@pagopa/io-react-native-wallet 0.10.2 → 0.11.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/commonjs/credential/issuance/06-obtain-credential.js +19 -5
- package/lib/commonjs/credential/issuance/06-obtain-credential.js.map +1 -1
- package/lib/commonjs/credential/issuance/07-verify-and-parse-credential.js +13 -7
- package/lib/commonjs/credential/issuance/07-verify-and-parse-credential.js.map +1 -1
- package/lib/commonjs/credential/issuance/const.js +1 -1
- package/lib/commonjs/credential/issuance/const.js.map +1 -1
- package/lib/module/credential/issuance/06-obtain-credential.js +19 -5
- package/lib/module/credential/issuance/06-obtain-credential.js.map +1 -1
- package/lib/module/credential/issuance/07-verify-and-parse-credential.js +13 -7
- package/lib/module/credential/issuance/07-verify-and-parse-credential.js.map +1 -1
- package/lib/module/credential/issuance/const.js +1 -1
- package/lib/module/credential/issuance/const.js.map +1 -1
- package/lib/typescript/credential/issuance/06-obtain-credential.d.ts +3 -1
- package/lib/typescript/credential/issuance/06-obtain-credential.d.ts.map +1 -1
- package/lib/typescript/credential/issuance/07-verify-and-parse-credential.d.ts.map +1 -1
- package/lib/typescript/credential/issuance/const.d.ts +1 -1
- package/lib/typescript/credential/issuance/const.d.ts.map +1 -1
- package/package.json +3 -3
- package/src/credential/issuance/06-obtain-credential.ts +34 -4
- package/src/credential/issuance/07-verify-and-parse-credential.ts +59 -36
- package/src/credential/issuance/const.ts +4 -1
|
@@ -27,8 +27,16 @@ const createNonceProof = async (nonce, issuer, audience, ctx) => {
|
|
|
27
27
|
exports.createNonceProof = createNonceProof;
|
|
28
28
|
const CredentialEndpointResponse = z.object({
|
|
29
29
|
credential: z.string(),
|
|
30
|
-
format: _const.SupportedCredentialFormat
|
|
30
|
+
format: _const.SupportedCredentialFormat,
|
|
31
|
+
// nonce used to perform multiple credential requests
|
|
32
|
+
// re-using the same authorization profile
|
|
33
|
+
c_nonce: z.string(),
|
|
34
|
+
c_nonce_expires_in: z.number()
|
|
31
35
|
});
|
|
36
|
+
// Checks whether in the Entity confoguration at least one credential
|
|
37
|
+
// is defined for the given type and format
|
|
38
|
+
const isCredentialAvailable = (issuerConf, credentialType, credentialFormat) => issuerConf.openid_credential_issuer.credentials_supported.some(c => c.format === credentialFormat && c.credential_definition.type.includes(credentialType));
|
|
39
|
+
|
|
32
40
|
/**
|
|
33
41
|
* Fetch a credential from the issuer
|
|
34
42
|
*
|
|
@@ -37,17 +45,21 @@ const CredentialEndpointResponse = z.object({
|
|
|
37
45
|
* @param nonce The nonce value to prevent reply attacks, obtained with the access authorization step
|
|
38
46
|
* @param clientId Identifies the current client across all the requests of the issuing flow
|
|
39
47
|
* @param credentialType The type of the credential to be requested
|
|
48
|
+
* @param credentialFormat The format of the requested credential. @see {SupportedCredentialFormat}
|
|
40
49
|
* @param context.credentialCryptoContext The context to access the key the Credential will be bound to
|
|
41
50
|
* @param context.walletProviderBaseUrl The base url of the Wallet Provider
|
|
42
51
|
* @param context.appFetch (optional) fetch api implementation. Default: built-in fetch
|
|
43
52
|
* @returns The signed credential token
|
|
44
53
|
*/
|
|
45
|
-
const obtainCredential = async (issuerConf, accessToken, nonce, clientId, credentialType, context) => {
|
|
54
|
+
const obtainCredential = async (issuerConf, accessToken, nonce, clientId, credentialType, credentialFormat, context) => {
|
|
46
55
|
const {
|
|
47
56
|
credentialCryptoContext,
|
|
48
57
|
walletProviderBaseUrl,
|
|
49
58
|
appFetch = fetch
|
|
50
59
|
} = context;
|
|
60
|
+
if (!isCredentialAvailable(issuerConf, credentialType, credentialFormat)) {
|
|
61
|
+
throw new Error(`The Issuer provides no credential for type ${credentialType} and format ${credentialFormat}`);
|
|
62
|
+
}
|
|
51
63
|
const credentialUrl = issuerConf.openid_credential_issuer.credential_endpoint;
|
|
52
64
|
|
|
53
65
|
/** DPoP token for demonstating the possession
|
|
@@ -69,7 +81,7 @@ const obtainCredential = async (issuerConf, accessToken, nonce, clientId, creden
|
|
|
69
81
|
credential_definition: JSON.stringify({
|
|
70
82
|
type: [credentialType]
|
|
71
83
|
}),
|
|
72
|
-
format:
|
|
84
|
+
format: credentialFormat,
|
|
73
85
|
proof: JSON.stringify({
|
|
74
86
|
jwt: signedNonceProof,
|
|
75
87
|
proof_type: "jwt"
|
|
@@ -77,7 +89,8 @@ const obtainCredential = async (issuerConf, accessToken, nonce, clientId, creden
|
|
|
77
89
|
});
|
|
78
90
|
const {
|
|
79
91
|
credential,
|
|
80
|
-
format
|
|
92
|
+
format,
|
|
93
|
+
c_nonce
|
|
81
94
|
} = await appFetch(credentialUrl, {
|
|
82
95
|
method: "POST",
|
|
83
96
|
headers: {
|
|
@@ -89,7 +102,8 @@ const obtainCredential = async (issuerConf, accessToken, nonce, clientId, creden
|
|
|
89
102
|
}).then((0, _misc.hasStatus)(200)).then(res => res.json()).then(CredentialEndpointResponse.parse);
|
|
90
103
|
return {
|
|
91
104
|
credential,
|
|
92
|
-
format
|
|
105
|
+
format,
|
|
106
|
+
nonce: c_nonce
|
|
93
107
|
};
|
|
94
108
|
};
|
|
95
109
|
exports.obtainCredential = obtainCredential;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["z","_interopRequireWildcard","require","_reactNativeUuid","_interopRequireDefault","_ioReactNativeJwt","_dpop","_misc","_const","obj","__esModule","default","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set","createNonceProof","nonce","issuer","audience","ctx","SignJWT","setPayload","jwk","getPublicKey","setProtectedHeader","type","setAudience","setIssuer","setIssuedAt","setExpirationTime","sign","exports","CredentialEndpointResponse","object","credential","string","format","SupportedCredentialFormat","
|
|
1
|
+
{"version":3,"names":["z","_interopRequireWildcard","require","_reactNativeUuid","_interopRequireDefault","_ioReactNativeJwt","_dpop","_misc","_const","obj","__esModule","default","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set","createNonceProof","nonce","issuer","audience","ctx","SignJWT","setPayload","jwk","getPublicKey","setProtectedHeader","type","setAudience","setIssuer","setIssuedAt","setExpirationTime","sign","exports","CredentialEndpointResponse","object","credential","string","format","SupportedCredentialFormat","c_nonce","c_nonce_expires_in","number","isCredentialAvailable","issuerConf","credentialType","credentialFormat","openid_credential_issuer","credentials_supported","some","c","credential_definition","includes","obtainCredential","accessToken","clientId","context","credentialCryptoContext","walletProviderBaseUrl","appFetch","fetch","Error","credentialUrl","credential_endpoint","signedDPopForPid","createDPopToken","htm","htu","jti","uuid","v4","signedNonceProof","formBody","URLSearchParams","JSON","stringify","proof","jwt","proof_type","method","headers","DPoP","Authorization","body","toString","then","hasStatus","res","json","parse"],"sourceRoot":"../../../../src","sources":["credential/issuance/06-obtain-credential.ts"],"mappings":";;;;;;AAAA,IAAAA,CAAA,GAAAC,uBAAA,CAAAC,OAAA;AACA,IAAAC,gBAAA,GAAAC,sBAAA,CAAAF,OAAA;AACA,IAAAG,iBAAA,GAAAH,OAAA;AACA,IAAAI,KAAA,GAAAJ,OAAA;AAGA,IAAAK,KAAA,GAAAL,OAAA;AAGA,IAAAM,MAAA,GAAAN,OAAA;AAAoD,SAAAE,uBAAAK,GAAA,WAAAA,GAAA,IAAAA,GAAA,CAAAC,UAAA,GAAAD,GAAA,KAAAE,OAAA,EAAAF,GAAA;AAAA,SAAAG,yBAAAC,WAAA,eAAAC,OAAA,kCAAAC,iBAAA,OAAAD,OAAA,QAAAE,gBAAA,OAAAF,OAAA,YAAAF,wBAAA,YAAAA,CAAAC,WAAA,WAAAA,WAAA,GAAAG,gBAAA,GAAAD,iBAAA,KAAAF,WAAA;AAAA,SAAAZ,wBAAAQ,GAAA,EAAAI,WAAA,SAAAA,WAAA,IAAAJ,GAAA,IAAAA,GAAA,CAAAC,UAAA,WAAAD,GAAA,QAAAA,GAAA,oBAAAA,GAAA,wBAAAA,GAAA,4BAAAE,OAAA,EAAAF,GAAA,UAAAQ,KAAA,GAAAL,wBAAA,CAAAC,WAAA,OAAAI,KAAA,IAAAA,KAAA,CAAAC,GAAA,CAAAT,GAAA,YAAAQ,KAAA,CAAAE,GAAA,CAAAV,GAAA,SAAAW,MAAA,WAAAC,qBAAA,GAAAC,MAAA,CAAAC,cAAA,IAAAD,MAAA,CAAAE,wBAAA,WAAAC,GAAA,IAAAhB,GAAA,QAAAgB,GAAA,kBAAAH,MAAA,CAAAI,SAAA,CAAAC,cAAA,CAAAC,IAAA,CAAAnB,GAAA,EAAAgB,GAAA,SAAAI,IAAA,GAAAR,qBAAA,GAAAC,MAAA,CAAAE,wBAAA,CAAAf,GAAA,EAAAgB,GAAA,cAAAI,IAAA,KAAAA,IAAA,CAAAV,GAAA,IAAAU,IAAA,CAAAC,GAAA,KAAAR,MAAA,CAAAC,cAAA,CAAAH,MAAA,EAAAK,GAAA,EAAAI,IAAA,YAAAT,MAAA,CAAAK,GAAA,IAAAhB,GAAA,CAAAgB,GAAA,SAAAL,MAAA,CAAAT,OAAA,GAAAF,GAAA,MAAAQ,KAAA,IAAAA,KAAA,CAAAa,GAAA,CAAArB,GAAA,EAAAW,MAAA,YAAAA,MAAA;AAEpD;AACA;AACA;AACO,MAAMW,gBAAgB,GAAG,MAAAA,CAC9BC,KAAa,EACbC,MAAc,EACdC,QAAgB,EAChBC,GAAkB,KACE;EACpB,OAAO,IAAIC,yBAAO,CAACD,GAAG,CAAC,CACpBE,UAAU,CAAC;IACVL,KAAK;IACLM,GAAG,EAAE,MAAMH,GAAG,CAACI,YAAY,CAAC;EAC9B,CAAC,CAAC,CACDC,kBAAkB,CAAC;IAClBC,IAAI,EAAE;EACR,CAAC,CAAC,CACDC,WAAW,CAACR,QAAQ,CAAC,CACrBS,SAAS,CAACV,MAAM,CAAC,CACjBW,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBC,IAAI,CAAC,CAAC;AACX,CAAC;AAACC,OAAA,CAAAhB,gBAAA,GAAAA,gBAAA;AAEF,MAAMiB,0BAA0B,GAAGhD,CAAC,CAACiD,MAAM,CAAC;EAC1CC,UAAU,EAAElD,CAAC,CAACmD,MAAM,CAAC,CAAC;EACtBC,MAAM,EAAEC,gCAAyB;EACjC;EACA;EACAC,OAAO,EAAEtD,CAAC,CAACmD,MAAM,CAAC,CAAC;EACnBI,kBAAkB,EAAEvD,CAAC,CAACwD,MAAM,CAAC;AAC/B,CAAC,CAAC;AAoBF;AACA;AACA,MAAMC,qBAAqB,GAAGA,CAC5BC,UAAkD,EAClDC,cAAgD,EAChDC,gBAA2C,KAE3CF,UAAU,CAACG,wBAAwB,CAACC,qBAAqB,CAACC,IAAI,CAC3DC,CAAC,IACAA,CAAC,CAACZ,MAAM,KAAKQ,gBAAgB,IAC7BI,CAAC,CAACC,qBAAqB,CAACxB,IAAI,CAACyB,QAAQ,CAACP,cAAc,CACxD,CAAC;;AAEH;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMQ,gBAAkC,GAAG,MAAAA,CAChDT,UAAU,EACVU,WAAW,EACXpC,KAAK,EACLqC,QAAQ,EACRV,cAAc,EACdC,gBAAgB,EAChBU,OAAO,KACJ;EACH,MAAM;IACJC,uBAAuB;IACvBC,qBAAqB;IACrBC,QAAQ,GAAGC;EACb,CAAC,GAAGJ,OAAO;EAEX,IAAI,CAACb,qBAAqB,CAACC,UAAU,EAAEC,cAAc,EAAEC,gBAAgB,CAAC,EAAE;IACxE,MAAM,IAAIe,KAAK,CACZ,8CAA6ChB,cAAe,eAAcC,gBAAiB,EAC9F,CAAC;EACH;EAEA,MAAMgB,aAAa,GAAGlB,UAAU,CAACG,wBAAwB,CAACgB,mBAAmB;;EAE7E;AACF;AACA;EACE,MAAMC,gBAAgB,GAAG,MAAM,IAAAC,qBAAe,EAC5C;IACEC,GAAG,EAAE,MAAM;IACXC,GAAG,EAAEL,aAAa;IAClBM,GAAG,EAAG,GAAEC,wBAAI,CAACC,EAAE,CAAC,CAAE;EACpB,CAAC,EACDb,uBACF,CAAC;;EAED;AACF;AACA;EACE,MAAMc,gBAAgB,GAAG,MAAMtD,gBAAgB,CAC7CC,KAAK,EACLqC,QAAQ,EACRG,qBAAqB,EACrBD,uBACF,CAAC;;EAED;EACA,MAAMe,QAAQ,GAAG,IAAIC,eAAe,CAAC;IACnCtB,qBAAqB,EAAEuB,IAAI,CAACC,SAAS,CAAC;MACpChD,IAAI,EAAE,CAACkB,cAAc;IACvB,CAAC,CAAC;IACFP,MAAM,EAAEQ,gBAAgB;IACxB8B,KAAK,EAAEF,IAAI,CAACC,SAAS,CAAC;MACpBE,GAAG,EAAEN,gBAAgB;MACrBO,UAAU,EAAE;IACd,CAAC;EACH,CAAC,CAAC;EAEF,MAAM;IAAE1C,UAAU;IAAEE,MAAM;IAAEE;EAAQ,CAAC,GAAG,MAAMmB,QAAQ,CAACG,aAAa,EAAE;IACpEiB,MAAM,EAAE,MAAM;IACdC,OAAO,EAAE;MACP,cAAc,EAAE,mCAAmC;MACnDC,IAAI,EAAEjB,gBAAgB;MACtBkB,aAAa,EAAE5B;IACjB,CAAC;IACD6B,IAAI,EAAEX,QAAQ,CAACY,QAAQ,CAAC;EAC1B,CAAC,CAAC,CACCC,IAAI,CAAC,IAAAC,eAAS,EAAC,GAAG,CAAC,CAAC,CACpBD,IAAI,CAAEE,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBH,IAAI,CAACnD,0BAA0B,CAACuD,KAAK,CAAC;EAEzC,OAAO;IAAErD,UAAU;IAAEE,MAAM;IAAEpB,KAAK,EAAEsB;EAAQ,CAAC;AAC/C,CAAC;AAACP,OAAA,CAAAoB,gBAAA,GAAAA,gBAAA"}
|
|
@@ -20,7 +20,7 @@ const parseCredentialSdJwt = function (credentials_supported, _ref) {
|
|
|
20
20
|
let ignoreMissingAttributes = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : false;
|
|
21
21
|
// find the definition that matches the received credential's type
|
|
22
22
|
// warning: if more then a defintion is found, the first is retrieved
|
|
23
|
-
const credentialSubject = (_credentials_supporte = credentials_supported.find(c => c.credential_definition.type.includes(sdJwt.payload.type))) === null || _credentials_supporte === void 0 ? void 0 : _credentials_supporte.credential_definition.credentialSubject;
|
|
23
|
+
const credentialSubject = (_credentials_supporte = credentials_supported.find(c => c.format === "vc+sd-jwt" && c.credential_definition.type.includes(sdJwt.payload.type))) === null || _credentials_supporte === void 0 ? void 0 : _credentials_supporte.credential_definition.credentialSubject;
|
|
24
24
|
|
|
25
25
|
// the received credential matches no supported credential, throw an exception
|
|
26
26
|
if (!credentialSubject) {
|
|
@@ -55,7 +55,7 @@ const parseCredentialSdJwt = function (credentials_supported, _ref) {
|
|
|
55
55
|
|
|
56
56
|
// attributes that are defined in the issuer configuration
|
|
57
57
|
// and are present in the disclosure set
|
|
58
|
-
const definedValues = attrDefinitions
|
|
58
|
+
const definedValues = Object.fromEntries(attrDefinitions
|
|
59
59
|
// retrieve the value from the disclosure set
|
|
60
60
|
.map(_ref4 => {
|
|
61
61
|
var _disclosures$find;
|
|
@@ -85,21 +85,21 @@ const parseCredentialSdJwt = function (credentials_supported, _ref) {
|
|
|
85
85
|
};
|
|
86
86
|
}, {})
|
|
87
87
|
}];
|
|
88
|
-
});
|
|
88
|
+
}));
|
|
89
89
|
|
|
90
90
|
// attributes that are in the disclosure set
|
|
91
91
|
// but are not defined in the issuer configuration
|
|
92
|
-
const undefinedValues = disclosures.filter(_ => !Object.keys(definedValues).includes(_[1])).map(_ref7 => {
|
|
92
|
+
const undefinedValues = Object.fromEntries(disclosures.filter(_ => !Object.keys(definedValues).includes(_[1])).map(_ref7 => {
|
|
93
93
|
let [, key, value] = _ref7;
|
|
94
94
|
return [key, {
|
|
95
95
|
value,
|
|
96
96
|
mandatory: false,
|
|
97
97
|
name: key
|
|
98
98
|
}];
|
|
99
|
-
});
|
|
99
|
+
}));
|
|
100
100
|
return {
|
|
101
|
-
...
|
|
102
|
-
...
|
|
101
|
+
...definedValues,
|
|
102
|
+
...undefinedValues
|
|
103
103
|
};
|
|
104
104
|
};
|
|
105
105
|
|
|
@@ -144,6 +144,10 @@ const verifyAndParseCredentialSdJwt = async (issuerConf, credential, _, _ref8) =
|
|
|
144
144
|
parsedCredential
|
|
145
145
|
};
|
|
146
146
|
};
|
|
147
|
+
const verifyAndParseCredentialMdoc = async (_issuerConf, _credential, _, _ctx) => {
|
|
148
|
+
// TODO: [SIW-686] decode MDOC credentials
|
|
149
|
+
throw new Error("verifyAndParseCredentialMdoc not implemented yet");
|
|
150
|
+
};
|
|
147
151
|
|
|
148
152
|
/**
|
|
149
153
|
* Verify and parse an encoded credential
|
|
@@ -161,6 +165,8 @@ const verifyAndParseCredentialSdJwt = async (issuerConf, credential, _, _ref8) =
|
|
|
161
165
|
const verifyAndParseCredential = async (issuerConf, credential, format, context) => {
|
|
162
166
|
if (format === "vc+sd-jwt") {
|
|
163
167
|
return verifyAndParseCredentialSdJwt(issuerConf, credential, format, context);
