@pagopa/io-react-native-wallet 0.15.4 → 0.16.1
Sign up to get free protection for your applications and to get access to all the features.
- package/lib/commonjs/credential/index.js +3 -1
- package/lib/commonjs/credential/index.js.map +1 -1
- package/lib/commonjs/credential/issuance/04-complete-user-authorization.js +19 -4
- package/lib/commonjs/credential/issuance/04-complete-user-authorization.js.map +1 -1
- package/lib/commonjs/credential/issuance/05-authorize-access.js +5 -12
- package/lib/commonjs/credential/issuance/05-authorize-access.js.map +1 -1
- package/lib/commonjs/credential/issuance/06-obtain-credential.js +5 -6
- package/lib/commonjs/credential/issuance/06-obtain-credential.js.map +1 -1
- package/lib/commonjs/credential/issuance/const.js +1 -3
- package/lib/commonjs/credential/issuance/const.js.map +1 -1
- package/lib/commonjs/credential/status/01-start-flow.js +2 -0
- package/lib/commonjs/credential/status/01-start-flow.js.map +1 -0
- package/lib/commonjs/credential/status/02-status-attestation.js +71 -0
- package/lib/commonjs/credential/status/02-status-attestation.js.map +1 -0
- package/lib/commonjs/credential/status/03-verify-and-parse-status-attestation.js +52 -0
- package/lib/commonjs/credential/status/03-verify-and-parse-status-attestation.js.map +1 -0
- package/lib/commonjs/credential/status/index.js +27 -0
- package/lib/commonjs/credential/status/index.js.map +1 -0
- package/lib/commonjs/credential/status/types.js +48 -0
- package/lib/commonjs/credential/status/types.js.map +1 -0
- package/lib/commonjs/utils/errors.js +82 -2
- package/lib/commonjs/utils/errors.js.map +1 -1
- package/lib/commonjs/utils/misc.js +41 -3
- package/lib/commonjs/utils/misc.js.map +1 -1
- package/lib/commonjs/utils/par.js +1 -1
- package/lib/commonjs/utils/par.js.map +1 -1
- package/lib/module/credential/index.js +2 -1
- package/lib/module/credential/index.js.map +1 -1
- package/lib/module/credential/issuance/04-complete-user-authorization.js +21 -6
- package/lib/module/credential/issuance/04-complete-user-authorization.js.map +1 -1
- package/lib/module/credential/issuance/05-authorize-access.js +6 -13
- package/lib/module/credential/issuance/05-authorize-access.js.map +1 -1
- package/lib/module/credential/issuance/06-obtain-credential.js +5 -6
- package/lib/module/credential/issuance/06-obtain-credential.js.map +1 -1
- package/lib/module/credential/issuance/const.js +0 -1
- package/lib/module/credential/issuance/const.js.map +1 -1
- package/lib/module/credential/status/01-start-flow.js +2 -0
- package/lib/module/credential/status/01-start-flow.js.map +1 -0
- package/lib/module/credential/status/02-status-attestation.js +63 -0
- package/lib/module/credential/status/02-status-attestation.js.map +1 -0
- package/lib/module/credential/status/03-verify-and-parse-status-attestation.js +46 -0
- package/lib/module/credential/status/03-verify-and-parse-status-attestation.js.map +1 -0
- package/lib/module/credential/status/index.js +5 -0
- package/lib/module/credential/status/index.js.map +1 -0
- package/lib/module/credential/status/types.js +40 -0
- package/lib/module/credential/status/types.js.map +1 -0
- package/lib/module/utils/errors.js +76 -1
- package/lib/module/utils/errors.js.map +1 -1
- package/lib/module/utils/misc.js +38 -3
- package/lib/module/utils/misc.js.map +1 -1
- package/lib/module/utils/par.js +1 -1
- package/lib/module/utils/par.js.map +1 -1
- package/lib/typescript/credential/index.d.ts +2 -1
- package/lib/typescript/credential/index.d.ts.map +1 -1
- package/lib/typescript/credential/issuance/04-complete-user-authorization.d.ts +3 -1
- package/lib/typescript/credential/issuance/04-complete-user-authorization.d.ts.map +1 -1
- package/lib/typescript/credential/issuance/05-authorize-access.d.ts +2 -1
- package/lib/typescript/credential/issuance/05-authorize-access.d.ts.map +1 -1
- package/lib/typescript/credential/issuance/06-obtain-credential.d.ts +3 -1
- package/lib/typescript/credential/issuance/06-obtain-credential.d.ts.map +1 -1
- package/lib/typescript/credential/issuance/const.d.ts +0 -1
- package/lib/typescript/credential/issuance/const.d.ts.map +1 -1
- package/lib/typescript/credential/status/01-start-flow.d.ts +10 -0
- package/lib/typescript/credential/status/01-start-flow.d.ts.map +1 -0
- package/lib/typescript/credential/status/02-status-attestation.d.ts +20 -0
- package/lib/typescript/credential/status/02-status-attestation.d.ts.map +1 -0
- package/lib/typescript/credential/status/03-verify-and-parse-status-attestation.d.ts +24 -0
- package/lib/typescript/credential/status/03-verify-and-parse-status-attestation.d.ts.map +1 -0
- package/lib/typescript/credential/status/index.d.ts +7 -0
- package/lib/typescript/credential/status/index.d.ts.map +1 -0
- package/lib/typescript/credential/status/types.d.ts +305 -0
- package/lib/typescript/credential/status/types.d.ts.map +1 -0
- package/lib/typescript/utils/errors.d.ts +49 -0
- package/lib/typescript/utils/errors.d.ts.map +1 -1
- package/lib/typescript/utils/misc.d.ts +18 -1
- package/lib/typescript/utils/misc.d.ts.map +1 -1
- package/lib/typescript/utils/par.d.ts +1 -4
- package/lib/typescript/utils/par.d.ts.map +1 -1
- package/package.json +3 -3
- package/src/credential/index.ts +2 -1
- package/src/credential/issuance/04-complete-user-authorization.ts +36 -6
- package/src/credential/issuance/05-authorize-access.ts +7 -14
- package/src/credential/issuance/06-obtain-credential.ts +8 -8
- package/src/credential/issuance/const.ts +0 -2
- package/src/credential/status/01-start-flow.ts +9 -0
- package/src/credential/status/02-status-attestation.ts +104 -0
- package/src/credential/status/03-verify-and-parse-status-attestation.ts +60 -0
- package/src/credential/status/index.ts +22 -0
- package/src/credential/status/types.ts +43 -0
- package/src/utils/errors.ts +82 -1
- package/src/utils/misc.ts +45 -4
- package/src/utils/par.ts +2 -2
|
@@ -0,0 +1,63 @@
|
|
|
1
|
+
import { getCredentialHashWithouDiscloures, hasStatus } from "../../utils/misc";
|
|
2
|
+
import { SignJWT } from "@pagopa/io-react-native-jwt";
|
|
3
|
+
import uuid from "react-native-uuid";
|
|
4
|
+
import { StatusAttestationResponse } from "./types";
|
|
5
|
+
import { StatusAttestationError, StatusAttestationInvalid, UnexpectedStatusCodeError } from "../../utils/errors";
|
|
6
|
+
/**
|
|
7
|
+
* WARNING: This function must be called after {@link startFlow}.
|
|
8
|
+
* Verify the status of the credential attestation.
|
|
9
|
+
* @param issuerConf - The issuer's configuration
|
|
10
|
+
* @param credential - The credential to be verified
|
|
11
|
+
* @param credentialCryptoContext - The credential's crypto context
|
|
12
|
+
* @param context.appFetch (optional) fetch api implementation. Default: built-in fetch
|
|
13
|
+
* @throws {@link StatusAttestationInvalid} if the status attestation is invalid and thus the credential is not valid
|
|
14
|
+
* @throws {@link StatusAttestationError} if an error occurs during the status attestation
|
|
15
|
+
* @returns The credential status attestation
|
|
16
|
+
*/
|
|
17
|
+
export const statusAttestation = async function (issuerConf, credential, credentialCryptoContext) {
|
|
18
|
+
let appFetch = arguments.length > 3 && arguments[3] !== undefined ? arguments[3] : fetch;
|
|
19
|
+
const jwk = await credentialCryptoContext.getPublicKey();
|
|
20
|
+
const credentialHash = await getCredentialHashWithouDiscloures(credential);
|
|
21
|
+
const statusAttUrl = issuerConf.openid_credential_issuer.status_attestation_endpoint;
|
|
22
|
+
const credentialPop = await new SignJWT(credentialCryptoContext).setPayload({
|
|
23
|
+
aud: statusAttUrl,
|
|
24
|
+
jti: uuid.v4().toString(),
|
|
25
|
+
credential_hash: credentialHash,
|
|
26
|
+
credential_hash_alg: "S256"
|
|
27
|
+
}).setProtectedHeader({
|
|
28
|
+
alg: "ES256",
|
|
29
|
+
typ: "status-attestation-request+jwt",
|
|
30
|
+
kid: jwk.kid
|
|
31
|
+
}).setIssuedAt().setExpirationTime("5m").sign();
|
|
32
|
+
const body = {
|
|
33
|
+
credential_pop: credentialPop
|
|
34
|
+
};
|
|
35
|
+
const result = await appFetch(statusAttUrl, {
|
|
36
|
+
method: "POST",
|
|
37
|
+
headers: {
|
|
38
|
+
"Content-Type": "application/json"
|
|
39
|
+
},
|
|
40
|
+
body: JSON.stringify(body)
|
|
41
|
+
}).then(hasStatus(201)).then(raw => raw.json()).then(json => StatusAttestationResponse.parse(json)).catch(handleStatusAttestationError);
|
|
42
|
+
return {
|
|
43
|
+
statusAttestation: result.status_attestation
|
|
44
|
+
};
|
|
45
|
+
};
|
|
46
|
+
|
|
47
|
+
/**
|
|
48
|
+
* Handle the status attestation error by mapping it to a custom exception.
|
|
49
|
+
* If the error is not an instance of {@link UnexpectedStatusCodeError}, it is thrown as is.
