@pagopa/io-react-native-wallet 0.11.1 → 0.13.0
Sign up to get free protection for your applications and to get access to all the features.
- package/lib/commonjs/client/generated/wallet-provider.js +126 -0
- package/lib/commonjs/client/generated/wallet-provider.js.map +1 -0
- package/lib/commonjs/client/index.js +40 -0
- package/lib/commonjs/client/index.js.map +1 -0
- package/lib/commonjs/credential/issuance/02-evaluate-issuer-trust.js +2 -1
- package/lib/commonjs/credential/issuance/02-evaluate-issuer-trust.js.map +1 -1
- package/lib/commonjs/credential/issuance/03-start-credential-issuance.js +287 -0
- package/lib/commonjs/credential/issuance/03-start-credential-issuance.js.map +1 -0
- package/lib/commonjs/credential/issuance/03-start-user-authorization.js +56 -83
- package/lib/commonjs/credential/issuance/03-start-user-authorization.js.map +1 -1
- package/lib/commonjs/credential/issuance/04-complete-user-authorization.js +88 -0
- package/lib/commonjs/credential/issuance/04-complete-user-authorization.js.map +1 -1
- package/lib/commonjs/credential/issuance/05-authorize-access.js +56 -33
- package/lib/commonjs/credential/issuance/05-authorize-access.js.map +1 -1
- package/lib/commonjs/credential/issuance/06-obtain-credential.js +51 -78
- package/lib/commonjs/credential/issuance/06-obtain-credential.js.map +1 -1
- package/lib/commonjs/credential/issuance/07-verify-and-parse-credential.js +21 -44
- package/lib/commonjs/credential/issuance/07-verify-and-parse-credential.js.map +1 -1
- package/lib/commonjs/credential/issuance/index.js +7 -0
- package/lib/commonjs/credential/issuance/index.js.map +1 -1
- package/lib/commonjs/credential/issuance/types.js +28 -0
- package/lib/commonjs/credential/issuance/types.js.map +1 -0
- package/lib/commonjs/index.js +10 -1
- package/lib/commonjs/index.js.map +1 -1
- package/lib/commonjs/pid/sd-jwt/converters.js +5 -9
- package/lib/commonjs/pid/sd-jwt/converters.js.map +1 -1
- package/lib/commonjs/pid/sd-jwt/types.js +3 -3
- package/lib/commonjs/pid/sd-jwt/types.js.map +1 -1
- package/lib/commonjs/sd-jwt/__test__/converters.test.js +1 -1
- package/lib/commonjs/sd-jwt/__test__/converters.test.js.map +1 -1
- package/lib/commonjs/sd-jwt/__test__/index.test.js +30 -43
- package/lib/commonjs/sd-jwt/__test__/index.test.js.map +1 -1
- package/lib/commonjs/sd-jwt/__test__/types.test.js +16 -24
- package/lib/commonjs/sd-jwt/__test__/types.test.js.map +1 -1
- package/lib/commonjs/sd-jwt/index.js +3 -9
- package/lib/commonjs/sd-jwt/index.js.map +1 -1
- package/lib/commonjs/sd-jwt/types.js +11 -16
- package/lib/commonjs/sd-jwt/types.js.map +1 -1
- package/lib/commonjs/trust/types.js +70 -29
- package/lib/commonjs/trust/types.js.map +1 -1
- package/lib/commonjs/utils/auth.js +44 -0
- package/lib/commonjs/utils/auth.js.map +1 -0
- package/lib/commonjs/utils/errors.js +104 -1
- package/lib/commonjs/utils/errors.js.map +1 -1
- package/lib/commonjs/utils/integrity.js +2 -0
- package/lib/commonjs/utils/integrity.js.map +1 -0
- package/lib/commonjs/utils/misc.js +34 -1
- package/lib/commonjs/utils/misc.js.map +1 -1
- package/lib/commonjs/utils/par.js +23 -15
- package/lib/commonjs/utils/par.js.map +1 -1
- package/lib/commonjs/utils/pop.js +33 -0
- package/lib/commonjs/utils/pop.js.map +1 -0
- package/lib/commonjs/wallet-instance/index.js +29 -0
- package/lib/commonjs/wallet-instance/index.js.map +1 -0
- package/lib/commonjs/wallet-instance-attestation/issuing.js +62 -65
- package/lib/commonjs/wallet-instance-attestation/issuing.js.map +1 -1
- package/lib/commonjs/wallet-instance-attestation/types.js +8 -8
- package/lib/commonjs/wallet-instance-attestation/types.js.map +1 -1
- package/lib/module/client/generated/wallet-provider.js +102 -0
- package/lib/module/client/generated/wallet-provider.js.map +1 -0
- package/lib/module/client/index.js +33 -0
- package/lib/module/client/index.js.map +1 -0
- package/lib/module/credential/issuance/02-evaluate-issuer-trust.js +2 -1
- package/lib/module/credential/issuance/02-evaluate-issuer-trust.js.map +1 -1
- package/lib/module/credential/issuance/03-start-credential-issuance.js +276 -0
- package/lib/module/credential/issuance/03-start-credential-issuance.js.map +1 -0
- package/lib/module/credential/issuance/03-start-user-authorization.js +56 -80
- package/lib/module/credential/issuance/03-start-user-authorization.js.map +1 -1
- package/lib/module/credential/issuance/04-complete-user-authorization.js +85 -1
- package/lib/module/credential/issuance/04-complete-user-authorization.js.map +1 -1
- package/lib/module/credential/issuance/05-authorize-access.js +54 -33
- package/lib/module/credential/issuance/05-authorize-access.js.map +1 -1
- package/lib/module/credential/issuance/06-obtain-credential.js +50 -75
- package/lib/module/credential/issuance/06-obtain-credential.js.map +1 -1
- package/lib/module/credential/issuance/07-verify-and-parse-credential.js +21 -44
- package/lib/module/credential/issuance/07-verify-and-parse-credential.js.map +1 -1
- package/lib/module/credential/issuance/index.js +2 -1
- package/lib/module/credential/issuance/index.js.map +1 -1
- package/lib/module/credential/issuance/types.js +18 -0
- package/lib/module/credential/issuance/types.js.map +1 -0
- package/lib/module/index.js +3 -1
- package/lib/module/index.js.map +1 -1
- package/lib/module/pid/sd-jwt/converters.js +5 -9
- package/lib/module/pid/sd-jwt/converters.js.map +1 -1
- package/lib/module/pid/sd-jwt/types.js +3 -3
- package/lib/module/pid/sd-jwt/types.js.map +1 -1
- package/lib/module/sd-jwt/__test__/converters.test.js +1 -1
- package/lib/module/sd-jwt/__test__/converters.test.js.map +1 -1
- package/lib/module/sd-jwt/__test__/index.test.js +30 -43
- package/lib/module/sd-jwt/__test__/index.test.js.map +1 -1
- package/lib/module/sd-jwt/__test__/types.test.js +16 -24
- package/lib/module/sd-jwt/__test__/types.test.js.map +1 -1
- package/lib/module/sd-jwt/index.js +3 -9
- package/lib/module/sd-jwt/index.js.map +1 -1
- package/lib/module/sd-jwt/types.js +11 -16
- package/lib/module/sd-jwt/types.js.map +1 -1
- package/lib/module/trust/types.js +70 -29
- package/lib/module/trust/types.js.map +1 -1
- package/lib/module/utils/auth.js +35 -0
- package/lib/module/utils/auth.js.map +1 -0
- package/lib/module/utils/errors.js +98 -0
- package/lib/module/utils/errors.js.map +1 -1
- package/lib/module/utils/integrity.js +2 -0
- package/lib/module/utils/integrity.js.map +1 -0
- package/lib/module/utils/misc.js +31 -0
- package/lib/module/utils/misc.js.map +1 -1
- package/lib/module/utils/par.js +24 -16
- package/lib/module/utils/par.js.map +1 -1
- package/lib/module/utils/pop.js +24 -0
- package/lib/module/utils/pop.js.map +1 -0
- package/lib/module/wallet-instance/index.js +23 -0
- package/lib/module/wallet-instance/index.js.map +1 -0
- package/lib/module/wallet-instance-attestation/issuing.js +63 -67
- package/lib/module/wallet-instance-attestation/issuing.js.map +1 -1
- package/lib/module/wallet-instance-attestation/types.js +8 -8
- package/lib/module/wallet-instance-attestation/types.js.map +1 -1
- package/lib/typescript/client/generated/wallet-provider.d.ts +264 -0
- package/lib/typescript/client/generated/wallet-provider.d.ts.map +1 -0
- package/lib/typescript/client/index.d.ts +7 -0
- package/lib/typescript/client/index.d.ts.map +1 -0
- package/lib/typescript/credential/issuance/01-start-flow.d.ts +1 -0
- package/lib/typescript/credential/issuance/01-start-flow.d.ts.map +1 -1
- package/lib/typescript/credential/issuance/02-evaluate-issuer-trust.d.ts +2 -1
- package/lib/typescript/credential/issuance/02-evaluate-issuer-trust.d.ts.map +1 -1
- package/lib/typescript/credential/issuance/03-start-credential-issuance.d.ts +41 -0
- package/lib/typescript/credential/issuance/03-start-credential-issuance.d.ts.map +1 -0
- package/lib/typescript/credential/issuance/03-start-user-authorization.d.ts +23 -18
- package/lib/typescript/credential/issuance/03-start-user-authorization.d.ts.map +1 -1
- package/lib/typescript/credential/issuance/04-complete-user-authorization.d.ts +24 -12
- package/lib/typescript/credential/issuance/04-complete-user-authorization.d.ts.map +1 -1
- package/lib/typescript/credential/issuance/05-authorize-access.d.ts +22 -16
- package/lib/typescript/credential/issuance/05-authorize-access.d.ts.map +1 -1
- package/lib/typescript/credential/issuance/06-obtain-credential.d.ts +19 -26
- package/lib/typescript/credential/issuance/06-obtain-credential.d.ts.map +1 -1
- package/lib/typescript/credential/issuance/07-verify-and-parse-credential.d.ts +10 -15
- package/lib/typescript/credential/issuance/07-verify-and-parse-credential.d.ts.map +1 -1
- package/lib/typescript/credential/issuance/index.d.ts +3 -4
- package/lib/typescript/credential/issuance/index.d.ts.map +1 -1
- package/lib/typescript/credential/issuance/types.d.ts +63 -0
- package/lib/typescript/credential/issuance/types.d.ts.map +1 -0
- package/lib/typescript/credential/presentation/types.d.ts +6 -6
- package/lib/typescript/index.d.ts +6 -1
- package/lib/typescript/index.d.ts.map +1 -1
- package/lib/typescript/pid/sd-jwt/converters.d.ts.map +1 -1