|
|
168
|
+
} else if (format === "vc+mdoc-cbor") {
|
|
169
|
+
return verifyAndParseCredentialMdoc(issuerConf, credential, format, context);
|
|
164
170
|
}
|
|
165
171
|
const _ = format;
|
|
166
172
|
throw new _errors.IoWalletError(`Unsupported credential format: ${_}`);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["_errors","require","_types","_sdJwt","parseCredentialSdJwt","credentials_supported","_ref","_credentials_supporte","sdJwt","disclosures","ignoreMissingAttributes","arguments","length","undefined","credentialSubject","find","c","credential_definition","type","includes","payload","expected","flatMap","_","join","IoWalletError","attrDefinitions","Object","entries","attrsNotInDisclosures","filter","_ref2","attrKey","mandatory","some","_ref3","name","missing","map","received","definedValues","_ref4","_disclosures$find","definition","value","_ref5","display","reduce","names","_ref6","locale","undefinedValues","keys","_ref7","key","
|
|
1
|
+
{"version":3,"names":["_errors","require","_types","_sdJwt","parseCredentialSdJwt","credentials_supported","_ref","_credentials_supporte","sdJwt","disclosures","ignoreMissingAttributes","arguments","length","undefined","credentialSubject","find","c","format","credential_definition","type","includes","payload","expected","flatMap","_","join","IoWalletError","attrDefinitions","Object","entries","attrsNotInDisclosures","filter","_ref2","attrKey","mandatory","some","_ref3","name","missing","map","received","definedValues","fromEntries","_ref4","_disclosures$find","definition","value","_ref5","display","reduce","names","_ref6","locale","undefinedValues","keys","_ref7","key","verifyCredentialSdJwt","rawCredential","issuerKeys","holderBindingContext","decodedCredential","holderBindingKey","Promise","all","verifySdJwt","SdJwt4VC","getPublicKey","cnf","jwk","kid","verifyAndParseCredentialSdJwt","issuerConf","credential","_ref8","credentialCryptoContext","decoded","openid_credential_issuer","jwks","parsedCredential","verifyAndParseCredentialMdoc","_issuerConf","_credential","_ctx","Error","verifyAndParseCredential","context","exports"],"sourceRoot":"../../../../src","sources":["credential/issuance/07-verify-and-parse-credential.ts"],"mappings":";;;;;;AAGA,IAAAA,OAAA,GAAAC,OAAA;AACA,IAAAC,MAAA,GAAAD,OAAA;AACA,IAAAE,MAAA,GAAAF,OAAA;AAcA;;AAmBA;;AAKA,MAAMG,oBAAoB,GAAG,SAAAA,CAE3BC,qBAAkH,EAAAC,IAAA,EAG7F;EAAA,IAAAC,qBAAA;EAAA,IAFrB;IAAEC,KAAK;IAAEC;EAAoC,CAAC,GAAAH,IAAA;EAAA,IAC9CI,uBAAgC,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,KAAK;EAExC;EACA;EACA,MAAMG,iBAAiB,IAAAP,qBAAA,GAAGF,qBAAqB,CAACU,IAAI,CACjDC,CAAC,IACAA,CAAC,CAACC,MAAM,KAAK,WAAW,IACxBD,CAAC,CAACE,qBAAqB,CAACC,IAAI,CAACC,QAAQ,CAACZ,KAAK,CAACa,OAAO,CAACF,IAAI,CAC5D,CAAC,cAAAZ,qBAAA,uBAJyBA,qBAAA,CAIvBW,qBAAqB,CAACJ,iBAAiB;;EAE1C;EACA,IAAI,CAACA,iBAAiB,EAAE;IACtB,MAAMQ,QAAQ,GAAGjB,qBAAqB,CACnCkB,OAAO,CAAEC,CAAC,IAAKA,CAAC,CAACN,qBAAqB,CAACC,IAAI,CAAC,CAC5CM,IAAI,CAAC,IAAI,CAAC;IACb,MAAM,IAAIC,qBAAa,CACpB,gEAA+DJ,QAAS,gBAAed,KAAK,CAACa,OAAO,CAACF,IAAK,KAC7G,CAAC;EACH;;EAEA;EACA,MAAMQ,eAAe,GAAGC,MAAM,CAACC,OAAO,CAACf,iBAAiB,CAAC;;EAEzD;EACA;EACA,MAAMgB,qBAAqB,GAAGH,eAAe,CAACI,MAAM,CAClDC,KAAA;IAAA,IAAC,CAACC,OAAO,EAAE;MAAEC;IAAU,CAAC,CAAC,GAAAF,KAAA;IAAA,OACvBE,SAAS,IAAI,CAACzB,WAAW,CAAC0B,IAAI,CAACC,KAAA;MAAA,IAAC,GAAGC,IAAI,CAAC,GAAAD,KAAA;MAAA,OAAKC,IAAI,KAAKJ,OAAO;IAAA,EAAC;EAAA,CAClE,CAAC;EACD,IAAIH,qBAAqB,CAAClB,MAAM,GAAG,CAAC,EAAE;IACpC,MAAM0B,OAAO,GAAGR,qBAAqB,CAACS,GAAG,CAAEf,CAAC,IAAKA,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAACC,IAAI,CAAC,IAAI,CAAC;IAC3E,MAAMe,QAAQ,GAAG/B,WAAW,CAAC8B,GAAG,CAAEf,CAAC,IAAKA,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAACC,IAAI,CAAC,IAAI,CAAC;IACnE;IACA;IACA;IACA,IAAI,CAACf,uBAAuB,EAAE;MAC5B,MAAM,IAAIgB,qBAAa,CACpB,4DAA2DY,OAAQ,iBAAgBE,QAAS,GAC/F,CAAC;IACH;EACF;;EAEA;EACA;EACA,MAAMC,aAAa,GAAGb,MAAM,CAACc,WAAW,CACtCf;EACE;EAAA,CACCY,GAAG,CACFI,KAAA;IAAA,IAAAC,iBAAA;IAAA,IAAC,CAACX,OAAO,EAAEY,UAAU,CAAC,GAAAF,KAAA;IAAA,OACpB,CACEV,OAAO,EACP;MACE,GAAGY,UAAU;MACbC,KAAK,GAAAF,iBAAA,GAAEnC,WAAW,CAACM,IAAI,CACpBS,CAAC,IAAKA,CAAC,CAAC,CAAC,CAAC,WAAW,KAAKS,OAC7B,CAAC,cAAAW,iBAAA,uBAFMA,iBAAA,CAEH,CAAC,CAAC;IACR,CAAC,CACF;EAAA,CACL;EACA;EACA;EAAA,CACCL,GAAG,CACFQ,KAAA;IAAA,IAAC,CAACd,OAAO,EAAE;MAAEe,OAAO;MAAE,GAAGH;IAAW,CAAC,CAAC,GAAAE,KAAA;IAAA,OACpC,CACEd,OAAO,EACP;MACE,GAAGY,UAAU;MACbR,IAAI,EAAEW,OAAO,CAACC,MAAM,CAClB,CAACC,KAAK,EAAAC,KAAA;QAAA,IAAE;UAAEC,MAAM;UAAEf;QAAK,CAAC,GAAAc,KAAA;QAAA,OAAM;UAAE,GAAGD,KAAK;UAAE,CAACE,MAAM,GAAGf;QAAK,CAAC;MAAA,CAAC,EAC3D,CAAC,CACH;IACF,CAAC,CACF;EAAA,CACL,CACJ,CAAC;;EAED;EACA;EACA,MAAMgB,eAAe,GAAGzB,MAAM,CAACc,WAAW,CACxCjC,WAAW,CACRsB,MAAM,CAAEP,CAAC,IAAK,CAACI,MAAM,CAAC0B,IAAI,CAACb,aAAa,CAAC,CAACrB,QAAQ,CAACI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CACzDe,GAAG,CAACgB,KAAA;IAAA,IAAC,GAAGC,GAAG,EAAEV,KAAK,CAAC,GAAAS,KAAA;IAAA,OAAK,CAACC,GAAG,EAAE;MAAEV,KAAK;MAAEZ,SAAS,EAAE,KAAK;MAAEG,IAAI,EAAEmB;IAAI,CAAC,CAAC;EAAA,EAC1E,CAAC;EAED,OAAO;IACL,GAAGf,aAAa;IAChB,GAAGY;EACL,CAAC;AACH,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,eAAeI,qBAAqBA,CAClCC,aAAqB,EACrBC,UAAiB,EACjBC,oBAAmC,EACF;EACjC,MAAM,CAACC,iBAAiB,EAAEC,gBAAgB,CAAC;EACzC;EACA,MAAMC,OAAO,CAACC,GAAG,CAAC,CAChB,IAAAC,aAAW,EAACP,aAAa,EAAEC,UAAU,EAAEO,eAAQ,CAAC,EAChDN,oBAAoB,CAACO,YAAY,CAAC,CAAC,CACpC,CAAC;EAEJ,MAAM;IAAEC;EAAI,CAAC,GAAGP,iBAAiB,CAACrD,KAAK,CAACa,OAAO;EAE/C,IAAI,CAAC+C,GAAG,CAACC,GAAG,CAACC,GAAG,IAAIF,GAAG,CAACC,GAAG,CAACC,GAAG,KAAKR,gBAAgB,CAACQ,GAAG,EAAE;IACxD,MAAM,IAAI5C,qBAAa,CACpB,kDAAiDoC,gBAAgB,CAACQ,GAAI,UAAST,iBAAiB,CAACrD,KAAK,CAACa,OAAO,CAAC+C,GAAG,CAACC,GAAG,CAACC,GAAI,EAC9H,CAAC;EACH;EAEA,OAAOT,iBAAiB;AAC1B;;AAEA;;AAQA,MAAMU,6BAAsD,GAAG,MAAAA,CAC7DC,UAAU,EACVC,UAAU,EACVjD,CAAC,EAAAkD,KAAA,KAEE;EAAA,IADH;IAAEC,uBAAuB;IAAEjE;EAAwB,CAAC,GAAAgE,KAAA;EAEpD,MAAME,OAAO,GAAG,MAAMnB,qBAAqB,CACzCgB,UAAU,EACVD,UAAU,CAACK,wBAAwB,CAACC,IAAI,CAACxB,IAAI,EAC7CqB,uBACF,CAAC;EAED,MAAMI,gBAAgB,GAAG3E,oBAAoB,CAC3CoE,UAAU,CAACK,wBAAwB,CAACxE,qBAAqB,EACzDuE,OAAO,EACPlE,uBACF,CAAC;EAED,OAAO;IAAEqE;EAAiB,CAAC;AAC7B,CAAC;AAED,MAAMC,4BAAwD,GAAG,MAAAA,CAC/DC,WAAW,EACXC,WAAW,EACX1D,CAAC,EACD2D,IAAI,KACD;EACH;EACA,MAAM,IAAIC,KAAK,CAAC,kDAAkD,CAAC;AACrE,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMC,wBAAkD,GAAG,MAAAA,CAChEb,UAAU,EACVC,UAAU,EACVxD,MAAM,EACNqE,OAAO,KACJ;EACH,IAAIrE,MAAM,KAAK,WAAW,EAAE;IAC1B,OAAOsD,6BAA6B,CAClCC,UAAU,EACVC,UAAU,EACVxD,MAAM,EACNqE,OACF,CAAC;EACH,CAAC,MAAM,IAAIrE,MAAM,KAAK,cAAc,EAAE;IACpC,OAAO+D,4BAA4B,CACjCR,UAAU,EACVC,UAAU,EACVxD,MAAM,EACNqE,OACF,CAAC;EACH;EAEA,MAAM9D,CAAQ,GAAGP,MAAM;EACvB,MAAM,IAAIS,qBAAa,CAAE,kCAAiCF,CAAE,EAAC,CAAC;AAChE,CAAC;AAAC+D,OAAA,CAAAF,wBAAA,GAAAA,wBAAA"}
|
|
@@ -9,6 +9,6 @@ function _getRequireWildcardCache(nodeInterop) { if (typeof WeakMap !== "functio
|
|
|
9
9
|