|
|
50
|
+
* @param e - The error to be handled
|
|
51
|
+
* @throws {@link StatusAttestationError} if the status code is different from 404
|
|
52
|
+
* @throws {@link StatusAttestationInvalid} if the status code is 404 (meaning the credential is invalid)
|
|
53
|
+
*/
|
|
54
|
+
const handleStatusAttestationError = e => {
|
|
55
|
+
if (!(e instanceof UnexpectedStatusCodeError)) {
|
|
56
|
+
throw e;
|
|
57
|
+
}
|
|
58
|
+
if (e.statusCode === 404) {
|
|
59
|
+
throw new StatusAttestationInvalid("Invalid status found for the given credential", e.message);
|
|
60
|
+
}
|
|
61
|
+
throw new StatusAttestationError(`Unable to obtain the status attestation for the given credential [response status code: ${e.statusCode}]`, e.message);
|
|
62
|
+
};
|
|
63
|
+
//# sourceMappingURL=02-status-attestation.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"names":["getCredentialHashWithouDiscloures","hasStatus","SignJWT","uuid","StatusAttestationResponse","StatusAttestationError","StatusAttestationInvalid","UnexpectedStatusCodeError","statusAttestation","issuerConf","credential","credentialCryptoContext","appFetch","arguments","length","undefined","fetch","jwk","getPublicKey","credentialHash","statusAttUrl","openid_credential_issuer","status_attestation_endpoint","credentialPop","setPayload","aud","jti","v4","toString","credential_hash","credential_hash_alg","setProtectedHeader","alg","typ","kid","setIssuedAt","setExpirationTime","sign","body","credential_pop","result","method","headers","JSON","stringify","then","raw","json","parse","catch","handleStatusAttestationError","status_attestation","e","statusCode","message"],"sourceRoot":"../../../../src","sources":["credential/status/02-status-attestation.ts"],"mappings":"AAAA,SACEA,iCAAiC,EACjCC,SAAS,QAEJ,kBAAkB;AAEzB,SAASC,OAAO,QAA4B,6BAA6B;AACzE,OAAOC,IAAI,MAAM,mBAAmB;AACpC,SAASC,yBAAyB,QAAQ,SAAS;AACnD,SACEC,sBAAsB,EACtBC,wBAAwB,EACxBC,yBAAyB,QACpB,oBAAoB;AAW3B;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,iBAAoC,GAAG,eAAAA,CAClDC,UAAU,EACVC,UAAU,EACVC,uBAAuB,EAEpB;EAAA,IADHC,QAA8B,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAGG,KAAK;EAEtC,MAAMC,GAAG,GAAG,MAAMN,uBAAuB,CAACO,YAAY,CAAC,CAAC;EACxD,MAAMC,cAAc,GAAG,MAAMnB,iCAAiC,CAACU,UAAU,CAAC;EAC1E,MAAMU,YAAY,GAChBX,UAAU,CAACY,wBAAwB,CAACC,2BAA2B;EACjE,MAAMC,aAAa,GAAG,MAAM,IAAIrB,OAAO,CAACS,uBAAuB,CAAC,CAC7Da,UAAU,CAAC;IACVC,GAAG,EAAEL,YAAY;IACjBM,GAAG,EAAEvB,IAAI,CAACwB,EAAE,CAAC,CAAC,CAACC,QAAQ,CAAC,CAAC;IACzBC,eAAe,EAAEV,cAAc;IAC/BW,mBAAmB,EAAE;EACvB,CAAC,CAAC,CACDC,kBAAkB,CAAC;IAClBC,GAAG,EAAE,OAAO;IACZC,GAAG,EAAE,gCAAgC;IACrCC,GAAG,EAAEjB,GAAG,CAACiB;EACX,CAAC,CAAC,CACDC,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBC,IAAI,CAAC,CAAC;EAET,MAAMC,IAAI,GAAG;IACXC,cAAc,EAAEhB;EAClB,CAAC;EAED,MAAMiB,MAAM,GAAG,MAAM5B,QAAQ,CAACQ,YAAY,EAAE;IAC1CqB,MAAM,EAAE,MAAM;IACdC,OAAO,EAAE;MACP,cAAc,EAAE;IAClB,CAAC;IACDJ,IAAI,EAAEK,IAAI,CAACC,SAAS,CAACN,IAAI;EAC3B,CAAC,CAAC,CACCO,IAAI,CAAC5C,SAAS,CAAC,GAAG,CAAC,CAAC,CACpB4C,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBF,IAAI,CAAEE,IAAI,IAAK3C,yBAAyB,CAAC4C,KAAK,CAACD,IAAI,CAAC,CAAC,CACrDE,KAAK,CAACC,4BAA4B,CAAC;EAEtC,OAAO;IAAE1C,iBAAiB,EAAEgC,MAAM,CAACW;EAAmB,CAAC;AACzD,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAMD,4BAA4B,GAAIE,CAAU,IAAK;EACnD,IAAI,EAAEA,CAAC,YAAY7C,yBAAyB,CAAC,EAAE;IAC7C,MAAM6C,CAAC;EACT;EAEA,IAAIA,CAAC,CAACC,UAAU,KAAK,GAAG,EAAE;IACxB,MAAM,IAAI/C,wBAAwB,CAChC,+CAA+C,EAC/C8C,CAAC,CAACE,OACJ,CAAC;EACH;EAEA,MAAM,IAAIjD,sBAAsB,CAC7B,2FAA0F+C,CAAC,CAACC,UAAW,GAAE,EAC1GD,CAAC,CAACE,OACJ,CAAC;AACH,CAAC"}
|
|
@@ -0,0 +1,46 @@
|
|
|
1
|
+
import { IoWalletError } from "../../utils/errors";
|
|
2
|
+
import { verify } from "@pagopa/io-react-native-jwt";
|
|
3
|
+
import { ParsedStatusAttestation } from "./types";
|
|
4
|
+
import { decode as decodeJwt } from "@pagopa/io-react-native-jwt";
|
|
5
|
+
/**
|
|
6
|
+
* Given a status attestation, verifies that:
|
|
7
|
+
* - It's in the supported format;
|
|
8
|
+
* - The attestation is correctly signed;
|
|
9
|
+
* - It's bound to the given key.
|
|
10
|
+
* @param issuerConf The Issuer configuration returned by {@link evaluateIssuerTrust}
|
|
11
|
+
* @param statusAttestation The encoded status attestation returned by {@link statusAttestation}
|
|
12
|
+
* @param context.credentialCryptoContext The crypto context used to obtain the credential in {@link obtainCredential}
|
|
13
|
+
* @returns A parsed status attestation
|
|
14
|
+
* @throws {IoWalletError} If the credential signature is not verified with the Issuer key set
|
|
15
|
+
* @throws {IoWalletError} If the credential is not bound to the provided user key
|
|
16
|
+
* @throws {IoWalletError} If the credential data fail to parse
|
|
17
|
+
*/
|
|
18
|
+
export const verifyAndParseStatusAttestation = async (issuerConf, rawStatusAttestation, context) => {
|
|
19
|
+
try {
|
|
20
|
+
const {
|
|
21
|
+
statusAttestation
|
|
22
|
+
} = rawStatusAttestation;
|
|
23
|
+
const {
|
|
24
|
+
credentialCryptoContext
|
|
25
|
+
} = context;
|
|
26
|
+
await verify(statusAttestation, issuerConf.openid_credential_issuer.jwks.keys);
|
|
27
|
+
const decodedJwt = decodeJwt(statusAttestation);
|
|
28
|
+
const parsedStatusAttestation = ParsedStatusAttestation.parse({
|
|
29
|
+
header: decodedJwt.protectedHeader,
|
|
30
|
+
payload: decodedJwt.payload
|
|
31
|
+
});
|
|
32
|
+
const holderBindingKey = await credentialCryptoContext.getPublicKey();
|
|
33
|
+
const {
|
|
34
|
+
cnf
|
|
35
|
+
} = parsedStatusAttestation.payload;
|
|
36
|
+
if (!cnf.jwk.kid || cnf.jwk.kid !== holderBindingKey.kid) {
|
|
37
|
+
throw new IoWalletError(`Failed to verify holder binding for status attestation, expected kid: ${holderBindingKey.kid}, got: ${parsedStatusAttestation.payload.cnf.jwk.kid}`);
|
|
38
|
+
}
|
|
39
|
+
return {
|
|
40
|
+
parsedStatusAttestation
|
|
41
|
+
};
|
|
42
|
+
} catch (e) {
|
|
43
|
+
throw new IoWalletError(`Failed to verify status attestation: ${JSON.stringify(e)}`);
|
|
44
|
+
}
|
|
45
|
+
};
|
|
46
|
+
//# sourceMappingURL=03-verify-and-parse-status-attestation.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"names":["IoWalletError","verify","ParsedStatusAttestation","decode","decodeJwt","verifyAndParseStatusAttestation","issuerConf","rawStatusAttestation","context","statusAttestation","credentialCryptoContext","openid_credential_issuer","jwks","keys","decodedJwt","parsedStatusAttestation","parse","header","protectedHeader","payload","holderBindingKey","getPublicKey","cnf","jwk","kid","e","JSON","stringify"],"sourceRoot":"../../../../src","sources":["credential/status/03-verify-and-parse-status-attestation.ts"],"mappings":"AACA,SAASA,aAAa,QAAQ,oBAAoB;AAClD,SAASC,MAAM,QAA4B,6BAA6B;AAExE,SAASC,uBAAuB,QAAQ,SAAS;AACjD,SAASC,MAAM,IAAIC,SAAS,QAAQ,6BAA6B;AAUjE;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,+BAAgE,GAC3E,MAAAA,CAAOC,UAAU,EAAEC,oBAAoB,EAAEC,OAAO,KAAK;EACnD,IAAI;IACF,MAAM;MAAEC;IAAkB,CAAC,GAAGF,oBAAoB;IAClD,MAAM;MAAEG;IAAwB,CAAC,GAAGF,OAAO;IAE3C,MAAMP,MAAM,CACVQ,iBAAiB,EACjBH,UAAU,CAACK,wBAAwB,CAACC,IAAI,CAACC,IAC3C,CAAC;IAED,MAAMC,UAAU,GAAGV,SAAS,CAACK,iBAAiB,CAAC;IAC/C,MAAMM,uBAAuB,GAAGb,uBAAuB,CAACc,KAAK,CAAC;MAC5DC,MAAM,EAAEH,UAAU,CAACI,eAAe;MAClCC,OAAO,EAAEL,UAAU,CAACK;IACtB,CAAC,CAAC;IAEF,MAAMC,gBAAgB,GAAG,MAAMV,uBAAuB,CAACW,YAAY,CAAC,CAAC;IACrE,MAAM;MAAEC;IAAI,CAAC,GAAGP,uBAAuB,CAACI,OAAO;IAC/C,IAAI,CAACG,GAAG,CAACC,GAAG,CAACC,GAAG,IAAIF,GAAG,CAACC,GAAG,CAACC,GAAG,KAAKJ,gBAAgB,CAACI,GAAG,EAAE;MACxD,MAAM,IAAIxB,aAAa,CACpB,yEAAwEoB,gBAAgB,CAACI,GAAI,UAAST,uBAAuB,CAACI,OAAO,CAACG,GAAG,CAACC,GAAG,CAACC,GAAI,EACrJ,CAAC;IACH;IAEA,OAAO;MAAET;IAAwB,CAAC;EACpC,CAAC,CAAC,OAAOU,CAAC,EAAE;IACV,MAAM,IAAIzB,aAAa,CACpB,wCAAuC0B,IAAI,CAACC,SAAS,CAACF,CAAC,CAAE,EAC5D,CAAC;EACH;AACF,CAAC"}
|
|
@@ -0,0 +1,5 @@
|
|
|
1
|
+
import { statusAttestation } from "./02-status-attestation";
|
|
2
|
+
import { evaluateIssuerTrust } from "../issuance";
|
|
3
|
+
import { verifyAndParseStatusAttestation } from "./03-verify-and-parse-status-attestation";
|
|
4
|
+
export { evaluateIssuerTrust, statusAttestation, verifyAndParseStatusAttestation };
|
|
5
|
+
//# sourceMappingURL=index.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"names":["statusAttestation","evaluateIssuerTrust","verifyAndParseStatusAttestation"],"sourceRoot":"../../../../src","sources":["credential/status/index.ts"],"mappings":"AACA,SACEA,iBAAiB,QAEZ,yBAAyB;AAChC,SAASC,mBAAmB,QAAkC,aAAa;AAC3E,SACEC,+BAA+B,QAE1B,0CAA0C;AAEjD,SACED,mBAAmB,EACnBD,iBAAiB,EACjBE,+BAA+B"}
|
|
@@ -0,0 +1,40 @@
|
|
|
1
|
+
import { UnixTime } from "../../sd-jwt/types";
|
|
2
|
+
import { JWK } from "../../utils/jwk";
|
|
3
|
+
import * as z from "zod";
|
|
4
|
+
|
|
5
|
+
/**
|
|
6
|
+
* Shape from parsing a status attestation response in case of 201.