- package/lib/typescript/pid/sd-jwt/types.d.ts +36 -36
- package/lib/typescript/pid/sd-jwt/types.d.ts.map +1 -1
- package/lib/typescript/sd-jwt/index.d.ts +40 -68
- package/lib/typescript/sd-jwt/index.d.ts.map +1 -1
- package/lib/typescript/sd-jwt/types.d.ts +64 -121
- package/lib/typescript/sd-jwt/types.d.ts.map +1 -1
- package/lib/typescript/trust/index.d.ts +150 -48
- package/lib/typescript/trust/index.d.ts.map +1 -1
- package/lib/typescript/trust/types.d.ts +2838 -1740
- package/lib/typescript/trust/types.d.ts.map +1 -1
- package/lib/typescript/utils/auth.d.ts +52 -0
- package/lib/typescript/utils/auth.d.ts.map +1 -0
- package/lib/typescript/utils/errors.d.ts +48 -0
- package/lib/typescript/utils/errors.d.ts.map +1 -1
- package/lib/typescript/utils/integrity.d.ts +21 -0
- package/lib/typescript/utils/integrity.d.ts.map +1 -0
- package/lib/typescript/utils/misc.d.ts +18 -0
- package/lib/typescript/utils/misc.d.ts.map +1 -1
- package/lib/typescript/utils/par.d.ts +8 -31
- package/lib/typescript/utils/par.d.ts.map +1 -1
- package/lib/typescript/utils/pop.d.ts +26 -0
- package/lib/typescript/utils/pop.d.ts.map +1 -0
- package/lib/typescript/wallet-instance/index.d.ts +7 -0
- package/lib/typescript/wallet-instance/index.d.ts.map +1 -0
- package/lib/typescript/wallet-instance-attestation/issuing.d.ts +17 -4
- package/lib/typescript/wallet-instance-attestation/issuing.d.ts.map +1 -1
- package/lib/typescript/wallet-instance-attestation/types.d.ts +64 -64
- package/lib/typescript/wallet-instance-attestation/types.d.ts.map +1 -1
- package/package.json +9 -5
- package/src/client/generated/wallet-provider.ts +173 -0
- package/src/client/index.ts +53 -0
- package/src/credential/issuance/01-start-flow.ts +1 -0
- package/src/credential/issuance/02-evaluate-issuer-trust.ts +2 -1
- package/src/credential/issuance/03-start-credential-issuance.ts +407 -0
- package/src/credential/issuance/03-start-user-authorization.ts +91 -92
- package/src/credential/issuance/04-complete-user-authorization.ts +114 -13
- package/src/credential/issuance/05-authorize-access.ts +74 -49
- package/src/credential/issuance/06-obtain-credential.ts +77 -111
- package/src/credential/issuance/07-verify-and-parse-credential.ts +30 -67
- package/src/credential/issuance/index.ts +6 -4
- package/src/credential/issuance/types.ts +25 -0
- package/src/index.ts +8 -0
- package/src/pid/sd-jwt/converters.ts +5 -11
- package/src/pid/sd-jwt/types.ts +8 -6
- package/src/sd-jwt/__test__/converters.test.ts +1 -1
- package/src/sd-jwt/__test__/index.test.ts +45 -74
- package/src/sd-jwt/__test__/types.test.ts +21 -33
- package/src/sd-jwt/index.ts +3 -12
- package/src/sd-jwt/types.ts +17 -22
- package/src/trust/types.ts +64 -32
- package/src/utils/auth.ts +37 -0
- package/src/utils/errors.ts +112 -0
- package/src/utils/integrity.ts +23 -0
- package/src/utils/misc.ts +43 -0
- package/src/utils/par.ts +29 -17
- package/src/utils/pop.ts +34 -0
- package/src/wallet-instance/index.ts +29 -0
- package/src/wallet-instance-attestation/issuing.ts +101 -97
- package/src/wallet-instance-attestation/types.ts +12 -8
- package/lib/commonjs/credential/issuance/07-confirm-credential.js +0 -6
- package/lib/commonjs/credential/issuance/07-confirm-credential.js.map +0 -1
- package/lib/commonjs/credential/issuance/08-confirm-credential.js +0 -6
- package/lib/commonjs/credential/issuance/08-confirm-credential.js.map +0 -1
- package/lib/module/credential/issuance/07-confirm-credential.js +0 -2
- package/lib/module/credential/issuance/07-confirm-credential.js.map +0 -1
- package/lib/module/credential/issuance/08-confirm-credential.js +0 -2
- package/lib/module/credential/issuance/08-confirm-credential.js.map +0 -1
- package/lib/typescript/credential/issuance/07-confirm-credential.d.ts +0 -11
- package/lib/typescript/credential/issuance/07-confirm-credential.d.ts.map +0 -1
- package/lib/typescript/credential/issuance/08-confirm-credential.d.ts +0 -11
- package/lib/typescript/credential/issuance/08-confirm-credential.d.ts.map +0 -1
- package/src/credential/issuance/07-confirm-credential.ts +0 -14
- package/src/credential/issuance/08-confirm-credential.ts +0 -14
|
@@ -6,33 +6,26 @@ import { verify as verifySdJwt } from "../../sd-jwt";
|
|
|
6
6
|
|
|
7
7
|
// handy alias
|
|
8
8
|
|
|
9
|
-
const parseCredentialSdJwt =
|
|
10
|
-
var _credentials_supporte;
|
|
9
|
+
const parseCredentialSdJwt = (credentials_supported, _ref) => {
|
|
11
10
|
let {
|
|
12
11
|
sdJwt,
|
|
13
12
|
disclosures
|
|
14
13
|
} = _ref;
|
|
15
|
-
|
|
16
|
-
// find the definition that matches the received credential's type
|
|
17
|
-
// warning: if more then a defintion is found, the first is retrieved
|
|
18
|
-
const credentialSubject = (_credentials_supporte = credentials_supported.find(c => c.format === "vc+sd-jwt" && c.credential_definition.type.includes(sdJwt.payload.type))) === null || _credentials_supporte === void 0 ? void 0 : _credentials_supporte.credential_definition.credentialSubject;
|
|
19
|
-
|
|
20
|
-
// the received credential matches no supported credential, throw an exception
|
|
14
|
+
const credentialSubject = credentials_supported[sdJwt.payload.vct];
|
|
21
15
|
if (!credentialSubject) {
|
|
22
|
-
|
|
23
|
-
|
|
16
|
+
throw new IoWalletError("Credential type not supported by the issuer");
|
|
17
|
+
}
|
|
18
|
+
if (credentialSubject.format !== sdJwt.header.typ) {
|
|
19
|
+
throw new IoWalletError(`Received credential is of an unknwown type. Expected one of [${credentialSubject.format}], received '${sdJwt.header.typ}', `);
|
|
24
20
|
}
|
|
25
21
|
|
|
26
22
|
// transfrom a record { key: value } in an iterable of pairs [key, value]
|
|
27
|
-
const attrDefinitions = Object.entries(credentialSubject);
|
|
23
|
+
const attrDefinitions = Object.entries(credentialSubject.claims);
|
|
28
24
|
|
|
29
|
-
// every mandatory attribute must be present in the credential's disclosures
|
|
30
25
|
// the key of the attribute defintion must match the disclosure's name
|
|
31
26
|
const attrsNotInDisclosures = attrDefinitions.filter(_ref2 => {
|
|
32
|
-
let [attrKey
|
|
33
|
-
|
|
34
|
-
}] = _ref2;
|
|
35
|
-
return mandatory && !disclosures.some(_ref3 => {
|
|
27
|
+
let [attrKey] = _ref2;
|
|
28
|
+
return !disclosures.some(_ref3 => {
|
|
36
29
|
let [, name] = _ref3;
|
|
37
30
|
return name === attrKey;
|
|
38
31
|
});
|
|
@@ -40,12 +33,7 @@ const parseCredentialSdJwt = function (credentials_supported, _ref) {
|
|
|
40
33
|
if (attrsNotInDisclosures.length > 0) {
|
|
41
34
|
const missing = attrsNotInDisclosures.map(_ => _[0 /* key */]).join(", ");
|
|
42
35
|
const received = disclosures.map(_ => _[1 /* name */]).join(", ");
|
|
43
|
-
|
|
44
|
-
// on incomplete credentials in the test phase of the project.
|
|
45
|
-
// we might want to be strict once in production, hence remove this condition
|
|
46
|
-
if (!ignoreMissingAttributes) {
|
|
47
|
-
throw new IoWalletError(`Some attributes are missing in the credential. Missing: [${missing}], received: [${received}]`);
|
|
48
|
-
}
|
|
36
|
+
throw new IoWalletError(`Some attributes are missing in the credential. Missing: [${missing}], received: [${received}]`);
|
|
49
37
|
}
|
|
50
38
|
|
|
51
39
|
// attributes that are defined in the issuer configuration
|
|
@@ -88,7 +76,6 @@ const parseCredentialSdJwt = function (credentials_supported, _ref) {
|
|
|
88
76
|
let [, key, value] = _ref7;
|
|
89
77
|
return [key, {
|
|
90
78
|
value,
|
|
91
|
-
mandatory: false,
|
|
92
79
|
name: key
|
|
93
80
|
}];
|
|
94
81
|
}));
|
|
@@ -130,40 +117,30 @@ async function verifyCredentialSdJwt(rawCredential, issuerKeys, holderBindingCon
|
|
|
130
117
|
|
|
131
118
|
const verifyAndParseCredentialSdJwt = async (issuerConf, credential, _, _ref8) => {
|
|
132
119
|
let {
|
|
133
|
-
credentialCryptoContext
|
|
134
|
-
ignoreMissingAttributes
|
|
120
|
+
credentialCryptoContext
|
|
135
121
|
} = _ref8;
|
|
136
122
|
const decoded = await verifyCredentialSdJwt(credential, issuerConf.openid_credential_issuer.jwks.keys, credentialCryptoContext);
|
|
137
|
-
const parsedCredential = parseCredentialSdJwt(issuerConf.openid_credential_issuer.
|
|
123
|
+
const parsedCredential = parseCredentialSdJwt(issuerConf.openid_credential_issuer.credential_configurations_supported, decoded);
|
|
138
124
|
return {
|
|
139
125
|
parsedCredential
|
|
140
126
|
};
|
|
141
127
|
};
|
|
142
|
-
const verifyAndParseCredentialMdoc = async (_issuerConf, _credential, _, _ctx) => {
|
|
143
|
-
// TODO: [SIW-686] decode MDOC credentials
|
|
144
|
-
throw new Error("verifyAndParseCredentialMdoc not implemented yet");
|
|
145
|
-
};
|
|
146
128
|
|
|
147
129
|
/**
|
|
148
|
-
* Verify and parse an encoded credential
|
|
149
|
-
*
|
|
150
|
-
* @param
|
|
151
|
-
* @param
|
|
152
|
-
* @param
|
|
153
|
-
* @param context.credentialCryptoContext The context to access the key the Credential will be bound to
|
|
154
|
-
* @param context.ignoreMissingAttributes (optional) Whether to fail if a defined attribute is note present in the credentual. Default: false
|
|
130
|
+
* Verify and parse an encoded credential.