function _interopRequireWildcard(obj, nodeInterop) { if (!nodeInterop && obj && obj.__esModule) { return obj; } if (obj === null || typeof obj !== "object" && typeof obj !== "function") { return { default: obj }; } var cache = _getRequireWildcardCache(nodeInterop); if (cache && cache.has(obj)) { return cache.get(obj); } var newObj = {}; var hasPropertyDescriptor = Object.defineProperty && Object.getOwnPropertyDescriptor; for (var key in obj) { if (key !== "default" && Object.prototype.hasOwnProperty.call(obj, key)) { var desc = hasPropertyDescriptor ? Object.getOwnPropertyDescriptor(obj, key) : null; if (desc && (desc.get || desc.set)) { Object.defineProperty(newObj, key, desc); } else { newObj[key] = obj[key]; } } } newObj.default = obj; if (cache) { cache.set(obj, newObj); } return newObj; }
|
|
10
10
|
const ASSERTION_TYPE = "urn:ietf:params:oauth:client-assertion-type:jwt-client-attestation";
|
|
11
11
|
exports.ASSERTION_TYPE = ASSERTION_TYPE;
|
|
12
|
-
const SupportedCredentialFormat = z.literal("vc+sd-jwt");
|
|
12
|
+
const SupportedCredentialFormat = z.union([z.literal("vc+sd-jwt"), z.literal("vc+mdoc-cbor")]);
|
|
13
13
|
exports.SupportedCredentialFormat = SupportedCredentialFormat;
|
|
14
14
|
//# sourceMappingURL=const.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["z","_interopRequireWildcard","require","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set","ASSERTION_TYPE","exports","SupportedCredentialFormat","literal"],"sourceRoot":"../../../../src","sources":["credential/issuance/const.ts"],"mappings":";;;;;;AAAA,IAAAA,CAAA,GAAAC,uBAAA,CAAAC,OAAA;AAAyB,SAAAC,yBAAAC,WAAA,eAAAC,OAAA,kCAAAC,iBAAA,OAAAD,OAAA,QAAAE,gBAAA,OAAAF,OAAA,YAAAF,wBAAA,YAAAA,CAAAC,WAAA,WAAAA,WAAA,GAAAG,gBAAA,GAAAD,iBAAA,KAAAF,WAAA;AAAA,SAAAH,wBAAAO,GAAA,EAAAJ,WAAA,SAAAA,WAAA,IAAAI,GAAA,IAAAA,GAAA,CAAAC,UAAA,WAAAD,GAAA,QAAAA,GAAA,oBAAAA,GAAA,wBAAAA,GAAA,4BAAAE,OAAA,EAAAF,GAAA,UAAAG,KAAA,GAAAR,wBAAA,CAAAC,WAAA,OAAAO,KAAA,IAAAA,KAAA,CAAAC,GAAA,CAAAJ,GAAA,YAAAG,KAAA,CAAAE,GAAA,CAAAL,GAAA,SAAAM,MAAA,WAAAC,qBAAA,GAAAC,MAAA,CAAAC,cAAA,IAAAD,MAAA,CAAAE,wBAAA,WAAAC,GAAA,IAAAX,GAAA,QAAAW,GAAA,kBAAAH,MAAA,CAAAI,SAAA,CAAAC,cAAA,CAAAC,IAAA,CAAAd,GAAA,EAAAW,GAAA,SAAAI,IAAA,GAAAR,qBAAA,GAAAC,MAAA,CAAAE,wBAAA,CAAAV,GAAA,EAAAW,GAAA,cAAAI,IAAA,KAAAA,IAAA,CAAAV,GAAA,IAAAU,IAAA,CAAAC,GAAA,KAAAR,MAAA,CAAAC,cAAA,CAAAH,MAAA,EAAAK,GAAA,EAAAI,IAAA,YAAAT,MAAA,CAAAK,GAAA,IAAAX,GAAA,CAAAW,GAAA,SAAAL,MAAA,CAAAJ,OAAA,GAAAF,GAAA,MAAAG,KAAA,IAAAA,KAAA,CAAAa,GAAA,CAAAhB,GAAA,EAAAM,MAAA,YAAAA,MAAA;AAClB,MAAMW,cAAc,GACzB,oEAAoE;AAACC,OAAA,CAAAD,cAAA,GAAAA,cAAA;AAKhE,MAAME,yBAAyB,GAAG3B,CAAC,CAAC4B,OAAO,CAAC,WAAW,CAAC;
|
|
1
|
+
{"version":3,"names":["z","_interopRequireWildcard","require","_getRequireWildcardCache","nodeInterop","WeakMap","cacheBabelInterop","cacheNodeInterop","obj","__esModule","default","cache","has","get","newObj","hasPropertyDescriptor","Object","defineProperty","getOwnPropertyDescriptor","key","prototype","hasOwnProperty","call","desc","set","ASSERTION_TYPE","exports","SupportedCredentialFormat","union","literal"],"sourceRoot":"../../../../src","sources":["credential/issuance/const.ts"],"mappings":";;;;;;AAAA,IAAAA,CAAA,GAAAC,uBAAA,CAAAC,OAAA;AAAyB,SAAAC,yBAAAC,WAAA,eAAAC,OAAA,kCAAAC,iBAAA,OAAAD,OAAA,QAAAE,gBAAA,OAAAF,OAAA,YAAAF,wBAAA,YAAAA,CAAAC,WAAA,WAAAA,WAAA,GAAAG,gBAAA,GAAAD,iBAAA,KAAAF,WAAA;AAAA,SAAAH,wBAAAO,GAAA,EAAAJ,WAAA,SAAAA,WAAA,IAAAI,GAAA,IAAAA,GAAA,CAAAC,UAAA,WAAAD,GAAA,QAAAA,GAAA,oBAAAA,GAAA,wBAAAA,GAAA,4BAAAE,OAAA,EAAAF,GAAA,UAAAG,KAAA,GAAAR,wBAAA,CAAAC,WAAA,OAAAO,KAAA,IAAAA,KAAA,CAAAC,GAAA,CAAAJ,GAAA,YAAAG,KAAA,CAAAE,GAAA,CAAAL,GAAA,SAAAM,MAAA,WAAAC,qBAAA,GAAAC,MAAA,CAAAC,cAAA,IAAAD,MAAA,CAAAE,wBAAA,WAAAC,GAAA,IAAAX,GAAA,QAAAW,GAAA,kBAAAH,MAAA,CAAAI,SAAA,CAAAC,cAAA,CAAAC,IAAA,CAAAd,GAAA,EAAAW,GAAA,SAAAI,IAAA,GAAAR,qBAAA,GAAAC,MAAA,CAAAE,wBAAA,CAAAV,GAAA,EAAAW,GAAA,cAAAI,IAAA,KAAAA,IAAA,CAAAV,GAAA,IAAAU,IAAA,CAAAC,GAAA,KAAAR,MAAA,CAAAC,cAAA,CAAAH,MAAA,EAAAK,GAAA,EAAAI,IAAA,YAAAT,MAAA,CAAAK,GAAA,IAAAX,GAAA,CAAAW,GAAA,SAAAL,MAAA,CAAAJ,OAAA,GAAAF,GAAA,MAAAG,KAAA,IAAAA,KAAA,CAAAa,GAAA,CAAAhB,GAAA,EAAAM,MAAA,YAAAA,MAAA;AAClB,MAAMW,cAAc,GACzB,oEAAoE;AAACC,OAAA,CAAAD,cAAA,GAAAA,cAAA;AAKhE,MAAME,yBAAyB,GAAG3B,CAAC,CAAC4B,KAAK,CAAC,CAC/C5B,CAAC,CAAC6B,OAAO,CAAC,WAAW,CAAC,EACtB7B,CAAC,CAAC6B,OAAO,CAAC,cAAc,CAAC,CAC1B,CAAC;AAACH,OAAA,CAAAC,yBAAA,GAAAA,yBAAA"}
|
|
@@ -18,8 +18,16 @@ export const createNonceProof = async (nonce, issuer, audience, ctx) => {
|
|
|
18
18
|
};
|
|
19
19
|
const CredentialEndpointResponse = z.object({
|
|
20
20
|
credential: z.string(),
|
|
21
|
-
format: SupportedCredentialFormat
|
|
21
|
+
format: SupportedCredentialFormat,
|
|
22
|
+
// nonce used to perform multiple credential requests
|
|
23
|
+
// re-using the same authorization profile
|
|
24
|
+
c_nonce: z.string(),
|
|
25
|
+
c_nonce_expires_in: z.number()
|
|
22
26
|
});
|
|
27
|
+
// Checks whether in the Entity confoguration at least one credential
|
|
28
|
+
// is defined for the given type and format
|
|
29
|
+
const isCredentialAvailable = (issuerConf, credentialType, credentialFormat) => issuerConf.openid_credential_issuer.credentials_supported.some(c => c.format === credentialFormat && c.credential_definition.type.includes(credentialType));
|
|
30
|
+
|
|
23
31
|
/**
|
|
24
32
|
* Fetch a credential from the issuer
|
|
25
33
|
*
|
|
@@ -28,17 +36,21 @@ const CredentialEndpointResponse = z.object({
|
|
|
28
36
|
* @param nonce The nonce value to prevent reply attacks, obtained with the access authorization step
|
|
29
37
|
* @param clientId Identifies the current client across all the requests of the issuing flow
|
|
30
38
|
* @param credentialType The type of the credential to be requested
|
|
39
|
+
* @param credentialFormat The format of the requested credential. @see {SupportedCredentialFormat}
|
|
31
40
|
* @param context.credentialCryptoContext The context to access the key the Credential will be bound to
|
|
32
41
|
* @param context.walletProviderBaseUrl The base url of the Wallet Provider
|
|
33
42
|
* @param context.appFetch (optional) fetch api implementation. Default: built-in fetch
|
|
34
43
|
* @returns The signed credential token
|
|
35
44
|
*/
|
|
36
|
-
export const obtainCredential = async (issuerConf, accessToken, nonce, clientId, credentialType, context) => {
|
|
45
|
+
export const obtainCredential = async (issuerConf, accessToken, nonce, clientId, credentialType, credentialFormat, context) => {
|
|
37
46
|
const {
|
|
38
47
|
credentialCryptoContext,
|
|
39
48
|
walletProviderBaseUrl,
|
|
40
49
|
appFetch = fetch
|
|
41
50
|
} = context;
|
|
51
|
+
if (!isCredentialAvailable(issuerConf, credentialType, credentialFormat)) {
|
|
52
|
+
throw new Error(`The Issuer provides no credential for type ${credentialType} and format ${credentialFormat}`);
|
|
53
|
+
}
|
|
42
54
|
const credentialUrl = issuerConf.openid_credential_issuer.credential_endpoint;
|
|
43
55
|
|
|
44
56
|
/** DPoP token for demonstating the possession
|
|
@@ -60,7 +72,7 @@ export const obtainCredential = async (issuerConf, accessToken, nonce, clientId,
|
|
|
60
72
|
credential_definition: JSON.stringify({
|
|
61
73
|
type: [credentialType]
|
|
62
74
|
}),
|
|
63
|
-
format:
|
|
75
|
+
format: credentialFormat,
|
|
64
76
|
proof: JSON.stringify({
|
|
65
77
|
jwt: signedNonceProof,
|
|
66
78
|
proof_type: "jwt"
|
|
