@pagopa/io-react-native-wallet 0.2.2 → 0.2.3
Sign up to get free protection for your applications and to get access to all the features.
- package/lib/commonjs/pid/issuing.js +28 -0
- package/lib/commonjs/pid/issuing.js.map +1 -1
- package/lib/commonjs/pid/metadata.js +51 -0
- package/lib/commonjs/pid/metadata.js.map +1 -0
- package/lib/commonjs/pid/sd-jwt/index.js +2 -1
- package/lib/commonjs/pid/sd-jwt/index.js.map +1 -1
- package/lib/commonjs/rp/index.js +148 -3
- package/lib/commonjs/rp/index.js.map +1 -1
- package/lib/commonjs/rp/types.js +4 -0
- package/lib/commonjs/rp/types.js.map +1 -1
- package/lib/commonjs/sd-jwt/__test__/index.test.js +119 -0
- package/lib/commonjs/sd-jwt/__test__/index.test.js.map +1 -0
- package/lib/commonjs/sd-jwt/index.js +84 -4
- package/lib/commonjs/sd-jwt/index.js.map +1 -1
- package/lib/commonjs/sd-jwt/types.js +9 -0
- package/lib/commonjs/sd-jwt/types.js.map +1 -1
- package/lib/commonjs/sd-jwt/verifier.js +7 -5
- package/lib/commonjs/sd-jwt/verifier.js.map +1 -1
- package/lib/commonjs/utils/errors.js +76 -1
- package/lib/commonjs/utils/errors.js.map +1 -1
- package/lib/module/pid/issuing.js +30 -2
- package/lib/module/pid/issuing.js.map +1 -1
- package/lib/module/pid/metadata.js +43 -0
- package/lib/module/pid/metadata.js.map +1 -0
- package/lib/module/pid/sd-jwt/index.js +3 -3
- package/lib/module/pid/sd-jwt/index.js.map +1 -1
- package/lib/module/rp/index.js +150 -5
- package/lib/module/rp/index.js.map +1 -1
- package/lib/module/rp/types.js +4 -0
- package/lib/module/rp/types.js.map +1 -1
- package/lib/module/sd-jwt/__test__/index.test.js +118 -0
- package/lib/module/sd-jwt/__test__/index.test.js.map +1 -0
- package/lib/module/sd-jwt/index.js +83 -3
- package/lib/module/sd-jwt/index.js.map +1 -1
- package/lib/module/sd-jwt/types.js +10 -0
- package/lib/module/sd-jwt/types.js.map +1 -1
- package/lib/module/sd-jwt/verifier.js +8 -6
- package/lib/module/sd-jwt/verifier.js.map +1 -1
- package/lib/module/utils/errors.js +71 -0
- package/lib/module/utils/errors.js.map +1 -1
- package/lib/typescript/src/index.d.ts.map +1 -0
- package/lib/typescript/src/pid/index.d.ts.map +1 -0
- package/lib/typescript/{pid → src/pid}/issuing.d.ts +9 -0
- package/lib/typescript/src/pid/issuing.d.ts.map +1 -0
- package/lib/typescript/src/pid/metadata.d.ts +528 -0
- package/lib/typescript/src/pid/metadata.d.ts.map +1 -0
- package/lib/typescript/src/pid/sd-jwt/converters.d.ts.map +1 -0
- package/lib/typescript/src/pid/sd-jwt/index.d.ts.map +1 -0
- package/lib/typescript/src/pid/sd-jwt/types.d.ts.map +1 -0
- package/lib/typescript/src/rp/__test__/index.test.d.ts.map +1 -0
- package/lib/typescript/src/rp/index.d.ts +89 -0
- package/lib/typescript/src/rp/index.d.ts.map +1 -0
- package/lib/typescript/{rp → src/rp}/types.d.ts +54 -47
- package/lib/typescript/{rp → src/rp}/types.d.ts.map +1 -1
- package/lib/typescript/src/sd-jwt/__test__/converters.test.d.ts.map +1 -0
- package/lib/typescript/src/sd-jwt/__test__/index.test.d.ts +2 -0
- package/lib/typescript/src/sd-jwt/__test__/index.test.d.ts.map +1 -0
- package/lib/typescript/src/sd-jwt/__test__/types.test.d.ts.map +1 -0
- package/lib/typescript/src/sd-jwt/converters.d.ts.map +1 -0
- package/lib/typescript/{sd-jwt → src/sd-jwt}/index.d.ts +22 -2
- package/lib/typescript/src/sd-jwt/index.d.ts.map +1 -0
- package/lib/typescript/{sd-jwt → src/sd-jwt}/types.d.ts +12 -0
- package/lib/typescript/src/sd-jwt/types.d.ts.map +1 -0
- package/lib/typescript/src/sd-jwt/verifier.d.ts +3 -0
- package/lib/typescript/src/sd-jwt/verifier.d.ts.map +1 -0
- package/lib/typescript/src/utils/dpop.d.ts.map +1 -0
- package/lib/typescript/{utils → src/utils}/errors.d.ts +41 -0
- package/lib/typescript/src/utils/errors.d.ts.map +1 -0
- package/lib/typescript/src/utils/jwk.d.ts.map +1 -0
- package/lib/typescript/src/wallet-instance-attestation/index.d.ts.map +1 -0
- package/lib/typescript/src/wallet-instance-attestation/issuing.d.ts.map +1 -0
- package/lib/typescript/{wallet-instance-attestation → src/wallet-instance-attestation}/types.d.ts +8 -8
- package/lib/typescript/{wallet-instance-attestation → src/wallet-instance-attestation}/types.d.ts.map +1 -1
- package/package.json +4 -3
- package/src/pid/issuing.ts +38 -1
- package/src/pid/metadata.ts +46 -0
- package/src/pid/sd-jwt/index.ts +6 -3
- package/src/rp/index.ts +189 -5
- package/src/rp/types.ts +8 -0
- package/src/sd-jwt/__test__/index.test.ts +171 -0
- package/src/sd-jwt/index.ts +84 -7
- package/src/sd-jwt/types.ts +13 -0
- package/src/sd-jwt/verifier.ts +5 -7
- package/src/utils/errors.ts +81 -0
- package/lib/typescript/index.d.ts.map +0 -1
- package/lib/typescript/pid/index.d.ts.map +0 -1
- package/lib/typescript/pid/issuing.d.ts.map +0 -1
- package/lib/typescript/pid/sd-jwt/converters.d.ts.map +0 -1
- package/lib/typescript/pid/sd-jwt/index.d.ts.map +0 -1
- package/lib/typescript/pid/sd-jwt/types.d.ts.map +0 -1
- package/lib/typescript/rp/__test__/index.test.d.ts.map +0 -1
- package/lib/typescript/rp/index.d.ts +0 -43
- package/lib/typescript/rp/index.d.ts.map +0 -1
- package/lib/typescript/sd-jwt/__test__/converters.test.d.ts.map +0 -1
- package/lib/typescript/sd-jwt/__test__/types.test.d.ts.map +0 -1
- package/lib/typescript/sd-jwt/converters.d.ts.map +0 -1
- package/lib/typescript/sd-jwt/index.d.ts.map +0 -1
- package/lib/typescript/sd-jwt/types.d.ts.map +0 -1
- package/lib/typescript/sd-jwt/verifier.d.ts +0 -3
- package/lib/typescript/sd-jwt/verifier.d.ts.map +0 -1
- package/lib/typescript/utils/dpop.d.ts.map +0 -1
- package/lib/typescript/utils/errors.d.ts.map +0 -1
- package/lib/typescript/utils/jwk.d.ts.map +0 -1
- package/lib/typescript/wallet-instance-attestation/index.d.ts.map +0 -1
- package/lib/typescript/wallet-instance-attestation/issuing.d.ts.map +0 -1
- /package/lib/typescript/{index.d.ts → src/index.d.ts} +0 -0
- /package/lib/typescript/{pid → src/pid}/index.d.ts +0 -0
- /package/lib/typescript/{pid → src/pid}/sd-jwt/converters.d.ts +0 -0
- /package/lib/typescript/{pid → src/pid}/sd-jwt/index.d.ts +0 -0
- /package/lib/typescript/{pid → src/pid}/sd-jwt/types.d.ts +0 -0
- /package/lib/typescript/{rp → src/rp}/__test__/index.test.d.ts +0 -0
- /package/lib/typescript/{sd-jwt → src/sd-jwt}/__test__/converters.test.d.ts +0 -0
- /package/lib/typescript/{sd-jwt → src/sd-jwt}/__test__/types.test.d.ts +0 -0
- /package/lib/typescript/{sd-jwt → src/sd-jwt}/converters.d.ts +0 -0
- /package/lib/typescript/{utils → src/utils}/dpop.d.ts +0 -0
- /package/lib/typescript/{utils → src/utils}/jwk.d.ts +0 -0
- /package/lib/typescript/{wallet-instance-attestation → src/wallet-instance-attestation}/index.d.ts +0 -0
- /package/lib/typescript/{wallet-instance-attestation → src/wallet-instance-attestation}/issuing.d.ts +0 -0
|
@@ -3,10 +3,19 @@
|
|
|
3
3
|
Object.defineProperty(exports, "__esModule", {
|
|
4
4
|
value: true
|
|
5
5
|
});
|
|
6
|
-
exports.verify = exports.decode = void 0;
|
|
6
|
+
exports.verify = exports.disclose = exports.decode = void 0;
|
|
7
7
|
var _ioReactNativeJwt = require("@pagopa/io-react-native-jwt");
|
|
8
8
|
var _types = require("./types");
|
|
9
9
|
var _verifier = require("./verifier");
|
|
10
|
+
var _errors = require("../utils/errors");
|
|
11
|
+
const decodeDisclosure = encoded => {
|
|
12
|
+
const decoded = _types.Disclosure.parse(JSON.parse((0, _ioReactNativeJwt.decodeBase64)(encoded)));
|
|
13
|
+
return {
|
|
14
|
+
decoded,
|
|
15
|
+
encoded
|
|
16
|
+
};
|
|
17
|
+
};
|
|
18
|
+
|
|
10
19
|
/**
|
|
11
20
|
* Decode a given SD-JWT with Disclosures to get the parsed SD-JWT object they define.
|
|
12
21
|
* It ensures provided data is in a valid shape.
|
|
@@ -39,13 +48,81 @@ const decode = (token, schema) => {
|
|
|
39
48
|
// get disclosures as list of triples
|
|
40
49
|
// validate each triple
|
|
41
50
|
// throw a validation error if at least one fails to parse
|
|
42
|
-
const disclosures = rawDisclosures.map(
|
|
51
|
+
const disclosures = rawDisclosures.map(decodeDisclosure);
|
|
43
52
|
return {
|
|
44
53
|
sdJwt,
|
|
45
54
|
disclosures
|
|
46
55
|
};
|
|
47
56
|
};
|
|
48
57
|
|
|
58
|
+
/**
|
|
59
|
+
* Select disclosures from a given SD-JWT with Disclosures.