|
|
7
|
+
*/
|
|
8
|
+
export const StatusAttestationResponse = z.object({
|
|
9
|
+
status_attestation: z.string()
|
|
10
|
+
});
|
|
11
|
+
|
|
12
|
+
/**
|
|
13
|
+
* Type from parsing a status attestation response in case of 201.
|
|
14
|
+
* Inferred from {@link StatusAttestationResponse}.
|
|
15
|
+
*/
|
|
16
|
+
|
|
17
|
+
/**
|
|
18
|
+
* Type for a parsed status attestation.
|
|
19
|
+
*/
|
|
20
|
+
|
|
21
|
+
/**
|
|
22
|
+
* Shape for parsing a status attestation in a JWT.
|
|
23
|
+
*/
|
|
24
|
+
export const ParsedStatusAttestation = z.object({
|
|
25
|
+
header: z.object({
|
|
26
|
+
typ: z.literal("status-attestation+jwt"),
|
|
27
|
+
alg: z.string(),
|
|
28
|
+
kid: z.string().optional()
|
|
29
|
+
}),
|
|
30
|
+
payload: z.object({
|
|
31
|
+
credential_hash_alg: z.string(),
|
|
32
|
+
credential_hash: z.string(),
|
|
33
|
+
cnf: z.object({
|
|
34
|
+
jwk: JWK
|
|
35
|
+
}),
|
|
36
|
+
exp: UnixTime,
|
|
37
|
+
iat: UnixTime
|
|
38
|
+
})
|
|
39
|
+
});
|
|
40
|
+
//# sourceMappingURL=types.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"names":["UnixTime","JWK","z","StatusAttestationResponse","object","status_attestation","string","ParsedStatusAttestation","header","typ","literal","alg","kid","optional","payload","credential_hash_alg","credential_hash","cnf","jwk","exp","iat"],"sourceRoot":"../../../../src","sources":["credential/status/types.ts"],"mappings":"AAAA,SAASA,QAAQ,QAAQ,oBAAoB;AAC7C,SAASC,GAAG,QAAQ,iBAAiB;AACrC,OAAO,KAAKC,CAAC,MAAM,KAAK;;AAExB;AACA;AACA;AACA,OAAO,MAAMC,yBAAyB,GAAGD,CAAC,CAACE,MAAM,CAAC;EAChDC,kBAAkB,EAAEH,CAAC,CAACI,MAAM,CAAC;AAC/B,CAAC,CAAC;;AAEF;AACA;AACA;AACA;;AAKA;AACA;AACA;;AAGA;AACA;AACA;AACA,OAAO,MAAMC,uBAAuB,GAAGL,CAAC,CAACE,MAAM,CAAC;EAC9CI,MAAM,EAAEN,CAAC,CAACE,MAAM,CAAC;IACfK,GAAG,EAAEP,CAAC,CAACQ,OAAO,CAAC,wBAAwB,CAAC;IACxCC,GAAG,EAAET,CAAC,CAACI,MAAM,CAAC,CAAC;IACfM,GAAG,EAAEV,CAAC,CAACI,MAAM,CAAC,CAAC,CAACO,QAAQ,CAAC;EAC3B,CAAC,CAAC;EACFC,OAAO,EAAEZ,CAAC,CAACE,MAAM,CAAC;IAChBW,mBAAmB,EAAEb,CAAC,CAACI,MAAM,CAAC,CAAC;IAC/BU,eAAe,EAAEd,CAAC,CAACI,MAAM,CAAC,CAAC;IAC3BW,GAAG,EAAEf,CAAC,CAACE,MAAM,CAAC;MACZc,GAAG,EAAEjB;IACP,CAAC,CAAC;IACFkB,GAAG,EAAEnB,QAAQ;IACboB,GAAG,EAAEpB;EACP,CAAC;AACH,CAAC,CAAC"}
|
|
@@ -8,7 +8,7 @@
|
|
|
8
8
|
* @param attrs A key value record set
|
|
9
9
|
* @returns a human-readable serialization of the set
|
|
10
10
|
*/
|
|
11
|
-
const serializeAttrs = attrs => Object.entries(attrs).map(_ref => {
|
|
11
|
+
export const serializeAttrs = attrs => Object.entries(attrs).map(_ref => {
|
|
12
12
|
let [k, v] = _ref;
|
|
13
13
|
return [k, Array.isArray(v) ? `(${v.join(", ")})` : v];
|
|
14
14
|
}).map(_ => _.join("=")).join(" ");
|
|
@@ -40,6 +40,26 @@ export class IoWalletError extends Error {
|
|
|
40
40
|
(_Error$captureStackTr = Error.captureStackTrace) === null || _Error$captureStackTr === void 0 ? void 0 : _Error$captureStackTr.call(Error, this, this.constructor);
|
|
41
41
|
}
|
|
42
42
|
}
|
|
43
|
+
|
|
44
|
+
/**
|
|
45
|
+
* An error subclass thrown when a Wallet Provider http request has a status code different from the one expected.
|
|
46
|
+
*/
|
|
47
|
+
export class UnexpectedStatusCodeError extends IoWalletError {
|
|
48
|
+
static get code() {
|
|
49
|
+
return "ERR_UNEXPECTED_STATUS_CODE";
|
|
50
|
+
}
|
|
51
|
+
code = "ERR_UNEXPECTED_STATUS_CODE";
|
|
52
|
+
|
|
53
|
+
/** HTTP status code */
|
|
54
|
+
|
|
55
|
+
constructor(message, statusCode) {
|
|
56
|
+
super(serializeAttrs({
|
|
57
|
+
message,
|
|
58
|
+
statusCode: statusCode.toString()
|
|
59
|
+
}));
|
|
60
|
+
this.statusCode = statusCode;
|
|
61
|
+
}
|
|
62
|
+
}
|
|
43
63
|
/**
|
|
44
64
|
* An error subclass thrown when validation fail
|
|
45
65
|
*
|
|
@@ -316,4 +336,59 @@ export class AuthorizationIdpError extends IoWalletError {
|
|
|
316
336
|
this.errorDescription = errorDescription;
|
|
317
337
|
}
|
|
318
338
|
}
|
|
339
|
+
|
|
340
|
+
/**
|
|
341
|
+
* Error subclass thrown when an operation has been aborted.
|
|
342
|
+
*/
|
|
343
|
+
export class OperationAbortedError extends IoWalletError {
|
|
344
|
+
static get code() {
|
|
345
|
+
return "ERR_IO_WALLET_OPERATION_ABORTED";
|
|
346
|
+
}
|
|
347
|
+
code = "ERR_IO_WALLET_OPERATION_ABORTED";
|
|
348
|
+
|
|
349
|
+
/** The aborted operation */
|
|
350
|
+
|
|
351
|
+
constructor(operation) {
|
|
352
|
+
super(serializeAttrs({
|
|
353
|
+
operation
|
|
354
|
+
}));
|
|
355
|
+
this.operation = operation;
|
|
356
|
+
}
|
|
357
|
+
}
|
|
358
|
+
|
|
359
|
+
/**
|
|
360
|
+
* Error subclass thrown when the status attestation for a credential is invalid.
|
|
361
|
+
*/
|
|
362
|
+
export class StatusAttestationInvalid extends IoWalletError {
|
|
363
|
+
static get code() {
|
|
364
|
+
return "ERR_STATUS_ATTESTATION_INVALID";
|
|
365
|
+
}
|
|
366
|
+
code = "ERR_STATUS_ATTESTATION_INVALID";
|
|
367
|
+
constructor(message) {
|
|
368
|
+
let reason = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : "unspecified";
|
|
369
|
+
super(serializeAttrs({
|
|
370
|
+
message,
|
|
371
|
+
reason
|
|
372
|
+
}));
|
|
373
|
+
this.reason = reason;
|
|
374
|
+
}
|
|
375
|
+
}
|
|
376
|
+
|
|
377
|
+
/**
|
|
378
|
+
* Error subclass thrown when an error occurs while obtaining a status attestation for a credential.