@@ -68,7 +80,8 @@ export const obtainCredential = async (issuerConf, accessToken, nonce, clientId,
|
|
|
68
80
|
});
|
|
69
81
|
const {
|
|
70
82
|
credential,
|
|
71
|
-
format
|
|
83
|
+
format,
|
|
84
|
+
c_nonce
|
|
72
85
|
} = await appFetch(credentialUrl, {
|
|
73
86
|
method: "POST",
|
|
74
87
|
headers: {
|
|
@@ -80,7 +93,8 @@ export const obtainCredential = async (issuerConf, accessToken, nonce, clientId,
|
|
|
80
93
|
}).then(hasStatus(200)).then(res => res.json()).then(CredentialEndpointResponse.parse);
|
|
81
94
|
return {
|
|
82
95
|
credential,
|
|
83
|
-
format
|
|
96
|
+
format,
|
|
97
|
+
nonce: c_nonce
|
|
84
98
|
};
|
|
85
99
|
};
|
|
86
100
|
//# sourceMappingURL=06-obtain-credential.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["z","uuid","SignJWT","createDPopToken","hasStatus","SupportedCredentialFormat","createNonceProof","nonce","issuer","audience","ctx","setPayload","jwk","getPublicKey","setProtectedHeader","type","setAudience","setIssuer","setIssuedAt","setExpirationTime","sign","CredentialEndpointResponse","object","credential","string","format","
|
|
1
|
+
{"version":3,"names":["z","uuid","SignJWT","createDPopToken","hasStatus","SupportedCredentialFormat","createNonceProof","nonce","issuer","audience","ctx","setPayload","jwk","getPublicKey","setProtectedHeader","type","setAudience","setIssuer","setIssuedAt","setExpirationTime","sign","CredentialEndpointResponse","object","credential","string","format","c_nonce","c_nonce_expires_in","number","isCredentialAvailable","issuerConf","credentialType","credentialFormat","openid_credential_issuer","credentials_supported","some","c","credential_definition","includes","obtainCredential","accessToken","clientId","context","credentialCryptoContext","walletProviderBaseUrl","appFetch","fetch","Error","credentialUrl","credential_endpoint","signedDPopForPid","htm","htu","jti","v4","signedNonceProof","formBody","URLSearchParams","JSON","stringify","proof","jwt","proof_type","method","headers","DPoP","Authorization","body","toString","then","res","json","parse"],"sourceRoot":"../../../../src","sources":["credential/issuance/06-obtain-credential.ts"],"mappings":"AAAA,OAAO,KAAKA,CAAC,MAAM,KAAK;AACxB,OAAOC,IAAI,MAAM,mBAAmB;AACpC,SAASC,OAAO,QAA4B,6BAA6B;AACzE,SAASC,eAAe,QAAQ,kBAAkB;AAGlD,SAASC,SAAS,QAAkB,kBAAkB;AAGtD,SAASC,yBAAyB,QAAQ,SAAS;;AAEnD;AACA;AACA;AACA,OAAO,MAAMC,gBAAgB,GAAG,MAAAA,CAC9BC,KAAa,EACbC,MAAc,EACdC,QAAgB,EAChBC,GAAkB,KACE;EACpB,OAAO,IAAIR,OAAO,CAACQ,GAAG,CAAC,CACpBC,UAAU,CAAC;IACVJ,KAAK;IACLK,GAAG,EAAE,MAAMF,GAAG,CAACG,YAAY,CAAC;EAC9B,CAAC,CAAC,CACDC,kBAAkB,CAAC;IAClBC,IAAI,EAAE;EACR,CAAC,CAAC,CACDC,WAAW,CAACP,QAAQ,CAAC,CACrBQ,SAAS,CAACT,MAAM,CAAC,CACjBU,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBC,IAAI,CAAC,CAAC;AACX,CAAC;AAED,MAAMC,0BAA0B,GAAGrB,CAAC,CAACsB,MAAM,CAAC;EAC1CC,UAAU,EAAEvB,CAAC,CAACwB,MAAM,CAAC,CAAC;EACtBC,MAAM,EAAEpB,yBAAyB;EACjC;EACA;EACAqB,OAAO,EAAE1B,CAAC,CAACwB,MAAM,CAAC,CAAC;EACnBG,kBAAkB,EAAE3B,CAAC,CAAC4B,MAAM,CAAC;AAC/B,CAAC,CAAC;AAoBF;AACA;AACA,MAAMC,qBAAqB,GAAGA,CAC5BC,UAAkD,EAClDC,cAAgD,EAChDC,gBAA2C,KAE3CF,UAAU,CAACG,wBAAwB,CAACC,qBAAqB,CAACC,IAAI,CAC3DC,CAAC,IACAA,CAAC,CAACX,MAAM,KAAKO,gBAAgB,IAC7BI,CAAC,CAACC,qBAAqB,CAACtB,IAAI,CAACuB,QAAQ,CAACP,cAAc,CACxD,CAAC;;AAEH;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMQ,gBAAkC,GAAG,MAAAA,CAChDT,UAAU,EACVU,WAAW,EACXjC,KAAK,EACLkC,QAAQ,EACRV,cAAc,EACdC,gBAAgB,EAChBU,OAAO,KACJ;EACH,MAAM;IACJC,uBAAuB;IACvBC,qBAAqB;IACrBC,QAAQ,GAAGC;EACb,CAAC,GAAGJ,OAAO;EAEX,IAAI,CAACb,qBAAqB,CAACC,UAAU,EAAEC,cAAc,EAAEC,gBAAgB,CAAC,EAAE;IACxE,MAAM,IAAIe,KAAK,CACZ,8CAA6ChB,cAAe,eAAcC,gBAAiB,EAC9F,CAAC;EACH;EAEA,MAAMgB,aAAa,GAAGlB,UAAU,CAACG,wBAAwB,CAACgB,mBAAmB;;EAE7E;AACF;AACA;EACE,MAAMC,gBAAgB,GAAG,MAAM/C,eAAe,CAC5C;IACEgD,GAAG,EAAE,MAAM;IACXC,GAAG,EAAEJ,aAAa;IAClBK,GAAG,EAAG,GAAEpD,IAAI,CAACqD,EAAE,CAAC,CAAE;EACpB,CAAC,EACDX,uBACF,CAAC;;EAED;AACF;AACA;EACE,MAAMY,gBAAgB,GAAG,MAAMjD,gBAAgB,CAC7CC,KAAK,EACLkC,QAAQ,EACRG,qBAAqB,EACrBD,uBACF,CAAC;;EAED;EACA,MAAMa,QAAQ,GAAG,IAAIC,eAAe,CAAC;IACnCpB,qBAAqB,EAAEqB,IAAI,CAACC,SAAS,CAAC;MACpC5C,IAAI,EAAE,CAACgB,cAAc;IACvB,CAAC,CAAC;IACFN,MAAM,EAAEO,gBAAgB;IACxB4B,KAAK,EAAEF,IAAI,CAACC,SAAS,CAAC;MACpBE,GAAG,EAAEN,gBAAgB;MACrBO,UAAU,EAAE;IACd,CAAC;EACH,CAAC,CAAC;EAEF,MAAM;IAAEvC,UAAU;IAAEE,MAAM;IAAEC;EAAQ,CAAC,GAAG,MAAMmB,QAAQ,CAACG,aAAa,EAAE;IACpEe,MAAM,EAAE,MAAM;IACdC,OAAO,EAAE;MACP,cAAc,EAAE,mCAAmC;MACnDC,IAAI,EAAEf,gBAAgB;MACtBgB,aAAa,EAAE1B;IACjB,CAAC;IACD2B,IAAI,EAAEX,QAAQ,CAACY,QAAQ,CAAC;EAC1B,CAAC,CAAC,CACCC,IAAI,CAACjE,SAAS,CAAC,GAAG,CAAC,CAAC,CACpBiE,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBF,IAAI,CAAChD,0BAA0B,CAACmD,KAAK,CAAC;EAEzC,OAAO;IAAEjD,UAAU;IAAEE,MAAM;IAAElB,KAAK,EAAEmB;EAAQ,CAAC;AAC/C,CAAC"}
|
|
@@ -15,7 +15,7 @@ const parseCredentialSdJwt = function (credentials_supported, _ref) {
|
|
|
15
15
|
let ignoreMissingAttributes = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : false;
|
|
16
16
|
// find the definition that matches the received credential's type
|
|
17
17
|
// warning: if more then a defintion is found, the first is retrieved
|
|
18
|
-
const credentialSubject = (_credentials_supporte = credentials_supported.find(c => c.credential_definition.type.includes(sdJwt.payload.type))) === null || _credentials_supporte === void 0 ? void 0 : _credentials_supporte.credential_definition.credentialSubject;
|
|
18
|
+
const credentialSubject = (_credentials_supporte = credentials_supported.find(c => c.format === "vc+sd-jwt" && c.credential_definition.type.includes(sdJwt.payload.type))) === null || _credentials_supporte === void 0 ? void 0 : _credentials_supporte.credential_definition.credentialSubject;
|
|
19
19
|
|
|
20
20
|
// the received credential matches no supported credential, throw an exception
|
|
21
21
|
if (!credentialSubject) {
|
|
@@ -50,7 +50,7 @@ const parseCredentialSdJwt = function (credentials_supported, _ref) {
|
|
|
50
50
|
|
|
51
51
|
// attributes that are defined in the issuer configuration
|
|
52
52
|
// and are present in the disclosure set
|
|
53
|
-
const definedValues = attrDefinitions
|
|
53
|
+
const definedValues = Object.fromEntries(attrDefinitions
|
|
54
54
|
// retrieve the value from the disclosure set
|
|
55
55
|
.map(_ref4 => {
|
|
56
56
|
var _disclosures$find;
|
|
@@ -80,21 +80,21 @@ const parseCredentialSdJwt = function (credentials_supported, _ref) {
|
|
|
80
80
|
};
|
|
81
81
|
}, {})
|
|
82
82
|
}];
|
|
83
|
-
});
|
|
83
|
+
}));
|
|
84
84
|
|
|
85
85
|
// attributes that are in the disclosure set
|
|
86
86
|
// but are not defined in the issuer configuration
|
|
87
|
-
const undefinedValues = disclosures.filter(_ => !Object.keys(definedValues).includes(_[1])).map(_ref7 => {
|
|
87
|
+
const undefinedValues = Object.fromEntries(disclosures.filter(_ => !Object.keys(definedValues).includes(_[1])).map(_ref7 => {
|
|
88
88
|
let [, key, value] = _ref7;
|
|
89
89
|
return [key, {
|
|
90
90
|
value,
|
|
91
91
|
mandatory: false,
|
|
92
92
|
name: key
|
|
93
93
|
}];
|
|
94
|
-
});
|
|
94
|
+
}));
|
|
95
95
|
return {
|
|
96
|
-
...
|
|
97
|
-
...