|
|
60
|
+
* Claims relate with disclosures by their name.
|
|
61
|
+
*
|
|
62
|
+
* @function
|
|
63
|
+
* @param token The encoded token that represents a valid sd-jwt for verifiable credentials
|
|
64
|
+
* @param claims The list of claims to be disclosed
|
|
65
|
+
*
|
|
66
|
+
* @throws {ClaimsNotFoundBetweenDislosures} When one or more claims does not relate to any discloure.
|
|
67
|
+
* @throws {ClaimsNotFoundInToken} When one or more claims are not contained in the SD-JWT token.
|
|
68
|
+
* @returns The encoded token with only the requested disclosures, along with the path each claim can be found on the SD-JWT token
|
|
69
|
+
*
|
|
70
|
+
*/
|
|
71
|
+
exports.decode = decode;
|
|
72
|
+
const disclose = async (token, claims) => {
|
|
73
|
+
const [rawSdJwt, ...rawDisclosures] = token.split("~");
|
|
74
|
+
const {
|
|
75
|
+
sdJwt,
|
|
76
|
+
disclosures
|
|
77
|
+
} = decode(token, _types.SdJwt4VC);
|
|
78
|
+
|
|
79
|
+
// for each claim, return the path on which they are located in the SD-JWT token
|
|
80
|
+
const paths = await Promise.all(claims.map(async claim => {
|
|
81
|
+
const disclosure = disclosures.find(_ref => {
|
|
82
|
+
let {
|
|
83
|
+
decoded: [, name]
|
|
84
|
+
} = _ref;
|
|
85
|
+
return name === claim;
|
|
86
|
+
});
|
|
87
|
+
|
|
88
|
+
// check every claim represents a known disclosure
|
|
89
|
+
if (!disclosure) {
|
|
90
|
+
throw new _errors.ClaimsNotFoundBetweenDislosures(claim);
|
|
91
|
+
}
|
|
92
|
+
const hash = await (0, _ioReactNativeJwt.sha256ToBase64)(disclosure.encoded);
|
|
93
|
+
|
|
94
|
+
// _sd is defined in verified_claims.claims and verified_claims.verification
|
|
95
|
+
// we must look into both
|
|
96
|
+
if (sdJwt.payload.verified_claims.claims._sd.includes(hash)) {
|
|
97
|
+
const index = sdJwt.payload.verified_claims.claims._sd.indexOf(hash);
|
|
98
|
+
return {
|
|
99
|
+
claim,
|
|
100
|
+
path: `verified_claims.claims._sd[${index}]`
|
|
101
|
+
};
|
|
102
|
+
} else if (sdJwt.payload.verified_claims.verification._sd.includes(hash)) {
|
|
103
|
+
const index = sdJwt.payload.verified_claims.verification._sd.indexOf(hash);
|
|
104
|
+
return {
|
|
105
|
+
claim,
|
|
106
|
+
path: `verified_claims.verification._sd[${index}]`
|
|
107
|
+
};
|
|
108
|
+
}
|
|
109
|
+
throw new _errors.ClaimsNotFoundInToken(claim);
|
|
110
|
+
}));
|
|
111
|
+
const filteredDisclosures = rawDisclosures.filter(d => {
|
|
112
|
+
const {
|
|
113
|
+
decoded: [, name]
|
|
114
|
+
} = decodeDisclosure(d);
|
|
115
|
+
return claims.includes(name);
|
|
116
|
+
});
|
|
117
|
+
|
|
118
|
+
// compose the final disclosed token
|
|
119
|
+
const disclosedToken = [rawSdJwt, ...filteredDisclosures].join("~");
|
|
120
|
+
return {
|
|
121
|
+
token: disclosedToken,
|
|
122
|
+
paths
|
|
123
|
+
};
|
|
124
|
+
};
|
|
125
|
+
|
|
49
126
|
/**
|
|
50
127
|
* Verify a given SD-JWT with Disclosures
|
|
51
128
|
* Same as {@link decode} plus:
|
|
@@ -62,7 +139,7 @@ const decode = (token, schema) => {
|
|
|
62
139
|
* @returns The parsed SD-JWT token and the parsed disclosures
|
|
63
140
|
*
|
|
64
141
|
*/
|
|
65
|
-
exports.
|
|
142
|
+
exports.disclose = disclose;
|
|
66
143
|
const verify = async (token, publicKey, schema) => {
|
|
67
144
|
// get decoded data
|
|
68
145
|
const [rawSdJwt = ""] = token.split("~");
|
|
@@ -74,7 +151,10 @@ const verify = async (token, publicKey, schema) => {
|
|
|
74
151
|
//Check disclosures in sd-jwt
|
|
75
152
|
const claims = [...decoded.sdJwt.payload.verified_claims.verification._sd, ...decoded.sdJwt.payload.verified_claims.claims._sd];
|
|
76
153
|
await Promise.all(decoded.disclosures.map(async disclosure => await (0, _verifier.verifyDisclosure)(disclosure, claims)));
|
|
77
|
-
return
|
|
154
|
+
return {
|
|
155
|
+
sdJwt: decoded.sdJwt,
|
|
156
|
+
disclosures: decoded.disclosures.map(d => d.decoded)
|
|
157
|
+
};
|
|
78
158
|
};
|
|
79
159
|
exports.verify = verify;
|
|
80
160
|
//# sourceMappingURL=index.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["_ioReactNativeJwt","require","_types","_verifier","decode","token","schema","slice","rawSdJwt","rawDisclosures","split","decodedJwt","decodeJwt","sdJwt","
|
|
1
|
+
{"version":3,"names":["_ioReactNativeJwt","require","_types","_verifier","_errors","decodeDisclosure","encoded","decoded","Disclosure","parse","JSON","decodeBase64","decode","token","schema","slice","rawSdJwt","rawDisclosures","split","decodedJwt","decodeJwt","sdJwt","header","protectedHeader","payload","disclosures","map","exports","disclose","claims","SdJwt4VC","paths","Promise","all","claim","disclosure","find","_ref","name","ClaimsNotFoundBetweenDislosures","hash","sha256ToBase64","verified_claims","_sd","includes","index","indexOf","path","verification","ClaimsNotFoundInToken","filteredDisclosures","filter","d","disclosedToken","join","verify","publicKey","verifyJwt","verifyDisclosure"],"sourceRoot":"../../../src","sources":["sd-jwt/index.ts"],"mappings":";;;;;;AAEA,IAAAA,iBAAA,GAAAC,OAAA;AAKA,IAAAC,MAAA,GAAAD,OAAA;AACA,IAAAE,SAAA,GAAAF,OAAA;AAEA,IAAAG,OAAA,GAAAH,OAAA;AAKA,MAAMI,gBAAgB,GAAIC,OAAe,IAA4B;EACnE,MAAMC,OAAO,GAAGC,iBAAU,CAACC,KAAK,CAACC,IAAI,CAACD,KAAK,CAAC,IAAAE,8BAAY,EAACL,OAAO,CAAC,CAAC,CAAC;EACnE,OAAO;IAAEC,OAAO;IAAED;EAAQ,CAAC;AAC7B,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMM,MAAM,GAAGA,CACpBC,KAAa,EACbC,MAAS,KAIN;EACH;EACA,IAAID,KAAK,CAACE,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,GAAG,EAAE;IAC3BF,KAAK,GAAGA,KAAK,CAACE,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;EAC5B;EACA,MAAM,CAACC,QAAQ,GAAG,EAAE,EAAE,GAAGC,cAAc,CAAC,GAAGJ,KAAK,CAACK,KAAK,CAAC,GAAG,CAAC;;EAE3D;EACA;EACA,MAAMC,UAAU,GAAG,IAAAC,wBAAS,EAACJ,QAAQ,CAAC;EACtC,MAAMK,KAAK,GAAGP,MAAM,CAACL,KAAK,CAAC;IACzBa,MAAM,EAAEH,UAAU,CAACI,eAAe;IAClCC,OAAO,EAAEL,UAAU,CAACK;EACtB,CAAC,CAAC;;EAEF;EACA;EACA;EACA,MAAMC,WAAW,GAAGR,cAAc,CAACS,GAAG,CAACrB,gBAAgB,CAAC;EAExD,OAAO;IAAEgB,KAAK;IAAEI;EAAY,CAAC;AAC/B,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAZAE,OAAA,CAAAf,MAAA,GAAAA,MAAA;AAaO,MAAMgB,QAAQ,GAAG,MAAAA,CACtBf,KAAa,EACbgB,MAAgB,KACyD;EACzE,MAAM,CAACb,QAAQ,EAAE,GAAGC,cAAc,CAAC,GAAGJ,KAAK,CAACK,KAAK,CAAC,GAAG,CAAC;EACtD,MAAM;IAAEG,KAAK;IAAEI;EAAY,CAAC,GAAGb,MAAM,CAACC,KAAK,EAAEiB,eAAQ,CAAC;;EAEtD;EACA,MAAMC,KAAK,GAAG,MAAMC,OAAO,