|
|
379
|
+
*/
|
|
380
|
+
export class StatusAttestationError extends IoWalletError {
|
|
381
|
+
static get code() {
|
|
382
|
+
return "ERR_STATUS_ATTESTATION_ERROR";
|
|
383
|
+
}
|
|
384
|
+
code = "ERR_STATUS_ATTESTATION_ERROR";
|
|
385
|
+
constructor(message) {
|
|
386
|
+
let reason = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : "unspecified";
|
|
387
|
+
super(serializeAttrs({
|
|
388
|
+
message,
|
|
389
|
+
reason
|
|
390
|
+
}));
|
|
391
|
+
this.reason = reason;
|
|
392
|
+
}
|
|
393
|
+
}
|
|
319
394
|
//# sourceMappingURL=errors.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["serializeAttrs","attrs","Object","entries","map","_ref","k","v","Array","isArray","join","_","IoWalletError","Error","code","constructor","message","_Error$captureStackTr","name","captureStackTrace","call","ValidationFailed","claim","arguments","length","undefined","reason","WalletInstanceAttestationIssuingError","AuthRequestDecodeError","PidIssuingError","ClaimsNotFoundBetweenDislosures","claims","c","ClaimsNotFoundInToken","NoSuitableKeysFoundInEntityConfiguration","scenario","PidMetadataError","WalletProviderResponseError","
|
|
1
|
+
{"version":3,"names":["serializeAttrs","attrs","Object","entries","map","_ref","k","v","Array","isArray","join","_","IoWalletError","Error","code","constructor","message","_Error$captureStackTr","name","captureStackTrace","call","UnexpectedStatusCodeError","statusCode","toString","ValidationFailed","claim","arguments","length","undefined","reason","WalletInstanceAttestationIssuingError","AuthRequestDecodeError","PidIssuingError","ClaimsNotFoundBetweenDislosures","claims","c","ClaimsNotFoundInToken","NoSuitableKeysFoundInEntityConfiguration","scenario","PidMetadataError","WalletProviderResponseError","WalletInstanceRevokedError","WalletInstanceNotFoundError","AuthorizationError","AuthorizationIdpError","error","errorDescription","OperationAbortedError","operation","StatusAttestationInvalid","StatusAttestationError"],"sourceRoot":"../../../src","sources":["utils/errors.ts"],"mappings":"AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMA,cAAc,GACzBC,KAAsC,IAEtCC,MAAM,CAACC,OAAO,CAACF,KAAK,CAAC,CAClBG,GAAG,CAACC,IAAA;EAAA,IAAC,CAACC,CAAC,EAAEC,CAAC,CAAC,GAAAF,IAAA;EAAA,OAAK,CAACC,CAAC,EAAEE,KAAK,CAACC,OAAO,CAACF,CAAC,CAAC,GAAI,IAAGA,CAAC,CAACG,IAAI,CAAC,IAAI,CAAE,GAAE,GAAGH,CAAC,CAAC;AAAA,EAAC,CAChEH,GAAG,CAAEO,CAAC,IAAKA,CAAC,CAACD,IAAI,CAAC,GAAG,CAAC,CAAC,CACvBA,IAAI,CAAC,GAAG,CAAC;;AAEd;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAME,aAAa,SAASC,KAAK,CAAC;EACvC;EACA,WAAWC,IAAIA,CAAA,EAAW;IACxB,OAAO,uBAAuB;EAChC;;EAEA;EACAA,IAAI,GAAW,uBAAuB;EAEtCC,WAAWA,CAACC,OAAgB,EAAE;IAAA,IAAAC,qBAAA;IAC5B,KAAK,CAACD,OAAO,CAAC;IACd,IAAI,CAACE,IAAI,GAAG,IAAI,CAACH,WAAW,CAACG,IAAI;IACjC;IACA,CAAAD,qBAAA,GAAAJ,KAAK,CAACM,iBAAiB,cAAAF,qBAAA,uBAAvBA,qBAAA,CAAAG,IAAA,CAAAP,KAAK,EAAqB,IAAI,EAAE,IAAI,CAACE,WAAW,CAAC;EACnD;AACF;;AAEA;AACA;AACA;AACA,OAAO,MAAMM,yBAAyB,SAAST,aAAa,CAAC;EAC3D,WAAWE,IAAIA,CAAA,EAAiC;IAC9C,OAAO,4BAA4B;EACrC;EAEAA,IAAI,GAAG,4BAA4B;;EAEnC;;EAGAC,WAAWA,CAACC,OAAe,EAAEM,UAAkB,EAAE;IAC/C,KAAK,CACHtB,cAAc,CAAC;MACbgB,OAAO;MACPM,UAAU,EAAEA,UAAU,CAACC,QAAQ,CAAC;IAClC,CAAC,CACH,CAAC;IACD,IAAI,CAACD,UAAU,GAAGA,UAAU;EAC9B;AACF;AACA;AACA;AACA;AACA;AACA,OAAO,MAAME,gBAAgB,SAASZ,aAAa,CAAC;EAClD,WAAWE,IAAIA,CAAA,EAAsC;IACnD,OAAO,iCAAiC;EAC1C;EAEAA,IAAI,GAAG,iCAAiC;;EAExC;;EAGA;;EAGAC,WAAWA,CACTC,OAAe,EAGf;IAAA,IAFAS,KAAa,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,aAAa;IAAA,IAC7BG,MAAc,GAAAH,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,aAAa;IAE9B,KAAK,CAAC1B,cAAc,CAAC;MAAEgB,OAAO;MAAES,KAAK;MAAEI;IAAO,CAAC,CAAC,CAAC;IACjD,IAAI,CAACJ,KAAK,GAAGA,KAAK;IAClB,IAAI,CAACI,MAAM,GAAGA,MAAM;EACtB;AACF;;AAEA;AACA;AACA;AACA;AACA,OAAO,MAAMC,qCAAqC,SAASlB,aAAa,CAAC;EACvE,WAAWE,IAAIA,CAAA,EAAwD;IACrE,OAAO,mDAAmD;EAC5D;EAEAA,IAAI,GAAG,mDAAmD;;EAE1D;;EAGA;;EAGAC,WAAWA,CACTC,OAAe,EAGf;IAAA,IAFAS,KAAa,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,aAAa;IAAA,IAC7BG,MAAc,GAAAH,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,aAAa;IAE9B,KAAK,CAAC1B,cAAc,CAAC;MAAEgB,OAAO;MAAES,KAAK;MAAEI;IAAO,CAAC,CAAC,CAAC;IACjD,IAAI,CAACJ,KAAK,GAAGA,KAAK;IAClB,IAAI,CAACI,MAAM,GAAGA,MAAM;EACtB;AACF;;AAEA;AACA;AACA;AACA;AACA,OAAO,MAAME,sBAAsB,SAASnB,aAAa,CAAC;EACxD,WAAWE,IAAIA,CAAA,EAAyD;IACtE,OAAO,oDAAoD;EAC7D;EAEAA,IAAI,GAAG,oDAAoD;;EAE3D;;EAGA;;EAGAC,WAAWA,CACTC,OAAe,EAGf;IAAA,IAFAS,KAAa,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,aAAa;IAAA,IAC7BG,MAAc,GAAAH,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,aAAa;IAE9B,KAAK,CAAC1B,cAAc,CAAC;MAAEgB,OAAO;MAAES,KAAK;MAAEI;IAAO,CAAC,CAAC,CAAC;IACjD,IAAI,CAACJ,KAAK,GAAGA,KAAK;IAClB,IAAI,CAACI,MAAM,GAAGA,MAAM;EACtB;AACF;;AAEA;AACA;AACA;AACA;AACA,OAAO,MAAMG,eAAe,SAASpB,aAAa,CAAC;EACjD,WAAWE,IAAIA,CAAA,EAAuC;IACpD,OAAO,kCAAkC;EAC3C;EAEAA,IAAI,GAAG,kCAAkC;;EAEzC;;EAGA;;EAGAC,WAAWA,CACTC,OAAe,EAGf;IAAA,IAFAS,KAAa,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,aAAa;IAAA,IAC7BG,MAAc,GAAAH,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,aAAa;IAE9B,KAAK,CAAC1B,cAAc,CAAC;MAAEgB,OAAO;MAAES,KAAK;MAAEI;IAAO,CAAC,CAAC,CAAC;IACjD,IAAI,CAACJ,KAAK,GAAGA,KAAK;IAClB,IAAI,CAACI,MAAM,GAAGA,MAAM;EACtB;AACF;;AAEA;AACA;AACA;AACA;AACA,OAAO,MAAMI,+BAA+B,SAASpB,KAAK,CAAC;EACzD,WAAWC,IAAIA,CAAA,EAA2B;IACxC,OAAO,sBAAsB;EAC/B;EAEAA,IAAI,GAAG,sBAAsB;;EAE7B;;EAGAC,WAAWA,CAACmB,MAAyB,EAAE;IACrC,MAAMC,CAAC,GAAG3B,KAAK,CAACC,OAAO,CAACyB,MAAM,CAAC,GAAGA,MAAM,GAAG,CAACA,MAAM,CAAC;IACnD,MAAMlB,OAAO,GAAI,8EAA6EmB,CAAC,CAACzB,IAAI,CAClG,IACF,CAAE,EAAC;IACH,KAAK,CAACM,OAAO,CAAC;IACd,IAAI,CAACkB,MAAM,GAAGC,CAAC;EACjB;AACF;;AAEA;AACA;AACA;AACA,OAAO,MAAMC,qBAAqB,SAASvB,KAAK,CAAC;EAC/C,WAAWC,IAAIA,CAAA,EAAoC;IACjD,OAAO,+BAA+B;EACxC;EAEAA,IAAI,GAAG,+BAA+B;;EAEtC;;EAGAC,WAAWA,CAACmB,MAAyB,EAAE;IACrC,MAAMC,CAAC,GAAG3B,KAAK,CAACC,OAAO,CAACyB,MAAM,CAAC,GAAGA,MAAM,GAAG,CAACA,MAAM,CAAC;IACnD,MAAMlB,OAAO,GAAI,yDAAwDmB,CAAC,CAACzB,IAAI,CAC7E,IACF,CAAE,EAAC;IACH,KAAK,CAACM,OAAO,CAAC;IACd,IAAI,CAACkB,MAAM,GAAGC,CAAC;EACjB;AACF;;AAEA;AACA;AACA;AACA;AACA,OAAO,MAAME,wCAAwC,SAASxB,KAAK,CAAC;EAClE,WAAWC,IAAIA,CAAA,EAAqC;IAClD,OAAO,gCAAgC;EACzC;EAEAA,IAAI,GAAG,gCAAgC;;EAEvC;AACF;AACA;EACEC,WAAWA,CAACuB,QAAgB,EAAE;IAC5B,MAAMtB,OAAO,GAAI,0DAAyDsB,QAAS,IAAG;IACtF,KAAK,CAACtB,OAAO,CAAC;EAChB;AACF;;AAEA;AACA;AACA;AACA;AACA,OAAO,MAAMuB,gBAAgB,SAAS1B,KAAK,CAAC;EAC1C,WAAWC,IAAIA,CAAA,EAAyB;IACtC,OAAO,oBAAoB;EAC7B;EAEAC,WAAWA,CAACC,OAAe,EAAE;IAC3B,KAAK,CAACA,OAAO,CAAC;EAChB;AACF;;AAEA;AACA;AACA;AACA;AACA,OAAO,MAAMwB,2BAA2B,SAAS5B,aAAa,CAAC;EAC7D,WAAWE,IAAIA,CAAA,EAA6C;IAC1D,OAAO,wCAAwC;EACjD;EAEAA,IAAI,GAAG,wCAAwC;;EAE/C;;EAGA;;EAGA;;EAGAC,WAAWA,CACTC,OAAe,EAIf;IAAA,IAHAS,KAAa,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,aAAa;IAAA,IAC7BG,MAAc,GAAAH,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,aAAa;IAAA,IAC9BJ,UAAkB,GAAAI,SAAA,CAAAC