|
|
96
|
+
...definedValues,
|
|
97
|
+
...undefinedValues
|
|
98
98
|
};
|
|
99
99
|
};
|
|
100
100
|
|
|
@@ -139,6 +139,10 @@ const verifyAndParseCredentialSdJwt = async (issuerConf, credential, _, _ref8) =
|
|
|
139
139
|
parsedCredential
|
|
140
140
|
};
|
|
141
141
|
};
|
|
142
|
+
const verifyAndParseCredentialMdoc = async (_issuerConf, _credential, _, _ctx) => {
|
|
143
|
+
// TODO: [SIW-686] decode MDOC credentials
|
|
144
|
+
throw new Error("verifyAndParseCredentialMdoc not implemented yet");
|
|
145
|
+
};
|
|
142
146
|
|
|
143
147
|
/**
|
|
144
148
|
* Verify and parse an encoded credential
|
|
@@ -156,6 +160,8 @@ const verifyAndParseCredentialSdJwt = async (issuerConf, credential, _, _ref8) =
|
|
|
156
160
|
export const verifyAndParseCredential = async (issuerConf, credential, format, context) => {
|
|
157
161
|
if (format === "vc+sd-jwt") {
|
|
158
162
|
return verifyAndParseCredentialSdJwt(issuerConf, credential, format, context);
|
|
163
|
+
} else if (format === "vc+mdoc-cbor") {
|
|
164
|
+
return verifyAndParseCredentialMdoc(issuerConf, credential, format, context);
|
|
159
165
|
}
|
|
160
166
|
const _ = format;
|
|
161
167
|
throw new IoWalletError(`Unsupported credential format: ${_}`);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["IoWalletError","SdJwt4VC","verify","verifySdJwt","parseCredentialSdJwt","credentials_supported","_ref","_credentials_supporte","sdJwt","disclosures","ignoreMissingAttributes","arguments","length","undefined","credentialSubject","find","c","credential_definition","type","includes","payload","expected","flatMap","_","join","attrDefinitions","Object","entries","attrsNotInDisclosures","filter","_ref2","attrKey","mandatory","some","_ref3","name","missing","map","received","definedValues","_ref4","_disclosures$find","definition","value","_ref5","display","reduce","names","_ref6","locale","undefinedValues","keys","_ref7","key","
|
|
1
|
+
{"version":3,"names":["IoWalletError","SdJwt4VC","verify","verifySdJwt","parseCredentialSdJwt","credentials_supported","_ref","_credentials_supporte","sdJwt","disclosures","ignoreMissingAttributes","arguments","length","undefined","credentialSubject","find","c","format","credential_definition","type","includes","payload","expected","flatMap","_","join","attrDefinitions","Object","entries","attrsNotInDisclosures","filter","_ref2","attrKey","mandatory","some","_ref3","name","missing","map","received","definedValues","fromEntries","_ref4","_disclosures$find","definition","value","_ref5","display","reduce","names","_ref6","locale","undefinedValues","keys","_ref7","key","verifyCredentialSdJwt","rawCredential","issuerKeys","holderBindingContext","decodedCredential","holderBindingKey","Promise","all","getPublicKey","cnf","jwk","kid","verifyAndParseCredentialSdJwt","issuerConf","credential","_ref8","credentialCryptoContext","decoded","openid_credential_issuer","jwks","parsedCredential","verifyAndParseCredentialMdoc","_issuerConf","_credential","_ctx","Error","verifyAndParseCredential","context"],"sourceRoot":"../../../../src","sources":["credential/issuance/07-verify-and-parse-credential.ts"],"mappings":"AAGA,SAASA,aAAa,QAAQ,oBAAoB;AAClD,SAASC,QAAQ,QAAQ,oBAAoB;AAC7C,SAASC,MAAM,IAAIC,WAAW,QAAQ,cAAc;;AAcpD;;AAmBA;;AAKA,MAAMC,oBAAoB,GAAG,SAAAA,CAE3BC,qBAAkH,EAAAC,IAAA,EAG7F;EAAA,IAAAC,qBAAA;EAAA,IAFrB;IAAEC,KAAK;IAAEC;EAAoC,CAAC,GAAAH,IAAA;EAAA,IAC9CI,uBAAgC,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,KAAK;EAExC;EACA;EACA,MAAMG,iBAAiB,IAAAP,qBAAA,GAAGF,qBAAqB,CAACU,IAAI,CACjDC,CAAC,IACAA,CAAC,CAACC,MAAM,KAAK,WAAW,IACxBD,CAAC,CAACE,qBAAqB,CAACC,IAAI,CAACC,QAAQ,CAACZ,KAAK,CAACa,OAAO,CAACF,IAAI,CAC5D,CAAC,cAAAZ,qBAAA,uBAJyBA,qBAAA,CAIvBW,qBAAqB,CAACJ,iBAAiB;;EAE1C;EACA,IAAI,CAACA,iBAAiB,EAAE;IACtB,MAAMQ,QAAQ,GAAGjB,qBAAqB,CACnCkB,OAAO,CAAEC,CAAC,IAAKA,CAAC,CAACN,qBAAqB,CAACC,IAAI,CAAC,CAC5CM,IAAI,CAAC,IAAI,CAAC;IACb,MAAM,IAAIzB,aAAa,CACpB,gEAA+DsB,QAAS,gBAAed,KAAK,CAACa,OAAO,CAACF,IAAK,KAC7G,CAAC;EACH;;EAEA;EACA,MAAMO,eAAe,GAAGC,MAAM,CAACC,OAAO,CAACd,iBAAiB,CAAC;;EAEzD;EACA;EACA,MAAMe,qBAAqB,GAAGH,eAAe,CAACI,MAAM,CAClDC,KAAA;IAAA,IAAC,CAACC,OAAO,EAAE;MAAEC;IAAU,CAAC,CAAC,GAAAF,KAAA;IAAA,OACvBE,SAAS,IAAI,CAACxB,WAAW,CAACyB,IAAI,CAACC,KAAA;MAAA,IAAC,GAAGC,IAAI,CAAC,GAAAD,KAAA;MAAA,OAAKC,IAAI,KAAKJ,OAAO;IAAA,EAAC;EAAA,CAClE,CAAC;EACD,IAAIH,qBAAqB,CAACjB,MAAM,GAAG,CAAC,EAAE;IACpC,MAAMyB,OAAO,GAAGR,qBAAqB,CAACS,GAAG,CAAEd,CAAC,IAAKA,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAACC,IAAI,CAAC,IAAI,CAAC;IAC3E,MAAMc,QAAQ,GAAG9B,WAAW,CAAC6B,GAAG,CAAEd,CAAC,IAAKA,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAACC,IAAI,CAAC,IAAI,CAAC;IACnE;IACA;IACA;IACA,IAAI,CAACf,uBAAuB,EAAE;MAC5B,MAAM,IAAIV,aAAa,CACpB,4DAA2DqC,OAAQ,iBAAgBE,QAAS,GAC/F,CAAC;IACH;EACF;;EAEA;EACA;EACA,MAAMC,aAAa,GAAGb,MAAM,CAACc,WAAW,CACtCf;EACE;EAAA,CACCY,GAAG,CACFI,KAAA;IAAA,IAAAC,iBAAA;IAAA,IAAC,CAACX,OAAO,EAAEY,UAAU,CAAC,GAAAF,KAAA;IAAA,OACpB,CACEV,OAAO,EACP;MACE,GAAGY,UAAU;MACbC,KAAK,GAAAF,iBAAA,GAAElC,WAAW,CAACM,IAAI,CACpBS,CAAC,IAAKA,CAAC,CAAC,CAAC,CAAC,WAAW,KAAKQ,OAC7B,CAAC,cAAAW,iBAAA,uBAFMA,iBAAA,CAEH,CAAC,CAAC;IACR,CAAC,CACF;EAAA,CACL;EACA;EACA;EAAA,CACCL,GAAG,CACFQ,KAAA;IAAA,IAAC,CAACd,OAAO,EAAE;MAAEe,OAAO;MAAE,GAAGH;IAAW,CAAC,CAAC,GAAAE,KAAA;IAAA,OACpC,CACEd,OAAO,EACP;MACE,GAAGY,UAAU;MACbR,IAAI,EAAEW,OAAO,CAACC,MAAM,CAClB,CAACC,KAAK,EAAAC,KAAA;QAAA,IAAE;UAAEC,MAAM;UAAEf;QAAK,CAAC,GAAAc,KAAA;QAAA,OAAM;UAAE,GAAGD,KAAK;UAAE,CAACE,MAAM,GAAGf;QAAK,CAAC;MAAA,CAAC,EAC3D,CAAC,CACH;IACF,CAAC,CACF;EAAA,CACL,CACJ,CAAC;;EAED;EACA;EACA,MAAMgB,eAAe,GAAGzB,MAAM,CAACc,WAAW,CACxChC,WAAW,CACRqB,MAAM,CAAEN,CAAC,IAAK,CAACG,MAAM,CAAC0B,IAAI,CAACb,aAAa,CAAC,CAACpB,QAAQ,CAACI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CACzDc,GAAG,CAACgB,KAAA;IAAA,IAAC,GAAGC,GAAG,EAAEV,KAAK,CAAC,GAAAS,KAAA;IAAA,OAAK,CAACC,GAAG,EAAE;MAAEV,KAAK;MAAEZ,SAAS,EAAE,KAAK;MAAEG,IAAI,EAAEmB;IAAI,CAAC,CAAC;EAAA,EAC1E,CAAC;EAED,OAAO;IACL,GAAGf,aAAa;IAChB,GAAGY;EACL,CAAC;AACH,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,eAAeI,qBAAqBA,CAClCC,aAAqB,EACrBC,UAAiB,EACjBC,oBAAmC,EACF;EACjC,MAAM,CAACC,iBAAiB,EAAEC,gBAAgB,CAAC;EACzC;EACA,MAAMC,OAAO,CAACC,GAAG,CAAC,CAChB5D,WAAW,CAACsD,aAAa,EAAEC,UAAU,EAAEzD,QAAQ,CAAC,EAChD0D,oBAAoB,CAACK,YAAY,CAAC,CAAC,CACpC,CAAC;EAEJ,MAAM;IAAEC;EAAI,CAAC,GAAGL,iBAAiB,CAACpD,KAAK,CAACa,OAAO;EAE/C,IAAI,CAAC4C,GAAG,CAACC,GAAG,CAACC,GAAG,IAAIF,GAAG,CAACC,GAAG,CAACC,GAAG,KAAKN,gBAAgB,CAACM,GAAG,EAAE;IACxD,MAAM,IAAInE,aAAa,CACpB,kDAAiD6D,gBAAgB,CAACM,GAAI,UAASP,iBAAiB,CAACpD,KAAK,CAACa,OAAO,CAAC4C,GAAG,CAACC,GAAG,CAACC,GAAI,EAC9H,CAAC;EACH;EAEA,OAAOP,iBAAiB;AAC1B;;AAEA;;AAQA,MAAMQ,6BAAsD,GAAG,MAAAA,CAC7DC,UAAU,EACVC,UAAU,EACV9C,CAAC,EAAA+C,KAAA,KAEE;EAAA,IADH;IAAEC,uBAAuB;IAAE9D;EAAwB,CAAC,GAAA6D,KAAA;EAEpD,MAAME,OAAO,GAAG,MAAMjB,qBAAqB,CACzCc,UAAU,EACVD,UAAU,CAACK,wBAAwB,CAACC,IAAI,CAACtB,IAAI,EAC7CmB,uBACF,CAAC;EAED,MAAMI,gBAAgB,GAAGxE,oBAAoB,CAC3CiE,UAAU,CAACK,wBAAwB,CAACrE,qBAAqB,EACzDoE,OAAO,EACP/D,uBACF,CAAC;EAED,OAAO;IAAEkE;EAAiB,CAAC;AAC7B,CAAC;AAED,MAAMC,4BAAwD,GAAG,MAAAA,CAC/DC,WAAW,EACXC,WAAW,EACXvD,CAAC,EACDwD,IAAI,KACD;EACH;EACA,MAAM,IAAIC,KAAK,CAAC,kDAAkD,CAAC;AACrE,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,wBAAkD,GAAG,MAAAA,CAChEb,UAAU,EACVC,UAAU,EACVrD,MAAM,EACNkE,OAAO,KACJ;EACH,IAAIlE,MAAM,KAAK,WAAW,EAAE;IAC1B,OAAOmD,6BAA6B,CAClCC,UAAU,EACVC,UAAU,EACVrD,MAAM,EACNkE,OACF,CAAC;EACH,CAAC,MAAM,IAAIlE,MAAM,KAAK,cAAc,EAAE;IACpC,OAAO4D,4BAA4B,CACjCR,UAAU,EACVC,UAAU,EACVrD,MAAM,EACNkE,OACF,CAAC;EACH;EAEA,MAAM3D,CAAQ,GAAGP,MAAM;EACvB,MAAM,IAAIjB,aAAa,CAAE,kCAAiCwB,CAAE,EAAC,CAAC;AAChE,CAAC"}
|
|
@@ -1,4 +1,4 @@
|
|
|
1
1
|
import * as z from "zod";
|
|
2
2
|
export const ASSERTION_TYPE = "urn:ietf:params:oauth:client-assertion-type:jwt-client-attestation";
|
|
3
|
-
export const SupportedCredentialFormat = z.literal("vc+sd-jwt");
|
|
3
|
+
export const SupportedCredentialFormat = z.union([z.literal("vc+sd-jwt"), z.literal("vc+mdoc-cbor")]);
|
|
4
4
|