CAACC,GAAG,CAC7BJ,MAAM,CAACH,GAAG,CAAC,MAAOQ,KAAK,IAAK;IAC1B,MAAMC,UAAU,GAAGV,WAAW,CAACW,IAAI,CACjCC,IAAA;MAAA,IAAC;QAAE9B,OAAO,EAAE,GAAG+B,IAAI;MAAE,CAAC,GAAAD,IAAA;MAAA,OAAKC,IAAI,KAAKJ,KAAK;IAAA,CAC3C,CAAC;;IAED;IACA,IAAI,CAACC,UAAU,EAAE;MACf,MAAM,IAAII,uCAA+B,CAACL,KAAK,CAAC;IAClD;IAEA,MAAMM,IAAI,GAAG,MAAM,IAAAC,gCAAc,EAACN,UAAU,CAAC7B,OAAO,CAAC;;IAErD;IACA;IACA,IAAIe,KAAK,CAACG,OAAO,CAACkB,eAAe,CAACb,MAAM,CAACc,GAAG,CAACC,QAAQ,CAACJ,IAAI,CAAC,EAAE;MAC3D,MAAMK,KAAK,GAAGxB,KAAK,CAACG,OAAO,CAACkB,eAAe,CAACb,MAAM,CAACc,GAAG,CAACG,OAAO,CAACN,IAAI,CAAC;MACpE,OAAO;QAAEN,KAAK;QAAEa,IAAI,EAAG,8BAA6BF,KAAM;MAAG,CAAC;IAChE,CAAC,MAAM,IACLxB,KAAK,CAACG,OAAO,CAACkB,eAAe,CAACM,YAAY,CAACL,GAAG,CAACC,QAAQ,CAACJ,IAAI,CAAC,EAC7D;MACA,MAAMK,KAAK,GACTxB,KAAK,CAACG,OAAO,CAACkB,eAAe,CAACM,YAAY,CAACL,GAAG,CAACG,OAAO,CAACN,IAAI,CAAC;MAC9D,OAAO;QAAEN,KAAK;QAAEa,IAAI,EAAG,oCAAmCF,KAAM;MAAG,CAAC;IACtE;IAEA,MAAM,IAAII,6BAAqB,CAACf,KAAK,CAAC;EACxC,CAAC,CACH,CAAC;EAED,MAAMgB,mBAAmB,GAAGjC,cAAc,CAACkC,MAAM,CAAEC,CAAC,IAAK;IACvD,MAAM;MACJ7C,OAAO,EAAE,GAAG+B,IAAI;IAClB,CAAC,GAAGjC,gBAAgB,CAAC+C,CAAC,CAAC;IACvB,OAAOvB,MAAM,CAACe,QAAQ,CAACN,IAAI,CAAC;EAC9B,CAAC,CAAC;;EAEF;EACA,MAAMe,cAAc,GAAG,CAACrC,QAAQ,EAAE,GAAGkC,mBAAmB,CAAC,CAACI,IAAI,CAAC,GAAG,CAAC;EAEnE,OAAO;IAAEzC,KAAK,EAAEwC,cAAc;IAAEtB;EAAM,CAAC;AACzC,CAAC;;AAED;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAfAJ,OAAA,CAAAC,QAAA,GAAAA,QAAA;AAgBO,MAAM2B,MAAM,GAAG,MAAAA,CACpB1C,KAAa,EACb2C,SAAc,EACd1C,MAAS,KACqD;EAC9D;EACA,MAAM,CAACE,QAAQ,GAAG,EAAE,CAAC,GAAGH,KAAK,CAACK,KAAK,CAAC,GAAG,CAAC;EACxC,MAAMX,OAAO,GAAGK,MAAM,CAACC,KAAK,EAAEC,MAAM,CAAC;;EAErC;EACA,MAAM,IAAA2C,wBAAS,EAACzC,QAAQ,EAAEwC,SAAS,CAAC;;EAEpC;EACA,MAAM3B,MAAM,GAAG,CACb,GAAGtB,OAAO,CAACc,KAAK,CAACG,OAAO,CAACkB,eAAe,CAACM,YAAY,CAACL,GAAG,EACzD,GAAGpC,OAAO,CAACc,KAAK,CAACG,OAAO,CAACkB,eAAe,CAACb,MAAM,CAACc,GAAG,CACpD;EAED,MAAMX,OAAO,CAACC,GAAG,CACf1B,OAAO,CAACkB,WAAW,CAACC,GAAG,CACrB,MAAOS,UAAU,IAAK,MAAM,IAAAuB,0BAAgB,EAACvB,UAAU,EAAEN,MAAM,CACjE,CACF,CAAC;EAED,OAAO;IACLR,KAAK,EAAEd,OAAO,CAACc,KAAK;IACpBI,WAAW,EAAElB,OAAO,CAACkB,WAAW,CAACC,GAAG,CAAE0B,CAAC,IAAKA,CAAC,CAAC7C,OAAO;EACvD,CAAC;AACH,CAAC;AAACoB,OAAA,CAAA4B,MAAA,GAAAA,MAAA"}
|
|
@@ -20,6 +20,15 @@ const ObfuscatedDisclosures = _zod.z.object({
|
|
|
20
20
|
*/
|
|
21
21
|
exports.ObfuscatedDisclosures = ObfuscatedDisclosures;
|
|
22
22
|
const Disclosure = _zod.z.tuple([/* salt */_zod.z.string(), /* claim name */_zod.z.string(), /* claim value */_zod.z.unknown()]);
|
|
23
|
+
|
|
24
|
+
/**
|
|
25
|
+
* Encoding depends on the serialization algorithm used when generating the disclosure tokens.
|
|
26
|
+
* The SD-JWT reference itself take no decision about how to handle whitespaces in serialized objects.
|
|
27
|
+
* For such reason, we may find conveninent to have encoded and decode values stored explicitly in the same structure.
|
|
28
|
+
* Please note that `encoded` can always decode into `decode`, but `decode` may or may not be encoded with the same value of `encoded`
|
|
29
|
+
*
|
|
30
|
+
* @see https://www.ietf.org/id/draft-ietf-oauth-selective-disclosure-jwt-05.html#name-disclosures-for-object-prop
|
|
31
|
+
*/
|
|
23
32
|
exports.Disclosure = Disclosure;
|
|
24
33
|
const SdJwt4VC = _zod.z.object({
|
|
25
34
|
header: _zod.z.object({
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["_jwk","require","_zod","UnixTime","z","number","min","max","exports","ObfuscatedDisclosures","object","_sd","array","string","Disclosure","tuple","unknown","SdJwt4VC","header","typ","literal","alg","kid","optional","trust_chain","payload","iss","sub","jti","iat","exp","status","cnf","jwk","JWK","type","verified_claims","verification","intersection","trust_framework","assurance_level","claims","_sd_alg"],"sourceRoot":"../../../src","sources":["sd-jwt/types.ts"],"mappings":";;;;;;AAAA,IAAAA,IAAA,GAAAC,OAAA;AACA,IAAAC,IAAA,GAAAD,OAAA;AAEO,MAAME,QAAQ,GAAGC,MAAC,CAACC,MAAM,CAAC,CAAC,CAACC,GAAG,CAAC,CAAC,CAAC,CAACC,GAAG,CAAC,aAAa,CAAC;AAACC,OAAA,CAAAL,QAAA,GAAAA,QAAA;AAItD,MAAMM,qBAAqB,GAAGL,MAAC,CAACM,MAAM,CAAC;EAAEC,GAAG,EAAEP,MAAC,CAACQ,KAAK,CAACR,MAAC,CAACS,MAAM,CAAC,CAAC;AAAE,CAAC,CAAC;;AAE3E;AACA;AACA;AACA;AACA;AACA;AALAL,OAAA,CAAAC,qBAAA,GAAAA,qBAAA;AAOO,MAAMK,UAAU,GAAGV,MAAC,CAACW,KAAK,CAAC,CAChC,UAAWX,MAAC,CAACS,MAAM,CAAC,CAAC,EACrB,gBAAiBT,MAAC,CAACS,MAAM,CAAC,CAAC,EAC3B,iBAAkBT,MAAC,CAACY,OAAO,CAAC,CAAC,CAC9B,CAAC;
|
|
1
|
+
{"version":3,"names":["_jwk","require","_zod","UnixTime","z","number","min","max","exports","ObfuscatedDisclosures","object","_sd","array","string","Disclosure","tuple","unknown","SdJwt4VC","header","typ","literal","alg","kid","optional","trust_chain","payload","iss","sub","jti","iat","exp","status","cnf","jwk","JWK","type","verified_claims","verification","intersection","trust_framework","assurance_level","claims","_sd_alg"],"sourceRoot":"../../../src","sources":["sd-jwt/types.ts"],"mappings":";;;;;;AAAA,IAAAA,IAAA,GAAAC,OAAA;AACA,IAAAC,IAAA,GAAAD,OAAA;AAEO,MAAME,QAAQ,GAAGC,MAAC,CAACC,MAAM,CAAC,CAAC,CAACC,GAAG,CAAC,CAAC,CAAC,CAACC,GAAG,CAAC,aAAa,CAAC;AAACC,OAAA,CAAAL,QAAA,GAAAA,QAAA;AAItD,MAAMM,qBAAqB,GAAGL,MAAC,CAACM,MAAM,CAAC;EAAEC,GAAG,EAAEP,MAAC,CAACQ,KAAK,CAACR,MAAC,CAACS,MAAM,CAAC,CAAC;AAAE,CAAC,CAAC;;AAE3E;AACA;AACA;AACA;AACA;AACA;AALAL,OAAA,CAAAC,qBAAA,GAAAA,qBAAA;AAOO,MAAMK,UAAU,GAAGV,MAAC,CAACW,KAAK,CAAC,CAChC,UAAWX,MAAC,CAACS,MAAM,CAAC,CAAC,EACrB,gBAAiBT,MAAC,CAACS,MAAM,CAAC,CAAC,EAC3B,iBAAkBT,MAAC,CAACY,OAAO,CAAC,CAAC,CAC9B,CAAC;;AAEF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAPAR,OAAA,CAAAM,UAAA,GAAAA,UAAA;AAcO,MAAMG,QAAQ,GAAGb,MAAC,CAACM,MAAM,CAAC;EAC/BQ,MAAM,EAAEd,MAAC,CAACM,MAAM,CAAC;IACfS,GAAG,EAAEf,MAAC,CAACgB,OAAO,CAAC,WAAW,CAAC;IAC3BC,GAAG,EAAEjB,MAAC,CAACS,MAAM,CAAC,CAAC;IACfS,GAAG,EAAElB,MAAC,CAACS,MAAM,CAAC,CAAC,CAACU,QAAQ,CAAC,CAAC;IAC1BC,WAAW,EAAEpB,MAAC,CAACQ,KAAK,CAACR,MAAC,CAACS,MAAM,CAAC,CAAC;EACjC,CAAC,CAAC;EACFY,OAAO,EAAErB,MAAC,CAACM,MAAM,CAAC;IAChBgB,GAAG,EAAEtB,MAAC,CAACS,MAAM,CAAC,CAAC;IACfc,GAAG,EAAEvB,MAAC,CAACS,MAAM,CAAC,CAAC;IACfe,GAAG,EAAExB,MAAC,CAACS,MAAM,CAAC,CAAC;IACfgB,GAAG,EAAE1B,QAAQ;IACb2B,GAAG,EAAE3B,QAAQ;IACb4B,MAAM,EAAE3B,MAAC,CAACS,MAAM,CAAC,CAAC;IAClBmB,GAAG,EAAE5B,MAAC,CAACM,MAAM,CAAC;MACZuB,GAAG,EAAEC;IACP,CAAC,CAAC;IACFC,IAAI,EAAE/B,MAAC,CAACgB,OAAO,CAAC,0BAA0B,CAAC;IAC3CgB,eAAe,EAAEhC,MAAC,CAACM,MAAM,CAAC;MACxB2B,YAAY,EAAEjC,MAAC,CAACkC,YAAY,CAC1BlC,MAAC,CAACM,MAAM,CAAC;QACP6B,eAAe,EAAEnC,MAAC,CAACgB,OAAO,CAAC,OAAO,CAAC;QACnCoB,eAAe,EAAEpC,MAAC,CAACS,MAAM,CAAC;MAC5B,CAAC,CAAC,EACFJ,qBACF,CAAC;MACDgC,MAAM,EAAEhC;IACV,CAAC,CAAC;IACFiC,OAAO,EAAEtC,MAAC,CAACgB,OAAO,CAAC,SAAS;EAC9B,CAAC;AACH,CAAC,CAAC;AAACZ,OAAA,CAAAS,QAAA,GAAAA,QAAA"}