,MAAA,OAAAD,SAAA,MAAAE,SAAA;IAElB,KAAK,CACH5B,cAAc,CAAC;MACbgB,OAAO;MACPS,KAAK;MACLI,MAAM;MACNP,UAAU,EAAEA,UAAU,CAACC,QAAQ,CAAC;IAClC,CAAC,CACH,CAAC;IACD,IAAI,CAACE,KAAK,GAAGA,KAAK;IAClB,IAAI,CAACI,MAAM,GAAGA,MAAM;IACpB,IAAI,CAACP,UAAU,GAAGA,UAAU;EAC9B;AACF;AAEA,OAAO,MAAMmB,0BAA0B,SAAS7B,aAAa,CAAC;EAC5D,WAAWE,IAAIA,CAAA,EAAqC;IAClD,OAAO,gCAAgC;EACzC;EAEAA,IAAI,GAAG,gCAAgC;EAKvCC,WAAWA,CAACC,OAAe,EAAES,KAAa,EAAkC;IAAA,IAAhCI,MAAc,GAAAH,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,aAAa;IACxE,KAAK,CAAC1B,cAAc,CAAC;MAAEgB,OAAO;MAAES,KAAK;MAAEI;IAAO,CAAC,CAAC,CAAC;IACjD,IAAI,CAACA,MAAM,GAAGA,MAAM;IACpB,IAAI,CAACJ,KAAK,GAAGA,KAAK;EACpB;AACF;AAEA,OAAO,MAAMiB,2BAA2B,SAAS9B,aAAa,CAAC;EAC7D,WAAWE,IAAIA,CAAA,EAAuC;IACpD,OAAO,kCAAkC;EAC3C;EAEAA,IAAI,GAAG,kCAAkC;EAKzCC,WAAWA,CAACC,OAAe,EAAES,KAAa,EAAkC;IAAA,IAAhCI,MAAc,GAAAH,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,aAAa;IACxE,KAAK,CAAC1B,cAAc,CAAC;MAAEgB,OAAO;MAAES,KAAK;MAAEI;IAAO,CAAC,CAAC,CAAC;IACjD,IAAI,CAACA,MAAM,GAAGA,MAAM;IACpB,IAAI,CAACJ,KAAK,GAAGA,KAAK;EACpB;AACF;;AAEA;AACA;AACA;AACA,OAAO,MAAMkB,kBAAkB,SAAS/B,aAAa,CAAC;EACpD,WAAWE,IAAIA,CAAA,EAAwC;IACrD,OAAO,mCAAmC;EAC5C;EAEAA,IAAI,GAAG,mCAAmC;EAE1CC,WAAWA,CAACC,OAAgB,EAAE;IAC5B,KAAK,CAACA,OAAO,CAAC;EAChB;AACF;;AAEA;AACA;AACA;AACA;AACA,OAAO,MAAM4B,qBAAqB,SAAShC,aAAa,CAAC;EACvD,WAAWE,IAAIA,CAAA,EAAkD;IAC/D,OAAO,6CAA6C;EACtD;EAEAA,IAAI,GAAG,sDAAsD;EAK7DC,WAAWA,CAAC8B,KAAa,EAAEC,gBAAyB,EAAE;IACpD,KAAK,CACH9C,cAAc,CAAC8C,gBAAgB,GAAG;MAAED,KAAK;MAAEC;IAAiB,CAAC,GAAG;MAAED;IAAM,CAAC,CAC3E,CAAC;IACD,IAAI,CAACA,KAAK,GAAGA,KAAK;IAClB,IAAI,CAACC,gBAAgB,GAAGA,gBAAgB;EAC1C;AACF;;AAEA;AACA;AACA;AACA,OAAO,MAAMC,qBAAqB,SAASnC,aAAa,CAAC;EACvD,WAAWE,IAAIA,CAAA,EAAsC;IACnD,OAAO,iCAAiC;EAC1C;EAEAA,IAAI,GAAG,iCAAiC;;EAExC;;EAGAC,WAAWA,CAACiC,SAAiB,EAAE;IAC7B,KAAK,CAAChD,cAAc,CAAC;MAAEgD;IAAU,CAAC,CAAC,CAAC;IACpC,IAAI,CAACA,SAAS,GAAGA,SAAS;EAC5B;AACF;;AAEA;AACA;AACA;AACA,OAAO,MAAMC,wBAAwB,SAASrC,aAAa,CAAC;EAC1D,WAAWE,IAAIA,CAAA,EAAqC;IAClD,OAAO,gCAAgC;EACzC;EAEAA,IAAI,GAAG,gCAAgC;EAIvCC,WAAWA,CAACC,OAAe,EAAkC;IAAA,IAAhCa,MAAc,GAAAH,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,aAAa;IACzD,KAAK,CAAC1B,cAAc,CAAC;MAAEgB,OAAO;MAAEa;IAAO,CAAC,CAAC,CAAC;IAC1C,IAAI,CAACA,MAAM,GAAGA,MAAM;EACtB;AACF;;AAEA;AACA;AACA;AACA,OAAO,MAAMqB,sBAAsB,SAAStC,aAAa,CAAC;EACxD,WAAWE,IAAIA,CAAA,EAAmC;IAChD,OAAO,8BAA8B;EACvC;EAEAA,IAAI,GAAG,8BAA8B;EAIrCC,WAAWA,CAACC,OAAe,EAAkC;IAAA,IAAhCa,MAAc,GAAAH,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,aAAa;IACzD,KAAK,CAAC1B,cAAc,CAAC;MAAEgB,OAAO;MAAEa;IAAO,CAAC,CAAC,CAAC;IAC1C,IAAI,CAACA,MAAM,GAAGA,MAAM;EACtB;AACF"}
|
package/lib/module/utils/misc.js
CHANGED
|
@@ -1,13 +1,15 @@
|
|
|
1
|
-
import { IoWalletError } from "./errors";
|
|
1
|
+
import { IoWalletError, UnexpectedStatusCodeError } from "./errors";
|
|
2
|
+
import { sha256 } from "js-sha256";
|
|
2
3
|
|
|
3
4
|
/**
|
|
4
5
|
* Check if a response is in the expected status, other
|
|
5
|
-
* @param status The expected status
|
|
6
|
+
* @param status - The expected status
|
|
7
|
+
* @throws {@link UnexpectedStatusCodeError} if the status is different from the one expected
|
|
6
8
|
* @returns The given response object
|
|
7
9
|
*/
|
|
8
10
|
export const hasStatus = status => async res => {
|
|
9
11
|
if (res.status !== status) {
|
|
10
|
-
throw new
|
|
12
|
+
throw new UnexpectedStatusCodeError(`Http request failed. Expected ${status}, got ${res.status}, url: ${res.url} with response: ${await res.text()}`, res.status);
|
|
11
13
|
}
|
|
12
14
|
return res;
|
|
13
15
|
};
|
|
@@ -45,4 +47,37 @@ export const until = (conditionFunction, timeoutSeconds) => new Promise((resolve
|
|
|
45
47
|
};
|
|
46
48
|
poll();
|
|
47
49
|
});
|
|
50
|
+
|
|
51
|
+
/**
|
|
52
|
+
* Get the hash of a credential without discloures.
|
|
53
|
+
* A credential is a string like `header.body.sign~sd1~sd2....` where `~` is the separator between the credential and the discloures.
|
|
54
|
+
* @param credential - The credential to hash
|
|
55
|
+
* @returns The hash of the credential without discloures
|
|
56
|
+
*/
|
|
57
|
+
export const getCredentialHashWithouDiscloures = async credential => {
|
|
58
|
+
const tildeIndex = credential.indexOf("~");
|
|
59
|
+
if (tildeIndex === -1) {
|
|
60
|
+
throw new IoWalletError("Invalid credential format");
|
|
61
|
+
}
|
|
62
|
+
return sha256(credential.slice(0, tildeIndex));
|
|
63
|
+
};
|
|
64
|
+
|
|
65
|
+
/**
|
|
66
|
+
* Creates a promise that waits until the provided signal is aborted.
|
|
67
|
+
* @returns {Object} An object with `listen` and `remove` methods to handle subscribing and unsubscribing.
|
|
68
|
+
*/
|
|
69
|
+
export const createAbortPromiseFromSignal = signal => {
|
|
70
|
+
let listener;
|
|
71
|
+
return {
|
|
72
|
+
listen: () => new Promise(resolve => {
|
|
73
|
+
if (signal.aborted) {
|
|
74
|
+
return resolve("OPERATION_ABORTED");
|
|
75
|
+
}
|
|
76
|
+
listener = () => resolve("OPERATION_ABORTED");
|
|
77
|
+
signal.addEventListener("abort", listener);
|
|
78
|
+
}),
|
|
79
|
+
remove: () => signal.removeEventListener("abort", listener)
|
|
80
|
+
};
|
|
81
|
+
};
|
|
82
|
+
export const isDefined = x => Boolean(x);
|
|
48
83
|
//# sourceMappingURL=misc.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["IoWalletError","hasStatus","status","res","url","text","generateRandomAlphaNumericString","size","Array","from","Math","floor","random","toString","join","until","conditionFunction","timeoutSeconds","Promise","resolve","reject","start","Date","now","poll","undefined","Error","setTimeout"],"sourceRoot":"../../../src","sources":["utils/misc.ts"],"mappings":"AAAA,SAASA,aAAa,QAAQ,UAAU;;
|
|
1
|
+
{"version":3,"names":["IoWalletError","UnexpectedStatusCodeError","sha256","hasStatus","status","res","url","text","generateRandomAlphaNumericString","size","Array","from","Math","floor","random","toString","join","until","conditionFunction","timeoutSeconds","Promise","resolve","reject","start","Date","now","poll","undefined","Error","setTimeout","getCredentialHashWithouDiscloures","credential","tildeIndex","indexOf","slice","createAbortPromiseFromSignal","signal","listener","listen","aborted","addEventListener","remove","removeEventListener","isDefined","x","Boolean"],"sourceRoot":"../../../src","sources":["utils/misc.ts"],"mappings":"AAAA,SAASA,aAAa,EAAEC,yBAAyB,QAAQ,UAAU;AACnE,SAASC,MAAM,QAAQ,WAAW;;AAElC;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,SAAS,GACnBC,MAAc,IACf,MAAOC,GAAa,IAAwB;EAC1C,IAAIA,GAAG,CAACD,MAAM,KAAKA,MAAM,EAAE;IACzB,MAAM,IAAIH,yBAAyB,CAChC,iCAAgCG,MAAO,SAAQC,GAAG,CAACD,MAAO,UACzDC,GAAG,CAACC,GACL,mBAAkB,MAAMD,GAAG,CAACE,IAAI,CAAC,CAAE,EAAC,EACrCF,GAAG,CAACD,MACN,CAAC;EACH;EACA,OAAOC,GAAG;AACZ,CAAC;;AAEH;AACA;AAOA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMG,gCAAgC,GAAIC,IAAY,IAC3DC,KAAK,CAACC,IAAI,CAACD,KAAK,