//# sourceMappingURL=const.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["z","ASSERTION_TYPE","SupportedCredentialFormat","literal"],"sourceRoot":"../../../../src","sources":["credential/issuance/const.ts"],"mappings":"AAAA,OAAO,KAAKA,CAAC,MAAM,KAAK;AACxB,OAAO,MAAMC,cAAc,GACzB,oEAAoE;AAKtE,OAAO,MAAMC,yBAAyB,GAAGF,CAAC,CAACG,OAAO,CAAC,WAAW,CAAC"}
|
|
1
|
+
{"version":3,"names":["z","ASSERTION_TYPE","SupportedCredentialFormat","union","literal"],"sourceRoot":"../../../../src","sources":["credential/issuance/const.ts"],"mappings":"AAAA,OAAO,KAAKA,CAAC,MAAM,KAAK;AACxB,OAAO,MAAMC,cAAc,GACzB,oEAAoE;AAKtE,OAAO,MAAMC,yBAAyB,GAAGF,CAAC,CAACG,KAAK,CAAC,CAC/CH,CAAC,CAACI,OAAO,CAAC,WAAW,CAAC,EACtBJ,CAAC,CAACI,OAAO,CAAC,cAAc,CAAC,CAC1B,CAAC"}
|
|
@@ -8,13 +8,14 @@ import { SupportedCredentialFormat } from "./const";
|
|
|
8
8
|
* Return the signed jwt for nonce proof of possession
|
|
9
9
|
*/
|
|
10
10
|
export declare const createNonceProof: (nonce: string, issuer: string, audience: string, ctx: CryptoContext) => Promise<string>;
|
|
11
|
-
export type ObtainCredential = (issuerConf: Out<EvaluateIssuerTrust>["issuerConf"], accessToken: Out<AuthorizeAccess>["accessToken"], nonce: Out<AuthorizeAccess>["nonce"], clientId: Out<AuthorizeAccess>["clientId"], credentialType: Out<StartFlow>["credentialType"], context: {
|
|
11
|
+
export type ObtainCredential = (issuerConf: Out<EvaluateIssuerTrust>["issuerConf"], accessToken: Out<AuthorizeAccess>["accessToken"], nonce: Out<AuthorizeAccess>["nonce"], clientId: Out<AuthorizeAccess>["clientId"], credentialType: Out<StartFlow>["credentialType"], credentialFormat: SupportedCredentialFormat, context: {
|
|
12
12
|
credentialCryptoContext: CryptoContext;
|
|
13
13
|
walletProviderBaseUrl: string;
|
|
14
14
|
appFetch?: GlobalFetch["fetch"];
|
|
15
15
|
}) => Promise<{
|
|
16
16
|
credential: string;
|
|
17
17
|
format: SupportedCredentialFormat;
|
|
18
|
+
nonce: string;
|
|
18
19
|
}>;
|
|
19
20
|
/**
|
|
20
21
|
* Fetch a credential from the issuer
|
|
@@ -24,6 +25,7 @@ export type ObtainCredential = (issuerConf: Out<EvaluateIssuerTrust>["issuerConf
|
|
|
24
25
|
* @param nonce The nonce value to prevent reply attacks, obtained with the access authorization step
|
|
25
26
|
* @param clientId Identifies the current client across all the requests of the issuing flow
|
|
26
27
|
* @param credentialType The type of the credential to be requested
|
|
28
|
+
* @param credentialFormat The format of the requested credential. @see {SupportedCredentialFormat}
|
|
27
29
|
* @param context.credentialCryptoContext The context to access the key the Credential will be bound to
|
|
28
30
|
* @param context.walletProviderBaseUrl The base url of the Wallet Provider
|
|
29
31
|
* @param context.appFetch (optional) fetch api implementation. Default: built-in fetch
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"06-obtain-credential.d.ts","sourceRoot":"","sources":["../../../../src/credential/issuance/06-obtain-credential.ts"],"names":[],"mappings":"AAEA,OAAO,EAAW,KAAK,aAAa,EAAE,MAAM,6BAA6B,CAAC;AAG1E,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AACjD,OAAO,EAAa,KAAK,GAAG,EAAE,MAAM,kBAAkB,CAAC;AACvD,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;AACtE,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AAC7D,OAAO,EAAE,yBAAyB,EAAE,MAAM,SAAS,CAAC;AAEpD;;GAEG;AACH,eAAO,MAAM,gBAAgB,UACpB,MAAM,UACL,MAAM,YACJ,MAAM,OACX,aAAa,KACjB,QAAQ,MAAM,CAchB,CAAC;
|
|
1
|
+
{"version":3,"file":"06-obtain-credential.d.ts","sourceRoot":"","sources":["../../../../src/credential/issuance/06-obtain-credential.ts"],"names":[],"mappings":"AAEA,OAAO,EAAW,KAAK,aAAa,EAAE,MAAM,6BAA6B,CAAC;AAG1E,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AACjD,OAAO,EAAa,KAAK,GAAG,EAAE,MAAM,kBAAkB,CAAC;AACvD,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;AACtE,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AAC7D,OAAO,EAAE,yBAAyB,EAAE,MAAM,SAAS,CAAC;AAEpD;;GAEG;AACH,eAAO,MAAM,gBAAgB,UACpB,MAAM,UACL,MAAM,YACJ,MAAM,OACX,aAAa,KACjB,QAAQ,MAAM,CAchB,CAAC;AAWF,MAAM,MAAM,gBAAgB,GAAG,CAC7B,UAAU,EAAE,GAAG,CAAC,mBAAmB,CAAC,CAAC,YAAY,CAAC,EAClD,WAAW,EAAE,GAAG,CAAC,eAAe,CAAC,CAAC,aAAa,CAAC,EAChD,KAAK,EAAE,GAAG,CAAC,eAAe,CAAC,CAAC,OAAO,CAAC,EACpC,QAAQ,EAAE,GAAG,CAAC,eAAe,CAAC,CAAC,UAAU,CAAC,EAC1C,cAAc,EAAE,GAAG,CAAC,SAAS,CAAC,CAAC,gBAAgB,CAAC,EAChD,gBAAgB,EAAE,yBAAyB,EAC3C,OAAO,EAAE;IACP,uBAAuB,EAAE,aAAa,CAAC;IACvC,qBAAqB,EAAE,MAAM,CAAC;IAC9B,QAAQ,CAAC,EAAE,WAAW,CAAC,OAAO,CAAC,CAAC;CACjC,KACE,OAAO,CAAC;IACX,UAAU,EAAE,MAAM,CAAC;IACnB,MAAM,EAAE,yBAAyB,CAAC;IAClC,KAAK,EAAE,MAAM,CAAC;CACf,CAAC,CAAC;AAeH;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,gBAAgB,EAAE,gBAuE9B,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"07-verify-and-parse-credential.d.ts","sourceRoot":"","sources":["../../../../src/credential/issuance/07-verify-and-parse-credential.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,GAAG,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;AACtE,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAK/D,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,6BAA6B,CAAC;AAEjE,MAAM,MAAM,wBAAwB,GAAG,CACrC,UAAU,EAAE,GAAG,CAAC,mBAAmB,CAAC,CAAC,YAAY,CAAC,EAClD,UAAU,EAAE,GAAG,CAAC,gBAAgB,CAAC,CAAC,YAAY,CAAC,EAC/C,MAAM,EAAE,GAAG,CAAC,gBAAgB,CAAC,CAAC,QAAQ,CAAC,EACvC,OAAO,EAAE;IACP,uBAAuB,EAAE,aAAa,CAAC;IACvC,uBAAuB,CAAC,EAAE,OAAO,CAAC;CACnC,KACE,OAAO,CAAC;IAAE,gBAAgB,EAAE,gBAAgB,CAAA;CAAE,CAAC,CAAC;AAGrD,KAAK,gBAAgB,GAAG,MAAM;AAC5B,oBAAoB;AACpB,MAAM,EACN;IACE,2CAA2C;IAC3C,IAAI,EACA,yBAAyB,CAAC,MAAM,CAC9B,MAAM,EACN,MAAM,CACP,GACD,4BAA4B,CAAC,MAAM,CAAC;IACxC,+CAA+C;IAC/C,SAAS,EAAE,OAAO,CAAC;IACnB,wCAAwC;IACxC,KAAK,EAAE,OAAO,CAAC;CAChB,CACF,CAAC;
|
|
1
|
+
{"version":3,"file":"07-verify-and-parse-credential.d.ts","sourceRoot":"","sources":["../../../../src/credential/issuance/07-verify-and-parse-credential.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,GAAG,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;AACtE,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAK/D,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,6BAA6B,CAAC;AAEjE,MAAM,MAAM,wBAAwB,GAAG,CACrC,UAAU,EAAE,GAAG,CAAC,mBAAmB,CAAC,CAAC,YAAY,CAAC,EAClD,UAAU,EAAE,GAAG,CAAC,gBAAgB,CAAC,CAAC,YAAY,CAAC,EAC/C,MAAM,EAAE,GAAG,CAAC,gBAAgB,CAAC,CAAC,QAAQ,CAAC,EACvC,OAAO,EAAE;IACP,uBAAuB,EAAE,aAAa,CAAC;IACvC,uBAAuB,CAAC,EAAE,OAAO,CAAC;CACnC,KACE,OAAO,CAAC;IAAE,gBAAgB,EAAE,gBAAgB,CAAA;CAAE,CAAC,CAAC;AAGrD,KAAK,gBAAgB,GAAG,MAAM;AAC5B,oBAAoB;AACpB,MAAM,EACN;IACE,2CAA2C;IAC3C,IAAI,EACA,yBAAyB,CAAC,MAAM,CAC9B,MAAM,EACN,MAAM,CACP,GACD,4BAA4B,CAAC,MAAM,CAAC;IACxC,+CAA+C;IAC/C,SAAS,EAAE,OAAO,CAAC;IACnB,wCAAwC;IACxC,KAAK,EAAE,OAAO,CAAC;CAChB,CACF,CAAC;AAkLF;;;;;;;;;;;;GAYG;AACH,eAAO,MAAM,wBAAwB,EAAE,wBAwBtC,CAAC"}
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import * as z from "zod";
|
|
2
2
|
export declare const ASSERTION_TYPE = "urn:ietf:params:oauth:client-assertion-type:jwt-client-attestation";
|
|
3
3
|
export type SupportedCredentialFormat = z.infer<typeof SupportedCredentialFormat>;
|
|
4
|
-
export declare const SupportedCredentialFormat: z.ZodLiteral<"vc+sd-jwt">;
|
|
4
|
+
export declare const SupportedCredentialFormat: z.ZodUnion<[z.ZodLiteral<"vc+sd-jwt">, z.ZodLiteral<"vc+mdoc-cbor">]>;
|
|
5
5
|
//# sourceMappingURL=const.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"const.d.ts","sourceRoot":"","sources":["../../../../src/credential/issuance/const.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,CAAC,MAAM,KAAK,CAAC;AACzB,eAAO,MAAM,cAAc,uEAC2C,CAAC;AAEvE,MAAM,MAAM,yBAAyB,GAAG,CAAC,CAAC,KAAK,CAC7C,OAAO,yBAAyB,CACjC,CAAC;AACF,eAAO,MAAM,yBAAyB,
|
|
1
|
+
{"version":3,"file":"const.d.ts","sourceRoot":"","sources":["../../../../src/credential/issuance/const.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,CAAC,MAAM,KAAK,CAAC;AACzB,eAAO,MAAM,cAAc,uEAC2C,CAAC;AAEvE,MAAM,MAAM,yBAAyB,GAAG,CAAC,CAAC,KAAK,CAC7C,OAAO,yBAAyB,CACjC,CAAC;AACF,eAAO,MAAM,yBAAyB,uEAGpC,CAAC"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@pagopa/io-react-native-wallet",
|
|
3
|
-
"version": "0.