|
|
@@ -6,12 +6,14 @@ Object.defineProperty(exports, "__esModule", {
|
|
|
6
6
|
exports.verifyDisclosure = void 0;
|
|
7
7
|
var _ioReactNativeJwt = require("@pagopa/io-react-native-jwt");
|
|
8
8
|
var _errors = require("../utils/errors");
|
|
9
|
-
const verifyDisclosure = async (
|
|
10
|
-
let
|
|
11
|
-
|
|
12
|
-
|
|
9
|
+
const verifyDisclosure = async (_ref, claims) => {
|
|
10
|
+
let {
|
|
11
|
+
encoded,
|
|
12
|
+
decoded
|
|
13
|
+
} = _ref;
|
|
14
|
+
let hash = await (0, _ioReactNativeJwt.sha256ToBase64)(encoded);
|
|
13
15
|
if (!claims.includes(hash)) {
|
|
14
|
-
throw new _errors.ValidationFailed("Validation of disclosure failed", `${
|
|
16
|
+
throw new _errors.ValidationFailed("Validation of disclosure failed", `${decoded}`, "Disclosure hash not found in claims");
|
|
15
17
|
}
|
|
16
18
|
};
|
|
17
19
|
exports.verifyDisclosure = verifyDisclosure;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["_ioReactNativeJwt","require","_errors","verifyDisclosure","
|
|
1
|
+
{"version":3,"names":["_ioReactNativeJwt","require","_errors","verifyDisclosure","_ref","claims","encoded","decoded","hash","sha256ToBase64","includes","ValidationFailed","exports"],"sourceRoot":"../../../src","sources":["sd-jwt/verifier.ts"],"mappings":";;;;;;AAAA,IAAAA,iBAAA,GAAAC,OAAA;AAEA,IAAAC,OAAA,GAAAD,OAAA;AAGO,MAAME,gBAAgB,GAAG,MAAAA,CAAAC,IAAA,EAE9BC,MAAoC,KACjC;EAAA,IAFH;IAAEC,OAAO;IAAEC;EAA+B,CAAC,GAAAH,IAAA;EAG3C,IAAII,IAAI,GAAG,MAAM,IAAAC,gCAAc,EAACH,OAAO,CAAC;EACxC,IAAI,CAACD,MAAM,CAACK,QAAQ,CAACF,IAAI,CAAC,EAAE;IAC1B,MAAM,IAAIG,wBAAgB,CACxB,iCAAiC,EAChC,GAAEJ,OAAQ,EAAC,EACZ,qCACF,CAAC;EACH;AACF,CAAC;AAACK,OAAA,CAAAT,gBAAA,GAAAA,gBAAA"}
|
|
@@ -3,7 +3,7 @@
|
|
|
3
3
|
Object.defineProperty(exports, "__esModule", {
|
|
4
4
|
value: true
|
|
5
5
|
});
|
|
6
|
-
exports.WalletInstanceAttestationIssuingError = exports.ValidationFailed = exports.PidIssuingError = exports.IoWalletError = exports.AuthRequestDecodeError = void 0;
|
|
6
|
+
exports.WalletInstanceAttestationIssuingError = exports.ValidationFailed = exports.PidMetadataError = exports.PidIssuingError = exports.NoSuitableKeysFoundInEntityConfiguration = exports.IoWalletError = exports.ClaimsNotFoundInToken = exports.ClaimsNotFoundBetweenDislosures = exports.AuthRequestDecodeError = void 0;
|
|
7
7
|
/**
|
|
8
8
|
* A generic Error that all other io-wallet specific Error subclasses extend.
|
|
9
9
|
*
|
|
@@ -126,5 +126,80 @@ class PidIssuingError extends IoWalletError {
|
|
|
126
126
|
this.reason = reason;
|
|
127
127
|
}
|
|
128
128
|
}
|
|
129
|
+
|
|
130
|
+
/**
|
|
131
|
+
* When claims are requested but not found in the credential
|
|
132
|
+
*
|
|
133
|
+
*/
|
|
129
134
|
exports.PidIssuingError = PidIssuingError;
|
|
135
|
+
class ClaimsNotFoundBetweenDislosures extends Error {
|
|
136
|
+
static get code() {
|
|
137
|
+
return "ERR_CLAIMS_NOT_FOUND";
|
|
138
|
+
}
|
|
139
|
+
code = "ERR_CLAIMS_NOT_FOUND";
|
|
140
|
+
|
|
141
|
+
/** The Claims not found */
|
|
142
|
+
|
|
143
|
+
constructor(claims) {
|
|
144
|
+
const c = Array.isArray(claims) ? claims : [claims];
|
|
145
|
+
const message = `Some requested claims are not present in the disclosurable values, claims: ${c.join(", ")}`;
|
|
146
|
+
super(message);
|
|
147
|
+
this.claims = c;
|
|
148
|
+
}
|
|
149
|
+
}
|
|
150
|
+
|
|
151
|
+
/**
|
|
152
|
+
* When the SD-JWT does not contain an hashed reference to a given set of claims
|
|
153
|
+
*/
|
|
154
|
+
exports.ClaimsNotFoundBetweenDislosures = ClaimsNotFoundBetweenDislosures;
|
|
155
|
+
class ClaimsNotFoundInToken extends Error {
|
|
156
|
+
static get code() {
|
|
157
|
+
return "ERR_CLAIMS_NOT_FOUND_IN_TOKEN";
|
|
158
|
+
}
|
|
159
|
+
code = "ERR_CLAIMS_NOT_FOUND_IN_TOKEN";
|
|
160
|
+
|
|
161
|
+
/** The Claims not found */
|
|
162
|
+
|
|
163
|
+
constructor(claims) {
|
|
164
|
+
const c = Array.isArray(claims) ? claims : [claims];
|
|
165
|
+
const message = `Some claims are not found in the given token, claims: ${c.join(", ")}`;
|
|
166
|
+
super(message);
|
|
167
|
+
this.claims = c;
|
|
168
|
+
}
|
|
169
|
+
}
|
|
170
|
+
|
|
171
|
+
/**
|
|
172
|
+
* When selecting a public key from an entity configuration, and no one meets the requirements for the scenario
|
|
173
|
+
*
|
|
174
|
+
*/
|
|
175
|
+
exports.ClaimsNotFoundInToken = ClaimsNotFoundInToken;
|
|
176
|
+
class NoSuitableKeysFoundInEntityConfiguration extends Error {
|
|
177
|
+
static get code() {
|
|
178
|
+
return "ERR_NO_SUITABLE_KEYS_NOT_FOUND";
|
|
179
|
+
}
|
|
180
|
+
code = "ERR_NO_SUITABLE_KEYS_NOT_FOUND";
|
|
181
|
+
|
|
182
|
+
/**
|
|
183
|
+
* @param scenario describe the scenario in which the error arise
|
|
184
|
+
*/
|
|
185
|
+
constructor(scenario) {
|
|
186
|
+
const message = `Entity configuration do not provide any suitable keys (${scenario}).`;
|
|
187
|
+
super(message);
|
|
188
|
+
}
|
|
189
|
+
}
|
|
190
|
+
|
|
191
|
+
/**
|
|
192
|
+
* When selecting a public key from an entity configuration, and no one meets the requirements for the scenario
|
|
193
|
+
*
|
|
194
|
+
*/
|
|
195
|
+
exports.NoSuitableKeysFoundInEntityConfiguration = NoSuitableKeysFoundInEntityConfiguration;
|
|
196
|
+
class PidMetadataError extends Error {
|
|
197
|
+
static get code() {
|
|
198
|
+
return "PID_METADATA_ERROR";
|
|
199
|
+
}
|
|
200
|
+
constructor(message) {
|
|
201
|
+
super(message);
|
|
202
|
+
}
|
|
203
|
+
}
|
|
204
|
+
exports.PidMetadataError = PidMetadataError;
|
|
130
205
|