CAACD,IAAI,CAAC,EAAE,MACtBG,IAAI,CAACC,KAAK,CAACD,IAAI,CAACE,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,CAACC,QAAQ,CAAC,EAAE,CAC5C,CAAC,CAACC,IAAI,CAAC,EAAE,CAAC;;AAEZ;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,KAAK,GAAGA,CACnBC,iBAAgC,EAChCC,cAAuB,KAEvB,IAAIC,OAAO,CAAO,CAACC,OAAO,EAAEC,MAAM,KAAK;EACrC,MAAMC,KAAK,GAAGC,IAAI,CAACC,GAAG,CAAC,CAAC;EACxB,MAAMC,IAAI,GAAGA,CAAA,KAAM;IACjB,IAAIR,iBAAiB,CAAC,CAAC,EAAE;MACvBG,OAAO,CAAC,CAAC;IACX,CAAC,MAAM,IACLF,cAAc,KAAKQ,SAAS,IAC5BH,IAAI,CAACC,GAAG,CAAC,CAAC,GAAGF,KAAK,IAAIJ,cAAc,GAAG,IAAI,EAC3C;MACAG,MAAM,CAAC,IAAIM,KAAK,CAAC,kBAAkB,CAAC,CAAC;IACvC,CAAC,MAAM;MACLC,UAAU,CAACH,IAAI,EAAE,GAAG,CAAC;IACvB;EACF,CAAC;EAEDA,IAAI,CAAC,CAAC;AACR,CAAC,CAAC;;AAEJ;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMI,iCAAiC,GAAG,MAC/CC,UAAkB,IACE;EACpB,MAAMC,UAAU,GAAGD,UAAU,CAACE,OAAO,CAAC,GAAG,CAAC;EAC1C,IAAID,UAAU,KAAK,CAAC,CAAC,EAAE;IACrB,MAAM,IAAIhC,aAAa,CAAC,2BAA2B,CAAC;EACtD;EACA,OAAOE,MAAM,CAAC6B,UAAU,CAACG,KAAK,CAAC,CAAC,EAAEF,UAAU,CAAC,CAAC;AAChD,CAAC;;AAED;AACA;AACA;AACA;AACA,OAAO,MAAMG,4BAA4B,GAAIC,MAAmB,IAAK;EACnE,IAAIC,QAAoB;EACxB,OAAO;IACLC,MAAM,EAAEA,CAAA,KACN,IAAIlB,OAAO,CAAuBC,OAAO,IAAK;MAC5C,IAAIe,MAAM,CAACG,OAAO,EAAE;QAClB,OAAOlB,OAAO,CAAC,mBAAmB,CAAC;MACrC;MACAgB,QAAQ,GAAGA,CAAA,KAAMhB,OAAO,CAAC,mBAAmB,CAAC;MAC7Ce,MAAM,CAACI,gBAAgB,CAAC,OAAO,EAAEH,QAAQ,CAAC;IAC5C,CAAC,CAAC;IACJI,MAAM,EAAEA,CAAA,KAAML,MAAM,CAACM,mBAAmB,CAAC,OAAO,EAAEL,QAAQ;EAC5D,CAAC;AACH,CAAC;AAED,OAAO,MAAMM,SAAS,GAAOC,CAA4B,IACvDC,OAAO,CAACD,CAAC,CAAC"}
|
package/lib/module/utils/par.js
CHANGED
|
@@ -17,7 +17,7 @@ export const AuthorizationDetails = z.array(AuthorizationDetail);
|
|
|
17
17
|
export const makeParRequest = _ref => {
|
|
18
18
|
let {
|
|
19
19
|
wiaCryptoContext,
|
|
20
|
-
appFetch
|
|
20
|
+
appFetch
|
|
21
21
|
} = _ref;
|
|
22
22
|
return async (clientId, codeVerifier, redirectUri, responseMode, parEndpoint, walletInstanceAttestation, authorizationDetails, assertionType) => {
|
|
23
23
|
const wiaPublicKey = await wiaCryptoContext.getPublicKey();
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["sha256ToBase64","SignJWT","uuid","z","WalletInstanceAttestation","generateRandomAlphaNumericString","hasStatus","createPopToken","AuthorizationDetail","object","credential_configuration_id","string","format","union","literal","type","AuthorizationDetails","array","makeParRequest","_ref","wiaCryptoContext","appFetch","
|
|
1
|
+
{"version":3,"names":["sha256ToBase64","SignJWT","uuid","z","WalletInstanceAttestation","generateRandomAlphaNumericString","hasStatus","createPopToken","AuthorizationDetail","object","credential_configuration_id","string","format","union","literal","type","AuthorizationDetails","array","makeParRequest","_ref","wiaCryptoContext","appFetch","clientId","codeVerifier","redirectUri","responseMode","parEndpoint","walletInstanceAttestation","authorizationDetails","assertionType","wiaPublicKey","getPublicKey","parUrl","URL","aud","protocol","hostname","iss","decode","payload","cnf","jwk","kid","signedWiaPoP","jti","v4","codeChallengeMethod","codeChallenge","signedJwtForPar","setProtectedHeader","typ","setPayload","response_type","response_mode","client_id","state","code_challenge","code_challenge_method","authorization_details","redirect_uri","client_assertion_type","client_assertion","setIssuedAt","setExpirationTime","sign","formBody","URLSearchParams","request","method","headers","body","toString","then","res","json","result","request_uri"],"sourceRoot":"../../../src","sources":["utils/par.ts"],"mappings":"AAAA,SACEA,cAAc,EAEdC,OAAO,QACF,6BAA6B;AACpC,OAAOC,IAAI,MAAM,mBAAmB;AACpC,OAAO,KAAKC,CAAC,MAAM,KAAK;AACxB,OAAO,KAAKC,yBAAyB,MAAM,gCAAgC;AAC3E,SAASC,gCAAgC,EAAEC,SAAS,QAAQ,QAAQ;AACpE,SAASC,cAAc,QAAQ,OAAO;AAGtC,OAAO,MAAMC,mBAAmB,GAAGL,CAAC,CAACM,MAAM,CAAC;EAC1CC,2BAA2B,EAAEP,CAAC,CAACQ,MAAM,CAAC,CAAC;EACvCC,MAAM,EAAET,CAAC,CAACU,KAAK,CAAC,CAACV,CAAC,CAACW,OAAO,CAAC,WAAW,CAAC,EAAEX,CAAC,CAACW,OAAO,CAAC,cAAc,CAAC,CAAC,CAAC;EACpEC,IAAI,EAAEZ,CAAC,CAACW,OAAO,CAAC,mBAAmB;AACrC,CAAC,CAAC;AAGF,OAAO,MAAME,oBAAoB,GAAGb,CAAC,CAACc,KAAK,CAACT,mBAAmB,CAAC;;AAEhE;AACA;AACA;AACA,OAAO,MAAMU,cAAc,GACzBC,IAAA;EAAA,IAAC;IACCC,gBAAgB;IAChBC;EAIF,CAAC,GAAAF,IAAA;EAAA,OACD,OACEG,QAAgB,EAChBC,YAAoB,EACpBC,WAAmB,EACnBC,YAAoB,EACpBC,WAAmB,EACnBC,yBAAiC,EACjCC,oBAA0C,EAC1CC,aAAqB,KACD;IACpB,MAAMC,YAAY,GAAG,MAAMV,gBAAgB,CAACW,YAAY,CAAC,CAAC;IAE1D,MAAMC,MAAM,GAAG,IAAIC,GAAG,CAACP,WAAW,CAAC;IACnC,MAAMQ,GAAG,GAAI,GAAEF,MAAM,CAACG,QAAS,KAAIH,MAAM,CAACI,QAAS,EAAC;IAEpD,MAAMC,GAAG,GAAGjC,yBAAyB,CAACkC,MAAM,CAACX,yBAAyB,CAAC,CACpEY,OAAO,CAACC,GAAG,CAACC,GAAG,CAACC,GAAG;IAEtB,MAAMC,YAAY,GAAG,MAAMpC,cAAc,CACvC;MACEqC,GAAG,EAAG,GAAE1C,IAAI,CAAC2C,EAAE,CAAC,CAAE,EAAC;MACnBX,GAAG;MACHG;IACF,CAAC,EACDjB,gBACF,CAAC;;IAED;AACJ;AACA;IACI,MAAM0B,mBAAmB,GAAG,MAAM;IAClC,MAAMC,aAAa,GAAG,MAAM/C,cAAc,CAACuB,YAAY,CAAC;;IAExD;AACJ;AACA;AACA;IACI,MAAMyB,eAAe,GAAG,MAAM,IAAI/C,OAAO,CAACmB,gBAAgB,CAAC,CACxD6B,kBAAkB,CAAC;MAClBC,GAAG,EAAE,KAAK;MACVR,GAAG,EAAEZ,YAAY,CAACY;IACpB,CAAC,CAAC,CACDS,UAAU,CAAC;MACVP,GAAG,EAAG,GAAE1C,IAAI,CAAC2C,EAAE,CAAC,CAAE,EAAC;MACnBX,GAAG;MACHkB,aAAa,EAAE,MAAM;MACrBC,aAAa,EAAE5B,YAAY;MAC3B6B,SAAS,EAAEhC,QAAQ;MACnBe,GAAG;MACHkB,KAAK,EAAElD,gCAAgC,CAAC,EAAE,CAAC;MAC3CmD,cAAc,EAAET,aAAa;MAC7BU,qBAAqB,EAAEX,mBAAmB;MAC1CY,qBAAqB,EAAE9B,oBAAoB;MAC3C+B,YAAY,EAAEnC,WAAW;MACzBoC,qBAAqB,EAAE/B,aAAa;MACpCgC,gBAAgB,EAAElC,yBAAyB,GAAG,GAAG,GAAGgB;IACtD,CAAC,CAAC,CACDmB,WAAW,CAAC,CAAC,CAAC;IAAA,CACdC,iBAAiB,CAAC,MAAM,CAAC,CACzBC,IAAI,CAAC,CAAC;;IAET;IACA,IAAIC,QAAQ,GAAG,IAAIC,eAAe,CAAC;MACjCd,aAAa,EAAE,MAAM;MACrBE,SAAS,EAAEhC,QAAQ;MACnBkC,cAAc,EAAET,aAAa;MAC7BU,qBAAqB,EAAE,MAAM;MAC7BU,OAAO,EAAEnB,eAAe;MACxBY,qBAAqB,EAAE/B,aAAa;MACpCgC,gBAAgB,EAAElC,yBAAyB,GAAG,GAAG,GAAGgB;IACtD,CAAC,CAAC;IAEF,OAAO,MAAMtB,QAAQ,CAACK,WAAW,EAAE;MACjC0C,MAAM,EAAE,MAAM;MACdC,OAAO,EAAE;QACP,cAAc,EAAE;MAClB,CAAC;MACDC,IAAI,EAAEL,QAAQ,CAACM,QAAQ,CAAC;IAC1B,CAAC,CAAC,CACCC,IAAI,CAAClE,SAAS,CAAC,GAAG,CAAC,CAAC,CACpBkE,IAAI,CAAEC,GAAG,IAAKA,GAAG,CAACC,IAAI,CAAC,CAAC,CAAC,CACzBF,IAAI,CAAEG,MAAM,IAAKA,MAAM,CAACC,WAAW,CAAC;EACzC,CAAC;AAAA"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/credential/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,QAAQ,MAAM,YAAY,CAAC;AACvC,OAAO,KAAK,YAAY,MAAM,gBAAgB,CAAC;
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/credential/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,QAAQ,MAAM,YAAY,CAAC;AACvC,OAAO,KAAK,YAAY,MAAM,gBAAgB,CAAC;AAC/C,OAAO,KAAK,MAAM,MAAM,UAAU,CAAC;AAEnC,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAE,MAAM,EAAE,CAAC"}
|
|
@@ -7,7 +7,7 @@ import { RequestObject } from "../presentation/types";
|
|
|
7
7
|
/**
|
|
8
8
|
* The interface of the phase to complete User authorization via strong identification when the response mode is "query" and the request credential is a PersonIdentificationData.