|
|
131
|
+
* @param issuerConf The Issuer configuration returned by {@link evaluateIssuerTrust}
|
|
132
|
+
* @param credential The encoded credential returned by {@link obtainCredential}
|
|
133
|
+
* @param format The format of the credentual returned by {@link obtainCredential}
|
|
134
|
+
* @param context.credentialCryptoContext The crypto context used to obtain the credential in {@link obtainCredential}
|
|
155
135
|
* @returns A parsed credential with attributes in plain value
|
|
156
|
-
* @throws If the credential signature is not verified with the Issuer key set
|
|
157
|
-
* @throws If the credential is not bound to the provided user key
|
|
158
|
-
* @throws If the credential data fail to parse
|
|
136
|
+
* @throws {IoWalletError} If the credential signature is not verified with the Issuer key set
|
|
137
|
+
* @throws {IoWalletError} If the credential is not bound to the provided user key
|
|
138
|
+
* @throws {IoWalletError} If the credential data fail to parse
|
|
159
139
|
*/
|
|
160
140
|
export const verifyAndParseCredential = async (issuerConf, credential, format, context) => {
|
|
161
141
|
if (format === "vc+sd-jwt") {
|
|
162
142
|
return verifyAndParseCredentialSdJwt(issuerConf, credential, format, context);
|
|
163
|
-
} else if (format === "vc+mdoc-cbor") {
|
|
164
|
-
return verifyAndParseCredentialMdoc(issuerConf, credential, format, context);
|
|
165
143
|
}
|
|
166
|
-
|
|
167
|
-
throw new IoWalletError(`Unsupported credential format: ${_}`);
|
|
144
|
+
throw new IoWalletError(`Unsupported credential format: ${format}`);
|
|
168
145
|
};
|
|
169
146
|
//# sourceMappingURL=07-verify-and-parse-credential.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["IoWalletError","SdJwt4VC","verify","verifySdJwt","parseCredentialSdJwt","credentials_supported","_ref","
|
|
1
|
+
{"version":3,"names":["IoWalletError","SdJwt4VC","verify","verifySdJwt","parseCredentialSdJwt","credentials_supported","_ref","sdJwt","disclosures","credentialSubject","payload","vct","format","header","typ","attrDefinitions","Object","entries","claims","attrsNotInDisclosures","filter","_ref2","attrKey","some","_ref3","name","length","missing","map","_","join","received","definedValues","fromEntries","_ref4","_disclosures$find","definition","value","find","_ref5","display","reduce","names","_ref6","locale","undefinedValues","keys","includes","_ref7","key","verifyCredentialSdJwt","rawCredential","issuerKeys","holderBindingContext","decodedCredential","holderBindingKey","Promise","all","getPublicKey","cnf","jwk","kid","verifyAndParseCredentialSdJwt","issuerConf","credential","_ref8","credentialCryptoContext","decoded","openid_credential_issuer","jwks","parsedCredential","credential_configurations_supported","verifyAndParseCredential","context"],"sourceRoot":"../../../../src","sources":["credential/issuance/07-verify-and-parse-credential.ts"],"mappings":"AAEA,SAASA,aAAa,QAAQ,oBAAoB;AAClD,SAASC,QAAQ,QAAQ,oBAAoB;AAC7C,SAASC,MAAM,IAAIC,WAAW,QAAQ,cAAc;;AAcpD;;AAkBA;;AAKA,MAAMC,oBAAoB,GAAGA,CAE3BC,qBAAgI,EAAAC,IAAA,KAE3G;EAAA,IADrB;IAAEC,KAAK;IAAEC;EAAoC,CAAC,GAAAF,IAAA;EAE9C,MAAMG,iBAAiB,GAAGJ,qBAAqB,CAACE,KAAK,CAACG,OAAO,CAACC,GAAG,CAAC;EAElE,IAAI,CAACF,iBAAiB,EAAE;IACtB,MAAM,IAAIT,aAAa,CAAC,6CAA6C,CAAC;EACxE;EAEA,IAAIS,iBAAiB,CAACG,MAAM,KAAKL,KAAK,CAACM,MAAM,CAACC,GAAG,EAAE;IACjD,MAAM,IAAId,aAAa,CACpB,gEAA+DS,iBAAiB,CAACG,MAAO,gBAAeL,KAAK,CAACM,MAAM,CAACC,GAAI,KAC3H,CAAC;EACH;;EAEA;EACA,MAAMC,eAAe,GAAGC,MAAM,CAACC,OAAO,CAACR,iBAAiB,CAACS,MAAM,CAAC;;EAEhE;EACA,MAAMC,qBAAqB,GAAGJ,eAAe,CAACK,MAAM,CAClDC,KAAA;IAAA,IAAC,CAACC,OAAO,CAAC,GAAAD,KAAA;IAAA,OAAK,CAACb,WAAW,CAACe,IAAI,CAACC,KAAA;MAAA,IAAC,GAAGC,IAAI,CAAC,GAAAD,KAAA;MAAA,OAAKC,IAAI,KAAKH,OAAO;IAAA,EAAC;EAAA,CAClE,CAAC;EACD,IAAIH,qBAAqB,CAACO,MAAM,GAAG,CAAC,EAAE;IACpC,MAAMC,OAAO,GAAGR,qBAAqB,CAACS,GAAG,CAAEC,CAAC,IAAKA,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAACC,IAAI,CAAC,IAAI,CAAC;IAC3E,MAAMC,QAAQ,GAAGvB,WAAW,CAACoB,GAAG,CAAEC,CAAC,IAAKA,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAACC,IAAI,CAAC,IAAI,CAAC;IACnE,MAAM,IAAI9B,aAAa,CACpB,4DAA2D2B,OAAQ,iBAAgBI,QAAS,GAC/F,CAAC;EACH;;EAEA;EACA;EACA,MAAMC,aAAa,GAAGhB,MAAM,CAACiB,WAAW,CACtClB;EACE;EAAA,CACCa,GAAG,CACFM,KAAA;IAAA,IAAAC,iBAAA;IAAA,IAAC,CAACb,OAAO,EAAEc,UAAU,CAAC,GAAAF,KAAA;IAAA,OACpB,CACEZ,OAAO,EACP;MACE,GAAGc,UAAU;MACbC,KAAK,GAAAF,iBAAA,GAAE3B,WAAW,CAAC8B,IAAI,CACpBT,CAAC,IAAKA,CAAC,CAAC,CAAC,CAAC,WAAW,KAAKP,OAC7B,CAAC,cAAAa,iBAAA,uBAFMA,iBAAA,CAEH,CAAC,CAAC;IACR,CAAC,CACF;EAAA,CACL;EACA;EACA;EAAA,CACCP,GAAG,CACFW,KAAA;IAAA,IAAC,CAACjB,OAAO,EAAE;MAAEkB,OAAO;MAAE,GAAGJ;IAAW,CAAC,CAAC,GAAAG,KAAA;IAAA,OACpC,CACEjB,OAAO,EACP;MACE,GAAGc,UAAU;MACbX,IAAI,EAAEe,OAAO,CAACC,MAAM,CAClB,CAACC,KAAK,EAAAC,KAAA;QAAA,IAAE;UAAEC,MAAM;UAAEnB;QAAK,CAAC,GAAAkB,KAAA;QAAA,OAAM;UAAE,GAAGD,KAAK;UAAE,CAACE,MAAM,GAAGnB;QAAK,CAAC;MAAA,CAAC,EAC3D,CAAC,CACH;IACF,CAAC,CACF;EAAA,CACL,CACJ,CAAC;;EAED;EACA;EACA,MAAMoB,eAAe,GAAG7B,MAAM,CAACiB,WAAW,CACxCzB,WAAW,CACRY,MAAM,CAAES,CAAC,IAAK,CAACb,MAAM,CAAC8B,IAAI,CAACd,aAAa,CAAC,CAACe,QAAQ,CAAClB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CACzDD,GAAG,CAACoB,KAAA;IAAA,IAAC,GAAGC,GAAG,EAAEZ,KAAK,CAAC,GAAAW,KAAA;IAAA,OAAK,CAACC,GAAG,EAAE;MAAEZ,KAAK;MAAEZ,IAAI,EAAEwB;IAAI,CAAC,CAAC;EAAA,EACxD,CAAC;EAED,OAAO;IACL,GAAGjB,aAAa;IAChB,GAAGa;EACL,CAAC;AACH,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,eAAeK,qBAAqBA,CAClCC,aAAqB,EACrBC,UAAiB,EACjBC,oBAAmC,EACF;EACjC,MAAM,CAACC,iBAAiB,EAAEC,gBAAgB,CAAC;EACzC;EACA,MAAMC,OAAO,CAACC,GAAG,CAAC,CAChBtD,WAAW,CAACgD,aAAa,EAAEC,UAAU,EAAEnD,QAAQ,CAAC,EAChDoD,oBAAoB,CAACK,YAAY,CAAC,CAAC,CACpC,CAAC;EAEJ,MAAM;IAAEC;EAAI,CAAC,GAAGL,iBAAiB,CAAC/C,KAAK,CAACG,OAAO;EAE/C,IAAI,CAACiD,GAAG,CAACC,GAAG,CAACC,GAAG,IAAIF,GAAG,CAACC,GAAG,CAACC,GAAG,KAAKN,gBAAgB,CAACM,GAAG,EAAE;IACxD,MAAM,IAAI7D,aAAa,CACpB,kDAAiDuD,gBAAgB,CAACM,GAAI,UAASP,iBAAiB,CAAC/C,KAAK,CAACG,OAAO,CAACiD,GAAG,CAACC,GAAG,CAACC,GAAI,EAC9H,CAAC;EACH;EAEA,OAAOP,iBAAiB;AAC1B;;AAEA;;AAQA,MAAMQ,6BAAsD,GAAG,MAAAA,CAC7DC,UAAU,EACVC,UAAU,EACVnC,CAAC,EAAAoC,KAAA,KAEE;EAAA,IADH;IAAEC;EAAwB,CAAC,GAAAD,KAAA;EAE3B,MAAME,OAAO,GAAG,MAAMjB,qBAAqB,CACzCc,UAAU,EACVD,UAAU,CAACK,wBAAwB,CAACC,IAAI,CAACvB,IAAI,EAC7CoB,uBACF,CAAC;EAED,MAAMI,gBAAgB,GAAGlE,oBAAoB,CAC3C2D,UAAU,CAACK,wBAAwB,CAACG,mCAAmC,EACvEJ,OACF,CAAC;EAED,OAAO;IAAEG;EAAiB,CAAC;AAC7B,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAME,wBAAkD,GAAG,MAAAA,CAChET,UAAU,EACVC,UAAU,EACVpD,MAAM,EACN6D,OAAO,KACJ;EACH,IAAI7D,MAAM,KAAK,WAAW,EAAE;IAC1B,OAAOkD,6BAA6B,CAClCC,UAAU,EACVC,UAAU,EACVpD,MAAM,EACN6D,OACF,CAAC;EACH;EAEA,MAAM,IAAIzE,aAAa,CAAE,kCAAiCY,MAAO,EAAC,CAAC;AACrE,CAAC"}
|
|
@@ -1,7 +1,8 @@
|
|
|
1
1
|
import { evaluateIssuerTrust } from "./02-evaluate-issuer-trust";
|
|
2
2
|
import { startUserAuthorization } from "./03-start-user-authorization";
|
|
3
|
+
import { completeUserAuthorizationWithQueryMode } from "./04-complete-user-authorization";
|
|
3
4
|
import { authorizeAccess } from "./05-authorize-access";
|
|
4
5
|