|
|
3
|
+
"version": "0.11.1",
|
|
4
4
|
"description": "Provide data structures, helpers and API for IO Wallet",
|
|
5
5
|
"main": "lib/commonjs/index",
|
|
6
6
|
"module": "lib/module/index",
|
|
@@ -82,7 +82,7 @@
|
|
|
82
82
|
"engines": {
|
|
83
83
|
"node": ">= 16.0.0"
|
|
84
84
|
},
|
|
85
|
-
"packageManager": "
|
|
85
|
+
"packageManager": "yarn@1.22.19",
|
|
86
86
|
"jest": {
|
|
87
87
|
"preset": "react-native",
|
|
88
88
|
"modulePathIgnorePatterns": [
|
|
@@ -109,4 +109,4 @@
|
|
|
109
109
|
"react-native-uuid": "^2.0.1",
|
|
110
110
|
"zod": "^3.21.4"
|
|
111
111
|
}
|
|
112
|
-
}
|
|
112
|
+
}
|
|
@@ -36,6 +36,10 @@ export const createNonceProof = async (
|
|
|
36
36
|
const CredentialEndpointResponse = z.object({
|
|
37
37
|
credential: z.string(),
|
|
38
38
|
format: SupportedCredentialFormat,
|
|
39
|
+
// nonce used to perform multiple credential requests
|
|
40
|
+
// re-using the same authorization profile
|
|
41
|
+
c_nonce: z.string(),
|
|
42
|
+
c_nonce_expires_in: z.number(),
|
|
39
43
|
});
|
|
40
44
|
|
|
41
45
|
export type ObtainCredential = (
|
|
@@ -44,12 +48,30 @@ export type ObtainCredential = (
|
|
|
44
48
|
nonce: Out<AuthorizeAccess>["nonce"],
|
|
45
49
|
clientId: Out<AuthorizeAccess>["clientId"],
|
|
46
50
|
credentialType: Out<StartFlow>["credentialType"],
|
|
51
|
+
credentialFormat: SupportedCredentialFormat,
|
|
47
52
|
context: {
|
|
48
53
|
credentialCryptoContext: CryptoContext;
|
|
49
54
|
walletProviderBaseUrl: string;
|
|
50
55
|
appFetch?: GlobalFetch["fetch"];
|
|
51
56
|
}
|
|
52
|
-
) => Promise<{
|
|
57
|
+
) => Promise<{
|
|
58
|
+
credential: string;
|
|
59
|
+
format: SupportedCredentialFormat;
|
|
60
|
+
nonce: string;
|
|
61
|
+
}>;
|
|
62
|
+
|
|
63
|
+
// Checks whether in the Entity confoguration at least one credential
|
|
64
|
+
// is defined for the given type and format
|
|
65
|
+
const isCredentialAvailable = (
|
|
66
|
+
issuerConf: Out<EvaluateIssuerTrust>["issuerConf"],
|
|
67
|
+
credentialType: Out<StartFlow>["credentialType"],
|
|
68
|
+
credentialFormat: SupportedCredentialFormat
|
|
69
|
+
): boolean =>
|
|
70
|
+
issuerConf.openid_credential_issuer.credentials_supported.some(
|
|
71
|
+
(c) =>
|
|
72
|
+
c.format === credentialFormat &&
|
|
73
|
+
c.credential_definition.type.includes(credentialType)
|
|
74
|
+
);
|
|
53
75
|
|
|
54
76
|
/**
|
|
55
77
|
* Fetch a credential from the issuer
|
|
@@ -59,6 +81,7 @@ export type ObtainCredential = (
|
|
|
59
81
|
* @param nonce The nonce value to prevent reply attacks, obtained with the access authorization step
|
|
60
82
|
* @param clientId Identifies the current client across all the requests of the issuing flow
|
|
61
83
|
* @param credentialType The type of the credential to be requested
|
|
84
|
+
* @param credentialFormat The format of the requested credential. @see {SupportedCredentialFormat}
|
|
62
85
|
* @param context.credentialCryptoContext The context to access the key the Credential will be bound to
|
|
63
86
|
* @param context.walletProviderBaseUrl The base url of the Wallet Provider
|
|
64
87
|
* @param context.appFetch (optional) fetch api implementation. Default: built-in fetch
|
|
@@ -70,6 +93,7 @@ export const obtainCredential: ObtainCredential = async (
|
|
|
70
93
|
nonce,
|
|
71
94
|
clientId,
|
|
72
95
|
credentialType,
|
|
96
|
+
credentialFormat,
|
|
73
97
|
context
|
|
74
98
|
) => {
|
|
75
99
|
const {
|
|
@@ -78,6 +102,12 @@ export const obtainCredential: ObtainCredential = async (
|
|
|
78
102
|
appFetch = fetch,
|
|
79
103
|
} = context;
|
|
80
104
|
|
|
105
|
+
if (!isCredentialAvailable(issuerConf, credentialType, credentialFormat)) {
|
|
106
|
+
throw new Error(
|
|
107
|
+
`The Issuer provides no credential for type ${credentialType} and format ${credentialFormat}`
|
|
108
|
+
);
|
|
109
|
+
}
|
|
110
|
+
|
|
81
111
|
const credentialUrl = issuerConf.openid_credential_issuer.credential_endpoint;
|
|
82
112
|
|
|
83
113
|
/** DPoP token for demonstating the possession
|
|
@@ -107,14 +137,14 @@ export const obtainCredential: ObtainCredential = async (
|
|
|
107
137
|
credential_definition: JSON.stringify({
|
|
108
138
|
type: [credentialType],
|
|
109
139
|
}),
|
|
110
|
-
format:
|
|
140
|
+
format: credentialFormat,
|
|
111
141
|
proof: JSON.stringify({
|
|
112
142
|
jwt: signedNonceProof,
|
|
113
143
|
proof_type: "jwt",
|
|
114
144
|
}),
|
|
115
145
|
});
|
|
116
146
|
|
|
117
|
-
const { credential, format } = await appFetch(credentialUrl, {
|
|
147
|
+
const { credential, format, c_nonce } = await appFetch(credentialUrl, {
|
|
118
148
|
method: "POST",
|
|
119
149
|
headers: {
|
|
120
150
|
"Content-Type": "application/x-www-form-urlencoded",
|
|
@@ -127,5 +157,5 @@ export const obtainCredential: ObtainCredential = async (
|
|
|
127
157
|
.then((res) => res.json())
|
|
128
158
|
.then(CredentialEndpointResponse.parse);
|
|
129
159
|
|
|
130
|
-
return { credential, format };
|
|
160
|
+
return { credential, format, nonce: c_nonce };
|
|
131
161
|
};
|
|
@@ -49,8 +49,10 @@ const parseCredentialSdJwt = (
|
|
|
49
49
|
): ParsedCredential => {
|
|
50
50
|
// find the definition that matches the received credential's type
|
|
51
51
|
// warning: if more then a defintion is found, the first is retrieved
|
|
52
|
-
const credentialSubject = credentials_supported.find(
|
|
53
|
-
c
|
|
52
|
+
const credentialSubject = credentials_supported.find(
|
|
53
|
+
(c) =>
|
|
54
|
+
c.format === "vc+sd-jwt" &&
|
|
55
|
+
c.credential_definition.type.includes(sdJwt.payload.type)
|
|
54
56
|
)?.credential_definition.credentialSubject;
|
|
55
57
|
|
|
56
58
|
// the received credential matches no supported credential, throw an exception
|
|
@@ -87,45 +89,49 @@ const parseCredentialSdJwt = (
|
|
|
87
89
|
|
|
88
90
|
// attributes that are defined in the issuer configuration
|
|
89
91
|
// and are present in the disclosure set
|
|
90
|
-
const definedValues =
|
|
91
|
-
|
|
92
|
-
|
|
93
|
-
(
|
|
94
|
-
[
|
|
95
|
-
|
|
96
|
-
|
|
97
|
-
|
|
98
|
-
|
|
99
|
-
(
|
|
100
|
-
|
|
101
|
-
|
|
102
|
-
|
|
103
|
-
|
|
104
|
-
|
|
105
|
-
|
|
106
|
-
|
|
107
|
-
(
|
|
108
|
-
[
|
|
109
|
-
|
|
110
|
-
|
|
111
|
-
|
|
112
|
-
|
|
113
|
-
|
|
114
|
-
|
|
115
|
-
|
|
116
|
-
|
|
117
|
-
|
|
118
|
-
|
|
92
|
+
const definedValues = Object.fromEntries(
|
|
93
|
+
attrDefinitions
|
|
94
|
+
// retrieve the value from the disclosure set
|
|
95
|
+
.map(
|
|
96
|
+
([attrKey, definition]) =>
|
|
97
|
+
[
|
|
98
|
+
attrKey,
|
|
99
|
+
{
|
|
100
|
+
...definition,
|
|
101
|
+
value: disclosures.find(
|
|
102
|
+
(_) => _[1 /* name */] === attrKey
|
|
103
|
+
)?.[2 /* value */],
|
|
104
|
+
},
|
|
105
|
+
] as const
|
|
106
|
+
)
|
|
107
|
+
// add a human readable attribute name, with i18n, in the form { locale: name }
|
|
108
|
+
// example: { "it-IT": "Nome", "en-EN": "Name", "es-ES": "Nombre" }
|
|
109
|
+
.map(
|
|
110
|
+
([attrKey, { display, ...definition }]) =>
|
|
111
|
+
[
|
|
112
|
+
attrKey,
|
|
113
|
+
{
|
|
114
|
+
...definition,
|
|
115
|
+
name: display.reduce(
|
|
116
|
+
(names, { locale, name }) => ({ ...names, [locale]: name }),
|
|
117
|
+
{} as Record<string, string>
|
|
118
|
+
),
|
|
119
|
+
},
|
|
120
|
+
] as const
|
|
121
|
+
)
|
|
122
|
+
);
|
|
119
123
|
|
|
120
124
|
// attributes that are in the disclosure set
|
|
121
125
|
// but are not defined in the issuer configuration
|
|
122
|
-
const undefinedValues =
|
|
123
|
-
|
|
124
|
-
|
|
126
|
+
const undefinedValues = Object.fromEntries(
|
|
127
|
+
disclosures
|
|
128
|
+
.filter((_) => !Object.keys(definedValues).includes(_[1]))
|
|
129
|
+
.map(([, key, value]) => [key, { value, mandatory: false, name: key }])
|
|
130
|
+
);
|
|
125
131
|
|
|
126
132
|
return {
|
|
127
|
-
...
|
|
128
|
-
...
|
|
133
|
+
...definedValues,
|
|
134
|
+
...undefinedValues,
|
|
129
135
|
};
|
|
130
136
|
};
|
|
131
137
|
|
|
@@ -196,6 +202,16 @@ const verifyAndParseCredentialSdJwt: WithFormat<"vc+sd-jwt"> = async (
|
|
|
196
202
|
return { parsedCredential };
|
|
197
203
|
};
|
|
198
204
|
|
|
205
|
+
const verifyAndParseCredentialMdoc: WithFormat<"vc+mdoc-cbor"> = async (
|
|
206
|
+
_issuerConf,
|
|
207
|
+
_credential,
|
|
208
|
+
_,
|
|
209
|
+
_ctx
|
|
210
|
+
) => {
|
|
211
|
+
// TODO: [SIW-686] decode MDOC credentials
|
|
212
|
+
throw new Error("verifyAndParseCredentialMdoc not implemented yet");
|
|
213
|
+
};
|
|
214
|
+
|
|
199
215
|
/**
|
|
200
216
|
* Verify and parse an encoded credential
|
|
201
217
|
*
|
|
@@ -222,6 +238,13 @@ export const verifyAndParseCredential: VerifyAndParseCredential = async (
|
|
|
222
238
|
format,
|
|
223
239
|
context
|
|
224
240
|
);
|
|
241
|
+
} else if (format === "vc+mdoc-cbor") {
|
|
242
|
+
return verifyAndParseCredentialMdoc(
|
|
243
|
+
issuerConf,
|
|
244
|
+
credential,
|
|
245
|
+
format,
|
|
246
|
+
context
|
|
247
|
+
);
|
|
225
248
|
}
|
|
226
249
|
|
|
227
250
|
const _: never = format;
|
|
@@ -5,4 +5,7 @@ export const ASSERTION_TYPE =
|
|
|
5
5
|
export type SupportedCredentialFormat = z.infer<
|
|
6
6
|
typeof SupportedCredentialFormat
|
|
7
7
|
>;
|
|
8
|
-
export const SupportedCredentialFormat = z.
|
|
8
|
+
export const SupportedCredentialFormat = z.union([
|
|
9
|
+
z.literal("vc+sd-jwt"),
|
|
10
|
+
z.literal("vc+mdoc-cbor"),
|
|
11
|
+
]);
|