|
|
9
9
|
*/
|
|
10
|
-
export type CompleteUserAuthorizationWithQueryMode = (issuerRequestUri: Out<StartUserAuthorization>["issuerRequestUri"], clientId: Out<StartUserAuthorization>["clientId"], issuerConf: Out<EvaluateIssuerTrust>["issuerConf"], idpHint: string, redirectUri: string, authorizationContext?: AuthorizationContext) => Promise<AuthorizationResult>;
|
|
10
|
+
export type CompleteUserAuthorizationWithQueryMode = (issuerRequestUri: Out<StartUserAuthorization>["issuerRequestUri"], clientId: Out<StartUserAuthorization>["clientId"], issuerConf: Out<EvaluateIssuerTrust>["issuerConf"], idpHint: string, redirectUri: string, authorizationContext?: AuthorizationContext, signal?: AbortSignal) => Promise<AuthorizationResult>;
|
|
11
11
|
export type CompleteUserAuthorizationWithFormPostJwtMode = (requestObject: Out<GetRequestedCredentialToBePresented>, context: {
|
|
12
12
|
wiaCryptoContext: CryptoContext;
|
|
13
13
|
pidCryptoContext: CryptoContext;
|
|
@@ -29,8 +29,10 @@ export type GetRequestedCredentialToBePresented = (issuerRequestUri: Out<StartUs
|
|
|
29
29
|
* If not specified, the default browser is used
|
|
30
30
|
* @param idphint Unique identifier of the SPID IDP selected by the user
|
|
31
31
|
* @param redirectUri The url to reach to complete the user authorization which is the custom URL scheme that the Wallet Instance is registered to handle, usually a custom URL or deeplink
|
|
32
|
+
* @param signal An optional {@link AbortSignal} to abort the operation when using the default browser
|
|
32
33
|
* @throws {AuthorizationError} if an error occurs during the authorization process
|
|
33
34
|
* @throws {AuthorizationIdpError} if an error occurs during the authorization process and the error is related to the IDP
|
|
35
|
+
* @throws {OperationAbortedError} if the caller aborts the operation via the provided signal
|
|
34
36
|
* @returns the authorization response which contains code, state and iss
|
|
35
37
|
*/
|
|
36
38
|
export declare const completeUserAuthorizationWithQueryMode: CompleteUserAuthorizationWithQueryMode;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"04-complete-user-authorization.d.ts","sourceRoot":"","sources":["../../../../src/credential/issuance/04-complete-user-authorization.ts"],"names":[],"mappings":"AAAA,OAAO,EAGL,KAAK,oBAAoB,EACzB,KAAK,mBAAmB,EACzB,MAAM,kBAAkB,CAAC;AAC1B,OAAO,
|
|
1
|
+
{"version":3,"file":"04-complete-user-authorization.d.ts","sourceRoot":"","sources":["../../../../src/credential/issuance/04-complete-user-authorization.ts"],"names":[],"mappings":"AAAA,OAAO,EAGL,KAAK,oBAAoB,EACzB,KAAK,mBAAmB,EACzB,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EAKL,KAAK,GAAG,EACT,MAAM,kBAAkB,CAAC;AAC1B,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,+BAA+B,CAAC;AAQ5E,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;AAEtE,OAAO,EAIL,KAAK,aAAa,EACnB,MAAM,6BAA6B,CAAC;AACrC,OAAO,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AAKtD;;GAEG;AACH,MAAM,MAAM,sCAAsC,GAAG,CACnD,gBAAgB,EAAE,GAAG,CAAC,sBAAsB,CAAC,CAAC,kBAAkB,CAAC,EACjE,QAAQ,EAAE,GAAG,CAAC,sBAAsB,CAAC,CAAC,UAAU,CAAC,EACjD,UAAU,EAAE,GAAG,CAAC,mBAAmB,CAAC,CAAC,YAAY,CAAC,EAClD,OAAO,EAAE,MAAM,EACf,WAAW,EAAE,MAAM,EACnB,oBAAoB,CAAC,EAAE,oBAAoB,EAC3C,MAAM,CAAC,EAAE,WAAW,KACjB,OAAO,CAAC,mBAAmB,CAAC,CAAC;AAElC,MAAM,MAAM,4CAA4C,GAAG,CACzD,aAAa,EAAE,GAAG,CAAC,mCAAmC,CAAC,EACvD,OAAO,EAAE;IACP,gBAAgB,EAAE,aAAa,CAAC;IAChC,gBAAgB,EAAE,aAAa,CAAC;IAChC,GAAG,EAAE,MAAM,CAAC;IACZ,yBAAyB,EAAE,MAAM,CAAC;IAClC,QAAQ,CAAC,EAAE,WAAW,CAAC,OAAO,CAAC,CAAC;CACjC,KACE,OAAO,CAAC,mBAAmB,CAAC,CAAC;AAElC,MAAM,MAAM,mCAAmC,GAAG,CAChD,gBAAgB,EAAE,GAAG,CAAC,sBAAsB,CAAC,CAAC,kBAAkB,CAAC,EACjE,QAAQ,EAAE,GAAG,CAAC,sBAAsB,CAAC,CAAC,UAAU,CAAC,EACjD,UAAU,EAAE,GAAG,CAAC,mBAAmB,CAAC,CAAC,YAAY,CAAC,EAClD,QAAQ,CAAC,EAAE,WAAW,CAAC,OAAO,CAAC,KAC5B,OAAO,CAAC,aAAa,CAAC,CAAC;AAE5B;;;;;;;;;;;;;;;;;;GAkBG;AACH,eAAO,MAAM,sCAAsC,EAAE,sCA0ElD,CAAC;AAEJ;;;;;;;;;;;GAWG;AACH,eAAO,MAAM,mCAAmC,EAAE,mCAyB/C,CAAC;AAEJ;;;;;;;;;;;;;;;GAeG;AACH,eAAO,MAAM,4CAA4C,EAAE,4CAuGxD,CAAC;AAEJ;;;;;;GAMG;AACH,eAAO,MAAM,0BAA0B,YAC5B,OAAO,KACf,mBAaF,CAAC"}
|
|
@@ -8,9 +8,9 @@ export type AuthorizeAccess = (issuerConf: Out<EvaluateIssuerTrust>["issuerConf"
|
|
|
8
8
|
walletInstanceAttestation: string;
|
|
9
9
|
appFetch?: GlobalFetch["fetch"];
|
|
10
10
|
wiaCryptoContext: CryptoContext;
|
|
11
|
+
dPopCryptoContext: CryptoContext;
|
|
11
12
|
}) => Promise<{
|
|
12
13
|
accessToken: TokenResponse;
|
|
13
|
-
dPoPContext: CryptoContext;
|
|
14
14
|
}>;
|
|
15
15
|
/**
|
|
16
16
|
* Creates and sends the DPoP Proof JWT to be presented with the authorization code to the /token endpoint of the authorization server
|
|
@@ -24,6 +24,7 @@ export type AuthorizeAccess = (issuerConf: Out<EvaluateIssuerTrust>["issuerConf"
|
|
|
24
24
|
* @param codeVerifier The code verifier returned by {@link startUserAuthorization}
|
|
25
25
|
* @param context.walletInstanceAttestation The Wallet Instance's attestation
|
|
26
26
|
* @param context.wiaCryptoContext The Wallet Instance's crypto context
|
|
27
|
+
* @param context.dPopCryptoContext The DPoP crypto context
|
|
27
28
|
* @param context.appFetch (optional) fetch api implementation. Default: built-in fetch
|
|
28
29
|
* @throws {ValidationFailed} if an error occurs while parsing the token response
|
|
29
30
|
* @return The token response containing the access token along with the token request signed with DPoP which has to be used in the {@link obtainCredential} step.
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"05-authorize-access.d.ts","sourceRoot":"","sources":["../../../../src/credential/issuance/05-authorize-access.ts"],"names":[],"mappings":"AAAA,OAAO,EAAa,KAAK,GAAG,EAAE,MAAM,kBAAkB,CAAC;AACvD,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;AACtE,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,+BAA+B,CAAC;
|
|
1
|
+
{"version":3,"file":"05-authorize-access.d.ts","sourceRoot":"","sources":["../../../../src/credential/issuance/05-authorize-access.ts"],"names":[],"mappings":"AAAA,OAAO,EAAa,KAAK,GAAG,EAAE,MAAM,kBAAkB,CAAC;AACvD,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;AACtE,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,+BAA+B,CAAC;AAK5E,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,6BAA6B,CAAC;AAEjE,OAAO,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AAExC,OAAO,KAAK,EAAE,sCAAsC,EAAE,MAAM,kCAAkC,CAAC;AAE/F,MAAM,MAAM,eAAe,GAAG,CAC5B,UAAU,EAAE,GAAG,CAAC,mBAAmB,CAAC,CAAC,YAAY,CAAC,EAClD,IAAI,EAAE,GAAG,CAAC,sCAAsC,CAAC,CAAC,MAAM,CAAC,EACzD,WAAW,EAAE,MAAM,EACnB,QAAQ,EAAE,GAAG,CAAC,sBAAsB,CAAC,CAAC,UAAU,CAAC,EACjD,YAAY,EAAE,GAAG,CAAC,sBAAsB,CAAC,CAAC,cAAc,CAAC,EACzD,OAAO,EAAE;IACP,yBAAyB,EAAE,MAAM,CAAC;IAClC,QAAQ,CAAC,EAAE,WAAW,CAAC,OAAO,CAAC,CAAC;IAChC,gBAAgB,EAAE,aAAa,CAAC;IAChC,iBAAiB,EAAE,aAAa,CAAC;CAClC,KACE,OAAO,CAAC;IAAE,WAAW,EAAE,aAAa,CAAA;CAAE,CAAC,CAAC;AAE7C;;;;;;;;;;;;;;;;GAgBG;AACH,eAAO,MAAM,eAAe,EAAE,eAsE7B,CAAC"}
|
|
@@ -4,7 +4,8 @@ import type { EvaluateIssuerTrust } from "./02-evaluate-issuer-trust";
|
|
|
4
4
|
import { type Out } from "../../utils/misc";
|
|
5
5
|
import type { StartUserAuthorization } from "./03-start-user-authorization";
|
|
6
6
|
import { CredentialResponse } from "./types";
|
|
7
|
-
export type ObtainCredential = (issuerConf: Out<EvaluateIssuerTrust>["issuerConf"], accessToken: Out<AuthorizeAccess>["accessToken"], clientId: Out<StartUserAuthorization>["clientId"], credentialDefinition: Out<StartUserAuthorization>["credentialDefinition"],
|
|
7
|
+
export type ObtainCredential = (issuerConf: Out<EvaluateIssuerTrust>["issuerConf"], accessToken: Out<AuthorizeAccess>["accessToken"], clientId: Out<StartUserAuthorization>["clientId"], credentialDefinition: Out<StartUserAuthorization>["credentialDefinition"], context: {
|
|
8
|
+
dPopCryptoContext: CryptoContext;
|
|
8
9
|
credentialCryptoContext: CryptoContext;
|
|
9
10
|
appFetch?: GlobalFetch["fetch"];
|
|
10
11
|
}) => Promise<CredentialResponse>;
|
|
@@ -21,6 +22,7 @@ export declare const createNonceProof: (nonce: string, issuer: string, audience:
|
|
|
21
22
|
* @param credentialDefinition The credential definition of the credential to be obtained returned by {@link startUserAuthorization}
|
|
22
23
|
* @param tokenRequestSignedDPop The DPoP signed token request returned by {@link authorizeAccess}
|
|
23
24
|
* @param context.credentialCryptoContext The crypto context used to obtain the credential