import { obtainCredential } from "./06-obtain-credential";
|
|
5
6
|
import { verifyAndParseCredential } from "./07-verify-and-parse-credential";
|
|
6
|
-
export { evaluateIssuerTrust, startUserAuthorization, authorizeAccess, obtainCredential, verifyAndParseCredential };
|
|
7
|
+
export { evaluateIssuerTrust, startUserAuthorization, completeUserAuthorizationWithQueryMode, authorizeAccess, obtainCredential, verifyAndParseCredential };
|
|
7
8
|
//# sourceMappingURL=index.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["evaluateIssuerTrust","startUserAuthorization","authorizeAccess","obtainCredential","verifyAndParseCredential"],"sourceRoot":"../../../../src","sources":["credential/issuance/index.ts"],"mappings":"AACA,SACEA,mBAAmB,QAEd,4BAA4B;AACnC,SACEC,sBAAsB,QAEjB,+BAA+B;
|
|
1
|
+
{"version":3,"names":["evaluateIssuerTrust","startUserAuthorization","completeUserAuthorizationWithQueryMode","authorizeAccess","obtainCredential","verifyAndParseCredential"],"sourceRoot":"../../../../src","sources":["credential/issuance/index.ts"],"mappings":"AACA,SACEA,mBAAmB,QAEd,4BAA4B;AACnC,SACEC,sBAAsB,QAEjB,+BAA+B;AACtC,SACEC,sCAAsC,QAEjC,kCAAkC;AACzC,SAASC,eAAe,QAA8B,uBAAuB;AAC7E,SACEC,gBAAgB,QAEX,wBAAwB;AAC/B,SACEC,wBAAwB,QAEnB,kCAAkC;AAEzC,SACEL,mBAAmB,EACnBC,sBAAsB,EACtBC,sCAAsC,EACtCC,eAAe,EACfC,gBAAgB,EAChBC,wBAAwB"}
|
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
import { AuthorizationDetail } from "../../utils/par";
|
|
2
|
+
import * as z from "zod";
|
|
3
|
+
import { SupportedCredentialFormat } from "./const";
|
|
4
|
+
export const TokenResponse = z.object({
|
|
5
|
+
access_token: z.string(),
|
|
6
|
+
authorization_details: z.array(AuthorizationDetail),
|
|
7
|
+
c_nonce: z.string(),
|
|
8
|
+
c_nonce_expires_in: z.number(),
|
|
9
|
+
expires_in: z.number(),
|
|
10
|
+
token_type: z.string()
|
|
11
|
+
});
|
|
12
|
+
export const CredentialResponse = z.object({
|
|
13
|
+
c_nonce: z.string(),
|
|
14
|
+
c_nonce_expires_in: z.number(),
|
|
15
|
+
credential: z.string(),
|
|
16
|
+
format: SupportedCredentialFormat
|
|
17
|
+
});
|
|
18
|
+
//# sourceMappingURL=types.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"names":["AuthorizationDetail","z","SupportedCredentialFormat","TokenResponse","object","access_token","string","authorization_details","array","c_nonce","c_nonce_expires_in","number","expires_in","token_type","CredentialResponse","credential","format"],"sourceRoot":"../../../../src","sources":["credential/issuance/types.ts"],"mappings":"AAAA,SAASA,mBAAmB,QAAQ,iBAAiB;AACrD,OAAO,KAAKC,CAAC,MAAM,KAAK;AACxB,SAASC,yBAAyB,QAAQ,SAAS;AAInD,OAAO,MAAMC,aAAa,GAAGF,CAAC,CAACG,MAAM,CAAC;EACpCC,YAAY,EAAEJ,CAAC,CAACK,MAAM,CAAC,CAAC;EACxBC,qBAAqB,EAAEN,CAAC,CAACO,KAAK,CAACR,mBAAmB,CAAC;EACnDS,OAAO,EAAER,CAAC,CAACK,MAAM,CAAC,CAAC;EACnBI,kBAAkB,EAAET,CAAC,CAACU,MAAM,CAAC,CAAC;EAC9BC,UAAU,EAAEX,CAAC,CAACU,MAAM,CAAC,CAAC;EACtBE,UAAU,EAAEZ,CAAC,CAACK,MAAM,CAAC;AACvB,CAAC,CAAC;AAIF,OAAO,MAAMQ,kBAAkB,GAAGb,CAAC,CAACG,MAAM,CAAC;EACzCK,OAAO,EAAER,CAAC,CAACK,MAAM,CAAC,CAAC;EACnBI,kBAAkB,EAAET,CAAC,CAACU,MAAM,CAAC,CAAC;EAC9BI,UAAU,EAAEd,CAAC,CAACK,MAAM,CAAC,CAAC;EACtBU,MAAM,EAAEd;AACV,CAAC,CAAC"}
|
package/lib/module/index.js
CHANGED
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
import { fixBase64EncodingOnKey } from "./utils/jwk";
|
|
1
2
|
// polyfill due to known bugs on URL implementation for react native
|
|
2
3
|
// https://github.com/facebook/react-native/issues/24428
|
|
3
4
|
import "react-native-url-polyfill/auto";
|
|
@@ -7,7 +8,8 @@ import * as SdJwt from "./sd-jwt";
|
|
|
7
8
|
import * as Errors from "./utils/errors";
|
|
8
9
|
import * as WalletInstanceAttestation from "./wallet-instance-attestation";
|
|
9
10
|
import * as Trust from "./trust";
|
|
11
|
+
import * as WalletInstance from "./wallet-instance";
|
|
10
12
|
import { AuthorizationDetail, AuthorizationDetails } from "./utils/par";
|
|
11
13
|
import { createCryptoContextFor } from "./utils/crypto";
|
|
12
|
-
export { SdJwt, PID, Credential, WalletInstanceAttestation, Errors, Trust, createCryptoContextFor, AuthorizationDetail, AuthorizationDetails };
|
|
14
|
+
export { SdJwt, PID, Credential, WalletInstanceAttestation, WalletInstance, Errors, Trust, createCryptoContextFor, AuthorizationDetail, AuthorizationDetails, fixBase64EncodingOnKey };
|
|
13
15
|
//# sourceMappingURL=index.js.map
|
package/lib/module/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["Credential","PID","SdJwt","Errors","WalletInstanceAttestation","Trust","AuthorizationDetail","AuthorizationDetails","createCryptoContextFor"],"sourceRoot":"../../src","sources":["index.ts"],"mappings":"
|
|
1
|
+
{"version":3,"names":["fixBase64EncodingOnKey","Credential","PID","SdJwt","Errors","WalletInstanceAttestation","Trust","WalletInstance","AuthorizationDetail","AuthorizationDetails","createCryptoContextFor"],"sourceRoot":"../../src","sources":["index.ts"],"mappings":"AACA,SAASA,sBAAsB,QAAQ,aAAa;AACpD;AACA;AACA,OAAO,gCAAgC;AAEvC,OAAO,KAAKC,UAAU,MAAM,cAAc;AAC1C,OAAO,KAAKC,GAAG,MAAM,OAAO;AAC5B,OAAO,KAAKC,KAAK,MAAM,UAAU;AACjC,OAAO,KAAKC,MAAM,MAAM,gBAAgB;AACxC,OAAO,KAAKC,yBAAyB,MAAM,+BAA+B;AAC1E,OAAO,KAAKC,KAAK,MAAM,SAAS;AAChC,OAAO,KAAKC,cAAc,MAAM,mBAAmB;AACnD,SAASC,mBAAmB,EAAEC,oBAAoB,QAAQ,aAAa;AACvE,SAASC,sBAAsB,QAAQ,gBAAgB;AAGvD,SACEP,KAAK,EACLD,GAAG,EACHD,UAAU,EACVI,yBAAyB,EACzBE,cAAc,EACdH,MAAM,EACNE,KAAK,EACLI,sBAAsB,EACtBF,mBAAmB,EACnBC,oBAAoB,EACpBT,sBAAsB"}
|
|
@@ -1,22 +1,18 @@
|
|
|
1
1
|
import { getValueFromDisclosures } from "../../sd-jwt/converters";
|
|
2
2
|
import { PID } from "./types";
|
|
3
3
|
export function pidFromToken(sdJwt, disclosures) {
|
|
4
|
+
const placeOfBirth = getValueFromDisclosures(disclosures, "place_of_birth");
|
|
4
5
|
return PID.parse({
|
|
5
6
|
issuer: sdJwt.payload.iss,
|
|
6
|
-
issuedAt: new Date(
|
|
7
|
+
issuedAt: new Date(getValueFromDisclosures(disclosures, "iat") * 1000),
|
|
7
8
|
expiration: new Date(sdJwt.payload.exp * 1000),
|
|
8
|
-
verification: {
|
|
9
|
-
trustFramework: sdJwt.payload.verified_claims.verification.trust_framework,
|
|
10
|
-
assuranceLevel: sdJwt.payload.verified_claims.verification.assurance_level,
|
|
11
|
-
evidence: getValueFromDisclosures(disclosures, "evidence")
|
|
12
|
-
},
|
|
13
9
|
claims: {
|
|
14
10
|
uniqueId: getValueFromDisclosures(disclosures, "unique_id"),
|
|
15
11
|
givenName: getValueFromDisclosures(disclosures, "given_name"),
|
|
16
12
|
familyName: getValueFromDisclosures(disclosures, "family_name"),
|
|
17
|
-
|
|
18
|
-
placeOfBirth
|
|
19
|
-
taxIdCode: getValueFromDisclosures(disclosures, "
|
|
13
|
+
birthDate: getValueFromDisclosures(disclosures, "birth_date"),
|
|
14
|
+
...(placeOfBirth && placeOfBirth),
|
|
15
|
+
taxIdCode: getValueFromDisclosures(disclosures, "tax_id_code")
|
|
20
16
|
}
|
|
21
17
|
});
|
|
22
18
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["getValueFromDisclosures","PID","pidFromToken","sdJwt","disclosures","parse","issuer","payload","iss","issuedAt","Date","
|
|
1
|
+
