the Jwt header and payload,
you can use a JSON parser to open them.
Header header = Header::From(
*base::JSONReader::ReadDict(jwt.header))
Payload payload = Payload::From(
*base::JSONReader::ReadDict(jwt.payload))
Accordingly, an SdJwt represents an SD-JWT in a similar way.
An SdJwt gets parsed into the issued Jwt as well as into the list
of selective disclosures. Like a Jwt, the selective disclosures
are represented as JSON so that they can be serialized back to
their original values.
SdJwt sd_jwt = SdJwt::From(SdJwt::Parse(encoding))
An SdJwt can be used to select which disclosures to disclose:
auto selection = SdJwt::Disclose(disclosures, {"name", "email"})
From the disclosures, the SdJwt, a desired audience and a nonce,
we can finally create a SD-JWT+KB:
auto sd_jwt_kb = SdJwtKb::Create(...);
Finally, the holder can use sd_jwt_kb.Serialize() as a SD-JWT+KB
presentation.
*/
namespace content::sdjwt {
// An Elliptic Curve Jwk representation.
// https://datatracker.ietf.org/doc/html/rfc7517#section-3
// Could be extended in the future to cover other Jwk key types.
struct CONTENT_EXPORT Jwk {
std::string kty;
std::string crv;
std::string x;
std::string y;
std::string d;
Jwk();
~Jwk();
Jwk(const Jwk& other);
static std::optional<Jwk> From(const base::Value::Dict& json);
std::optional<std::string> Serialize() const;
};
// A string that can be parsed as application/json.
using JSONString = base::StrongAlias<class JSONStringTag, std::string>;
// A string that is base64url encoded.
using Base64String = base::StrongAlias<class Base64StringTag, std::string>;
// https://datatracker.ietf.org/doc/html/rfc7519#section-5
struct CONTENT_EXPORT Header {
// https://datatracker.ietf.org/doc/html/rfc7519#section-5.1
std::string typ;
std::string alg;
Header();
~Header();
Header(const Header& other);
static std::optional<Header> From(const base::Value::Dict& json);
std::optional<JSONString> ToJson() const;
std::optional<Base64String> Serialize() const;
};
// This struct holds the JWK in the "cnf" [1] parameter in the
// JWT that the issuer signs that bindings it to the Holder's
// public key [2, 3].
//
// [1] https://datatracker.ietf.org/doc/html/rfc7800#section-3.1
// [2]
// https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-13.html#name-optional-key-binding
// [3]
// https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-13.html#key_binding
struct CONTENT_EXPORT ConfirmationKey {
Jwk jwk;
ConfirmationKey();
~ConfirmationKey();
ConfirmationKey(const ConfirmationKey& other);
};
// https://datatracker.ietf.org/doc/html/rfc7519#section-4
struct CONTENT_EXPORT Payload {
// https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.1
std::string iss;
// https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.3
std::string aud;
// https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.2
std::string sub;
// // https://datatracker.ietf.org/doc/html/rfc7800#section-3.1
std::optional<ConfirmationKey> cnf;
// https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.6
std::optional<base::Time> iat;
// https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.4
std::optional<base::Time> exp;
std::string nonce;
// https://datatracker.ietf.org/doc/html/draft-ietf-oauth-sd-jwt-vc-04#section-3.2.2.1.1
std::string vct;
// Used in the Issued JWT
std::vector<Base64String> _sd;
std::string _sd_alg;
// Used in the Key Binding JWT
Base64String sd_hash;
Payload();
~Payload();
Payload(const Payload& other);
static std::optional<Payload> From(const base::Value::Dict& json);
std::optional<JSONString> ToJson() const;
std::optional<Base64String> Serialize() const;
};
/**
* A Signer takes a string and returns a binary signature.
* It is introduced so that tests can be written without an actual
* implementation of the crytographic signing algorithm.
*/
typedef base::OnceCallback<std::optional<std::vector<uint8_t>>(
const std::string_view&)>
Signer;
// https://datatracker.ietf.org/doc/html/rfc7519
struct CONTENT_EXPORT Jwt {
JSONString header;
JSONString payload;
Base64String signature;
Jwt();
~Jwt();
Jwt(const Jwt& other);
bool Sign(Signer signer);
static std::optional<Jwt> From(const base::Value::List& json);
static std::optional<base::Value::List> Parse(const std::string_view& jwt);
JSONString Serialize() const;
};
/**
* A Hasher takes a string and computes a SHA256 hash of the string.
* It is introduced so that this library can be tested without an
* actual implementation of hashing.
*/
typedef base::RepeatingCallback<std::vector<std::uint8_t>(std::string_view)>
Hasher;
/**
* Disclosure represents an SD-JWT disclosure.
* https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-13.html#name-disclosures
*
* You can parse from JSON to interpret it with:
*
* auto disclosure = Disclosure::From(
* base::JSONReader::Read(json)->GetList());
*
* CreateSalt() and Digest() are exposed so that tests
* can create disclosures as issuers.
*/
struct CONTENT_EXPORT Disclosure {
Base64String salt;
std::string name;
std::string value;
Disclosure();
~Disclosure();
Disclosure(const Disclosure& other);
static std::optional<Disclosure> From(const base::Value::List& list);
// Creates a random value with the following requirements:
// https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-13.html#name-entropy-of-the-salt
static Base64String CreateSalt();
Base64String Serialize() const;
std::optional<JSONString> ToJson() const;
std::optional<Base64String> Digest(Hasher hasher) const;
};
// https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-13.html
struct CONTENT_EXPORT SdJwt {
Jwt jwt;
std::vector<JSONString> disclosures;
SdJwt();
~SdJwt();
SdJwt(const SdJwt& other);
static std::optional<SdJwt> From(const base::Value::List& json);
static std::optional<base::Value::List> Parse(const std::string_view& sdjwt);
static std::optional<std::vector<JSONString>> Disclose(
const std::vector<std::pair<std::string, JSONString>>& disclosures,
const std::vector<std::string>& selector);
std::string Serialize() const;
};
// https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-13.html#name-sd-jwt-and-sd-jwtkb-data-fo
struct CONTENT_EXPORT SdJwtKb {
SdJwt sd_jwt;
Jwt kb_jwt;
SdJwtKb();
~SdJwtKb();
SdJwtKb(const SdJwtKb& other);
static std::optional<SdJwtKb> Parse(const std::string_view& sdjwtkb);
static std::optional<SdJwtKb> Create(const SdJwt& presentation,
const std::string& aud,
const std::string& nonce,
const base::Time& iat,
Hasher hasher,
Signer signer);
std::string Serialize() const;
};
} // namespace content::sdjwt
#endif // CONTENT_BROWSER_WEBID_SD_JWT_H_
|