//# sourceMappingURL=errors.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["IoWalletError","Error","code","constructor","message","_Error$captureStackTr","name","captureStackTrace","call","exports","ValidationFailed","claim","arguments","length","undefined","reason","WalletInstanceAttestationIssuingError","AuthRequestDecodeError","PidIssuingError"],"sourceRoot":"../../../src","sources":["utils/errors.ts"],"mappings":";;;;;;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMA,aAAa,SAASC,KAAK,CAAC;EACvC;EACA,WAAWC,IAAIA,CAAA,EAAW;IACxB,OAAO,uBAAuB;EAChC;;EAEA;EACAA,IAAI,GAAW,uBAAuB;EAEtCC,WAAWA,CAACC,OAAgB,EAAE;IAAA,IAAAC,qBAAA;IAC5B,KAAK,CAACD,OAAO,CAAC;IACd,IAAI,CAACE,IAAI,GAAG,IAAI,CAACH,WAAW,CAACG,IAAI;IACjC;IACA,CAAAD,qBAAA,GAAAJ,KAAK,CAACM,iBAAiB,cAAAF,qBAAA,uBAAvBA,qBAAA,CAAAG,IAAA,CAAAP,KAAK,EAAqB,IAAI,EAAE,IAAI,CAACE,WAAW,CAAC;EACnD;AACF;AACA;AACA;AACA;AACA;AAHAM,OAAA,CAAAT,aAAA,GAAAA,aAAA;AAIO,MAAMU,gBAAgB,SAASV,aAAa,CAAC;EAClD,WAAWE,IAAIA,CAAA,EAAsC;IACnD,OAAO,iCAAiC;EAC1C;EAEAA,IAAI,GAAG,iCAAiC;;EAExC;;EAGA;;EAGAC,WAAWA,CAACC,OAAe,EAAiD;IAAA,IAA/CO,KAAK,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,aAAa;IAAA,IAAEG,MAAM,GAAAH,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,aAAa;IACxE,KAAK,CAACR,OAAO,CAAC;IACd,IAAI,CAACO,KAAK,GAAGA,KAAK;IAClB,IAAI,CAACI,MAAM,GAAGA,MAAM;EACtB;AACF;;AAEA;AACA;AACA;AACA;AAHAN,OAAA,CAAAC,gBAAA,GAAAA,gBAAA;AAIO,MAAMM,qCAAqC,SAAShB,aAAa,CAAC;EACvE,WAAWE,IAAIA,CAAA,EAAwD;IACrE,OAAO,mDAAmD;EAC5D;EAEAA,IAAI,GAAG,mDAAmD;;EAE1D;;EAGA;;EAGAC,WAAWA,CAACC,OAAe,EAAiD;IAAA,IAA/CO,KAAK,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,aAAa;IAAA,IAAEG,MAAM,GAAAH,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,aAAa;IACxE,KAAK,CAACR,OAAO,CAAC;IACd,IAAI,CAACO,KAAK,GAAGA,KAAK;IAClB,IAAI,CAACI,MAAM,GAAGA,MAAM;EACtB;AACF;;AAEA;AACA;AACA;AACA;AAHAN,OAAA,CAAAO,qCAAA,GAAAA,qCAAA;AAIO,MAAMC,sBAAsB,SAASjB,aAAa,CAAC;EACxD,WAAWE,IAAIA,CAAA,EAAyD;IACtE,OAAO,oDAAoD;EAC7D;EAEAA,IAAI,GAAG,oDAAoD;;EAE3D;;EAGA;;EAGAC,WAAWA,CAACC,OAAe,EAAiD;IAAA,IAA/CO,KAAK,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,aAAa;IAAA,IAAEG,MAAM,GAAAH,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,aAAa;IACxE,KAAK,CAACR,OAAO,CAAC;IACd,IAAI,CAACO,KAAK,GAAGA,KAAK;IAClB,IAAI,CAACI,MAAM,GAAGA,MAAM;EACtB;AACF;;AAEA;AACA;AACA;AACA;AAHAN,OAAA,CAAAQ,sBAAA,GAAAA,sBAAA;AAIO,MAAMC,eAAe,SAASlB,aAAa,CAAC;EACjD,WAAWE,IAAIA,CAAA,EAAuC;IACpD,OAAO,kCAAkC;EAC3C;EAEAA,IAAI,GAAG,kCAAkC;;EAEzC;;EAGA;;EAGAC,WAAWA,CAACC,OAAe,EAAiD;IAAA,IAA/CO,KAAK,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,aAAa;IAAA,IAAEG,MAAM,GAAAH,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,aAAa;IACxE,KAAK,CAACR,OAAO,CAAC;IACd,IAAI,CAACO,KAAK,GAAGA,KAAK;IAClB,IAAI,CAACI,MAAM,GAAGA,MAAM;EACtB;AACF;
|
|
1
|
+
{"version":3,"names":["IoWalletError","Error","code","constructor","message","_Error$captureStackTr","name","captureStackTrace","call","exports","ValidationFailed","claim","arguments","length","undefined","reason","WalletInstanceAttestationIssuingError","AuthRequestDecodeError","PidIssuingError","ClaimsNotFoundBetweenDislosures","claims","c","Array","isArray","join","ClaimsNotFoundInToken","NoSuitableKeysFoundInEntityConfiguration","scenario","PidMetadataError"],"sourceRoot":"../../../src","sources":["utils/errors.ts"],"mappings":";;;;;;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMA,aAAa,SAASC,KAAK,CAAC;EACvC;EACA,WAAWC,IAAIA,CAAA,EAAW;IACxB,OAAO,uBAAuB;EAChC;;EAEA;EACAA,IAAI,GAAW,uBAAuB;EAEtCC,WAAWA,CAACC,OAAgB,EAAE;IAAA,IAAAC,qBAAA;IAC5B,KAAK,CAACD,OAAO,CAAC;IACd,IAAI,CAACE,IAAI,GAAG,IAAI,CAACH,WAAW,CAACG,IAAI;IACjC;IACA,CAAAD,qBAAA,GAAAJ,KAAK,CAACM,iBAAiB,cAAAF,qBAAA,uBAAvBA,qBAAA,CAAAG,IAAA,CAAAP,KAAK,EAAqB,IAAI,EAAE,IAAI,CAACE,WAAW,CAAC;EACnD;AACF;AACA;AACA;AACA;AACA;AAHAM,OAAA,CAAAT,aAAA,GAAAA,aAAA;AAIO,MAAMU,gBAAgB,SAASV,aAAa,CAAC;EAClD,WAAWE,IAAIA,CAAA,EAAsC;IACnD,OAAO,iCAAiC;EAC1C;EAEAA,IAAI,GAAG,iCAAiC;;EAExC;;EAGA;;EAGAC,WAAWA,CAACC,OAAe,EAAiD;IAAA,IAA/CO,KAAK,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,aAAa;IAAA,IAAEG,MAAM,GAAAH,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,aAAa;IACxE,KAAK,CAACR,OAAO,CAAC;IACd,IAAI,CAACO,KAAK,GAAGA,KAAK;IAClB,IAAI,CAACI,MAAM,GAAGA,MAAM;EACtB;AACF;;AAEA;AACA;AACA;AACA;AAHAN,OAAA,CAAAC,gBAAA,GAAAA,gBAAA;AAIO,MAAMM,qCAAqC,SAAShB,aAAa,CAAC;EACvE,WAAWE,IAAIA,CAAA,EAAwD;IACrE,OAAO,mDAAmD;EAC5D;EAEAA,IAAI,GAAG,mDAAmD;;EAE1D;;EAGA;;EAGAC,WAAWA,CAACC,OAAe,EAAiD;IAAA,IAA/CO,KAAK,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,aAAa;IAAA,IAAEG,MAAM,GAAAH,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,aAAa;IACxE,KAAK,CAACR,OAAO,CAAC;IACd,IAAI,CAACO,KAAK,GAAGA,KAAK;IAClB,IAAI,CAACI,MAAM,GAAGA,MAAM;EACtB;AACF;;AAEA;AACA;AACA;AACA;AAHAN,OAAA,CAAAO,qCAAA,GAAAA,qCAAA;AAIO,MAAMC,sBAAsB,SAASjB,aAAa,CAAC;EACxD,WAAWE,IAAIA,CAAA,EAAyD;IACtE,OAAO,oDAAoD;EAC7D;EAEAA,IAAI,GAAG,oDAAoD;;EAE3D;;EAGA;;EAGAC,WAAWA,CAACC,OAAe,EAAiD;IAAA,IAA/CO,KAAK,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,aAAa;IAAA,IAAEG,MAAM,GAAAH,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,aAAa;IACxE,KAAK,CAACR,OAAO,CAAC;IACd,IAAI,CAACO,KAAK,GAAGA,KAAK;IAClB,IAAI,CAACI,MAAM,GAAGA,MAAM;EACtB;AACF;;AAEA;AACA;AACA;AACA;AAHAN,OAAA,CAAAQ,sBAAA,GAAAA,sBAAA;AAIO,MAAMC,eAAe,SAASlB,aAAa,CAAC;EACjD,WAAWE,IAAIA,CAAA,EAAuC;IACpD,OAAO,kCAAkC;EAC3C;EAEAA,IAAI,GAAG,kCAAkC;;EAEzC;;EAGA;;EAGAC,WAAWA,CAACC,OAAe,EAAiD;IAAA,IAA/CO,KAAK,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,aAAa;IAAA,IAAEG,MAAM,GAAAH,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,aAAa;IACxE,KAAK,CAACR,OAAO,CAAC;IACd,IAAI,CAACO,KAAK,GAAGA,KAAK;IAClB,IAAI,CAACI,MAAM,GAAGA,MAAM;EACtB;AACF;;AAEA;AACA;AACA;AACA;AAHAN,OAAA,CAAAS,eAAA,GAAAA,eAAA;AAIO,MAAMC,+BAA+B,SAASlB,KAAK,CAAC;EACzD,WAAWC,IAAIA,CAAA,EAA2B;IACxC,OAAO,sBAAsB;EAC/B;EAEAA,IAAI,GAAG,sBAAsB;;EAE7B;;EAGAC,WAAWA,CAACiB,MAAyB,EAAE;IACrC,MAAMC,CAAC,GAAGC,KAAK,CAACC,OAAO,CAACH,MAAM,CAAC,GAAGA,MAAM,GAAG,CAACA,MAAM,CAAC;IACnD,MAAMhB,OAAO,GAAI,8EAA6EiB,CAAC,CAACG,IAAI,CAClG,IACF,CAAE,EAAC;IACH,KAAK,CAACpB,OAAO,CAAC;IACd,IAAI,CAACgB,MAAM,GAAGC,CAAC;EACjB;AACF;;AAEA;AACA;AACA;AAFAZ,OAAA,CAAAU,+BAAA,GAAAA,+BAAA;AAGO,MAAMM,qBAAqB,SAASxB,KAAK,CAAC;EAC/C,WAAWC,IAAIA,CAAA,EAAoC;IACjD,OAAO,+BAA+B;EACxC;EAEAA,IAAI,GAAG,+BAA+B;;EAEtC;;EAGAC,WAAWA,CAACiB,MAAyB,EAAE;IACrC,MAAMC,CAAC,GAAGC,KAAK,CAACC,OAAO,CAACH,MAAM,CAAC,GAAGA,MAAM,GAAG,CAACA,MAAM,CAAC;IACnD,MAAMhB,OAAO,GAAI,yDAAwDiB,CAAC,CAACG,IAAI,CAC7E,IACF,CAAE,EAAC;IACH,KAAK,CAACpB,OAAO,CAAC;IACd,IAAI,CAACgB,MAAM,GAAGC,CAAC;EACjB;AACF;;AAEA;AACA;AACA;AACA;AAHAZ,OAAA,CAAAgB,qBAAA,GAAAA,qBAAA;AAIO,MAAMC,wCAAwC,SAASzB,KAAK,CAAC;EAClE,WAAWC,IAAIA,CAAA,EAAqC;IAClD,OAAO,gCAAgC;EACzC;EAEAA,IAAI,GAAG,gCAAgC;;EAEvC;AACF;AACA;EACEC,WAAWA,CAACwB,QAAgB,EAAE;IAC5B,MAAMvB,OAAO,GAAI,0DAAyDuB,QAAS,IAAG;IACtF,KAAK,CAACvB,OAAO,CAAC;EAChB;AACF;;AAEA;AACA;AACA;AACA;AAHAK,OAAA,CAAAiB,wCAAA,GAAAA,wCAAA;AAIO,MAAME,gBAAgB,SAAS3B,KAAK,CAAC;EAC1C,WAAWC,IAAIA,CAAA,EAAyB;IACtC,OAAO,oBAAoB;EAC7B;EAEAC,WAAWA,CAACC,OAAe,EAAE;IAC3B,KAAK,CAACA,OAAO,CAAC;EAChB;AACF;AAACK,OAAA,CAAAmB,gBAAA,GAAAA,gBAAA"}