{"version":3,"names":["getValueFromDisclosures","PID","pidFromToken","sdJwt","disclosures","placeOfBirth","parse","issuer","payload","iss","issuedAt","Date","expiration","exp","claims","uniqueId","givenName","familyName","birthDate","taxIdCode"],"sourceRoot":"../../../../src","sources":["pid/sd-jwt/converters.ts"],"mappings":"AAAA,SAASA,uBAAuB,QAAQ,yBAAyB;AAEjE,SAASC,GAAG,QAAQ,SAAS;AAE7B,OAAO,SAASC,YAAYA,CAACC,KAAe,EAAEC,WAAyB,EAAO;EAC5E,MAAMC,YAAY,GAAGL,uBAAuB,CAACI,WAAW,EAAE,gBAAgB,CAAC;EAC3E,OAAOH,GAAG,CAACK,KAAK,CAAC;IACfC,MAAM,EAAEJ,KAAK,CAACK,OAAO,CAACC,GAAG;IACzBC,QAAQ,EAAE,IAAIC,IAAI,CAACX,uBAAuB,CAACI,WAAW,EAAE,KAAK,CAAC,GAAG,IAAI,CAAC;IACtEQ,UAAU,EAAE,IAAID,IAAI,CAACR,KAAK,CAACK,OAAO,CAACK,GAAG,GAAG,IAAI,CAAC;IAC9CC,MAAM,EAAE;MACNC,QAAQ,EAAEf,uBAAuB,CAACI,WAAW,EAAE,WAAW,CAAC;MAC3DY,SAAS,EAAEhB,uBAAuB,CAACI,WAAW,EAAE,YAAY,CAAC;MAC7Da,UAAU,EAAEjB,uBAAuB,CAACI,WAAW,EAAE,aAAa,CAAC;MAC/Dc,SAAS,EAAElB,uBAAuB,CAACI,WAAW,EAAE,YAAY,CAAC;MAC7D,IAAIC,YAAY,IAAIA,YAAY,CAAC;MACjCc,SAAS,EAAEnB,uBAAuB,CAACI,WAAW,EAAE,aAAa;IAC/D;EACF,CAAC,CAAC;AACJ"}
|
|
@@ -27,16 +27,16 @@ export const PID = z.object({
|
|
|
27
27
|
issuer: z.string(),
|
|
28
28
|
issuedAt: z.date(),
|
|
29
29
|
expiration: z.date(),
|
|
30
|
-
verification: Verification,
|
|
30
|
+
verification: Verification.optional(),
|
|
31
31
|
claims: z.object({
|
|
32
32
|
uniqueId: z.string(),
|
|
33
33
|
givenName: z.string(),
|
|
34
34
|
familyName: z.string(),
|
|
35
|
-
|
|
35
|
+
birthDate: z.string(),
|
|
36
36
|
placeOfBirth: z.object({
|
|
37
37
|
country: z.string(),
|
|
38
38
|
locality: z.string()
|
|
39
|
-
}),
|
|
39
|
+
}).optional(),
|
|
40
40
|
taxIdCode: z.string()
|
|
41
41
|
})
|
|
42
42
|
});
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["z","VerificationEvidence","object","type","string","record","source","organization_name","organization_id","country_code","Verification","trustFramework","literal","assuranceLevel","evidence","array","PID","issuer","issuedAt","date","expiration","verification","claims","uniqueId","givenName","familyName","
|
|
1
|
+
{"version":3,"names":["z","VerificationEvidence","object","type","string","record","source","organization_name","organization_id","country_code","Verification","trustFramework","literal","assuranceLevel","evidence","array","PID","issuer","issuedAt","date","expiration","verification","optional","claims","uniqueId","givenName","familyName","birthDate","placeOfBirth","country","locality","taxIdCode"],"sourceRoot":"../../../../src","sources":["pid/sd-jwt/types.ts"],"mappings":"AAAA,SAASA,CAAC,QAAQ,KAAK;AAEvB,MAAMC,oBAAoB,GAAGD,CAAC,CAACE,MAAM,CAAC;EACpCC,IAAI,EAAEH,CAAC,CAACI,MAAM,CAAC,CAAC;EAChBC,MAAM,EAAEL,CAAC,CAACE,MAAM,CAAC;IACfC,IAAI,EAAEH,CAAC,CAACI,MAAM,CAAC,CAAC;IAChBE,MAAM,EAAEN,CAAC,CAACE,MAAM,CAAC;MACfK,iBAAiB,EAAEP,CAAC,CAACI,MAAM,CAAC,CAAC;MAC7BI,eAAe,EAAER,CAAC,CAACI,MAAM,CAAC,CAAC;MAC3BK,YAAY,EAAET,CAAC,CAACI,MAAM,CAAC;IACzB,CAAC;EACH,CAAC;AACH,CAAC,CAAC;AAEF,MAAMM,YAAY,GAAGV,CAAC,CAACE,MAAM,CAAC;EAC5BS,cAAc,EAAEX,CAAC,CAACY,OAAO,CAAC,OAAO,CAAC;EAClCC,cAAc,EAAEb,CAAC,CAACI,MAAM,CAAC,CAAC;EAC1BU,QAAQ,EAAEd,CAAC,CAACe,KAAK,CAACd,oBAAoB;AACxC,CAAC,CAAC;;AAEF;AACA;AACA;AACA;AACA;AACA;;AAEA,OAAO,MAAMe,GAAG,GAAGhB,CAAC,CAACE,MAAM,CAAC;EAC1Be,MAAM,EAAEjB,CAAC,CAACI,MAAM,CAAC,CAAC;EAClBc,QAAQ,EAAElB,CAAC,CAACmB,IAAI,CAAC,CAAC;EAClBC,UAAU,EAAEpB,CAAC,CAACmB,IAAI,CAAC,CAAC;EACpBE,YAAY,EAAEX,YAAY,CAACY,QAAQ,CAAC,CAAC;EACrCC,MAAM,EAAEvB,CAAC,CAACE,MAAM,CAAC;IACfsB,QAAQ,EAAExB,CAAC,CAACI,MAAM,CAAC,CAAC;IACpBqB,SAAS,EAAEzB,CAAC,CAACI,MAAM,CAAC,CAAC;IACrBsB,UAAU,EAAE1B,CAAC,CAACI,MAAM,CAAC,CAAC;IACtBuB,SAAS,EAAE3B,CAAC,CAACI,MAAM,CAAC,CAAC;IACrBwB,YAAY,EAAE5B,CAAC,CACZE,MAAM,CAAC;MACN2B,OAAO,EAAE7B,CAAC,CAACI,MAAM,CAAC,CAAC;MACnB0B,QAAQ,EAAE9B,CAAC,CAACI,MAAM,CAAC;IACrB,CAAC,CAAC,CACDkB,QAAQ,CAAC,CAAC;IACbS,SAAS,EAAE/B,CAAC,CAACI,MAAM,CAAC;EACtB,CAAC;AACH,CAAC,CAAC"}
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import { getValueFromDisclosures } from "../converters";
|
|
2
|
-
const disclosures = [["6w1_soRXFgaHKfpYn3cvfQ", "given_name", "Mario"], ["fuNp97Hf3wV6y48y-QZhIg", "
|
|
2
|
+
const disclosures = [["6w1_soRXFgaHKfpYn3cvfQ", "given_name", "Mario"], ["fuNp97Hf3wV6y48y-QZhIg", "birth_date", "1980-10-01"], ["p-9LzyWHZBVDvhXDWkN2xA", "place_of_birth", {
|
|
3
3
|
country: "IT",
|
|
4
4
|
locality: "Rome"
|
|
5
5
|
}]];
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["getValueFromDisclosures","disclosures","country","locality","describe","it","success","expect","toBe","toEqual","toBeUndefined"],"sourceRoot":"../../../../src","sources":["sd-jwt/__test__/converters.test.ts"],"mappings":"AAAA,SAASA,uBAAuB,QAAQ,eAAe;AAGvD,MAAMC,WAAyB,GAAG,CAChC,CAAC,wBAAwB,EAAE,YAAY,EAAE,OAAO,CAAC,EACjD,CAAC,wBAAwB,EAAE,
|
|
1
|
+
{"version":3,"names":["getValueFromDisclosures","disclosures","country","locality","describe","it","success","expect","toBe","toEqual","toBeUndefined"],"sourceRoot":"../../../../src","sources":["sd-jwt/__test__/converters.test.ts"],"mappings":"AAAA,SAASA,uBAAuB,QAAQ,eAAe;AAGvD,MAAMC,WAAyB,GAAG,CAChC,CAAC,wBAAwB,EAAE,YAAY,EAAE,OAAO,CAAC,EACjD,CAAC,wBAAwB,EAAE,YAAY,EAAE,YAAY,CAAC,EACtD,CACE,wBAAwB,EACxB,gBAAgB,EAChB;EAAEC,OAAO,EAAE,IAAI;EAAEC,QAAQ,EAAE;AAAO,CAAC,CACpC,CACF;AAEDC,QAAQ,CAAC,yBAAyB,EAAE,MAAM;EACxCC,EAAE,CAAC,4CAA4C,EAAE,MAAM;IACrD,MAAMC,OAAO,GAAGN,uBAAuB,CAACC,WAAW,EAAE,YAAY,CAAC;IAClEM,MAAM,CAACD,OAAO,CAAC,CAACE,IAAI,CAAC,OAAO,CAAC;EAC/B,CAAC,CAAC;EACFH,EAAE,CAAC,gDAAgD,EAAE,MAAM;IACzD,MAAMC,OAAO,GAAGN,uBAAuB,CAACC,WAAW,EAAE,gBAAgB,CAAC;IACtEM,MAAM,CAACD,OAAO,CAAC,CAACG,OAAO,CAAC;MAAEP,OAAO,EAAE,IAAI;MAAEC,QAAQ,EAAE;IAAO,CAAC,CAAC;EAC9D,CAAC,CAAC;EACFE,EAAE,CAAC,aAAa,EAAE,MAAM;IACtB,MAAMC,OAAO,GAAGN,uBAAuB,CAACC,WAAW,EAAE,eAAe,CAAC;IACrEM,MAAM,CAACD,OAAO,CAAC,CAACI,aAAa,CAAC,CAAC;EACjC,CAAC,CAAC;AACJ,CAAC,CAAC"}
|
|
@@ -11,56 +11,43 @@ import { SdJwt4VC } from "../types";
|
|
|
11
11
|
// - payload is taken from the italian specification, but _sd are compiled with:
|
|
12
12
|
// - "address" is used as verification._sd
|
|
13
13
|
// - all others disclosures are in claims._sd
|
|
14
|
-
const token = "
|
|
15
|
-
const unsigned = "
|
|
16
|
-
const signature = "
|
|
14
|
+
const token = "eyJraWQiOiItRl82VWdhOG4zVmVnalkyVTdZVUhLMXpMb2FELU5QVGM2M1JNSVNuTGF3IiwidHlwIjoidmMrc2Qtand0IiwiYWxnIjoiRVMyNTYifQ.eyJfc2QiOlsiMHExRDVKbWF2NnBRYUVoX0pfRmN2X3VOTk1RSWdDeWhRT3hxbFk0bDNxVSIsIktDSi1BVk52ODhkLXhqNnNVSUFPSnhGbmJVaDNySFhES2tJSDFsRnFiUnMiLCJNOWxvOVl4RE5JWHJBcTJxV2VpQ0E0MHpwSl96WWZGZFJfNEFFQUxjUnRVIiwiY3pnalVrMG5xUkNzd1NoQ2hDamRTNkExLXY0N2RfcVRDU0ZJdklIaE1vSSIsIm5HblFyN2NsbTN0ZlRwOHlqTF91SHJEU090elIyUFZiOFM3R2VMZEFxQlEiLCJ4TklWd2xwU3NhWjhDSlNmMGd6NXhfNzVWUldXYzZWMW1scGVqZENycVVzIl0sInN1YiI6IjIxNmY4OTQ2LTllY2ItNDgxOS05MzA5LWMwNzZmMzRhN2UxMSIsIl9zZF9hbGciOiJzaGEtMjU2IiwidmN0IjoiUGVyc29uSWRlbnRpZmljYXRpb25EYXRhIiwiaXNzIjoiaHR0cHM6Ly9wcmUuZWlkLndhbGxldC5pcHpzLml0IiwiY25mIjp7Imp3ayI6eyJrdHkiOiJFQyIsImNydiI6IlAtMjU2Iiwia2lkIjoiUnYzVy1FaUtwdkJUeWs1eVp4dnJldi03TURCNlNselVDQm9fQ1FqamRkVSIsIngiOiIwV294N1F0eVBxQnlnMzVNSF9YeUNjbmQ1TGUtSm0wQVhIbFVnREJBMDNZIiwieSI6ImVFaFZ2ZzFKUHFOZDNEVFNhNG1HREdCbHdZNk5QLUVaYkxiTkZYU1h3SWcifX0sImV4cCI6MTc1MTU0NjU3Niwic3RhdHVzIjp7InN0YXR1c19hdHRlc3RhdGlvbiI6eyJjcmVkZW50aWFsX2hhc2hfYWxnIjoic2hhLTI1NiJ9fX0.qXHA2oqr8trX4fGxpxpUft2GX380TM3pzfo1MYAsDjUC8HsODA-4rdRWAvDe2zYP57x4tJU7eiABkd1Kmln9yQ~WyJrSkRFUDhFYU5URU1CRE9aelp6VDR3IiwidW5pcXVlX2lkIiwiVElOSVQtTFZMREFBODVUNTBHNzAyQiJd~WyJ6SUF5VUZ2UGZJcEUxekJxeEk1aGFRIiwiYmlydGhfZGF0ZSIsIjE5ODUtMTItMTAiXQ~WyJHcjNSM3MyOTBPa1FVbS1ORlR1OTZBIiwidGF4X2lkX2NvZGUiLCJUSU5JVC1MVkxEQUE4NVQ1MEc3MDJCIl0~WyJHeE9SYWxNQWVsZlowZWRGSmpqWVV3IiwiZ2l2ZW5fbmFtZSIsIkFkYSJd~WyJfdlY1UklrbDBJT0VYS290czlrdDF3IiwiZmFtaWx5X25hbWUiLCJMb3ZlbGFjZSJd~WyJDajV0Y2NSNzJKd3J6ZTJUVzRhLXdnIiwiaWF0IiwxNzIwMDEwNTc1XQ";