|
|
25
|
+
* @param context.dPopCryptoContext The DPoP crypto context
|
|
24
26
|
* @param context.appFetch (optional) fetch api implementation. Default: built-in fetch
|
|
25
27
|
* @returns The credential response containing the credential
|
|
26
28
|
*/
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"06-obtain-credential.d.ts","sourceRoot":"","sources":["../../../../src/credential/issuance/06-obtain-credential.ts"],"names":[],"mappings":"AAAA,OAAO,EAGL,KAAK,aAAa,EACnB,MAAM,6BAA6B,CAAC;AACrC,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AAC7D,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;AACtE,OAAO,EAAa,KAAK,GAAG,EAAE,MAAM,kBAAkB,CAAC;AACvD,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,+BAA+B,CAAC;AAE5E,OAAO,EAAE,kBAAkB,EAAE,MAAM,SAAS,CAAC;
|
|
1
|
+
{"version":3,"file":"06-obtain-credential.d.ts","sourceRoot":"","sources":["../../../../src/credential/issuance/06-obtain-credential.ts"],"names":[],"mappings":"AAAA,OAAO,EAGL,KAAK,aAAa,EACnB,MAAM,6BAA6B,CAAC;AACrC,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AAC7D,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;AACtE,OAAO,EAAa,KAAK,GAAG,EAAE,MAAM,kBAAkB,CAAC;AACvD,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,+BAA+B,CAAC;AAE5E,OAAO,EAAE,kBAAkB,EAAE,MAAM,SAAS,CAAC;AAK7C,MAAM,MAAM,gBAAgB,GAAG,CAC7B,UAAU,EAAE,GAAG,CAAC,mBAAmB,CAAC,CAAC,YAAY,CAAC,EAClD,WAAW,EAAE,GAAG,CAAC,eAAe,CAAC,CAAC,aAAa,CAAC,EAChD,QAAQ,EAAE,GAAG,CAAC,sBAAsB,CAAC,CAAC,UAAU,CAAC,EACjD,oBAAoB,EAAE,GAAG,CAAC,sBAAsB,CAAC,CAAC,sBAAsB,CAAC,EACzE,OAAO,EAAE;IACP,iBAAiB,EAAE,aAAa,CAAC;IACjC,uBAAuB,EAAE,aAAa,CAAC;IACvC,QAAQ,CAAC,EAAE,WAAW,CAAC,OAAO,CAAC,CAAC;CACjC,KACE,OAAO,CAAC,kBAAkB,CAAC,CAAC;AAEjC,eAAO,MAAM,gBAAgB,UACpB,MAAM,UACL,MAAM,YACJ,MAAM,OACX,aAAa,KACjB,QAAQ,MAAM,CAehB,CAAC;AAEF;;;;;;;;;;;;;;;GAeG;AACH,eAAO,MAAM,gBAAgB,EAAE,gBAiF9B,CAAC"}
|
|
@@ -1,6 +1,5 @@
|
|
|
1
1
|
import * as z from "zod";
|
|
2
2
|
export declare const ASSERTION_TYPE = "urn:ietf:params:oauth:client-assertion-type:jwt-client-attestation";
|
|
3
|
-
export declare const DPOP_KET_TAG = "dpop";
|
|
4
3
|
export type SupportedCredentialFormat = z.infer<typeof SupportedCredentialFormat>;
|
|
5
4
|
export declare const SupportedCredentialFormat: z.ZodUnion<[z.ZodLiteral<"vc+sd-jwt">, z.ZodLiteral<"vc+mdoc-cbor">]>;
|
|
6
5
|
//# sourceMappingURL=const.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"const.d.ts","sourceRoot":"","sources":["../../../../src/credential/issuance/const.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,CAAC,MAAM,KAAK,CAAC;AACzB,eAAO,MAAM,cAAc,uEAC2C,CAAC;AAEvE,
|
|
1
|
+
{"version":3,"file":"const.d.ts","sourceRoot":"","sources":["../../../../src/credential/issuance/const.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,CAAC,MAAM,KAAK,CAAC;AACzB,eAAO,MAAM,cAAc,uEAC2C,CAAC;AAEvE,MAAM,MAAM,yBAAyB,GAAG,CAAC,CAAC,KAAK,CAC7C,OAAO,yBAAyB,CACjC,CAAC;AACF,eAAO,MAAM,yBAAyB,uEAGpC,CAAC"}
|
|
@@ -0,0 +1,10 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* WARNING: This is the first function to be called in the status attestation flow. The next function to be called is {@link statusAttestation}.
|
|
3
|
+
* The beginning of the status attestation flow.
|
|
4
|
+
*
|
|
5
|
+
* @returns The url of the credential issuer to be used in the next function.
|
|
6
|
+
*/
|
|
7
|
+
export type StartFlow = () => {
|
|
8
|
+
issuerUrl: string;
|
|
9
|
+
};
|
|
10
|
+
//# sourceMappingURL=01-start-flow.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"01-start-flow.d.ts","sourceRoot":"","sources":["../../../../src/credential/status/01-start-flow.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AACH,MAAM,MAAM,SAAS,GAAG,MAAM;IAC5B,SAAS,EAAE,MAAM,CAAC;CACnB,CAAC"}
|
|
@@ -0,0 +1,20 @@
|
|
|
1
|
+
import { type Out } from "../../utils/misc";
|
|
2
|
+
import type { EvaluateIssuerTrust, ObtainCredential } from "../issuance";
|
|
3
|
+
import { type CryptoContext } from "@pagopa/io-react-native-jwt";
|
|
4
|
+
import { StatusAttestationResponse } from "./types";
|
|
5
|
+
export type StatusAttestation = (issuerConf: Out<EvaluateIssuerTrust>["issuerConf"], credential: Out<ObtainCredential>["credential"], credentialCryptoContext: CryptoContext, appFetch?: GlobalFetch["fetch"]) => Promise<{
|
|
6
|
+
statusAttestation: StatusAttestationResponse["status_attestation"];
|
|
7
|
+
}>;
|
|
8
|
+
/**
|
|
9
|
+
* WARNING: This function must be called after {@link startFlow}.
|
|
10
|
+
* Verify the status of the credential attestation.
|
|
11
|
+
* @param issuerConf - The issuer's configuration
|
|
12
|
+
* @param credential - The credential to be verified
|
|
13
|
+
* @param credentialCryptoContext - The credential's crypto context
|
|
14
|
+
* @param context.appFetch (optional) fetch api implementation. Default: built-in fetch
|
|
15
|
+
* @throws {@link StatusAttestationInvalid} if the status attestation is invalid and thus the credential is not valid
|
|
16
|
+
* @throws {@link StatusAttestationError} if an error occurs during the status attestation
|
|
17
|
+
* @returns The credential status attestation
|
|
18
|
+
*/
|
|
19
|
+
export declare const statusAttestation: StatusAttestation;
|
|
20
|
+
//# sourceMappingURL=02-status-attestation.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"02-status-attestation.d.ts","sourceRoot":"","sources":["../../../../src/credential/status/02-status-attestation.ts"],"names":[],"mappings":"AAAA,OAAO,EAGL,KAAK,GAAG,EACT,MAAM,kBAAkB,CAAC;AAC1B,OAAO,KAAK,EAAE,mBAAmB,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AACzE,OAAO,EAAW,KAAK,aAAa,EAAE,MAAM,6BAA6B,CAAC;AAE1E,OAAO,EAAE,yBAAyB,EAAE,MAAM,SAAS,CAAC;AAOpD,MAAM,MAAM,iBAAiB,GAAG,CAC9B,UAAU,EAAE,GAAG,CAAC,mBAAmB,CAAC,CAAC,YAAY,CAAC,EAClD,UAAU,EAAE,GAAG,CAAC,gBAAgB,CAAC,CAAC,YAAY,CAAC,EAC/C,uBAAuB,EAAE,aAAa,EACtC,QAAQ,CAAC,EAAE,WAAW,CAAC,OAAO,CAAC,KAC5B,OAAO,CAAC;IACX,iBAAiB,EAAE,yBAAyB,CAAC,oBAAoB,CAAC,CAAC;CACpE,CAAC,CAAC;AAEH;;;;;;;;;;GAUG;AACH,eAAO,MAAM,iBAAiB,EAAE,iBA2C/B,CAAC"}
|
|
@@ -0,0 +1,24 @@
|
|
|
1
|
+
import type { Out } from "../../utils/misc";
|
|
2
|
+
import { type CryptoContext } from "@pagopa/io-react-native-jwt";
|
|
3
|
+
import type { EvaluateIssuerTrust, StatusAttestation } from "../status";
|
|
4
|
+
import { ParsedStatusAttestation } from "./types";
|
|
5
|
+
export type VerifyAndParseStatusAttestation = (issuerConf: Out<EvaluateIssuerTrust>["issuerConf"], statusAttestation: Out<StatusAttestation>, context: {
|
|
6
|
+
credentialCryptoContext: CryptoContext;
|
|
7
|
+
}) => Promise<{
|
|
8
|
+
parsedStatusAttestation: ParsedStatusAttestation;
|
|
9
|
+
}>;
|
|
10
|
+
/**
|
|
11
|
+
* Given a status attestation, verifies that:
|
|
12
|
+
* - It's in the supported format;
|
|
13
|
+
* - The attestation is correctly signed;
|
|
14
|
+
* - It's bound to the given key.
|
|
15
|
+
* @param issuerConf The Issuer configuration returned by {@link evaluateIssuerTrust}
|
|
16
|
+
* @param statusAttestation The encoded status attestation returned by {@link statusAttestation}
|
|
17
|
+
* @param context.credentialCryptoContext The crypto context used to obtain the credential in {@link obtainCredential}
|
|
18
|
+
* @returns A parsed status attestation
|
|
19
|
+
* @throws {IoWalletError} If the credential signature is not verified with the Issuer key set
|
|
20
|
+
* @throws {IoWalletError} If the credential is not bound to the provided user key
|
|
21
|
+
* @throws {IoWalletError} If the credential data fail to parse
|
|
22
|
+
*/
|
|
23
|
+
export declare const verifyAndParseStatusAttestation: VerifyAndParseStatusAttestation;
|
|
24
|
+
//# sourceMappingURL=03-verify-and-parse-status-attestation.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"03-verify-and-parse-status-attestation.d.ts","sourceRoot":"","sources":["../../../../src/credential/status/03-verify-and-parse-status-attestation.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,GAAG,EAAE,MAAM,kBAAkB,CAAC;AAE5C,OAAO,EAAU,KAAK,aAAa,EAAE,MAAM,6BAA6B,CAAC;AACzE,OAAO,KAAK,EAAE,mBAAmB,EAAE,iBAAiB,EAAE,MAAM,WAAW,CAAC;AACxE,OAAO,EAAE,uBAAuB,EAAE,MAAM,SAAS,CAAC;AAGlD,MAAM,MAAM,+BAA+B,GAAG,CAC5C,UAAU,EAAE,GAAG,CAAC,mBAAmB,CAAC,CAAC,YAAY,CAAC,EAClD,iBAAiB,EAAE,GAAG,CAAC,iBAAiB,CAAC,EACzC,OAAO,EAAE;IACP,uBAAuB,EAAE,aAAa,CAAC;CACxC,KACE,OAAO,CAAC;IAAE,uBAAuB,EAAE,uBAAuB,CAAA;CAAE,CAAC,CAAC;AAEnE;;;;;;;;;;;;GAYG;AACH,eAAO,MAAM,+BAA+B,EAAE,+BA+B3C,CAAC"}
|