|
|
@@ -1,10 +1,11 @@
|
|
|
1
|
-
import { decode as decodeJwt, sha256ToBase64 } from "@pagopa/io-react-native-jwt";
|
|
1
|
+
import { decode as decodeJwt, verify as verifyJwt, sha256ToBase64 } from "@pagopa/io-react-native-jwt";
|
|
2
2
|
import { SignJWT, thumbprint } from "@pagopa/io-react-native-jwt";
|
|
3
3
|
import { JWK } from "../utils/jwk";
|
|
4
4
|
import uuid from "react-native-uuid";
|
|
5
|
-
import { PidIssuingError } from "../utils/errors";
|
|
5
|
+
import { PidIssuingError, PidMetadataError } from "../utils/errors";
|
|
6
6
|
import { getUnsignedDPop } from "../utils/dpop";
|
|
7
7
|
import { sign, generate, deleteKey } from "@pagopa/io-react-native-crypto";
|
|
8
|
+
import { PidIssuerEntityConfiguration } from "./metadata";
|
|
8
9
|
|
|
9
10
|
// This is a temporary type that will be used for demo purposes only
|
|
10
11
|
|
|
@@ -221,5 +222,32 @@ export class Issuing {
|
|
|
221
222
|
}
|
|
222
223
|
throw new PidIssuingError(`Unable to obtain credential!`);
|
|
223
224
|
}
|
|
225
|
+
|
|
226
|
+
/**
|
|
227
|
+
* Obtain the PID issuer metadata
|
|
228
|
+
*
|
|
229
|
+
* @function
|
|
230
|
+
* @returns PID issuer metadata
|
|
231
|
+
*
|
|
232
|
+
*/
|
|
233
|
+
async getEntityConfiguration() {
|
|
234
|
+
const metadataUrl = new URL(".well-known/openid-federation", this.pidProviderBaseUrl).href;
|
|
235
|
+
const response = await this.appFetch(metadataUrl);
|
|
236
|
+
if (response.status === 200) {
|
|
237
|
+
const jwtMetadata = await response.text();
|
|
238
|
+
const {
|
|
239
|
+
payload
|
|
240
|
+
} = decodeJwt(jwtMetadata);
|
|
241
|
+
const result = PidIssuerEntityConfiguration.safeParse(payload);
|
|
242
|
+
if (result.success) {
|
|
243
|
+
const parsedMetadata = result.data;
|
|
244
|
+
await verifyJwt(jwtMetadata, parsedMetadata.jwks.keys);
|
|
245
|
+
return parsedMetadata;
|
|
246
|
+
} else {
|
|
247
|
+
throw new PidMetadataError(result.error.message);
|
|
248
|
+
}
|
|
249
|
+
}
|
|
250
|
+
throw new PidMetadataError(`Unable to obtain PID metadata. Response: ${await response.text()} with status: ${response.status}`);
|
|
251
|
+
}
|
|
224
252
|
}
|
|
225
253
|
//# sourceMappingURL=issuing.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["decode","decodeJwt","sha256ToBase64","SignJWT","thumbprint","JWK","uuid","PidIssuingError","getUnsignedDPop","sign","generate","deleteKey","Issuing","constructor","pidProviderBaseUrl","walletProviderBaseUrl","walletInstanceAttestation","clientId","appFetch","arguments","length","undefined","fetch","state","v4","codeVerifier","authorizationCode","getUnsignedJwtForPar","jwk","parsedJwk","parse","keyThumbprint","publicKey","kid","codeChallenge","unsignedJwtForPar","client_assertion_type","authorization_details","credentialDefinition","type","format","response_type","code_challenge_method","redirect_uri","client_id","code_challenge","setProtectedHeader","alg","setIssuedAt","setExpirationTime","toSign","getPar","signature","signedJwtForPar","appendSignature","parUrl","URL","href","requestBody","client_assertion","request","formBody","URLSearchParams","response","method","headers","body","toString","status","result","json","request_uri","text","getUnsignedDPoP","tokenUrl","dPop","htm","htu","jti","getAuthToken","dPopKeyTag","dPopKey","unsignedDPopForToken","dPopTokenSignature","signedDPop","decodedJwtDPop","payload","grant_type","code","code_verifier","DPoP","getUnsignedNonceProof","nonce","unsignedProof","setAudience","setIssuer","getCredential","unsignedDPopForPid","dPopPidSignature","unsignedNonceProof","nonceProofSignature","accessToken","cieData","signedDPopForPid","signedNonceProof","credentialUrl","credential_definition","JSON","stringify","proof","jwt","proof_type","Authorization"],"sourceRoot":"../../../src","sources":["pid/issuing.ts"],"mappings":"AAAA,SACEA,MAAM,IAAIC,SAAS,EACnBC,cAAc,QACT,6BAA6B;AAEpC,SAASC,OAAO,EAAEC,UAAU,QAAQ,6BAA6B;AACjE,SAASC,GAAG,QAAQ,cAAc;AAClC,OAAOC,IAAI,MAAM,mBAAmB;AACpC,SAASC,eAAe,QAAQ,iBAAiB;
|
|
1
|
+
{"version":3,"names":["decode","decodeJwt","verify","verifyJwt","sha256ToBase64","SignJWT","thumbprint","JWK","uuid","PidIssuingError","PidMetadataError","getUnsignedDPop","sign","generate","deleteKey","PidIssuerEntityConfiguration","Issuing","constructor","pidProviderBaseUrl","walletProviderBaseUrl","walletInstanceAttestation","clientId","appFetch","arguments","length","undefined","fetch","state","v4","codeVerifier","authorizationCode","getUnsignedJwtForPar","jwk","parsedJwk","parse","keyThumbprint","publicKey","kid","codeChallenge","unsignedJwtForPar","client_assertion_type","authorization_details","credentialDefinition","type","format","response_type","code_challenge_method","redirect_uri","client_id","code_challenge","setProtectedHeader","alg","setIssuedAt","setExpirationTime","toSign","getPar","signature","signedJwtForPar","appendSignature","parUrl","URL","href","requestBody","client_assertion","request","formBody","URLSearchParams","response","method","headers","body","toString","status","result","json","request_uri","text","getUnsignedDPoP","tokenUrl","dPop","htm","htu","jti","getAuthToken","dPopKeyTag","dPopKey","unsignedDPopForToken","dPopTokenSignature","signedDPop","decodedJwtDPop","payload","grant_type","code","code_verifier","DPoP","getUnsignedNonceProof","nonce","unsignedProof","setAudience","setIssuer","getCredential","unsignedDPopForPid","dPopPidSignature","unsignedNonceProof","nonceProofSignature","accessToken","cieData","signedDPopForPid","signedNonceProof","credentialUrl","credential_definition","JSON","stringify","proof","jwt","proof_type","Authorization","getEntityConfiguration","metadataUrl","jwtMetadata","safeParse","success","parsedMetadata","data","jwks","keys","error","message"],"sourceRoot":"../../../src","sources":["pid/issuing.ts"],"mappings":"AAAA,SACEA,MAAM,IAAIC,SAAS,EACnBC,MAAM,IAAIC,SAAS,EACnBC,cAAc,QACT,6BAA6B;AAEpC,SAASC,OAAO,EAAEC,UAAU,QAAQ,6BAA6B;AACjE,SAASC,GAAG,QAAQ,cAAc;AAClC,OAAOC,IAAI,MAAM,mBAAmB;AACpC,SAASC,eAAe,EAAEC,gBAAgB,QAAQ,iBAAiB;AACnE,SAASC,eAAe,QAAQ,eAAe;AAC/C,SAASC,IAAI,EAAEC,QAAQ,EAAEC,SAAS,QAAQ,gCAAgC;AAC1E,SAASC,4BAA4B,QAAQ,YAAY;;AAEzD;;AAgBA,OAAO,MAAMC,OAAO,CAAC;EAUnBC,WAAWA,CACTC,kBAA0B,EAC1BC,qBAA6B,EAC7BC,yBAAiC,EACjCC,QAAgB,EAEhB;IAAA,IADAC,QAA8B,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAGG,KAAK;IAEtC,IAAI,CAACR,kBAAkB,GAAGA,kBAAkB;IAC5C,IAAI,CAACC,qBAAqB,GAAGA,qBAAqB;IAClD,IAAI,CAACQ,KAAK,GAAI,GAAEnB,IAAI,CAACoB,EAAE,CAAC,CAAE,EAAC;IAC3B,IAAI,CAACC,YAAY,GAAI,GAAErB,IAAI,CAACoB,EAAE,CAAC,CAAE,EAAC;IAClC,IAAI,CAACE,iBAAiB,GAAI,GAAEtB,IAAI,CAACoB,EAAE,CAAC,CAAE,EAAC;IACvC,IAAI,CAACR,yBAAyB,GAAGA,yBAAyB;IAC1D,IAAI,CAACC,QAAQ,GAAGA,QAAQ;IACxB,IAAI,CAACC,QAAQ,GAAGA,QAAQ;EAC1B;;EAEA;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACE,MAAMS,oBAAoBA,CAACC,GAAQ,EAAmB;IACpD,MAAMC,SAAS,GAAG1B,GAAG,CAAC2B,KAAK,CAACF,GAAG,CAAC;IAChC,MAAMG,aAAa,GAAG,MAAM7B,UAAU,CAAC2B,SAAS,CAAC;IACjD,MAAMG,SAAS,GAAG;MAAE,GAAGH,SAAS;MAAEI,GAAG,EAAEF;IAAc,CAAC;IACtD,MAAMG,aAAa,GAAG,MAAMlC,cAAc,CAAC,IAAI,CAACyB,YAAY,CAAC;IAE7D,MAAMU,iBAAiB,GAAG,IAAIlC,OAAO,CAAC;MACpCmC,qBAAqB,EACnB,wDAAwD;MAC1DC,qBAAqB,EAAE,CACrB;QACEC,oBAAoB,EAAE;UACpBC,IAAI,EAAE,CAAC,iBAAiB;QAC1B,CAAC;QACDC,MAAM,EAAE,WAAW;QACnBD,IAAI,EAAE;MACR,CAAC,CACF;MACDE,aAAa,EAAE,MAAM;MACrBC,qBAAqB,EAAE,MAAM;MAC7BC,YAAY,EAAE,IAAI,CAAC5B,qBAAqB;MACxCQ,KAAK,EAAE,IAAI,CAACA,KAAK;MACjBqB,SAAS,EAAE,IAAI,CAAC3B,QAAQ;MACxB4B,cAAc,EAAEX;IAClB,CAAC,CAAC,CACCY,kBAAkB,CAAC;MAClBC,GAAG,EAAE,OAAO;MACZd,GAAG,EAAED,SAAS,CAACC;IACjB,CAAC,CAAC,CACDe,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBC,MAAM,CAAC,CAAC;IAEX,OAAOf,iBAAiB;EAC1B;;EAEA;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACE,MAAMgB,MAAMA,CAAChB,iBAAyB,EAAEiB,SAAiB,EAAmB;IAC1E,MAAMlB,aAAa,GAAG,MAAMlC,cAAc,CAAC,IAAI,CAACyB,YAAY,CAAC;IAC7D,MAAM4B,eAAe,GAAG,MAAMpD,OAAO,CAACqD,eAAe,CACnDnB,iBAAiB,EACjBiB,SACF,CAAC;IAED,MAAMG,MAAM,GAAG,IAAIC,GAAG,CAAC,SAAS,EAAE,IAAI,CAAC1C,kBAAkB,CAAC,CAAC2C,IAAI;IAE/D,MAAMC,WAAW,GAAG;MAClBjB,aAAa,EAAE,MAAM;MACrBG,SAAS,EAAE,IAAI,CAAC3B,QAAQ;MACxB4B,cAAc,EAAEX,aAAa;MAC7BQ,qBAAqB,EAAE,MAAM;MAC7BN,qBAAqB,EACnB,wDAAwD;MAC1DuB,gBAAgB,EAAE,IAAI,CAAC3C,yBAAyB;MAChD4C,OAAO,EAAEP;IACX,CAAC;IAED,IAAIQ,QAAQ,GAAG,IAAIC,eAAe,CAACJ,WAAW,CAAC;IAE/C,MAAMK,QAAQ,GAAG,MAAM,IAAI,CAAC7C,QAAQ,CAACqC,MAAM,EAAE;MAC3CS,MAAM,EAAE,MAAM;MACdC,OAAO,EAAE;QACP,cAAc,EAAE;MAClB,CAAC;MACDC,IAAI,EAAEL,QAAQ,CAACM,QAAQ,CAAC;IAC1B,CAAC,CAAC;IAEF,IAAIJ,QAAQ,CAACK,MAAM,KAAK,GAAG,EAAE;MAC3B,MAAMC,MAAM,GAAG,MAAMN,QAAQ,CAACO,IAAI,CAAC,CAAC;MACpC,OAAOD,MAAM,CAACE,WAAW;IAC3B;IAEA,MAAM,IAAIlE,eAAe,CACtB,wCAAuC,MAAM0D,QAAQ,CAACS,IAAI,CAAC,CAAE,EAChE,CAAC;EACH;;EAEA;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACE,MAAMC,eAAeA,CAAC7C,GAAQ,EAAmB;IAC/C,MAAM8C,QAAQ,GAAG,IAAIlB,GAAG,CAAC,QAAQ,EAAE,IAAI,CAAC1C,kBAAkB,CAAC,CAAC2C,IAAI;IAChE,MAAMkB,IAAI,GAAGpE,eAAe,CAACqB,GAAG,EAAE;MAChCgD,GAAG,EAAE,MAAM;MACXC,GAAG,EAAEH,QAAQ;MACbI,GAAG,EAAG,GAAE1E,IAAI,CAACoB,EAAE,CAAC,CAAE;IACpB,CAAC,CAAC;IACF,OAAOmD,IAAI;EACb;;EAEA;AACF;AACA;AACA;AACA;AACA;AACA;EACE,MAAMI,YAAYA,CAAA,EAA2B;IAC3C;IACA,MAAMC,UAAU,GAAI,GAAE5E,IAAI,CAACoB,EAAE,CAAC,CAAE,EAAC;IACjC,MAAMyD,OAAO,GAAG,MAAMxE,QAAQ,CAACuE,UAAU,CAAC;IAC1C,MAAME,oBAAoB,GAAG,MAAM,IAAI,CAACT,eAAe,CAACQ,OAAO,CAAC;IAChE,MAAME,kBAAkB,GAAG,MAAM3E,IAAI,CAAC0E,oBAAoB,EAAEF,UAAU,CAAC;IACvE,MAAMtE,SAAS,CAACsE,UAAU,CAAC;IAE3B,MAAMI,UAAU,GAAG,MAAMnF,OAAO,CAACqD,eAAe,CAC9C4B,oBAAoB,EACpBC,kBACF,CAAC;IACD,MAAME,cAAc,GAAGxF,SAAS,CAACuF,UAAU,CAAC;IAC5C,MAAMV,QAAQ,GAAGW,cAAc,CAACC,OAAO,CAACT,GAAa;IACrD,MAAMnB,WAAW,GAAG;MAClB6B,UAAU,EAAE,oBAAoB;MAChC3C,SAAS,EAAE,IAAI,CAAC3B,QAAQ;MACxBuE,IAAI,EAAE,IAAI,CAAC9D,iBAAiB;MAC5B+D,aAAa,EAAE,IAAI,CAAChE,YAAY;MAChCW,qBAAqB,EACnB,wDAAwD;MAC1DuB,gBAAgB,EAAE,IAAI,CAAC3C,yBAAyB;MAChD2B,YAAY,EAAE,IAAI,CAAC5B;IACrB,CAAC;IACD,IAAI8C,QAAQ,GAAG,IAAIC,eAAe,CAACJ,WAAW,CAAC;IAE/C,MAAMK,QAAQ,GAAG,MAAM,IAAI,CAAC7C,QAAQ,CAACwD,QAAQ,EAAE;MAC7CV,MAAM,EAAE,MAAM;MACdC,OAAO,EAAE;QACP,cAAc,EAAE,mCAAmC;QACnDyB,IAAI,EAAEN;MACR,CAAC;MACDlB,IAAI,EAAEL,QAAQ,CAACM,QAAQ,CAAC;IAC1B,CAAC,CAAC;IAEF,IAAIJ,QAAQ,CAACK,MAAM,KAAK,GAAG,EAAE;MAC3B,OAAO,MAAML,QAAQ,CAACO,IAAI,CAAC,CAAC;IAC9B;IAEA,MAAM,IAAIjE,eAAe,CACtB,0CAAyC,MAAM0D,QAAQ,CAACS,IAAI,CAAC,CAAE,EAClE,CAAC;EACH;;EAEA;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACE,MAAMmB,qBAAqBA,CAACC,KAAa,EAAmB;IAC1D,MAAMC,aAAa,GAAG,IAAI5F,OAAO,CAAC;MAChC2F;IACF,CAAC,CAAC,CACC9C,kBAAkB,CAAC;MAClBC,GAAG,EAAE,OAAO;MACZR,IAAI,EAAE;IACR,CAAC,CAAC,CACDuD,WAAW,CAAC,IAAI,CAAC/E,qBAAqB,CAAC,CACvCgF,SAAS,CAAC,IAAI,CAAC9E,QAAQ,CAAC,CACxB+B,WAAW,CAAC,CAAC,CACbC,iBAAiB,CAAC,IAAI,CAAC,CACvBC,MAAM,CAAC,CAAC;IACX,OAAO2C,aAAa;EACtB;;EAEA;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACE,MAAMG,aAAaA,CACjBC,kBAA0B,EAC1BC,gBAAwB,EACxBC,kBAA0B,EAC1BC,mBAA2B,EAC3BC,WAAmB,EACnBC,OAAgB,EACM;IACtB,MAAMC,gBAAgB,GAAG,MAAMtG,OAAO,CAACqD,eAAe,CACpD2C,kBAAkB,EAClBC,gBACF,CAAC;IACD,MAAMM,gBAAgB,GAAG,MAAMvG,OAAO,CAACqD,eAAe,CACpD6C,kBAAkB,EAClBC,mBACF,CAAC;IACD,MAAMK,aAAa,GAAG,IAAIjD,GAAG,CAAC,aAAa,EAAE,IAAI,CAAC1C,kBAAkB,CAAC,CAAC2C,IAAI;IAE1E,MAAMC,WAAW,GAAG;MAClBgD,qBAAqB,EAAEC,IAAI,CAACC,SAAS,CAAC;QAAErE,IAAI,EAAE,CAAC,iBAAiB;MAAE,CAAC,CAAC;MACpEC,MAAM,EAAE,WAAW;MACnBqE,KAAK,EAAEF,IAAI,CAACC,SAAS,CAAC;QACpBE,GAAG,EAAEN,gBAAgB;QACrBF,OAAO;QACPS,UAAU,EAAE;MACd,CAAC;IACH,CAAC;IACD,MAAMlD,QAAQ,GAAG,IAAIC,eAAe,CAACJ,WAAW,CAAC;IAEjD,MAAMK,QAAQ,GAAG,MAAM,IAAI,CAAC7C,QAAQ,CAACuF,aAAa,EAAE;MAClDzC,MAAM,EAAE,MAAM;MACdC,OAAO,EAAE;QACP,cAAc,EAAE,mCAAmC;QACnDyB,IAAI,EAAEa,gBAAgB;QACtBS,aAAa,EAAEX;MACjB,CAAC;MACDnC,IAAI,EAAEL,QAAQ,CAACM,QAAQ,CAAC;IAC1B,CAAC,CAAC;IAEF,IAAIJ,QAAQ,CAACK,MAAM,KAAK,GAAG,EAAE;MAC3B,OAAO,MAAML,QAAQ,CAACO,IAAI,CAAC,CAAC;IAC9B;IAEA,MAAM,IAAIjE,eAAe,CAAE,8BAA6B,CAAC;EAC3D;;EAEA;AACF;AACA;AACA;AACA;AACA;AACA;EACE,MAAM4G,sBAAsBA,CAAA,EAA0C;IACpE,MAAMC,WAAW,GAAG,IAAI1D,GAAG,CACzB,+BAA+B,EAC/B,IAAI,CAAC1C,kBACP,CAAC,CAAC2C,IAAI;IAEN,MAAMM,QAAQ,GAAG,MAAM,IAAI,CAAC7C,QAAQ,CAACgG,WAAW,CAAC;IAEjD,IAAInD,QAAQ,CAACK,MAAM,KAAK,GAAG,EAAE;MAC3B,MAAM+C,WAAW,GAAG,MAAMpD,QAAQ,CAACS,IAAI,CAAC,CAAC;MACzC,MAAM;QAAEc;MAAQ,CAAC,GAAGzF,SAAS,CAACsH,WAAW,CAAC;MAC1C,MAAM9C,MAAM,GAAG1D,4BAA4B,CAACyG,SAAS,CAAC9B,OAAO,CAAC;MAC9D,IAAIjB,MAAM,CAACgD,OAAO,EAAE;QAClB,MAAMC,cAAc,GAAGjD,MAAM,CAACkD,IAAI;QAClC,MAAMxH,SAAS,CAACoH,WAAW,EAAEG,cAAc,CAACE,IAAI,CAACC,IAAI,CAAC;QACtD,OAAOH,cAAc;MACvB,CAAC,MAAM;QACL,MAAM,IAAIhH,gBAAgB,CAAC+D,MAAM,CAACqD,KAAK,CAACC,OAAO,CAAC;MAClD;IACF;IAEA,MAAM,IAAIrH,gBAAgB,CACvB,4CAA2C,MAAMyD,QAAQ,CAACS,IAAI,CAAC,CAAE,iBAChET,QAAQ,CAACK,MACV,EACH,CAAC;EACH;AACF"}