|
|
15
|
+
const unsigned = "eyJraWQiOiItRl82VWdhOG4zVmVnalkyVTdZVUhLMXpMb2FELU5QVGM2M1JNSVNuTGF3IiwidHlwIjoidmMrc2Qtand0IiwiYWxnIjoiRVMyNTYifQ.eyJfc2QiOlsiMHExRDVKbWF2NnBRYUVoX0pfRmN2X3VOTk1RSWdDeWhRT3hxbFk0bDNxVSIsIktDSi1BVk52ODhkLXhqNnNVSUFPSnhGbmJVaDNySFhES2tJSDFsRnFiUnMiLCJNOWxvOVl4RE5JWHJBcTJxV2VpQ0E0MHpwSl96WWZGZFJfNEFFQUxjUnRVIiwiY3pnalVrMG5xUkNzd1NoQ2hDamRTNkExLXY0N2RfcVRDU0ZJdklIaE1vSSIsIm5HblFyN2NsbTN0ZlRwOHlqTF91SHJEU090elIyUFZiOFM3R2VMZEFxQlEiLCJ4TklWd2xwU3NhWjhDSlNmMGd6NXhfNzVWUldXYzZWMW1scGVqZENycVVzIl0sInN1YiI6IjIxNmY4OTQ2LTllY2ItNDgxOS05MzA5LWMwNzZmMzRhN2UxMSIsIl9zZF9hbGciOiJzaGEtMjU2IiwidmN0IjoiUGVyc29uSWRlbnRpZmljYXRpb25EYXRhIiwiaXNzIjoiaHR0cHM6Ly9wcmUuZWlkLndhbGxldC5pcHpzLml0IiwiY25mIjp7Imp3ayI6eyJrdHkiOiJFQyIsImNydiI6IlAtMjU2Iiwia2lkIjoiUnYzVy1FaUtwdkJUeWs1eVp4dnJldi03TURCNlNselVDQm9fQ1FqamRkVSIsIngiOiIwV294N1F0eVBxQnlnMzVNSF9YeUNjbmQ1TGUtSm0wQVhIbFVnREJBMDNZIiwieSI6ImVFaFZ2ZzFKUHFOZDNEVFNhNG1HREdCbHdZNk5QLUVaYkxiTkZYU1h3SWcifX0sImV4cCI6MTc1MTU0NjU3Niwic3RhdHVzIjp7InN0YXR1c19hdHRlc3RhdGlvbiI6eyJjcmVkZW50aWFsX2hhc2hfYWxnIjoic2hhLTI1NiJ9fX0";
|
|
16
|
+
const signature = "qXHA2oqr8trX4fGxpxpUft2GX380TM3pzfo1MYAsDjUC8HsODA-4rdRWAvDe2zYP57x4tJU7eiABkd1Kmln9yQ";
|
|
17
17
|
const signed = `${unsigned}.${signature}`;
|
|
18
|
-
const tokenizedDisclosures = ["
|
|
18
|
+
const tokenizedDisclosures = ["WyJrSkRFUDhFYU5URU1CRE9aelp6VDR3IiwidW5pcXVlX2lkIiwiVElOSVQtTFZMREFBODVUNTBHNzAyQiJd", "WyJ6SUF5VUZ2UGZJcEUxekJxeEk1aGFRIiwiYmlydGhfZGF0ZSIsIjE5ODUtMTItMTAiXQ", "WyJHcjNSM3MyOTBPa1FVbS1ORlR1OTZBIiwidGF4X2lkX2NvZGUiLCJUSU5JVC1MVkxEQUE4NVQ1MEc3MDJCIl0", "WyJHeE9SYWxNQWVsZlowZWRGSmpqWVV3IiwiZ2l2ZW5fbmFtZSIsIkFkYSJd", "WyJfdlY1UklrbDBJT0VYS290czlrdDF3IiwiZmFtaWx5X25hbWUiLCJMb3ZlbGFjZSJd", "WyJDajV0Y2NSNzJKd3J6ZTJUVzRhLXdnIiwiaWF0IiwxNzIwMDEwNTc1XQ"];
|
|
19
19
|
const sdJwt = {
|
|
20
20
|
header: {
|
|
21
|
+
kid: "-F_6Uga8n3VegjY2U7YUHK1zLoaD-NPTc63RMISnLaw",
|
|
21
22
|
typ: "vc+sd-jwt",
|
|
22
|
-
alg: "ES256"
|
|
23
|
-
kid: "b186ea0c1925793097bf01b8a289a45f",
|
|
24
|
-
trust_chain: ["NEhRdERpYnlHY3M5WldWTWZ2aUhm ...", "eyJhbGciOiJSUzI1NiIsImtpZCI6 ...", "IkJYdmZybG5oQU11SFIwN2FqVW1B ..."]
|
|
23
|
+
alg: "ES256"
|
|
25
24
|
},
|
|
26
25
|
payload: {
|
|
27
|
-
|
|
28
|
-
sub: "
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
status: "https://example.com/status",
|
|
26
|
+
_sd: ["0q1D5Jmav6pQaEh_J_Fcv_uNNMQIgCyhQOxqlY4l3qU", "KCJ-AVNv88d-xj6sUIAOJxFnbUh3rHXDKkIH1lFqbRs", "M9lo9YxDNIXrAq2qWeiCA40zpJ_zYfFdR_4AEALcRtU", "czgjUk0nqRCswShChCjdS6A1-v47d_qTCSFIvIHhMoI", "nGnQr7clm3tfTp8yjL_uHrDSOtzR2PVb8S7GeLdAqBQ", "xNIVwlpSsaZ8CJSf0gz5x_75VRWWc6V1mlpejdCrqUs"],
|
|
27
|
+
sub: "216f8946-9ecb-4819-9309-c076f34a7e11",
|
|
28
|
+
_sd_alg: "sha-256",
|
|
29
|
+
vct: "PersonIdentificationData",
|
|
30
|
+
iss: "https://pre.eid.wallet.ipzs.it",
|
|
33
31
|
cnf: {
|
|
34
32
|
jwk: {
|
|
35
|
-
kty: "
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
33
|
+
kty: "EC",
|
|
34
|
+
crv: "P-256",
|
|
35
|
+
kid: "Rv3W-EiKpvBTyk5yZxvrev-7MDB6SlzUCBo_CQjjddU",
|
|
36
|
+
x: "0Wox7QtyPqByg35MH_XyCcnd5Le-Jm0AXHlUgDBA03Y",
|
|
37
|
+
y: "eEhVvg1JPqNd3DTSa4mGDGBlwY6NP-EZbLbNFXSXwIg"
|
|
40
38
|
}
|
|
41
39
|
},
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
trust_framework: "eidas",
|
|
47
|
-
assurance_level: "high"
|
|
48
|
-
},
|
|
49
|
-
claims: {
|
|
50
|
-
_sd: ["09vKrJMOlyTWM0sjpu_pdOBVBQ2M1y3KhpH515nXkpY", "2rsjGbaC0ky8mT0pJrPioWTq0_daw1sX76poUlgCwbI", "EkO8dhW0dHEJbvUHlE_VCeuC9uRELOieLZhh7XbUTtA", "IlDzIKeiZdDwpqpK6ZfbyphFvz5FgnWa-sN6wqQXCiw", "PorFbpKuVu6xymJagvkFsFXAbRoc2JGlAUA2BA4o7cI", "TGf4oLbgwd5JQaHyKVQZU9UdGE0w5rtDsrZzfUaomLo", "jdrTE8YcbY4EifugihiAe_BPekxJQZICeiUQwY9QqxI", "jsu9yVulwQQlhFlM_3JlzMaSFzglhQG0DpfayQwLUK4"]
|
|
40
|
+
exp: 1751546576,
|
|
41
|
+
status: {
|
|
42
|
+
status_attestation: {
|
|
43
|
+
credential_hash_alg: "sha-256"
|
|
51
44
|
}
|
|
52
|
-
}
|
|
53
|
-
_sd_alg: "sha-256"
|
|
45
|
+
}
|
|
54
46
|
}
|
|
55
47
|
};
|
|
56
48
|
|
|
57
49
|
// In the very same order than tokenizedDisclosures
|
|
58
|
-
const disclosures = [["
|
|
59
|
-
street_address: "123 Main St",
|
|
60
|
-
locality: "Anytown",
|
|
61
|
-
region: "Anystate",
|
|
62
|
-
country: "US"
|
|
63
|
-
}]];
|
|
50
|
+
const disclosures = [["kJDEP8EaNTEMBDOZzZzT4w", "unique_id", "TINIT-LVLDAA85T50G702B"], ["zIAyUFvPfIpE1zBqxI5haQ", "birth_date", "1985-12-10"], ["Gr3R3s290OkQUm-NFTu96A", "tax_id_code", "TINIT-LVLDAA85T50G702B"], ["GxORalMAelfZ0edFJjjYUw", "given_name", "Ada"], ["_vV5RIkl0IOEXKots9kt1w", "family_name", "Lovelace"], ["Cj5tccR72Jwrze2TW4a-wg", "iat", 1720010575]];
|
|
64
51
|
it("Ensures example data correctness", () => {
|
|
65
52
|
expect(JSON.parse(decodeBase64(encodeBase64(JSON.stringify(sdJwt.header))))).toEqual(sdJwt.header);
|
|
66
53
|
expect([signed, ...tokenizedDisclosures].join("~")).toBe(token);
|
|
@@ -112,10 +99,10 @@ describe("disclose", () => {
|
|
|
112
99
|
it("should encode a valid sdjwt (one claim)", async () => {
|
|
113
100
|
const result = await disclose(token, ["given_name"]);
|
|
114
101
|
const expected = {
|
|
115
|
-
token: `${signed}~
|
|
102
|
+
token: `${signed}~WyJHeE9SYWxNQWVsZlowZWRGSmpqWVV3IiwiZ2l2ZW5fbmFtZSIsIkFkYSJd`,
|
|
116
103
|
paths: [{
|
|
117
104
|
claim: "given_name",
|
|
118
|
-
path: "verified_claims.claims._sd[
|
|
105
|
+
path: "verified_claims.claims._sd[3]"
|
|
119
106
|
}]
|
|
120
107
|
};
|
|
121
108
|
expect(result).toEqual(expected);
|
|
@@ -129,15 +116,15 @@ describe("disclose", () => {
|
|
|
129
116
|
expect(result).toEqual(expected);
|
|
130
117
|
});
|
|
131
118
|
it("should encode a valid sdjwt (multiple claims)", async () => {
|
|
132
|
-
const result = await disclose(token, ["
|
|
119
|
+
const result = await disclose(token, ["iat", "family_name"]);
|
|
133
120
|
const expected = {
|
|
134
|
-
token: `${signed}~
|
|
121
|
+
token: `${signed}~WyJfdlY1UklrbDBJT0VYS290czlrdDF3IiwiZmFtaWx5X25hbWUiLCJMb3ZlbGFjZSJd~WyJDajV0Y2NSNzJKd3J6ZTJUVzRhLXdnIiwiaWF0IiwxNzIwMDEwNTc1XQ`,
|
|
135
122
|
paths: [{
|
|
136
|
-
claim: "
|
|
137
|
-
path: "verified_claims.claims._sd[
|
|
123
|
+
claim: "iat",
|
|
124
|
+
path: "verified_claims.claims._sd[4]"
|
|
138
125
|
}, {
|
|
139
|
-
claim: "
|
|
140
|
-
path: "verified_claims.
