Deferred response encryption (#226)

Co-authored-by: Vafeiadis Nikos <[email protected]>

src/main/kotlin/eu/europa/ec/eudi/openid4vci/Issuance.kt

@@ -605,6 +605,9 @@ sealed class CredentialIssuanceError(message: String) : Throwable(message) {
         }
     }
 
+    /**
+     * Batch credential request syntax is incorrect. Encryption information included in individual requests while shouldn't
+     */
     data object BatchRequestHasEncryptionSpecInIndividualRequests : CredentialIssuanceError(
         "BatchRequestContainsEncryptionOnIndividualRequest",
     ) {
@@ -621,6 +624,9 @@ sealed class CredentialIssuanceError(message: String) : Throwable(message) {
         "Encrypted response content-type expected to be $expectedContentType but instead was $invalidContentType",
     )
 
+    /**
+     * Batch response is not syntactically as expected.
+     */
     data class InvalidBatchIssuanceResponse(
         val error: String,
     ) : CredentialIssuanceError("Invalid batch issuance response: $error")

src/main/kotlin/eu/europa/ec/eudi/openid4vci/internal/http/IssuanceRequestJsonMapper.kt

@@ -20,10 +20,6 @@ import com.nimbusds.jwt.JWTClaimsSet
 import eu.europa.ec.eudi.openid4vci.*
 import eu.europa.ec.eudi.openid4vci.CredentialIssuanceError.*
 import eu.europa.ec.eudi.openid4vci.internal.*
-import eu.europa.ec.eudi.openid4vci.internal.CredentialIssuanceRequest
-import eu.europa.ec.eudi.openid4vci.internal.CredentialType
-import eu.europa.ec.eudi.openid4vci.internal.Proof
-import eu.europa.ec.eudi.openid4vci.internal.ensure
 import kotlinx.serialization.SerialName
 import kotlinx.serialization.Serializable
 import kotlinx.serialization.json.*
@@ -270,18 +266,13 @@ private fun issuedCredentialOf(
 @Serializable
 internal data class DeferredRequestTO(
     @SerialName("transaction_id") val transactionId: String,
-    @SerialName("credential_response_encryption") val credentialResponseEncryptionSpec: CredentialResponseEncryptionSpecTO? = null,
 ) {
     companion object {
         fun from(
             deferredCredential: IssuedCredential.Deferred,
-            responseEncryptionSpec: IssuanceResponseEncryptionSpec?,
         ): DeferredRequestTO {
             val transactionId = deferredCredential.transactionId.value
-            val credentialResponseEncryptionSpecTO = responseEncryptionSpec?.run {
-                CredentialResponseEncryptionSpecTO.from(this)
-            }
-            return DeferredRequestTO(transactionId, credentialResponseEncryptionSpecTO)
+            return DeferredRequestTO(transactionId)
         }
     }
 }

src/main/kotlin/eu/europa/ec/eudi/openid4vci/internal/http/IssuanceServerClient.kt

@@ -105,6 +105,9 @@ internal class IssuanceServerClient(
      *
      * @param accessToken Access token authorizing the request
      * @param deferredCredential The identifier of the Deferred Issuance transaction
+     * @param responseEncryptionSpec The response encryption information as specified when placing the issuance request. If initial request
+     *      had specified response encryption then the issuer response is expected to be encrypted by the encryption details of the initial
+     *      issuance request.
      * @return response from issuer. Can be either positive if a credential is issued or error in case issuance is still pending
      */
     suspend fun placeDeferredCredentialRequest(
@@ -118,12 +121,12 @@ internal class IssuanceServerClient(
             val response = client.post(url) {
                 bearerOrDPoPAuth(dPoPJwtFactory, url, Htm.POST, accessToken)
                 contentType(ContentType.Application.Json)
-                setBody(DeferredRequestTO.from(deferredCredential, responseEncryptionSpec))
+                setBody(DeferredRequestTO.from(deferredCredential))
             }
             if (response.status.isSuccess()) {
                 responsePossiblyEncrypted<DeferredIssuanceSuccessResponseTO, DeferredCredentialQueryOutcome.Issued>(
                     response,
-                    null, // Replace with responseEncryptionSpec value as soon VCI spec decide on this
+                    responseEncryptionSpec,
                     fromTransferObject = { it.toDomain() },
                     transferObjectFromJwtClaims = { DeferredIssuanceSuccessResponseTO.from(it) },
                 )