|
|
@@ -0,0 +1,43 @@
|
|
|
1
|
+
import { JWK } from "../utils/jwk";
|
|
2
|
+
import { z } from "zod";
|
|
3
|
+
export const PidDisplayMetadata = z.object({
|
|
4
|
+
name: z.string(),
|
|
5
|
+
locale: z.string(),
|
|
6
|
+
logo: z.object({
|
|
7
|
+
url: z.string(),
|
|
8
|
+
alt_text: z.string()
|
|
9
|
+
}),
|
|
10
|
+
background_color: z.string(),
|
|
11
|
+
text_color: z.string()
|
|
12
|
+
});
|
|
13
|
+
export const PidIssuerEntityConfiguration = z.object({
|
|
14
|
+
jwks: z.object({
|
|
15
|
+
keys: z.array(JWK)
|
|
16
|
+
}),
|
|
17
|
+
metadata: z.object({
|
|
18
|
+
openid_credential_issuer: z.object({
|
|
19
|
+
credential_issuer: z.string(),
|
|
20
|
+
authorization_endpoint: z.string(),
|
|
21
|
+
token_endpoint: z.string(),
|
|
22
|
+
pushed_authorization_request_endpoint: z.string(),
|
|
23
|
+
dpop_signing_alg_values_supported: z.array(z.string()),
|
|
24
|
+
credential_endpoint: z.string(),
|
|
25
|
+
credentials_supported: z.object({
|
|
26
|
+
"eu.eudiw.pid.it": z.object({
|
|
27
|
+
format: z.literal("vc+sd-jwt"),
|
|
28
|
+
cryptographic_binding_methods_supported: z.array(z.string()),
|
|
29
|
+
cryptographic_suites_supported: z.array(z.string()),
|
|
30
|
+
display: z.array(PidDisplayMetadata)
|
|
31
|
+
})
|
|
32
|
+
})
|
|
33
|
+
}),
|
|
34
|
+
federation_entity: z.object({
|
|
35
|
+
organization_name: z.string(),
|
|
36
|
+
homepage_uri: z.string(),
|
|
37
|
+
policy_uri: z.string(),
|
|
38
|
+
tos_uri: z.string(),
|
|
39
|
+
logo_uri: z.string()
|
|
40
|
+
})
|
|
41
|
+
})
|
|
42
|
+
});
|
|
43
|
+
//# sourceMappingURL=metadata.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"names":["JWK","z","PidDisplayMetadata","object","name","string","locale","logo","url","alt_text","background_color","text_color","PidIssuerEntityConfiguration","jwks","keys","array","metadata","openid_credential_issuer","credential_issuer","authorization_endpoint","token_endpoint","pushed_authorization_request_endpoint","dpop_signing_alg_values_supported","credential_endpoint","credentials_supported","format","literal","cryptographic_binding_methods_supported","cryptographic_suites_supported","display","federation_entity","organization_name","homepage_uri","policy_uri","tos_uri","logo_uri"],"sourceRoot":"../../../src","sources":["pid/metadata.ts"],"mappings":"AAAA,SAASA,GAAG,QAAQ,cAAc;AAClC,SAASC,CAAC,QAAQ,KAAK;AAGvB,OAAO,MAAMC,kBAAkB,GAAGD,CAAC,CAACE,MAAM,CAAC;EACzCC,IAAI,EAAEH,CAAC,CAACI,MAAM,CAAC,CAAC;EAChBC,MAAM,EAAEL,CAAC,CAACI,MAAM,CAAC,CAAC;EAClBE,IAAI,EAAEN,CAAC,CAACE,MAAM,CAAC;IACbK,GAAG,EAAEP,CAAC,CAACI,MAAM,CAAC,CAAC;IACfI,QAAQ,EAAER,CAAC,CAACI,MAAM,CAAC;EACrB,CAAC,CAAC;EACFK,gBAAgB,EAAET,CAAC,CAACI,MAAM,CAAC,CAAC;EAC5BM,UAAU,EAAEV,CAAC,CAACI,MAAM,CAAC;AACvB,CAAC,CAAC;AAKF,OAAO,MAAMO,4BAA4B,GAAGX,CAAC,CAACE,MAAM,CAAC;EACnDU,IAAI,EAAEZ,CAAC,CAACE,MAAM,CAAC;IAAEW,IAAI,EAAEb,CAAC,CAACc,KAAK,CAACf,GAAG;EAAE,CAAC,CAAC;EACtCgB,QAAQ,EAAEf,CAAC,CAACE,MAAM,CAAC;IACjBc,wBAAwB,EAAEhB,CAAC,CAACE,MAAM,CAAC;MACjCe,iBAAiB,EAAEjB,CAAC,CAACI,MAAM,CAAC,CAAC;MAC7Bc,sBAAsB,EAAElB,CAAC,CAACI,MAAM,CAAC,CAAC;MAClCe,cAAc,EAAEnB,CAAC,CAACI,MAAM,CAAC,CAAC;MAC1BgB,qCAAqC,EAAEpB,CAAC,CAACI,MAAM,CAAC,CAAC;MACjDiB,iCAAiC,EAAErB,CAAC,CAACc,KAAK,CAACd,CAAC,CAACI,MAAM,CAAC,CAAC,CAAC;MACtDkB,mBAAmB,EAAEtB,CAAC,CAACI,MAAM,CAAC,CAAC;MAC/BmB,qBAAqB,EAAEvB,CAAC,CAACE,MAAM,CAAC;QAC9B,iBAAiB,EAAEF,CAAC,CAACE,MAAM,CAAC;UAC1BsB,MAAM,EAAExB,CAAC,CAACyB,OAAO,CAAC,WAAW,CAAC;UAC9BC,uCAAuC,EAAE1B,CAAC,CAACc,KAAK,CAACd,CAAC,CAACI,MAAM,CAAC,CAAC,CAAC;UAC5DuB,8BAA8B,EAAE3B,CAAC,CAACc,KAAK,CAACd,CAAC,CAACI,MAAM,CAAC,CAAC,CAAC;UACnDwB,OAAO,EAAE5B,CAAC,CAACc,KAAK,CAACb,kBAAkB;QACrC,CAAC;MACH,CAAC;IACH,CAAC,CAAC;IACF4B,iBAAiB,EAAE7B,CAAC,CAACE,MAAM,CAAC;MAC1B4B,iBAAiB,EAAE9B,CAAC,CAACI,MAAM,CAAC,CAAC;MAC7B2B,YAAY,EAAE/B,CAAC,CAACI,MAAM,CAAC,CAAC;MACxB4B,UAAU,EAAEhC,CAAC,CAACI,MAAM,CAAC,CAAC;MACtB6B,OAAO,EAAEjC,CAAC,CAACI,MAAM,CAAC,CAAC;MACnB8B,QAAQ,EAAElC,CAAC,CAACI,MAAM,CAAC;IACrB,CAAC;EACH,CAAC;AACH,CAAC,CAAC"}
|
|
@@ -1,5 +1,4 @@
|
|
|
1
|
-
import { decode as decodeJwt } from "../../sd-jwt";
|
|
2
|
-
import { verify as verifyJwt } from "../../sd-jwt";
|
|
1
|
+
import { decode as decodeJwt, verify as verifyJwt } from "../../sd-jwt";
|
|
3
2
|
import { pidFromToken } from "./converters";
|
|
4
3
|
import { SdJwt4VC } from "../../sd-jwt/types";
|
|
5
4
|
|
|
@@ -21,8 +20,9 @@ import { SdJwt4VC } from "../../sd-jwt/types";
|
|
|
21
20
|
export function decode(token) {
|
|
22
21
|
let {
|
|
23
22
|
sdJwt,
|
|
24
|
-
disclosures
|
|
23
|
+
disclosures: disclosuresWithOriginal
|
|
25
24
|
} = decodeJwt(token, SdJwt4VC);
|
|
25
|
+
const disclosures = disclosuresWithOriginal.map(d => d.decoded);
|
|
26
26
|
const pid = pidFromToken(sdJwt, disclosures);
|
|
27
27
|
return {
|
|
28
28
|
pid,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["decode","decodeJwt","verify","verifyJwt","pidFromToken","SdJwt4VC","token","sdJwt","disclosures","
|
|
1
|
+
{"version":3,"names":["decode","decodeJwt","verify","verifyJwt","pidFromToken","SdJwt4VC","token","sdJwt","disclosures","disclosuresWithOriginal","map","d","decoded","pid","publicKey","payload","cnf","jwk","PID"],"sourceRoot":"../../../../src","sources":["pid/sd-jwt/index.ts"],"mappings":"AAAA,SAASA,MAAM,IAAIC,SAAS,EAAEC,MAAM,IAAIC,SAAS,QAAQ,cAAc;AAEvE,SAASC,YAAY,QAAQ,cAAc;AAC3C,SAAqBC,QAAQ,QAAQ,oBAAoB;;AAEzD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,SAASL,MAAMA,CAACM,KAAa,EAAgB;EAClD,IAAI;IAAEC,KAAK;IAAEC,WAAW,EAAEC;EAAwB,CAAC,GAAGR,SAAS,CAC7DK,KAAK,EACLD,QACF,CAAC;EACD,MAAMG,WAAW,GAAGC,uBAAuB,CAACC,GAAG,CAAEC,CAAC,IAAKA,CAAC,CAACC,OAAO,CAAC;EACjE,MAAMC,GAAG,GAAGT,YAAY,CAACG,KAAK,EAAEC,WAAW,CAAC;EAE5C,OAAO;IAAEK,GAAG;IAAEN,KAAK;IAAEC;EAAY,CAAC;AACpC;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,eAAeN,MAAMA,CAACI,KAAa,EAAyB;EACjE,MAAMM,OAAO,GAAGZ,MAAM,CAACM,KAAK,CAAC;EAC7B,MAAMQ,SAAS,GAAGF,OAAO,CAACL,KAAK,CAACQ,OAAO,CAACC,GAAG,CAACC,GAAG;EAC/C,MAAMd,SAAS,CAACG,KAAK,EAAEQ,SAAS,EAAET,QAAQ,CAAC;EAE3C,OAAOO,OAAO;AAChB;;AAWA;AACA;AACA;;AAGA,SAASM,GAAG,QAAQ,SAAS"}
|