|
|
126
|
+
claim: "family_name",
|
|
127
|
+
path: "verified_claims.claims._sd[0]"
|
|
141
128
|
}]
|
|
142
129
|
};
|
|
143
130
|
expect(result).toEqual(expected);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["z","decode","disclose","encodeBase64","decodeBase64","SdJwt4VC","token","unsigned","signature","signed","tokenizedDisclosures","sdJwt","header","
|
|
1
|
+
{"version":3,"names":["z","decode","disclose","encodeBase64","decodeBase64","SdJwt4VC","token","unsigned","signature","signed","tokenizedDisclosures","sdJwt","header","kid","typ","alg","payload","_sd","sub","_sd_alg","vct","iss","cnf","jwk","kty","crv","x","y","exp","status","status_attestation","credential_hash_alg","disclosures","it","expect","JSON","parse","stringify","toEqual","join","toBe","describe","result","map","decoded","i","encoded","validDecoder","and","object","customField","string","invalidDecoder","error","expected","paths","claim","path","fn","rejects","any","Error"],"sourceRoot":"../../../../src","sources":["sd-jwt/__test__/index.test.ts"],"mappings":"AAAA,SAASA,CAAC,QAAQ,KAAK;AACvB,SAASC,MAAM,EAAEC,QAAQ,QAAQ,UAAU;AAE3C,SAASC,YAAY,EAAEC,YAAY,QAAQ,6BAA6B;AACxE,SAASC,QAAQ,QAAQ,UAAU;;AAEnC;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAMC,KAAK,GACT,giDAAgiD;AAEliD,MAAMC,QAAQ,GACZ,whCAAwhC;AAE1hC,MAAMC,SAAS,GACb,wFAAwF;AAE1F,MAAMC,MAAM,GAAI,GAAEF,QAAS,IAAGC,SAAU,EAAC;AAEzC,MAAME,oBAAoB,GAAG,CAC3B,sFAAsF,EACtF,wEAAwE,EACxE,yFAAyF,EACzF,8DAA8D,EAC9D,sEAAsE,EACtE,4DAA4D,CAC7D;AAED,MAAMC,KAAK,GAAG;EACZC,MAAM,EAAE;IACNC,GAAG,EAAE,6CAA6C;IAClDC,GAAG,EAAE,WAAW;IAChBC,GAAG,EAAE;EACP,CAAC;EACDC,OAAO,EAAE;IACPC,GAAG,EAAE,CACH,6CAA6C,EAC7C,6CAA6C,EAC7C,6CAA6C,EAC7C,6CAA6C,EAC7C,6CAA6C,EAC7C,6CAA6C,CAC9C;IACDC,GAAG,EAAE,sCAAsC;IAC3CC,OAAO,EAAE,SAAS;IAClBC,GAAG,EAAE,0BAA0B;IAC/BC,GAAG,EAAE,gCAAgC;IACrCC,GAAG,EAAE;MACHC,GAAG,EAAE;QACHC,GAAG,EAAE,IAAI;QACTC,GAAG,EAAE,OAAO;QACZZ,GAAG,EAAE,6CAA6C;QAClDa,CAAC,EAAE,6CAA6C;QAChDC,CAAC,EAAE;MACL;IACF,CAAC;IACDC,GAAG,EAAE,UAAU;IACfC,MAAM,EAAE;MACNC,kBAAkB,EAAE;QAClBC,mBAAmB,EAAE;MACvB;IACF;EACF;AACF,CAAC;;AAED;AACA,MAAMC,WAAW,GAAG,CAClB,CAAC,wBAAwB,EAAE,WAAW,EAAE,wBAAwB,CAAC,EACjE,CAAC,wBAAwB,EAAE,YAAY,EAAE,YAAY,CAAC,EACtD,CAAC,wBAAwB,EAAE,aAAa,EAAE,wBAAwB,CAAC,EACnE,CAAC,wBAAwB,EAAE,YAAY,EAAE,KAAK,CAAC,EAC/C,CAAC,wBAAwB,EAAE,aAAa,EAAE,UAAU,CAAC,EACrD,CAAC,wBAAwB,EAAE,KAAK,EAAE,UAAU,CAAC,CAC9C;AACDC,EAAE,CAAC,kCAAkC,EAAE,MAAM;EAC3CC,MAAM,CACJC,IAAI,CAACC,KAAK,CAAChC,YAAY,CAACD,YAAY,CAACgC,IAAI,CAACE,SAAS,CAAC1B,KAAK,CAACC,MAAM,CAAC,CAAC,CAAC,CACrE,CAAC,CAAC0B,OAAO,CAAC3B,KAAK,CAACC,MAAM,CAAC;EACvBsB,MAAM,CAAC,CAACzB,MAAM,EAAE,GAAGC,oBAAoB,CAAC,CAAC6B,IAAI,CAAC,GAAG,CAAC,CAAC,CAACC,IAAI,CAAClC,KAAK,CAAC;AACjE,CAAC,CAAC;AAEFmC,QAAQ,CAAC,QAAQ,EAAE,MAAM;EACvBR,EAAE,CAAC,6BAA6B,EAAE,MAAM;IACtC,MAAMS,MAAM,GAAGzC,MAAM,CAACK,KAAK,EAAED,QAAQ,CAAC;IACtC6B,MAAM,CAACQ,MAAM,CAAC,CAACJ,OAAO,CAAC;MACrB3B,KAAK;MACLqB,WAAW,EAAEA,WAAW,CAACW,GAAG,CAAC,CAACC,OAAO,EAAEC,CAAC,MAAM;QAC5CD,OAAO;QACPE,OAAO,EAAEpC,oBAAoB,CAACmC,CAAC;MACjC,CAAC,CAAC;IACJ,CAAC,CAAC;EACJ,CAAC,CAAC;EAEFZ,EAAE,CAAC,oCAAoC,EAAE,MAAM;IAC7C,MAAMS,MAAM,GAAGzC,MAAM,CAACK,KAAK,CAAC;IAC5B4B,MAAM,CAACQ,MAAM,CAAC,CAACJ,OAAO,CAAC;MACrB3B,KAAK;MACLqB,WAAW,EAAEA,WAAW,CAACW,GAAG,CAAC,CAACC,OAAO,EAAEC,CAAC,MAAM;QAC5CD,OAAO;QACPE,OAAO,EAAEpC,oBAAoB,CAACmC,CAAC;MACjC,CAAC,CAAC;IACJ,CAAC,CAAC;EACJ,CAAC,CAAC;EAEFZ,EAAE,CAAC,kDAAkD,EAAE,MAAM;IAC3D,MAAMc,YAAY,GAAG1C,QAAQ,CAAC2C,GAAG,CAC/BhD,CAAC,CAACiD,MAAM,CAAC;MAAEjC,OAAO,EAAEhB,CAAC,CAACiD,MAAM,CAAC;QAAEC,WAAW,EAAElD,CAAC,CAACmD,MAAM,CAAC;MAAE,CAAC;IAAE,CAAC,CAC7D,CAAC;IACD,MAAMC,cAAc,GAAGpD,CAAC,CAACiD,MAAM,CAAC;MAC9BjC,OAAO,EAAEhB,CAAC,CAACiD,MAAM,CAAC;QAAEC,WAAW,EAAElD,CAAC,CAACmD,MAAM,CAAC;MAAE,CAAC;IAC/C,CAAC,CAAC;IAEF,IAAI;MACF;MACAlD,MAAM,CAACK,KAAK,EAAEyC,YAAY,CAAC;MAC3B;MACA9C,MAAM,CAACK,KAAK,EAAE8C,cAAc,CAAC;IAC/B,CAAC,CAAC,OAAOC,KAAK,EAAE;MACd;MACA;IAAA;EAEJ,CAAC,CAAC;AACJ,CAAC,CAAC;AAEFZ,QAAQ,CAAC,UAAU,EAAE,MAAM;EACzBR,EAAE,CAAC,yCAAyC,EAAE,YAAY;IACxD,MAAMS,MAAM,GAAG,MAAMxC,QAAQ,CAACI,KAAK,EAAE,CAAC,YAAY,CAAC,CAAC;IACpD,MAAMgD,QAAQ,GAAG;MACfhD,KAAK,EAAG,GAAEG,MAAO,+DAA8D;MAC/E8C,KAAK,EAAE,CAAC;QAAEC,KAAK,EAAE,YAAY;QAAEC,IAAI,EAAE;MAAgC,CAAC;IACxE,CAAC;IAEDvB,MAAM,CAACQ,MAAM,CAAC,CAACJ,OAAO,CAACgB,QAAQ,CAAC;EAClC,CAAC,CAAC;EAEFrB,EAAE,CAAC,yCAAyC,EAAE,YAAY;IACxD,MAAMS,MAAM,GAAG,MAAMxC,QAAQ,CAACI,KAAK,EAAE,EAAE,CAAC;IACxC,MAAMgD,QAAQ,GAAG;MAAEhD,KAAK,EAAG,GAAEG,MAAO,EAAC;MAAE8C,KAAK,EAAE;IAAG,CAAC;IAElDrB,MAAM,CAACQ,MAAM,CAAC,CAACJ,OAAO,CAACgB,QAAQ,CAAC;EAClC,CAAC,CAAC;EAEFrB,EAAE,CAAC,+CAA+C,EAAE,YAAY;IAC9D,MAAMS,MAAM,GAAG,MAAMxC,QAAQ,CAACI,KAAK,EAAE,CAAC,KAAK,EAAE,aAAa,CAAC,CAAC;IAC5D,MAAMgD,QAAQ,GAAG;MACfhD,KAAK,EAAG,GAAEG,MAAO,kIAAiI;MAClJ8C,KAAK,EAAE,CACL;QACEC,KAAK,EAAE,KAAK;QACZC,IAAI,EAAE;MACR,CAAC,EACD;QACED,KAAK,EAAE,aAAa;QACpBC,IAAI,EAAE;MACR,CAAC;IAEL,CAAC;IAEDvB,MAAM,CAACQ,MAAM,CAAC,CAACJ,OAAO,CAACgB,QAAQ,CAAC;EAClC,CAAC,CAAC;EAEFrB,EAAE,CAAC,8BAA8B,EAAE,YAAY;IAC7C,MAAMyB,EAAE,GAAG,MAAAA,CAAA,KAAYxD,QAAQ,CAACI,KAAK,EAAE,CAAC,SAAS,CAAC,CAAC;IAEnD,MAAM4B,MAAM,CAACwB,EAAE,CAAC,CAAC,CAAC,CAACC,OAAO,CAACrB,OAAO,CAACJ,MAAM,CAAC0B,GAAG,CAACC,KAAK,CAAC,CAAC;EACvD,CAAC,CAAC;AACJ,CAAC,CAAC"}
|
|
@@ -6,37 +6,29 @@ describe("SdJwt4VC", () => {
|
|
|
6
6
|
header: {
|
|
7
7
|
typ: "vc+sd-jwt",
|
|
8
8
|
alg: "RS512",
|
|
9
|
-
kid: "dB67gL7ck3TFiIAf7N6_7SHvqk0MDYMEQcoGGlkUAAw"
|
|
10
|
-
trust_chain: ["NEhRdERpYnlHY3M5WldWTWZ2aUhm ...", "eyJhbGciOiJSUzI1NiIsImtpZCI6 ...", "IkJYdmZybG5oQU11SFIwN2FqVW1B ..."]
|
|
9
|
+
kid: "dB67gL7ck3TFiIAf7N6_7SHvqk0MDYMEQcoGGlkUAAw"
|
|
11
10
|
},
|
|
12
11
|
payload: {
|
|
13
|
-
|
|
14
|
-
sub: "
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
status: "https://pidprovider.example.org/status",
|
|
12
|
+
_sd: ["0q1D5Jmav6pQaEh_J_Fcv_uNNMQIgCyhQOxqlY4l3qU", "KCJ-AVNv88d-xj6sUIAOJxFnbUh3rHXDKkIH1lFqbRs", "M9lo9YxDNIXrAq2qWeiCA40zpJ_zYfFdR_4AEALcRtU", "czgjUk0nqRCswShChCjdS6A1-v47d_qTCSFIvIHhMoI", "nGnQr7clm3tfTp8yjL_uHrDSOtzR2PVb8S7GeLdAqBQ", "xNIVwlpSsaZ8CJSf0gz5x_75VRWWc6V1mlpejdCrqUs"],
|
|
13
|
+
sub: "216f8946-9ecb-4819-9309-c076f34a7e11",
|
|
14
|
+
_sd_alg: "sha-256",
|
|
15
|
+
vct: "PersonIdentificationData",
|
|
16
|
+
iss: "https://pidprovider.example.com",
|
|
19
17
|
cnf: {
|
|
20
18
|
jwk: {
|
|
21
|
-
kty: "
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
19
|
+
kty: "EC",
|
|
20
|
+
crv: "P-256",
|
|
21
|
+
kid: "zEv_qGSL5r0_F67j2dwEgUJmBgbMNSEJ5K_iH1PYc7A",
|
|
22
|
+
x: "0Pj7v_afNp9ETJx11JbYgkI7yQpd0rtiYuo5feuAN2o",
|
|
23
|
+
y: "XB62Um02vHqedkOzSfJ5hdtjPz-zmV9jmWh4sKgdD9o"
|
|
26
24
|
}
|
|
27
25
|
},
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
trust_framework: "eidas",
|
|
33
|
-
assurance_level: "high"
|
|
34
|
-
},
|
|
35
|
-
claims: {
|
|
36
|
-
_sd: ["8JjozBfovMNvQ3HflmPWy4O19Gpxs61FWHjZebU589E", "BoMGktW1rbikntw8Fzx_BeL4YbAndr6AHsdgpatFCig", "CFLGzentGNRFngnLVVQVcoAFi05r6RJUX-rdbLdEfew", "JU_sTaHCngS32X-0ajHrd1-HCLCkpT5YqgcfQme168w", "VQI-S1mT1Kxfq2o8J9io7xMMX2MIxaG9M9PeJVqrMcA", "zVdghcmClMVWlUgGsGpSkCPkEHZ4u9oWj1SlIBlCc1o"]
|
|
26
|
+
exp: 1751107255,
|
|
27
|
+
status: {
|
|
28
|
+
status_attestation: {
|
|
29
|
+
credential_hash_alg: "sha-256"
|
|
37
30
|
}
|
|
38
|
-
}
|
|
39
|
-
_sd_alg: "sha-256"
|
|
31
|
+
}
|
|
40
32
|
}
|
|
41
33
|
};
|
|
42
34
|
const {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["Disclosure","SdJwt4VC","describe","it","token","header","typ","alg","kid","
|
|
1
|
+
{"version":3,"names":["Disclosure","SdJwt4VC","describe","it","token","header","typ","alg","kid","payload","_sd","sub","_sd_alg","vct","iss","cnf","jwk","kty","crv","x","y","exp","status","status_attestation","credential_hash_alg","success","safeParse","expect","toBe","value","type","record","source","organization_name","organization_id","country_code"],"sourceRoot":"../../../../src","sources":["sd-jwt/__test__/types.test.ts"],"mappings":"AAAA,SAASA,UAAU,EAAEC,QAAQ,QAAQ,UAAU;AAE/CC,QAAQ,CAAC,UAAU,EAAE,MAAM;EACzBC,EAAE,CAAC,6BAA6B,EAAE,MAAM;IACtC;IACA,MAAMC,KAAK,GAAG;MACZC,MAAM,EAAE;QACNC,GAAG,EAAE,WAAW;QAChBC,GAAG,EAAE,OAAO;QACZC,GAAG,EAAE;MACP,CAAC;MACDC,OAAO,EAAE;QACPC,GAAG,EAAE,CACH,6CAA6C,EAC7C,6CAA6C,EAC7C,6CAA6C,EAC7C,6CAA6C,EAC7C,6CAA6C,EAC7C,6CAA6C,CAC9C;QACDC,GAAG,EAAE,sCAAsC;QAC3CC,OAAO,EAAE,SAAS;QAClBC,GAAG,EAAE,0BAA0B;QAC/BC,GAAG,EAAE,iCAAiC;QACtCC,GAAG,EAAE;UACHC,GAAG,EAAE;YACHC,GAAG,EAAE,IAAI;YACTC,GAAG,EAAE,OAAO;YACZV,GAAG,EAAE,6CAA6C;YAClDW,CAAC,EAAE,6CAA6C;YAChDC,CAAC,EAAE;UACL;QACF,CAAC;QACDC,GAAG,EAAE,UAAU;QACfC,MAAM,EAAE;UACNC,kBAAkB,EAAE;YAClBC,mBAAmB,EAAE;UACvB;QACF;MACF;IACF,CAAC;IAED,MAAM;MAAEC;IAAQ,CAAC,GAAGxB,QAAQ,CAACyB,SAAS,CAACtB,KAAK,CAAC;IAE7CuB,MAAM,CAACF,OAAO,CAAC,CAACG,IAAI,CAAC,IAAI,CAAC;EAC5B,CAAC,CAAC;AACJ,CAAC,CAAC;AAEF1B,QAAQ,CAAC,YAAY,EAAE,MAAM;EAC3BC,EAAE,CAAC,kCAAkC,EAAE,MAAM;IAC3C;IACA,MAAM0B,KAAK,GAAG,CACZ,wBAAwB,EACxB,UAAU,EACV,CACE;MACEC,IAAI,EAAE,mBAAmB;MACzBC,MAAM,EAAE;QACND,IAAI,EAAE,cAAc;QACpBE,MAAM,EAAE;UACNC,iBAAiB,EAAE,wBAAwB;UAC3CC,eAAe,EAAE,MAAM;UACvBC,YAAY,EAAE;QAChB;MACF;IACF,CAAC,CACF,CACF;IAED,MAAM;MAAEV;IAAQ,CAAC,GAAGzB,UAAU,CAAC0B,SAAS,CAACG,KAAK,CAAC;IAC/CF,MAAM,CAACF,OAAO,CAAC,CAACG,IAAI,CAAC,IAAI,CAAC;EAC5B,CAAC,CAAC;AACJ,CAAC,CAAC"}
|
|
@@ -92,18 +92,12 @@ export const disclose = async (token, claims) => {
|
|
|
92
92
|
|
|
93
93
|
// _sd is defined in verified_claims.claims and verified_claims.verification
|
|
94
94
|
// we must look into both
|
|
95
|
-
if (sdJwt.payload.
|
|
96
|
-
const index = sdJwt.payload.
|
|
95
|
+
if (sdJwt.payload._sd.includes(hash)) {
|
|
96
|
+
const index = sdJwt.payload._sd.indexOf(hash);
|
|
97
97
|
return {
|
|
98
98
|
claim,
|
|
99
99
|
path: `verified_claims.claims._sd[${index}]`
|
|
100
100
|
};
|
|
101
|
-
} else if (sdJwt.payload.verified_claims.verification._sd.includes(hash)) {
|
|
102
|
-
const index = sdJwt.payload.verified_claims.verification._sd.indexOf(hash);
|
|
103
|
-
return {
|
|
104
|
-
claim,
|
|
105
|
-
path: `verified_claims.verification._sd[${index}]`
|
|
106
|
-
};
|
|
107
101
|
}
|
|
108
102
|
throw new ClaimsNotFoundInToken(claim);
|
|
109
103
|
}));
|
|
@@ -147,7 +141,7 @@ export const verify = async (token, publicKey, customSchema) => {
|
|
|
147
141
|
await verifyJwt(rawSdJwt, publicKey);
|
|
148
142
|
|
|
149
143
|
//Check disclosures in sd-jwt
|
|
150
|
-
const claims = [...decoded.sdJwt.payload.
|
|
144
|
+
const claims = [...decoded.sdJwt.payload._sd];
|
|
151
145
|
await Promise.all(decoded.disclosures.map(async disclosure => await verifyDisclosure(disclosure, claims)));
|
|
152
146
|
return {
|
|
153
147
|
sdJwt: decoded.sdJwt,
|